1. 04 Aug, 2016 1 commit
  2. 28 Jul, 2016 7 commits
  3. 27 Jul, 2016 1 commit
    • Soby Mathew's avatar
      GICv3: Fix the GICD_IROUTER offset · 61e30277
      Soby Mathew authored
      This patch fixes the offset of GICD_IROUTER register defined in gicv3.h.
      Although the GICv3 documention mentions that the offset for this register
      is 0x6100-0x7FD8, the offset calculation for an interrupt id `n` is :
      
         0x6000 + 8n, where n >= 32
      
      This requires the offset for GICD_IROUTER to be defined as 0x6000.
      
      Fixes ARM-software/tf-issues#410
      
      Change-Id: If9e91e30d946afe7f1f60fea4f065c7567093fa8
      61e30277
  4. 26 Jul, 2016 3 commits
  5. 25 Jul, 2016 7 commits
    • Achin Gupta's avatar
      Fix use of stale power states in PSCI standby finisher · 61eae524
      Achin Gupta authored
      A PSCI CPU_SUSPEND request to place a CPU in retention states at power levels
      higher than the CPU power level is subject to the same state coordination as a
      power down state. A CPU could implement multiple retention states at a
      particular power level. When exiting WFI, the non-CPU power levels may be in a
      different retention state to what was initially requested, therefore each CPU
      should refresh its view of the states of all power levels.
      
      Previously, a CPU re-used the state of the power levels when it entered the
      retention state. This patch fixes this issue by ensuring that a CPU upon exit
      from retention reads the state of each power level afresh.
      
      Change-Id: I93b5f5065c63400c6fd2598dbaafac385748f989
      61eae524
    • Sandrine Bailleux's avatar
      Ensure addresses in is_mem_free() don't overflow · 7b6d330c
      Sandrine Bailleux authored
      This patch adds some runtime checks to prevent some potential
      pointer overflow issues in the is_mem_free() function. The overflow
      could happen in the case where the end addresses, computed as the
      sum of a base address and a size, results in a value large enough
      to wrap around. This, in turn, could lead to unpredictable behaviour.
      
      If such an overflow is detected, the is_mem_free() function will now
      declare the memory region as not free. The overflow is detected using
      a new macro, called check_uptr_overflow().
      
      This patch also modifies all other places in the 'bl_common.c' file
      where an end address was computed as the sum of a base address and a
      size and instead keeps the two values separate. This avoids the need
      to handle pointer overflows everywhere. The code doesn't actually need
      to compute any end address before the is_mem_free() function is called
      other than to print information message to the serial output.
      
      This patch also introduces 2 slight changes to the reserve_mem()
      function:
      
       - It fixes the end addresses passed to choose_mem_pos(). It was
         incorrectly passing (base + size) instead of (base + size - 1).
      
       - When the requested allocation size is 0, the function now exits
         straight away and says so using a warning message.
         Previously, it used to actually reserve some memory. A zero-byte
         allocation was not considered as a special case so the function
         was using the same top/bottom allocation mechanism as for any
         other allocation. As a result, the smallest area of memory starting
         from the requested base address within the free region was
         reserved.
      
      Change-Id: I0e695f961e24e56ffe000718014e0496dc6e1ec6
      7b6d330c
    • Sandrine Bailleux's avatar
      Make runtime_svc_init() function more robust · 3a26a28c
      Sandrine Bailleux authored
       - Added some debug assertions checking that the runtime services
         indexes computed by get_unique_oen() are sane.
      
       - Do not print the name of the service when its descriptor is
         invalid. If the descriptor is corrupted then its name field
         could be corrupted as well and we would end up reading an
         arbitrary amount of invalid memory.
      
      Change-Id: I16f61065277d01fe1555d5a9cf743f7b52ccaa60
      3a26a28c
    • Sandrine Bailleux's avatar
      Improvements to runtime service init code · 9d24d353
      Sandrine Bailleux authored
      Light refactoring of the code in runtime_svc.c file.
      
       - Declare validate_rt_svc_desc()'s argument as const.
      
