xlat v2: Introduce xlat granule size helpers

The function xlat_arch_is_granule_size_supported() can be used to check
if a specific granule size is supported. In Armv8, AArch32 only supports
4 KiB pa

xlat v2: Introduce xlat granule size helpers

The function xlat_arch_is_granule_size_supported() can be used to check
if a specific granule size is supported. In Armv8, AArch32 only supports
4 KiB pages. AArch64 supports 4 KiB, 16 KiB or 64 KiB depending on the
implementation, which is detected at runtime.

The function xlat_arch_get_max_supported_granule_size() returns the max
granule size supported by the implementation.

Even though right now they are only used by SPM, they may be useful in
other places in the future. This patch moves the code currently in SPM
to the xlat tables lib so that it can be reused.

Change-Id: If54624a5ecf20b9b9b7f38861b56383a03bbc8a4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Fix MISRA Rule 5.3 Part 2

Use a _ prefix for Macro arguments to prevent that argument from
hiding variables of the same name in the outer scope

Rule 5.3: An identifier declared in an inner scope sh

Fix MISRA Rule 5.3 Part 2

Use a _ prefix for Macro arguments to prevent that argument from
hiding variables of the same name in the outer scope

Rule 5.3: An identifier declared in an inner scope shall not
hide an identifier declared in an outer scope

Fixed For:
make LOG_LEVEL=50 PLAT=fvp

Change-Id: I67b6b05cbad4aeca65ce52981b4679b340604708
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

show more ...

SDEI: Ensure SDEI handler executes with CVE-2018-3639 mitigation enabled

When dynamic mitigation is used, the SDEI handler is required to
execute with the mitigation enabled by default, regardless o

SDEI: Ensure SDEI handler executes with CVE-2018-3639 mitigation enabled

When dynamic mitigation is used, the SDEI handler is required to
execute with the mitigation enabled by default, regardless of the
mitigation state for lower ELs. This means that if the kernel or
hypervisor explicitly disables the mitigation and then later when the
event is dispatched, the dispatcher will remember the mitigation state
for the lower ELs but force the mitigation to be on during the SDEI
handler execution. When the SDEI handler returns, it will restore the
mitigation state.

This behaviour is described in "Firmware interfaces for mitigating
cache speculation vulnerabilities System Software on Arm Systems"[0].

[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification

Change-Id: I8dd60b736be0aa9e832b0f92d67a401fdeb417f4
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Implement dynamic mitigation for CVE-2018-3639 on Cortex-A76

The Cortex-A76 implements SMCCC_ARCH_WORKAROUND_2 as defined in
"Firmware interfaces for mitigating cache speculation vulnerabilities
Sys

Implement dynamic mitigation for CVE-2018-3639 on Cortex-A76

The Cortex-A76 implements SMCCC_ARCH_WORKAROUND_2 as defined in
"Firmware interfaces for mitigating cache speculation vulnerabilities
System Software on Arm Systems"[0].

Dynamic mitigation for CVE-2018-3639 is enabled/disabled by
setting/clearning bit 16 (Disable load pass store) of `CPUACTLR2_EL1`.

NOTE: The generic code that implements dynamic mitigation does not
currently implement the expected semantics when dispatching an SDEI
event to a lower EL. This will be fixed in a separate patch.

[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification

Change-Id: I8fb2862b9ab24d55a0e9693e48e8be4df32afb5a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Implement Cortex-Ares 1043202 erratum workaround

The workaround uses the instruction patching feature of the Ares cpu.

Change-Id: I868fce0dc0e8e41853dcce311f01ee3867aabb59
Signed-off-by: Dimitris P

Implement Cortex-Ares 1043202 erratum workaround

The workaround uses the instruction patching feature of the Ares cpu.

Change-Id: I868fce0dc0e8e41853dcce311f01ee3867aabb59
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Add AMU support for Cortex-Ares

Change-Id: Ia170c12d3929a616ba80eb7645c301066641f5cc
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Add support for Cortex-Ares and Cortex-A76 CPUs

Both Cortex-Ares and Cortex-A76 CPUs use the ARM DynamIQ Shared Unit
(DSU). The power-down and power-up sequences are therefore mostly
managed in har

Add support for Cortex-Ares and Cortex-A76 CPUs

Both Cortex-Ares and Cortex-A76 CPUs use the ARM DynamIQ Shared Unit
(DSU). The power-down and power-up sequences are therefore mostly
managed in hardware, and required software operations are simple.

Change-Id: I3a9447b5bdbdbc5ed845b20f6564d086516fa161
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>

show more ...

