* changes:
refactor(arm): simplify early platform setup functions
feat(bl32): enable r3 usage for boot args
feat(handoff): add lib to sp-min sources
feat(handoff): add 32-bit variant of SRAM layout
feat(handoff): add 32-bit variant of ep info
fix(aarch32): avoid using r12 to store boot params
fix(arm): reinit secure and non-secure tls
refactor(handoff): downgrade error messages
* changes:
chore(cpus): rearrange the errata and cve order in Neoverse-N2
chore(cpus): rearrange cve in order in Cortex-X1
chore(cpus): fix cve order in Neoverse-V1
chore(cpus): fix cve order in Cortex-X2
chore(cpus): fix cve order in Cortex-A78C
chore(cpus): fix cve order in Cortex-A78_AE
chore(cpus): fix cve order in Cortex-A78
chore(cpus): fix cve order in Cortex-A77
Patch sorts the errata IDs in ascending order and the
CVE's in ascending order based on the year and index
for CPU Cortex-X4.
Change-Id: Ic304c2f68e7d0b96bbb30760696b7bceabe1ae2d
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch sorts the errata IDs in ascending order and the
CVE-2024-5660 in order based on the year and index
for Cortex-X3.
Change-Id: I2a4baebe0c3133528c089d999bdffa8c992f4989
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch rearranges CVE-2024-5660 in order based on
the year and index for Neoverse-V2.
Change-Id: I092a93ef3299fd733abae9c462c019f94d881413
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch sorts the errata IDs in ascending order and the
CVE's in ascending order based on the year and index
for CPU Neoverse N2.
Change-Id: Ieb4a8ab0030ea4e83efdef86a0ff1e2990b3e0dd
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch sorts the errata IDs in ascending order and the CVE's
in ascending order based on the year and index for Neoverse-V3.
Change-Id: I108eb2896e24c135d56e5096289766d777b48b48
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch sorts the errata IDs in ascending order and the
CVE's in ascending order based on the year and index
for CPU Cortex-A710.
Change-Id: Ie7c2b77879f8fa5abb77204678e09cc759b10278
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch rearranges CVE-2024-5660 in ascending order based on
the year and index for Cortex X1.
Change-Id: I0c4206e38f09b1f88ee95e8ce69d7e13b8a9bb2d
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
This patch rearranges CVE-2024-5660 apply order in Neoverse-V1.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ice0b1c6efa913f88522fb33182b9cdc0e7723988
This patch rearranges CVE-2024-5660, erratum 2313941
and 3701772 apply order in Cortex-X2.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ie74d7232a14f3cdd14c4d0ffb1ee91b537c491ea
This patch rearranges CVE-2024-5660 apply order in Cortex-A78C.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I326be1da279bd34df8667f7e957fb4a2c6913ab9
This patch rearranges CVE-2024-5660 apply order in Cortex-A78_AE.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Idfb076b798a840847c00066bd062ee919369272f
This patch rearranges CVE-2024-5660 apply order in Cortex-A78.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: If80a0f95f82dbf69100a2687b06db2373a9e9832
This patch rearranges CVE-2024-5660 apply order in Cortex-A77.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I41d76268ce2248bfd3600bbf6b89d16b6bdce8f0
Previously we have used enclosed the Errata ordering check
within the FEATURE_DETECTION flag as this flag is only
used for development purpose and it also enforces
ordering by causing a panic when the assert fails.
A simple warning message would suffice and hence this
patch removes the assert.
The erratum and cve ordering check is planned to be implemented
in static check at which point the warning will be taken out as well.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I0ffc40361985281163970ea5bc81ca0269b16442
The bit is already implicitly zero so no functional change. Adding it
helps fully describe how we expect FEAT_TRF to behave.
Change-Id: If7a7881e2b50188222ce46265b432d658a664c75
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
The code is never referenced, the build flag is never defined and some
of the #defines are missing. Remove.
Change-Id: I44caae52f9b7503363ac553fd1187bbf6c951438
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Implement safer version of 'strnlen' function
to handle NULL terminated strings with additional
bound checking and secure version of string copy function
to support better security and avoid destination
buffer overflow.
