1. 31 Oct, 2018 1 commit
    • Varun Wadekar's avatar
      sdei: include "context.h" to fix compilation errors · c4491aa9
      Varun Wadekar authored
      
      
      This patch includes context.h from sdei_private.h to fix the
      following compilation errors:
      
      <snip>
      In file included from services/std_svc/sdei/sdei_event.c:9:0:
      services/std_svc/sdei/sdei_private.h: In function 'sdei_client_el':
      services/std_svc/sdei/sdei_private.h:164:2: error: unknown type name 'cpu_context_t'
        cpu_context_t *ns_ctx = cm_get_context(NON_SECURE);
        ^
      services/std_svc/sdei/sdei_private.h:165:2: error: unknown type name 'el3_state_t'
        el3_state_t *el3_ctx = get_el3state_ctx(ns_ctx);
        ^
      services/std_svc/sdei/sdei_private.h:165:2: error: implicit declaration of function 'get_el3state_ctx' [-Werror=implicit-function-declaration]
      services/std_svc/sdei/sdei_private.h:165:25: error: initialization makes pointer from integer without a cast [-Werror]
        el3_state_t *el3_ctx = get_el3state_ctx(ns_ctx);
                               ^
      services/std_svc/sdei/sdei_private.h:167:2: error: implicit declaration of function 'read_ctx_reg' [-Werror=implicit-function-declaration]
        return ((read_ctx_reg(el3_ctx, CTX_SCR_EL3) & SCR_HCE_BIT) != 0U) ?
        ^
      services/std_svc/sdei/sdei_private.h:167:33: error: 'CTX_SCR_EL3' undeclared (first use in this function)
        return ((read_ctx_reg(el3_ctx, CTX_SCR_EL3) & SCR_HCE_BIT) != 0U) ?
                                       ^
      services/std_svc/sdei/sdei_private.h:167:33: note: each undeclared identifier is reported only once for each function it appears in
      cc1: all warnings being treated as errors
      <snip>
      
      Change-Id: Id0cad56accf81b19cb0d301784f3f086dd052722
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      c4491aa9
  2. 28 Sep, 2018 1 commit
  3. 21 Sep, 2018 1 commit
    • Daniel Boulby's avatar
      Ensure the flow through switch statements is clear · a08a2014
      Daniel Boulby authored
      
      
      Ensure case clauses:
      *   Terminate with an unconditional break, return or goto statement.
      *   Use conditional break, return or goto statements as long as the end
          of the case clause is unreachable; such case clauses must terminate
          with assert(0) /* Unreachable */ or an unconditional  __dead2 function
          call
      *   Only fallthough when doing otherwise would result in less
          readable/maintainable code; such case clauses must terminate with a
          /* Fallthrough */ comment to make it clear this is the case and
          indicate that a fallthrough is intended.
      
      This reduces the chance of bugs appearing due to unintended flow through a
      switch statement
      
      Change-Id: I70fc2d1f4fd679042397dec12fd1982976646168
      Signed-off-by: default avatarDaniel Boulby <daniel.boulby@arm.com>
      a08a2014
  4. 18 Sep, 2018 1 commit
  5. 07 Sep, 2018 1 commit
  6. 31 Aug, 2018 1 commit
  7. 22 Aug, 2018 2 commits
  8. 20 Aug, 2018 2 commits
  9. 10 Aug, 2018 1 commit
  10. 06 Aug, 2018 1 commit
  11. 01 Aug, 2018 1 commit
  12. 15 Jul, 2018 1 commit
  13. 13 Jul, 2018 1 commit
  14. 11 Jul, 2018 2 commits
  15. 22 Jun, 2018 3 commits
  16. 21 Jun, 2018 3 commits
    • Jeenu Viswambharan's avatar
      SDEI: Make dispatches synchronous · cdb6ac94
      Jeenu Viswambharan authored
      
      
      SDEI event dispatches currently only sets up the Non-secure context
      before returning to the caller. The actual dispatch only happens upon
      exiting EL3 next time.
      
      However, for various error handling scenarios, it's beneficial to have
      the dispatch happen synchronously. I.e. when receiving SDEI interrupt,
      or for a successful sdei_dispatch_event() call, the event handler is
      executed; and upon the event completion, dispatcher execution resumes
      after the point of dispatch. The jump primitives introduced in the
      earlier patch facilitates this feature.
      
      With this patch:
      
        - SDEI interrupts and calls to sdei_dispatch_event prepares the NS
          context for event dispatch, then sets a jump point, and immediately
          exits EL3. This results in the client handler executing in
          Non-secure.
      
        - When the SDEI client completes the dispatched event, the SDEI
          dispatcher does a longjmp to the jump pointer created earlier. For
          the caller of the sdei_dispatch_event() in particular, this would
          appear as if call returned successfully.
      
      The dynamic workaround for CVE_2018_3639 is slightly shifted around as
      part of related minor refactoring. It doesn't affect the workaround
      functionality.
      
      Documentation updated.
      
      NOTE: This breaks the semantics of the explicit dispatch API, and any
      exiting usages should be carefully reviewed.
      
      Change-Id: Ib9c876d27ea2af7fb22de49832e55a0da83da3f9
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      cdb6ac94
    • Jeenu Viswambharan's avatar
      SDEI: Determine client EL from NS context's SCR_EL3 · 2ccfcb2e
      Jeenu Viswambharan authored
      
      
      Currently, the dispatcher reads from SCR_EL3 register directly to
      determine the EL of SDEI client. This is with the assumption that
      SCR_EL3 is not modified throughout. However, with RAS work flows, it's
      possible that SCR_EL3 register contains values corresponding to Secure
      world, and therefore EL determination can go wrong. To mitigate this,
      always read the register from the saved Non-secure context.
      
