feat(cpufeat): enable FEAT_AIE support

Implement support for FEAT_AIE, which introduces the AMAIR2_ELx and
MAIR2_ELx system registers, extending the memory attributes described
by {A}MAIR_ELx.
Those

feat(cpufeat): enable FEAT_AIE support

Implement support for FEAT_AIE, which introduces the AMAIR2_ELx and
MAIR2_ELx system registers, extending the memory attributes described
by {A}MAIR_ELx.
Those system registers are trapped by the SCR_EL3.AIEn bit, so set the
bit for the non-secure world context to allow OSes to use the feature.

This is controlled by the ENABLE_FEAT_AIE build flag, which follows the
usual semantics of 2 meaning the feature being runtime detected.
Let the default for this flag be 0, but set it to 2 for the FVP.

Change-Id: Iba2011719013a89f9cb3a4317bde18254f45cd25
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

refactor(build): avoid implicit pattern rules

This change translates any implicit pattern rules into the equivalent
static pattern rules, i.e. rules like:

%.o: %.s
...

... become:

refactor(build): avoid implicit pattern rules

This change translates any implicit pattern rules into the equivalent
static pattern rules, i.e. rules like:

%.o: %.s
...

... become:

$(OBJS): %.o: %.s
...

These behave similarly, but have some subtle differences. The former
defines a rule "for any target matching %.o where there is not a more
specific rule", whereas the latter defines a rule "for these targets,
which match %.o".

Where possible it is better to use a static pattern rule as it reduces
the rule space that Make needs to search.

Change-Id: Ifba4f44bcecf4e74980c31347e192cdf1e42003e
Signed-off-by: Chris Kay <chris.kay@arm.com>

show more ...

refactor: fix workaround order for Cortex-A720

One of the Cortex-A720 errata was below the CVE workaround, this
moves it up to the correct place.

Change-Id: I6770567a9580973ceedb5911f0a495391ef9e83

refactor: fix workaround order for Cortex-A720

One of the Cortex-A720 errata was below the CVE workaround, this
moves it up to the correct place.

Change-Id: I6770567a9580973ceedb5911f0a495391ef9e839
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-A720 erratum 2729604

Cortex-A720 erratum 2729604 is a Cat B erratum that applies to
revisions r0p0 and r0p1, and is fixed in r0p2.

This workaround might impact perf

fix(cpus): workaround for Cortex-A720 erratum 2729604

Cortex-A720 erratum 2729604 is a Cat B erratum that applies to
revisions r0p0 and r0p1, and is fixed in r0p2.

This workaround might impact performance of workloads heavily
relying on floating point division or square root operations.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-2439421

Change-Id: I4567d75ba9f17146d0d7bc5cdb622bb63efadc3c
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-A720 erratum 3711910

Cortex-A720 erratum 3711910 is a Cat B erratum that applies to
revisions r0p0, r0p1 and r0p2, and is still open.

SDEN documentation:
https://de

fix(cpus): workaround for Cortex-A720 erratum 3711910

Cortex-A720 erratum 3711910 is a Cat B erratum that applies to
revisions r0p0, r0p1 and r0p2, and is still open.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-2439421

Change-Id: Id65d5ba41b96648b07c09df77fb25cc4bdb50800
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

Merge "fix(cm): remove unused macro" into integration

fix(cpus): workaround for Neoverse-V2 erratum 3701771

Neoverse-V2 erratum 3701771 that applies to r0p0, r0p1, r0p2 is
still Open.

The workaround is for EL3 software that performs context save/resto

fix(cpus): workaround for Neoverse-V2 erratum 3701771

Neoverse-V2 erratum 3701771 that applies to r0p0, r0p1, r0p2 is
still Open.

The workaround is for EL3 software that performs context save/restore
on a change of Security state to use a value of SCR_EL3.NS when
accessing ICH_VMCR_EL2 that reflects the Security state that owns the
data being saved or restored.

The mitigation is implemented in commit 7455cd172 and this patch should be applied on top of it.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-2332927/latest

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ic0ad68f7bd393bdc03343d5ba815adb23bf6a24d

show more ...

fix(security): fix Neoverse V2 CVE-2022-23960

Apply CVE-2022-23960 mitigation to Neoverse V2, revision r0p0 only.
Ref - https://developer.arm.com/documentation/110280/latest/

Change-Id: I859012281f

fix(security): fix Neoverse V2 CVE-2022-23960

Apply CVE-2022-23960 mitigation to Neoverse V2, revision r0p0 only.
Ref - https://developer.arm.com/documentation/110280/latest/

Change-Id: I859012281fc67243f050d27e364f27434389c0cf
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

fix(security): fix Cortex-X3 CVE-2022-23960

Apply CVE-2022-23960 mitigation to Cortex-X3, revision r1p0 and earlier only.
Ref - https://developer.arm.com/documentation/110280/latest/

