Fix MISRA Rule 5.7 Part 3

Rule 5.7: A tag name shall be a unique identifier

Follow convention of shorter names for smaller scope to fix
violations of MISRA rule 5.7

Fixed For:
make ARM_TSP_RAM

Fix MISRA Rule 5.7 Part 3

Rule 5.7: A tag name shall be a unique identifier

Follow convention of shorter names for smaller scope to fix
violations of MISRA rule 5.7

Fixed For:
make ARM_TSP_RAM_LOCATION=tdram LOG_LEVEL=50 PLAT=fvp SPD=opteed

Change-Id: I5fbb5d6ebddf169550eddb07ed880f5c8076bb76
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

show more ...

Fix MISRA Rule 5.7 Part 1

Rule 5.7: A tag name shall be a unique identifier

There were 2 amu_ctx struct type definitions:
- In lib/extensions/amu/aarch64/amu.c
- In lib/cpus/aarch64/cpuamu.

Fix MISRA Rule 5.7 Part 1

Rule 5.7: A tag name shall be a unique identifier

There were 2 amu_ctx struct type definitions:
- In lib/extensions/amu/aarch64/amu.c
- In lib/cpus/aarch64/cpuamu.c

Renamed the latter to cpuamu_ctx to avoid this name clash

To avoid violation of Rule 8.3 also change name of function
amu_ctxs to unique name (cpuamu_ctxs) since it now returns a
different type (cpuamu_ctx) than the other amu_ctxs function

Fixed for:
make LOG_LEVEL=50 PLAT=fvp

Change-Id: Ieeb7e390ec2900fd8b775bef312eda93804a43ed
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

show more ...

Fix MISRA Rule 5.3 Part 4

Use a _ prefix for macro arguments to prevent that argument from
hiding variables of the same name in the outer scope

Rule 5.3: An identifier declared in an inner scope sh

Fix MISRA Rule 5.3 Part 4

Use a _ prefix for macro arguments to prevent that argument from
hiding variables of the same name in the outer scope

Rule 5.3: An identifier declared in an inner scope shall not
hide an identifier declared in an outer scope

Fixed For:
make PLAT=fvp USE_COHERENT_MEM=0

Change-Id: If50c583d3b63799ee6852626b15be00c0f6b10a0
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

show more ...

Fix MISRA Rule 5.3 Part 2

Use a _ prefix for Macro arguments to prevent that argument from
hiding variables of the same name in the outer scope

Rule 5.3: An identifier declared in an inner scope sh

Fix MISRA Rule 5.3 Part 2

Use a _ prefix for Macro arguments to prevent that argument from
hiding variables of the same name in the outer scope

Rule 5.3: An identifier declared in an inner scope shall not
hide an identifier declared in an outer scope

Fixed For:
make LOG_LEVEL=50 PLAT=fvp

Change-Id: I67b6b05cbad4aeca65ce52981b4679b340604708
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

show more ...

Merge pull request #1391 from jts-arm/misra

MISRA rule 21.15 fix

MISRA rule 21.15 fix

Rule 21.15: The pointer arguments to the Standard Library functions
memcpy, memmove and memcmp shall be pointers to qualified or unqualified
versions of compatible t

MISRA rule 21.15 fix

Rule 21.15: The pointer arguments to the Standard Library functions
memcpy, memmove and memcmp shall be pointers to qualified or unqualified
versions of compatible types.

Basically that means that both pointer arguments must be of the same
type. However, even if the pointers passed as arguments to the above
functions are of the same type, Coverity still thinks it's a violation
if we do pointer arithmetics directly at the function call. Thus the
pointer arithmetic operations were moved outside of the function
argument.

First detected on the following configuration
make PLAT=fvp LOG_LEVEL=50

Change-Id: I8b912ec1bfa6f2d60857cb1bd453981fd7001b94
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

show more ...

