Check that the size of desc->emad_count is 4, not that sizeof(int) is
nonzero. Also improve a comment.
Change-Id: I8bf69b637158ddffe2d08aed3d9879a4d7fd3514
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
These bits (MDCR_EL3.{NSTB, NSTBE, TTRF, TPM}, CPTR_EL3.TTA) only affect
EL2 (and lower) execution. Each feat_init_el3() is called long before
any lower EL has had a chance to execute, so setting the bits at reset
is redundant. Removing them from reset code also improves readability of
the immutable EL3 state.
Preserve the original intention for the TTA bit of "enabled for NS and
disabled everywhere else" (inferred from commit messages d4582d3088 and
2031d6166a and the comment). This is because CPTR_EL3 will be contexted
and so everyone will eventually get whatever NS has anyway.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I3d24b45d3ea80882c8e450b2d9db9d5531facec1
Neoverse V2 erratum 2801372 is a Cat B erratum that applies to
all revisions <=r0p1 and is fixed in r0p2. The workaround is to
insert a dsb before the isb in the power down sequence.
This errata is explained in SDEN 2332927 available at:
https://developer.arm.com/documentation/SDEN2332927
Change-Id: I8716b9785a67270a72ae329dc49a2f2239dfabff
Signed-off-by: Moritz Fischer <moritzf@google.com>
Prior to delegating handling of Group0 secure interrupt to platform
handler, SPMD framework must acknowledge the highest pending interrupt.
Moreover, once the platform has handled the interrupt successfully,
SPMD must deactivate the interrupt.
The rationale behind this decision is SPMD framework is well suited to
perform interrupt management at GIC boundary while the platform handler
is well equipped to deal with the device interface related to the
interrupt.
This patch also fixes a bug in the error code returned upon invocation
of FFA_EL3_INTR_HANDLE from normal world.
Change-Id: If8fef51899e25f966038cc01ec58c84ee25e88eb
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The enablement code for the PMU is scattered and difficult to track
down. Factor out the feature into its own lib/extensions folder and
consolidate the implementation. Treat it is as an architecturally
mandatory feature as it is currently.
Additionally, do some cleanup on AArch64. Setting overflow bits in
PMCR_EL0 is irrelevant for firmware so don't do it. Then delay the PMU
initialisation until the context management stage which simplifies the
early environment assembly. One side effect is that the PMU might count
before this happens so reset all counters to 0 to prevent any leakage.
Finally, add an enable to manage_extensions_realm() as realm world uses
the pmu. This introduces the HPMN fixup to realm world.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie13a8625820ecc5fbfa467dc6ca18025bf6a9cd3
* changes:
fix(tsp): fix destination ID in direct request
fix(el3-spm): fix LSP direct message response
fix(el3-spm): improve direct messaging validation
Perform additional validation of the source and destination
IDs of direct messages.
Additionally track the sender of a direct request to allow
validating the target of the corresponding direct response.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I8d39d53a02b8333246f1500c79ba04f149459c16
Using one loop for the duplicate partition ID check is both simpler and
faster.
Change-Id: I0f6fa9ceb1aadf4383fa9be16605c39ad8643a43
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This ensures that addresses shared using FF-A are 4K aligned, as
required by the specification.
Change-Id: I8f0a659a095fdb9391398757141d613ac9bf9b42
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Follow up to [1] and [2], for systems implementing the SPMC at S-EL2,
it is necessary to leave the option for handling Group0 interrupts
(while the normal world runs) through the EHF by the use of the
EL3_EXCEPTION_HANDLING option.
Specifically for RAS, the handling through EHF is still required because
the platform function provided by the SPMD doesn't provide the facility
to link back to the RAS handling framework.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/16047
[2] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/19897
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Idf8741887904a286fb3f5ab2d754afd2fc78d3b0
This makes the code cleaner. No functional change intended.
Change-Id: Ib7b438b830e8e3b7ac6e30d688f5172cbaa58121
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Future changes will cause spmc_shmem_obj_get_comp_mrd to panic instead
of returning NULL, so be sure that comp_mrd_offset has been validated
already. The existing code checks for 8-byte alignment, but comments in
el3_spmc_ffa_memory.h indicate that 16-byte alignment is expected, so
require 16-byte alignment.
Change-Id: I400f0f1f163522cb5ea77d4811c91e8b7e655c18
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
If the size of a shmem descriptor is not a multiple of 16, the
descriptor would be unusable, but the problem would be caught much
later.
Change-Id: I907f3862b55c6341e39a6b8b2e24784127230478
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This ensures that descriptor size calculation does not overflow and
removes a bounds check that does not actually work.
Change-Id: If8da2bb1b312941b7f9d0debf3149b984fc3809a
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Using uint64_t is cleaner, even though size_t is 64 bits on all
platforms el3-spmc supports.
Change-Id: I457deb0b7f3df0749cb5368cceda1bb530d039de
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
The information is already available inline. No functional change
intended.
Change-Id: I13d2ad62a9315b233d7a5fd3ffcaac3dd01b055c
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Hopefully this will be a tiny speedup. No functional change intended.
Change-Id: Ia052c7f9b24d5ece6209a6fa2903b1271215ece7
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
If it is called on an invalid mtd, out-of-bounds memory reads are
likely. Checks elsewhere in the code ensure that the mtd has been
validated before calling this function.
