feat(gcs): support guarded control stack

Arm v9.4 introduces support for Guarded Control Stack, providing
mitigations against some forms of RPO attacks and an efficient mechanism
for obtaining the c

feat(gcs): support guarded control stack

Arm v9.4 introduces support for Guarded Control Stack, providing
mitigations against some forms of RPO attacks and an efficient mechanism
for obtaining the current call stack without requiring a full stack
unwind. Enable access to this feature for EL2 and below, context
switching the newly added EL2 registers as appropriate.

Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I691aa7c22e3547bb3abe98d96993baf18c5f0e7b

show more ...

Merge "feat(hcx): initialize HCRX_EL2 to its default value" into integration

feat(hcx): initialize HCRX_EL2 to its default value

The value of register HCRX_EL2 is UNKNOWN out of reset. This can
affect the behavior in lower exception levels, such as traps to
EL2 due to a wron

feat(hcx): initialize HCRX_EL2 to its default value

The value of register HCRX_EL2 is UNKNOWN out of reset. This can
affect the behavior in lower exception levels, such as traps to
EL2 due to a wrong configuration of the register upon reset.

This patch initializes the register at EL3 and disables all traps
related to it.

On the other hand, new fields have been introduced for HCRX_EL2,
which are now defined in this patch, so they can be used in
further development.

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I0bf1e949aa0d3be9f227358ad088a1ecb96ce222

show more ...

feat(pie/por): support permission indirection and overlay

Arm v8.9 introduces a series of features providing a new way to set memory
permissions. Instead of directly encoding the permissions in the

feat(pie/por): support permission indirection and overlay

Arm v8.9 introduces a series of features providing a new way to set memory
permissions. Instead of directly encoding the permissions in the page
tables the PTEs contain indexes into an array of permissions stored in
system registers, allowing greater flexibility and density of encoding.

Enable access to these features for EL2 and below, context switching the
newly added EL2 registers as appropriate. Since all of FEAT_S[12]P[IO]E
are separately discoverable we have separate build time options for
enabling them, but note that there is overlap in the registers that they
implement and the enable bit required for lower EL access.

Change the FVP platform to default to handling them as dynamic options so
the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: Icf89e444e39e1af768739668b505661df18fb234

show more ...

fix(aarch64): allow build with ARM_ARCH_MINOR=4

When building the FVP platform with SPMD (which activates the context
switch code), but keeping ARM_ARCH_MINOR to 4 or lower, the assembler
will compl

fix(aarch64): allow build with ARM_ARCH_MINOR=4

When building the FVP platform with SPMD (which activates the context
switch code), but keeping ARM_ARCH_MINOR to 4 or lower, the assembler
will complain about the SCXTNUM_EL2 system register not being supported
by the "selected processor".

Allow building this combination of options by defining the SCXTNUM_EL2
register via the generic S3_ encoding, so any assembler, with any -march
settings, will generate the access without any warnings.

We do protect accesses to this register by runtime checks, if not
explicitly requested otherwise, so can override the toolchain in this
case.

Change-Id: I0941f4c4dcf541bd968c153b9c3fac61ca23f7ef
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

feat(cpufeat): enable FEAT_SVE for FEAT_STATE_CHECKED

Add support for runtime detection (ENABLE_SVE_FOR_NS=2), by splitting
sve_supported() into an ID register reading function and a
second function

feat(cpufeat): enable FEAT_SVE for FEAT_STATE_CHECKED

Add support for runtime detection (ENABLE_SVE_FOR_NS=2), by splitting
sve_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SVE specific setup.

Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.

Change-Id: I1caaba2216e8e2a651452254944a003607503216
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

feat(cpufeat): enable FEAT_SME for FEAT_STATE_CHECKED

Add support for runtime detection (ENABLE_SME_FOR_NS=2), by splitting
feat_sme_supported() into an ID register reading function and a
second fun

feat(cpufeat): enable FEAT_SME for FEAT_STATE_CHECKED

Add support for runtime detection (ENABLE_SME_FOR_NS=2), by splitting
feat_sme_supported() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we do SME specific setup.

Change the FVP platform default to the now supported dynamic option
(=2),so the right decision can be made by the code at runtime.

Change-Id: Ida9ccf737db5be20865b84f42b1f9587be0626ab
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

refactor(amu): use new AMU feature check routines

The AMU extension code was using its own feature detection routines.
Replace them with the generic CPU feature handlers (defined in
arch_features.h)

refactor(amu): use new AMU feature check routines

The AMU extension code was using its own feature detection routines.
Replace them with the generic CPU feature handlers (defined in
arch_features.h), which get updated to cover the v1p1 variant as well.

Change-Id: I8540f1e745d7b02a25a6c6cdf2a39d6f5e21f2aa
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(amu): unify ENABLE_AMU and ENABLE_FEAT_AMUv1

So far we have the ENABLE_AMU build option to include AMU register
handling code for enabling and context switch. There is also an
ENABLE_FEAT_A

refactor(amu): unify ENABLE_AMU and ENABLE_FEAT_AMUv1

So far we have the ENABLE_AMU build option to include AMU register
handling code for enabling and context switch. There is also an
ENABLE_FEAT_AMUv1 option, solely to protect the HAFGRTR_EL2 system
register handling. The latter needs some alignment with the new feature
scheme, but it conceptually overlaps with the ENABLE_AMU option.