       - Remove 'goto' path in runtime_svc_init(). It was used in one
         place only.
      
       - Improve code readability by declaring a local variable holding the
         service pointer.
      
      Change-Id: I3b15c5adb9f37b786b5b993a9be70ea9dd017a83
      9d24d353
    • Sandrine Bailleux's avatar
      Validate psci_find_target_suspend_lvl() result · a1c3faa6
      Sandrine Bailleux authored
      This patch adds a runtime check that psci_find_target_suspend_lvl()
      returns a valid value back to psci_cpu_suspend() and psci_get_stat().
      If it is invalid, BL31 will now panic.
      
      Note that on the PSCI CPU suspend path there is already a debug
      assertion checking the validity of the target composite power state,
      which effectively also checks the validity of the target suspend level.
      Therefore, the error condition would already be caught in debug builds,
      but in a release build this assertion would be compiled out.
      
      On the PSCI stat path, there is currently no debug assertion checking
      the validity of the power state before using it as an index into
      the power domain state array.
      
      Although BL31 platforms ports are responsible for validating the
      power state parameter, the security impact (i.e. an out-of-bounds
      array access) of a potential platform port bug in this code would
      be quite high, given that this parameter comes from an untrusted
      source. The cost of checking this in runtime generic code is low.
      
      Change-Id: Icea85b8020e39928ac03ec0cd49805b5857b3906
      a1c3faa6
    • danh-arm's avatar
      Merge pull request #667 from soby-mathew/sm/PSCI_lib · 3dd9835f
      danh-arm authored
      Introduce PSCI library
      3dd9835f
    • Antonio Nino Diaz's avatar
      ARM platforms: Define common image sizes · 0289970d
      Antonio Nino Diaz authored
      Compile option `ARM_BOARD_OPTIMISE_MMAP` has been renamed to
      `ARM_BOARD_OPTIMISE_MEM` because it now applies not only to defines
      related to the translation tables but to the image size as well.
      
      The defines `PLAT_ARM_MAX_BL1_RW_SIZE`, `PLAT_ARM_MAX_BL2_SIZE` and
      `PLAT_ARM_MAX_BL31_SIZE` have been moved to the file board_arm_def.h.
      This way, ARM platforms no longer have to set their own values if
      `ARM_BOARD_OPTIMISE_MEM=0` and they can specify optimized values
      otherwise. The common sizes have been set to the highest values used
      for any of the current build configurations.
      
      This is needed because in some build configurations some images are
      running out of space. This way there is a common set of values known
      to work for all of them and it can be optimized for each particular
      platform if needed.
      
      The space reserved for BL2 when `TRUSTED_BOARD_BOOT=0` has been
      increased. This is needed because when memory optimisations are
      disabled the values for Juno of `PLAT_ARM_MMAP_ENTRIES` and
      `MAX_XLAT_TABLES` are higher. If in this situation the code is
      compiled in debug mode and with "-O0", the code won't fit.
      
      Change-Id: I70a3d8d3a0b0cad1d6b602c01a7ea334776e718e
      0289970d
  6. 19 Jul, 2016 6 commits
    • Soby Mathew's avatar
      Rearrange assembly helper macros · 738b1fd7
      Soby Mathew authored
      This patch moves assembler macros which are not architecture specific
      to a new file `asm_macros_common.S` and moves the `el3_common_macros.S`
      into `aarch64` specific folder.
      
      Change-Id: I444a1ee3346597bf26a8b827480cd9640b38c826
      738b1fd7
    • Soby Mathew's avatar
      Define `plat_get_syscnt_freq2()` unconditionally for ARM platforms · a4beaaff
      Soby Mathew authored
      Previously the definition of `plat_get_syscnt_freq2()` in `arm_common.c` was
      conditionally defined based on the ERROR_DEPRECATED flag. This patch makes
      this function available irrespective of the flag and removes the deprecated
      `plat_get_syscnt_freq()` definition.
      
