The workaround is added to the Cortex-A55 cpu specific file. The
workaround is disabled by default and have to be explicitly enabled by
the platform integrator.
Change-Id: I3e6fd10df6444122a8ee7d08058946ff1cc912f8
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by adding BTI instruction used to mark valid targets
for indirect branches. The patch sets new GP bit [50] to the stage 1
Translation Table Block and Page entries to denote guarded EL3 code
pages which will cause processor to trap instructions in protected
pages trying to perform an indirect branch to any instruction other
than BTI.
BTI feature is selected by BRANCH_PROTECTION option which supersedes
the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
and is disabled by default. Enabling BTI requires compiler support
and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
The assembly macros and helpers are modified to accommodate the BTI
instruction.
This is an experimental feature.
Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
is now made as an internal flag and BRANCH_PROTECTION flag should be
used instead to enable Pointer Authentication.
Note. USE_LIBROM=1 option is currently not supported.
Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Examine the ID_AA64PFR1_EL1 bits 7:4 to see if speculative
loads (SSBS) is implemented, before disabling speculative
loads.
Change-Id: I7607c45ed2889260d22a94f6fd9af804520acf67
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
The workaround for Cortex-A76 errata #1286807 is implemented
in this patch.
Change-Id: I6c15af962ac99ce223e009f6d299cefb41043bed
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The workarounds for errata 1257314, 1262606, 1262888 and 1275112 are
added to the Cortex-A76 cpu specific file. The workarounds are disabled
by default and have to be explicitly enabled by the platform integrator.
Change-Id: I70474927374cb67725f829d159ddde9ac4edc343
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch fixes this issue:
https://github.com/ARM-software/tf-issues/issues/660
The introduced changes are the following:
1) Some cores implement cache coherency maintenance operation on the
hardware level. For those cores, such as - but not only - the DynamIQ
cores, it is mandatory that TF-A is compiled with the
HW_ASSISTED_COHERENCY flag. If not, the core behaviour at runtime is
unpredictable. To prevent this, compile time checks have been added and
compilation errors are generated, if needed.
2) To enable this change for FVP, a logical separation has been done for
the core libraries. A system cannot contain cores of both groups, i.e.
cores that manage coherency on hardware and cores that don't do it. As
such, depending on the HW_ASSISTED_COHERENCY flag, FVP includes the
libraries only of the relevant cores.
3) The neoverse_e1.S file has been added to the FVP sources.
Change-Id: I787d15819b2add4ec0d238249e04bf0497dc12f3
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Errata 819472, 824069, and 827319 are currently reported in a warning as
missing during boot for platforms that do not need them. Only warn when
the errata is needed for a given revision but not compiled in like other
errata workarounds.
Fixes: bd393704d2 ("Cortex-A53: Workarounds for 819472, 824069 and 827319")
Signed-off-by: Andrew F. Davis <afd@ti.com>
Change-Id: Ifd757b3d0e73a9bd465b98dc20648b6c13397d8d
This patch forces all cacheable atomic instructions to be near, which
improves performance in highly contended parallelized use-cases.
Change-Id: I93fac62847f4af8d5eaaf3b52318c30893e947d3
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Under certain near idle conditions, DSU may miss response transfers on
the ACE master or Peripheral port, leading to deadlock. This workaround
disables high-level clock gating of the DSU to prevent this.
Change-Id: I820911d61570bacb38dd325b3519bc8d12caa14b
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Under specific conditions, the processor might issue an eviction and an
L2 cache clean operation to the interconnect in the wrong order. Set
the CPUACTLR.ENDCCASCI bit to 1 to avoid this.
Change-Id: Ide7393adeae04581fa70eb9173b742049fc3e050
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
This patch applies the new MSR instruction to directly set the
PSTATE.SSBS bit which controls speculative loads. This new instruction
is available at Neoverse N1 core so it's utilised.
Change-Id: Iee18a8b042c90fdb72d2b98f364dcfbb17510728
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Switched from a static check to a runtime assert to make sure a
workaround is implemented for CVE_2018_3639.
This allows platforms that know they have the SSBS hardware workaround
in the CPU to compile out code under DYNAMIC_WORKAROUND_CVE_2018_3639.
The gain in memory size without the dynamic workaround is 4KB in bl31.
Change-Id: I61bb7d87c59964b0c7faac5d6bc7fc5c4651cbf3
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
In AArch32, execution of 2 instructions with opposite condition code
might lead to either a data corruption or a CPU deadlock. Set the bit
12 of the Diagnostic Register to prevent this.
