1. 08 Feb, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Make setjmp.h prototypes comply with the C standard · e0566305
      Antonio Nino Diaz authored
      
      
      Instead of having a custom implementation of setjmp() and longjmp() it
      is better to follow the C standard.
      
      The comments in setjmp.h are no longer needed as there are no deviations
      from the expected one, so they have been removed.
      
      All SDEI code that relied on them has been fixed to use the new function
      prototypes and structs.
      
      Change-Id: I6cd2e21cb5a5bcf81ba12283f2e4c067bd5172ca
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      e0566305
  2. 01 Feb, 2019 1 commit
  3. 30 Jan, 2019 1 commit
    • Sathees Balya's avatar
      lib/xlat_tables: Add support for ARMv8.4-TTST · cedfa04b
      Sathees Balya authored
      
      
      ARMv8.4-TTST (Small Translation tables) relaxes the lower limit on the
      size of translation tables by increasing the maximum permitted value
      of the T1SZ and T0SZ fields in TCR_EL1, TCR_EL2, TCR_EL3, VTCR_EL2 and
      VSTCR_EL2.
      
      This feature is supported in AArch64 state only.
      
      This patch adds support for this feature to both versions of the
      translation tables library. It also removes the static build time
      checks for virtual address space size checks to runtime assertions.
      
      Change-Id: I4e8cebc197ec1c2092dc7d307486616786e6c093
      Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      cedfa04b
  4. 25 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      plat/arm: Sanitise includes · bd9344f6
      Antonio Nino Diaz authored
      
      
      Use full include paths like it is done for common includes.
      
      This cleanup was started in commit d40e0e08283a ("Sanitise includes
      across codebase"), but it only cleaned common files and drivers. This
      patch does the same to Arm platforms.
      
      Change-Id: If982e6450bbe84dceb56d464e282bcf5d6d9ab9b
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      bd9344f6
  5. 15 Jan, 2019 1 commit
    • Paul Beesley's avatar
      Correct typographical errors · 8aabea33
      Paul Beesley authored
      
      
      Corrects typos in core code, documentation files, drivers, Arm
      platforms and services.
      
      None of the corrections affect code; changes are limited to comments
      and other documentation.
      
      Change-Id: I5c1027b06ef149864f315ccc0ea473e2a16bfd1d
      Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      8aabea33
  6. 11 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      xlat v2: Dynamically detect need for CnP bit · 2559b2c8
      Antonio Nino Diaz authored
      
      
      ARMv8.2-TTCNP is mandatory from ARMv8.2 onwards, but it can be implemented
      in CPUs that don't implement all mandatory 8.2 features (and so have to
      claim to be a lower version).
      
      This patch removes usage of the ARM_ARCH_AT_LEAST() macro and uses system
      ID registers to detect whether it is needed to set the bit or not.
      
      Change-Id: I7bcbf0c7c937590dfc2ca668cfd9267c50f7d52c
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      2559b2c8
  7. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  8. 18 Dec, 2018 2 commits
  9. 11 Dec, 2018 2 commits
  10. 10 Dec, 2018 1 commit
    • Jeenu Viswambharan's avatar
      AArch64: Use SSBS for CVE_2018_3639 mitigation · 48e1d350
      Jeenu Viswambharan authored
      
      
      The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass
      Safe) bit to mitigate against Variant 4 vulnerabilities. Although an
      Armv8.5 feature, this can be implemented by CPUs implementing earlier
      version of the architecture.
      
      With this patch, when both PSTATE.SSBS is implemented and
      DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for
      SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to
      indicate that mitigation on the PE is either permanently enabled or not
      required.
      
      When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset
      of every BL stage. This means that EL3 always executes with mitigation
      applied.
      
      For Cortex A76, if the PE implements SSBS, the existing mitigation (by
      using a different vector table, and tweaking CPU ACTLR2) is not used.
      
      Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      48e1d350
  11. 26 Nov, 2018 1 commit
    • Joel Hutton's avatar
      Initial Spectre V1 mitigations (CVE-2017-5753). · 9edd8912
      Joel Hutton authored
      Initial Spectre Variant 1 mitigations (CVE-2017-5753).
      A potential speculative data leak was found in PSCI code, this depends
      on a non-robust implementation of the `plat_get_core_pos_by_mpidr()`
      function. This is considered very low-risk. This patch adds a macro to
      mitigate this. Note not all code paths could be analyzed with current
      tools.
      
      Add a macro which makes a variable 'speculation safe', using the
       __builtin_speculation_safe_value function of GCC and llvm. This will be
      available in GCC 9, and is planned for llvm, but is not currently in
      mainline GCC or llvm. In order to implement this mitigation the compiler
      must support this builtin. Support is indicated by the
      __HAVE_SPECULATION_SAFE_VALUE flag.
      
      The -mtrack-speculation option maintains a 'tracker' register, which
      determines if the processor is in false speculation at any point. This
      adds instructions and increases code size, but avoids the performance
      impact of a hard barrier.
      
      Without the -mtrack-speculation option, __builtin_speculation_safe_value
      expands to a
      
          ISB
          DSB SY
      
      sequence after a conditional branch, before the
      speculation safe variable is used. With -mtrack-speculation a
      
          CSEL tracker, tracker, XZR, [cond];
          AND safeval,tracker;
          CSDB
      
      sequence is added instead, clearing the vulnerable variable by
      AND'ing it with the tracker register, which is zero during speculative
      execution. [cond] are the status flags which will only be true during
      speculative execution. For more information on
      __builtin_speculation_safe_value and the -mtrack-speculation option see
      https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/compiler-support-for-mitigations
      
      
      
      The -mtracking option was not added, as the performance impact of the
      mitigation is low, and there is only one occurence.
      
      Change-Id: Ic9e66d1f4a5155e42e3e4055594974c230bfba3c
      Signed-off-by: default avatarJoel Hutton <Joel.Hutton@Arm.com>
      9edd8912
  12. 23 Nov, 2018 1 commit
    • Sathees Balya's avatar
      juno: Add romlib support · afa5cfea
      Sathees Balya authored
      
      
      This patch adds support to build a combined BL1
      and ROMLIB binary file with the right page
      alignment in Juno. When USE_ROMLIB=1 is set for
      Juno, it generates the combined file
      bl1_romlib.bin which needs to be used instead of
      bl1.bin
      
      Change-Id: I407efbe48d3e522fa6ef855538a9587193cb1919
      Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      afa5cfea
  13. 22 Nov, 2018 4 commits
    • Sathees Balya's avatar
      romlib: Add map file generation · 582133a8
      Sathees Balya authored
      
      
      Change-Id: I1f377d2d94c0fe8d2d9e62614f4a8e2dfcd9e745
      Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      582133a8
    • Sathees Balya's avatar
      romlib: Add calloc_free register function · 032e3a6c
      Sathees Balya authored
      
      
      Register functions have to be added to the
      jump table to allow patching in the
      future
      
      Change-Id: I57a885f7fc6290ea74a6096aea5b1867b2098eb7
      Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      032e3a6c
    • Sathees Balya's avatar
      romlib: Allow patching of romlib functions · 6baf85b3
      Sathees Balya authored
      
      
      This change allows patching of functions in the
      romlib. This can be done by adding "patch" at the
      end of the jump table entry for the function that
      needs to be patched in the file jmptbl.i.
      Functions patched in the jump table list will be
      built as part of the BL image and the romlib
      version will not be used
      
      Change-Id: Iefb200cb86e2a4b61ad3ee6180d3ecc39bad537f
      Signed-off-by: default avatarSathees Balya <sathees.balya@arm.com>
      6baf85b3
    • Antonio Nino Diaz's avatar
      xlat v2: Support mapping regions with allocated VA · 9056f108
      Antonio Nino Diaz authored
      
      
      Provide new APIs to add new regions without specifying the base VA.
      