      Change-Id: I250ca787ca1b5e867096c6ba8f2bb444db44c97b
      a4beaaff
    • Soby Mathew's avatar
      Cater for preloaded BL33 within plat_get_ns_image_entrypoint() · 48ac1df9
      Soby Mathew authored
      The PRELOADED_BL33_BASE build option allows to preload a BL33 and bypass its
      loading by BL2. In ARM standard platforms, the conditional behaviour of
      PRELOADED_BL33_BASE is moved within the implementation of
      `plat_get_ns_image_entrypoint()` so that all callers may benefit from this
      feature.
      
      Change-Id: Iea060e204ec72f8081087837854535c4e320da4e
      48ac1df9
    • Soby Mathew's avatar
      Move `arm_common.c` out of aarch64 folder · bc149bfc
      Soby Mathew authored
      This patch moves the `arm_common.c` file from `plat/arm/common/aarch64/`
      to the parent directory since the functions implemented in the file are
      not AArch64 specific. The platform makefiles are also modified for this
      change.
      
      Change-Id: I776d2e4958f59041476cf2f53a9adb5b2d304ee0
      bc149bfc
    • Soby Mathew's avatar
      Include `plat_psci_common.c` from the new location · bb2162f1
      Soby Mathew authored
      The `plat_psci_common.c` was moved to the new location `plat/common`
      and a stub file was retained at previous location for compatibility. This
      patch modifies the platform makefiles to include the file from the new
      location.
      
      Change-Id: Iabddeeb824e9a5d72d176d7c644735966c8c0699
      bb2162f1
    • Soby Mathew's avatar
      Introduce PSCI Library Interface · cf0b1492
      Soby Mathew authored
      This patch introduces the PSCI Library interface. The major changes
      introduced are as follows:
      
      * Earlier BL31 was responsible for Architectural initialization during cold
      boot via bl31_arch_setup() whereas PSCI was responsible for the same during
      warm boot. This functionality is now consolidated by the PSCI library
      and it does Architectural initialization via psci_arch_setup() during both
      cold and warm boots.
      
      * Earlier the warm boot entry point was always `psci_entrypoint()`. This was
      not flexible enough as a library interface. Now PSCI expects the runtime
      firmware to provide the entry point via `psci_setup()`. A new function
      `bl31_warm_entrypoint` is introduced in BL31 and the previous
      `psci_entrypoint()` is deprecated.
      
      * The `smc_helpers.h` is reorganized to separate the SMC Calling Convention
      defines from the Trusted Firmware SMC helpers. The former is now in a new
      header file `smcc.h` and the SMC helpers are moved to Architecture specific
      header.
      
      * The CPU context is used by PSCI for context initialization and
      restoration after power down (PSCI Context). It is also used by BL31 for SMC
      handling and context management during Normal-Secure world switch (SMC
      Context). The `psci_smc_handler()` interface is redefined to not use SMC
      helper macros thus enabling to decouple the PSCI context from EL3 runtime
      firmware SMC context. This enables PSCI to be integrated with other runtime
      firmware using a different SMC context.
      
      NOTE: With this patch the architectural setup done in `bl31_arch_setup()`
      is done as part of `psci_setup()` and hence `bl31_platform_setup()` will be
      invoked prior to architectural setup. It is highly unlikely that the platform
      setup will depend on architectural setup and cause any failure. Please be
      be aware of this change in sequence.
      
      Change-Id: I7f497a08d33be234bbb822c28146250cb20dab73
      cf0b1492
  7. 18 Jul, 2016 8 commits
    • Soby Mathew's avatar
      Introduce `el3_runtime` and `PSCI` libraries · 532ed618
      Soby Mathew authored
      This patch moves the PSCI services and BL31 frameworks like context
      management and per-cpu data into new library components `PSCI` and
      `el3_runtime` respectively. This enables PSCI to be built independently from
      BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant
      PSCI library sources and gets included by `bl31.mk`. Other changes which
      are done as part of this patch are:
      
      * The runtime services framework is now moved to the `common/` folder to
        enable reuse.
      * The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture
        specific folder.
      * The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder
        to `plat/common` folder. The original file location now has a stub which
        just includes the file from new location to maintain platform compatibility.
      
