Merge changes from topic "bk/pabandon_cleanup" into integration

* changes:
feat(cpus): add pabandon support to the Alto cpu
feat(psci): optimise clock init on a pabandon
feat(psci): check that

Merge changes from topic "bk/pabandon_cleanup" into integration

* changes:
feat(cpus): add pabandon support to the Alto cpu
feat(psci): optimise clock init on a pabandon
feat(psci): check that CPUs handled a pabandon
feat(psci): make pabandon support generic
refactor(psci): unify coherency exit between AArch64 and AArch32
refactor(psci): absorb psci_power_down_wfi() into common code
refactor(platforms): remove usage of psci_power_down_wfi
fix(cm): disable SPE/TRBE correctly

show more ...

refactor(psci): unify coherency exit between AArch64 and AArch32

The procedure is fairly simple: if we have hardware assisted coherency,
call into the cpu driver and let it do its thing. If we don't

refactor(psci): unify coherency exit between AArch64 and AArch32

The procedure is fairly simple: if we have hardware assisted coherency,
call into the cpu driver and let it do its thing. If we don't, then we
must turn data caches off, handle the confusion that causes with the
stack, and call into the cpu driver which will flush the caches that
need flushing.

On AArch32 the above happens in common code. On AArch64, however, the
turning off of the caches happens in the cpu driver. Since we're dealing
with the stack, we must exercise control over it and implement this in
assembly. But as the two implementations are nominally different (in the
ordering of operations), the part that is in assembly is quite large as
jumping back to C to handle the difference might involve the stack.

Presumably, the AArch difference was introduced in order to cater for a
possible implementation where turning off the caches requires an IMP DEF
sequence. Well, Arm no longer makes cores without hardware assisted
coherency, so this eventually is not possible.

So take this part out of the cpu driver and put it into common code,
just like in AArch32. With this, there is no longer a need call
prepare_cpu_pwr_dwn() in a different order either - we can delay it a
bit to happen after the stack management. So the two AArch-s flows
become identical. We can convert prepare_cpu_pwr_dwn() to C and leave
psci_do_pwrdown_cache_maintenance() only to exercise control over stack.

Change-Id: Ie4759ebe20bb74b60533c6a47dbc2b101875900f
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "ar/cve_wa_refactor" into integration

* changes:
refactor(cpus): optimize CVE checking
refactor(cpus): move errata check to common code
refactor(cpus): drop unused arg

Merge changes from topic "ar/cve_wa_refactor" into integration

* changes:
refactor(cpus): optimize CVE checking
refactor(cpus): move errata check to common code
refactor(cpus): drop unused argument forward_flag

show more ...

refactor(cpus): optimize CVE checking

This patch replaces the use of EXTRA functions
with using erratum entries check
to verify CVE mitigation application for some of
the SMCCC_ARCH_WORKAROUND_* cal

refactor(cpus): optimize CVE checking

This patch replaces the use of EXTRA functions
with using erratum entries check
to verify CVE mitigation application for some of
the SMCCC_ARCH_WORKAROUND_* calls.

Previously, EXTRA functions were individually implemented for
each SMCCC_ARCH_WORKAROUND_*, an approach that becomes unmanageable
with the increasing number of workarounds.
By looking up erratum entries for CVE check, the process is streamlined,
reducing overhead associated with creating and
maintaining EXTRA functions for each new workaround.

New Errata entries are created for SMC workarounds and
that is used to target cpus that are uniquely impacted
by SMC workarounds.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I873534e367a35c99461d0a616ff7bf856a0000af

show more ...

