Skip to content

GitLab

Switch branch/tag
  1. 28 Feb, 2019 2 commits
  3. 27 Feb, 2019 3 commits
    • Antonio Nino Diaz's avatar
      Add support for pointer authentication · b86048c4
      Antonio Nino Diaz authored 
      

The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.

This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.

Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      b86048c4
    • Antonio Nino Diaz's avatar
      Add ARMv8.3-PAuth registers to CPU context · 5283962e
      Antonio Nino Diaz authored 
      

ARMv8.3-PAuth adds functionality that supports address authentication of
the contents of a register before that register is used as the target of
an indirect branch, or as a load.

This feature is supported only in AArch64 state.

This feature is mandatory in ARMv8.3 implementations.

This feature adds several registers to EL1. A new option called
CTX_INCLUDE_PAUTH_REGS has been added to select if the TF needs to save
them during Non-secure <-> Secure world switches. This option must be
enabled if the hardware has the registers or the values will be leaked
during world switches.

To prevent leaks, this patch also disables pointer authentication in the
Secure world if CTX_INCLUDE_PAUTH_REGS is 0. Any attempt to use it will
be trapped in EL3.

Change-Id: I27beba9907b9a86c6df1d0c5bf6180c972830855
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      5283962e
    • Antonio Nino Diaz's avatar
      Cleanup context handling library · 4d1ccf0e
      Antonio Nino Diaz authored 
      

Minor style cleanup.

Change-Id: Ief19dece41a989e2e8157859a265701549f6c585
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      4d1ccf0e
  5. 19 Feb, 2019 5 commits
  7. 08 Feb, 2019 2 commits
  9. 07 Feb, 2019 5 commits
    • Varun Wadekar's avatar
      xlat_tables_v2: mark 'xlat_clean_dcache_range' unused · a1d00bb3
      Varun Wadekar authored 
      

The armclang compiler can warn if a variable is declared but
is never referenced. The '__attribute__((unused))' attribute
informs the compiler to expect an unused variable, and tells
it not to issue a warning.

This patch marks the 'xlat_clean_dcache_range' function as
"unused" to fix this armclang compiler warning.

Change-Id: I7623f61c2975a01db4d1b80554dd4f9a9e0f7eb6
Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      a1d00bb3
    • Varun Wadekar's avatar
      locks: linker variables to calculate per-cpu bakery lock size · 596929b9
      Varun Wadekar authored 
      

This patch introduces explicit linker variables to mark the start and
end of the per-cpu bakery lock section to help bakery_lock_normal.c
calculate the size of the section. This patch removes the previously
used '__PERCPU_BAKERY_LOCK_SIZE__' linker variable to make the code
uniform across GNU linker and ARM linker.

Change-Id: Ie0c51702cbc0fe8a2076005344a1fcebb48e7cca
Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      596929b9
    • Varun Wadekar's avatar
      lib: aarch64: misc_helpers: include bl_common.h · 1242b9a9
      Varun Wadekar authored 
      

This patch includes bl_common.h to get access to the linker
defined symbols.

Change-Id: I9aa4a6e730273d75a53438854f69971e485bc904
Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      1242b9a9
    • Varun Wadekar's avatar
      Remove unused function symbols · e095ba34
      Varun Wadekar authored 
      

This patch removes the unused functions that are marked as .global
in code but not defined anywhere in the code.

Change-Id: Ia5057a77c0b0b4a61043eab868734cd3437304cc
Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      e095ba34
    • Varun Wadekar's avatar
      lib: aarch64: fix non-code symbol errors flagged by armlink · bf52f40e
      Varun Wadekar authored 
      

This patch modifies the code to turn __1printf and __2printf into proper
functions to fix the following errors flagged by armlink.

Error: L6318W: backtrace.o(.text.backtrace) contains branch to a non-code symbol __2printf.
Error: L6318W: backtrace.o(.text.backtrace) contains branch to a non-code symbol __2printf.
Error: L6318W: backtrace.o(.text.backtrace) contains branch to a non-code symbol __2printf.
Error: L6318W: backtrace.o(.text.backtrace) contains branch to a non-code symbol __2printf.
Error: L6318W: backtrace.o(.text.backtrace) contains branch to a non-code symbol __2printf.
Error: L6318W: backtrace.o(.text.backtrace) contains branch to a non-code symbol __2printf.