      Most of the changes wouldn't affect platform builds as they just involve
      changes to the generic bl1.mk and bl31.mk makefiles.
      
      NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT
      THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR
      MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION.
      
      Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
      532ed618
    • Soby Mathew's avatar
      Fix coding guideline warnings · da554d74
      Soby Mathew authored
      This patch fixes some coding guideline warnings reported by the checkpatch
      script. Only files related to upcoming feature development have been fixed.
      
      Change-Id: I26fbce75c02ed62f00493ed6c106fe7c863ddbc5
      da554d74
    • Soby Mathew's avatar
      Rework type usage in Trusted Firmware · 4c0d0390
      Soby Mathew authored
      This patch reworks type usage in generic code, drivers and ARM platform files
      to make it more portable. The major changes done with respect to
      type usage are as listed below:
      
      * Use uintptr_t for storing address instead of uint64_t or unsigned long.
      * Review usage of unsigned long as it can no longer be assumed to be 64 bit.
      * Use u_register_t for register values whose width varies depending on
        whether AArch64 or AArch32.
      * Use generic C types where-ever possible.
      
      In addition to the above changes, this patch also modifies format specifiers
      in print invocations so that they are AArch64/AArch32 agnostic. Only files
      related to upcoming feature development have been reworked.
      
      Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
      4c0d0390
    • danh-arm's avatar
      Merge pull request #666 from Xilinx/zynqmp/rodata-xn · bc469a84
      danh-arm authored
      zynqmp: Map read-only data as execute-never
      bc469a84
    • danh-arm's avatar
      Merge pull request #654 from rockchip-linux/rk3399-suspend-resume · 84ded36c
      danh-arm authored
      rockchip: support the suspend/resume for rk3399
      84ded36c
    • danh-arm's avatar
      Merge pull request #653 from rockchip-linux/support-rockchip-sip-runtime-service · 473cae6c
      danh-arm authored
      rockchip: support plat SIP runtime service for rk3399
      473cae6c
    • Tony Xie's avatar
      rockchip: support the suspend/resume for rk3399 · 9ec78bdf
      Tony Xie authored
      1.Fixes the suspend/resume some bugs.
      2.Add the power domain for saving power consumption.
      3.Add cpu clusters suspend for rk3399 SoCs
      
      Change-Id: Id602779016b41d6281f4ba40a20229d909b28e46
      9ec78bdf
    • Caesar Wang's avatar
      rockchip: support plat SIP runtime service · 1760db68
      Caesar Wang authored
      Software executing in the normal world and in the trusted world at
      exception levels lower than EL3 will request runtime services using the
      SMC instruction.
      
      See the documentation here:
      https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/
      rt-svc-writers-guide.md
      
      This to be implemented as an EL3 Runtime Service in rockchip BL31
      platform port, using the "SiP Service Call" range as specified in the
      SMC Calling Convention.
      This doesn't support any SMC yet, we will support it in later.
      
      Change-Id: I0a638dd0b653c28b08f79d89f77ed7c69864017d
      1760db68
  8. 15 Jul, 2016 4 commits
  9. 12 Jul, 2016 1 commit
  10. 11 Jul, 2016 1 commit
  11. 08 Jul, 2016 1 commit
    • Sandrine Bailleux's avatar
      ARM CSS platforms: Map flash as execute-never by default · 91fad655
      Sandrine Bailleux authored
      On ARM CSS platforms, the whole flash used to be mapped as executable.
      This is not required, given that the flash is used to store the BL1
      and FIP images and:
      
       - The FIP is not executed in place, its images are copied to RAM
         and executed from there.
      
       - BL1 is executed in place from flash but only its code needs to be
         mapped as executable and platform code takes care of re-mapping
         BL1's read-only section as executable.
      
      Therefore, this patch now maps the flash as non-executable by default
      on these platforms. This increases security by restricting the
      executable region to what is strictly needed.
      
      This patch also adds some comments to clarify the memory mapping
      attributes on these platforms.
      
      Change-Id: I4db3c145508bea1f43fbe0f6dcd551e1aec1ecd3
      91fad655