Merge "Fix exception handlers in BL31: Use DSB to synchronize pending EA" into integration

Fix exception handlers in BL31: Use DSB to synchronize pending EA

For SoCs which do not implement RAS, use DSB as a barrier to
synchronize pending external aborts at the entry and exit of
exception

Fix exception handlers in BL31: Use DSB to synchronize pending EA

For SoCs which do not implement RAS, use DSB as a barrier to
synchronize pending external aborts at the entry and exit of
exception handlers. This is needed to isolate the SErrors to
appropriate context.

However, this introduces an unintended side effect as discussed
in the https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3440
A summary of the side effect and a quick workaround is provided as
part of this patch and summarized here:

The explicit DSB at the entry of various exception vectors in BL31
for handling exceptions from lower ELs can inadvertently trigger an
SError exception in EL3 due to pending asyncrhonouus aborts in lower
ELs. This will end up being handled by serror_sp_elx in EL3 which will
ultimately panic and die.

The way to workaround is to update a flag to indicate if the exception
truly came from EL3. This flag is allocated in the cpu_context
structure. This is not a bullet proof solution to the problem at hand
because we assume the instructions following "isb" that help to update
the flag (lines 100-102 & 139-141) execute without causing further
exceptions.

Change-Id: I4d345b07d746a727459435ddd6abb37fda24a9bf
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

show more ...

Merge changes from topic "tc0_sel2_spmc" into integration

* changes:
lib: el3_runtime: Fix SPE system registers in el2_sysregs_context
lib: el3_runtime: Conditionally save/restore EL2 NEVE regis

Merge changes from topic "tc0_sel2_spmc" into integration

* changes:
lib: el3_runtime: Fix SPE system registers in el2_sysregs_context
lib: el3_runtime: Conditionally save/restore EL2 NEVE registers
lib: el3_runtime: Fix aarch32 system registers in el2_sysregs_context

show more ...

lib: el3_runtime: Fix SPE system registers in el2_sysregs_context

Include EL2 registers related to SPE in EL2 context save/restore
routines if architecture supports it and platform wants to use thes

lib: el3_runtime: Fix SPE system registers in el2_sysregs_context

Include EL2 registers related to SPE in EL2 context save/restore
routines if architecture supports it and platform wants to use these
features in Secure world.

Change-Id: Ie01a2c38fa5f6c907276eddec120fdfb222561a6
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>

show more ...

lib: el3_runtime: Conditionally save/restore EL2 NEVE registers

Include EL2 registers related to Nested Virtualization in EL2 context
save/restore routines if architecture supports it and platform w

lib: el3_runtime: Conditionally save/restore EL2 NEVE registers

Include EL2 registers related to Nested Virtualization in EL2 context
save/restore routines if architecture supports it and platform wants to
use these features in Secure world.

Change-Id: If006ab83bbc2576488686f5ffdff88b91adced5c
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>

show more ...

lib: el3_runtime: Fix aarch32 system registers in el2_sysregs_context

AArch64-only platforms do not implement AArch32 at EL1 and higher ELs.
In such cases the build option CTX_INCLUDE_AARCH32_REGS i

lib: el3_runtime: Fix aarch32 system registers in el2_sysregs_context

AArch64-only platforms do not implement AArch32 at EL1 and higher ELs.
In such cases the build option CTX_INCLUDE_AARCH32_REGS is set to 0.
So don't save/restore aarch32 system registers in el2_sysregs_context
save/restore routines if CTX_INCLUDE_AARCH32_REGS is set to 0.

Change-Id: I229cdd46136c4b4bc9623b02eb444d904e09ce5a
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>

show more ...

Merge "runtime_exceptions: Update AT speculative workaround" into integration

Merge "el3_runtime: Rearrange context offset of EL1 sys registers" into integration

Merge "el3_runtime: Update context save and restore routines for EL1 and EL2" into integration

runtime_exceptions: Update AT speculative workaround

As per latest mailing communication [1], we decided to
update AT speculative workaround implementation in order to
disable page table walk for lo

runtime_exceptions: Update AT speculative workaround

As per latest mailing communication [1], we decided to
update AT speculative workaround implementation in order to
disable page table walk for lower ELs(EL1 or EL0) immediately
after context switching to EL3 from lower ELs.

