Each translation table level entry can only map a given virtual
address onto physical addresses of the same granularity. For example,
with the current configuration, a level 2 entry maps blocks of 2 MB,
so the physical address must be aligned to 2 MB. If the address is not
aligned, the MMU will just ignore the lower bits.
This patch adds an assertion to make sure that physical addresses are
always aligned to the correct boundary.
Change-Id: I0ab43df71829d45cdbe323301b3053e08ca99c2c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
There is no guarantee on the signedness of char. It can be either
signed or unsigned. On ARM it is unsigned and hence this memcmp()
implementation works as intended.
On other machines, char can be signed (x86 for example). In that case
(and assuming a 2's complement implementation), interpreting a
bit-pattern of 0xFF as signed char can yield -1. If *s1 is 0 and *s2
is 255 then the difference *s1 - *s2 should be negative. The C
integer promotion rules guarantee that the unsigned chars will be
converted to int before the operation takes place. The current
implementation will return a positive value (0 - (-1)) instead, which
is wrong.
Fix it by changing the signedness to unsigned to avoid surprises for
anyone using this code on non-ARM systems.
Change-Id: Ie222fcaa7c0c4272d7a521a6f2f51995fd5130cc
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
The AArch32 Procedure call Standard mandates that the stack must be aligned
to 8 byte boundary at external interfaces. This patch does the required
changes.
This problem was detected when a crash was encountered in
`psci_print_power_domain_map()` while printing 64 bit values. Aligning
the stack to 8 byte boundary resolved the problem.
FixesARM-Software/tf-issues#437
Change-Id: I517bd8203601bb88e9311bd36d477fb7b3efb292
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
There are many instances in ARM Trusted Firmware where control is
transferred to functions from which return isn't expected. Such jumps
are made using 'bl' instruction to provide the callee with the location
from which it was jumped to. Additionally, debuggers infer the caller by
examining where 'lr' register points to. If a 'bl' of the nature
described above falls at the end of an assembly function, 'lr' will be
left pointing to a location outside of the function range. This misleads
the debugger back trace.
This patch defines a 'no_ret' macro to be used when jumping to functions
from which return isn't expected. The macro ensures to use 'bl'
instruction for the jump, and also, for debug builds, places a 'nop'
instruction immediately thereafter (unless instructed otherwise) so as
to leave 'lr' pointing within the function range.
Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch resets EL2 and EL3 registers that have architecturally
UNKNOWN values on reset and that also provide EL2/EL3 configuration
and trap controls.
Specifically, the EL2 physical timer is disabled to prevent timer
interrups into EL2 - CNTHP_CTL_EL2 and CNTHP_CTL for AArch64 and AArch32,
respectively.
Additionally, for AArch64, HSTR_EL2 is reset to avoid unexpected traps of
non-secure access to certain system registers at EL1 or lower.
For AArch32, the patch also reverts the reset to SDCR which was
incorrectly added in a previous change.
Change-Id: If00eaa23afa7dd36a922265194ccd6223187414f
Signed-off-by: David Cunado <david.cunado@arm.com>
This patch fixes an issue in the normal memory bakery lock
implementation. During assertion of lock status, there is a possibility
that the assertion could fail. This is because the previous update done
to the lock status by the owning CPU when not participating in cache
coherency could result in stale data in the cache due to cache maintenance
operations not propagating to all the caches. This patch fixes this issue
by doing an extra read cache maintenance operation prior to the assertion.
FixesARM-software/tf-issues#402
Change-Id: I0f38a7c52476a4f58e17ebe0141d256d198be88d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
In order to avoid unexpected traps into EL3/MON mode, this patch
resets the debug registers, MDCR_EL3 and MDCR_EL2 for AArch64,
and SDCR and HDCR for AArch32.
MDCR_EL3/SDCR is zero'ed when EL3/MON mode is entered, at the
start of BL1 and BL31/SMP_MIN.
For MDCR_EL2/HDCR, this patch zero's the bits that are
architecturally UNKNOWN values on reset. This is done when
exiting from EL3/MON mode but only on platforms that support
EL2/HYP mode but choose to exit to EL1/SVC mode.
