From 40e5f7a58f906beef74587a06f7fc35efe20537d Mon Sep 17 00:00:00 2001 From: Jayanth Dodderi Chidanand Date: Tue, 8 Aug 2023 16:10:16 +0100 Subject: [PATCH] feat(context-mgmt): introduce EL3/root context * This patch adds root context procedure to restore/configure the registers, which are of importance during EL3 execution. * EL3/Root context is a simple restore operation that overwrites the following bits: (MDCR_EL3.SDD, SCR_EL3.{EA, SIF}, PMCR_EL0.DP PSTATE.DIT) while the execution is in EL3. * It ensures EL3 world maintains its own settings distinct from other worlds (NS/Realm/SWd). With this in place, the EL3 system register settings is no longer influenced by settings of incoming worlds. This allows the EL3/Root world to access features for its own execution at EL3 (eg: Pauth). * It should be invoked at cold and warm boot entry paths and also at all the possible exception handlers routing to EL3 at runtime. Cold and warm boot paths are handled by including setup_el3_context function in "el3_entrypoint_common" macro, which gets invoked in both the entry paths. * At runtime, el3_context is setup at the stage, while we get prepared to enter into EL3 via "prepare_el3_entry" routine. Change-Id: I5c090978c54a53bc1c119d1bc5fa77cd8813cdc2 Signed-off-by: Jayanth Dodderi Chidanand --- bl31/aarch64/runtime_exceptions.S | 8 -- include/arch/aarch64/el3_common_macros.S | 121 ++++++++++++++--------- lib/el3_runtime/aarch64/context.S | 10 +- 3 files changed, 77 insertions(+), 62 deletions(-) diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S index e47b0821f..742380568 100644 --- a/bl31/aarch64/runtime_exceptions.S +++ b/bl31/aarch64/runtime_exceptions.S @@ -229,7 +229,6 @@ vector_entry sync_exception_aarch64 save_x30 apply_at_speculative_wa sync_and_handle_pending_serror - unmask_async_ea handle_sync_exception end_vector_entry sync_exception_aarch64 @@ -237,7 +236,6 @@ vector_entry irq_aarch64 save_x30 apply_at_speculative_wa sync_and_handle_pending_serror - unmask_async_ea b handle_interrupt_exception end_vector_entry irq_aarch64 @@ -245,7 +243,6 @@ vector_entry fiq_aarch64 save_x30 apply_at_speculative_wa sync_and_handle_pending_serror - unmask_async_ea b handle_interrupt_exception end_vector_entry fiq_aarch64 @@ -258,7 +255,6 @@ vector_entry serror_aarch64 save_x30 apply_at_speculative_wa sync_and_handle_pending_serror - unmask_async_ea b handle_lower_el_async_ea #else b report_unhandled_exception @@ -279,7 +275,6 @@ vector_entry sync_exception_aarch32 save_x30 apply_at_speculative_wa sync_and_handle_pending_serror - unmask_async_ea handle_sync_exception end_vector_entry sync_exception_aarch32 @@ -287,7 +282,6 @@ vector_entry irq_aarch32 save_x30 apply_at_speculative_wa sync_and_handle_pending_serror - unmask_async_ea b handle_interrupt_exception end_vector_entry irq_aarch32 @@ -295,7 +289,6 @@ vector_entry fiq_aarch32 save_x30 apply_at_speculative_wa sync_and_handle_pending_serror - unmask_async_ea b handle_interrupt_exception end_vector_entry fiq_aarch32 @@ -308,7 +301,6 @@ vector_entry serror_aarch32 save_x30 apply_at_speculative_wa sync_and_handle_pending_serror - unmask_async_ea b handle_lower_el_async_ea #else b report_unhandled_exception diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S index 60c5a0cec..1666e3bfe 100644 --- a/include/arch/aarch64/el3_common_macros.S +++ b/include/arch/aarch64/el3_common_macros.S @@ -59,24 +59,18 @@ * zero here but are updated ahead of transitioning to a lower EL in the * function cm_init_context_common(). * - * SCR_EL3.SIF: Set to one to disable instruction fetches from - * Non-secure memory. - * - * SCR_EL3.EA: Set to one to route External Aborts and SError Interrupts - * to EL3 when executing at any EL. - * * SCR_EL3.EEL2: Set to one if S-EL2 is present and enabled. * * NOTE: Modifying EEL2 bit along with EA bit ensures that we mitigate * against ERRATA_V2_3099206. * --------------------------------------------------------------------- */ - mov_imm x0, (SCR_RESET_VAL | SCR_EA_BIT | SCR_SIF_BIT) + mov_imm x0, SCR_RESET_VAL #if IMAGE_BL31 && defined(SPD_spmd) && SPMD_SPM_AT_SEL2 - mrs x1, id_aa64pfr0_el1 - and x1, x1, #(ID_AA64PFR0_SEL2_MASK << ID_AA64PFR0_SEL2_SHIFT) - cbz x1, 1f - orr x0, x0, #SCR_EEL2_BIT + mrs x1, id_aa64pfr0_el1 + and x1, x1, #(ID_AA64PFR0_SEL2_MASK << ID_AA64PFR0_SEL2_SHIFT) + cbz x1, 1f + orr x0, x0, #SCR_EEL2_BIT #endif 1: msr scr_el3, x0 @@ -84,21 +78,10 @@ /* --------------------------------------------------------------------- * Initialise MDCR_EL3, setting all fields rather than relying on hw. * Some fields are architecturally UNKNOWN on reset. - * - * MDCR_EL3.SDD: Set to one to disable AArch64 Secure self-hosted debug. - * Debug exceptions, other than Breakpoint Instruction exceptions, are - * disabled from