1. 19 Feb, 2019 3 commits
  2. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored
      Enforce full include path for includes. Deprecate old paths.
      
      The following folders inside include/lib have been left unchanged:
      
      - include/lib/cpus/${ARCH}
      - include/lib/el3_runtime/${ARCH}
      
      The reason for this change is that having a global namespace for
      includes isn't a good idea. It defeats one of the advantages of having
      folders and it introduces problems that are sometimes subtle (because
      you may not know the header you are actually including if there are two
      of them).
      
      For example, this patch had to be created because two headers were
      called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
      to avoid collision."). More recently, this patch has had similar
      problems: 46f9b2c3 ("drivers: add tzc380 support").
      
      This problem was introduced in commit 4ecca339
      
       ("Move include and
      source files to logical locations"). At that time, there weren't too
      many headers so it wasn't a real issue. However, time has shown that
      this creates problems.
      
      Platforms that want to preserve the way they include headers may add the
      removed paths to PLAT_INCLUDES, but this is discouraged.
      
      Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
      Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  3. 10 Dec, 2018 1 commit
    • Jeenu Viswambharan's avatar
      AArch64: Use SSBS for CVE_2018_3639 mitigation · 48e1d350
      Jeenu Viswambharan authored
      
      
      The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass
      Safe) bit to mitigate against Variant 4 vulnerabilities. Although an
      Armv8.5 feature, this can be implemented by CPUs implementing earlier
      version of the architecture.
      
      With this patch, when both PSTATE.SSBS is implemented and
      DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for
      SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to
      indicate that mitigation on the PE is either permanently enabled or not
      required.
      
      When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset
      of every BL stage. This means that EL3 always executes with mitigation
      applied.
      
      For Cortex A76, if the PE implements SSBS, the existing mitigation (by
      using a different vector table, and tweaking CPU ACTLR2) is not used.
      
      Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6
      Signed-off-by: default avatarJeenu Viswambharan <jeenu.viswambharan@arm.com>
      48e1d350
  4. 29 Oct, 2018 3 commits
  5. 16 Oct, 2018 1 commit
  6. 10 Sep, 2018 1 commit
  7. 05 Sep, 2018 3 commits
    • Varun Wadekar's avatar
      cpus: denver: Implement static workaround for CVE-2018-3639 · 6cf8d65f
      Varun Wadekar authored
      
      
      For Denver CPUs, this approach enables the mitigation during EL3
      initialization, following every PE reset. No mechanism is provided to
      disable the mitigation at runtime.
      
      This approach permanently mitigates the EL3 software stack only. Other
      software components are responsible to enable it for their exception
      levels.
      
      TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN3
      and earlier:
      
      *   By setting bit 11 (Disable speculative store buffering) of
          `ACTLR_EL3`
      
      *   By setting bit 9 (Disable speculative memory disambiguation) of
          `ACTLR_EL3`
      
      TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN4
      and later:
      
      *   By setting bit 18 (Disable speculative store buffering) of
          `ACTLR_EL3`
      
      *   By setting bit 17 (Disable speculative memory disambiguation) of
          `ACTLR_EL3`
      
      Change-Id: If1de96605ce3f7b0aff5fab2c828e5aecb687555
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      6cf8d65f
    • Varun Wadekar's avatar
      cpus: denver: reset power state to 'C1' on boot · cf3ed0dc
      Varun Wadekar authored
      
      
      Denver CPUs expect the power state field to be reset to 'C1'
      during boot. This patch updates the reset handler to reset the
      ACTLR_.PMSTATE field to 'C1' state during CPU boot.
      
      Change-Id: I7cb629627a4dd1a30ec5cbb3a5e90055244fe30c
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      cf3ed0dc
    • Varun Wadekar's avatar
      denver: use plat_my_core_pos() to get core position · 1593cae4
      Varun Wadekar authored
      
      
      The current functions to disable and enable Dynamic Code Optimizer
      (DCO) assume that all denver cores are in the same cluster. They
      ignore AFF1 field of the mpidr_el1 register, which leads to
      incorect logical core id calculation.
      
      This patch calls the platform handler, plat_my_core_pos(), to get
      the logical core id to disable/enable DCO for the core.
      
      Original change by: Krishna Sitaraman <ksitaraman@nvidia.com>
      
      Change-Id: I45fbd1f1eb032cc1db677a4fdecc554548b4a830
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      1593cae4
  8. 23 Aug, 2018 1 commit
  9. 17 Aug, 2018 2 commits
  10. 11 Jul, 2018 3 commits
  11. 19 Jun, 2018 1 commit
  12. 12 Jun, 2018 1 commit
    • Daniel Boulby's avatar
      Fix MISRA Rule 5.7 Part 1 · 40692923
      Daniel Boulby authored
      
      
      Rule 5.7: A tag name shall be a unique identifier
      
      There were 2 amu_ctx struct type definitions:
          - In lib/extensions/amu/aarch64/amu.c
          - In lib/cpus/aarch64/cpuamu.c
      
      Renamed the latter to cpuamu_ctx to avoid this name clash
      
      To avoid violation of Rule 8.3 also change name of function
      amu_ctxs to unique name (cpuamu_ctxs) since it now returns a
      different type (cpuamu_ctx) than the other amu_ctxs function
      
      Fixed for:
          make LOG_LEVEL=50 PLAT=fvp
      
      Change-Id: Ieeb7e390ec2900fd8b775bef312eda93804a43ed
      Signed-off-by: default avatarDaniel Boulby <daniel.boulby@arm.com>
      40692923
  13. 08 Jun, 2018 4 commits
  14. 07 Jun, 2018 1 commit
    • Dimitris Papastamos's avatar
      Fast path SMCCC_ARCH_WORKAROUND_1 calls from AArch32 · 2b915366
      Dimitris Papastamos authored
      
      
      When SMCCC_ARCH_WORKAROUND_1 is invoked from a lower EL running in
      AArch32 state, ensure that the SMC call will take a shortcut in EL3.
      This minimizes the time it takes to apply the mitigation in EL3.
      
