From 00e8f79c15d36f65f6c7f127177105e02177cbc0 Mon Sep 17 00:00:00 2001 From: Manish Pandey Date: Tue, 27 Sep 2022 14:30:34 +0100 Subject: [PATCH] fix(ras): trap "RAS error record" accesses only for NS RAS_TRAP_LOWER_EL_ERR_ACCESS was used to prevent access to RAS error record registers (RAS ERR* & RAS ERX*) from lower EL's in any security state. To give more fine grain control per world basis re-purpose this macro to RAS_TRAP_NS_ERR_REC_ACCESS, which will enable the trap only if Error record registers are accessed from NS. This will also help in future scenarios when RAS handling(in Firmware first handling paradigm)can be offloaded to a secure partition. This is first patch in series to refactor RAS framework in TF-A. Signed-off-by: Manish Pandey Change-Id: Ifa7f60bc8c82c9960adf029001bc36c443016d5d --- Makefile | 4 ++-- docs/components/ras.rst | 4 ++-- docs/getting_started/build-options.rst | 2 +- lib/el3_runtime/aarch64/context_mgmt.c | 19 +++++++++++-------- make_helpers/defaults.mk | 4 ++-- 5 files changed, 18 insertions(+), 15 deletions(-) diff --git a/Makefile b/Makefile index afa417b60..6d15e27c2 100644 --- a/Makefile +++ b/Makefile @@ -1051,7 +1051,7 @@ $(eval $(call assert_booleans,\ ENCRYPT_BL31 \ ENCRYPT_BL32 \ ERRATA_SPECULATIVE_AT \ - RAS_TRAP_LOWER_EL_ERR_ACCESS \ + RAS_TRAP_NS_ERR_REC_ACCESS \ COT_DESC_IN_DTB \ USE_SP804_TIMER \ PSA_FWU_SUPPORT \ @@ -1191,7 +1191,7 @@ $(eval $(call add_defines,\ BL2_INV_DCACHE \ USE_SPINLOCK_CAS \ ERRATA_SPECULATIVE_AT \ - RAS_TRAP_LOWER_EL_ERR_ACCESS \ + RAS_TRAP_NS_ERR_REC_ACCESS \ COT_DESC_IN_DTB \ USE_SP804_TIMER \ ENABLE_FEAT_RNG \ diff --git a/docs/components/ras.rst b/docs/components/ras.rst index 02207d8b7..b4353497d 100644 --- a/docs/components/ras.rst +++ b/docs/components/ras.rst @@ -30,8 +30,8 @@ introduced by the RAS extensions. The build option ``RAS_EXTENSION`` when set to ``1`` includes the RAS in run time firmware; ``EL3_EXCEPTION_HANDLING`` and ``HANDLE_EA_EL3_FIRST`` must also -be set ``1``. ``RAS_TRAP_LOWER_EL_ERR_ACCESS`` controls the access to the RAS -error record registers from lower ELs. +be set ``1``. ``RAS_TRAP_NS_ERR_REC_ACCESS`` controls the access to the RAS +error record registers from Non-secure. .. _ras-figure: diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index cca76c69e..59800506e 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -987,7 +987,7 @@ Common build options implement this workaround due to the behaviour of the errata mentioned in new SDEN document which will get published soon. -- ``RAS_TRAP_LOWER_EL_ERR_ACCESS``: This flag enables/disables the SCR_EL3.TERR +- ``RAS_TRAP_NS_ERR_REC_ACCESS``: This flag enables/disables the SCR_EL3.TERR bit, to trap access to the RAS ERR and RAS ERX registers from lower ELs. This flag is disabled by default. diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c index d88bea75e..8213cbe88 100644 --- a/lib/el3_runtime/aarch64/context_mgmt.c +++ b/lib/el3_runtime/aarch64/context_mgmt.c @@ -206,6 +206,17 @@ static void setup_ns_context(cpu_context_t *ctx, const struct entry_point_info * /* Allow access to Allocation Tags when MTE is implemented. */ scr_el3 |= SCR_ATA_BIT; +#if RAS_TRAP_NS_ERR_REC_ACCESS + /* + * SCR_EL3.TERR: Trap Error record accesses. Accesses to the RAS ERR + * and RAS ERX registers from EL1 and EL2(from any security state) + * are trapped to EL3. + * Set here to trap only for NS EL1/EL2 + * + */ + scr_el3 |= SCR_TERR_BIT; +#endif + #ifdef IMAGE_BL31 /* * SCR_EL3.IRQ, SCR_EL3.FIQ: Enable the physical FIQ and IRQ routing as @@ -306,14 +317,6 @@ static void setup_context_common(cpu_context_t *ctx, const entry_point_info_t *e scr_el3 |= SCR_TRNDR_BIT; #endif -#if RAS_TRAP_LOWER_EL_ERR_ACCESS - /* - * SCR_EL3.TERR: Trap Error record accesses. Accesses to the RAS ERR - * and RAS ERX registers from EL1 and EL2 are trapped to EL3. - */ - scr_el3 |= SCR_TERR_BIT; -#endif - #if !HANDLE_EA_EL3_FIRST /* * SCR_EL3.EA: Do not route External Abort and SError Interrupt External diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk index 5e73120f8..65ceb7f20 100644 --- a/make_helpers/defaults.mk +++ b/make_helpers/defaults.mk @@ -413,8 +413,8 @@ SUPPORT_STACK_MEMTAG := no # Select workaround for AT speculative behaviour. ERRATA_SPECULATIVE_AT := 0 -# Trap RAS error record access from lower EL -RAS_TRAP_LOWER_EL_ERR_ACCESS := 0 +# Trap RAS error record access from Non secure +RAS_TRAP_NS_ERR_REC_ACCESS := 0 # Build option to create cot descriptors using fconf COT_DESC_IN_DTB := 0