all ELs in Secure state. */ - mov_imm x0, (MDCR_EL3_RESET_VAL | MDCR_SDD_BIT) + mov_imm x0, MDCR_EL3_RESET_VAL msr mdcr_el3, x0 - /* --------------------------------------------------------------------- - * Enable External Aborts and SError Interrupts now that the exception - * vectors have been setup. - * --------------------------------------------------------------------- - */ - msr daifclr, #DAIF_ABT_BIT - /* --------------------------------------------------------------------- * Initialise CPTR_EL3, setting all fields rather than relying on hw. * All fields are architecturally UNKNOWN on reset. @@ -107,28 +90,6 @@ mov_imm x0, CPTR_EL3_RESET_VAL msr cptr_el3, x0 - /* - * If Data Independent Timing (DIT) functionality is implemented, - * always enable DIT in EL3. - * First assert that the FEAT_DIT build flag matches the feature id - * register value for DIT. - */ -#if ENABLE_FEAT_DIT -#if ENABLE_ASSERTIONS || ENABLE_FEAT_DIT > 1 - mrs x0, id_aa64pfr0_el1 - ubfx x0, x0, #ID_AA64PFR0_DIT_SHIFT, #ID_AA64PFR0_DIT_LENGTH -#if ENABLE_FEAT_DIT > 1 - cbz x0, 1f -#else - cmp x0, #DIT_IMPLEMENTED - ASM_ASSERT(eq) -#endif - -#endif /* ENABLE_ASSERTIONS */ - mov x0, #DIT_BIT - msr DIT, x0 -1: -#endif .endm /* ----------------------------------------------------------------------------- @@ -270,6 +231,12 @@ el3_arch_init_common + /* --------------------------------------------------------------------- + * Set the el3 execution context(i.e. root_context). + * --------------------------------------------------------------------- + */ + setup_el3_execution_context + .if \_secondary_cold_boot /* ------------------------------------------------------------- * Check if this is a primary or secondary CPU cold boot. @@ -460,4 +427,68 @@ end: .endm +/*----------------------------------------------------------------------------- + * Helper macro to configure EL3 registers we care about, while executing + * at EL3/Root world. Root world has its own execution environment and + * needs to have its settings configured to be independent of other worlds. + * ----------------------------------------------------------------------------- + */ + .macro setup_el3_execution_context + + /* --------------------------------------------------------------------- + * The following registers need to be part of separate root context + * as their values are of importance during EL3 execution. + * Hence these registers are overwritten to their intital values, + * irrespective of whichever world they return from to ensure EL3 has a + * consistent execution context throughout the lifetime of TF-A. + * + * DAIF.A: Enable External Aborts and SError Interrupts at EL3. + * + * MDCR_EL3.SDD: Set to one to disable AArch64 Secure self-hosted debug. + * Debug exceptions, other than Breakpoint Instruction exceptions, are + * disabled from all ELs in Secure state. + * + * SCR_EL3.EA: Set to one to enable SError interrupts at EL3. + * + * SCR_EL3.SIF: Set to one to disable instruction fetches from + * Non-secure memory. + * + * PMCR_EL0.DP: Set to one so that the cycle counter, + * PMCCNTR_EL0 does not count when event counting is prohibited. + * Necessary on PMUv3 <= p7 where MDCR_EL3.{SCCD,MCCD} are not + * available. + * + * PSTATE.DIT: Set to one to enable the Data Independent Timing (DIT) + * functionality, if implemented in EL3. + * --------------------------------------------------------------------- + */ + msr daifclr, #DAIF_ABT_BIT + + mrs x15, mdcr_el3 + orr x15, x15, #MDCR_SDD_BIT + msr mdcr_el3, x15 + + mrs x15, scr_el3 + orr x15, x15, #SCR_EA_BIT + orr x15, x15, #SCR_SIF_BIT + msr scr_el3, x15 + + mrs x15, pmcr_el0 + orr x15, x15, #PMCR_EL0_DP_BIT + msr pmcr_el0, x15 + +#if ENABLE_FEAT_DIT +#if ENABLE_FEAT_DIT > 1 + mrs x15, id_aa64pfr0_el1 + ubfx x15, x15, #ID_AA64PFR0_DIT_SHIFT, #ID_AA64PFR0_DIT_LENGTH + cbz x15, 1f +#endif + mov x15, #DIT_BIT + msr DIT, x15 + 1: +#endif + + isb + .endm + #endif /* EL3_COMMON_MACROS_S */ diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S index ab9d4b638..a353a87d2 100644 --- a/lib/el3_runtime/aarch64/context.S +++ b/lib/el3_runtime/aarch64/context.S @@ -400,9 +400,6 @@ no_mpam: /* PMUv3 is presumed to be always present */ mrs x9, pmcr_el0 str x9, [sp, #CTX_EL3STATE_OFFSET + CTX_PMCR_EL0] - /* Disable cycle counter when event counting is prohibited */ - orr x9, x9, #PMCR_EL0_DP_BIT - msr pmcr_el0, x9 isb #if CTX_INCLUDE_PAUTH_REGS /* ---------------------------------------------------------- @@ -444,12 +441,7 @@ no_mpam: */ func prepare_el3_entry save_gp_pmcr_pauth_regs - enable_serror_at_el3 - /* - * Set the PSTATE bits not described in the Aarch64.TakeException - * pseudocode to their default values. - */ - set_unset_pstate_bits + setup_el3_execution_context ret endfunc prepare_el3_entry