diff --git a/Makefile b/Makefile index a9abbc11f..e412fb0bb 100644 --- a/Makefile +++ b/Makefile @@ -715,8 +715,8 @@ endif # For RAS_EXTENSION, require that EAs are handled in EL3 first ifeq ($(RAS_EXTENSION),1) - ifneq ($(HANDLE_EA_EL3_FIRST),1) - $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST must also be 1) + ifneq ($(HANDLE_EA_EL3_FIRST_NS),1) + $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST_NS must also be 1) endif endif @@ -1033,7 +1033,7 @@ $(eval $(call assert_booleans,\ FAULT_INJECTION_SUPPORT \ GENERATE_COT \ GICV2_G0_FOR_EL3 \ - HANDLE_EA_EL3_FIRST \ + HANDLE_EA_EL3_FIRST_NS \ HW_ASSISTED_COHERENCY \ INVERTED_MEMMAP \ MEASURED_BOOT \ @@ -1172,7 +1172,7 @@ $(eval $(call add_defines,\ ERROR_DEPRECATED \ FAULT_INJECTION_SUPPORT \ GICV2_G0_FOR_EL3 \ - HANDLE_EA_EL3_FIRST \ + HANDLE_EA_EL3_FIRST_NS \ HW_ASSISTED_COHERENCY \ LOG_LEVEL \ MEASURED_BOOT \ diff --git a/common/aarch64/debug.S b/common/aarch64/debug.S index d105d0871..742e022d5 100644 --- a/common/aarch64/debug.S +++ b/common/aarch64/debug.S @@ -168,7 +168,7 @@ func do_panic mrs x0, currentel ubfx x0, x0, #MODE_EL_SHIFT, #MODE_EL_WIDTH cmp x0, #MODE_EL3 -#if !HANDLE_EA_EL3_FIRST +#if !HANDLE_EA_EL3_FIRST_NS ldr x0, [sp], #0x10 b.eq el3_panic #else @@ -184,7 +184,7 @@ func do_panic to_panic_common: ldr x0, [sp], #0x10 -#endif /* HANDLE_EA_EL3_FIRST */ +#endif /* HANDLE_EA_EL3_FIRST_NS */ #endif /* CRASH_REPORTING */ panic_common: diff --git a/docs/components/ras.rst b/docs/components/ras.rst index b4353497d..871be2d76 100644 --- a/docs/components/ras.rst +++ b/docs/components/ras.rst @@ -6,10 +6,11 @@ Serviceability (RAS) extensions. RAS is a mandatory extension for Armv8.2 and later CPUs, and also an optional extension to the base Armv8.0 architecture. In conjunction with the |EHF|, support for RAS extension enables firmware-first -paradigm for handling platform errors: exceptions resulting from errors are -routed to and handled in EL3. Said errors are Synchronous External Abort (SEA), -Asynchronous External Abort (signalled as SErrors), Fault Handling and Error -Recovery interrupts. The |EHF| document mentions various :ref:`error handling +paradigm for handling platform errors: exceptions resulting from errors in +Non-secure world are routed to and handled in EL3. +Said errors are Synchronous External Abort (SEA), Asynchronous External Abort +(signalled as SErrors), Fault Handling and Error Recovery interrupts. +The |EHF| document mentions various :ref:`error handling use-cases ` . For the description of Arm RAS extensions, Standard Error Records, and the @@ -29,7 +30,7 @@ introduced by the RAS extensions. .. __: `Standard Error Record helpers`_ The build option ``RAS_EXTENSION`` when set to ``1`` includes the RAS in run -time firmware; ``EL3_EXCEPTION_HANDLING`` and ``HANDLE_EA_EL3_FIRST`` must also +time firmware; ``EL3_EXCEPTION_HANDLING`` and ``HANDLE_EA_EL3_FIRST_NS`` must also be set ``1``. ``RAS_TRAP_NS_ERR_REC_ACCESS`` controls the access to the RAS error record registers from Non-secure. @@ -198,8 +199,8 @@ related, build options: - ``EL3_EXCEPTION_HANDLING=1`` enables handling of exceptions at EL3. See `Interaction with