Previous implementation of AT speculative workaround is available
here: 45aecff00

AT speculative workaround is updated as below:
1. Avoid saving and restoring of SCTLR and TCR registers for EL1
in context save and restore routine respectively.
2. On EL3 entry, save SCTLR and TCR registers for EL1.
3. On EL3 entry, update EL1 system registers to disable stage 1
page table walk for lower ELs (EL1 and EL0) and enable EL1
MMU.
4. On EL3 exit, restore SCTLR and TCR registers for EL1 which
are saved in step 2.

[1]:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-July/000586.html

Change-Id: Iee8de16f81dc970a8f492726f2ddd57e7bd9ffb5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

el3_runtime: Rearrange context offset of EL1 sys registers

SCTLR and TCR registers of EL1 plays role in enabling/disabling of
page table walk for lower ELs (EL0 and EL1).
Hence re-arranged EL1 conte

el3_runtime: Rearrange context offset of EL1 sys registers

SCTLR and TCR registers of EL1 plays role in enabling/disabling of
page table walk for lower ELs (EL0 and EL1).
Hence re-arranged EL1 context offsets to have SCTLR and TCR registers
values one after another in the stack so that these registers values
can be saved and restored using stp and ldp instruction respectively.

Change-Id: Iaa28fd9eba82a60932b6b6d85ec8857a9acd5f8b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

el3_runtime: Update context save and restore routines for EL1 and EL2

As per latest mailing communication [1], we decided
not to update SCTLR and TCR registers in EL1 and EL2 context
restore routine

el3_runtime: Update context save and restore routines for EL1 and EL2

As per latest mailing communication [1], we decided
not to update SCTLR and TCR registers in EL1 and EL2 context
restore routine when AT speculative workaround is enabled
hence reverted the changes done as part of this commit: 45aecff00.

[1]:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-July/000586.html

Change-Id: I8c5f31d81fcd53770a610e302a5005d98772b71f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "Fix exception in save/restore of EL2 registers." into integration

Fix exception in save/restore of EL2 registers.

Removing FPEXC32_EL2 from the register save/restore routine for EL2
registers since it is already a part of save/restore routine for
fpregs.

Signed-o

Fix exception in save/restore of EL2 registers.

Removing FPEXC32_EL2 from the register save/restore routine for EL2
registers since it is already a part of save/restore routine for
fpregs.

Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: I5ed45fdbf7c8efa8dcfcd96586328d4f6b256bc4

show more ...

Merge "Implement workaround for AT speculative behaviour" into integration

Implement workaround for AT speculative behaviour

During context switching from higher EL (EL2 or higher)
to lower EL can cause incorrect translation in TLB due to
speculative execution of AT instru

Implement workaround for AT speculative behaviour

During context switching from higher EL (EL2 or higher)
to lower EL can cause incorrect translation in TLB due to
speculative execution of AT instruction using out-of-context
translation regime.

Workaround is implemented as below during EL's (EL1 or EL2)
"context_restore" operation:
1. Disable page table walk using SCTLR.M and TCR.EPD0 & EPD1
bits for EL1 or EL2 (stage1 and stage2 disabled)
2. Save all system registers except TCR and SCTLR (for EL1 and EL2)
3. Do memory barrier operation (isb) to ensure all
system register writes are done.
4. Restore TCR and SCTLR registers (for EL1 and EL2)

Errata details are available for various CPUs as below:
Cortex-A76: 1165522
Cortex-A72: 1319367
Cortex-A57: 1319537
Cortex-A55: 1530923
Cortex-A53: 1530924

More details can be found in mail-chain:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-April/000445.html

Currently, Workaround is implemented as build option which is default
disabled.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: If8545e61f782cb0c2dda7ffbaf50681c825bd2f0

show more ...

Merge "context: TPIDR_EL2 register not saved/restored" into integration

context: TPIDR_EL2 register not saved/restored

TPIDR_EL2 is missing from the EL2 state register save/restore
sequence. This patch adds it to the context save restore routines.