Change-Id: I93916f003b192c1c6da6a4f78a627c8885db11d9
Signed-off-by: Jit Loon Lim <jit.loon.lim@altera.com>
Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
Cortex-A510 erratum 2971420 applies to revisions r0p1, r0p2, r0p3,
r1p0, r1p1, r1p2 and r1p3, and is still open.
Under some conditions, data might be corrupted if Trace Buffer
Extension (TRBE) is enabled. The workaround is to disable trace
collection via TRBE by programming MDCR_EL3.NSTB[1] to the opposite
value of SCR_EL3.NS on a security state switch. Since we only enable
TRBE for non-secure world, the workaround is to disable TRBE by
setting the NSTB field to 00 so accesses are trapped to EL3 and
secure state owns the buffer.
SDEN: https://developer.arm.com/documentation/SDEN-1873361/latest/
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ia77051f6b64c726a8c50596c78f220d323ab7d97
Cortex-A715 erratum 2804830 applies to r0p0, r1p0, r1p1 and r1p2,
and is fixed in r1p3.
Under some conditions, writes of a 64B-aligned, 64B granule of
memory might cause data corruption without this workaround. See SDEN
for details.
Since this workaround disables write streaming, it is expected to
have a significant performance impact for code that is heavily
reliant on write streaming, such as memcpy or memset.
SDEN: https://developer.arm.com/documentation/SDEN-2148827/latest/
Change-Id: Ia12f6c7de7c92f6ea4aec3057b228b828d48724c
Signed-off-by: John Powell <john.powell@arm.com>
Some APIs, like `transfer_list_check_header`, are used preemptively to
determine if a new TL needs to be initialized. If we validate a TL and
anticipate its contents to be invalid or corrupted, logging these as
error message isn't helpful.
Change-Id: Ic22378828548d48f73aa74d494f110fbd11857f4
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
This patch also checks for FEAT_HCX before enabling FEAT_MOPS
when INIT_UNUSED_NS_EL1 = 1 and adds build dependency check.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Iff4a068aa392fc8d29e2e4da7a2e7df0b3104e65
This patch provides architectural support for further use of
Memory Encryption Contexts (MEC) by declaring the necessary
registers, bits, masks, helpers and values and modifying the
necessary registers to enable FEAT_MEC.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I670dbfcef46e131dcbf3a0b927467ebf6f438fa4
Certain erratum workarounds like Neoverse N1 1542419, need a part
of their mitigation done in EL3 and the rest in lower EL. But currently
such workarounds return HIGHER_EL_MITIGATION which indicates that the
erratum has already been mitigated by a higher EL(EL3 in this case)
which causes the lower EL to not apply it's part of the mitigation.
This patch fixes this issue by adding support for split workarounds
so that on certain errata we return AFFECTED even though EL3 has
applied it's workaround. This is done by reusing the chosen field of
erratum_entry structure into a bitfield that has two bitfields -
Bit 0 indicates that the erratum has been enabled in build,
Bit 1 indicates that the erratum is a split workaround and should
return AFFECTED instead of HIGHER_EL_MITIGATION.
SDEN documentation:
https://developer.arm.com/documentation/SDEN885747/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Iec94d665b5f55609507a219a7d1771eb75e7f4a7
This corrects the MISRA violation C2012-15.6:
The body of an iteration-statement or a selection-statement shall
be a compound-statement.
Enclosed statement body within the curly braces.
Change-Id: I14a69f79aba98e243fa29a50914431358efa2a49
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-15.6:
The body of an iteration-statement or a selection-statement shall
be a compound-statement.
Enclosed statement body within the curly braces.
Change-Id: Ie33b310f6406d77a7a2ebd94cf54c2a2968f8644
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-15.6:
The body of an iteration-statement or a selection-statement shall
be a compound-statement.
Enclosed statement body within the curly braces.
Change-Id: I8b656f59b445e914dd3f47e3dde83735481a3640
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This patch replaces the for loops to sero individual tables or entries
in the translation table context with zeromem to improve the boot time.
On Tegra platforms, this patch has proved to save 10ms during boot.