Exception Handling Framework`_; -- ``HANDLE_EA_EL3_FIRST=1`` enables routing of External Aborts and SErrors to - EL3. +- ``HANDLE_EA_EL3_FIRST_NS=1`` enables routing of External Aborts and SErrors, + resulting from errors in NS world, to EL3. The RAS support in |TF-A| introduces a default implementation of ``plat_ea_handler``, the External Abort handler in EL3. When ``RAS_EXTENSION`` diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index 59800506e..26a54df43 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -569,10 +569,11 @@ Common build options EL1 for handling. The default value of this option is ``0``, which means the Group 0 interrupts are assumed to be handled by Secure EL1. -- ``HANDLE_EA_EL3_FIRST``: When set to ``1``, External Aborts and SError - Interrupts will be always trapped in EL3 i.e. in BL31 at runtime. When set to - ``0`` (default), these exceptions will be trapped in the current exception - level (or in EL1 if the current exception level is EL0). +- ``HANDLE_EA_EL3_FIRST_NS``: When set to ``1``, External Aborts and SError + Interrupts, resulting from errors in NS world, will be always trapped in + EL3 i.e. in BL31 at runtime. When set to ``0`` (default), these exceptions + will be trapped in the current exception level (or in EL1 if the current + exception level is EL0). - ``HW_ASSISTED_COHERENCY``: On most Arm systems to-date, platform-specific software operations are required for CPUs to enter and exit coherency. @@ -725,7 +726,7 @@ Common build options or later CPUs. This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism. - When ``RAS_EXTENSION`` is set to ``1``, ``HANDLE_EA_EL3_FIRST`` must also be + When ``RAS_EXTENSION`` is set to ``1``, ``HANDLE_EA_EL3_FIRST_NS`` must also be set to ``1``. This option is disabled by default. diff --git a/docs/plat/marvell/armada/build.rst b/docs/plat/marvell/armada/build.rst index adb960312..ff7b5734f 100644 --- a/docs/plat/marvell/armada/build.rst +++ b/docs/plat/marvell/armada/build.rst @@ -165,14 +165,14 @@ Globalscale MOCHAbin specific build options: Armada37x0 specific build options: -- HANDLE_EA_EL3_FIRST +- HANDLE_EA_EL3_FIRST_NS - When ``HANDLE_EA_EL3_FIRST=1``, External Aborts and SError Interrupts will be always trapped - in TF-A. TF-A in this case enables dirty hack / workaround for a bug found in U-Boot and - Linux kernel PCIe controller driver pci-aardvark.c, traps and then masks SError interrupt - caused by AXI SLVERR on external access (syndrome 0xbf000002). + When ``HANDLE_EA_EL3_FIRST_NS=1``, External Aborts and SError Interrupts, resulting from errors + in NS world, will be always trapped in TF-A. TF-A in this case enables dirty hack / workaround for + a bug found in U-Boot and Linux kernel PCIe controller driver pci-aardvark.c, traps and then masks + SError interrupt caused by AXI SLVERR on external access (syndrome 0xbf000002). - Otherwise when ``HANDLE_EA_EL3_FIRST=0``, these exceptions will be trapped in the current + Otherwise when ``HANDLE_EA_EL3_FIRST_NS=0``, these exceptions will be trapped in the current exception level (or in EL1 if the current exception level is EL0). So exceptions caused by U-Boot will be