Change-Id: I3d

fix(security): fix Cortex-X3 CVE-2022-23960

Apply CVE-2022-23960 mitigation to Cortex-X3, revision r1p0 and earlier only.
Ref - https://developer.arm.com/documentation/110280/latest/

Change-Id: I3d46fa70c80129ca0085d8245ee013f11a8842e3
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

fix(security): fix Cortex-A715 CVE-2022-23960

Apply CVE-2022-23960 mitigation to Cortex-A715, revision r1p0 and earlier only.
Ref - https://developer.arm.com/documentation/110280/latest/

Change-Id:

fix(security): fix Cortex-A715 CVE-2022-23960

Apply CVE-2022-23960 mitigation to Cortex-A715, revision r1p0 and earlier only.
Ref - https://developer.arm.com/documentation/110280/latest/

Change-Id: Ib6b704733e474824772cb27bd048b1e179d90da9
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

fix(cpus): workaround for Neoverse-V2 erratum 3841324

Neoverse-V2 erratum 3841324 is a Cat B erratum that applies to
r0p0 and r0p1. It is fixed in r0p2.

This erratum can be avoided by setting CPUAC

fix(cpus): workaround for Neoverse-V2 erratum 3841324

Neoverse-V2 erratum 3841324 is a Cat B erratum that applies to
r0p0 and r0p1. It is fixed in r0p2.

This erratum can be avoided by setting CPUACTLR_EL1[1]
prior to enabling MMU. This bit will disable a branch predictor
power savings feature. Disabling this power feature
results in negligible power movement and no performance impact.

SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2332927/latest

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I9b3a5266103e5000d207c7a270c65455d0646102

show more ...

Merge "fix(gpt): fix fill_l1_cont_desc() function" into integration

Merge "refactor(el3-runtime): move context security states to context.h" into integration

fix(cm): remove unused macro

It is never referenced.

Change-Id: I538b1f3d8660426faf5bafa68ecda2d637b0bc50
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

feat(cpufeat): enable FEAT_CPA2 for EL3

FEAT_CPA2 enables checked pointer arithmetic, which in the event
of an arithmetic overflow in pointer generation will result in a
non-canonical pointer being

feat(cpufeat): enable FEAT_CPA2 for EL3

FEAT_CPA2 enables checked pointer arithmetic, which in the event
of an arithmetic overflow in pointer generation will result in a
non-canonical pointer being generated and subsequent address fault.

Note that FEAT_CPA is a trivial implementation that exists in
some hardware purely so it can run CPA2-enabled instructions
without crashing but they don't actually have checked arithmetic,
so FEAT_CPA is not explicitly enabled in TF-A.

Change-Id: I6d2ca7a7e4b986bb9e917aa8baf8091a271c168b
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

Merge changes from topic "hm/dfs" into integration

* changes:
fix(debugfs): return negative value on error
fix(debugfs): guard against negative ch offsets

fix(debugfs): return negative value on error

The current implementation of buf_to_channel() returns 0 even on invalid
input, making it difficult for callers to distinguish between an error
and a suc

fix(debugfs): return negative value on error

The current implementation of buf_to_channel() returns 0 even on invalid
input, making it difficult for callers to distinguish between an error
and a successful zero-byte transfer.

Change the return behavior to return -1 for error conditions.

Change-Id: Id57d7fd9365f5961a72ba7633dbedd701740e7c4
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

fix(debugfs): guard against negative ch offsets

The `chan` struct’s `offset` field was previously a signed long,
allowing negative values. When used in comparisons in `buf_to_channel`,
a negative of

fix(debugfs): guard against negative ch offsets

The `chan` struct’s `offset` field was previously a signed long,
allowing negative values. When used in comparisons in `buf_to_channel`,
a negative offset would be cast to a large unsigned integer, causing the
bounds check to silently fail. This could allow a negative offset to
bypass validation and lead to an out-of-bounds access during operations
like `memcpy`.

This patch changes the `offset` field to `unsigned long` and updates
affected functions to use the correct types, ensuring all offset
comparisons are safe and negative values are disallowed at the type
level.

Change-Id: I5d37bbd2fe6d7d3a19628c1a0376c3bf83947f27
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Reported-by: Bartek Piekarski <bartek.piekarski@arm.com>

show more ...

refactor(el3-runtime): streamline cpu_data assembly offsets using the cpu_ops template

The cpu_data structure, just like cpu_ops, is collection of disparate
data that must be accessible from both C

refactor(el3-runtime): streamline cpu_data assembly offsets using the cpu_ops template

The cpu_data structure, just like cpu_ops, is collection of disparate
data that must be accessible from both C and assembly. Achieving this is
tricky as there is no way to export structure offsets from C directly so
they must be manually recreated with `#define`s and asserts. However,
the cpu_data structure is quite old and the assembly offsets are a
patchwork of additions and extremely difficult to reason with and
modify. In fact, certain currently unused builds with
ENABLE_RUNTIME_INSTRUMENTATION=1 fail to build.

