For SoCs which do not implement RAS, use DSB as a barrier to
synchronize pending external aborts at the entry and exit of
exception handlers. This is needed to isolate the SErrors to
appropriate context.
However, this introduces an unintended side effect as discussed
in the https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3440
A summary of the side effect and a quick workaround is provided as
part of this patch and summarized here:
The explicit DSB at the entry of various exception vectors in BL31
for handling exceptions from lower ELs can inadvertently trigger an
SError exception in EL3 due to pending asyncrhonouus aborts in lower
ELs. This will end up being handled by serror_sp_elx in EL3 which will
ultimately panic and die.
The way to workaround is to update a flag to indicate if the exception
truly came from EL3. This flag is allocated in the cpu_context
structure. This is not a bullet proof solution to the problem at hand
because we assume the instructions following "isb" that help to update
the flag (lines 100-102 & 139-141) execute without causing further
exceptions.
Change-Id: I4d345b07d746a727459435ddd6abb37fda24a9bf
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The value of stdout-path is a string and as a result, we can't use a
label as a reference to the serial0 node. This change fixes the
stdout-path property for N1SDP, Morello and TC0 by pointing to the
right alias.
Signed-off-by: Nikos Nikoleris <nikos.nikoleris@arm.com>
Change-Id: I3d403389a424569be56327fab4140fec06f96d37
This bug manifests itself as a segfault triggered by a double-free.
I noticed that right before the double-free, the sk list contained 2
elements with the same address.
(gdb) p sk_X509_EXTENSION_value(sk, 1)
$34 = (X509_EXTENSION *) 0x431ad0
(gdb) p sk_X509_EXTENSION_value(sk, 0)
$35 = (X509_EXTENSION *) 0x431ad0
(gdb) p sk_X509_EXTENSION_num(sk)
$36 = 2
This caused confusion; this should never happen.
I figured that this was caused by a ext_new_xxxx function freeing
something before it is added to the list, so I put a breakpoint on
each of them to step through. I was suprised to find that none of my
breakpoints triggered for the second element of the iteration through
the outer loop just before the double-free.
Looking through the code, I noticed that it's possible to avoid doing
a ext_new_xxxx, when either:
* ext->type == NVCOUNTER and ext->arg == NULL
* ext->type == HASH and ext->arg == NULL and ext->optional == false
So I put a breakpoint on both.
It turns out that it was the HASH version, but I added a fix for both.
The fix for the Hash case is simple, as it was a mistake. The fix for
the NVCOUNTER case, however, is a bit more subtle. The NVCOUNTER may
be optional, and when it's optional we can skip it. The other case,
when the NVCOUNTER is required (not optinal), the `check_cmd_params`
function has already verified that the `ext->arg` must be non-NULL.
We assert that before processing it to covert any possible segfaults
into more descriptive errors.
This should no longer cause double-frees by adding the same ext twice.
Change-Id: Idae2a24ecd964b0a3929e6193c7f85ec769f6470
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
The certification tool creates all the certificates mentioned
statically in the code rather than taking explicit certificate
requests from the command line parameters.
Code is optimized to avoid unnecessary attempts to create
non-requested certificates.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I78feac25bc701bf8f08c6aa5a2e1590bec92d0f2
The base address of UART peripheral should be given in R0, not in R1.
Otherwise the console_stm32_core_flush issues an assert message.
This issue was highlighted with recent changes in console flush functions.
Change-Id: Iead01986fdbbf30ad2fd9fa515a1d2b611b4e591
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
libc/snprintf: use macro to reduce duplicated code
libc/snprintf: add support to print "%" character
libc/printf: add support to print "%" character
To avoid a potential out-of-bounds access, check whether
a device exists on a channel before calling the corresponding
clone function.
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Change-Id: Ia0dd66b331d3fa8a33109a02369e1bc9ae0fdd5b
Fix some typos and misspellings in TF-A documentation.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Change-Id: Id72553ce7b2f0bed9821604fbc8df4d4949909fa
The issue is that, when interrupt is triggered and RAS handler
is entered, after interrupt handler finishes, TF-A will re-enter
bl32 and then crash.
sdei_dispatch_event() may return failing result in some cases,
for example kernel may not have registered a handler or RAS event
may happen early during boot. We restore the NS context when
sdei_dispatch_event() returns failing result.
error log :
Received delegated event
X0 : 0xC4000061
X1 : 0x0
X2 : 0x0
X3 : 0x0
Received event - 0xC4000061 on cpu 0
UnRecognized Event - 0xC4000061
Failed delegated event 0xC4000061, Status Invalid Parameter
Unhandled Exception in EL3.
x30 = 0x000000000401f700
x0 = 0xfffffffffffffffe
x1 = 0xfffffffffffffffe
x2 = 0x00000000600003c0
Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Change-Id: I9802e9a32eee0ac3b5a8bcc0362d0b0e3b71dc9f
* changes:
qemu/qemu_sbsa: add support for sbsa-ref Embedded Controller
qemu/qemu_sbsa: topology is different from qemu so add handling
qemu/common : change DEVICE2 definition for MMU
qemu/aarch64/plat_helpers.S : calculate the position shift
Turn ON/OFF GIC redistributor in sync with GIC CPU interface ON/OFF.
Issue :
The Linux prompt hangs when all the cores in a cluster are turned OFF
and we try to turn ON a core in that cluster. Previously when TF-A turns
ON a core, TF-A first turns ON the redistributor followed by the core.
This did not match the flow when turning OFF a core, as TF-A did not
turn OFF redistributor when the corresponding core[s] are disabled.
This hang is resolved by disabling redistributor as cores are disabled,
keeping them in sync.
Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja@arm.com>
Change-Id: Ifd04fdcfd47b45e00f874f15b098471883d023f0
Some switch cases uses same operation. So, club switch cases
which uses same operation and remove duplicate code.
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com>
Change-Id: I260b474c0ff3f2ca102c32d4af2e4abba2b8f57c
Add macro CHECK_AND_PUT_CHAR to check buffer capacity, save one
character to buffer, and then increase character counter by one in one
single statement, so that 4 similar code pieces can be cleaned.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I2add6b4bd6c24ea3c0d2499a44924e3e8db0f4d1
Enable snprintf()/vsnprintf() in TF-A to print "%" character as C
standard, which may be used in platform porting to print percentage
information.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I9b296372a1002046eabac1df5e8eb99a27efd4a8
Enable printf() in TF-A to print "%" character as C standard, which
may be used in platform porting to print percentage information.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I7af2f1d153548e426f423fce15dc48b0da56c622
This allows PSCI in TF-A to signal platform power states to QEMU
via a controller in secure space.
This required a sbsa-ref specific version of PSCI functions for the
platform. Also adjusted the MMU range to also include the new EC.
Add a new MMU region for the embedded controller and increase the
size of xlat tables by one for the new region.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: Iece8a88947f11e82ab8988e460a8a66ad175a5ee
sbsa-ref in QEMU creates clusers of 8 cores, it may create up to 512
cores in upto 64 clusters. Implement a qemu_sbsa specific topology file
and increase the BL31_SIZE to accommodate the bigger table sizes. Change
platform_def.h for new topology. Correct PLATFORM_CPU_PER_CLUSTER_SHIFT so
plat_helpers.S calculates correct result.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: Idc5d70394c0956b759ad2c86f9fda8f293f2cfa7
DEVICE2 is not currently used on qemu platform but is needed for
a future patch for qemu_sbsa platform. Change its definition to
RW and add it to all levels of arm-tf similar to DEVICE1 definition.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: I03495471bfd423b61ad44ec4953fb25f76aa54bf
Rather than re-create this file in multiple qemu variants instead
caclulate the shift needed to convert MPIDR to position.
Add a new PLATFORM_CPU_PER_CLUSTER_SHIFT define in platform_def.h
for both qemu and qemu_sbsa to enable this calculation.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: I0e3a86354aa716d95150a3a34b15287cd70c8fd2
When getting a stack protector canary value, check
if cpu supports FEAT_RNG and use that. Fallback to
old method of using a (hardcoded value ^ timer).
Signed-off-by: Tomas Pilar <tomas@nuviainc.com>
Change-Id: I8181acf8e31661d4cc82bc3a4078f8751909e725
The Linux Automation MC-1 is a SBC built around the Octavo Systems
OSD32MP15x SiP. The SiP features up to 1 GB DDR3 RAM, EEPROM and
PMIC. The board has eMMC and a SD slot for storage.
The SDRAM calibration values are taken as is from the DKx boards, which
seem to be suitable for operation at German room temperature.
This is deemed ok for now, but for use in the field, the SiP will likely
need to have its timings determined in a climate chamber.
Change-Id: I5f43a61930151ae9d1df2ea7d0f6f9697c813ce0
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
This patch does not change code, it only updates comments and macro name
for 6th bit of Status Register. So TF-A binary stay same.
6th bit of the Status Register is named TX EMPTY and is set to 1 when both
Transmitter Holding Register (THR) or Transmitter Shift Register (TSR) are
empty. It is when all characters were already transmitted.
There is also TX FIFO EMPTY bit in the Status Register which is set to 1
only when THR is empty.
In both console_a3700_core_init() and console_a3700_core_flush() functions
we should wait until both THR and TSR are empty therefore we should check
6th bit of the Status Register.
So current code is correct, just had misleading macro names and comments.
This change fixes this "documentation" issue, fixes macro name for 6th bit
of the Status Register and also updates comments.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I19e4e7f53a90bcfb318e6dd1b1249b6cbf81c4d3
Implementation is simple, just check if there is a pending character in
RX FIFO via RXRDY bit of Status Register and if yes, read it from
UART_RX_REG register.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I226b6e336f44f5d0ca8dcb68e49a68e8f2f49708
* changes:
doc: renesas: Update code owner for Renesas platforms
doc: renesas: Document platforms based on RZ/G2 SoC's
renesas: rzg: Add PFC support for RZ/G2M
renesas: rzg: Add QoS support for RZ/G2M
renesas: rzg: Add support for DRAM initialization
Define ENABLE_FEAT_RNG that describes whether the
armv8.5 FEAT_RNG is supported in this build. This
allows conditional inclusion of code targetting
RNDR and RNDRRS registers.
Signed-off-by: Tomas Pilar <tomas@nuviainc.com>
Change-Id: Idd632f8b9bc20ea3d8793f55ead88fa12cb08821
Add ISAR0 feature register read helper, location
of FEAT_RNG bits, feature support helper and the
rndr/rndrrs register read helpers.
Signed-off-by: Tomas Pilar <tomas@nuviainc.com>
Change-Id: I2a785a36f62a917548e55892ce92fa8b72fcb99d
* changes:
plat: renesas: common: Include ulcb_cpld.h conditionally
plat: renesas: Move to common
plat: renesas: aarch64: Move to common
drivers: renesas: Move ddr/qos/qos header files
drivers: renesas: rpc: Move to common
drivers: renesas: avs: Move to common
drivers: renesas: auth: Move to common
drivers: renesas: dma: Move to common
drivers: renesas: watchdog: Move to common
drivers: renesas: rom: Move to common
drivers: renesas: delay: Move to common
drivers: renesas: console: Move to common
drivers: renesas: pwrc: Move to common
drivers: renesas: io: Move to common
drivers: renesas: eMMC: Move to common
