- 27 Jan, 2020 1 commit
-
-
Raghu Krishnamurthy authored
bakery_lock_get() uses DMB LD after lock acquisition and bakery_lock_release() uses DMB ST before releasing the lock. This is insufficient in both cases. With just DMB LD, stores in the critical section can be reordered before the DMB LD which could mean writes in the critical section completing before the lock has been acquired successfully. Similarly, with just DMB ST, a load in the critical section could be reordered after the the DMB ST. DMB is the least expensive barrier that can provide the required ordering. Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@icloud.com> Change-Id: Ieb74cbf5b76b09e1789331b71f37f7c660221b0e
-
- 23 Jan, 2020 1 commit
-
-
laurenw-arm authored
Setting errata workarounds for N1 1043202 and 1315703 to 0 since they should be turned off by default. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: I116673a4ddcf64436e90d70133f035a133989ed9
-
- 22 Jan, 2020 4 commits
-
-
Mark Dykes authored
This reverts commit 76d84cbc. Change-Id: I867af7af3d9f5e568101f79b9ebea578e5cb2a4b
-
Anthony Steinhauser authored
Even though ERET always causes a jump to another address, aarch64 CPUs speculatively execute following instructions as if the ERET instruction was not a jump instruction. The speculative execution does not cross privilege-levels (to the jump target as one would expect), but it continues on the kernel privilege level as if the ERET instruction did not change the control flow - thus execution anything that is accidentally linked after the ERET instruction. Later, the results of this speculative execution are always architecturally discarded, however they can leak data using microarchitectural side channels. This speculative execution is very reliable (seems to be unconditional) and it manages to complete even relatively performance-heavy operations (e.g. multiple dependent fetches from uncached memory). This was fixed in Linux, FreeBSD, OpenBSD and Optee OS: https://github.com/torvalds/linux/commit/679db70801da9fda91d26caf13bf5b5ccc74e8e8 https://github.com/freebsd/freebsd/commit/29fb48ace4186a41c409fde52bcf4216e9e50b61 https://github.com/openbsd/src/commit/3a08873ece1cb28ace89fd65e8f3c1375cc98de2 https://github.com/OP-TEE/optee_os/commit/abfd092aa19f9c0251e3d5551e2d68a9ebcfec8a It is demonstrated in a SafeSide example: https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c Signed-off-by: Anthony Steinhauser <asteinhauser@google.com> Change-Id: Iead39b0b9fb4b8d8b5609daaa8be81497ba63a0f
-
Masahiro Yamada authored
Use end_va and end_pa defined at the beginning of this function. Change-Id: I0e8b3b35fceb87b5d35397eb892d4fe92ba90b4c Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Madhukar Pappireddy authored
Since BL31 PROGBITS and BL31 NOBITS sections are going to be in non-adjacent memory regions, potentially far from each other, some fixes are needed to support it completely. 1. adr instruction only allows computing the effective address of a location only within 1MB range of the PC. However, adrp instruction together with an add permits position independent address of any location with 4GB range of PC. 2. Since BL31 _RW_END_ marks the end of BL31 image, care must be taken that it is aligned to page size since we map this memory region in BL31 using xlat_v2 lib utils which mandate alignment of image size to page granularity. Change-Id: Ic745c5a130fe4239fa2742142d083b2bdc4e8b85 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 20 Jan, 2020 1 commit
-
-
Lionel Debieve authored
Imported from the LLVM compiler_rt library on master branch as of 30 Oct 2018 (SVN revision: r345645). This is to get the __popcountsi2(si_int a) and __popcountdi2(di_int a) builtin which are required by a driver that uses a __builtin_popcount(). Change-Id: I8e0d97cebdd90d224690c8ce1b02e657acdddb25 Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
-
- 10 Jan, 2020 1 commit
-
-
Deepika Bhavnani authored
NOTE for platform integrators: API `plat_psci_stat_get_residency()` third argument `last_cpu_idx` is changed from "signed int" to the "unsigned int" type. Issue / Trouble points 1. cpu_idx is used as mix of `unsigned int` and `signed int` in code with typecasting at some places leading to coverity issues. 2. Underlying platform API's return cpu_idx as `unsigned int` and comparison is performed with platform specific defines `PLAFORM_xxx` which is not consistent Misra Rule 10.4: The value of a complex expression of integer type may only be cast to a type that is narrower and of the same signedness as the underlying type of the expression. Based on above points, cpu_idx is kept as `unsigned int` to match the API's and low-level functions and platform defines are updated where ever required Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com> Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
-
- 02 Jan, 2020 1 commit
-
-
Lionel Debieve authored
