- 11 Dec, 2018 2 commits
-
-
Antonio Nino Diaz authored
Change-Id: If57ec9cc0791f49d9ade83dff9d24ef9047963a8 Co-authored-by: Jean-Paul Etienne <jean-paul.etienne@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Change-Id: Ib7c2529b85bb5930d44907edfc8ead13d3b1ef4d Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 10 Dec, 2018 1 commit
-
-
Jeenu Viswambharan authored
The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass Safe) bit to mitigate against Variant 4 vulnerabilities. Although an Armv8.5 feature, this can be implemented by CPUs implementing earlier version of the architecture. With this patch, when both PSTATE.SSBS is implemented and DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to indicate that mitigation on the PE is either permanently enabled or not required. When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset of every BL stage. This means that EL3 always executes with mitigation applied. For Cortex A76, if the PE implements SSBS, the existing mitigation (by using a different vector table, and tweaking CPU ACTLR2) is not used. Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 26 Nov, 2018 2 commits
-
-
Joel Hutton authored
Initial Spectre Variant 1 mitigations (CVE-2017-5753). A potential speculative data leak was found in PSCI code, this depends on a non-robust implementation of the `plat_get_core_pos_by_mpidr()` function. This is considered very low-risk. This patch adds a macro to mitigate this. Note not all code paths could be analyzed with current tools. Add a macro which makes a variable 'speculation safe', using the __builtin_speculation_safe_value function of GCC and llvm. This will be available in GCC 9, and is planned for llvm, but is not currently in mainline GCC or llvm. In order to implement this mitigation the compiler must support this builtin. Support is indicated by the __HAVE_SPECULATION_SAFE_VALUE flag. The -mtrack-speculation option maintains a 'tracker' register, which determines if the processor is in false speculation at any point. This adds instructions and increases code size, but avoids the performance impact of a hard barrier. Without the -mtrack-speculation option, __builtin_speculation_safe_value expands to a ISB DSB SY sequence after a conditional branch, before the speculation safe variable is used. With -mtrack-speculation a CSEL tracker, tracker, XZR, [cond]; AND safeval,tracker; CSDB sequence is added instead, clearing the vulnerable variable by AND'ing it with the tracker register, which is zero during speculative execution. [cond] are the status flags which will only be true during speculative execution. For more information on __builtin_speculation_safe_value and the -mtrack-speculation option see https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/compiler-support-for-mitigations The -mtracking option was not added, as the performance impact of the mitigation is low, and there is only one occurence. Change-Id: Ic9e66d1f4a5155e42e3e4055594974c230bfba3c Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
-
Antonio Nino Diaz authored
The headers forked at some point in the past and have diverged a lot. In order to make it easier to share code between TF-A-Tests and TF-A, this patch synchronises most of the definitions in the mentioned headers. This is not a complete sync, it has to be followed by more cleanup. This patch also removes the read helpers for the AArch32 instructions ats1cpr and ats1hr (they are write-only). Change-Id: Id13ecd7aeb83bd2318cd47156d71a42f1c9f6ba2 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 22 Nov, 2018 2 commits
-
-
Antonio Nino Diaz authored
This reverts commit 6f512a3d . According to the 'Cortex-A57 MPCore Software Developers Errata Notice': This bug will only affect secure AArch64 EL3. If the above conditions occur, the CPU will not invalidate the targeted EL3 TLB entries and incorrect translations might occur. For this reason it is not needed in AArch32. Change-Id: I6f7b333817515499723e8f306145790ad6af9975 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Provide new APIs to add new regions without specifying the base VA. - `mmap_add_region_alloc_va` adds a static region to mmap choosing as base VA the first possible address after all the currently mapped regions. It is aligned to an appropriate boundary in relation to the size and base PA of the requested region. No attempt is made to fill any unused VA holes. - `mmap_add_dynamic_region_alloc_va` it adds a region the same way as `mmap_add_region_alloc_va` does, but it's dynamic instead of static. - `mmap_add_alloc_va` takes an array of non const `mmap_region_t`, maps them in the same way as `mmap_add_region_alloc_va` and fills their `base_va` field. A helper macro has been created to help create the array, called `MAP_REGION_ALLOC_VA`. Change-Id: I5ef3f82ca0dfd0013d2e8034aa22f13ca528ba37 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 15 Nov, 2018 1 commit
-
-
Yann Gautier authored
When compiling assembly files, stdint.h is not included. UINT32_C and UINT64_C are then not defined. A new GENMASK macro for assembly is then created. Signed-off-by: Yann Gautier <yann.gautier@st.com>
-
- 09 Nov, 2018 1 commit
-
-
Yann Gautier authored
These warnings were issued by sparse: plat/st/stm32mp1/stm32mp1_pm.c:365:36: warning: incorrect type in initializer (different modifiers) expected void ( *[noreturn] pwr_domain_pwr_down_wfi )( ... ) got void ( [noreturn] *<noident> )( ... ) plat/st/stm32mp1/stm32mp1_pm.c:366:23: warning: incorrect type in initializer (different modifiers) expected void ( *[noreturn] system_off )( ... ) got void ( [noreturn] *<noident> )( ... ) plat/st/stm32mp1/stm32mp1_pm.c:367:25: warning: incorrect type in initializer (different modifiers) expected void ( *[noreturn] system_reset )( ... ) got void ( [noreturn] *<noident> )( ... ) This cannot be changed the other way in all platforms pm drivers or else there is a compilation error: plat/st/stm32mp1/stm32mp1_pm.c:234:1: error: attributes should be specified before the declarator in a function definition Signed-off-by: Yann Gautier <yann.gautier@st.com>