      When lower ELs run in AArch32, it is preferred that they execute the
      `BPIALL` instruction to invalidate the BTB.  However, on some cores
      the `BPIALL` instruction may be a no-op and thus would benefit from
      making the SMCCC_ARCH_WORKAROUND_1 call go through the fast path.
      
      Change-Id: Ia38abd92efe2c4b4a8efa7b70f260e43c5bda8a5
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      2b915366
  15. 23 May, 2018 3 commits
    • Dimitris Papastamos's avatar
      Add support for dynamic mitigation for CVE-2018-3639 · fe007b2e
      Dimitris Papastamos authored
      
      
      Some CPUS may benefit from using a dynamic mitigation approach for
      CVE-2018-3639.  A new SMC interface is defined to allow software
      executing in lower ELs to enable or disable the mitigation for their
      execution context.
      
      It should be noted that regardless of the state of the mitigation for
      lower ELs, code executing in EL3 is always mitigated against
      CVE-2018-3639.
      
      NOTE: This change is a compatibility break for any platform using
      the declare_cpu_ops_workaround_cve_2017_5715 macro.  Migrate to
      the declare_cpu_ops_wa macro instead.
      
      Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      fe007b2e
    • Dimitris Papastamos's avatar
      Implement static workaround for CVE-2018-3639 · b8a25bbb
      Dimitris Papastamos authored
      For affected CPUs, this approach enables the mitigation during EL3
      initialization, following every PE reset. No mechanism is provided to
      disable the mitigation at runtime.
      
      This approach permanently mitigates the entire software stack and no
      additional mitigation code is required in other software components.
      
      TF-A implements this approach for the following affected CPUs:
      
      *   Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of
          `CPUACTLR_EL1` (`S3_1_C15_C2_0`).
      
      *   Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the
          Technical Reference Manual (TRM)).
      
      *   Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1`
          (`S3_0_C15_C1_0`).
      
      Additionally, a new SMC interface is implemented to allow software
      executing in lower ELs to discover whether the system is mitigated
      against CVE-2018-3639.
      
      Refer to "Firmware interfaces for mitigating cache speculation
      vulnerabilities System Software on Arm Systems"[0] for more
      information.
      
      [0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification
      
      
      
      Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      b8a25bbb
    • Dimitris Papastamos's avatar
      Rename symbols and files relating to CVE-2017-5715 · 2c3a1078
      Dimitris Papastamos authored
      
      
      This patch renames symbols and files relating to CVE-2017-5715 to make
      it easier to introduce new symbols and files for new CVE mitigations.
      
      Change-Id: I24c23822862ca73648c772885f1690bed043dbc7
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      2c3a1078
  16. 15 May, 2018 1 commit
    • Varun Wadekar's avatar
      Workaround for CVE-2017-5715 on NVIDIA Denver CPUs · b0301467
      Varun Wadekar authored
      
      
      Flush the indirect branch predictor and RSB on entry to EL3 by issuing
      a newly added instruction for Denver CPUs. Support for this operation
      can be determined by comparing bits 19:16 of ID_AFR0_EL1 with 0b0001.
      
      To achieve this without performing any branch instruction, a per-cpu
      vbar is installed which executes the workaround and then branches off
      to the corresponding vector entry in the main vector table. A side
      effect of this change is that the main vbar is configured before any
      reset handling. This is to allow the per-cpu reset function to override
      the vbar setting.
      
      Change-Id: Ief493cd85935bab3cfee0397e856db5101bc8011
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      b0301467
  17. 12 Apr, 2018 2 commits
  18. 14 Mar, 2018 2 commits
  19. 27 Feb, 2018 3 commits
  20. 31 Jan, 2018 1 commit
  21. 29 Jan, 2018 2 commits
    • Dimitris Papastamos's avatar
      Optimize SMCCC_ARCH_WORKAROUND_1 on Cortex A57/A72/A73 and A75 · 1d6d47a8
      Dimitris Papastamos authored
      
      
      This patch implements a fast path for this SMC call on affected PEs by
      detecting and returning immediately after executing the workaround.
      
      NOTE: The MMU disable/enable workaround now assumes that the MMU was
      enabled on entry to EL3.  This is a valid assumption as the code turns
      on the MMU after reset and leaves it on until the core powers off.
      
      Change-Id: I13c336d06a52297620a9760fb2461b4d606a30b3
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      1d6d47a8
    • Dimitris Papastamos's avatar
      Optimize/cleanup BPIALL workaround · d9bd656c
      Dimitris Papastamos authored
      
      
      In the initial implementation of this workaround we used a dedicated
      workaround context to save/restore state.  This patch reduces the
      footprint as no additional context is needed.
      
      Additionally, this patch reduces the memory loads and stores by 20%,
      reduces the instruction count and exploits static branch prediction to
      optimize the SMC path.
      
      Change-Id: Ia9f6bf06fbf8a9037cfe7f1f1fb32e8aec38ec7d
      Signed-off-by: default avatarDimitris Papastamos <dimitris.papastamos@arm.com>
      d9bd656c