FixesARM-software/tf-issues#430
Change-Id: Idb992232163c072faa08892251b5626ae4c3a5b6
Signed-off-by: David Cunado <david.cunado@arm.com>
The values of CP15BEN, nTWI & nTWE bits in SCTLR_EL1 are architecturally
unknown if EL3 is AARCH64 whereas they reset to 1 if EL3 is AArch32. This
might be a compatibility break for legacy AArch32 normal world software if
these bits are not set to 1 when EL3 is AArch64. This patch enables the
CP15BEN, nTWI and nTWE bits in the SCTLR_EL1 if the lower non-secure EL is
AArch32. This unifies the SCTLR settings for lower non-secure EL in AArch32
mode for both AArch64 and AArch32 builds of Trusted Firmware.
FixesARM-software/tf-issues#428
Change-Id: I3152d1580e4869c0ea745c5bd9da765f9c254947
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
In order to quantify the overall time spent in the PSCI software
implementation, an initial collection of PMF instrumentation points
has been added.
Instrumentation has been added to the following code paths:
- Entry to PSCI SMC handler. The timestamp is captured as early
as possible during the runtime exception and stored in memory
before entering the PSCI SMC handler.
- Exit from PSCI SMC handler. The timestamp is captured after
normal return from the PSCI SMC handler or if a low power state
was requested it is captured in the bl31 warm boot path before
return to normal world.
- Entry to low power state. The timestamp is captured before entry
to a low power state which implies either standby or power down.
As these power states are mutually exclusive, only one timestamp
is defined to describe both. It is possible to differentiate between
the two power states using the PSCI STAT interface.
- Exit from low power state. The timestamp is captured after a standby
or power up operation has completed.
To calculate the number of cycles spent running code in Trusted Firmware
one can perform the following calculation:
(exit_psci - enter_psci) - (exit_low_pwr - enter_low_pwr).
The resulting number of cycles can be converted to time given the
frequency of the counter.
Change-Id: Ie3b8f3d16409b6703747093b3a2d5c7429ad0166
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
At present the `el3_entrypoint_common` macro uses `memcpy`
function defined in lib/stdlib/mem.c file, to copy data
from ROM to RAM for BL1. Depending on the compiler being
used the stack could potentially be used, in `memcpy`,
for storing the local variables. Since the stack is
initialized much later in `el3_entrypoint_common` it
may result in unknown behaviour.
This patch adds `memcpy4` function definition in assembly so
that it can be used before the stack is initialized and it
also replaces `memcpy` by `memcpy4` in `el3_entrypoint_common`
macro, to copy data from ROM to RAM for BL1.
Change-Id: I3357a0e8095f05f71bbbf0b185585d9499bfd5e0
This patch introduces a `psci_lib_args_t` structure which must be
passed into `psci_setup()` which is then used to initialize the PSCI
library. The `psci_lib_args_t` is a versioned structure so as to enable
compatibility checks during library initialization. Both BL31 and SP_MIN
are modified to use the new structure.
SP_MIN is also modified to add version string and build message as part
of its cold boot log just like the other BLs in Trusted Firmware.
NOTE: Please be aware that this patch modifies the prototype of
`psci_setup()`, which breaks compatibility with EL3 Runtime Firmware
(excluding BL31 and SP_MIN) integrated with the PSCI Library.
Change-Id: Ic3761db0b790760a7ad664d8a437c72ea5edbcd6
This patch adds ARM Cortex-A32 MPCore Processor support
in the CPU specific operations framework. It also includes
this support for the Base FVP port.
Change-Id: If3697b88678df737c29f79cf3fa1ea2cb6fa565d
This patch adds common changes to support AArch32 state in
BL1 and BL2. Following are the changes:
* Added functions for disabling MMU from Secure state.
* Added AArch32 specific SMC function.
* Added semihosting support.
* Added reporting of unhandled exceptions.
* Added uniprocessor stack support.
* Added `el3_entrypoint_common` macro that can be
shared by BL1 and BL32 (SP_MIN) BL stages. The
`el3_entrypoint_common` is similar to the AArch64
counterpart with the main difference in the assembly
instructions and the registers that are relevant to
AArch32 execution state.
* Enabled `LOAD_IMAGE_V2` flag in Makefile for
`ARCH=aarch32` and added check to make sure that
platform has not overridden to disable it.
Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
This patch adds support for NODE_HW_STATE PSCI API by introducing a new
PSCI platform hook (get_node_hw_state). The implementation validates
supplied arguments, and then invokes this platform-defined hook and
returns its result to the caller. PSCI capabilities are updated
accordingly.