Merge pull request #1392 from dp-arm/dp/cve_2018_3639

Implement workaround for CVE-2018-3639 on Cortex A57/A72/A73 and A75

context_mgmt: Make cm_init_context_common public

This function can be currently accessed through the wrappers
cm_init_context_by_index() and cm_init_my_context(). However, they only
work on contexts

context_mgmt: Make cm_init_context_common public

This function can be currently accessed through the wrappers
cm_init_context_by_index() and cm_init_my_context(). However, they only
work on contexts that are associated to a CPU.

By making this function public, it is possible to set up a context that
isn't associated to any CPU. For consistency, it has been renamed to
cm_setup_context().

Change-Id: Ib2146105abc8137bab08745a8adb30ca2c4cedf4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Add support for dynamic mitigation for CVE-2018-3639

Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in

Add support for dynamic mitigation for CVE-2018-3639

Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in lower ELs to enable or disable the mitigation for their
execution context.

It should be noted that regardless of the state of the mitigation for
lower ELs, code executing in EL3 is always mitigated against
CVE-2018-3639.

NOTE: This change is a compatibility break for any platform using
the declare_cpu_ops_workaround_cve_2017_5715 macro. Migrate to
the declare_cpu_ops_wa macro instead.

Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

aarch32: Implement static workaround for CVE-2018-3639

Implement static mitigation for CVE-2018-3639 on
Cortex A57 and A72.

Change-Id: I83409a16238729b84142b19e258c23737cc1ddc3
Signed-off-by: Dimit

aarch32: Implement static workaround for CVE-2018-3639

Implement static mitigation for CVE-2018-3639 on
Cortex A57 and A72.

Change-Id: I83409a16238729b84142b19e258c23737cc1ddc3
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Implement static workaround for CVE-2018-3639

For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mit

Implement static workaround for CVE-2018-3639

For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.

This approach permanently mitigates the entire software stack and no
additional mitigation code is required in other software components.

TF-A implements this approach for the following affected CPUs:

* Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of
`CPUACTLR_EL1` (`S3_1_C15_C2_0`).

* Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the
Technical Reference Manual (TRM)).

* Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1`
(`S3_0_C15_C1_0`).

Additionally, a new SMC interface is implemented to allow software
executing in lower ELs to discover whether the system is mitigated
against CVE-2018-3639.

Refer to "Firmware interfaces for mitigating cache speculation
vulnerabilities System Software on Arm Systems"[0] for more
information.

[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification

Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Rename symbols and files relating to CVE-2017-5715

This patch renames symbols and files relating to CVE-2017-5715 to make
it easier to introduce new symbols and files for new CVE mitigations.

Chang

Rename symbols and files relating to CVE-2017-5715

This patch renames symbols and files relating to CVE-2017-5715 to make
it easier to introduce new symbols and files for new CVE mitigations.

Change-Id: I24c23822862ca73648c772885f1690bed043dbc7
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Merge pull request #1373 from jeenu-arm/ras-support

RAS support

Merge pull request #1377 from robertovargas-arm/compiler-warnings

Compiler warnings

xlat: Fix warning in CHECK_VIRT_ADDR_SPACE_SIZE

When TF is compiled for aarch32 MAX_VIRT_ADDR_SPACE_SIZE is 2^32 in some cases,
which makes the test (size) <= MAX_VIRT_ADDR_SPACE_SIZE a tautology be

xlat: Fix warning in CHECK_VIRT_ADDR_SPACE_SIZE

When TF is compiled for aarch32 MAX_VIRT_ADDR_SPACE_SIZE is 2^32 in some cases,
which makes the test (size) <= MAX_VIRT_ADDR_SPACE_SIZE a tautology because
uintptr_t is a 32 bit value. The cast remove the warning for clang.

Change-Id: I1345f3400f8fbbe4ffd3caa990a90e7ba593dba5
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

show more ...

Merge pull request #1354 from robertovargas-arm/mem_protect

ARM platforms: Demonstrate mem_protect from el3_runtime

RAS: Add fault injection support

The ARMv8.4 RAS extensions introduce architectural support for software
to inject faults into the system in order to test fault-handling
software. This patch introdu

RAS: Add fault injection support

The ARMv8.4 RAS extensions introduce architectural support for software
to inject faults into the system in order to test fault-handling
software. This patch introduces the build option FAULT_HANDLING_SUPPORT
to allow for lower ELs to use registers in the Standard Error Record to
inject fault. The build option RAS_EXTENSIONS must also be enabled along
with fault injection.

This feature is intended for testing purposes only, and is advisable to
keep disabled for production images.

Change-Id: I6f7a4454b15aec098f9505a10eb188c2f928f7ea
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

RAS: Allow individual interrupt registration

EHF currently allows for registering interrupt handlers for a defined
priority ranges. This is primarily targeted at various EL3 dispatchers
to own range

RAS: Allow individual interrupt registration

EHF currently allows for registering interrupt handlers for a defined
priority ranges. This is primarily targeted at various EL3 dispatchers
to own ranges of secure interrupt priorities in order to delegate
execution to lower ELs.