Since there is no real need for two separate options, unify both into a
new ENABLE_FEAT_AMU name in a first step. This is mostly just renaming at
this point, a subsequent patch will make use of the new feature handling
scheme.

Change-Id: I97d8a55bdee2ed1e1509fa9f2b09fd0bdd82736e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): enable FEAT_RNG for FEAT_STATE_CHECKED

At the moment we only support for FEAT_RNG to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime

refactor(cpufeat): enable FEAT_RNG for FEAT_STATE_CHECKED

At the moment we only support for FEAT_RNG to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (FEAT_RNG=2), by splitting
is_armv8_5_rng_present() into an ID register reading function and a second
function to report the support status. That function considers both build
time settings and runtime information (if needed), and is used before we
access the RNDRRS system register.

Change the QEMU platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.

Change-Id: I1a4a538d5ad395fead7324f297d0056bda4f84cb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): align FEAT_SEL2 to new feature handling

In ARMv8.4, the EL2 exception level got added to the secure world.
Adapt and rename the existing is_armv8_4_sel2_present() function, to
ali

refactor(cpufeat): align FEAT_SEL2 to new feature handling

In ARMv8.4, the EL2 exception level got added to the secure world.
Adapt and rename the existing is_armv8_4_sel2_present() function, to
align its handling with the other CPU features.

Change-Id: If11e1942fdeb63c63f36ab9e89be810347d1a952
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): enable FEAT_NV2 for FEAT_STATE_CHECKED

At the moment we only support for FEAT_NV2 to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime

refactor(cpufeat): enable FEAT_NV2 for FEAT_STATE_CHECKED

At the moment we only support for FEAT_NV2 to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (CTX_INCLUDE_NEVE_REGS=2), by
splitting get_armv8_4_feat_nv_support() into an ID register reading
function and a second function to report the support status. That
function considers both build time settings and runtime information
(if needed), and is used before we access the VNCR_EL2 system register.
Also move the context saving code from assembly to C, and use the new
is_feat_nv2_supported() function to guard its execution.

Change the FVP platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.

Change-Id: I85b080641995fb72cfd4ac933f7a3f75770c2cb9
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): enable FEAT_TWED for FEAT_STATE_CHECKED

At the moment we only support FEAT_TWED to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime d

refactor(cpufeat): enable FEAT_TWED for FEAT_STATE_CHECKED

At the moment we only support FEAT_TWED to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (ENABLE_FEAT_TWED=2), by splitting
is_armv8_6_twed_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we set the trap delay time.

Change the FVP platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.

Change-Id: I58626230ef0af49886c0a197abace01e81f661d2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): enable FEAT_CSV2_2 for FEAT_STATE_CHECKED

At the moment we only support FEAT_CSV2_2 to be either unconditionally
compiled in, or to be not supported at all.

Add support for runti

refactor(cpufeat): enable FEAT_CSV2_2 for FEAT_STATE_CHECKED

At the moment we only support FEAT_CSV2_2 to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (ENABLE_FEAT_CSV2_2=2), by splitting
is_armv8_0_feat_csv2_2_present() into an ID register reading function
and a second function to report the support status. That function
considers both build time settings and runtime information (if needed),
and is used before we access the SCXTNUM_EL2 system register.
Also move the context saving code from assembly to C, and use the new
is_feat_csv2_2_supported() function to guard its execution.

Change the FVP platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.

Change-Id: I89c7bc883e6a65727fdbdd36eb3bfbffb2196da7
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): enable FEAT_ECV for FEAT_STATE_CHECKED

At the moment we only support FEAT_ECV to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime det

refactor(cpufeat): enable FEAT_ECV for FEAT_STATE_CHECKED

At the moment we only support FEAT_ECV to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (ENABLE_FEAT_ECV=2), by splitting
is_feat_ecv_present() into an ID register reading function and a second
function to report the support status. That function considers both
build time settings and runtime information (if needed), and is used
before we access the CNTPOFF_EL2 system register.
Also move the context saving code from assembly to C, and use the new
is_feat_ecv_supported() function to guard its execution.

Change the FVP platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.

Change-Id: I4acd5384929f1902b62a87ae073aafa1472cd66b
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): enable FEAT_PAN for FEAT_STATE_CHECKED

At the moment we only support FEAT_PAN to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime det

refactor(cpufeat): enable FEAT_PAN for FEAT_STATE_CHECKED

At the moment we only support FEAT_PAN to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (ENABLE_FEAT_PAN=2), by splitting
is_armv8_1_pan_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we PAN specific setup.

Change the FVP platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.