Change-Id: I89126bc2b9db44ce8b8fc9fb1e3fc4c8c60c47a4
Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      bf52f40e
  11. 01 Feb, 2019 1 commit
  13. 30 Jan, 2019 1 commit
    • Sathees Balya's avatar
      lib/xlat_tables: Add support for ARMv8.4-TTST · cedfa04b
      Sathees Balya authored 
      

ARMv8.4-TTST (Small Translation tables) relaxes the lower limit on the
size of translation tables by increasing the maximum permitted value
of the T1SZ and T0SZ fields in TCR_EL1, TCR_EL2, TCR_EL3, VTCR_EL2 and
VSTCR_EL2.

This feature is supported in AArch64 state only.

This patch adds support for this feature to both versions of the
translation tables library. It also removes the static build time
checks for virtual address space size checks to runtime assertions.

Change-Id: I4e8cebc197ec1c2092dc7d307486616786e6c093
Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      cedfa04b
  15. 25 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      plat/arm: Sanitise includes · bd9344f6
      Antonio Nino Diaz authored 
      

Use full include paths like it is done for common includes.

This cleanup was started in commit d40e0e08283a ("Sanitise includes
across codebase"), but it only cleaned common files and drivers. This
patch does the same to Arm platforms.

Change-Id: If982e6450bbe84dceb56d464e282bcf5d6d9ab9b
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      bd9344f6
  17. 15 Jan, 2019 1 commit
    • Paul Beesley's avatar
      Correct typographical errors · 8aabea33
      Paul Beesley authored 
      

Corrects typos in core code, documentation files, drivers, Arm
platforms and services.

None of the corrections affect code; changes are limited to comments
and other documentation.

Change-Id: I5c1027b06ef149864f315ccc0ea473e2a16bfd1d
Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      8aabea33
  19. 11 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      xlat v2: Dynamically detect need for CnP bit · 2559b2c8
      Antonio Nino Diaz authored 
      

ARMv8.2-TTCNP is mandatory from ARMv8.2 onwards, but it can be implemented
in CPUs that don't implement all mandatory 8.2 features (and so have to
claim to be a lower version).

This patch removes usage of the ARM_ARCH_AT_LEAST() macro and uses system
ID registers to detect whether it is needed to set the bit or not.

Change-Id: I7bcbf0c7c937590dfc2ca668cfd9267c50f7d52c
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      2559b2c8
  21. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored 
      Enforce full include path for includes. Deprecate old paths.

The following folders inside include/lib have been left unchanged:

- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}

The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).

For example, this patch had to be created because two headers were
called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3 ("drivers: add tzc380 support").

This problem was introduced in commit 4ecca339

 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.

Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.

Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  23. 18 Dec, 2018 2 commits
  25. 11 Dec, 2018 2 commits
  27. 10 Dec, 2018 1 commit
    • Jeenu Viswambharan's avatar
      AArch64: Use SSBS for CVE_2018_3639 mitigation · 48e1d350
      Jeenu Viswambharan authored 
      

The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass
Safe) bit to mitigate against Variant 4 vulnerabilities. Although an
Armv8.5 feature, this can be implemented by CPUs implementing earlier
version of the architecture.

With this patch, when both PSTATE.SSBS is implemented and
DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for
SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to
indicate that mitigation on the PE is either permanently enabled or not
required.

When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset
of every BL stage. This means that EL3 always executes with mitigation
applied.

For Cortex A76, if the PE implements SSBS, the existing mitigation (by
using a different vector table, and tweaking CPU ACTLR2) is not used.

Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6
Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      48e1d350
  29. 26 Nov, 2018 1 commit
    • Joel Hutton's avatar
      Initial Spectre V1 mitigations (CVE-2017-5753). · 9edd8912
      Joel Hutton authored 
      Initial Spectre Variant 1 mitigations (CVE-2017-5753).
A potential speculative data leak was found in PSCI code, this depends
on a non-robust implementation of the `plat_get_core_pos_by_mpidr()`
function. This is considered very low-risk. This patch adds a macro to
mitigate this. Note not all code paths could be analyzed with current
tools.

