- 04 May, 2018 1 commit
-
-
Jeenu Viswambharan authored
At present, any External Abort routed to EL3 is reported as an unhandled exception and cause a panic. This patch enables ARM Trusted Firmware to handle External Aborts routed to EL3. With this patch, when an External Abort is received at EL3, its handling is delegated to plat_ea_handler() function. Platforms can provide their own implementation of this function. This patch adds a weak definition of the said function that prints out a message and just panics. In order to support handling External Aborts at EL3, the build option HANDLE_EA_EL3_FIRST must be set to 1. Before this patch, HANDLE_EA_EL3_FIRST wasn't passed down to compilation; this patch fixes that too. Change-Id: I4d07b7e65eb191ff72d63b909ae9512478cd01a1 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 28 Feb, 2018 1 commit
-
-
Roberto Vargas authored
Rule 8.4: A compatible declaration shall be visible when an object or function with external linkage is defined. Change-Id: I26e042cb251a6f9590afa1340fdac73e42f23979 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
-
- 29 Jan, 2018 1 commit
-
-
Dimitris Papastamos authored
In the initial implementation of this workaround we used a dedicated workaround context to save/restore state. This patch reduces the footprint as no additional context is needed. Additionally, this patch reduces the memory loads and stores by 20%, reduces the instruction count and exploits static branch prediction to optimize the SMC path. Change-Id: Ia9f6bf06fbf8a9037cfe7f1f1fb32e8aec38ec7d Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 11 Jan, 2018 2 commits
-
-
Dimitris Papastamos authored
The suspend hook is published at the start of a CPU powerdown operation. The resume hook is published at the end of a CPU powerup operation. Change-Id: I50c05e2dde0d33834095ac41b4fcea4c161bb434 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
Dimitris Papastamos authored
Invalidate the Branch Target Buffer (BTB) on entry to EL3 by temporarily dropping into AArch32 Secure-EL1 and executing the `BPIALL` instruction. This is achieved by using 3 vector tables. There is the runtime vector table which is used to handle exceptions and 2 additional tables which are required to implement this workaround. The additional tables are `vbar0` and `vbar1`. The sequence of events for handling a single exception is as follows: 1) Install vector table `vbar0` which saves the CPU context on entry to EL3 and sets up the Secure-EL1 context to execute in AArch32 mode with the MMU disabled and I$ enabled. This is the default vector table. 2) Before doing an ERET into Secure-EL1, switch vbar to point to another vector table `vbar1`. This is required to restore EL3 state when returning from the workaround, before proceeding with normal EL3 exception handling. 3) While in Secure-EL1, the `BPIALL` instruction is executed and an SMC call back to EL3 is performed. 4) On entry to EL3 from Secure-EL1, the saved context from step 1) is restored. The vbar is switched to point to `vbar0` in preparation to handle further exceptions. Finally a branch to the runtime vector table entry is taken to complete the handling of the original exception. This workaround is enabled by default on the affected CPUs. NOTE ==== There are 4 different stubs in Secure-EL1. Each stub corresponds to an exception type such as Sync/IRQ/FIQ/SError. Each stub will move a different value in `R0` before doing an SMC call back into EL3. Without this piece of information it would not be possible to know what the original exception type was as we cannot use `ESR_EL3` to distinguish between IRQs and FIQs. Change-Id: I90b32d14a3735290b48685d43c70c99daaa4b434 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 20 Nov, 2017 1 commit
-
-
Dimitris Papastamos authored
Factor out SPE operations in a separate file. Use the publish subscribe framework to drain the SPE buffers before entering secure world. Additionally, enable SPE before entering normal world. A side effect of this change is that the profiling buffers are now only drained when a transition from normal world to secure world happens. Previously they were drained also on return from secure world, which is unnecessary as SPE is not supported in S-EL1. Change-Id: I17582c689b4b525770dbb6db098b3a0b5777b70a Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 15 Nov, 2017 1 commit
-
-
David Cunado authored
The FPEXC32_EL2 register controls SIMD and FP functionality when the lower ELs are executing in AArch32 mode. It is architecturally mapped to AArch32 system register FPEXC. This patch removes FPEXC32_EL2 register from the System Register context and adds it to the floating-point context. EL3 only saves / restores the floating-point context if the build option CTX_INCLUDE_FPREGS is set to 1. The rationale for this change is that if the Secure world is using FP functionality and EL3 is not managing the FP context, then the Secure world will save / restore the appropriate FP registers. NOTE - this is a break in behaviour in the unlikely case that CTX_INCLUDE_FPREGS is set to 0 and the platform contains an AArch32 Secure Payload that modifies FPEXC, but does not save and restore this register Change-Id: Iab80abcbfe302752d52b323b4abcc334b585c184 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 13 Nov, 2017 1 commit
-
-
Jeenu Viswambharan authored