Signed-off-by: Olivie

context: TPIDR_EL2 register not saved/restored

TPIDR_EL2 is missing from the EL2 state register save/restore
sequence. This patch adds it to the context save restore routines.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I35fc5ee82f97b72bcedac57c791312e7b3a45251

show more ...

Merge changes from topic "spmd-sel2" into integration

* changes:
SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
SPMD: smc handler qualify secure origin using booleans
SPMD: SPMC

Merge changes from topic "spmd-sel2" into integration

* changes:
SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
SPMD: smc handler qualify secure origin using booleans
SPMD: SPMC init, SMC handler cosmetic changes
SPMD: [tegra] rename el1_sys_regs structure to sys_regs
SPMD: Adds partially supported EL2 registers.
SPMD: save/restore EL2 system registers.

show more ...

SPMD: Adds partially supported EL2 registers.

This patch adds EL2 registers that are supported up to ARMv8.6.
ARM_ARCH_MINOR has to specified to enable save/restore routine.

Note: Following registe

SPMD: Adds partially supported EL2 registers.

This patch adds EL2 registers that are supported up to ARMv8.6.
ARM_ARCH_MINOR has to specified to enable save/restore routine.

Note: Following registers are still not covered in save/restore.
* AMEVCNTVOFF0<n>_EL2
* AMEVCNTVOFF1<n>_EL2
* ICH_AP0R<n>_EL2
* ICH_AP1R<n>_EL2
* ICH_LR<n>_EL2

Change-Id: I4813f3243e56e21cb297b31ef549a4b38d4876e1
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>

show more ...

SPMD: save/restore EL2 system registers.

NOTE: Not all EL-2 system registers are saved/restored.
This subset includes registers recognized by ARMv8.0

Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283a

SPMD: save/restore EL2 system registers.

NOTE: Not all EL-2 system registers are saved/restored.
This subset includes registers recognized by ARMv8.0

Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>

show more ...

Merge "Prevent speculative execution past ERET" into integration

Prevent speculative execution past ERET

Even though ERET always causes a jump to another address, aarch64 CPUs
speculatively execute following instructions as if the ERET
instruction was not a jump

Prevent speculative execution past ERET

Even though ERET always causes a jump to another address, aarch64 CPUs
speculatively execute following instructions as if the ERET
instruction was not a jump instruction.
The speculative execution does not cross privilege-levels (to the jump
target as one would expect), but it continues on the kernel privilege
level as if the ERET instruction did not change the control flow -
thus execution anything that is accidentally linked after the ERET
instruction. Later, the results of this speculative execution are
always architecturally discarded, however they can leak data using
microarchitectural side channels. This speculative execution is very
reliable (seems to be unconditional) and it manages to complete even
relatively performance-heavy operations (e.g. multiple dependent
fetches from uncached memory).

This was fixed in Linux, FreeBSD, OpenBSD and Optee OS:
https://github.com/torvalds/linux/commit/679db70801da9fda91d26caf13bf5b5ccc74e8e8
https://github.com/freebsd/freebsd/commit/29fb48ace4186a41c409fde52bcf4216e9e50b61
https://github.com/openbsd/src/commit/3a08873ece1cb28ace89fd65e8f3c1375cc98de2
https://github.com/OP-TEE/optee_os/commit/abfd092aa19f9c0251e3d5551e2d68a9ebcfec8a

It is demonstrated in a SafeSide example:
https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc
https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c

Signed-off-by: Anthony Steinhauser <asteinhauser@google.com>
Change-Id: Iead39b0b9fb4b8d8b5609daaa8be81497ba63a0f

show more ...

Merge "aarch64: Fix stack pointer maintenance on EA handling path" into integration

aarch64: Fix stack pointer maintenance on EA handling path

EA handlers for exceptions taken from lower ELs at the end invokes
el3_exit function. However there was a bug with sp maintenance which
res

aarch64: Fix stack pointer maintenance on EA handling path

EA handlers for exceptions taken from lower ELs at the end invokes
el3_exit function. However there was a bug with sp maintenance which
resulted in el3_exit setting runtime stack to context. This in turn
caused memory corruption on consecutive EL3 entries.

Signed-off-by: Jan Dabros <jsd@semihalf.com>
Change-Id: I0424245c27c369c864506f4baa719968890ce659

show more ...