Travis' and Gelas' TRMs tell us to disable SME (set PSTATE.{ZA, SM} to
0) when we're attempting to power down. What they don't tell us is that
if this isn't done, the powerdown request will be rejected. On the
CPU_OFF path that's not a problem - we can force SVCR to 0 and be
certain the core will power off.
On the suspend to powerdown path, however, we cannot do this. The TRM
also tells us that the sequence could also be aborted on eg. GIC
interrupts. If this were to happen when we have overwritten SVCR to 0,
upon a return to the caller they would experience a loss of context. We
know that at least Linux may call into PSCI with SVCR != 0. One option
is to save the entire SME context which would be quite expensive just to
work around. Another option is to downgrade the request to a normal
suspend when SME was left on. This option is better as this is expected
to happen rarely enough to ignore the wasted power and we don't want to
burden the generic (correct) path with needless context management.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I698fa8490ebf51461f6aa8bba84f9827c5c46ad4
The simplistic view of a core's powerdown sequence is that power is
atomically cut upon calling `wfi`. However, it turns out that it has
lots to do - it has to talk to the interconnect to exit coherency, clean
caches, check for RAS errors, etc. These take significant amounts of
time and are certainly not atomic. As such there is a significant window
of opportunity for external events to happen. Many of these steps are
not destructive to context, so theoretically, the core can just "give
up" half way (or roll certain actions back) and carry on running. The
point in this sequence after which roll back is not possible is called
the point of no return.
One of these actions is the checking for RAS errors. It is possible for
one to happen during this lengthy sequence, or at least remain
undiscovered until that point. If the core were to continue powerdown
when that happens, there would be no (easy) way to inform anyone about
it. Rejecting the powerdown and letting software handle the error is the
best way to implement this.
Arm cores since at least the a510 have included this exact feature. So
far it hasn't been deemed necessary to account for it in firmware due to
the low likelihood of this happening. However, events like GIC wakeup
requests are much more probable. Older cores will powerdown and
immediately power back up when this happens. Travis and Gelas include a
feature similar to the RAS case above, called powerdown abandon. The
idea is that this will improve the latency to service the interrupt by
saving on work which the core and software need to do.
So far firmware has relied on the `wfi` being the point of no return and
if it doesn't explicitly detect a pending interrupt quite early on, it
will embark onto a sequence that it expects to end with shutdown. To
accommodate for it not being a point of no return, we must undo all of
the system management we did, just like in the warm boot entrypoint.
To achieve that, the pwr_domain_pwr_down_wfi hook must not be terminal.
Most recent platforms do some platform management and finish on the
standard `wfi`, followed by a panic or an endless loop as this is
expected to not return. To make this generic, any platform that wishes
to support wakeups must instead let common code call
`psci_power_down_wfi()` right after. Besides wakeups, this lets common
code handle powerdown errata better as well.
Then, the CPU_OFF case is simple - PSCI does not allow it to return. So
the best that can be done is to attempt the `wfi` a few times (the
choice of 32 is arbitrary) in the hope that the wakeup is transient. If
it isn't, the only choice is to panic, as the system is likely to be in
a bad state, eg. interrupts weren't routed away. The same applies for
SYSTEM_OFF, SYSTEM_RESET, and SYSTEM_RESET2. There the panic won't
matter as the system is going offline one way or another. The RAS case
will be considered in a separate patch.
Now, the CPU_SUSPEND case is more involved. First, to powerdown it must
wipe its context as it is not written on warm boot. But it cannot be
overwritten in case of a wakeup. To avoid the catch 22, save a copy that
will only be used if powerdown fails. That is about 500 bytes on the
stack so it hopefully doesn't tip anyone over any limits. In future that
can be avoided by having a core manage its own context.
Second, when the core wakes up, it must undo anything it did to prepare
for poweroff, which for the cores we care about, is writing
CPUPWRCTLR_EL1.CORE_PWRDN_EN. The least intrusive for the cpu library
way of doing this is to simply call the power off hook again and have
the hook toggle the bit. If in the future there need to be more complex
sequences, their direction can be advised on the value of this bit.
Third, do the actual "resume". Most of the logic is already there for
the retention suspend, so that only needs a small touch up to apply to
the powerdown case as well. The missing bit is the powerdown specific
state management. Luckily, the warmboot entrypoint does exactly that
already too, so steal that and we're done.
All of this is hidden behind a FEAT_PABANDON flag since it has a large
memory and runtime cost that we don't want to burden non pabandon cores
with.
Finally, do some function renaming to better reflect their purpose and
make names a little bit more consistent.