The RAS support added by earlier patches necessitates registering
handlers based on interrupt number so that error handling agents shall
receive and handle specific Error Recovery or Fault Handling interrupts
at EL3.

This patch introduces a macro, RAS_INTERRUPTS() to declare an array of
interrupt numbers and handlers. Error handling agents can use this macro
to register handlers for individual RAS interrupts. The array is
expected to be sorted in the increasing order of interrupt numbers.

As part of RAS initialisation, the list of all RAS interrupts are sorted
based on their ID so that, given an interrupt, its handler can be looked
up with a simple binary search.

For an error handling agent that wants to handle a RAS interrupt,
platform must:

- Define PLAT_RAS_PRI to be the priority of all RAS exceptions.

- Enumerate interrupts to have the GIC driver program individual EL3
interrupts to the required priority range. This is required by EHF
even before this patch.

Documentation to follow.

Change-Id: I9471e4887ff541f8a7a63309e9cd8f771f76aeda
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

RAS: Add support for node registration

Previous patches added frameworks for handling RAS errors. This patch
introduces features that the platform can use to enumerate and iterate
RAS nodes:

- Th

RAS: Add support for node registration

Previous patches added frameworks for handling RAS errors. This patch
introduces features that the platform can use to enumerate and iterate
RAS nodes:

- The REGISTER_RAS_NODES() can be used to expose an array of
ras_node_info_t structures. Each ras_node_info_t describes a RAS
node, along with handlers for probing the node for error, and if
did record an error, another handler to handle it.

- The macro for_each_ras_node() can be used to iterate over the
registered RAS nodes, probe for, and handle any errors.

The common platform EA handler has been amended using error handling
primitives introduced by both this and previous patches.

Change-Id: I2e13f65a88357bc48cd97d608db6c541fad73853
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

RAS: Add helpers to access Standard Error Records

The ARMv8 RAS Extensions introduced Standard Error Records which are a
set of standard registers through which:

- Platform can configure RAS node

RAS: Add helpers to access Standard Error Records

The ARMv8 RAS Extensions introduced Standard Error Records which are a
set of standard registers through which:

- Platform can configure RAS node policy; e.g., notification
mechanism;

- RAS nodes can record and expose error information for error handling
agents.

Standard Error Records can either be accessed via. memory-mapped
or System registers. This patch adds helper functions to access
registers and fields within an error record.

Change-Id: I6594ba799f4a1789d7b1e45b3e17fd40e7e0ba5c
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

AArch64: Introduce RAS handling

RAS extensions are mandatory for ARMv8.2 CPUs, but are also optional
extensions to base ARMv8.0 architecture.

This patch adds build system support to enable RAS feat

AArch64: Introduce RAS handling

RAS extensions are mandatory for ARMv8.2 CPUs, but are also optional
extensions to base ARMv8.0 architecture.

This patch adds build system support to enable RAS features in ARM
Trusted Firmware. A boolean build option RAS_EXTENSION is introduced for
this.

With RAS_EXTENSION, an Exception Synchronization Barrier (ESB) is
inserted at all EL3 vector entry and exit. ESBs will synchronize pending
external aborts before entering EL3, and therefore will contain and
attribute errors to lower EL execution. Any errors thus synchronized are
detected via. DISR_EL1 register.

When RAS_EXTENSION is set to 1, HANDLE_EL3_EA_FIRST must also be set to 1.

Change-Id: I38a19d84014d4d8af688bd81d61ba582c039383a
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

AArch64: Introduce External Abort handling

At present, any External Abort routed to EL3 is reported as an unhandled
exception and cause a panic. This patch enables ARM Trusted Firmware to
handle Ext

AArch64: Introduce External Abort handling

At present, any External Abort routed to EL3 is reported as an unhandled
exception and cause a panic. This patch enables ARM Trusted Firmware to
handle External Aborts routed to EL3.

With this patch, when an External Abort is received at EL3, its handling
is delegated to plat_ea_handler() function. Platforms can provide their
own implementation of this function. This patch adds a weak definition
of the said function that prints out a message and just panics.

In order to support handling External Aborts at EL3, the build option
HANDLE_EA_EL3_FIRST must be set to 1.

Before this patch, HANDLE_EA_EL3_FIRST wasn't passed down to
compilation; this patch fixes that too.

Change-Id: I4d07b7e65eb191ff72d63b909ae9512478cd01a1
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

smccc: Fix checkpatch error in header file

Change-Id: Ice141dcc17f504025f922acace94d98f84acba9e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Merge pull request #1363 from antonio-nino-diaz-arm/an/res1-ap

xlat: Set AP[1] to 1 when it is RES1