core: dynamic allocation of thread_core_local and its stacks

With CFG_DYN_CONFIG enabled, use dynamic allocation of thread_core_local
and the two stacks, tmp_stack and abt_stack, recorded in it.

Si

core: dynamic allocation of thread_core_local and its stacks

With CFG_DYN_CONFIG enabled, use dynamic allocation of thread_core_local
and the two stacks, tmp_stack and abt_stack, recorded in it.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: ffa: use SMC Calling Convention 1.2

Add struct thread_smc_1_2_regs as a replacement for struct
thread_smc_args when dealing with FF-A SMCs. struct thread_smc_1_2_regs
covers the registers

core: arm: ffa: use SMC Calling Convention 1.2

Add struct thread_smc_1_2_regs as a replacement for struct
thread_smc_args when dealing with FF-A SMCs. struct thread_smc_1_2_regs
covers the registers x0-x17 to support passing arguments and results
according to SMC Calling Convention (SMCCC) version 1.2.

The difference is that before this change x8-x17 couldn't be used as
argument nor result and the content was preserved. With this patch are
x8-x17 returned as zeroes. New FF-A SMCs can take and return values in
the full range x0-x17.

64-bit SMCCC version 1.1 and earlier specified x4-x17 as unpredictable
or scratch registers. FF-A has specified x0-x7 as argument and result
registers, regardless of SMCCC. This has changed with SMCCC version 1.2
where the two standards harmonize on this.

struct thread_smc_1_2_regs is added in a 32-bit version for
compatibility, but it only covers r0-r7.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: preserve 64bit smccc when possible

Prior to this patch when a FFA_MSG_SEND_DIRECT_REQ_64 was received the
response was sent as FFA_MSG_SEND_DIRECT_RESP_32. While not breaking
with the FF-

core: ffa: preserve 64bit smccc when possible

Prior to this patch when a FFA_MSG_SEND_DIRECT_REQ_64 was received the
response was sent as FFA_MSG_SEND_DIRECT_RESP_32. While not breaking
with the FF-A specification, it's still a bit unexpected and will cause
an error in the FF-A framework driver. So fix this by keeping track of
the SMCCC (SMC Calling Convention) used during the current
FFA_MSG_SEND_DIRECT_REQ and respond with matching SMCCC.

This has no impact on AArch32 mode since only the 32-bit SMCCC is valid
in that case. The greatest impact on AArch64 is that we must be able to
find out the current SMCCC during RPC, this means storing it in struct
thread_core_local to be able to access it in assembly low level
routines.

Support for FFA_MSG_SEND_DIRECT_REQ_64 is also advertised in
FFA_FEATURES.

Fixes: 15da69cff2ca ("core: ffa: Enable handling 64-bit direct messages")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: support fault mitigations in non-threaded code

Fault mitigation won't work in non-threaded code due to the following
error:
assertion 'ct >= 0 && ct < CFG_NUM_THREADS' failed at core/arch/arm/

core: support fault mitigations in non-threaded code

Fault mitigation won't work in non-threaded code due to the following
error:
assertion 'ct >= 0 && ct < CFG_NUM_THREADS' failed at core/arch/arm/kernel
/thread.c:799 <thread_get_id>

The problem is in __ftmn_get_tsd_func_arg_pp which calls thread_get_tsd
which thread_get_id. The reason is that the interrupt handler is not
associated with any thread, so the ct (current_thread_id) value is -1 which
would cause an assert problem.

The fix is to add ftmn_arg to thread_core_local and the new variable would
be used when the current thread is < 0.

Signed-off-by: Sichun Qin <sichun.qin@amlogic.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add CFG_CORE_IRQ_IS_NATIVE_INTR

Adds CFG_CORE_IRQ_IS_NATIVE_INTR to configure how native and foreign are
signalled.
Selects if IRQ is used to signal native interrupt
if CFG_CORE_IRQ_IS_NATIVE_

core: add CFG_CORE_IRQ_IS_NATIVE_INTR

Adds CFG_CORE_IRQ_IS_NATIVE_INTR to configure how native and foreign are
signalled.
Selects if IRQ is used to signal native interrupt
if CFG_CORE_IRQ_IS_NATIVE_INTR == y:
IRQ signals a native interrupt pending
FIQ signals a foreign non-secure interrupt or a managed exit pending
else: (vice versa)
IRQ signals a foreign non-secure interrupt or a managed exit pending
FIQ signals a native interrupt pending

CFG_CORE_IRQ_IS_NATIVE_INTR replaces the places in the code where
CFG_ARM_GICV3 was used to configure how FIQ and IRQ was treated.

