feat(context-mgmt): introduce EL3/root context

* This patch adds root context procedure to restore/configure the registers, which are of importance during EL3 execution. * EL3/Root context is a simple restore operation that overwrites the following bits: (MDCR_EL3.SDD, SCR_EL3.{EA, SIF}, PMCR_EL0.DP PSTATE.DIT) while the execution is in EL3. * It ensures EL3 world maintains its own settings distinct from other worlds (NS/Realm/SWd). With this in place, the EL3 system register settings is no longer influenced by settings of incoming worlds. This allows the EL3/Root world to access features for its own execution at EL3 (eg: Pauth). * It should be invoked at cold and warm boot entry paths and also at all the possible exception handlers routing to EL3 at runtime. Cold and warm boot paths are handled by including setup_el3_context function in "el3_entrypoint_common" macro, which gets invoked in both the entry paths. * At runtime, el3_context is setup at the stage, while we get prepared to enter into EL3 via "prepare_el3_entry" routine. Change-Id: I5c090978c54a53bc1c119d1bc5fa77cd8813cdc2 Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
2025-04-15 09:04:17 +00:00 · 2023-08-08 16:10:16 +01:00 · 2023-08-08 16:10:16 +01:00 · 40e5f7a58f
commit 40e5f7a58f
parent 742d0e6ef3
3 changed files with 77 additions and 62 deletions
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@ -229,7 +229,6 @@ vector_entry sync_exception_aarch64
 	save_x30
 	apply_at_speculative_wa
 	sync_and_handle_pending_serror
-	unmask_async_ea
 	handle_sync_exception
 end_vector_entry sync_exception_aarch64

@ -237,7 +236,6 @@ vector_entry irq_aarch64
 	save_x30
 	apply_at_speculative_wa
 	sync_and_handle_pending_serror
-	unmask_async_ea
 	b	handle_interrupt_exception
 end_vector_entry irq_aarch64

@ -245,7 +243,6 @@ vector_entry fiq_aarch64
 	save_x30
 	apply_at_speculative_wa
 	sync_and_handle_pending_serror
-	unmask_async_ea
 	b 	handle_interrupt_exception
 end_vector_entry fiq_aarch64

@ -258,7 +255,6 @@ vector_entry serror_aarch64
 	save_x30
 	apply_at_speculative_wa
 	sync_and_handle_pending_serror
-	unmask_async_ea
 	b	handle_lower_el_async_ea
 #else
 	b	report_unhandled_exception
@ -279,7 +275,6 @@ vector_entry sync_exception_aarch32
 	save_x30
 	apply_at_speculative_wa
 	sync_and_handle_pending_serror
-	unmask_async_ea
 	handle_sync_exception
 end_vector_entry sync_exception_aarch32

@ -287,7 +282,6 @@ vector_entry irq_aarch32
 	save_x30
 	apply_at_speculative_wa
 	sync_and_handle_pending_serror
-	unmask_async_ea
 	b	handle_interrupt_exception
 end_vector_entry irq_aarch32

@ -295,7 +289,6 @@ vector_entry fiq_aarch32
 	save_x30
 	apply_at_speculative_wa
 	sync_and_handle_pending_serror
-	unmask_async_ea
 	b	handle_interrupt_exception
 end_vector_entry fiq_aarch32

