When an FFA_ERROR happens while handling a direct message
from normal world, return to normal world with
FFA_ERROR. Otherwise, the system would re-enter the secure partition
with FFA_ERROR.
Change-Id: I3d9a68a41b4815c1a8e10354cfcf68fec9f4b800
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
StandaloneMm which is S-EL0 partition uses
FFA_MSG_SEND_DIRECT_REQ2/RESP2 to handle multiple services.
For this, add support for FFA_MSG_SEND_DIRECT_REQ2/RESP2 in el3_spmc
restrictly up to use 8 registers.
although FF-A v1.2 defines FFA_MSG_SEND_DIRECT_REQ2/RESP2
with ability to pass/return up to 18 registers.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I8ab1c332d269d9d131330bb2debd10d75bdba1ee
Switch the state back to non-secure after a secure interrupt
using spmd_smc_switch_state with FFA_NORMAL_WORLD_RESUME
to reduce the number of control flow paths for world switches.
Fixes an issue where FP registers were not correctly restored
after secure interrupts.
Upstreamed from https://r.android.com/3345999, tested on Trusty.
Change-Id: I3ce33f7657c13b999969ebb8957d5d4b6c3aa634
Signed-off-by: Andrei Homescu <ahomescu@google.com>
FF-A memory management protocol v1.1 specifies not only
FFA_MEM_PERM_GET_SMC32/FFA_MEM_PERM_SET_SMC32 but also
FFA_MEM_PERM_GET_SMC64/FFA_MEM_PERM_SET_SMC64.
Change former FFA_MEM_PERM_GET/SET definitions to separate operations
and add handler for FFA_MEM_PERM_GET/SET_SMC64 in spmc_smc_handler().
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I175063654703db26c1ffc3cfd7fa428b94d2bfc9
The EDKII/StandaloneMm module runs as a S-EL0 partition
on top of the EL3 FF-A SPMC.
In the past the StandaloneMm partition received its boot information through
the use of a device tree (DT) passed through the FF-A boot protocol.
The StandaloneMm itself converted the DT into a HOB.
To better match the UEFI PI spec,
the EL3 SPMC must now produce the HOB including the PHIT
(Phase Handoff Information Table) as first item in the HOB list.
The SPMC then passes the HOB through the FF-A boot protocol for
the StandaloneMm consumption.
This discards the use of a DT between the SPMC and
the StandaloneMm partition.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I22fb02c710169bd5a5ba1d1f60dce977a5a59ab6
According to Platform Initialization (PI) Specification [1] and
Discussion on edk2 mailing list [2],
StandaloneMm shouldn't create Hob but it should be passed from TF-A.
IOW, TF-A should pass boot information via PHIT Hob to initialise
StandaloneMm properly.
This patch applies using transfer list with PHIT Hob list [3] for
delivering boot information to StandaloneMm.
Link: https://uefi.org/sites/default/files/resources/PI_Spec_1_6.pdf [1]
Link: https://edk2.groups.io/g/devel/topic/103675962#114283 [2]
Link: https://github.com/FirmwareHandoff/firmware_handoff [3]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I3df71a7679abf9859612afc8a5be7b2381007311
Fix an issue where one ERROR line was placed
incorrectly outside its conditional check.
Signed-off-by: Andrei Homescu <ahomescu@google.com>
Change-Id: I7860c399e4a84de6eaa4139fe2103595c52576dd
commit 42e35d2f8c
("refactor(cm): convert el1 ctx assembly offset entries to c structure")
moves cntkctl_el1 register from el1_sysregs_t's common to arch_timer
structure.
To set cntkctl_el1, it should use write_el1_ctx_timer() instead of
write_el1_ctx_common() otherwise, build failed.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: Ifa1ca6e056fa95bd07598d20705856e208670808
SCTLR_EL1 and TCR_EL1 regs are included either as part of errata
"ERRATA_SPECULATIVE_AT" or under el1_sysregs_t context structure.
The code to write and read into these context entries, looks
repetitive and is invoked at most places.
This section is refactored to bring them under a static procedure,
keeping the code neat and easier to maintain.
Change-Id: Ib0d8c51bee09e1600c5baaa7f9745083dca9fee1
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
This patch demonstrates the trivial changes to transparently switch
the fpregs_context_* helpers to simd_ctx_* helpers.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I14bda6bd0ead1f34a570b59be8dec3ac40891c20
Currently the EL1 part of the context structure (el1_sysregs_t),
is coupled with feature flags reducing the context memory allocation
for platforms, that don't enable/support all the architectural
features at once.
