Merge changes from topic "ar/smccc_arch_wa_4" into integration

* changes:
docs(security): update CVE-2024-7881 affected CPU revisions
fix(security): update Neoverse-V2 fix version for CVE-2024-7

Merge changes from topic "ar/smccc_arch_wa_4" into integration

* changes:
docs(security): update CVE-2024-7881 affected CPU revisions
fix(security): update Neoverse-V2 fix version for CVE-2024-7881
fix(security): update Cortex-X3 fix version for CVE-2024-7881
fix(security): update Neoverse-V3/V3AE fix version for CVE-2024-7881
fix(security): update Cortex-X925 fix version for CVE-2024-7881
fix(security): update Cortex-X4 fix version for CVE-2024-7881

show more ...

fix(security): update Cortex-X3 fix version for CVE-2024-7881

This patch updates the Cortex-X3 revisions for
which the CVE-2024-7881 [1] / Cat B erratum 3692984 [2] applies.
The erratum applies to r

fix(security): update Cortex-X3 fix version for CVE-2024-7881

This patch updates the Cortex-X3 revisions for
which the CVE-2024-7881 [1] / Cat B erratum 3692984 [2] applies.
The erratum applies to r0p0, r1p0, r1p1, r1p2 and is still open.

[1] https://developer.arm.com/documentation/110326/latest/
[2] https://developer.arm.com/documentation/SDEN-2055130/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ia1ff75602a0dfa758a223549d92ea87543fa44b6

show more ...

Merge changes from topic "gr/spectre_bhb_updates" into integration

* changes:
fix(security): fix Neoverse V2 CVE-2022-23960
fix(security): fix Cortex-X3 CVE-2022-23960
fix(security): fix Corte

Merge changes from topic "gr/spectre_bhb_updates" into integration

* changes:
fix(security): fix Neoverse V2 CVE-2022-23960
fix(security): fix Cortex-X3 CVE-2022-23960
fix(security): fix Cortex-A715 CVE-2022-23960
fix(security): fix spectre bhb loop count for Cortex-A720

show more ...

fix(security): fix Cortex-X3 CVE-2022-23960

Apply CVE-2022-23960 mitigation to Cortex-X3, revision r1p0 and earlier only.
Ref - https://developer.arm.com/documentation/110280/latest/

Change-Id: I3d

fix(security): fix Cortex-X3 CVE-2022-23960

Apply CVE-2022-23960 mitigation to Cortex-X3, revision r1p0 and earlier only.
Ref - https://developer.arm.com/documentation/110280/latest/

Change-Id: I3d46fa70c80129ca0085d8245ee013f11a8842e3
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge "fix(cpus): check minor revision before applying runtime errata" into integration

fix(cpus): check minor revision before applying runtime errata

Patch db9ee83432 removed cpu_rev checking for runtime errata
within cpu functions with the argument that if we're in the cpu file,
we'v

fix(cpus): check minor revision before applying runtime errata

Patch db9ee83432 removed cpu_rev checking for runtime errata
within cpu functions with the argument that if we're in the cpu file,
we've already check the MIDR and matched against the CPU. However, that
also removes the revision check which being in the cpu file does not
guarantee. Reintroduce the MIDR checking so that the revision check
happens and errata can be skipped if they don't apply.

Change-Id: I46b2ba8b524a073e02b4b5de641ae97795bc176b
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "ar/x3_errata" into integration

* changes:
fix(cpus): workaround for Cortex-X3 erratum 3213672
fix(cpus): workaround for Cortex-X3 erratum 3827463
fix(cpus): workaroun

Merge changes from topic "ar/x3_errata" into integration

* changes:
fix(cpus): workaround for Cortex-X3 erratum 3213672
fix(cpus): workaround for Cortex-X3 erratum 3827463
fix(cpus): workaround for Cortex-X3 erratum 3692984

show more ...

fix(cpus): workaround for Cortex-X3 erratum 3213672

Cortex-X3 erratum 3213672 is a Cat B erratum that applies to
r0p0, r1p0, r1p1 and r1p2. It is still open.

This erratum can be worked around by se

fix(cpus): workaround for Cortex-X3 erratum 3213672

Cortex-X3 erratum 3213672 is a Cat B erratum that applies to
r0p0, r1p0, r1p1 and r1p2. It is still open.

This erratum can be worked around by setting CPUACTLR_EL1[36]
before enabling icache.

SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2055130/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ia1c03217f4e1816b4e8754a090cf5bc17546be40

show more ...

fix(cpus): workaround for Cortex-X3 erratum 3827463

Cortex-X3 erratum 3827463 is a Cat B erratum that applies to
r0p0, r1p0 and r1p1. It is fixed in r1p2.

