TSP: Fix GCC 11.0.0 compilation error.

This patch fixes the following compilation error
reported by aarch64-none-elf-gcc 11.0.0:

bl32/tsp/tsp_main.c: In function 'tsp_smc_handler':
bl32/tsp/tsp_mai

TSP: Fix GCC 11.0.0 compilation error.

This patch fixes the following compilation error
reported by aarch64-none-elf-gcc 11.0.0:

bl32/tsp/tsp_main.c: In function 'tsp_smc_handler':
bl32/tsp/tsp_main.c:393:9: error: 'tsp_get_magic'
accessing 32 bytes in a region of size 16
[-Werror=stringop-overflow=]
393 | tsp_get_magic(service_args);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
bl32/tsp/tsp_main.c:393:9: note: referencing argument 1
of type 'uint64_t *' {aka 'long long unsigned int *'}
In file included from bl32/tsp/tsp_main.c:19:
bl32/tsp/tsp_private.h:64:6: note: in a call to function 'tsp_get_magic'
64 | void tsp_get_magic(uint64_t args[4]);
| ^~~~~~~~~~~~~

by changing declaration of tsp_get_magic function from
void tsp_get_magic(uint64_t args[4]);
to
uint128_t tsp_get_magic(void);
which returns arguments directly in x0 and x1 registers.

In bl32\tsp\tsp_main.c the current tsp_smc_handler()
implementation calls tsp_get_magic(service_args);
, where service_args array is declared as
uint64_t service_args[2];
and tsp_get_magic() in bl32\tsp\aarch64\tsp_request.S
copies only 2 registers in output buffer:
/* Store returned arguments to the array */
stp x0, x1, [x4, #0]

Change-Id: Ib34759fc5d7bb803e6c734540d91ea278270b330
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge "Bug fix: Protect TSP prints with lock" into integration

Bug fix: Protect TSP prints with lock

CPUs use console to print debug/info messages. This critical section
must be guarded by locks to avoid overlaps in messages from multiple
CPUs.

Change-Id: I786

Bug fix: Protect TSP prints with lock

CPUs use console to print debug/info messages. This critical section
must be guarded by locks to avoid overlaps in messages from multiple
CPUs.

Change-Id: I786bf90072c1ed73c4f53d8c950979d95255e67e
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Merge "TSP: corrected log information" into integration

TSP: corrected log information

In CPU resume function, CPU suspend count was printed instead of CPU
resume count.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I0c081dc03a4ccfb21

TSP: corrected log information

In CPU resume function, CPU suspend count was printed instead of CPU
resume count.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I0c081dc03a4ccfb2129687f690667c5ceed00a5f

show more ...

Merge "Refactor ARMv8.3 Pointer Authentication support code" into integration

Refactor ARMv8.3 Pointer Authentication support code

This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key gene

Refactor ARMv8.3 Pointer Authentication support code

This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.

Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge changes from topic "jc/mte_enable" into integration

* changes:
Add documentation for CTX_INCLUDE_MTE_REGS
Enable MTE support in both secure and non-secure worlds

Enable MTE support in both secure and non-secure worlds

This patch adds support for the new Memory Tagging Extension arriving in
ARMv8.5. MTE support is now enabled by default on systems that suppor

Enable MTE support in both secure and non-secure worlds

This patch adds support for the new Memory Tagging Extension arriving in
ARMv8.5. MTE support is now enabled by default on systems that support
at EL0. To enable it at ELx for both the non-secure and the secure
world, the compiler flag CTX_INCLUDE_MTE_REGS includes register saving
and restoring when necessary in order to prevent register leakage
between the worlds.

Change-Id: I2d4ea993d6b11654ea0d4757d00ca20d23acf36c
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>

show more ...