Change-Id: I22b4f25fe933e2942fd785e411e7c0aa39d5c1f4
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
The workarounds for these errata are so closely related that it is
better to only have one patch to make it easier to understand.
Change-Id: I0287fa69aefa8b72f884833f6ed0e7775ca834e9
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This patch provides support for using the scatterfile format as
the linker script with the 'armlink' linker for Tegra platforms.
In order to enable the scatterfile usage the following changes
have been made:
* provide mapping for ld.S symbols in bl_common.h
* include bl_common.h from all the affected files
* update the makefile rules to use the scatterfile and armlink
to compile BL31
* update pubsub.h to add sections to the scatterfile
NOTE: THIS CHANGE HAS BEEN VERIFIED WITH TEGRA PLATFORMS ONLY.
Change-Id: I7bb78b991c97d74a842e5635c74cb0b18e0fce67
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Concurrent instruction TLB miss and mispredicted return instruction
might fetch wrong instruction stream. Set bit 6 of CPUACTLR_EL1 to
prevent this.
Change-Id: I2da4f30cd2df3f5e885dd3c4825c557492d1ac58
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Streaming store under specific conditions might cause deadlock or data
corruption. Set bit 25:24 of CPUECTLR_EL1, which disables write
streaming to the L2 to prevent this.
Change-Id: Ib5cabb997b35ada78b27e75787afd610ea606dcf
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
TLBI VAAE1 or TLBI VAALE1 targeting a page within hardware page
aggregated address translation data in the L2 TLB might cause
corruption of address translation data. Set bit 59 of CPUACTLR2_EL1 to
prevent this.
Change-Id: I59f3edea54e87d264e0794f5ca2a8c68a636e586
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Internal timing conditions might cause the CPU to stop processing
interrupts. Set bit 13 of CPUACTLR_EL1 to prevent this.
Change-Id: Ifdd19dbcdb71bb0d9609cab1315c478aaedb03ba
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Implicit Error Synchronization Barrier (IESB) might not be correctly
generated in Cortex-A75 r0p0. To prevent this, IESB are enabled at all
expection levels.
Change-Id: I2a1a568668a31e4f3f38d0fba1d632ad9939e5ad
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Broadcast maintainance operations might not be correctly synchronized
between cores. Set bit 7 of S3_0_C15_C0_2 to prevent this.
Change-Id: I67fb62c0b458d44320ebaedafcb8495ff26c814b
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way: e0ea0928d5 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a2 ("drivers: add tzc380 support").
This problem was introduced in commit 4ecca33988 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.
Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.
Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass
Safe) bit to mitigate against Variant 4 vulnerabilities. Although an
Armv8.5 feature, this can be implemented by CPUs implementing earlier
version of the architecture.
With this patch, when both PSTATE.SSBS is implemented and
DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for
SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to
indicate that mitigation on the PE is either permanently enabled or not
required.
When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset
of every BL stage. This means that EL3 always executes with mitigation
applied.
For Cortex A76, if the PE implements SSBS, the existing mitigation (by
using a different vector table, and tweaking CPU ACTLR2) is not used.
Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Previously the errata reporting was optional for CPU operation
files and this was achieved by making use of weak reference to
resolve to 0 if the symbol is not defined. This is error prone
when adding new CPU operation files and weak references are
problematic when fixing up dynamic relocations. Hence this patch
removes the weak reference and makes it mandatory for the CPU
operation files to define the errata reporting function.
Change-Id: I8af192e19b85b7cd8c7579e52f8f05a4294e5396
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Leave the caches on and explicitly flush any data that
may be stale when the core is powered down. This prevents
non-coherent interconnect access which has negative side-
effects on AM65x.
Signed-off-by: Andrew F. Davis <afd@ti.com>
This patch fixes the name of the Cortex-ares errata function which was
previously named `cortex_a72_errata_report` which was an error.
Change-Id: Ia124df4628261021baa8d9a30308bc286d45712b
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
For Denver CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.
This approach permanently mitigates the EL3 software stack only. Other
software components are responsible to enable it for their exception
levels.
TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN3
and earlier:
* By setting bit 11 (Disable speculative store buffering) of
`ACTLR_EL3`
* By setting bit 9 (Disable speculative memory disambiguation) of
`ACTLR_EL3`
TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN4
and later:
* By setting bit 18 (Disable speculative store buffering) of
`ACTLR_EL3`
* By setting bit 17 (Disable speculative memory disambiguation) of
`ACTLR_EL3`
Change-Id: If1de96605ce3f7b0aff5fab2c828e5aecb687555
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