This erratum can be avoided by setting CPU

fix(cpus): workaround for Cortex-X3 erratum 3827463

Cortex-X3 erratum 3827463 is a Cat B erratum that applies to
r0p0, r1p0 and r1p1. It is fixed in r1p2.

This erratum can be avoided by setting CPUACTLR_EL1[1]
prior to enabling MMU. This bit will disable a branch predictor
power savings feature. Disabling this power feature
results in negligible power movement and no performance impact.

SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2055130/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I1d4a2b9641400d8b9061f7cb32a8312c3995613e

show more ...

fix(cpus): workaround for Cortex-X3 erratum 3692984

Cortex-X3 erratum 3692984 is a Cat B erratum that applies to
r0p0, r1p0, r1p1 and r1p2 and is still open.

The erratum can be avoided by disabling

fix(cpus): workaround for Cortex-X3 erratum 3692984

Cortex-X3 erratum 3692984 is a Cat B erratum that applies to
r0p0, r1p0, r1p1 and r1p2 and is still open.

The erratum can be avoided by disabling the
affected prefetcher setting CPUACTLR6_EL1[41].

SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2055130/latest/

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I054b47d33fd1ff7bde3ae12e8ee3d99e9203965f

show more ...

Merge changes from topic "ar/cve_wa_refactor" into integration

* changes:
refactor(cpus): optimize CVE checking
refactor(cpus): move errata check to common code
refactor(cpus): drop unused arg

Merge changes from topic "ar/cve_wa_refactor" into integration

* changes:
refactor(cpus): optimize CVE checking
refactor(cpus): move errata check to common code
refactor(cpus): drop unused argument forward_flag

show more ...

refactor(cpus): optimize CVE checking

This patch replaces the use of EXTRA functions
with using erratum entries check
to verify CVE mitigation application for some of
the SMCCC_ARCH_WORKAROUND_* cal

refactor(cpus): optimize CVE checking

This patch replaces the use of EXTRA functions
with using erratum entries check
to verify CVE mitigation application for some of
the SMCCC_ARCH_WORKAROUND_* calls.

Previously, EXTRA functions were individually implemented for
each SMCCC_ARCH_WORKAROUND_*, an approach that becomes unmanageable
with the increasing number of workarounds.
By looking up erratum entries for CVE check, the process is streamlined,
reducing overhead associated with creating and
maintaining EXTRA functions for each new workaround.

New Errata entries are created for SMC workarounds and
that is used to target cpus that are uniquely impacted
by SMC workarounds.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I873534e367a35c99461d0a616ff7bf856a0000af

show more ...

Merge "fix(cpus): remove errata setting PF_MODE to conservative" into integration

fix(cpus): remove errata setting PF_MODE to conservative

The erratum titled “Disabling of data prefetcher with outstanding
prefetch TLB miss might cause a deadlock” should not be handled within
TF-A

fix(cpus): remove errata setting PF_MODE to conservative

The erratum titled “Disabling of data prefetcher with outstanding
prefetch TLB miss might cause a deadlock” should not be handled within
TF-A. The current workaround attempts to follow option 2 but
misapplies it. Specifically, it statically sets PF_MODE to
conservative, which is not the recommended approach. According to the
erratum documentation, PF_MODE should be configured in conservative
mode only when we disable data prefetcher however this is not done
in TF-A and thus the workaround is not needed in TF-A.

The static setting of PF_MODE in TF-A does not correctly address the
erratum and may introduce unnecessary performance degradation on
platforms that adopt it without fully understanding its implications.

To prevent incorrect or unintended use, the current implementation of
this erratum workaround should be removed from TF-A and not adopted by
platforms.

List of Impacted CPU's with Errata Numbers and reference to SDEN -

Cortex-A78 - 2132060 - https://developer.arm.com/documentation/SDEN1401784/latest
Cortex-A78C - 2132064 - https://developer.arm.com/documentation/SDEN-2004089/latest
Cortex-A710 - 2058056 - https://developer.arm.com/documentation/SDEN-1775101/latest
Cortex-X2 - 2058056 - https://developer.arm.com/documentation/SDEN-1775100/latest
Cortex-X3 - 2070301 - https://developer.arm.com/documentation/SDEN2055130/latest
Neoverse-N2 - 2138953 - https://developer.arm.com/documentation/SDEN-1982442/latest
Neoverse-V1 - 2108267 - https://developer.arm.com/documentation/SDEN-1401781/latest
Neoverse-V2 - 2331132 - https://developer.arm.com/documentation/SDEN-2332927/latest

Change-Id: Icf4048508ae070b2df073cc46c63be058b2779df
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge "chore(cpus): rearrange cve and errata order in Cortex-X3" into integration

chore(cpus): rearrange cve and errata order in Cortex-X3

Patch sorts the errata IDs in ascending order and the
CVE-2024-5660 in order based on the year and index
for Cortex-X3.