Merge pull request #1829 from antonio-nino-diaz-arm/an/pauth

Add Pointer Authentication (ARMv8.3-PAuth) support to the TF

TSP: Enable pointer authentication support

The size increase after enabling options related to ARMv8.3-PAuth is:

+----------------------------+-------+-------+-------+--------+
|

TSP: Enable pointer authentication support

The size increase after enabling options related to ARMv8.3-PAuth is:

+----------------------------+-------+-------+-------+--------+
| | text | bss | data | rodata |
+----------------------------+-------+-------+-------+--------+
| CTX_INCLUDE_PAUTH_REGS = 1 | +40 | +0 | +0 | +0 |
| | 0.4% | | | |
+----------------------------+-------+-------+-------+--------+
| ENABLE_PAUTH = 1 | +352 | +0 | +16 | +0 |
| | 3.1% | | 15.8% | |
+----------------------------+-------+-------+-------+--------+

Results calculated with the following build configuration:

make PLAT=fvp SPD=tspd DEBUG=1 \
SDEI_SUPPORT=1 \
EL3_EXCEPTION_HANDLING=1 \
TSP_NS_INTR_ASYNC_PREEMPT=1 \
CTX_INCLUDE_PAUTH_REGS=1 \
ENABLE_PAUTH=1

Change-Id: I6cc1fe0b2345c547dcef66f98758c4eb55fe5ee4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1804 from antonio-nino-diaz-arm/an/cleanup

Minor cleanup

Remove duplicated definitions of linker symbols

Many parts of the code were duplicating symbols that are defined in
include/common/bl_common.h. It is better to only use the definitions in
this heade

Remove duplicated definitions of linker symbols

Many parts of the code were duplicating symbols that are defined in
include/common/bl_common.h. It is better to only use the definitions in
this header.

As all the symbols refer to virtual addresses, they have to be
uintptr_t, not unsigned long. This has also been fixed in bl_common.h.

Change-Id: I204081af78326ced03fb05f69846f229d324c711
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1758 from pbeesley-arm/pb/spelling

Correct typographical errors

Correct typographical errors

Corrects typos in core code, documentation files, drivers, Arm
platforms and services.

None of the corrections affect code; changes are limited to comments
and other do

Correct typographical errors

Corrects typos in core code, documentation files, drivers, Arm
platforms and services.

None of the corrections affect code; changes are limited to comments
and other documentation.

Change-Id: I5c1027b06ef149864f315ccc0ea473e2a16bfd1d
Signed-off-by: Paul Beesley <paul.beesley@arm.com>

show more ...

Merge pull request #1726 from antonio-nino-diaz-arm/an/includes

Sanitise includes across codebase

Sanitise includes across codebase

Enforce full include path for includes. Deprecate old paths.

The following folders inside include/lib have been left unchanged:

- include/lib/cpus/${ARCH}
- inclu

Sanitise includes across codebase

Enforce full include path for includes. Deprecate old paths.

The following folders inside include/lib have been left unchanged:

- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}

The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).

For example, this patch had to be created because two headers were
called the same way: e0ea0928d5b7 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a282 ("drivers: add tzc380 support").

This problem was introduced in commit 4ecca33988b9 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.

Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.

Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1255 from masahir0y/int-ll64

Use consistent int-ll64 typedefs for aarch32 and aarch64

types: use int-ll64 for both aarch32 and aarch64

Since commit 031dbb122472 ("AArch32: Add essential Arch helpers"),
it is difficult to use consistent format strings for printf() family
between aarch

types: use int-ll64 for both aarch32 and aarch64

Since commit 031dbb122472 ("AArch32: Add essential Arch helpers"),
it is difficult to use consistent format strings for printf() family
between aarch32 and aarch64.

For example, uint64_t is defined as 'unsigned long long' for aarch32
and as 'unsigned long' for aarch64. Likewise, uintptr_t is defined
as 'unsigned int' for aarch32, and as 'unsigned long' for aarch64.

A problem typically arises when you use printf() in common code.

One solution could be, to cast the arguments to a type long enough
for both architectures. For example, if 'val' is uint64_t type,
like this:

printf("val = %llx\n", (unsigned long long)val);

Or, somebody may suggest to use a macro provided by <inttypes.h>,
like this:

printf("val = %" PRIx64 "\n", val);

But, both would make the code ugly.