-
- 08 Nov, 2018 1 commit
-
-
Antonio Nino Diaz authored
All identifiers, regardless of use, that start with two underscores are reserved. This means they can't be used in header guards. The style that this project is now to use the full name of the file in capital letters followed by 'H'. For example, for a file called "uart_example.h", the header guard is UART_EXAMPLE_H. The exceptions are files that are imported from other projects: - CryptoCell driver - dt-bindings folders - zlib headers Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 02 Nov, 2018 1 commit
-
-
Antonio Nino Diaz authored
Change-Id: I2f5f64aaf90caae936510e1179392a8835f493e0 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 01 Nov, 2018 2 commits
-
-
Antonio Nino Diaz authored
Change-Id: I600bc13522ae977db355b6dc5a1695bce39ec130 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The macro EL_IMPLEMENTED() has been deprecated in favour of the new function el_implemented(). Change-Id: Ic9b1b81480b5e019b50a050e8c1a199991bf0ca9 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 30 Oct, 2018 1 commit
-
-
Antonio Nino Diaz authored
Version 1.4.7 introduces a big performance hit to functions that access the FDT. Downgrade the library to version 1.4.6-9, before the changes that introduce the problem. Version 1.4.6 isn't used because one of the libfdt files (fdt_overlay.c) is missing the license header. This problem is also fixed in 1.4.6-9. This version corresponds to commit <aadd0b65c987> checks: centralize printing of property names in failure messages. Fixes ARM-software/tf-issues#643 Change-Id: I73c05f2b1f994bcdcc4366131ce0647553cdcfb8 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 29 Oct, 2018 6 commits
-
-
Antonio Nino Diaz authored
No functional changes. Change-Id: I64abd72026082218a40b1a4b8f7dc26ff2478ba6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
No functional changes. Change-Id: Iaab0310848be587b635ce5339726e92a50f534e0 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
No functional changes. Change-Id: I2f28f20944f552447ac4e9e755493cd7c0ea1192 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Soby Mathew authored
Previously the errata reporting was optional for CPU operation files and this was achieved by making use of weak reference to resolve to 0 if the symbol is not defined. This is error prone when adding new CPU operation files and weak references are problematic when fixing up dynamic relocations. Hence this patch removes the weak reference and makes it mandatory for the CPU operation files to define the errata reporting function. Change-Id: I8af192e19b85b7cd8c7579e52f8f05a4294e5396 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch fixes up the AArch64 assembly code to use adrp/adr instructions instead of ldr instruction for reference to symbols. This allows these assembly sequences to be Position Independant. Note that the the reference to sizes have been replaced with calculation of size at runtime. This is because size is a constant value and does not depend on execution address and using PC relative instructions for loading them makes them relative to execution address. Also we cannot use `ldr` instruction to load size as it generates a dynamic relocation entry which must *not* be fixed up and it is difficult for a dynamic loader to differentiate which entries need to be skipped. Change-Id: I8bf4ed5c58a9703629e5498a27624500ef40a836 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch adds a utility function to return the address of a symbol. By default, the compiler generates adr/adrp instruction pair to return the reference and this utility is used to override this compiler generated to code and use `ldr` instruction. This is needed for Position Independent Executable when it needs to reference a symbol which is constant and does not depend on the execute address of the binary. For example, on the FVP, the GICv3 register context is stored in a secure carveout (arm_el3_tzc_dram) within DDR and does not relocate with the BL image. Now if BL31 is executing at a different address other than the compiled address, using adrp/adr instructions to reference this memory will not work as they generate an address that is PC relative. The way to get around this problem is to reference it as non-PC relative (i.e non-relocatable location) via `ldr` instruction. Change-Id: I5008a951b007144258121690afb68dc8e12ee6f7 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 26 Oct, 2018 1 commit
-
-
Antonio Nino Diaz authored
There are several platforms using arm_setup_page_tables(), which is supposed to be Arm platform only. This creates several dependency problems between platforms. This patch adds the definition XLAT_TABLES_LIB_V2 to the xlat tables lib v2 makefile. This way it is possible to detect from C code which version is being used and include the correct header. The file arm_xlat_tables.h has been renamed to xlat_tables_compat.h and moved to a common folder. This way, when in doubt, this header can be used to guarantee compatibility, as it includes the correct header based on XLAT_TABLES_LIB_V2. This patch also removes the usage of ARM_XLAT_TABLES_V1 from QEMU (so that is now locked in xlat lib v2) and ZynqMP (where it was added as a workaround). Change-Id: Ie1e22a23b44c549603d1402a237a70d0120d3e04 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 23 Oct, 2018 3 commits