      - `mmap_add_region_alloc_va` adds a static region to mmap choosing as
        base VA the first possible address after all the currently mapped
        regions. It is aligned to an appropriate boundary in relation to the
        size and base PA of the requested region. No attempt is made to fill
        any unused VA holes.
      
      - `mmap_add_dynamic_region_alloc_va` it adds a region the same way as
        `mmap_add_region_alloc_va` does, but it's dynamic instead of static.
      
      - `mmap_add_alloc_va` takes an array of non const `mmap_region_t`,
        maps them in the same way as `mmap_add_region_alloc_va` and fills
        their `base_va` field. A helper macro has been created to help create
        the array, called `MAP_REGION_ALLOC_VA`.
      
      Change-Id: I5ef3f82ca0dfd0013d2e8034aa22f13ca528ba37
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      9056f108
  14. 06 Nov, 2018 2 commits
  15. 02 Nov, 2018 2 commits
  16. 01 Nov, 2018 2 commits
  17. 30 Oct, 2018 1 commit
    • Antonio Nino Diaz's avatar
      libfdt: Downgrade to version 1.4.6-9 · 00f588bf
      Antonio Nino Diaz authored
      
      
      Version 1.4.7 introduces a big performance hit to functions that access
      the FDT. Downgrade the library to version 1.4.6-9, before the changes
      that introduce the problem. Version 1.4.6 isn't used because one of the
      libfdt files (fdt_overlay.c) is missing the license header. This
      problem is also fixed in 1.4.6-9.
      
      This version corresponds to commit <aadd0b65c987> checks: centralize
      printing of property names in failure messages.
      
      Fixes ARM-software/tf-issues#643
      
      Change-Id: I73c05f2b1f994bcdcc4366131ce0647553cdcfb8
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      00f588bf
  18. 29 Oct, 2018 6 commits
    • Antonio Nino Diaz's avatar
      Fix MISRA defects in PMF · 195e363f
      Antonio Nino Diaz authored
      
      
      No functional changes.
      
      Change-Id: I64abd72026082218a40b1a4b8f7dc26ff2478ba6
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      195e363f
    • Antonio Nino Diaz's avatar
      Fix MISRA defects in workaround and errata framework · 43534997
      Antonio Nino Diaz authored
      
      
      No functional changes.
      
      Change-Id: Iaab0310848be587b635ce5339726e92a50f534e0
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      43534997
    • Antonio Nino Diaz's avatar
      Fix MISRA defects in extension libs · 40daecc1
      Antonio Nino Diaz authored
      
      
      No functional changes.
      
      Change-Id: I2f28f20944f552447ac4e9e755493cd7c0ea1192
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      40daecc1
    • Soby Mathew's avatar
      PIE: Position Independant Executable support for BL31 · 931f7c61
      Soby Mathew authored
      
      
      This patch introduces Position Independant Executable(PIE) support
      in TF-A. As a initial prototype, only BL31 can support PIE. A trivial
      dynamic linker is implemented which supports fixing up Global Offset
      Table(GOT) and Dynamic relocations(.rela.dyn). The fixup_gdt_reloc()
      helper function implements this linker and this needs to be called
      early in the boot sequence prior to invoking C functions. The GOT is
      placed in the RO section of BL31 binary for improved security and the
      BL31 linker script is modified to export the appropriate symbols
      required for the dynamic linker.
      
      The C compiler always generates PC relative addresses to linker symbols
      and hence referencing symbols exporting constants are a problem when
      relocating the binary. Hence the reference to the
      `__PERCPU_TIMESTAMP_SIZE__` symbol in PMF is removed and is now calculated
      at runtime based on start and end addresses.
      
      Change-Id: I1228583ff92cf432963b7cef052e95d995cca93d
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      931f7c61
    • Soby Mathew's avatar
      Make errata reporting mandatory for CPU files · 12af5ed4
      Soby Mathew authored
      
      
      Previously the errata reporting was optional for CPU operation
      files and this was achieved by making use of weak reference to
      resolve to 0 if the symbol is not defined. This is error prone
      when adding new CPU operation files and weak references are
      problematic when fixing up dynamic relocations. Hence this patch
      removes the weak reference and makes it mandatory for the CPU
      operation files to define the errata reporting function.
      