Add a macro which makes a variable 'speculation safe', using the
 __builtin_speculation_safe_value function of GCC and llvm. This will be
available in GCC 9, and is planned for llvm, but is not currently in
mainline GCC or llvm. In order to implement this mitigation the compiler
must support this builtin. Support is indicated by the
__HAVE_SPECULATION_SAFE_VALUE flag.

The -mtrack-speculation option maintains a 'tracker' register, which
determines if the processor is in false speculation at any point. This
adds instructions and increases code size, but avoids the performance
impact of a hard barrier.

Without the -mtrack-speculation option, __builtin_speculation_safe_value
expands to a

    ISB
    DSB SY

sequence after a conditional branch, before the
speculation safe variable is used. With -mtrack-speculation a

    CSEL tracker, tracker, XZR, [cond];
    AND safeval,tracker;
    CSDB

sequence is added instead, clearing the vulnerable variable by
AND'ing it with the tracker register, which is zero during speculative
execution. [cond] are the status flags which will only be true during
speculative execution. For more information on
__builtin_speculation_safe_value and the -mtrack-speculation option see
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/compiler-support-for-mitigations



The -mtracking option was not added, as the performance impact of the
mitigation is low, and there is only one occurence.

Change-Id: Ic9e66d1f4a5155e42e3e4055594974c230bfba3c
Signed-off-by: default avatarJoel Hutton <Joel.Hutton@Arm.com>
      9edd8912
  31. 23 Nov, 2018 1 commit
    • Sathees Balya's avatar
      juno: Add romlib support · afa5cfea
      Sathees Balya authored 
      

This patch adds support to build a combined BL1
and ROMLIB binary file with the right page
alignment in Juno. When USE_ROMLIB=1 is set for
Juno, it generates the combined file
bl1_romlib.bin which needs to be used instead of
bl1.bin

Change-Id: I407efbe48d3e522fa6ef855538a9587193cb1919
Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      afa5cfea
  33. 22 Nov, 2018 4 commits
    • Sathees Balya's avatar
      romlib: Add map file generation · 582133a8
      Sathees Balya authored 
      

Change-Id: I1f377d2d94c0fe8d2d9e62614f4a8e2dfcd9e745
Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      582133a8
    • Sathees Balya's avatar
      romlib: Add calloc_free register function · 032e3a6c
      Sathees Balya authored 
      

Register functions have to be added to the
jump table to allow patching in the
future

Change-Id: I57a885f7fc6290ea74a6096aea5b1867b2098eb7
Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      032e3a6c
    • Sathees Balya's avatar
      romlib: Allow patching of romlib functions · 6baf85b3
      Sathees Balya authored 
      

This change allows patching of functions in the
romlib. This can be done by adding "patch" at the
end of the jump table entry for the function that
needs to be patched in the file jmptbl.i.
Functions patched in the jump table list will be
built as part of the BL image and the romlib
version will not be used

Change-Id: Iefb200cb86e2a4b61ad3ee6180d3ecc39bad537f
Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      6baf85b3
    • Antonio Nino Diaz's avatar
      xlat v2: Support mapping regions with allocated VA · 9056f108
      Antonio Nino Diaz authored 
      

Provide new APIs to add new regions without specifying the base VA.

- `mmap_add_region_alloc_va` adds a static region to mmap choosing as
  base VA the first possible address after all the currently mapped
  regions. It is aligned to an appropriate boundary in relation to the
  size and base PA of the requested region. No attempt is made to fill
  any unused VA holes.

- `mmap_add_dynamic_region_alloc_va` it adds a region the same way as
  `mmap_add_region_alloc_va` does, but it's dynamic instead of static.

- `mmap_add_alloc_va` takes an array of non const `mmap_region_t`,
  maps them in the same way as `mmap_add_region_alloc_va` and fills
  their `base_va` field. A helper macro has been created to help create
  the array, called `MAP_REGION_ALLOC_VA`.

Change-Id: I5ef3f82ca0dfd0013d2e8034aa22f13ca528ba37
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      9056f108
  35. 06 Nov, 2018 2 commits
  37. 02 Nov, 2018 2 commits
  39. 01 Nov, 2018 2 commits