Change-Id: I2405b59300c2e24ce02e266f91b7c51474c1145f
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
The workarounds introduced in the three patches starting at
888eafa00b assumed that any powerdown
request will be (forced to be) terminal. This assumption can no longer
be the case for new CPUs so there is a need to revisit these older
cores. Since we may wake up, we now need to respect the workaround's
recommendation that the workaround needs to be reverted on wakeup. So do
exactly that.
Introduce a new helper to toggle bits in assembly. This allows us to
call the workaround twice, with the first call setting the workaround
and second undoing it. This is also used for gelas' an travis' powerdown
routines. This is so the same function can be called again
Also fix the condition in the cpu helper macro as it was subtly wrong
Change-Id: Iff9e5251dc9d8670d085d88c070f78991955e7c3
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Introduce a new helper to toggle bits in assembly. This allows us to
call the workaround twice, with the first call setting the workaround
and second undoing it. This allows the (errata) workaround functions to
be used to both apply and undo the mitigation.
This is applied to functions where the undo part will be required in
follow-up patches.
Change-Id: I058bad58f5949b2d5fe058101410e33b6be1b8ba
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
This patch implements SMCCC_ARCH_WORKAROUND_4 and
allows discovery through SMCCC_ARCH_FEATURES.
This mechanism is enabled if CVE_2024_7881 [1] is enabled
by the platform. If CVE_2024_7881 mitigation
is implemented, the discovery call returns 0,
if not -1 (SMC_ARCH_CALL_NOT_SUPPORTED).
For more information about SMCCC_ARCH_WORKAROUND_4 [2], please
refer to the SMCCC Specification reference provided below.
[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
[2]: https://developer.arm.com/documentation/den0028/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I1b1ffaa1f806f07472fd79d5525f81764d99bc79
Implements mitigation for CVE-2024-5660 that affects Cortex-X925
revisions r0p0, r0p1.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I9d5a07ca6b89b27d8876f4349eff2af26c962d8a
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-X2
revisions r0p0, r1p0, r2p0, r2p1.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: If28804e154617a39d7d52c40b3a00a14a39df929
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-A77
revisions r0p0, r1p0, r1p1.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: Ic71b163883ea624e9f2f77deb8b30c69612938b9
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Neoverse-V1
revisions r0p0, r1p0, r1p1, r1p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: Ia59452ea38c66b291790956d7f2880bfcd56d45f
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-A78_AE
revisions r0p0, r0p1, r0p2, r0p3.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I33ac653fcb45f687fe9ace1c76a3eb2000459751
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-A78C
revisions r0p0, r0p1, r0p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: Ieb8d7b122320d16bf8987a43dc683ca41227beb5
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-A78
revisions r0p0, r1p0, r1p1, r1p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I4e40388bef814481943b2459fe35dd7267c625a2
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-X1
revisions r0p0, r1p0, r1p1, r1p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I3124db3980f2786412369a010ca6abbbbaa3b601
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Neoverse-N2
revisions r0p0, r0p1, r0p2, r0p3.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
This patch implements the erratum mitigation for Neoverse-N2.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I2b9dea78771cc159586a03ff563c0ec79591ea64
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-A710
revisions r0p0, r1p0, r2p0, r2p1.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I10feea238600dcceaac7bb75a59db7913ca65cf1
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Neoverse-V2
revisions r0p0, r0p1, r0p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: If66687add52d16f68ce54fe5433dd3b3f067ee04
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-X3
revisions r0p0, r1p0, r1p1, r1p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: Ibe90313948102ece3469f2cfe3faccc7f4beeabe
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Neoverse-V3
revisions r0p0, r0p1.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I9ed2590bf1215bf6a692f01dfd351e469ff072f8
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-X4
revisions r0p0, r0p1, r0p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I378cb4978919cced03e7febc2ad431c572eac72d
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Cortex-X4 erratum 2923935 is a Cat B erratum that applies
to all revisions <= r0p1 and is fixed in r0p2.
The workaround is to set CPUACTLR4_EL1[11:10] to 0b11.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-2432808/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I9207802ad479919a7f77c1271019fa2479e076ee
Add basic CPU library code to support the Alto CPU.
Change-Id: I45958be99c4a350a32a9e511d3705fb568b97236
Signed-off-by: Igor Podgainõi <igor.podgainoi@arm.com>
Add the basic CPU library code to support Cortex-A720AE.
The overall library code is adapted based on Cortex-A720 code.
Signed-off-by: David Hu <david.hu2@arm.com>
Signed-off-by: Ahmed Azeem <ahmed.azeem@arm.com>
Change-Id: I3d64dc5a3098cc823e656a5ad3ea05cd71598dc6
Add basic CPU library code to support the Arcadia CPU.