Change-Id: If598680a5b79e1786a6e0a213779ec80cbf37494
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
size_t is not guaranteed to be 64 bits, although it happens to be 64
bits on all systems that el3-spmc supports.
Change-Id: Ieae11722a15448641de50233597ac35869eab574
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
The ERRATA_XXX macros, used in cpu_helpers.S, are necessary for the
check_errata_xxx family of functions. The CPU_REV should be used in the
cpu files but for whatever reason the values have been hard-coded so far
(at the cost of readability). It's evident this file is not strictly for
status reporting.
The new purpose of this file is to make it a one-stop-shop for all
things errata.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1ce22dd36df5aa0bcfc5f2772251f91af8703dfb
This adds creation of a device tree that will be passed to OP-TEE.
Currently that device tree only contains the coreboot table per the
Linux coreboot device tree specification. This device tree is then
passed to OP-TEE so it can extract the CBMEM console information from
the coreboot table for logging purposes.
Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com>
Change-Id: I6a26d335e16f7226018c56ad571cca77b81b0f6a
The workarounds for these below mentioned errata are not implemented
in EL3, but the flags can be enabled/disabled at a platform level
based on arm/non-arm interconnect IP. The ABI helps assist the Kernel
in the process of mitigation for the following errata:
Cortex-A715: erratum 2701951
Neoverse V2: erratum 2719103
Cortex-A710: erratum 2701952
Cortex-X2: erratum 2701952
Neoverse N2: erratum 2728475
Neoverse V1: erratum 2701953
Cortex-A78: erratum 2712571
Cortex-A78AE: erratum 2712574
Cortex-A78C: erratum 2712575
EL3 provides an appropriate return value via errata ABI when the
kernel makes an SMC call using the EM_CPU_ERRATUM_FEATURES FID with the
appropriate erratum ID.
Change-Id: I35bd69d812dba37410dd8bc2bbde20d4955b0850
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Workaround to help enable the kernel to query errata status using the
errata abi feature for platforms with a non-arm interconnect.
Change-Id: I47b03eaee5a0a763056ae71883fa30dfacb9b3f7
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
This patch adds the errata management firmware interface for lower ELs
to discover details about CPU erratum. Based on the CPU erratum
identifier the interface enables the OS to find the mitigation of an
erratum in EL3.
The ABI can only be present in a system that is compliant with SMCCCv1.1
or higher. This implements v1.0 of the errata ABI spec.
For details on all possible return values, refer the design
documentation below:
ABI design documentation:
https://developer.arm.com/documentation/den0100/1-0?lang=en
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Change-Id: I70f0e2569cf92e6e02ad82e3e77874546232b89a
Use the address of emad 0 instead of the size of the MRD.
Change-Id: I31ec0001b4474e78caa9dfb468f63122a3708781
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
The offset has been validated on the first loop iteration. Subsequent
iterations can assume it is valid.
Change-Id: Ib06cd0240220b8aa42bcd34c3c40b69d2d86aa72
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
When called on incomplete objects, it might fail or access uninitialized
memory. This allows simplifying spmc_shm_check_obj().
Change-Id: I7c11f15d4c8ebe8cd15e7d8c37a0d0f3daa83675
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Earlier validation ensures spmc_shmem_obj_get_emad() will never fail, so
trip an assertion instead of returning NULL.
Change-Id: I285f3b59150773b2404db5719753fdb240e9ed63
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
A v1.1 descriptor has a minimum length exceeding that of a v1.0
descriptor.
Change-Id: I06265d58f53eccb0d39927fe9ff396b73735df97
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This patch introduces a handler for FVP platform to triage Group0
secure interrupts. Currently, it is empty but serves as a
placeholder for future Group0 interrupt sources.
Moreover, this patch also provides a dummy implementation of the
above mentioned platform hook for QEMU, corstone100, n1sdp and
hikey960 ports.
Change-Id: I01d3451408f47ac313b0af74046cce89f89b85bb
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
When Group0 Secure interrupts in secure world get trapped to S-EL2
SPMC, FFA_EL3_INTR_HANDLE ABI is invoked by SPMC to delegate
interrupt handling to EL3 firmware (i.e., SPMD).
SPMD further delegates to platform handler which successfully handles
the Group0 secure interrupt before returning control to SPMC.
Change-Id: I8cc0fec20803b96c81582910ad2668e38b167fb8
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
SPMD registers a generic handler with the interrupt management
framework to handle Group0 secure interrupt from normal world.
The handler further delegates to the platform for successful
handling of the interrupt.
Change-Id: I9cdc721810b09e01190cdcab42c50830792a26e2
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This change forces LD to sort all input sections by alignment when
allocating them within an output section. This is done in some places
explicitly in the linker scripts today, but this makes sure we don't
miss any easy targets.
Change-Id: Ife89a8bb9e592b55c761d9a3dfefc2aeeb07802f
Signed-off-by: Chris Kay <chris.kay@arm.com>
Add support for runtime detection (ENABLE_SVE_FOR_NS=2), by splitting
sve_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SVE specific setup.
Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.
Change-Id: I1caaba2216e8e2a651452254944a003607503216
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Add support for runtime detection (ENABLE_SME_FOR_NS=2), by splitting
feat_sme_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SME specific setup.
Change the FVP platform default to the now supported dynamic option
(=2),so the right decision can be made by the code at runtime.
Change-Id: Ida9ccf737db5be20865b84f42b1f9587be0626ab
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
