Merge "fix(cm): remove unused macro" into integration

fix(cm): remove unused macro

It is never referenced.

Change-Id: I538b1f3d8660426faf5bafa68ecda2d637b0bc50
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

Merge "fix(smccc): cleanup unused declaration" into integration

fix(smccc): cleanup unused declaration

Remove check_wa_cve_2024_7881() declaration left behind by patch
fd04156eb792963cb21144063e421d074efa6386.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakas

fix(smccc): cleanup unused declaration

Remove check_wa_cve_2024_7881() declaration left behind by patch
fd04156eb792963cb21144063e421d074efa6386.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Iae81e0bcbd2feb2b72a4e4e8fd27a27ae00c9cb4

show more ...

Merge "fix(errata): keep leading zeros in CVE ID prints" into integration

fix(errata): keep leading zeros in CVE ID prints

The errata printing function would drop leading zeros on CVE
numbers so this updates the format string to make sure they are
printed. This is to conf

fix(errata): keep leading zeros in CVE ID prints

The errata printing function would drop leading zeros on CVE
numbers so this updates the format string to make sure they are
printed. This is to conform to the CVE naming convention where
ID numbers of less than 4 digits are prepended with 0s up to 4
digits.

This also updates a confusing comment indicating that leading
zeros could be used to work around a potential issue if CVE and
erratum IDs clash. Values with leading zeros will be interpreted
as octal numbers which is not desirable behavior so this should
not be recommended. Realistically, a CVE ID and erratum ID being
the same is *extremely* unlikely since CVE ID start over each
year and are 4-5 digits for Arm, and Errata IDs are 6-7 digits.

Change-Id: Idf2be50cea6828a3d30c6e58fda477ec1398bc7c
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

Merge changes from topic "ar/cve_wa_refactor" into integration

* changes:
refactor(cpus): optimize CVE checking
refactor(cpus): move errata check to common code
refactor(cpus): drop unused arg

Merge changes from topic "ar/cve_wa_refactor" into integration

* changes:
refactor(cpus): optimize CVE checking
refactor(cpus): move errata check to common code
refactor(cpus): drop unused argument forward_flag

show more ...

refactor(cpus): optimize CVE checking

This patch replaces the use of EXTRA functions
with using erratum entries check
to verify CVE mitigation application for some of
the SMCCC_ARCH_WORKAROUND_* cal

refactor(cpus): optimize CVE checking

This patch replaces the use of EXTRA functions
with using erratum entries check
to verify CVE mitigation application for some of
the SMCCC_ARCH_WORKAROUND_* calls.

Previously, EXTRA functions were individually implemented for
each SMCCC_ARCH_WORKAROUND_*, an approach that becomes unmanageable
with the increasing number of workarounds.
By looking up erratum entries for CVE check, the process is streamlined,
reducing overhead associated with creating and
maintaining EXTRA functions for each new workaround.

New Errata entries are created for SMC workarounds and
that is used to target cpus that are uniquely impacted
by SMC workarounds.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I873534e367a35c99461d0a616ff7bf856a0000af

show more ...

refactor(cpus): move errata check to common code

This patch centralizes some of the Errata ABI code
that could be used for checking if an Errata has been applied
to cpu library since the function is

refactor(cpus): move errata check to common code

This patch centralizes some of the Errata ABI code
that could be used for checking if an Errata has been applied
to cpu library since the function is mostly generic.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I2c6d4468f7125d4d99ccdebc5ea8f9e4390360cc

show more ...

Merge "feat(psci): remove cpu context init by index" into integration

feat(psci): remove cpu context init by index

Currently, the calling core (meaning the core which received the call to
CPU_ON or the powerdown path of CPU_SUSPEND on the same core) is in
charge of in

feat(psci): remove cpu context init by index

Currently, the calling core (meaning the core which received the call to
CPU_ON or the powerdown path of CPU_SUSPEND on the same core) is in
charge of initialising the context for the waking core (the warmboot
entrypoint for both). This is convenient because the calling core can
write the context while in coherency and the waking core will only need
the context after its entered coherency. This avoids any cache
maintenance and makes communication simple.

However, this has 3 main problems:
a) asymmetric feature support is problematic - the calling core has no
way of knowing the feature set of the waking core. If the two
diverge, the architectural feature discovery via ID registers breaks
down. We've thus far "fixed" this on a case by case basis which
doesn't scale and introduces redundancy.

b) powerdown abandon (pabandon) introduces a contradiction - the calling
core has to initialise the context for when the core wakes up, but
should the core not powerdown it needs its old context intact. The only
way to work around this is by keeping two copies of context which
incurs a runtime and memory overhead.

c) cm_prepare_el3_exit[_ns]() doesn't have access to the entrypoint but needs
it to make initialisation decisions. We can infer some of this from
registers that have already been written but this is awkwardly
limiting for what we can do. This also necessitates the split from
the context initialisation.

We can solve all three by a making a core be in full ownership of its
own context. The calling core then only writes entrypoint information
and nothing else. The waking core then initialises its own context as it
sees fit with full knowledge of the whole picture.