Change-Id: I2a4baebe

chore(cpus): rearrange cve and errata order in Cortex-X3

Patch sorts the errata IDs in ascending order and the
CVE-2024-5660 in order based on the year and index
for Cortex-X3.

Change-Id: I2a4baebe0c3133528c089d999bdffa8c992f4989
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

Merge changes I3d950e72,Id315a8fe,Ib62e6e9b,I1d0475b2 into integration

* changes:
perf(cm): drop ZCR_EL3 saving and some ISBs and replace them with root context
perf(psci): get PMF timestamps wi

Merge changes I3d950e72,Id315a8fe,Ib62e6e9b,I1d0475b2 into integration

* changes:
perf(cm): drop ZCR_EL3 saving and some ISBs and replace them with root context
perf(psci): get PMF timestamps with no cache flushes if possible
perf(amu): greatly simplify AMU context management
perf(mpmm): greatly simplify MPMM enablement

show more ...

perf(mpmm): greatly simplify MPMM enablement

MPMM is a core-specific microarchitectural feature. It has been present
in every Arm core since the Cortex-A510 and has been implemented in
exactly the s

perf(mpmm): greatly simplify MPMM enablement

MPMM is a core-specific microarchitectural feature. It has been present
in every Arm core since the Cortex-A510 and has been implemented in
exactly the same way. Despite that, it is enabled more like an
architectural feature with a top level enable flag. This utilised the
identical implementation.

This duality has left MPMM in an awkward place, where its enablement
should be generic, like an architectural feature, but since it is not,
it should also be core-specific if it ever changes. One choice to do
this has been through the device tree.

This has worked just fine so far, however, recent implementations expose
a weakness in that this is rather slow - the device tree has to be read,
there's a long call stack of functions with many branches, and system
registers are read. In the hot path of PSCI CPU powerdown, this has a
significant and measurable impact. Besides it being a rather large
amount of code that is difficult to understand.

Since MPMM is a microarchitectural feature, its correct placement is in
the reset function. The essence of the current enablement is to write
CPUPPMCR_EL3.MPMM_EN if CPUPPMCR_EL3.MPMMPINCTL == 0. Replacing the C
enablement with an assembly macro in each CPU's reset function achieves
the same effect with just a single close branch and a grand total of 6
instructions (versus the old 2 branches and 32 instructions).

Having done this, the device tree entry becomes redundant. Should a core
that doesn't support MPMM arise, this can cleanly be handled in the
reset function. As such, the whole ENABLE_MPMM_FCONF and platform hooks
mechanisms become obsolete and are removed.

Change-Id: I1d0475b21a1625bb3519f513ba109284f973ffdf
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "bk/errata_speed" into integration

* changes:
refactor(cpus): declare runtime errata correctly
perf(cpus): make reset errata do fewer branches
perf(cpus): inline the i

Merge changes from topic "bk/errata_speed" into integration

* changes:
refactor(cpus): declare runtime errata correctly
perf(cpus): make reset errata do fewer branches
perf(cpus): inline the init_cpu_data_ptr function
perf(cpus): inline the reset function
perf(cpus): inline the cpu_get_rev_var call
perf(cpus): inline cpu_rev_var checks
refactor(cpus): register DSU errata with the errata framework's wrappers
refactor(cpus): convert checker functions to standard helpers
refactor(cpus): convert the Cortex-A65 to use the errata framework
fix(cpus): declare reset errata correctly

show more ...

perf(cpus): make reset errata do fewer branches

Errata application is painful for performance. For a start, it's done
when the core has just come out of reset, which means branch predictors
and cach

perf(cpus): make reset errata do fewer branches

Errata application is painful for performance. For a start, it's done
when the core has just come out of reset, which means branch predictors
and caches will be empty so a branch to a workaround function must be
fetched from memory and that round trip is very slow. Then it also runs
with the I-cache off, which means that the loop to iterate over the
workarounds must also be fetched from memory on each iteration.

We can remove both branches. First, we can simply apply every erratum
directly instead of defining a workaround function and jumping to it.
Currently, no errata that need to be applied at both reset and runtime,
with the same workaround function, exist. If the need arose in future,
this should be achievable with a reset + runtime wrapper combo.

Then, we can construct a function that applies each erratum linearly
instead of looping over the list. If this function is part of the reset
function, then the only "far" branches at reset will be for the checker
functions. Importantly, this mitigates the slowdown even when an erratum
is disabled.

The result is ~50% speedup on N1SDP and ~20% on AArch64 Juno on wakeup
from PSCI calls that end in powerdown. This is roughly back to the
baseline of v2.9, before the errata framework regressed on performance
(or a little better). It is important to note that there are other
slowdowns since then that remain unknown.