The solution adopted in Linux kernel is to use the same typedefs for
all architectures. The fixed integer types in the kernel-space have
been unified into int-ll64, like follows:

typedef signed char int8_t;
typedef unsigned char uint8_t;

typedef signed short int16_t;
typedef unsigned short uint16_t;

typedef signed int int32_t;
typedef unsigned int uint32_t;

typedef signed long long int64_t;
typedef unsigned long long uint64_t;

[ Linux commit: 0c79a8e29b5fcbcbfd611daf9d500cfad8370fcf ]

This gets along with the codebase shared between 32 bit and 64 bit,
with the data model called ILP32, LP64, respectively.

The width for primitive types is defined as follows:

ILP32 LP64
int 32 32
long 32 64
long long 64 64
pointer 32 64

'long long' is 64 bit for both, so it is used for defining uint64_t.
'long' has the same width as pointer, so for uintptr_t.

We still need an ifdef conditional for (s)size_t.

All 64 bit architectures use "unsigned long" size_t, and most 32 bit
architectures use "unsigned int" size_t. H8/300, S/390 are known as
exceptions; they use "unsigned long" size_t despite their architecture
is 32 bit.

One idea for simplification might be to define size_t as 'unsigned long'
across architectures, then forbid the use of "%z" string format.
However, this would cause a distortion between size_t and sizeof()
operator. We have unknowledge about the native type of sizeof(), so
we need a guess of it anyway. I want the following formula to always
return 1:

__builtin_types_compatible_p(size_t, typeof(sizeof(int)))

Fortunately, ARM is probably a majority case. As far as I know, all
32 bit ARM compilers use "unsigned int" size_t.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Merge pull request #925 from dp-arm/dp/spdx

Use SPDX license identifiers

Use SPDX license identifiers

To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.

NOTE: Files that have been imported by

Use SPDX license identifiers

To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.

NOTE: Files that have been imported by FreeBSD have not been modified.

[0]: https://spdx.org/

Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

show more ...

Merge pull request #919 from davidcunado-arm/dc/smc_yielding_generic

Update terminology: standard SMC to yielding SMC

Update terminology: standard SMC to yielding SMC

Since Issue B (November 2016) of the SMC Calling Convention document
standard SMC calls are renamed to yielding SMC calls to help avoid
confusion wit

Update terminology: standard SMC to yielding SMC

Since Issue B (November 2016) of the SMC Calling Convention document
standard SMC calls are renamed to yielding SMC calls to help avoid
confusion with the standard service SMC range, which remains unchanged.

http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf

This patch adds a new define for yielding SMC call type and deprecates
the current standard SMC call type. The tsp is migrated to use this new
terminology and, additionally, the documentation and code comments are
updated to use this new terminology.

Change-Id: I0d7cc0224667ee6c050af976745f18c55906a793
Signed-off-by: David Cunado <david.cunado@arm.com>

show more ...

Merge pull request #798 from douglas-raillard-arm/dr/fix_std_smc_after_suspend

Abort preempted TSP STD SMC after PSCI CPU suspend

Abort preempted TSP STD SMC after PSCI CPU suspend

Standard SMC requests that are handled in the secure-world by the Secure
Payload can be preempted by interrupts that must be handled in the
normal

Abort preempted TSP STD SMC after PSCI CPU suspend

Standard SMC requests that are handled in the secure-world by the Secure
Payload can be preempted by interrupts that must be handled in the
normal world. When the TSP is preempted the secure context is stored and
control is passed to the normal world to handle the non-secure
interrupt. Once completed the preempted secure context is restored. When
restoring the preempted context, the dispatcher assumes that the TSP
preempted context is still stored as the SECURE context by the context
management library.

However, PSCI power management operations causes synchronous entry into
TSP. This overwrites the preempted SECURE context in the context
management library. When restoring back the SECURE context, the Secure
Payload crashes because this context is not the preempted context
anymore.

This patch avoids corruption of the preempted SECURE context by aborting
any preempted SMC during PSCI power management calls. The
abort_std_smc_entry hook of the TSP is called when aborting the SMC
request.

It also exposes this feature as a FAST SMC callable from normal world to
abort preempted SMC with FID TSP_FID_ABORT.

Change-Id: I7a70347e9293f47d87b5de20484b4ffefb56b770
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

show more ...