Import aeabi_ldivmod.S with divmoddi4.c and divdi3.c from the LLVM compiler_rt library on master branch as of 30 Oct 2018 (SVN revision: r345645). This is to get the __aeabi_ldivmod builtin, which is required by a patch using signed long long division. Change-Id: Iee4c421deb3175142655e19074cd3732edd82227 Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
-
- 23 Dec, 2019 1 commit
-
-
Madhukar Pappireddy authored
Erratum 1688305 is a Cat B erratum present in r0p0, r0p1 versions of Hercules core. The erratum can be avoided by setting bit 1 of the implementation defined register CPUACTLR2_EL1 to 1 to prevent store- release from being dispatched before it is the oldest. Change-Id: I2ac04f5d9423868b6cdd4ceb3d0ffa46e570efed Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 20 Dec, 2019 1 commit
-
-
Paul Beesley authored
The Secure Partition Manager (SPM) prototype implementation is being removed. This is preparatory work for putting in place a dispatcher component that, in turn, enables partition managers at S-EL2 / S-EL1. This patch removes: - The core service files (std_svc/spm) - The Resource Descriptor headers (include/services) - SPRT protocol support and service definitions - SPCI protocol support and service definitions Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426 Signed-off-by: Paul Beesley <paul.beesley@arm.com> Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
-
- 18 Dec, 2019 2 commits
-
-
Ambroise Vincent authored
Provide an SMC interface to the 9p filesystem. This permits accessing firmware drivers through a common interface, using standardized read/write/control operations. Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I9314662314bb060f6bc02714476574da158b2a7d
-
Jan Dabros authored
EA handlers for exceptions taken from lower ELs at the end invokes el3_exit function. However there was a bug with sp maintenance which resulted in el3_exit setting runtime stack to context. This in turn caused memory corruption on consecutive EL3 entries. Signed-off-by: Jan Dabros <jsd@semihalf.com> Change-Id: I0424245c27c369c864506f4baa719968890ce659
-
- 17 Dec, 2019 2 commits
-
-
Olivier Deprez authored
Add a FIP driver hooked to debugfs 9p interface. This is an abstraction of the FIP filesystem layer on top of a mass storage, or memory block driver. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: If275ea0824763de43ab666dab2a06de5352ff940
-
Olivier Deprez authored
The 9p interface provides abstraction layers allowing the software that uses devices to be independent from the hardware. This patch provides a file system abstraction to link drivers to their devices and propose a common interface to expose driver operations to higher layers. This file system can be used to access and configure a device by doing read/write operations. Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: Ia9662393baf489855dc0c8f389fe4a0afbc9c255
-
- 11 Dec, 2019 1 commit
-
-
Ambroise Vincent authored
This function scans a string backwards from the end for the first instance of a character. Change-Id: I46b21573ed25a0ff222eac340e1e1fb93b040763 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
-
- 06 Dec, 2019 2 commits
-
-
Artsem Artsemenka authored
Check that entry point information requesting S-EL2 has AArch64 as an execution state during context setup. Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Change-Id: I447263692fed6e55c1b076913e6eb73b1ea735b7
-
Achin Gupta authored
This patch adds support for enabling S-EL2 if this EL is specified in the entry point information being used to initialise a secure context. It is the caller's responsibility to check if S-EL2 is available on the system before requesting this EL through the entry point information. Signed-off-by: Achin Gupta <achin.gupta@arm.com> Change-Id: I2752964f078ab528b2e80de71c7d2f35e60569e1
-
- 26 Nov, 2019 1 commit
-
-
Pankaj Gupta authored
Same SoC has different personality by creating different number of: - cores - clusters. As a result, the platform specific power domain tree will be created after identify the personality of the SoC. Hence, platform specific power domain tree may not be same for all the personality of the soc. Thus, psci library code will deduce the 'plat_core_count', while populating the power domain tree topology and return the number of cores. PLATFORM_CORE_COUNT will still be valid for a SoC, such that psci_plat_core_count <= PLATFORM_CORE_COUNT. PLATFORM_CORE_COUNT will continued to be defined by platform to create the data structures. Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> Change-Id: I1f5c47647631cae2dcdad540d64cf09757db7185
-
- 12 Nov, 2019 1 commit
-
-
Deepika Bhavnani authored
`unsigned long` should be replaced to 1. `unsigned int` or `unsigned long long` - If fixed, based on the architecture AArch32 or AArch64 2. `u_register_t` - If it is supposed to be 32-bit wide in AArch32 and 64-bit wide in AArch64. Translation descriptors are always 32-bit wide, here `uint32_t` is used to describe the `exact size` of translation descriptors instead of `unsigned int` which guarantees minimum 32-bits Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com> Change-Id: I6a2af2e8b3c71170e2634044e0b887f07a41677e