@ -308,7 +301,6 @@ vector_entry serror_aarch32
 	save_x30
 	apply_at_speculative_wa
 	sync_and_handle_pending_serror
-	unmask_async_ea
 	b	handle_lower_el_async_ea
 #else
 	b	report_unhandled_exception
--- a/include/arch/aarch64/el3_common_macros.S
+++ b/include/arch/aarch64/el3_common_macros.S
@ -59,24 +59,18 @@
 	 * zero here but are updated ahead of transitioning to a lower EL in the
 	 * function cm_init_context_common().
 	 *
-	 * SCR_EL3.SIF: Set to one to disable instruction fetches from
-	 *  Non-secure memory.
-	 *
-	 * SCR_EL3.EA: Set to one to route External Aborts and SError Interrupts
-	 *  to EL3 when executing at any EL.
-	 *
 	 * SCR_EL3.EEL2: Set to one if S-EL2 is present and enabled.
 	 *
 	 * NOTE: Modifying EEL2 bit along with EA bit ensures that we mitigate
 	 * against ERRATA_V2_3099206.
 	 * ---------------------------------------------------------------------
 	 */
-	mov_imm	x0, (SCR_RESET_VAL | SCR_EA_BIT | SCR_SIF_BIT)
+	mov_imm	x0, SCR_RESET_VAL
 #if IMAGE_BL31 && defined(SPD_spmd) && SPMD_SPM_AT_SEL2
-	mrs x1, id_aa64pfr0_el1
-	and x1, x1, #(ID_AA64PFR0_SEL2_MASK << ID_AA64PFR0_SEL2_SHIFT)
-	cbz x1, 1f
-	orr x0, x0, #SCR_EEL2_BIT
+	mrs	x1, id_aa64pfr0_el1
+	and	x1, x1, #(ID_AA64PFR0_SEL2_MASK << ID_AA64PFR0_SEL2_SHIFT)
+	cbz	x1, 1f
+	orr	x0, x0, #SCR_EEL2_BIT
 #endif
 1:
 	msr	scr_el3, x0
@ -84,21 +78,10 @@
 	/* ---------------------------------------------------------------------
 	 * Initialise MDCR_EL3, setting all fields rather than relying on hw.
 	 * Some fields are architecturally UNKNOWN on reset.
-	 *
-	 * MDCR_EL3.SDD: Set to one to disable AArch64 Secure self-hosted debug.
-	 *  Debug exceptions, other than Breakpoint Instruction exceptions, are
-	 *  disabled from all ELs in Secure state.
 	 */
-	mov_imm	x0, (MDCR_EL3_RESET_VAL | MDCR_SDD_BIT)
+	mov_imm	x0, MDCR_EL3_RESET_VAL
 	msr	mdcr_el3, x0

-	/* ---------------------------------------------------------------------
-	 * Enable External Aborts and SError Interrupts now that the exception
-	 * vectors have been setup.
-	 * ---------------------------------------------------------------------
-	 */
-	msr	daifclr, #DAIF_ABT_BIT
-
 	/* ---------------------------------------------------------------------
 	 * Initialise CPTR_EL3, setting all fields rather than relying on hw.
 	 * All fields are architecturally UNKNOWN on reset.
@ -107,28 +90,6 @@
 	mov_imm x0, CPTR_EL3_RESET_VAL
 	msr	cptr_el3, x0

-	/*
-	 * If Data Independent Timing (DIT) functionality is implemented,
-	 * always enable DIT in EL3.
-	 * First assert that the FEAT_DIT build flag matches the feature id
-	 * register value for DIT.
-	 */
-#if ENABLE_FEAT_DIT
-#if ENABLE_ASSERTIONS || ENABLE_FEAT_DIT > 1
-	mrs	x0, id_aa64pfr0_el1
-	ubfx	x0, x0, #ID_AA64PFR0_DIT_SHIFT, #ID_AA64PFR0_DIT_LENGTH
-#if ENABLE_FEAT_DIT > 1
-	cbz	x0, 1f
-#else
-	cmp	x0, #DIT_IMPLEMENTED
-	ASM_ASSERT(eq)
-#endif
-
-#endif /* ENABLE_ASSERTIONS */
-	mov	x0, #DIT_BIT
-	msr	DIT, x0
-1:
-#endif
 	.endm

 /* -----------------------------------------------------------------------------
@ -270,6 +231,12 @@

 	el3_arch_init_common

+	/* ---------------------------------------------------------------------
+	 * Set the el3 execution context(i.e. root_context).
+	 * ---------------------------------------------------------------------
+	 */
+	setup_el3_execution_context
+
 	.if \_secondary_cold_boot
 		/* -------------------------------------------------------------
 		 * Check if this is a primary or secondary CPU cold boot.
@ -460,4 +427,68 @@
 	end:
 	.endm