Also updates porting and firmware design guides.
Change-Id: I808e55bdf0c157002a7c104b875779fe50a68a30
The `psci_plat_pm_ops` global pointer is initialized during cold boot by the
primary CPU and will be accessed by the secondary CPUs before enabling data
cache during warm boot. This patch adds a missing data cache flush of
`psci_plat_psci_ops` after initialization during psci_setup() so that
secondaries can see the updated `psci_plat_psci_ops` pointer.
FixesARM-software/tf-issues#424
Change-Id: Id4554800b5646302b944115a33be69507d53cedb
This patch fixes a bug in context management library when writing
SCTLR register during context initialization. The write happened
prior to initialization of the register context pointer. This
resulted in the compiler optimizing the write sequence from the
final binary and hence SCTLR remains uninitialized when
entering normal world. The bug is fixed by doing the
initialization of the register context pointer earlier in the
sequence.
Change-Id: Ic7465593a74534046b79f40446ffa1165c52ed76
Instead of hardcoding a level 1 table as the base translation level
table, let the code decide which level is the most appropriate given
the virtual address space size.
As the table granularity is 4 KB, this allows the code to select
level 0, 1 or 2 as base level for AArch64. This way, instead of
limiting the virtual address space width to 39-31 bits, widths of
48-25 bit can be used.
For AArch32, this change allows the code to select level 1 or 2
as the base translation level table and use virtual address space
width of 32-25 bits.
Also removed some unused definitions related to translation tables.
FixesARM-software/tf-issues#362
Change-Id: Ie3bb5d6d1a4730a26700b09827c79f37ca3cdb65
This patch adds AArch32 support to PSCI library, as follows :
* The `psci_helpers.S` is implemented for AArch32.
* AArch32 version of internal helper function `psci_get_ns_ep_info()` is
defined.
* The PSCI Library is responsible for the Non Secure context initialization.
Hence a library interface `psci_prepare_next_non_secure_ctx()` is introduced
to enable EL3 runtime firmware to initialize the non secure context without
invoking context management library APIs.
Change-Id: I25595b0cc2dbfdf39dbf7c589b875cba33317b9d
This patch adds AArch32 support to cpu ops, context management,
per-cpu data and spinlock libraries. The `entrypoint_info`
structure is modified to add support for AArch32 register
arguments. The CPU operations for AEM generic cpu in AArch32
mode is also added.
Change-Id: I1e52e79f498661d8f31f1e7b3a29e222bc7a4483
This patch adds translation library supports for AArch32 platforms.
The library only supports long descriptor formats for AArch32.
The `enable_mmu_secure()` enables the MMU for secure world with
`TTBR0` pointing to the populated translation tables.
Change-Id: I061345b1779391d098e35e7fe0c76e3ebf850e08
This patch adds various assembly helpers for AArch32 like :
* cache management : Functions to flush, invalidate and clean
cache by MVA. Also helpers to do cache operations by set-way
are also added.
* stack management: Macros to declare stack and get the current
stack corresponding to current CPU.
* Misc: Macros to access co processor registers in AArch32,
macros to define functions in assembly, assert macros, generic
`do_panic()` implementation and function to zero block of memory.
Change-Id: I7b78ca3f922c0eda39beb9786b7150e9193425be
This patch moves the assembly exclusive lock library code
`spinlock.S` into architecture specific folder `aarch64`.
A stub file which includes the file from new location is
retained at the original location for compatibility. The BL
makefiles are also modified to include the file from the new
location.
Change-Id: Ide0b601b79c439e390c3a017d93220a66be73543
This patch fixes the translation table library for wraparound cases. These
cases are not expected to occur on AArch64 platforms because only the
48 bits of the 64 bit address space are used. But it is a possibility for
AArch32 platforms.
Change-Id: Ie7735f7ba2977019381e1c124800381471381499
A PSCI CPU_SUSPEND request to place a CPU in retention states at power levels
higher than the CPU power level is subject to the same state coordination as a
power down state. A CPU could implement multiple retention states at a
particular power level. When exiting WFI, the non-CPU power levels may be in a
different retention state to what was initially requested, therefore each CPU
should refresh its view of the states of all power levels.