      Change-Id: Ic85e4021deb18eb58757f676f9a001174998543a
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      2ccfcb2e
    • Jeenu Viswambharan's avatar
      SDEI: Allow platforms to define explicit events · af2c9ecd
      Jeenu Viswambharan authored
      
      
      The current macros only allow to define dynamic and statically-bound
      SDEI events. However, there ought be a mechanism to define SDEI events
      that are explicitly dispatched; i.e., events that are dispatched as a
      result of a previous secure interrupt or other exception
      
      This patch introduces SDEI_EXPLICIT_EVENT() macro to define an explicit
      event. They must be placed under private mappings. Only the priority
      flags are allowed to be additionally specified.
      
      Documentation updated.
      
      Change-Id: I2e12f5571381195d6234c9dfbd5904608ad41db3
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      af2c9ecd
  17. 20 Jun, 2018 1 commit
  18. 15 Jun, 2018 1 commit
  19. 14 Jun, 2018 1 commit
    • Roberto Vargas's avatar
      Make TF UUID RFC 4122 compliant · 03364865
      Roberto Vargas authored
      
      
      RFC4122 defines that fields are stored in network order (big endian),
      but TF-A stores them in machine order (little endian by default in TF-A).
      We cannot change the future UUIDs that are already generated, but we can store
      all the bytes using arrays and modify fiptool to generate the UUIDs with
      the correct byte order.
      
      Change-Id: I97be2d3168d91f4dee7ccfafc533ea55ff33e46f
      Signed-off-by: default avatarRoberto Vargas <roberto.vargas@arm.com>
      03364865
  20. 13 Jun, 2018 2 commits
    • Antonio Nino Diaz's avatar
      xlat v2: Introduce xlat granule size helpers · a0b9bb79
      Antonio Nino Diaz authored
      
      
      The function xlat_arch_is_granule_size_supported() can be used to check
      if a specific granule size is supported. In Armv8, AArch32 only supports
      4 KiB pages. AArch64 supports 4 KiB, 16 KiB or 64 KiB depending on the
      implementation, which is detected at runtime.
      
      The function xlat_arch_get_max_supported_granule_size() returns the max
      granule size supported by the implementation.
      
      Even though right now they are only used by SPM, they may be useful in
      other places in the future. This patch moves the code currently in SPM
      to the xlat tables lib so that it can be reused.
      
      Change-Id: If54624a5ecf20b9b9b7f38861b56383a03bbc8a4
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      a0b9bb79
    • Antonio Nino Diaz's avatar
      SPM: Initialize SP args as expected by cm library · 83a393ba
      Antonio Nino Diaz authored
      
      
      In the context management library, cm_setup_context() takes the
      information in ep_info to fill the registers x0-x7. This patch replaces
      the current code that sets them manually by the correct initialization
      code.
      
      Change-Id: Id1fdf4681b154026c2e3af1f9b05b19582b7d16d
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      83a393ba
  21. 12 Jun, 2018 2 commits
    • Daniel Boulby's avatar
      Fix MISRA Rule 5.7 Part 3 · 776ff52a
      Daniel Boulby authored
      
      
      Rule 5.7: A tag name shall be a unique identifier
      
      Follow convention of shorter names for smaller scope to fix
      violations of MISRA rule 5.7
      
      Fixed For:
          make ARM_TSP_RAM_LOCATION=tdram LOG_LEVEL=50 PLAT=fvp SPD=opteed
      
      Change-Id: I5fbb5d6ebddf169550eddb07ed880f5c8076bb76
      Signed-off-by: default avatarDaniel Boulby <daniel.boulby@arm.com>
      776ff52a
    • Daniel Boulby's avatar
      Fix MISRA Rule 5.3 Part 3 · 7c934242
      Daniel Boulby authored
      
      
      Use a _ prefix for macro arguments to prevent that argument from
      hiding variables of the same name in the outer scope
      
      Rule 5.3: An identifier declared in an inner scope shall not
                hide an identifier declared in an outer scope
      
      Fixed For:
          make PLAT=fvp SPD=tspd
      
      Change-Id: I2d711b9584c4cb9ba3814ecd2ca65a42b7e24179
      Signed-off-by: default avatarDaniel Boulby <daniel.boulby@arm.com>
      7c934242
  22. 08 Jun, 2018 1 commit
  23. 23 May, 2018 8 commits
  24. 15 May, 2018 1 commit
    • Sandrine Bailleux's avatar
      SPM: Do not trap S-EL0 access to SVE/SIMD/FP regs · 39848945
      Sandrine Bailleux authored
      
      
      This allows secure partitions to access these registers. This is
      needed in some cases. For example, it has been reported that in order
      to implement secure storage services, a secure partition needs to
      encrypt/decrypt some authentication variables, which requires FP/SIMD
      support.
      
      Note that SPM will not do any saving/restoring of these registers on
      behalf of the SP. This falls under the SP's responsibility.
      
      Also note that if the SP gets preempted, it might not get a chance to
      save/restore FP/SIMD registers first. This patch does not address this
      problem. It only serves as a temporary solution to unblock development
      on the secure partition side.
      
      Change-Id: I3b8ccdebdac0219f6ac96ad66ab2be0be8374ad3
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      39848945