trapped in U-Boot, exceptions caused by Linux kernel (or user applications) will be trapped in Linux kernel. @@ -185,8 +185,8 @@ Armada37x0 specific build options: recommended to not enable this workaround as it disallows propagating of all External Aborts to running Linux kernel and makes correctable errors as fatal aborts. - This option is now disabled by default. In past this option was enabled by default in - TF-A versions v2.2, v2.3, v2.4 and v2.5. + This option is now disabled by default. In past this option has different name "HANDLE_EA_EL3_FIRST" and + was enabled by default in TF-A versions v2.2, v2.3, v2.4 and v2.5. - CM3_SYSTEM_RESET diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c index 8213cbe88..8c6798b5c 100644 --- a/lib/el3_runtime/aarch64/context_mgmt.c +++ b/lib/el3_runtime/aarch64/context_mgmt.c @@ -206,6 +206,11 @@ static void setup_ns_context(cpu_context_t *ctx, const struct entry_point_info * /* Allow access to Allocation Tags when MTE is implemented. */ scr_el3 |= SCR_ATA_BIT; +#if HANDLE_EA_EL3_FIRST_NS + /* SCR_EL3.EA: Route External Abort and SError Interrupt to EL3. */ + scr_el3 |= SCR_EA_BIT; +#endif + #if RAS_TRAP_NS_ERR_REC_ACCESS /* * SCR_EL3.TERR: Trap Error record accesses. Accesses to the RAS ERR @@ -279,7 +284,7 @@ static void setup_context_common(cpu_context_t *ctx, const entry_point_info_t *e * Security state and entrypoint attributes of the next EL. */ scr_el3 = read_scr(); - scr_el3 &= ~(SCR_NS_BIT | SCR_RW_BIT | SCR_FIQ_BIT | SCR_IRQ_BIT | + scr_el3 &= ~(SCR_NS_BIT | SCR_RW_BIT | SCR_EA_BIT | SCR_FIQ_BIT | SCR_IRQ_BIT | SCR_ST_BIT | SCR_HCE_BIT | SCR_NSE_BIT); /* @@ -317,15 +322,6 @@ static void setup_context_common(cpu_context_t *ctx, const entry_point_info_t *e scr_el3 |= SCR_TRNDR_BIT; #endif -#if !HANDLE_EA_EL3_FIRST - /* - * SCR_EL3.EA: Do not route External Abort and SError Interrupt External - * to EL3 when executing at a lower EL. When executing at EL3, External - * Aborts are taken to EL3. - */ - scr_el3 &= ~SCR_EA_BIT; -#endif - #if FAULT_INJECTION_SUPPORT /* Enable fault injection from lower ELs */ scr_el3 |= SCR_FIEN_BIT; diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk index 65ceb7f20..67eeb8a78 100644 --- a/make_helpers/defaults.mk +++ b/make_helpers/defaults.mk @@ -216,9 +216,9 @@ GENERATE_COT := 0 # default, they are for Secure EL1. GICV2_G0_FOR_EL3 := 0 -# Route External Aborts to EL3. Disabled by default; External Aborts are handled +# Route NS External Aborts to EL3. Disabled by default; External Aborts are handled # by lower ELs. -HANDLE_EA_EL3_FIRST := 0 +HANDLE_EA_EL3_FIRST_NS := 0 # Secure hash algorithm flag, accepts 3 values: sha256, sha384 and sha512. # The default value is sha256. diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk index a9b031d84..49554791f 100644 --- a/plat/arm/board/tc/platform.mk +++ b/plat/arm/board/tc/platform.mk @@ -21,7 +21,7 @@ SDEI_SUPPORT := 0 EL3_EXCEPTION_HANDLING := 0 -HANDLE_EA_EL3_FIRST := 0 +HANDLE_EA_EL3_FIRST_NS := 0 # System coherency is managed in hardware HW_ASSISTED_COHERENCY := 1 diff --git a/plat/arm/css/sgi/sgi-common.mk b/plat/arm/css/sgi/sgi-common.mk index 6c1a2dda9..282a5f080 100644 --- a/plat/arm/css/sgi/sgi-common.mk +++ b/plat/arm/css/sgi/sgi-common.mk @@ -14,7 +14,7 @@ SDEI_SUPPORT := 0 EL3_EXCEPTION_HANDLING := 0 -HANDLE_EA_EL3_FIRST := 0 +HANDLE_EA_EL3_FIRST_NS := 0 CSS_SGI_CHIP_COUNT := 1 diff --git a/plat/common/aarch64/plat_common.c b/plat/common/aarch64/plat_common.c index 851ed24fb..8ce1d6c76 100644 --- a/plat/common/aarch64/plat_common.c +++ b/plat/common/aarch64/plat_common.c @@ -93,7 +93,7 @@ void plat_default_ea_handler(unsigned int ea_reason, uint64_t syndrome, void *co ERROR("Unhandled External Abort received on 0x%lx from %s\n", read_mpidr_el1(), get_el_str(level)); ERROR("exception reason=%u syndrome=0x%" PRIx64 "\n", ea_reason, syndrome); -#if HANDLE_EA_EL3_FIRST +#if HANDLE_EA_EL3_FIRST_NS /* Skip backtrace for lower EL */ if (level != MODE_EL3) { console_flush(); diff --git a/plat/marvell/armada/a3k/common/a3700_common.mk b/plat/marvell/armada/a3k/common/a3700_common.mk index 55472016e..b9c28de1a 100644 --- a/plat/marvell/armada/a3k/common/a3700_common.mk +++ b/plat/marvell/armada/a3k/common/a3700_common.mk @@ -62,7 +62,7 @@ BL31_SOURCES += lib/cpus/aarch64/cortex_a53.S \ $(PLAT_COMMON_BASE)/a3700_sip_svc.c \ $(MARVELL_DRV) -ifeq ($(HANDLE_EA_EL3_FIRST),1) +ifeq ($(HANDLE_EA_EL3_FIRST_NS),1) BL31_SOURCES += $(PLAT_COMMON_BASE)/a3700_ea.c endif diff --git a/plat/marvell/armada/a3k/common/a3700_ea.c b/plat/marvell/armada/a3k/common/a3700_ea.c index fd4e3b247..5696b5c46 100644 --- a/plat/marvell/armada/a3k/common/a3700_ea.c +++ b/plat/marvell/armada/a3k/common/a3700_ea.c @@ -18,7 +18,7 @@ /* * This source file with custom plat_ea_handler function is compiled only when - * building TF-A with compile option HANDLE_EA_EL3_FIRST=1 + * building TF-A with compile option HANDLE_EA_EL3_FIRST_NS=1 */ void plat_ea_handler(unsigned int ea_reason, uint64_t syndrome, void *cookie, void *handle, uint64_t flags) diff --git a/plat/nvidia/tegra/soc/t194/platform_t194.mk b/plat/nvidia/tegra/soc/t194/platform_t194.mk index 758383380..631c92691 100644 --- a/plat/nvidia/tegra/soc/t194/platform_t194.mk +++ b/plat/nvidia/tegra/soc/t194/platform_t194.mk @@ -33,7 +33,7 @@ MAX_MMAP_REGIONS := 30 $(eval $(call add_define,MAX_MMAP_REGIONS)) # enable RAS handling -HANDLE_EA_EL3_FIRST := 1 +HANDLE_EA_EL3_FIRST_NS := 1 RAS_EXTENSION := 1 # platform files diff --git a/plat/renesas/common/common.mk b/plat/renesas/common/common.mk index 26a5798dc..ca61f0e8d 100644 --- a/plat/renesas/common/common.mk +++ b/plat/renesas/common/common.mk @@ -15,7 +15,7 @@ ENABLE_SVE_FOR_NS := 0 MULTI_CONSOLE_API := 1 CRASH_REPORTING := 1 -HANDLE_EA_EL3_FIRST := 1 +HANDLE_EA_EL3_FIRST_NS := 1 # This option gets enabled automatically if the TRUSTED_BOARD_BOOT # is set via root Makefile, but Renesas support Trusted-Boot without diff --git a/plat/ti/k3/common/plat_common.mk b/plat/ti/k3/common/plat_common.mk index e299c30cc..026d6a3f2 100644 --- a/plat/ti/k3/common/plat_common.mk +++ b/plat/ti/k3/common/plat_common.mk @@ -27,7 +27,7 @@ ERRATA_A72_859971 := 1 ERRATA_A72_1319367 := 1 CRASH_REPORTING := 1 -HANDLE_EA_EL3_FIRST := 1 +HANDLE_EA_EL3_FIRST_NS := 1 # Split out RO data into a non-executable section SEPARATE_CODE_AND_RODATA := 1