To untangle this, convert the assembly offsets to the pattern used for
the cpu_ops structure. That is, first define the sizes of every member,
as generically as possible, and then chain their offsets one after the
other. To make sure this is always correct, add a CASSERT for the offset
of every member. This makes it easy to modify the structure and fixes
the build failures.

Change-Id: I61aeb55e9c494896663a3c719c10e3c072f56349
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

refactor(el3-runtime): move context security states to context.h

The three security states (S, NS, RL) are architecturally quite
consistent - anything that uses them has the same numerical assignmen

refactor(el3-runtime): move context security states to context.h

The three security states (S, NS, RL) are architecturally quite
consistent - anything that uses them has the same numerical assignments
(0, 1, 2) and they are quite convenient for indexing. However, we're not
as consistent in tf-a and this is defined in a few places. Since
cpu_data has a dependency on the context management library, use its
security state convention in a few more places and take away this
responsibility from cpu_data.

Change-Id: Iec73b2be2eef91975554767557de72424d0031f1
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

fix(cpus): workaround for Cortex-A510 erratum 3704847

Cortex-A510 erratum 3704847 is a Cat B erratum that applies to
revisions r0p0, r0p1, r0p2, r0p3, r1p0, r1p1, r1p2 and r1p3, and
is still open.

fix(cpus): workaround for Cortex-A510 erratum 3704847

Cortex-A510 erratum 3704847 is a Cat B erratum that applies to
revisions r0p0, r0p1, r0p2, r0p3, r1p0, r1p1, r1p2 and r1p3, and
is still open.

The workaround is to set bit 9 in CPUACTLR_EL1.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1873361/latest/

Change-Id: I2c7c8da9c66471115b5bf8fb5c87d4de46ca265c
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-A510 erratum 3672349

Cortex-A510 erratum 3672349 is a Cat B erratum that applies to
revisions r0p0, r0p1, r0p2, r0p3, r1p0, r1p1, r1p2 and r1p3, and
is still open.

fix(cpus): workaround for Cortex-A510 erratum 3672349

Cortex-A510 erratum 3672349 is a Cat B erratum that applies to
revisions r0p0, r0p1, r0p2, r0p3, r1p0, r1p1, r1p2 and r1p3, and
is still open.

The workaround is to clear the WFE_RET_CTRL and WFI_RET_CTRL fields
in CPUPWRCTLR_EL1 to disable full retention.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1873361/latest/

Change-Id: I9786ab8843a2eab45e650c6af50b6933481527ec
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-A510 erratum 2420992

Cortex-A510 erratum 2420992 is a Cat B erratum that applies only to
revisions r1p0 and r1p1, and is fixed in r1p1.

The workaround is to set bit

fix(cpus): workaround for Cortex-A510 erratum 2420992

Cortex-A510 erratum 2420992 is a Cat B erratum that applies only to
revisions r1p0 and r1p1, and is fixed in r1p1.

The workaround is to set bit 3 in CPUACTLR3_EL1 which will have no
performance impact, but will increase power consumption by 0.3-0.5%.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1873361/latest/

Change-Id: Ia76ba2431d76f14c08b95a998806986190d682c3
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-A510 erratum 2218134

Cortex-A510 erratum 2218134 is a Cat B erratum that applies only to
revision r1p0 and is fixed in r1p1.

The workaround is to set bit 43 in CPUA

fix(cpus): workaround for Cortex-A510 erratum 2218134

Cortex-A510 erratum 2218134 is a Cat B erratum that applies only to
revision r1p0 and is fixed in r1p1.

The workaround is to set bit 43 in CPUACTLR2_EL1 which will correct
the instruction fetch stream with no performance impact.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1873361/latest/

Change-Id: Ifec40dee2f7e42c56c9ed447b6b1997b170f9453
Signed-off-by: John Powell <john.powell@arm.com>

show more ...

fix(cpus): workaround for Cortex-A510 erratum 2169012

Cortex-A510 erratum 2169012 is a Cat B erratum that applies to
revisions r0p0, r0p1, r0p2, r0p3 and r1p0, and is fixed in r1p1.

This erratum ha

fix(cpus): workaround for Cortex-A510 erratum 2169012

Cortex-A510 erratum 2169012 is a Cat B erratum that applies to
revisions r0p0, r0p1, r0p2, r0p3 and r1p0, and is fixed in r1p1.

This erratum has an identical workaround to 1922240 and resolves
a similar issue, but that erratum only applies to r0p0 which is
not used in any production hardware, so it has been removed.

This workaround has a negligible performance impact.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-1873361/latest/

Change-Id: Ifdd59c09e84252dc292600630d81d32986fd6c0c
Signed-off-by: John Powell <john.powell@arm.com>

show more ...