CFG_CORE_IRQ_IS_NATIVE_INTR is automatically configured according to
CFG_ARM_GICV3 if CFG_GIC == y. This prepares for other interrupt
controllers where it doesn't make sense to use CFG_ARM_GICV3.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: add thread_hvc()

Adds thread_hvc() which is the same as thread_smc() except that it uses
the HVC instruction instead of the SMC instruction. This is useful where
an SPMC at S-EL2 expects

core: arm: add thread_hvc()

Adds thread_hvc() which is the same as thread_smc() except that it uses
the HVC instruction instead of the SMC instruction. This is useful where
an SPMC at S-EL2 expects and HVC instead of SMC for certain functions.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce scall layer from svc parts

Introduces a scall layer by renaming various thread_svc* names and
_*handle_svc() functions and function pointers as a first step in doing
architecture neu

core: introduce scall layer from svc parts

Introduces a scall layer by renaming various thread_svc* names and
_*handle_svc() functions and function pointers as a first step in doing
architecture neutral syscall processing.

The name scall is used instead of syscall since the syscall_ prefix is
reserved for the functions implementing the actual syscall. While scall
is the infrastructure used to reach the syscall functions.

No files are renamed and removed at this stage. This patch doesn't
change any behaviour.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add pointer authentication support

Previously pointer authentication was only supported for TAs. With this
patch add a configuration option CFG_CORE_PAUTH to enable support for
core. Each priv

core: add pointer authentication support

Previously pointer authentication was only supported for TAs. With this
patch add a configuration option CFG_CORE_PAUTH to enable support for
core. Each privileged thread has its own APIA key. There are also a
separate APIA key for each physical core used when handling an abort or
when using the tmp stack.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: declare struct mobj in thread_arch.h

Adds missing declaration of struct mobj in arm/kernel/thread_arch.h.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne C

core: arm: declare struct mobj in thread_arch.h

Adds missing declaration of struct mobj in arm/kernel/thread_arch.h.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: arm: spectre-bhb software workaround

Expands the config option CFG_CORE_WORKAROUND_SPECTRE_BP_SEC to cover
CVE-2022-23960 (aka Spectre-BHB) too since both have much in common.

Spectre-BHB is

core: arm: spectre-bhb software workaround

Expands the config option CFG_CORE_WORKAROUND_SPECTRE_BP_SEC to cover
CVE-2022-23960 (aka Spectre-BHB) too since both have much in common.

Spectre-BHB is another speculation attack on branch prediction. Further
details can be found at [1].

The software workaround added for CPUs vulnerable to Spectre-V2 covers
Spectre-BHB too. New software workaround is only needed for CPUs immune to
Spectre-V2, but not so to Spectre-BHB.

The Spectre-V2 workaround is to invalidate the entire branch predictor
table. Most new CPU immune to Spectre-V2 but vulnerable to Spectre-BHB
can avoid invalidating the entire branch predictor table, instead is
this invalidation replaced by a loop designed to exhaust the branch
predictor in a way that the exploit isn't possible any longer.

Link: [1] https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb

Fixes: CVE-2022-23960
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: suppress text relocations caused by restore_mapping macro

Suppress the text relocations caused by 'ldr x0, =1f' in macro
restore_mapping when CFG_CORE_UNMAP_CORE_AT_EL0=y. Since this oc

core: arm64: suppress text relocations caused by restore_mapping macro

Suppress the text relocations caused by 'ldr x0, =1f' in macro
restore_mapping when CFG_CORE_UNMAP_CORE_AT_EL0=y. Since this occurs
when switching from the reduced kernel mapping to the full mapping, the
code offset needs to be loaded from somewhere readily accessible at that
point, that is the stack.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: split core/arch/arm/include/kernel/thread.h

Splits core/arch/arm/include/kernel/thread.h into one generic and one
architecture specific file.

Reviewed-by: Jerome Forissier <jerome@forissier.o

core: split core/arch/arm/include/kernel/thread.h

Splits core/arch/arm/include/kernel/thread.h into one generic and one
architecture specific file.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...