Previously, a CPU re-used the state of the power levels when it entered the
retention state. This patch fixes this issue by ensuring that a CPU upon exit
from retention reads the state of each power level afresh.
Change-Id: I93b5f5065c63400c6fd2598dbaafac385748f989
This patch adds a runtime check that psci_find_target_suspend_lvl()
returns a valid value back to psci_cpu_suspend() and psci_get_stat().
If it is invalid, BL31 will now panic.
Note that on the PSCI CPU suspend path there is already a debug
assertion checking the validity of the target composite power state,
which effectively also checks the validity of the target suspend level.
Therefore, the error condition would already be caught in debug builds,
but in a release build this assertion would be compiled out.
On the PSCI stat path, there is currently no debug assertion checking
the validity of the power state before using it as an index into
the power domain state array.
Although BL31 platforms ports are responsible for validating the
power state parameter, the security impact (i.e. an out-of-bounds
array access) of a potential platform port bug in this code would
be quite high, given that this parameter comes from an untrusted
source. The cost of checking this in runtime generic code is low.
Change-Id: Icea85b8020e39928ac03ec0cd49805b5857b3906
This patch introduces the PSCI Library interface. The major changes
introduced are as follows:
* Earlier BL31 was responsible for Architectural initialization during cold
boot via bl31_arch_setup() whereas PSCI was responsible for the same during
warm boot. This functionality is now consolidated by the PSCI library
and it does Architectural initialization via psci_arch_setup() during both
cold and warm boots.
* Earlier the warm boot entry point was always `psci_entrypoint()`. This was
not flexible enough as a library interface. Now PSCI expects the runtime
firmware to provide the entry point via `psci_setup()`. A new function
`bl31_warm_entrypoint` is introduced in BL31 and the previous
`psci_entrypoint()` is deprecated.
* The `smc_helpers.h` is reorganized to separate the SMC Calling Convention
defines from the Trusted Firmware SMC helpers. The former is now in a new
header file `smcc.h` and the SMC helpers are moved to Architecture specific
header.
* The CPU context is used by PSCI for context initialization and
restoration after power down (PSCI Context). It is also used by BL31 for SMC
handling and context management during Normal-Secure world switch (SMC
Context). The `psci_smc_handler()` interface is redefined to not use SMC
helper macros thus enabling to decouple the PSCI context from EL3 runtime
firmware SMC context. This enables PSCI to be integrated with other runtime
firmware using a different SMC context.
NOTE: With this patch the architectural setup done in `bl31_arch_setup()`
is done as part of `psci_setup()` and hence `bl31_platform_setup()` will be
invoked prior to architectural setup. It is highly unlikely that the platform
setup will depend on architectural setup and cause any failure. Please be
be aware of this change in sequence.
Change-Id: I7f497a08d33be234bbb822c28146250cb20dab73
This patch moves the PSCI services and BL31 frameworks like context
management and per-cpu data into new library components `PSCI` and
`el3_runtime` respectively. This enables PSCI to be built independently from
BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant
PSCI library sources and gets included by `bl31.mk`. Other changes which
are done as part of this patch are:
* The runtime services framework is now moved to the `common/` folder to
enable reuse.
* The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture
specific folder.
* The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder
to `plat/common` folder. The original file location now has a stub which
just includes the file from new location to maintain platform compatibility.
Most of the changes wouldn't affect platform builds as they just involve
changes to the generic bl1.mk and bl31.mk makefiles.
NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT
THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR
MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION.
Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
This patch reworks type usage in generic code, drivers and ARM platform files
to make it more portable. The major changes done with respect to
type usage are as listed below:
* Use uintptr_t for storing address instead of uint64_t or unsigned long.
* Review usage of unsigned long as it can no longer be assumed to be 64 bit.
* Use u_register_t for register values whose width varies depending on
whether AArch64 or AArch32.
* Use generic C types where-ever possible.
In addition to the above changes, this patch also modifies format specifiers
in print invocations so that they are AArch64/AArch32 agnostic. Only files
related to upcoming feature development have been reworked.
Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
This patch adds cpumerrsr_el1 and l2merrsr_el1 to the register dump on
error for applicable CPUs.
These registers hold the ECC errors on L1 and L2 caches.
This patch updates the A53, A57, A72, A73 (l2merrsr_el1 only) CPU libraries.