+/*-----------------------------------------------------------------------------
+ * Helper macro to configure EL3 registers we care about, while executing
+ * at EL3/Root world. Root world has its own execution environment and
+ * needs to have its settings configured to be independent of other worlds.
+ * -----------------------------------------------------------------------------
+ */
+	.macro setup_el3_execution_context
+
+	/* ---------------------------------------------------------------------
+	 * The following registers need to be part of separate root context
+	 * as their values are of importance during EL3 execution.
+	 * Hence these registers are overwritten to their intital values,
+	 * irrespective of whichever world they return from to ensure EL3 has a
+	 * consistent execution context throughout the lifetime of TF-A.
+	 *
+	 * DAIF.A: Enable External Aborts and SError Interrupts at EL3.
+	 *
+	 * MDCR_EL3.SDD: Set to one to disable AArch64 Secure self-hosted debug.
+	 *  Debug exceptions, other than Breakpoint Instruction exceptions, are
+	 *  disabled from all ELs in Secure state.
+	 *
+	 * SCR_EL3.EA: Set to one to enable SError interrupts at EL3.
+	 *
+	 * SCR_EL3.SIF: Set to one to disable instruction fetches from
+	 *  Non-secure memory.
+	 *
+	 * PMCR_EL0.DP: Set to one so that the cycle counter,
+	 *  PMCCNTR_EL0 does not count when event counting is prohibited.
+	 *  Necessary on PMUv3 <= p7 where MDCR_EL3.{SCCD,MCCD} are not
+	 *  available.
+	 *
+	 * PSTATE.DIT: Set to one to enable the Data Independent Timing (DIT)
+	 *  functionality, if implemented in EL3.
+	 * ---------------------------------------------------------------------
+	 */
+		msr	daifclr, #DAIF_ABT_BIT
+
+		mrs 	x15, mdcr_el3
+		orr	x15, x15, #MDCR_SDD_BIT
+		msr	mdcr_el3, x15
+
+		mrs	x15, scr_el3
+		orr	x15, x15, #SCR_EA_BIT
+		orr	x15, x15, #SCR_SIF_BIT
+		msr	scr_el3, x15
+
+		mrs 	x15, pmcr_el0
+		orr	x15, x15, #PMCR_EL0_DP_BIT
+		msr	pmcr_el0, x15
+
+#if ENABLE_FEAT_DIT
+#if ENABLE_FEAT_DIT > 1
+		mrs	x15, id_aa64pfr0_el1
+		ubfx	x15, x15, #ID_AA64PFR0_DIT_SHIFT, #ID_AA64PFR0_DIT_LENGTH
+		cbz	x15, 1f
+#endif
+		mov	x15, #DIT_BIT
+		msr	DIT, x15
+	1:
+#endif
+
+		isb
+	.endm
+
 #endif /* EL3_COMMON_MACROS_S */
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@ -400,9 +400,6 @@ no_mpam:
 	/* PMUv3 is presumed to be always present */
 	mrs	x9, pmcr_el0
 	str	x9, [sp, #CTX_EL3STATE_OFFSET + CTX_PMCR_EL0]
-	/* Disable cycle counter when event counting is prohibited */
-	orr	x9, x9, #PMCR_EL0_DP_BIT
-	msr	pmcr_el0, x9
 	isb
 #if CTX_INCLUDE_PAUTH_REGS
 	/* ----------------------------------------------------------
@ -444,12 +441,7 @@ no_mpam:
 */
 func prepare_el3_entry
 	save_gp_pmcr_pauth_regs
-	enable_serror_at_el3
-	/*
-	 * Set the PSTATE bits not described in the Aarch64.TakeException
-	 * pseudocode to their default values.
-	 */
-	set_unset_pstate_bits
+	setup_el3_execution_context
 	ret
 endfunc prepare_el3_entry