EHF is a framework that allows dispatching of EL3 interrupts to their respective handlers in EL3. This framework facilitates the firmware-first error handling policy in which asynchronous exceptions may be routed to EL3. Such exceptions may be handed over to respective exception handlers. Individual handlers might further delegate exception handling to lower ELs. The framework associates the delegated execution to lower ELs with a priority value. For interrupts, this corresponds to the priorities programmed in GIC; for other types of exceptions, viz. SErrors or Synchronous External Aborts, individual dispatchers shall explicitly associate delegation to a secure priority. In order to prevent lower priority interrupts from preempting higher priority execution, the framework provides helpers to control preemption by virtue of programming Priority Mask register in the interrupt controller. This commit allows for handling interrupts targeted at EL3. Exception handlers own interrupts by assigning them a range of secure priorities, and registering handlers for each priority range it owns. Support for exception handling in BL31 image is enabled by setting the build option EL3_EXCEPTION_HANDLING=1. Documentation to follow. NOTE: The framework assumes the priority scheme supported by platform interrupt controller is compliant with that of ARM GIC architecture (v2 or later). Change-Id: I7224337e4cea47c6ca7d7a4ca22a3716939f7e42 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 31 Oct, 2017 2 commits
-
-
Joel Hutton authored
Change sizeof call so it references a static type instead of return of a function in order to be MISRA compliant. Change-Id: I6f1adb206073d6cd200156e281b8d76249e3af0e Signed-off-by: Joel Hutton <joel.hutton@arm.com>
-
Dimitris Papastamos authored
Add events that trigger before entry to normal/secure world. The events trigger after the normal/secure context has been restored. Similarly add events that trigger after leaving normal/secure world. The events trigger after the normal/secure context has been saved. Change-Id: I1b48a7ea005d56b1f25e2b5313d77e67d2f02bc5 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-
- 23 Oct, 2017 2 commits
-
-
Jeenu Viswambharan authored
This allows other EL3 components to subscribe to CPU on events. Update Firmware Design guide to list psci_cpu_on_finish as an available event. Change-Id: Ida774afe0f9cdce4021933fcc33a9527ba7aaae2 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
This light-weight framework enables some EL3 components to publish events which other EL3 components can subscribe to. Publisher can optionally pass opaque data for subscribers. The order in which subscribers are called is not defined. Firmware design updated. Change-Id: I24a3a70b2b1dedcb1f73cf48313818aebf75ebb6 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 13 Oct, 2017 1 commit
-
-
David Cunado authored
Currently TF does not initialise the PMCR_EL0 register in the secure context or save/restore the register. In particular, the DP field may not be set to one to prohibit cycle counting in the secure state, even though event counting generally is prohibited via the default setting of MDCR_EL3.SMPE to 0. This patch initialises PMCR_EL0.DP to one in the secure state to prohibit cycle counting and also initialises other fields that have an architectually UNKNOWN reset value. Additionally, PMCR_EL0 is added to the list of registers that are saved and restored during a world switch. Similar changes are made for PMCR for the AArch32 execution state. NOTE: secure world code at lower ELs that assume other values in PMCR_EL0 will be impacted. Change-Id: Iae40e8c0a196d74053accf97063ebc257b4d2f3a Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 01 Sep, 2017 1 commit
-
-
Etienne Carriere authored
Platform may use specific cache line sizes. Since CACHE_WRITEBACK_GRANULE defines the platform specific cache line size, it is used to define the size of the cpu data structure CPU_DATA_SIZE aligned on cache line size. Introduce assembly macro 'mov_imm' for AArch32 to simplify implementation of function '_cpu_data_by_index'. Change-Id: Ic2d49ffe0c3e51649425fd9c8c99559c582ac5a1 Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
-
- 23 Jun, 2017 1 commit
-
-
Etienne Carriere authored
This change avoids warning when setting -Wmissing-prototypes to compile bl1_context_mgmt.c. Reported-by: Yann Gautier <yann.gautier@st.com> Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
-
- 22 Jun, 2017 1 commit
-
-
dp-arm authored
SPE is only supported in non-secure state. Accesses to SPE specific registers from SEL1 will trap to EL3. During a world switch, before `TTBR` is modified the SPE profiling buffers are drained. This is to avoid a potential invalid memory access in SEL1. SPE is architecturally specified only for AArch64. Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 15 Jun, 2017 1 commit
-
-
Varun Wadekar authored
This patch uses the U() and ULL() macros for constants, to fix some of the signed-ness defects flagged by the MISRA scanner. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 04 May, 2017 1 commit
-
-
Jeenu Viswambharan authored