Merge changes from topic "bk/errata_speed" into integration

* changes:
refactor(cpus): declare runtime errata correctly
perf(cpus): make reset errata do fewer branches
perf(cpus): inline the i

Merge changes from topic "bk/errata_speed" into integration

* changes:
refactor(cpus): declare runtime errata correctly
perf(cpus): make reset errata do fewer branches
perf(cpus): inline the init_cpu_data_ptr function
perf(cpus): inline the reset function
perf(cpus): inline the cpu_get_rev_var call
perf(cpus): inline cpu_rev_var checks
refactor(cpus): register DSU errata with the errata framework's wrappers
refactor(cpus): convert checker functions to standard helpers
refactor(cpus): convert the Cortex-A65 to use the errata framework
fix(cpus): declare reset errata correctly

show more ...

perf(cpus): make reset errata do fewer branches

Errata application is painful for performance. For a start, it's done
when the core has just come out of reset, which means branch predictors
and cach

perf(cpus): make reset errata do fewer branches

Errata application is painful for performance. For a start, it's done
when the core has just come out of reset, which means branch predictors
and caches will be empty so a branch to a workaround function must be
fetched from memory and that round trip is very slow. Then it also runs
with the I-cache off, which means that the loop to iterate over the
workarounds must also be fetched from memory on each iteration.

We can remove both branches. First, we can simply apply every erratum
directly instead of defining a workaround function and jumping to it.
Currently, no errata that need to be applied at both reset and runtime,
with the same workaround function, exist. If the need arose in future,
this should be achievable with a reset + runtime wrapper combo.

Then, we can construct a function that applies each erratum linearly
instead of looping over the list. If this function is part of the reset
function, then the only "far" branches at reset will be for the checker
functions. Importantly, this mitigates the slowdown even when an erratum
is disabled.

The result is ~50% speedup on N1SDP and ~20% on AArch64 Juno on wakeup
from PSCI calls that end in powerdown. This is roughly back to the
baseline of v2.9, before the errata framework regressed on performance
(or a little better). It is important to note that there are other
slowdowns since then that remain unknown.

Change-Id: Ie4d5288a331b11fd648e5c4a0b652b74160b07b9
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "clean-up-errata-compatibility" into integration

* changes:
refactor(cpus): remove cpu specific errata funcs
refactor(cpus): directly invoke errata reporter

refactor(cpus): remove cpu specific errata funcs

Errata printing is done directly via generic_errata_report.
This commit removes the unused \_cpu\()_errata_report
functions for all cores, and remove

refactor(cpus): remove cpu specific errata funcs

Errata printing is done directly via generic_errata_report.
This commit removes the unused \_cpu\()_errata_report
functions for all cores, and removes errata_func from cpu_ops.

Change-Id: I04fefbde5f0ff63b1f1cd17c864557a14070d68c
Signed-off-by: Ryan Everett <ryan.everett@arm.com>

show more ...

Merge changes from topic "jc/errata_refactor" into integration

* changes:
refactor(cpus): convert Cortex-A72 to use cpu helpers
refactor(cpus): convert the Cortex-A72 to use the errata framework

Merge changes from topic "jc/errata_refactor" into integration

* changes:
refactor(cpus): convert Cortex-A72 to use cpu helpers
refactor(cpus): convert the Cortex-A72 to use the errata framework
refactor(cpus): reorder Cortex-A72 errata by ascending order

show more ...

refactor(cpus): convert Cortex-A72 to use cpu helpers

Change-Id: Ic327389e610bff0f71939cb57d661ea84ddef3f6
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

refactor(cpus): convert the Cortex-A72 to use the errata framework

This involves replacing:
* the reset_func with the standard cpu_reset_func_{start,end} to apply
errata automatically
* the <cp

refactor(cpus): convert the Cortex-A72 to use the errata framework

This involves replacing:
* the reset_func with the standard cpu_reset_func_{start,end} to apply
errata automatically
* the <cpu>_errata_report with the errata_report_shim to report errata
automatically
...and for each erratum:
* the prologue with the workaround_<type>_start to do the checks and
framework registration automatically
* the epilogue with the workaround_<type>_end
* the checker function with the check_erratum_<type> to make it more
descriptive

It is important to note that the errata workaround sequences remain
unchanged and preserve their git blame.

Testing was conducted by:
* Building for release with all errata flags enabled and running
script in change 19136 to compare output of objdump for each errata.

* Testing via script was not complete, as it directed to verify the
check and the workaround functions of few erratas manually.