Signed-off-by: Naga Sureshkumar Relli <nagasure@xilinx.com>
This patch introduces a new header file: include/lib/utils.h.
Its purpose is to provide generic macros and helper functions that
are independent of any BL image, architecture, platform and even
not specific to Trusted Firmware.
For now, it contains only 2 macros: ARRAY_SIZE() and
IS_POWER_OF_TWO(). These were previously defined in bl_common.h and
xlat_tables.c respectively.
bl_common.h includes utils.h to retain compatibility for platforms
that relied on bl_common.h for the ARRAY_SIZE() macro. Upstream
platform ports that use this macro have been updated to include
utils.h.
Change-Id: I960450f54134f25d1710bfbdc4184f12c049a9a9
This patch introduces the MT_EXECUTE/MT_EXECUTE_NEVER memory mapping
attributes in the translation table library to specify the
access permissions for instruction execution of a memory region.
These new attributes should be used only for normal, read-only
memory regions. For other types of memory, the translation table
library still enforces the following rules, regardless of the
MT_EXECUTE/MT_EXECUTE_NEVER attribute:
- Device memory is always marked as execute-never.
- Read-write normal memory is always marked as execute-never.
Change-Id: I8bd27800a8c1d8ac1559910caf4a4840cf25b8b0
This patch clarifies the mmap_desc() function by adding some comments
and reorganising its code. No functional change has been introduced.
Change-Id: I873493be17b4e60a89c1dc087dd908b425065401
This patch adds Performance Measurement Framework(PMF) in the
ARM Trusted Firmware. PMF is implemented as a library and the
SMC interface is provided through ARM SiP service.
The PMF provides capturing, storing, dumping and retrieving the
time-stamps, by enabling the development of services by different
providers, that can be easily integrated into ARM Trusted Firmware.
The PMF capture and retrieval APIs can also do appropriate cache
maintenance operations to the timestamp memory when the caller
indicates so.
`pmf_main.c` consists of core functions that implement service
registration, initialization, storing, dumping and retrieving
the time-stamp.
`pmf_smc.c` consists SMC handling for registered PMF services.
`pmf.h` consists of the macros that can be used by the PMF service
providers to register service and declare time-stamp functions.
`pmf_helpers.h` consists of internal macros that are used by `pmf.h`
By default this feature is disabled in the ARM trusted firmware.
To enable it set the boolean flag `ENABLE_PMF` to 1.
NOTE: The caller is responsible for specifying the appropriate cache
maintenance flags and for acquiring/releasing appropriate locks
before/after capturing/retrieving the time-stamps.
Change-Id: Ib45219ac07c2a81b9726ef6bd9c190cc55e81854
* Move libfdt API headers to include/lib/libfdt
* Add libfdt.mk helper makefile
* Remove unused libfdt files
* Minor changes to fdt.h and libfdt.h to make them C99 compliant
Co-Authored-By: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: I425842c2b111dcd5fb6908cc698064de4f77220e
* Move stdlib header files from include/stdlib to include/lib/stdlib for
consistency with other library headers.
* Fix checkpatch paths to continue excluding stdlib files.
* Create stdlib.mk to define the stdlib source files and include directories.
* Include stdlib.mk from the top level Makefile.
* Update stdlib header path in the fip_create Makefile.
* Update porting-guide.md with the new paths.
Change-Id: Ia92c2dc572e9efb54a783e306b5ceb2ce24d27fa
This patch adds ARM Cortex-A73 MPCore Processor support
in the CPU specific operations framework. It also includes
this support for the Base FVP port.
Change-Id: I0e26b594f2ec1d28eb815db9810c682e3885716d
This patch fixes the computation of the bitmask used to isolate
the level 1 field of a virtual address. The whole computation needs
to work on 64-bit values to produce the correct bitmask value.
XLAT_TABLE_ENTRIES_MASK being a C constant, it is a 32-bit value
so it needs to be extended to a 64-bit value before it takes part
in any other computation.
This patch fixes this bug by casting XLAT_TABLE_ENTRIES_MASK as
an unsigned long long.
Note that this bug doesn't manifest itself in practice because
address spaces larger than 39 bits are not yet supported in the
Trusted Firmware.
Change-Id: I955fd263ecb691ca94b29b9c9f576008ce1d87ee