In AArch64, privileged exception levels control the execution state (a.k.a. register width) of the immediate lower Exception Level; i.e. whether the lower exception level executes in AArch64 or AArch32 state. For an exception level to have its execution state changed at run time, it must request the change by raising a synchronous exception to the higher exception level. This patch implements and adds such a provision to the ARM SiP service, by which an immediate lower exception level can request to switch its execution state. The execution state is switched if the request is: - raised from non-secure world; - raised on the primary CPU, before any secondaries are brought online with CPU_ON PSCI call; - raised from an exception level immediately below EL3: EL2, if implemented; otherwise NS EL1. If successful, the SMC doesn't return to the caller, but to the entry point supplied with the call. Otherwise, the caller will observe the SMC returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built for AArch32, the feature is not supported, and the call will always fail. For the ARM SiP service: - Add SMC function IDs for both AArch32 and AArch64; - Increment the SiP service minor version to 2; - Adjust the number of supported SiP service calls. Add documentation for ARM SiP service. Fixes ARM-software/tf-issues#436 Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 03 May, 2017 1 commit
-
-
dp-arm authored
To make software license auditing simpler, use SPDX[0] license identifiers instead of duplicating the license text in every file. NOTE: Files that have been imported by FreeBSD have not been modified. [0]: https://spdx.org/ Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 20 Apr, 2017 1 commit
-
-
Antonio Nino Diaz authored
Many asserts depend on code that is conditionally compiled based on the DEBUG define. This patch modifies the conditional inclusion of such code so that it is based on the ENABLE_ASSERTIONS build option. Change-Id: I6406674788aa7e1ad7c23d86ce94482ad3c382bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 27 Mar, 2017 1 commit
-
-
Soby Mathew authored
This patch re-factors the following headers to make it easier to integrate the PSCI library with an AArch32 Secure Payload : * bl_common.h : The entry point information and the param header data structures are factored out into separate headers ep_info.h and param_headers.h * psci.h : The PSCI library interfaces are factored out into the new header psci_lib.h * context_mgmt.h : The header file is modified to not include arch.h when compiled for AArch32 mode. No functional changes are introduced by this patch. Change-Id: I5e21a843c0af2ba8e47dee4e577cf95929be8cd4 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 12 Oct, 2016 1 commit
-
-
dp-arm authored
In order to quantify the overall time spent in the PSCI software implementation, an initial collection of PMF instrumentation points has been added. Instrumentation has been added to the following code paths: - Entry to PSCI SMC handler. The timestamp is captured as early as possible during the runtime exception and stored in memory before entering the PSCI SMC handler. - Exit from PSCI SMC handler. The timestamp is captured after normal return from the PSCI SMC handler or if a low power state was requested it is captured in the bl31 warm boot path before return to normal world. - Entry to low power state. The timestamp is captured before entry to a low power state which implies either standby or power down. As these power states are mutually exclusive, only one timestamp is defined to describe both. It is possible to differentiate between the two power states using the PSCI STAT interface. - Exit from low power state. The timestamp is captured after a standby or power up operation has completed. To calculate the number of cycles spent running code in Trusted Firmware one can perform the following calculation: (exit_psci - enter_psci) - (exit_low_pwr - enter_low_pwr). The resulting number of cycles can be converted to time given the frequency of the counter. Change-Id: Ie3b8f3d16409b6703747093b3a2d5c7429ad0166 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 21 Sep, 2016 1 commit
-
-
Yatharth Kochar authored
This patch adds generic changes in BL1 to support AArch32 state. New AArch32 specific assembly/C files are introduced and some files are moved to AArch32/64 specific folders. BL1 for AArch64 is refactored but functionally identical. BL1 executes in Secure Monitor mode in AArch32 state. NOTE: BL1 in AArch32 state ONLY handles BL1_RUN_IMAGE SMC. Change-Id: I6e2296374c7efbf3cf2aa1a0ce8de0732d8c98a5
-
- 10 Aug, 2016 1 commit
-
-
Soby Mathew authored
This patch adds AArch32 support to cpu ops, context management, per-cpu data and spinlock libraries. The `entrypoint_info` structure is modified to add support for AArch32 register arguments. The CPU operations for AEM generic cpu in AArch32 mode is also added. Change-Id: I1e52e79f498661d8f31f1e7b3a29e222bc7a4483
-
- 18 Jul, 2016 1 commit
-
-
Soby Mathew authored
This patch moves the PSCI services and BL31 frameworks like context management and per-cpu data into new library components `PSCI` and `el3_runtime` respectively. This enables PSCI to be built independently from BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant PSCI library sources and gets included by `bl31.mk`. Other changes which are done as part of this patch are: * The runtime services framework is now moved to the `common/` folder to enable reuse. * The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture specific folder. * The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder to `plat/common` folder. The original file location now has a stub which just includes the file from new location to maintain platform compatibility. Most of the changes wouldn't affect platform builds as they just involve changes to the generic bl1.mk and bl31.mk makefiles. NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION. Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
-