1. 11 Jan, 2018 2 commits
    • Dimitris Papastamos's avatar
      Workaround for CVE-2017-5715 on Cortex A73 and A75 · a1781a21
      Dimitris Papastamos authored
      
      
      Invalidate the Branch Target Buffer (BTB) on entry to EL3 by
      temporarily dropping into AArch32 Secure-EL1 and executing the
      `BPIALL` instruction.
      
      This is achieved by using 3 vector tables.  There is the runtime
      vector table which is used to handle exceptions and 2 additional
      tables which are required to implement this workaround.  The
      additional tables are `vbar0` and `vbar1`.
      
      The sequence of events for handling a single exception is
      as follows:
      
      1) Install vector table `vbar0` which saves the CPU context on entry
         to EL3 and sets up the Secure-EL1 context to execute in AArch32 mode
         with the MMU disabled and I$ enabled.  This is the default vector table.
      
      2) Before doing an ERET into Secure-EL1, switch vbar to point to
         another vector table `vbar1`.  This is required to restore EL3 state
         when returning from the workaround, before proceeding with normal EL3
         exception handling.
      
      3) While in Secure-EL1, the `BPIALL` instruction is executed and an
         SMC call back to EL3 is performed.
      
      4) On entry to EL3 from Secure-EL1, the saved context from step 1) is
         restored.  The vbar is switched to point to `vbar0` in preparation to
         handle further exceptions.  Finally a branch to the runtime vector
         table entry is taken to complete the handling of the original
         exception.
      
      This workaround is enabled by default on the affected CPUs.
      
      NOTE
      ====
      
      There are 4 different stubs in Secure-EL1.  Each stub corresponds to
      an exception type such as Sync/IRQ/FIQ/SError.  Each stub will move a
      different value in `R0` before doing an SMC call back into EL3.
      Without this piece of information it would not be possible to know
      what the original exception type was as we cannot use `ESR_EL3` to
      distinguish between IRQs and FIQs.
      
      Change-Id: I90b32d14a3735290b48685d43c70c99daaa4b434
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      a1781a21
    • Dimitris Papastamos's avatar
      Workaround for CVE-2017-5715 on Cortex A57 and A72 · f62ad322
      Dimitris Papastamos authored
      
      
      Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling
      and enabling the MMU.  To achieve this without performing any branch
      instruction, a per-cpu vbar is installed which executes the workaround
      and then branches off to the corresponding vector entry in the main
      vector table.  A side effect of this change is that the main vbar is
      configured before any reset handling.  This is to allow the per-cpu
      reset function to override the vbar setting.
      
      This workaround is enabled by default on the affected CPUs.
      
      Change-Id: I97788d38463a5840a410e3cea85ed297a1678265
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      f62ad322
  2. 10 Jan, 2018 3 commits
  3. 09 Jan, 2018 4 commits
  4. 08 Jan, 2018 3 commits
  5. 03 Jan, 2018 6 commits
  6. 24 Dec, 2017 3 commits
  7. 23 Dec, 2017 1 commit
  8. 21 Dec, 2017 1 commit
    • David Cunado's avatar
      Update dependencies for ARM TF · fa05efb3
      David Cunado authored
      
      
      ARM TF has been tested as part of its CI system with the following
      dependencies updated:
      
      - Linaro binaries:    17.04 --> 17.10
      - mbed TLS library:   2.4.2 --> 2.6.0
      
      The version of AEM, Cortex-A and Foundation models that ARM TF is
      tested on has also been updated:
      
      - v11.1 build 11.1:22 --> v11.2 build 11.2:33
      - v8.9 build 0.8:8805 --> v9.0 build 0.8:9005
      
      This patch updates the user guide documentation to reflect these
      changes to the dependencies.
      
      Additionally, links to Linaro resources have been updated.
      
      Change-Id: I9ea5cb76e7443c9dbb0c9525069f450a02f59e58
      Signed-off-by: default avatarDavid Cunado <david.cunado@arm.com>
      fa05efb3
  9. 20 Dec, 2017 4 commits
  10. 19 Dec, 2017 5 commits
  11. 18 Dec, 2017 2 commits
  12. 15 Dec, 2017 2 commits
  13. 14 Dec, 2017 2 commits
  14. 13 Dec, 2017 1 commit
    • Roberto Vargas's avatar
      io: block: fix block_read/write may read/write overlap buffer · e19e40af
      Roberto Vargas authored
      
      
      The block operations were trying to optimize the number of memory
      copies, and it tried to use directly the buffer supplied by the user
      to them. This was a mistake because it created too many corner cases:
      
      	1- It was possible to generate unaligned
      	   operations to unaligned buffers. Drivers that were using
      	   DMA transfer failed in that case.
      
      	2- It was possible to generate read operations
      	   with sizes that weren't a multiple of the block size. Some
      	   low level drivers assumed that condition and they calculated
      	   the number of blocks dividing the number of bytes by the
      	   size of the block, without considering the remaining bytes.
      
      	3- The block_* operations didn't control the
      	   number of bytes actually copied to memory, because the
      	   low level drivers were writing directly to the user buffer.
      
      This patch rewrite block_read and block_write to use always the device
      buffer, which the platform ensures that has the correct aligment and
      the correct size.
      
      Change-Id: I5e479bb7bc137e6ec205a8573eb250acd5f40420
      Signed-off-by: default avatarQixiang Xu <qixiang.xu@arm.com>
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      e19e40af
  15. 12 Dec, 2017 1 commit
    • Sandrine Bailleux's avatar
      SPM: Fix MM_COMMUNICATE_AARCH32/64 parameters · 4d2787ce
      Sandrine Bailleux authored
      This partially reverts commit d6b532b5
      
      , keeping only the fixes to
      the assertions. The changes related to the order of arguments passed
      to the secure partition were not correct and violated the
      specification of the SP_EVENT_COMPLETE SMC.
      
      This patch also improves the MM_COMMUNICATE argument validation.  The
      cookie argument, as it comes from normal world, can't be trusted and thus
      needs to always be validated at run time rather than using an assertion.
      
      Also validate the communication buffer address and return
      INVALID_PARAMETER if it is zero, as per the MM specification.
      
      Fix a few typos in comments and use the "secure partition" terminology
      rather than "secure payload".
      
      Change-Id: Ice6b7b5494b729dd44611f9a93d362c55ab244f7
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      4d2787ce