Change-Id: Iecb0634dc6dcb34e9b5fda4902335530d237cc43
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
The errata framework has a helper to invoke workarounds, complete with a
cpu rev_var check. We can use that directly instead of the
apply_cpu_pwr_dwn_errata to save on some code, as well as an extra
branch. It's also more readable.
Also, apply_erratum invocation in cpu files don't need to check the
rev_var as that was already done by the cpu_ops dispatcher for us to end
up in the file.
Finally, X2 erratum 2768515 only applies in the powerdown sequence, i.e.
at runtime. It doesn't achieve anything at reset, so we can label it
accordingly.
Change-Id: I02f9dd7d0619feb54c870938ea186be5e3a6ca7b
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Apply the mitigation only for the revision and variant
mentioned in the SDEN.
SDEN Documentation:
https://developer.arm.com/documentation/SDEN859515/latest
Change-Id: Ifda1f4cb32bdec9a9af29397ddc03bf22a7a87fc
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Cortex-X4 erratum 3076789 is a Cat B erratum that is present
in revisions r0p0, r0p1 and is fixed in r0p2.
The workaround is to set chicken bits CPUACTLR3_EL1[14:13]=0b11
and CPUACTLR_EL1[52] = 1.
Expected performance degradation is < 0.5%, but isolated
benchmark components might see higher impact.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2432808/latest
Change-Id: Ib100bfab91efdb6330fdcdac127bcc5732d59196
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Cortex-X4 erratum 2897503 is a Cat B erratum that applies
to all revisions <= r0p1 and is fixed in r0p2.
The workaround is to set CPUACTLR4_EL1[8] to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-2432808/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I3178a890b6f1307b310e817af75f8fdfb8668cc9
Cortex-A720 erratum 2792132 is a Cat B erratum that is present
in revision r0p0, r0p1 and is fixed in r0p2.
The workaround is to set bit[26] of the CPUACTLR2_EL1 to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2439421/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I8d11fe65a2ab5f79244cc3395d0645f77256304c
This patch checks if the Errata 2938996(Cortex-A520) , 2726228(Cortex-X4)
applies to cores and if affected applies the errata workaround which
disables TRBE.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I53b037839820c8b3a869f393588302a365d5b97c
This patch implements errata functions for two errata, both of them
disable TRBE as a workaround. This patch doesn't have functions
that disable TRBE but only implemented helper functions that are
used to detect cores affected by Errata 2938996(Cortex-A520) & 2726228(Cortex-X4)
Cortex-X4 SDEN documentation:
https://developer.arm.com/documentation/SDEN2432808/latest
Cortex-A520 SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2444153/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I8f886a1c21698f546a0996c719cc27dc0a23633a
Cortex-A720 erratum 2844092 is a Cat B erratum that is present
in revisions r0p0, r0p1 and is fixed in r0p2.
The workaround is to set bit[11] of CPUACTLR4_EL1 register.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-2439421/latest
Change-Id: I3d8eacb26cba42774f1f31c3aae2a0e6fecec614
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Cortex-X4 erratum 2816013 is a Cat B erratum that applies
to all revisions <= r0p1 and is fixed in r0p2. This erratum
is only present when memory tagging is enabled.
The workaround is to set CPUACTLR5_EL1[14] to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-2432808/latest
Change-Id: I546044bde6e5eedd0abf61643d25e2dd2036df5c
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Errata printing is done directly via generic_errata_report.
This commit removes the unused \_cpu\()_errata_report
functions for all cores, and removes errata_func from cpu_ops.
Change-Id: I04fefbde5f0ff63b1f1cd17c864557a14070d68c
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
In all non-trivial cases the CPU specific errata functions
already call generic_errata_report, this cuts out the middleman
by directly calling generic_errata_report from
print_errata_status.
The CPU specific errata functions (cpu_ops->errata_func)
can now be removed from all cores, and this field can be
removed from cpu_ops.
Also removes the now unused old errata reporting
function and macros.
Change-Id: Ie4a4fd60429aca37cf434e79c0ce2992a5ff5d68
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
modify the print logs when an erratum workaround does not
need to be applied to a certain revision/variant of the CPU.
Change-Id: I8f60636320f617ecd4ed88ee1fbf7a3e3e4517ee
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
RK3566/RK3568 is a Quad-core soc and Cortex-a55 inside.
This patch supports the following functions:
1. basic platform setup
2. power up/off cpus
3. suspend/resume cpus
4. suspend/resume system
5. reset system
Signed-off-by: shengfei Xu <xsf@rock-chips.com>
Change-Id: I8b98a4d07664de26bd6078f63664cbc3d9c1c68c