Similar to the el2 context optimization commit-"d6af234" this patch
further improves this section by converting the assembly context-offset
entries into a c structure. It relies on garbage collection of the
linker removing unreferenced structures from memory, as well as aiding
in readability and future maintenance. Additionally, it eliminates
the #ifs usage in 'context_mgmt.c' source file.
Change-Id: If6075931cec994bc89231241337eccc7042c5ede
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
* Currently, "ERRATA_SPECUALTIVE_AT" errata is enabled by default
for few cores and they need context entries for saving and
restoring EL1 regs "SCTLR_EL1 and TCR_EL1" registers at all times.
* This prevents the mechanism of decoupling EL1 and EL2 registers,
as EL3 firmware shouldn't be handling both simultaneously.
* Depending on the build configuration either EL1 or EL2 context
structures need to included, which would result in saving a good
amount of context memory.
* In order to achieve this it's essential to have explicit context
entries for registers supporting "ERRATA_SPECULATIVE_AT".
* This patch adds two context entries under "errata_speculative_at"
structure to assist this errata and thereby allows decoupling
EL1 and EL2 context structures.
Change-Id: Ia50626eea8fb64899a2e2d81622adbe07fe77d65
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Fixes a dangling pointer bug in `spmc_ffa_console_log`.
`chars` was assigned to an array which went out of scope at the end of
the `if`/`else` block.
The solution is to `memcmpy` from the temporary array into `chars`,
which is now an array.
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
Change-Id: I67d19ea25d09b72f38fcc67dab4acf449aa8f1b1
A normal world caller can emit an SMC with the SVE hint bit set such
that the callee can perform an optimization by omitting to save/restore
the SVE context. Update the SPMD to pass this information to the SPMC
when set by the caller in the SMC flags parameter.
For now, restrict this behavior to the SPMC living at S-EL2.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Icf46eb8a391dd3ddd2ee6aff8581a2f1c8a1c274
Add support for FFA_CONSOLE_LOG in EL3 SPMC,
Disallow forwarding FFA_CONSOLE_LOG across worlds.
Add support for FFA_CONSOLE_LOG in FFA_FEATURES.
Input parameters:
w0/x0 - FFA_CONSOLE_LOG_32/64
w1/x1 - Character count
w2/x2-w7/x7 - 24 or 48 characters depending upon whether a SMC32 or
SMC64 FID was used.
Output parameters in case of success:
w0/x0 - FFA_SUCCESS
Output parameters in case of error:
w0/x0 - FFA_ERROR
w2/x2 - NOT_SUPPORTED: ABI is not implemented
INVALID_PARAMETERS: Parameters are incorrectly encoded
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I004c043729e77d1b9aa396c42d25c73d9268169a
Add support to setup S-EL0 SP context during power management power on
procedure. In case of power on, initialise the context data structure
for the secure world on the current CPU.
The S-EL0 SP does not support power message. Add the check to make
sure that it does not subscribe to any power messages.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: Ic9cf98cd15b6ee5d86d071a52bc0973677049df3
This patch locks and unlocks access to the S-EL0 SP context when its
runtime state and model are updated to avoid issues around concurrent
access to global state.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I427657050574c189cbaf82c1371e3ee44bc1663e
Add the support to parse SP manifest to get device regions, create xlat
table entries for the SP.
SP running at SEL-0 does not have enough privilege to map the regions
itself.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I600f51ee62a33443fe7f1c4e007cc6c5ab45222f
Add the support to parse SP manifest to get memory regions, create xlat
tables and then program it in TTBR0.
SP manifest contains the info on memory map regions that are needed by
the SP. These regions needs to be mapped as SP running at S-EL0 does not
have privilege to do it.
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I0cad36e5c43f8a68c94887ff2bd798933a26be27
Secure partition running at SEL0 does not have privilege to modify
translation tables. So it needs SPMC to map the regions for it. Add the
support to request memory map or region info using FF-A interface.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Change-Id: I04a97899808bbd45eda24edf7bc74eaef96fb2ce
Add support to setup S-EL0 context by setting up the following
S-EL1 shim exception handlers: This is a trampoline between S-EL0 and
monitor running at EL3 and is used to
handle or forward exceptions from S-EL0.
Boot Info region: This region holds the boot protocol data that is
passed between SPMC and SP.