Signed-off-by: Bhavesh Parekh <bparekh@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Iea9fb2c18ae7a1aef4fe42c4151a321fb3f8660e
Adding PSA Crypto MBedTLS specific jump table to allow use of ROMLIB, to
be included when PSA_CRYPTO=1 and enabled.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Iff7f0e3c5cba6b89f1732f6c80d3060498e3675d
SVE and SME aren't enabled symmetrically for all worlds, but EL3 needs
to context switch them nonetheless. Previously, this had to happen by
writing the enable bits just before reading/writing the relevant
context. But since the introduction of root context, this need not be
the case. We can have these enables always be present for EL3 and save
on some work (and ISBs!) on every context switch.
We can also hoist ZCR_EL3 to a never changing register, as we set its
value to be identical for every world, which happens to be the one we
want for EL3 too.
Change-Id: I3d950e72049a298008205ba32f230d5a5c02f8b0
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
The current code is incredibly resilient to updates to the spec and
has worked quite well so far. However, recent implementations expose a
weakness in that this is rather slow. A large part of it is written in
assembly, making it opaque to the compiler for optimisations. The
future proofness requires reading registers that are effectively
`volatile`, making it even harder for the compiler, as well as adding
lots of implicit barriers, making it hard for the microarchitecutre to
optimise as well.
We can make a few assumptions, checked by a few well placed asserts, and
remove a lot of this burden. For a start, at the moment there are 4
group 0 counters with static assignments. Contexting them is a trivial
affair that doesn't need a loop. Similarly, there can only be up to 16
group 1 counters. Contexting them is a bit harder, but we can do with a
single branch with a falling through switch. If/when both of these
change, we have a pair of asserts and the feature detection mechanism to
guard us against pretending that we support something we don't.
We can drop contexting of the offset registers. They are fully
accessible by EL2 and as such are its responsibility to preserve on
powerdown.
Another small thing we can do, is pass the core_pos into the hook.
The caller already knows which core we're running on, we don't need to
call this non-trivial function again.
Finally, knowing this, we don't really need the auxiliary AMUs to be
described by the device tree. Linux doesn't care at the moment, and any
information we need for EL3 can be neatly placed in a simple array.
All of this, combined with lifting the actual saving out of assembly,
reduces the instructions to save the context from 180 to 40, including a
lot fewer branches. The code is also much shorter and easier to read.
Also propagate to aarch32 so that the two don't diverge too much.
Change-Id: Ib62e6e9ba5be7fb9fb8965c8eee148d5598a5361
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
MPMM is a core-specific microarchitectural feature. It has been present
in every Arm core since the Cortex-A510 and has been implemented in
exactly the same way. Despite that, it is enabled more like an
architectural feature with a top level enable flag. This utilised the
identical implementation.
This duality has left MPMM in an awkward place, where its enablement
should be generic, like an architectural feature, but since it is not,
it should also be core-specific if it ever changes. One choice to do
this has been through the device tree.
This has worked just fine so far, however, recent implementations expose
a weakness in that this is rather slow - the device tree has to be read,
there's a long call stack of functions with many branches, and system
registers are read. In the hot path of PSCI CPU powerdown, this has a
significant and measurable impact. Besides it being a rather large
amount of code that is difficult to understand.
Since MPMM is a microarchitectural feature, its correct placement is in
the reset function. The essence of the current enablement is to write
CPUPPMCR_EL3.MPMM_EN if CPUPPMCR_EL3.MPMMPINCTL == 0. Replacing the C
enablement with an assembly macro in each CPU's reset function achieves
the same effect with just a single close branch and a grand total of 6
instructions (versus the old 2 branches and 32 instructions).
Having done this, the device tree entry becomes redundant. Should a core
that doesn't support MPMM arise, this can cleanly be handled in the
reset function. As such, the whole ENABLE_MPMM_FCONF and platform hooks
mechanisms become obsolete and are removed.
Change-Id: I1d0475b21a1625bb3519f513ba109284f973ffdf
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
* changes:
refactor(cpus): declare runtime errata correctly
perf(cpus): make reset errata do fewer branches
perf(cpus): inline the init_cpu_data_ptr function
perf(cpus): inline the reset function
perf(cpus): inline the cpu_get_rev_var call
perf(cpus): inline cpu_rev_var checks
refactor(cpus): register DSU errata with the errata framework's wrappers
refactor(cpus): convert checker functions to standard helpers
refactor(cpus): convert the Cortex-A65 to use the errata framework
fix(cpus): declare reset errata correctly