-
- 24 Oct, 2019 1 commit
-
-
laurenw-arm authored
Fix a few white space errors and remove #if defined in workaround for N1 Errata 1542419. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: I07ac5a2fd50cd63de53c06e3d0f8262871b62fad
-
- 20 Oct, 2019 1 commit
-
-
Simon South authored
Explicitly disable stack protection via the "-fno-stack-protector" compiler option when the ENABLE_STACK_PROTECTOR build option is set to "none" (the default). This allows the build to complete without link errors on systems where stack protection is enabled by default in the compiler. Change-Id: I0a676aa672815235894fb2cd05fa2b196fabb972 Signed-off-by: Simon South <simon@simonsouth.net>
-
- 18 Oct, 2019 1 commit
-
-
Artsem Artsemenka authored
The WARMBOOT_ENABLE_DCACHE_EARLY allows caches to be turned on early during the boot. But the xlat_change_mem_attributes_ctx() API did not do the required cache maintenance after the mmap tables are modified if WARMBOOT_ENABLE_DCACHE_EARLY is enabled. This meant that when the caches are turned off during power down, the tables in memory are accessed as part of cache maintenance for power down, and the tables are not correct at this point which results in a data abort. This patch removes the optimization within xlat_change_mem_attributes_ctx() when WARMBOOT_ENABLE_DCACHE_EARLY is enabled. Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Change-Id: I82de3decba87dd13e9856b5f3620a1c8571c8d87
-
- 04 Oct, 2019 2 commits
-
-
laurenw-arm authored
Coherent I-cache is causing a prefetch violation where when the core executes an instruction that has recently been modified, the core might fetch a stale instruction which violates the ordering of instruction fetches. The workaround includes an instruction sequence to implementation defined registers to trap all EL0 IC IVAU instructions to EL3 and a trap handler to execute a TLB inner-shareable invalidation to an arbitrary address followed by a DSB. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: Ic3b7cbb11cf2eaf9005523ef5578a372593ae4d6
-
Soby Mathew authored
Make the spinlock implementation use ARMv8.1-LSE CAS instruction based on a platform build option. The CAS-based implementation used to be unconditionally selected for all ARM8.1+ platforms. The previous CAS spinlock implementation had a bug wherein the spin_unlock() implementation had an `sev` after `stlr` which is not sufficient. A dsb is needed to ensure that the stlr completes prior to the sev. Having a dsb is heavyweight and a better solution would be to use load exclusive semantics to monitor the lock and wake up from wfe when a store happens to the lock. The patch implements the same. Change-Id: I5283ce4a889376e4cc01d1b9d09afa8229a2e522 Signed-off-by: Soby Mathew <soby.mathew@arm.com> Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
-
- 03 Oct, 2019 2 commits
-
-
Alexei Fedorov authored
This patch adds support for ARMv8.3-PAuth in BL1 SMC calls and BL2U image for firmware updates by programming APIAKey_EL1 registers and enabling Pointer Authentication in EL3 and EL1 respectively. Change-Id: I875d952aba8242caf74fb5f4f2d2af6f0c768c08 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
Imre Kis authored
Change-Id: I1ea2bf088f1e001cdbd377cbfb7c6a2866af0422 Signed-off-by: Imre Kis <imre.kis@arm.com>
-
- 02 Oct, 2019 1 commit
-
-
Imre Kis authored
Change-Id: I645442d52a295706948e2cac88c36c1a3cb0bc47 Signed-off-by: Imre Kis <imre.kis@arm.com>
-
- 30 Sep, 2019 1 commit
-
-
Artsem Artsemenka authored
Not tested on FVP Model. Change-Id: Iedebc5c1fbc7ea577e94142b7feafa5546f1f4f9 Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
-
- 26 Sep, 2019 2 commits
-
-
Alexei Fedorov authored
This patch changes implementation for disabling Secure Cycle Counter. For ARMv8.5 the counter gets disabled by setting SDCR.SCCD bit on CPU cold/warm boot. For the earlier architectures PMCR register is saved/restored on secure world entry/exit from/to Non-secure state, and cycle counting gets disabled by setting PMCR.DP bit. In 'include\aarch32\arch.h' header file new ARMv8.5-PMU related definitions were added. Change-Id: Ia8845db2ebe8de940d66dff479225a5b879316f8 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
Madhukar Pappireddy authored
This PSCI hook is similar to pwr_domain_on_finish but is guaranteed to be invoked with the respective core and cluster are participating in coherency. This will be necessary to safely invoke the new GICv3 API which modifies shared GIC data structures concurrently. Change-Id: I8e54f05c9d4ef5712184c9c18ba45ac97a29eb7a Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 20 Sep, 2019 1 commit
-
-
Justin Chadwell authored