-
-
Antonio Nino Diaz authored
Change-Id: Iad7adaf0b16a3d086594cb3432210ac2c4e207f8 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
The current version of libfdt (1.4.2) has been modified to integrate it in this repository. In order to do a clean import it is needed to remove the current version first. Change-Id: I2cab8c8e5632280d282fa7a2f2339768a0ad1e0f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Change-Id: I3ddc07cb02d73cd7614af7a5b21827aae155f9a0 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 18 Oct, 2018 1 commit
-
-
Konstantin Porotchkin authored
Add 16-bit variant of mmio_clrsetbits function Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com> Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
-
- 16 Oct, 2018 1 commit
-
-
Jeenu Viswambharan authored
Pointer authentication is an Armv8.3 feature that introduces instructions that can be used to authenticate and verify pointers. Pointer authentication instructions are allowed to be accessed from all ELs but only when EL3 explicitly allows for it; otherwise, their usage will trap to EL3. Since EL3 doesn't have trap handling in place, this patch unconditionally disables all related traps to EL3 to avoid potential misconfiguration leading to an unhandled EL3 exception. Fixes ARM-software/tf-issues#629 Change-Id: I9bd2efe0dc714196f503713b721ffbf05672c14d Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 15 Oct, 2018 1 commit
-
-
Deepak Pandey authored
macro jump_if_cpu_midr is used commonly by many arm platform. It has now been relocated to common place to remove duplication of code. Change-Id: Ic0876097dbc085df4f90eadb4b7687dde7c726da Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>
-
- 11 Oct, 2018 1 commit
-
-
Sandrine Bailleux authored
The object pool allocator provides a simplistic interface to manage allocation in a fixed-size static array. The caller creates a static "object pool" out of such an array and may then call pool_alloc() to get the next available object within the pool. There is also a variant to get multiple consecutive objects: pool_alloc_n(). Note that this interface does not provide any way to free the objects afterwards. This is by design and it is not a limitation. We do not want to introduce complexity induced by memory freeing, such as use-after-free bugs, memory fragmentation and so on. Change-Id: Iefc2e153767851fbde5841a295f92ae48adda71f Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 04 Oct, 2018 1 commit
-
-
Antonio Nino Diaz authored
No functional changes. Change-Id: I9638e02acb9b22eb794ebf45aad84348a710287e Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 03 Oct, 2018 1 commit
-
-
Daniel Boulby authored
This patch introduces a build flag "RECLAIM_INIT_CODE" to mark boot time code which allows platforms to place this memory in an appropriate section to be reclaimed later. This features is primarily targeted for BL31. Appropriate documentation updates are also done. Change-Id: If0ca062851614805d769c332c771083d46599194 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
-
- 28 Sep, 2018 5 commits
-
-
Antonio Nino Diaz authored
Change-Id: Icd1cdd42afdc78895a9be6c46b414b0a155cfa63 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Change-Id: I83de2ae3e0795e6fec3c1e5b37c441b64b0c9cb6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Change-Id: I2d4a21a80a768bc422e9707e6d7e98d20a716275 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Change-Id: I9fd8016527ad7706494f34356fdae8efacef5f72 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Roberto Vargas authored
Change-Id: I40d040aa05bcbf11536a96ce59827711456b93a8 Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 25 Sep, 2018 1 commit
-
-
Sathees Balya authored
Change-Id: I43d2b3a0f672b4902edec3d3a39ffedbb0a701a3 Signed-off-by: Sathees Balya <sathees.balya@arm.com>
-
- 20 Sep, 2018 1 commit
-
-
Yann Gautier authored
PAR register used here is a 64 bit register. On AARCH32 BIT macro is BIT_32. PAR_ADDR_MASK should then use BIT_64 to avoid overflow. Signed-off-by: Yann Gautier <yann.gautier@st.com>
-
- 05 Sep, 2018 3 commits
-
-
Jeenu Viswambharan authored
'dmb ld' is not a recognized instruction for ARMv7. Since generic code may use 'dmb ld', alias it to 'dmb' when building for ARMv7. Change-Id: I502f360cb6412897ca9580b725d9f79469a7612e Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Varun Wadekar authored
For Denver CPUs, this approach enables the mitigation during EL3 initialization, following every PE reset. No mechanism is provided to disable the mitigation at runtime. This approach permanently mitigates the EL3 software stack only. Other software components are responsible to enable it for their exception levels. TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN3 and earlier: * By setting bit 11 (Disable speculative store buffering) of `ACTLR_EL3` * By setting bit 9 (Disable speculative memory disambiguation) of `ACTLR_EL3` TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN4 and later: * By setting bit 18 (Disable speculative store buffering) of `ACTLR_EL3` * By setting bit 17 (Disable speculative memory disambiguation) of `ACTLR_EL3` Change-Id: If1de96605ce3f7b0aff5fab2c828e5aecb687555 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
Denver CPUs expect the power state field to be reset to 'C1' during boot. This patch updates the reset handler to reset the ACTLR_.PMSTATE field to 'C1' state during CPU boot. Change-Id: I7cb629627a4dd1a30ec5cbb3a5e90055244fe30c Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-