Merge pull request #1397 from dp-arm/dp/cortex-a76

Add support for Cortex-A76 and Cortex-Ares

Implement dynamic mitigation for CVE-2018-3639 on Cortex-A76

The Cortex-A76 implements SMCCC_ARCH_WORKAROUND_2 as defined in
"Firmware interfaces for mitigating cache speculation vulnerabilities
Sys

Implement dynamic mitigation for CVE-2018-3639 on Cortex-A76

The Cortex-A76 implements SMCCC_ARCH_WORKAROUND_2 as defined in
"Firmware interfaces for mitigating cache speculation vulnerabilities
System Software on Arm Systems"[0].

Dynamic mitigation for CVE-2018-3639 is enabled/disabled by
setting/clearning bit 16 (Disable load pass store) of `CPUACTLR2_EL1`.

NOTE: The generic code that implements dynamic mitigation does not
currently implement the expected semantics when dispatching an SDEI
event to a lower EL. This will be fixed in a separate patch.

[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification

Change-Id: I8fb2862b9ab24d55a0e9693e48e8be4df32afb5a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Implement Cortex-Ares 1043202 erratum workaround

The workaround uses the instruction patching feature of the Ares cpu.

Change-Id: I868fce0dc0e8e41853dcce311f01ee3867aabb59
Signed-off-by: Dimitris P

Implement Cortex-Ares 1043202 erratum workaround

The workaround uses the instruction patching feature of the Ares cpu.

Change-Id: I868fce0dc0e8e41853dcce311f01ee3867aabb59
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Add AMU support for Cortex-Ares

Change-Id: Ia170c12d3929a616ba80eb7645c301066641f5cc
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Add support for Cortex-Ares and Cortex-A76 CPUs

Both Cortex-Ares and Cortex-A76 CPUs use the ARM DynamIQ Shared Unit
(DSU). The power-down and power-up sequences are therefore mostly
managed in har

Add support for Cortex-Ares and Cortex-A76 CPUs

Both Cortex-Ares and Cortex-A76 CPUs use the ARM DynamIQ Shared Unit
(DSU). The power-down and power-up sequences are therefore mostly
managed in hardware, and required software operations are simple.

Change-Id: I3a9447b5bdbdbc5ed845b20f6564d086516fa161
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>

show more ...

Fast path SMCCC_ARCH_WORKAROUND_1 calls from AArch32

When SMCCC_ARCH_WORKAROUND_1 is invoked from a lower EL running in
AArch32 state, ensure that the SMC call will take a shortcut in EL3.
This mini

Fast path SMCCC_ARCH_WORKAROUND_1 calls from AArch32

When SMCCC_ARCH_WORKAROUND_1 is invoked from a lower EL running in
AArch32 state, ensure that the SMC call will take a shortcut in EL3.
This minimizes the time it takes to apply the mitigation in EL3.

When lower ELs run in AArch32, it is preferred that they execute the
`BPIALL` instruction to invalidate the BTB. However, on some cores
the `BPIALL` instruction may be a no-op and thus would benefit from
making the SMCCC_ARCH_WORKAROUND_1 call go through the fast path.

Change-Id: Ia38abd92efe2c4b4a8efa7b70f260e43c5bda8a5
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Merge pull request #1392 from dp-arm/dp/cve_2018_3639

Implement workaround for CVE-2018-3639 on Cortex A57/A72/A73 and A75

context_mgmt: Make cm_init_context_common public

This function can be currently accessed through the wrappers
cm_init_context_by_index() and cm_init_my_context(). However, they only
work on contexts

context_mgmt: Make cm_init_context_common public

This function can be currently accessed through the wrappers
cm_init_context_by_index() and cm_init_my_context(). However, they only
work on contexts that are associated to a CPU.

By making this function public, it is possible to set up a context that
isn't associated to any CPU. For consistency, it has been renamed to
cm_setup_context().

Change-Id: Ib2146105abc8137bab08745a8adb30ca2c4cedf4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Add support for dynamic mitigation for CVE-2018-3639

Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in

Add support for dynamic mitigation for CVE-2018-3639

Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in lower ELs to enable or disable the mitigation for their
execution context.

It should be noted that regardless of the state of the mitigation for
lower ELs, code executing in EL3 is always mitigated against
CVE-2018-3639.

NOTE: This change is a compatibility break for any platform using
the declare_cpu_ops_workaround_cve_2017_5715 macro. Migrate to
the declare_cpu_ops_wa macro instead.

Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

aarch32: Implement static workaround for CVE-2018-3639

Implement static mitigation for CVE-2018-3639 on
Cortex A57 and A72.

Change-Id: I83409a16238729b84142b19e258c23737cc1ddc3
Signed-off-by: Dimit

aarch32: Implement static workaround for CVE-2018-3639

Implement static mitigation for CVE-2018-3639 on
Cortex A57 and A72.

Change-Id: I83409a16238729b84142b19e258c23737cc1ddc3
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Implement static workaround for CVE-2018-3639

For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mit

Implement static workaround for CVE-2018-3639

For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.

This approach permanently mitigates the entire software stack and no
additional mitigation code is required in other software components.

TF-A implements this approach for the following affected CPUs:

* Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of
`CPUACTLR_EL1` (`S3_1_C15_C2_0`).

* Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the
Technical Reference Manual (TRM)).

* Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1`
(`S3_0_C15_C1_0`).

Additionally, a new SMC interface is implemented to allow software
executing in lower ELs to discover whether the system is mitigated
against CVE-2018-3639.

Refer to "Firmware interfaces for mitigating cache speculation
vulnerabilities System Software on Arm Systems"[0] for more
information.

[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification

Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Rename symbols and files relating to CVE-2017-5715

This patch renames symbols and files relating to CVE-2017-5715 to make
it easier to introduce new symbols and files for new CVE mitigations.

Chang

Rename symbols and files relating to CVE-2017-5715

This patch renames symbols and files relating to CVE-2017-5715 to make
it easier to introduce new symbols and files for new CVE mitigations.

Change-Id: I24c23822862ca73648c772885f1690bed043dbc7
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Merge pull request #1378 from vwadekar/denver-cve-2017-5715

CVE-2017-5715 mitigation for Denver CPUs

Workaround for CVE-2017-5715 on NVIDIA Denver CPUs

Flush the indirect branch predictor and RSB on entry to EL3 by issuing
a newly added instruction for Denver CPUs. Support for this operation
can be

Workaround for CVE-2017-5715 on NVIDIA Denver CPUs

Flush the indirect branch predictor and RSB on entry to EL3 by issuing
a newly added instruction for Denver CPUs. Support for this operation
can be determined by comparing bits 19:16 of ID_AFR0_EL1 with 0b0001.

To achieve this without performing any branch instruction, a per-cpu
vbar is installed which executes the workaround and then branches off
to the corresponding vector entry in the main vector table. A side
effect of this change is that the main vbar is configured before any
reset handling. This is to allow the per-cpu reset function to override
the vbar setting.

Change-Id: Ief493cd85935bab3cfee0397e856db5101bc8011
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Merge pull request #1376 from vwadekar/cm-init-actlr-el1

lib: el3_runtime: initialise actlr_el1 to hardware defaults

Merge pull request #1373 from jeenu-arm/ras-support

RAS support

lib: el3_runtime: initialise actlr_el1 to hardware defaults

The context management library initialises the CPU context for the
secure/non-secure worlds to zero. This leads to zeros being stored
to t

lib: el3_runtime: initialise actlr_el1 to hardware defaults

The context management library initialises the CPU context for the
secure/non-secure worlds to zero. This leads to zeros being stored
to the actual registers when we restore the CPU context, during a
world switch. Denver CPUs dont expect zero to be written to the
implementation defined, actlr_el1 register, at any point of time.
Writing a zero to some fields of this register, results in an
UNDEFINED exception.

This patch bases the context actlr_el1 value on the actual hardware
register, to maintain parity with the expected settings

Change-Id: I1c806d7ff12daa7fd1e5c72825494b81454948f2
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Merge pull request #1377 from robertovargas-arm/compiler-warnings

Compiler warnings

Don't use variables as tf_printf format strings

Using variables as format strings can generate security problems when
the user can control those strings. Some compilers generate warnings
in that cas

Don't use variables as tf_printf format strings

Using variables as format strings can generate security problems when
the user can control those strings. Some compilers generate warnings
in that cases, even when the variables are constants and are not
controlled by the user.

Change-Id: I65dee1d1b66feab38cbf298290a86fa56e6cca40
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

show more ...