assert() calls are removed in release builds, and if that assert call is the only use of a variable, an unused variable warning will be triggered in a release build. This patch fixes this problem when CTX_INCLUDE_MTE_REGS by not using an intermediate variable to store the results of get_armv8_5_mte_support(). Change-Id: I529e10ec0b2c8650d2c3ab52c4f0cecc0b3a670e Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 13 Sep, 2019 2 commits
-
-
Deepika Bhavnani authored
AArch64 System register SCTLR_EL1[31:0] is architecturally mapped to AArch32 System register SCTLR[31:0] AArch64 System register ACTLR_EL1[31:0] is architecturally mapped to AArch32 System register ACTLR[31:0]. `u_register_t` should be used when it's important to store the contents of a register in its native size Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com> Change-Id: I0055422f8cc0454405e011f53c1c4ddcaceb5779
-
Alexei Fedorov authored
This patch provides the following features and makes modifications listed below: - Individual APIAKey key generation for each CPU. - New key generation on every BL31 warm boot and TSP CPU On event. - Per-CPU storage of APIAKey added in percpu_data[] of cpu_data structure. - `plat_init_apiakey()` function replaced with `plat_init_apkey()` which returns 128-bit value and uses Generic timer physical counter value to increase the randomness of the generated key. The new function can be used for generation of all ARMv8.3-PAuth keys - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`. - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively; pauth_disable_el1()` and `pauth_disable_el3()` functions disable PAuth for EL1 and EL3 respectively; `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from cpu-data structure. - Combined `save_gp_pauth_registers()` function replaces calls to `save_gp_registers()` and `pauth_context_save()`; `restore_gp_pauth_registers()` replaces `pauth_context_restore()` and `restore_gp_registers()` calls. - `restore_gp_registers_eret()` function removed with corresponding code placed in `el3_exit()`. - Fixed the issue when `pauth_t pauth_ctx` structure allocated space for 12 uint64_t PAuth registers instead of 10 by removal of macro CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h` and assigning its value to CTX_PAUTH_REGS_END. - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions in `msr spsel` instruction instead of hard-coded values. - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI. Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 12 Sep, 2019 1 commit
-
-
Deepika Bhavnani authored
cpu_idx is used as mix of `unsigned int` and `signed int` in code with typecasting at some places. This change is to unify the cpu_idx as `unsigned int` as underlying API;s `plat_my_core_pos` returns `unsigned int` It was discovered via coverity issue CID 354715 Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com> Change-Id: I4f0adb0c596ff1177210c5fe803bff853f2e54ce
-
- 11 Sep, 2019 2 commits
-
-
John Tsichritzis authored
Zeus supports the SSBS mechanism and also the new MSR instruction to immediately apply the mitigation. Hence, the new instruction is utilised in the Zeus-specific reset function. Change-Id: I962747c28afe85a15207a0eba4146f9a115b27e7 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
-
Masahiro Yamada authored
Sparse warns this: lib/libc/assert.c:29:6: error: symbol '__assert' redeclared with different type (originally declared at include/lib/libc/assert.h:36) - different modifiers Add __dead2 to match the header declaration and C definition. I also changed '__dead2 void' to 'void __dead2' for the consistency with other parts. Change-Id: Iefa4f0e787c24fa7e7e499d2e7baf54d4deb49ef Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 09 Sep, 2019 2 commits
-
-
Deepika Bhavnani authored
Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com> Change-Id: I4a496d5a8e7a9a127cd6224c968539eb74932fca
-
Justin Chadwell authored
This patch adds support for the new Memory Tagging Extension arriving in ARMv8.5. MTE support is now enabled by default on systems that support at EL0. To enable it at ELx for both the non-secure and the secure world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving and restoring when necessary in order to prevent register leakage between the worlds. Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
-
- 21 Aug, 2019 1 commit
-
-
Alexei Fedorov authored
This patch fixes an issue when secure world timing information can be leaked because Secure Cycle Counter is not disabled. For ARMv8.5 the counter gets disabled by setting MDCR_El3.SCCD bit on CPU cold/warm boot. For the earlier architectures PMCR_EL0 register is saved/restored on secure world entry/exit from/to Non-secure state, and cycle counting gets disabled by setting PMCR_EL0.DP bit. 'include\aarch64\arch.h' header file was tided up and new ARMv8.5-PMU related definitions were added. Change-Id: I6f56db6bc77504634a352388990ad925a69ebbfa Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-