Change-Id: I58e5fe8d3c9332820391c7d93a8fb9dba4cf754a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): align FEAT_SB to new feature handling

FEAT_SB introduces a new speculation barrier instruction, that is more
lightweight than a "dsb; isb" combination. We use that in a hot path,

refactor(cpufeat): align FEAT_SB to new feature handling

FEAT_SB introduces a new speculation barrier instruction, that is more
lightweight than a "dsb; isb" combination. We use that in a hot path,
so cannot afford and don't want a runtime detection mechanism.
Nevertheless align the implementation of the feature detection part
with the other features, but renaming the detection function, and
updating the FEAT_DETECTION code. Also update the documentation.

Change-Id: I2b86dfd1ad259c3bb99ab5186e2911ace454b54c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): use alternative encoding for "SB" barrier

The "sb" barrier instruction is a rather new addition to the AArch64
instruction set, so it is not recognised by all toolchains. On top o

refactor(cpufeat): use alternative encoding for "SB" barrier

The "sb" barrier instruction is a rather new addition to the AArch64
instruction set, so it is not recognised by all toolchains. On top of
that, the GNU assembler denies this instruction, unless a compatible
processor is selected:
asm_macros.S:223: Error: selected processor does not support `sb'

Provide an alternative encoding of the "sb" instruction, by using a
system register write, as this is the group where the barrier
instructions borrow their encoding space from.
This results in the exact same opcode to be generated, and any
disassembler will decode this instruction as "sb".

Change-Id: I5f44c8321e0cc04c784e02bd838e964602a96a8e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): enable SYS_REG_TRACE for FEAT_STATE_CHECKED

At the moment we only support access to the trace unit by system
registers (SYS_REG_TRACE) to be either unconditionally compiled in, or

refactor(cpufeat): enable SYS_REG_TRACE for FEAT_STATE_CHECKED

At the moment we only support access to the trace unit by system
registers (SYS_REG_TRACE) to be either unconditionally compiled in, or
to be not supported at all.

Add support for runtime detection (ENABLE_SYS_REG_TRACE_FOR_NS=2), by
adding is_feat_sys_reg_trace_supported(). That function considers both
build time settings and runtime information (if needed), and is used
before we access SYS_REG_TRACE related registers.

The FVP platform decided to compile in support unconditionally (=1),
even though this is an optional feature, so it is not available with the
FVP model's default command line.
Change that to the now supported dynamic option (=2), so the right
decision can be made by the code at runtime.

Change-Id: I450a574a4f6bd9fc269887037049c94c906f54b2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(cpufeat): enable FEAT_VHE for FEAT_STATE_CHECKED

At the moment we only support FEAT_VHE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime det

refactor(cpufeat): enable FEAT_VHE for FEAT_STATE_CHECKED

At the moment we only support FEAT_VHE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (ENABLE_FEAT_VHE=2), by splitting
is_armv8_1_vhe_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access VHE related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_vhe_supported() function to guard its execution.

Enable VHE in its runtime detection version for all FVP builds.

Change-Id: Ib397cd0c83e8c709bd6fed603560e39901fa672b
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(mpam): enable FEAT_MPAM for FEAT_STATE_CHECKED

At the moment we only support FEAT_MPAM to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime dete

refactor(mpam): enable FEAT_MPAM for FEAT_STATE_CHECKED

At the moment we only support FEAT_MPAM to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (ENABLE_MPAM_FOR_LOWER_ELS=2), by
splitting get_mpam_version() into an ID register reading
function and a second function to report the support status. That
function considers both build time settings and runtime information (if
needed), and is used before we access MPAM related registers.
Also move the context saving code from assembly to C, and use the new
is_feat_mpam_supported() function to guard its execution.

ENABLE_MPAM_FOR_LOWER_ELS defaults to 0, so add a stub enable function
to cover builds with compiler optimisations turned off. The unused
mpam_enable() function call will normally be optimised away (because it
would never be called), but with -O0 the compiler will leave the symbol
in the object file.

Change-Id: I531d87cb855a7c43471f861f625b5a6d4bc61313
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED

At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detecti

refactor(spe): enable FEAT_SPE for FEAT_STATE_CHECKED

At the moment we only support FEAT_SPE to be either unconditionally
compiled in, or to be not supported at all.

Add support for runtime detection (ENABLE_SPE_FOR_NS=2), by splitting
is_armv8_2_feat_spe_present() into an ID register reading function and
a second function to report the support status. That function considers
both build time settings and runtime information (if needed), and is
used before we access SPE related registers.

Previously SPE was enabled unconditionally for all platforms, change
this now to the runtime detection version.

Change-Id: I830c094107ce6a398bf1f4aef7ffcb79d4f36552
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge "feat(tcr2): support FEAT_TCR2" into integration

feat(tcr2): support FEAT_TCR2

Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the n

feat(tcr2): support FEAT_TCR2

Arm v8.9 introduces FEAT_TCR2, adding extended translation control
registers. Support this, context switching TCR2_EL2 and disabling
traps so lower ELs can access the new registers.

Change the FVP platform to default to handling this as a dynamic option so
the right decision can be made by the code at runtime.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I297452acd8646d58bac64fc15e05b06a543e5148

show more ...

Merge "refactor(build): distinguish BL2 as TF-A entry point and BL2 running at EL3" into integration