      Change-Id: I8af192e19b85b7cd8c7579e52f8f05a4294e5396
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      12af5ed4
    • Soby Mathew's avatar
      PIE: Use PC relative adrp/adr for symbol reference · f1722b69
      Soby Mathew authored
      
      
      This patch fixes up the AArch64 assembly code to use
      adrp/adr instructions instead of ldr instruction for
      reference to symbols. This allows these assembly
      sequences to be Position Independant. Note that the
      the reference to sizes have been replaced with
      calculation of size at runtime. This is because size
      is a constant value and does not depend on execution
      address and using PC relative instructions for loading
      them makes them relative to execution address. Also
      we cannot use `ldr` instruction to load size as it
      generates a dynamic relocation entry which must *not*
      be fixed up and it is difficult for a dynamic loader
      to differentiate which entries need to be skipped.
      
      Change-Id: I8bf4ed5c58a9703629e5498a27624500ef40a836
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      f1722b69
  19. 26 Oct, 2018 1 commit
    • Antonio Nino Diaz's avatar
      xlat: Fix compatibility between v1 and v2 · 03987d01
      Antonio Nino Diaz authored
      
      
      There are several platforms using arm_setup_page_tables(), which is
      supposed to be Arm platform only. This creates several dependency
      problems between platforms.
      
      This patch adds the definition XLAT_TABLES_LIB_V2 to the xlat tables lib
      v2 makefile. This way it is possible to detect from C code which version
      is being used and include the correct header.
      
      The file arm_xlat_tables.h has been renamed to xlat_tables_compat.h and
      moved to a common folder. This way, when in doubt, this header can be
      used to guarantee compatibility, as it includes the correct header based
      on XLAT_TABLES_LIB_V2.
      
      This patch also removes the usage of ARM_XLAT_TABLES_V1 from QEMU (so
      that is now locked in xlat lib v2) and ZynqMP (where it was added as a
      workaround).
      
      Change-Id: Ie1e22a23b44c549603d1402a237a70d0120d3e04
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      03987d01
  20. 23 Oct, 2018 4 commits
  21. 16 Oct, 2018 2 commits
    • Andrew F. Davis's avatar
      ti: k3: common: Do not disable cache on TI K3 core powerdown · 6a655a85
      Andrew F. Davis authored
      
      
      Leave the caches on and explicitly flush any data that
      may be stale when the core is powered down. This prevents
      non-coherent interconnect access which has negative side-
      effects on AM65x.
      Signed-off-by: default avatarAndrew F. Davis <afd@ti.com>
      6a655a85
    • Jeenu Viswambharan's avatar
      AArch64: Enable lower ELs to use pointer authentication · 3ff4aaac
      Jeenu Viswambharan authored
      
      
      Pointer authentication is an Armv8.3 feature that introduces
      instructions that can be used to authenticate and verify pointers.
      
      Pointer authentication instructions are allowed to be accessed from all
      ELs but only when EL3 explicitly allows for it; otherwise, their usage
      will trap to EL3. Since EL3 doesn't have trap handling in place, this
      patch unconditionally disables all related traps to EL3 to avoid
      potential misconfiguration leading to an unhandled EL3 exception.
      
      Fixes ARM-software/tf-issues#629
      
      Change-Id: I9bd2efe0dc714196f503713b721ffbf05672c14d
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      3ff4aaac
  22. 11 Oct, 2018 1 commit
    • ldts's avatar
      psci: platform control of SYSTEM_SUSPEND entry · a4065abd
      ldts authored
      Some platforms can only resume from system suspend from the boot
      CPU, hence they should only enter that state from that same core.
      
      The following commit presents an interface that allows the platform to
      reject system suspend entry near its very last stage (last CPU).
      a4065abd
  23. 10 Oct, 2018 1 commit