The only tricky bit is cache coherency - the waking core has to be able
to coherently observe its new entrypoint. Calling cores will write to
the shared region with coherent caches on. If we make sure to read the
context only after the waking core has entered coherency, then we can
avoid cache operations and let hardware handle everything.

We can skip the spsr check for FEAT_TCR2 as it doesn't make a
difference. We can also skip enabling it twice from generic code.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I86e7fe8b698191fc3b469e5ced1fd010f8754b0e

show more ...

Merge "fix(errata): workaround for Cortex-A510 erratum 2971420" into integration

fix(errata): workaround for Cortex-A510 erratum 2971420

Cortex-A510 erratum 2971420 applies to revisions r0p1, r0p2, r0p3,
r1p0, r1p1, r1p2 and r1p3, and is still open.

Under some conditions, data

fix(errata): workaround for Cortex-A510 erratum 2971420

Cortex-A510 erratum 2971420 applies to revisions r0p1, r0p2, r0p3,
r1p0, r1p1, r1p2 and r1p3, and is still open.

Under some conditions, data might be corrupted if Trace Buffer
Extension (TRBE) is enabled. The workaround is to disable trace
collection via TRBE by programming MDCR_EL3.NSTB[1] to the opposite
value of SCR_EL3.NS on a security state switch. Since we only enable
TRBE for non-secure world, the workaround is to disable TRBE by
setting the NSTB field to 00 so accesses are trapped to EL3 and
secure state owns the buffer.

SDEN: https://developer.arm.com/documentation/SDEN-1873361/latest/

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ia77051f6b64c726a8c50596c78f220d323ab7d97

show more ...

Merge "fix(errata-abi): add support for handling split workarounds" into integration

fix(errata-abi): add support for handling split workarounds

Certain erratum workarounds like Neoverse N1 1542419, need a part
of their mitigation done in EL3 and the rest in lower EL. But currently

fix(errata-abi): add support for handling split workarounds

Certain erratum workarounds like Neoverse N1 1542419, need a part
of their mitigation done in EL3 and the rest in lower EL. But currently
such workarounds return HIGHER_EL_MITIGATION which indicates that the
erratum has already been mitigated by a higher EL(EL3 in this case)
which causes the lower EL to not apply it's part of the mitigation.

This patch fixes this issue by adding support for split workarounds
so that on certain errata we return AFFECTED even though EL3 has
applied it's workaround. This is done by reusing the chosen field of
erratum_entry structure into a bitfield that has two bitfields -
Bit 0 indicates that the erratum has been enabled in build,
Bit 1 indicates that the erratum is a split workaround and should
return AFFECTED instead of HIGHER_EL_MITIGATION.

SDEN documentation:
https://developer.arm.com/documentation/SDEN885747/latest

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Iec94d665b5f55609507a219a7d1771eb75e7f4a7

show more ...

Merge changes from topic "bk/errata_speed" into integration

* changes:
refactor(cpus): declare runtime errata correctly
perf(cpus): make reset errata do fewer branches
perf(cpus): inline the i

Merge changes from topic "bk/errata_speed" into integration

* changes:
refactor(cpus): declare runtime errata correctly
perf(cpus): make reset errata do fewer branches
perf(cpus): inline the init_cpu_data_ptr function
perf(cpus): inline the reset function
perf(cpus): inline the cpu_get_rev_var call
perf(cpus): inline cpu_rev_var checks
refactor(cpus): register DSU errata with the errata framework's wrappers
refactor(cpus): convert checker functions to standard helpers
refactor(cpus): convert the Cortex-A65 to use the errata framework
fix(cpus): declare reset errata correctly

show more ...

perf(cpus): make reset errata do fewer branches

Errata application is painful for performance. For a start, it's done
when the core has just come out of reset, which means branch predictors
and cach

perf(cpus): make reset errata do fewer branches

Errata application is painful for performance. For a start, it's done
when the core has just come out of reset, which means branch predictors
and caches will be empty so a branch to a workaround function must be
fetched from memory and that round trip is very slow. Then it also runs
with the I-cache off, which means that the loop to iterate over the
workarounds must also be fetched from memory on each iteration.

We can remove both branches. First, we can simply apply every erratum
directly instead of defining a workaround function and jumping to it.
Currently, no errata that need to be applied at both reset and runtime,
with the same workaround function, exist. If the need arose in future,
this should be achievable with a reset + runtime wrapper combo.

Then, we can construct a function that applies each erratum linearly
instead of looping over the list. If this function is part of the reset
function, then the only "far" branches at reset will be for the checker
functions. Importantly, this mitigates the slowdown even when an erratum
is disabled.

The result is ~50% speedup on N1SDP and ~20% on AArch64 Juno on wakeup
from PSCI calls that end in powerdown. This is roughly back to the
baseline of v2.9, before the errata framework regressed on performance
(or a little better). It is important to note that there are other
slowdowns since then that remain unknown.