Setup system registers: Setup sctlr_el1, vbar_el1, cntkctl_el1,
ctx_cpacr_el1(enable fp and smid), spsr and
sp_el0
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I82d21fcd95529f235bee8bf838d36a2ac519bb0a
This patch separates the code from SPM_MM to get xlat table context and
move it to a common location. In addition, only APIs required from both
SPM_MM and FF-A EL3 SPMC are moved to the common location.
This allows understanding better what is required to support a S-EL0 SP
instead of trying to retrofit what already exists.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I142d7fbef5239869176d0de93842c66051d7ed78
In preparation for adding the support for SEL0 SP in EL3 SPMC,
restructure the existing SPM_MM shim code in a way that allows reuse
of the code for both SPM_MM interface and FF-A EL3 SPMC interface. The
code for changing exception levels is identical for both.
With this restructuring of the code, the shim exception code is moved to
the common sub-directory.
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: Iadda9cf73f12b56e6a1d31fc21b5ba5dc355867f
Move ffa_partition_info_get definitions from EL3 SPMC private header
files to common header files. The structures are common to FF-A and are
useful for the EL3 SPMD logical partitions.
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: I19de3f6cb3351afa873022da1397a475a84e3d8b
Check that the size of desc->emad_count is 4, not that sizeof(int) is
nonzero. Also improve a comment.
Change-Id: I8bf69b637158ddffe2d08aed3d9879a4d7fd3514
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
* changes:
fix(tsp): fix destination ID in direct request
fix(el3-spm): fix LSP direct message response
fix(el3-spm): improve direct messaging validation
Perform additional validation of the source and destination
IDs of direct messages.
Additionally track the sender of a direct request to allow
validating the target of the corresponding direct response.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I8d39d53a02b8333246f1500c79ba04f149459c16
Using one loop for the duplicate partition ID check is both simpler and
faster.
Change-Id: I0f6fa9ceb1aadf4383fa9be16605c39ad8643a43
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This ensures that addresses shared using FF-A are 4K aligned, as
required by the specification.
Change-Id: I8f0a659a095fdb9391398757141d613ac9bf9b42
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This makes the code cleaner. No functional change intended.
Change-Id: Ib7b438b830e8e3b7ac6e30d688f5172cbaa58121
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Future changes will cause spmc_shmem_obj_get_comp_mrd to panic instead
of returning NULL, so be sure that comp_mrd_offset has been validated
already. The existing code checks for 8-byte alignment, but comments in
el3_spmc_ffa_memory.h indicate that 16-byte alignment is expected, so
require 16-byte alignment.
Change-Id: I400f0f1f163522cb5ea77d4811c91e8b7e655c18
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
If the size of a shmem descriptor is not a multiple of 16, the
descriptor would be unusable, but the problem would be caught much
later.
Change-Id: I907f3862b55c6341e39a6b8b2e24784127230478
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This ensures that descriptor size calculation does not overflow and
removes a bounds check that does not actually work.
Change-Id: If8da2bb1b312941b7f9d0debf3149b984fc3809a
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Using uint64_t is cleaner, even though size_t is 64 bits on all
platforms el3-spmc supports.
Change-Id: I457deb0b7f3df0749cb5368cceda1bb530d039de
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
The information is already available inline. No functional change
intended.
Change-Id: I13d2ad62a9315b233d7a5fd3ffcaac3dd01b055c
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Hopefully this will be a tiny speedup. No functional change intended.
Change-Id: Ia052c7f9b24d5ece6209a6fa2903b1271215ece7
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
If it is called on an invalid mtd, out-of-bounds memory reads are
likely. Checks elsewhere in the code ensure that the mtd has been
validated before calling this function.
Change-Id: If598680a5b79e1786a6e0a213779ec80cbf37494
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
size_t is not guaranteed to be 64 bits, although it happens to be 64
bits on all systems that el3-spmc supports.
Change-Id: Ieae11722a15448641de50233597ac35869eab574
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Use the address of emad 0 instead of the size of the MRD.
Change-Id: I31ec0001b4474e78caa9dfb468f63122a3708781
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
The offset has been validated on the first loop iteration. Subsequent
iterations can assume it is valid.
Change-Id: Ib06cd0240220b8aa42bcd34c3c40b69d2d86aa72
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
When called on incomplete objects, it might fail or access uninitialized
memory. This allows simplifying spmc_shm_check_obj().
Change-Id: I7c11f15d4c8ebe8cd15e7d8c37a0d0f3daa83675
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