* Manual comparison of disassembly of converted functions with non-
converted functions

aarch64-none-elf-objdump -D <trusted-firmware-a with conversion>/build/../release/bl31/bl31.elf
vs
aarch64-none-elf-objdump -D <trusted-firmware-a clean repo>/build/fvp/release/bl31/bl31.elf

* Manual comparison of disassembly of both both files(bl31.elf)
ensured,the ported changes were identical and hence verified.

* Build for release with all errata flags enabled and run default tftf
tests.

CROSS_COMPILE=aarch64-none-elf- \
make PLAT=fvp \
ARCH=aarch64 \
DEBUG=0 \
HW_ASSISTED_COHERENCY=1 \
USE_COHERENT_MEM=0 \
CTX_INCLUDE_AARCH32_REGS=0 \
ERRATA_A72_859971=1 \
ERRATA_A72_1319367=1 \
WORKAROUND_CVE_2017_5715=1 \
WORKAROUND_CVE_2018_3639=1 \
WORKAROUND_CVE_2022_23960=1 \
BL33=/home/jaychi01/tf_a/tf-a-tests/build/fvp/release/tftf.bin \
fip all -j12

* Build for debug with all errata enabled and step through ArmDS
at reset to ensure that if Errata are applicable then the workaround
functions are entered precisely.

Change-Id: I8ee5288f395b0391a242506e7effdb65ab4c4de7
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

show more ...

refactor(cpus): reorder Cortex-A72 errata by ascending order

Change-Id: I8fa7886a47b37d9e7bd580549971cd59ac3d5606
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

Merge changes from topic "spectre_bhb" into integration

* changes:
fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57
fix(security): workaround for CVE-2022-23960 for Cortex-A57, Co

Merge changes from topic "spectre_bhb" into integration

* changes:
fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57
fix(security): workaround for CVE-2022-23960 for Cortex-A57, Cortex-A72
fix(fvp): disable reclaiming init code by default

show more ...

fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57

This patch applies CVE-2022-23960 workarounds for Cortex-A75,
Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements
the new

fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57

This patch applies CVE-2022-23960 workarounds for Cortex-A75,
Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements
the new SMCCC_ARCH_WORKAROUND_3 and enables necessary discovery
hooks for Coxtex-A72, Cortex-A57, Cortex-A73 and Cortex-A75 to
enable discovery of this SMC via SMC_FEATURES. SMCCC_ARCH_WORKAROUND_3
is implemented for A57/A72 because some revisions are affected by both
CVE-2022-23960 and CVE-2017-5715 and this allows callers to replace
SMCCC_ARCH_WORKAROUND_1 calls with SMCCC_ARCH_WORKAROUND_3. For details
of SMCCC_ARCH_WORKAROUND_3, please refer SMCCCv1.4 specification.

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifa6d9c7baa6764924638efe3c70468f98d60ed7c

show more ...

fix(security): workaround for CVE-2022-23960 for Cortex-A57, Cortex-A72

Implements mitigation for Cortex-A72 CPU versions that support
the CSV2 feature(from r1p0). It also applies the mitigation for

fix(security): workaround for CVE-2022-23960 for Cortex-A57, Cortex-A72

Implements mitigation for Cortex-A72 CPU versions that support
the CSV2 feature(from r1p0). It also applies the mitigation for
Cortex-A57 CPU.

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I7cfcf06537710f144f6e849992612033ddd79d33

show more ...

Merge changes from topic "at_errata_fix" into integration

* changes:
doc: Update description for AT speculative workaround
lib/cpus: Report AT speculative erratum workaround
Add wrapper for AT

Merge changes from topic "at_errata_fix" into integration

* changes:
doc: Update description for AT speculative workaround
lib/cpus: Report AT speculative erratum workaround
Add wrapper for AT instruction

show more ...

lib/cpus: Report AT speculative erratum workaround

Reported the status (applies, missing) of AT speculative workaround
which is applicable for below CPUs.