Change-Id: Ie4d5288a331b11fd648e5c4a0b652b74160b07b9
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

fix(cpus): declare reset errata correctly

The errata in this patch are declared as runtime, but are never called
explicitly. This means that they are never called! Convert them to reset
errata so th

fix(cpus): declare reset errata correctly

The errata in this patch are declared as runtime, but are never called
explicitly. This means that they are never called! Convert them to reset
errata so that they are called at reset. Their SDENs entries have been
checked and confirm that this is how they should be implemented.

Also, drop the the MIDR check on the a57 erratum as it's not needed -
the erratum is already called from a cpu-specific function.

Change-Id: I22c3043ab454ce94b3c122c856e5804bc2ebb18b
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes I765a7fa0,Ic33f0b6d,I8d1a88c7,I381f96be,I698fa849, ... into integration

* changes:
fix(cpus): clear CPUPWRCTLR_EL1.CORE_PWRDN_EN_BIT on reset
chore(docs): drop the "wfi" from `pwr_

Merge changes I765a7fa0,Ic33f0b6d,I8d1a88c7,I381f96be,I698fa849, ... into integration

* changes:
fix(cpus): clear CPUPWRCTLR_EL1.CORE_PWRDN_EN_BIT on reset
chore(docs): drop the "wfi" from `pwr_domain_pwr_down_wfi`
chore(psci): drop skip_wfi variable
feat(arm): convert arm platforms to expect a wakeup
fix(cpus): avoid SME related loss of context on powerdown
feat(psci): allow cores to wake up from powerdown
refactor: panic after calling psci_power_down_wfi()
refactor(cpus): undo errata mitigations
feat(cpus): add sysreg_bit_toggle

show more ...

Merge changes from topic "gr/errata_ICH_VMCR_EL2" into integration

* changes:
fix(cpus): workaround for Neoverse-V3 erratum 3701767
fix(cpus): workaround for Neoverse-N3 erratum 3699563
fix(cp

Merge changes from topic "gr/errata_ICH_VMCR_EL2" into integration

* changes:
fix(cpus): workaround for Neoverse-V3 erratum 3701767
fix(cpus): workaround for Neoverse-N3 erratum 3699563
fix(cpus): workaround for Neoverse-N2 erratum 3701773
fix(cpus): workaround for Cortex-X925 erratum 3701747
fix(cpus): workaround for Cortex-X4 erratum 3701758
fix(cpus): workaround for Cortex-X3 erratum 3701769
fix(cpus): workaround for Cortex-X2 erratum 3701772
fix(cpus): workaround for Cortex-A725 erratum 3699564
fix(cpus): workaround for Cortex-A720-AE erratum 3699562
fix(cpus): workaround for Cortex-A720 erratum 3699561
fix(cpus): workaround for Cortex-A715 erratum 3699560
fix(cpus): workaround for Cortex-A710 erratum 3701772
fix(cpus): workaround for accessing ICH_VMCR_EL2
chore(cpus): fix incorrect header macro

show more ...

fix(cpus): workaround for Cortex-X3 erratum 3701769

Cortex-X3 erratum 3701769 that applies to r0p0, r1p0, r1p1 and r1p2
is still Open.

The workaround is for EL3 software that performs context save/

fix(cpus): workaround for Cortex-X3 erratum 3701769

Cortex-X3 erratum 3701769 that applies to r0p0, r1p0, r1p1 and r1p2
is still Open.

The workaround is for EL3 software that performs context save/restore
on a change of Security state to use a value of SCR_EL3.NS when
accessing ICH_VMCR_EL2 that reflects the Security state that owns the
data being saved or restored.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-2055130/latest/

Change-Id: Ifd722e1bb8616ada2ad158297a7ca80b19a3370b
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

refactor(cpus): undo errata mitigations

The workarounds introduced in the three patches starting at
888eafa00b99aa06b4ff688407336811a7ff439a assumed that any powerdown
request will be (forced to be)

refactor(cpus): undo errata mitigations

The workarounds introduced in the three patches starting at
888eafa00b99aa06b4ff688407336811a7ff439a assumed that any powerdown
request will be (forced to be) terminal. This assumption can no longer
be the case for new CPUs so there is a need to revisit these older
cores. Since we may wake up, we now need to respect the workaround's
recommendation that the workaround needs to be reverted on wakeup. So do
exactly that.

Introduce a new helper to toggle bits in assembly. This allows us to
call the workaround twice, with the first call setting the workaround
and second undoing it. This is also used for gelas' an travis' powerdown
routines. This is so the same function can be called again

Also fix the condition in the cpu helper macro as it was subtly wrong

Change-Id: Iff9e5251dc9d8670d085d88c070f78991955e7c3
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...