1. 08 Jan, 2019 2 commits
  2. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  3. 11 Dec, 2018 17 commits
  4. 10 Dec, 2018 3 commits
  5. 26 Nov, 2018 1 commit
    • Jeenu Viswambharan's avatar
      SDEI: Unconditionally resume Secure if it was interrupted · 90a9213b
      Jeenu Viswambharan authored
      
      
      Secure world execution nearly always expect a controlled exit to
      Non-secure world. SDEI interrupts, although targets EL3, occur on behalf
      of Non-secure world, and may have higher priority than Secure world
      interrupts. Therefore they might preempt Secure execution, and yield
      execution to Non-secure SDEI handler. Upon completion of SDEI event
      handling (regardless of whether it's COPLETE or COMPLETE_AND_RESUME), we
      must resume Secure execution if it was preempted.
      
      Change-Id: I6edd991032588588427ba2fe6c3d7668f7080e3d
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      90a9213b
  6. 14 Nov, 2018 1 commit
    • Sughosh Ganu's avatar
      SPM: Raise running priority of the core while in Secure Partition · 6e3bad36
      Sughosh Ganu authored
      
      
      The current secure partition design mandates that a) at a point, only
      a single core can be executing in the secure partition, and b) a core
      cannot be preempted by an interrupt while executing in secure
      partition.
      
      Ensure this by activating the SPM priority prior to entering the
      parition. Deactivate the priority on return from the
      partition.
      
      Change-Id: Icb3473496d16b733564592eef06304a1028e4f5c
      Signed-off-by: default avatarSughosh Ganu <sughosh.ganu@arm.com>
      6e3bad36
  7. 08 Nov, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Standardise header guards across codebase · c3cf06f1
      Antonio Nino Diaz authored
      
      
      All identifiers, regardless of use, that start with two underscores are
      reserved. This means they can't be used in header guards.
      
      The style that this project is now to use the full name of the file in
      capital letters followed by 'H'. For example, for a file called
      "uart_example.h", the header guard is UART_EXAMPLE_H.
      
      The exceptions are files that are imported from other projects:
      
      - CryptoCell driver
      - dt-bindings folders
      - zlib headers
      
      Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      c3cf06f1
  8. 31 Oct, 2018 1 commit
    • Varun Wadekar's avatar
      sdei: include "context.h" to fix compilation errors · c4491aa9
      Varun Wadekar authored
      
      
      This patch includes context.h from sdei_private.h to fix the
      following compilation errors:
      
      <snip>
      In file included from services/std_svc/sdei/sdei_event.c:9:0:
      services/std_svc/sdei/sdei_private.h: In function 'sdei_client_el':
      services/std_svc/sdei/sdei_private.h:164:2: error: unknown type name 'cpu_context_t'
        cpu_context_t *ns_ctx = cm_get_context(NON_SECURE);
        ^
      services/std_svc/sdei/sdei_private.h:165:2: error: unknown type name 'el3_state_t'
        el3_state_t *el3_ctx = get_el3state_ctx(ns_ctx);
        ^
      services/std_svc/sdei/sdei_private.h:165:2: error: implicit declaration of function 'get_el3state_ctx' [-Werror=implicit-function-declaration]
      services/std_svc/sdei/sdei_private.h:165:25: error: initialization makes pointer from integer without a cast [-Werror]
        el3_state_t *el3_ctx = get_el3state_ctx(ns_ctx);
                               ^
      services/std_svc/sdei/sdei_private.h:167:2: error: implicit declaration of function 'read_ctx_reg' [-Werror=implicit-function-declaration]
        return ((read_ctx_reg(el3_ctx, CTX_SCR_EL3) & SCR_HCE_BIT) != 0U) ?
        ^
      services/std_svc/sdei/sdei_private.h:167:33: error: 'CTX_SCR_EL3' undeclared (first use in this function)
        return ((read_ctx_reg(el3_ctx, CTX_SCR_EL3) & SCR_HCE_BIT) != 0U) ?
                                       ^
      services/std_svc/sdei/sdei_private.h:167:33: note: each undeclared identifier is reported only once for each function it appears in
      cc1: all warnings being treated as errors
      <snip>
      
      Change-Id: Id0cad56accf81b19cb0d301784f3f086dd052722
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      c4491aa9
  9. 07 Sep, 2018 1 commit
  10. 22 Aug, 2018 1 commit
  11. 20 Aug, 2018 2 commits
  12. 06 Aug, 2018 1 commit
  13. 15 Jul, 2018 1 commit
  14. 13 Jul, 2018 1 commit
  15. 11 Jul, 2018 1 commit
    • Roberto Vargas's avatar
      Add end_vector_entry assembler macro · a9203eda
      Roberto Vargas authored
      
      
      Check_vector_size checks if the size of the vector fits
      in the size reserved for it. This check creates problems in
      the Clang assembler. A new macro, end_vector_entry, is added
      and check_vector_size is deprecated.
      
      This new macro fills the current exception vector until the next
      exception vector. If the size of the current vector is bigger
      than 32 instructions then it gives an error.
      
      Change-Id: Ie8545cf1003a1e31656a1018dd6b4c28a4eaf671
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      a9203eda
  16. 22 Jun, 2018 3 commits
  17. 21 Jun, 2018 2 commits
    • Jeenu Viswambharan's avatar
      SDEI: Make dispatches synchronous · cdb6ac94
      Jeenu Viswambharan authored
      
      
      SDEI event dispatches currently only sets up the Non-secure context
      before returning to the caller. The actual dispatch only happens upon
      exiting EL3 next time.
      
      However, for various error handling scenarios, it's beneficial to have
      the dispatch happen synchronously. I.e. when receiving SDEI interrupt,
      or for a successful sdei_dispatch_event() call, the event handler is
      executed; and upon the event completion, dispatcher execution resumes
      after the point of dispatch. The jump primitives introduced in the
      earlier patch facilitates this feature.
      
      With this patch:
      
        - SDEI interrupts and calls to sdei_dispatch_event prepares the NS
          context for event dispatch, then sets a jump point, and immediately
          exits EL3. This results in the client handler executing in
          Non-secure.
      
        - When the SDEI client completes the dispatched event, the SDEI
          dispatcher does a longjmp to the jump pointer created earlier. For
          the caller of the sdei_dispatch_event() in particular, this would
          appear as if call returned successfully.
      
      The dynamic workaround for CVE_2018_3639 is slightly shifted around as
      part of related minor refactoring. It doesn't affect the workaround
      functionality.
      
      Documentation updated.
      
      NOTE: This breaks the semantics of the explicit dispatch API, and any
      exiting usages should be carefully reviewed.
      
      Change-Id: Ib9c876d27ea2af7fb22de49832e55a0da83da3f9
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      cdb6ac94
    • Jeenu Viswambharan's avatar
      SDEI: Determine client EL from NS context's SCR_EL3 · 2ccfcb2e
      Jeenu Viswambharan authored
      
      
      Currently, the dispatcher reads from SCR_EL3 register directly to
      determine the EL of SDEI client. This is with the assumption that
      SCR_EL3 is not modified throughout. However, with RAS work flows, it's
      possible that SCR_EL3 register contains values corresponding to Secure
      world, and therefore EL determination can go wrong. To mitigate this,
      always read the register from the saved Non-secure context.
      
      Change-Id: Ic85e4021deb18eb58757f676f9a001174998543a
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      2ccfcb2e