+---------+--------------+
| Errata |

lib/cpus: Report AT speculative erratum workaround

Reported the status (applies, missing) of AT speculative workaround
which is applicable for below CPUs.

+---------+--------------+
| Errata | CPU |
+=========+==============+
| 1165522 | Cortex-A76 |
+---------+--------------+
| 1319367 | Cortex-A72 |
+---------+--------------+
| 1319537 | Cortex-A57 |
+---------+--------------+
| 1530923 | Cortex-A55 |
+---------+--------------+
| 1530924 | Cortex-A53 |
+---------+--------------+

Also, changes are done to enable common macro 'ERRATA_SPECULATIVE_AT'
if AT speculative errata workaround is enabled for any of the above
CPUs using 'ERRATA_*' CPU specific build macro.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I3e6a5316a2564071f3920c3ce9ae9a29adbe435b

show more ...

Merge pull request #1430 from dp-arm/dp/cpulib

cpulib: Add ISBs or comment why they are unneeded

cpulib: Add ISBs or comment why they are unneeded

Change-Id: I18a41bb9fedda635c3c002a7f112578808410ef6
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Merge pull request #1392 from dp-arm/dp/cve_2018_3639

Implement workaround for CVE-2018-3639 on Cortex A57/A72/A73 and A75

Add support for dynamic mitigation for CVE-2018-3639

Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in

Add support for dynamic mitigation for CVE-2018-3639

Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in lower ELs to enable or disable the mitigation for their
execution context.

It should be noted that regardless of the state of the mitigation for
lower ELs, code executing in EL3 is always mitigated against
CVE-2018-3639.

NOTE: This change is a compatibility break for any platform using
the declare_cpu_ops_workaround_cve_2017_5715 macro. Migrate to
the declare_cpu_ops_wa macro instead.

Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Implement static workaround for CVE-2018-3639

For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mit

Implement static workaround for CVE-2018-3639

For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.

This approach permanently mitigates the entire software stack and no
additional mitigation code is required in other software components.

TF-A implements this approach for the following affected CPUs:

* Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of
`CPUACTLR_EL1` (`S3_1_C15_C2_0`).

* Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the
Technical Reference Manual (TRM)).

* Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1`
(`S3_0_C15_C1_0`).

Additionally, a new SMC interface is implemented to allow software
executing in lower ELs to discover whether the system is mitigated
against CVE-2018-3639.

Refer to "Firmware interfaces for mitigating cache speculation
vulnerabilities System Software on Arm Systems"[0] for more
information.

[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification

Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Rename symbols and files relating to CVE-2017-5715

This patch renames symbols and files relating to CVE-2017-5715 to make
it easier to introduce new symbols and files for new CVE mitigations.

Chang

Rename symbols and files relating to CVE-2017-5715

This patch renames symbols and files relating to CVE-2017-5715 to make
it easier to introduce new symbols and files for new CVE mitigations.

Change-Id: I24c23822862ca73648c772885f1690bed043dbc7
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Merge pull request #1305 from dp-arm/dp/smccc

Implement support for v1.2 of firmware interfaces spec (ARM DEN 0070A)

Fixup `SMCCC_ARCH_FEATURES` semantics

When querying `SMCCC_ARCH_WORKAROUND_1` through `SMCCC_ARCH_FEATURES`,
return either:
* -1 to indicate the PE on which `SMCCC_ARCH_FEATURES` is called
req

Fixup `SMCCC_ARCH_FEATURES` semantics

When querying `SMCCC_ARCH_WORKAROUND_1` through `SMCCC_ARCH_FEATURES`,
return either:
* -1 to indicate the PE on which `SMCCC_ARCH_FEATURES` is called
requires firmware mitigation for CVE-2017-5715 but the mitigation
is not compiled in.
* 0 to indicate that firmware mitigation is required, or
* 1 to indicate that no firmware mitigation is required.

This patch complies with v1.2 of the firmware interfaces
specification (ARM DEN 0070A).

Change-Id: Ibc32d6620efdac6c340758ec502d95554a55f02a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...