Change-Id: Ie4d5288a331b11fd648e5c4a0b652b74160b07b9
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "gr/errata_ICH_VMCR_EL2" into integration

* changes:
fix(cpus): workaround for Neoverse-V3 erratum 3701767
fix(cpus): workaround for Neoverse-N3 erratum 3699563
fix(cp

Merge changes from topic "gr/errata_ICH_VMCR_EL2" into integration

* changes:
fix(cpus): workaround for Neoverse-V3 erratum 3701767
fix(cpus): workaround for Neoverse-N3 erratum 3699563
fix(cpus): workaround for Neoverse-N2 erratum 3701773
fix(cpus): workaround for Cortex-X925 erratum 3701747
fix(cpus): workaround for Cortex-X4 erratum 3701758
fix(cpus): workaround for Cortex-X3 erratum 3701769
fix(cpus): workaround for Cortex-X2 erratum 3701772
fix(cpus): workaround for Cortex-A725 erratum 3699564
fix(cpus): workaround for Cortex-A720-AE erratum 3699562
fix(cpus): workaround for Cortex-A720 erratum 3699561
fix(cpus): workaround for Cortex-A715 erratum 3699560
fix(cpus): workaround for Cortex-A710 erratum 3701772
fix(cpus): workaround for accessing ICH_VMCR_EL2
chore(cpus): fix incorrect header macro

show more ...

fix(cpus): workaround for accessing ICH_VMCR_EL2

When ICH_VMCR_EL2.VBPR1 is written in Secure state (SCR_EL3.NS==0)
and then subsequently read in Non-secure state (SCR_EL3.NS==1), a
wrong value migh

fix(cpus): workaround for accessing ICH_VMCR_EL2

When ICH_VMCR_EL2.VBPR1 is written in Secure state (SCR_EL3.NS==0)
and then subsequently read in Non-secure state (SCR_EL3.NS==1), a
wrong value might be returned. The same issue exists in the opposite way.

Adding workaround in EL3 software that performs context save/restore
on a change of Security state to use a value of SCR_EL3.NS when
accessing ICH_VMCR_EL2 that reflects the Security state that owns the
data being saved or restored. For example, EL3 software should set
SCR_EL3.NS to 1 when saving or restoring the value ICH_VMCR_EL2 for
Non-secure(or Realm) state. EL3 software should clear
SCR_EL3.NS to 0 when saving or restoring the value ICH_VMCR_EL2 for
Secure state.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775101/latest/

Change-Id: I9f0403601c6346276e925f02eab55908b009d957
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

chore(cpus): fix incorrect header macro

- errata.h is using incorrect header macro ERRATA_REPORT_H fix this.
- Group errata function utilities.

Change-Id: I6a4a8ec6546adb41e24d8885cb445fa8be830148

chore(cpus): fix incorrect header macro

- errata.h is using incorrect header macro ERRATA_REPORT_H fix this.
- Group errata function utilities.

Change-Id: I6a4a8ec6546adb41e24d8885cb445fa8be830148
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge changes from topic "ar/smccc_arch_wa_4" into integration

* changes:
fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus
fix(security): add support in cpu_ops for CVE-2024-7881

Merge changes from topic "ar/smccc_arch_wa_4" into integration

* changes:
fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus
fix(security): add support in cpu_ops for CVE-2024-7881
fix(security): add CVE-2024-7881 mitigation to Cortex-X3
fix(security): add CVE-2024-7881 mitigation to Neoverse-V3
fix(security): add CVE-2024-7881 mitigation to Neoverse-V2
fix(security): add CVE-2024-7881 mitigation to Cortex-X925
fix(security): add CVE-2024-7881 mitigation to Cortex-X4
fix(security): enable WORKAROUND_CVE_2024_7881 build option

show more ...

fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus

This patch implements SMCCC_ARCH_WORKAROUND_4 and
allows discovery through SMCCC_ARCH_FEATURES.
This mechanism is enabled if CVE_2024_78

fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus

This patch implements SMCCC_ARCH_WORKAROUND_4 and
allows discovery through SMCCC_ARCH_FEATURES.
This mechanism is enabled if CVE_2024_7881 [1] is enabled
by the platform. If CVE_2024_7881 mitigation
is implemented, the discovery call returns 0,
if not -1 (SMC_ARCH_CALL_NOT_SUPPORTED).

For more information about SMCCC_ARCH_WORKAROUND_4 [2], please
refer to the SMCCC Specification reference provided below.

[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
[2]: https://developer.arm.com/documentation/den0028/latest

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I1b1ffaa1f806f07472fd79d5525f81764d99bc79

show more ...

Merge "fix(cpus): modify the fix for Cortex-A75 erratum 764081" into integration

fix(cpus): modify the fix for Cortex-A75 erratum 764081

Apply the mitigation only for the revision and variant
mentioned in the SDEN.

SDEN Documentation:
https://developer.arm.com/documentation/SDE

fix(cpus): modify the fix for Cortex-A75 erratum 764081

Apply the mitigation only for the revision and variant
mentioned in the SDEN.

SDEN Documentation:
https://developer.arm.com/documentation/SDEN859515/latest

Change-Id: Ifda1f4cb32bdec9a9af29397ddc03bf22a7a87fc
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

Merge changes from topic "clean-up-errata-compatibility" into integration

* changes:
refactor(cpus): remove cpu specific errata funcs
refactor(cpus): directly invoke errata reporter