xref: /rk3399_ARM-atf/lib/el3_runtime/aarch64/context.S (revision 06f3c7058c42a9f1a9f7df75ea2de71a000855e8) 
1/*
2 * Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <arch.h>
8#include <asm_macros.S>
9#include <assert_macros.S>
10#include <context.h>
11#include <el3_common_macros.S>
12#include <platform_def.h>
13
14#if CTX_INCLUDE_FPREGS
15	.global	fpregs_context_save
16	.global	fpregs_context_restore
17#endif /* CTX_INCLUDE_FPREGS */
18
19#if CTX_INCLUDE_SVE_REGS
20	.global sve_context_save
21	.global sve_context_restore
22#endif /* CTX_INCLUDE_SVE_REGS */
23
24#if ERRATA_SPECULATIVE_AT
25	.global save_and_update_ptw_el1_sys_regs
26#endif /* ERRATA_SPECULATIVE_AT */
27
28	.global	prepare_el3_entry
29	.global	restore_gp_pmcr_pauth_regs
30	.global	el3_exit
31
32/* Following macros will be used if any of CTX_INCLUDE_FPREGS or CTX_INCLUDE_SVE_REGS is enabled */
33#if CTX_INCLUDE_FPREGS || CTX_INCLUDE_SVE_REGS
34.macro fpregs_state_save base:req hold:req
35	mrs	\hold, fpsr
36	str	\hold, [\base, #CTX_SIMD_FPSR]
37
38	mrs	\hold, fpcr
39	str	\hold, [\base, #CTX_SIMD_FPCR]
40
41#if CTX_INCLUDE_AARCH32_REGS && CTX_INCLUDE_FPREGS
42	mrs	\hold, fpexc32_el2
43	str	\hold, [\base, #CTX_SIMD_FPEXC32]
44#endif
45.endm
46
47.macro fpregs_state_restore base:req hold:req
48	ldr	\hold, [\base, #CTX_SIMD_FPSR]
49	msr	fpsr, \hold
50
51	ldr	\hold, [\base, #CTX_SIMD_FPCR]
52	msr	fpcr, \hold
53
54#if CTX_INCLUDE_AARCH32_REGS && CTX_INCLUDE_FPREGS
55	ldr	\hold, [\base, #CTX_SIMD_FPEXC32]
56	msr	fpexc32_el2, \hold
57#endif
58.endm
59
60#endif /* CTX_INCLUDE_FPREGS || CTX_INCLUDE_SVE_REGS */
61
62/* ------------------------------------------------------------------
63 * The following function follows the aapcs_64 strictly to use
64 * x9-x17 (temporary caller-saved registers according to AArch64 PCS)
65 * to save floating point register context. It assumes that 'x0' is
66 * pointing to a 'fp_regs' structure where the register context will
67 * be saved.
68 *
69 * Access to VFP registers will trap if CPTR_EL3.TFP is set.
70 * However currently we don't use VFP registers nor set traps in
71 * Trusted Firmware, and assume it's cleared.
72 *
73 * TODO: Revisit when VFP is used in secure world
74 * ------------------------------------------------------------------
75 */
76#if CTX_INCLUDE_FPREGS
77func fpregs_context_save
78.arch_extension fp
79	/* Temporarily enable floating point */
80
81	/* Save x0 and pass its original value to fpregs_state_save */
82	mov	x1, x0
83
84	stp	q0, q1, [x0], #32
85	stp	q2, q3, [x0], #32
86	stp	q4, q5, [x0], #32
87	stp	q6, q7, [x0], #32
88	stp	q8, q9, [x0], #32
89	stp	q10, q11, [x0], #32
90	stp	q12, q13, [x0], #32
91	stp	q14, q15, [x0], #32
92	stp	q16, q17, [x0], #32
93	stp	q18, q19, [x0], #32
94	stp	q20, q21, [x0], #32
95	stp	q22, q23, [x0], #32
96	stp	q24, q25, [x0], #32
97	stp	q26, q27, [x0], #32
98	stp	q28, q29, [x0], #32
99	stp	q30, q31, [x0], #32
100
101	fpregs_state_save x1, x9
102
103.arch_extension nofp
104	ret
105endfunc fpregs_context_save
106
107/* ------------------------------------------------------------------
108 * The following function follows the aapcs_64 strictly to use x9-x17
109 * (temporary caller-saved registers according to AArch64 PCS) to
110 * restore floating point register context. It assumes that 'x0' is
111 * pointing to a 'fp_regs' structure from where the register context
112 * will be restored.
113 *
114 * Access to VFP registers will trap if CPTR_EL3.TFP is set.
115 * However currently we don't use VFP registers nor set traps in
116 * Trusted Firmware, and assume it's cleared.
117 *
118 * TODO: Revisit when VFP is used in secure world
119 * ------------------------------------------------------------------
120 */
121func fpregs_context_restore
122.arch_extension fp
123	/* Temporarily enable floating point */
124
125	/* Save x0 and pass its original value to fpregs_state_restore */
126	mov	x1, x0
127
128	ldp	q0, q1, [x0], #32
129	ldp	q2, q3, [x0], #32
130	ldp	q4, q5, [x0], #32
131	ldp	q6, q7, [x0], #32
132	ldp	q8, q9, [x0], #32
133	ldp	q10, q11, [x0], #32
134	ldp	q12, q13, [x0], #32
135	ldp	q14, q15, [x0], #32
136	ldp	q16, q17, [x0], #32
137	ldp	q18, q19, [x0], #32
138	ldp	q20, q21, [x0], #32
139	ldp	q22, q23, [x0], #32
140	ldp	q24, q25, [x0], #32
141	ldp	q26, q27, [x0], #32
142	ldp	q28, q29, [x0], #32
143	ldp	q30, q31, [x0], #32
144
145	fpregs_state_restore x1, x9
146
147.arch_extension nofp
148	ret
149endfunc fpregs_context_restore
150#endif /* CTX_INCLUDE_FPREGS */
151
152#if CTX_INCLUDE_SVE_REGS
153/*
154 * Helper macros for SVE predicates save/restore operations.
155 */
156.macro sve_predicate_op op:req reg:req
157	\op p0, [\reg, #0, MUL VL]
158	\op p1, [\reg, #1, MUL VL]
159	\op p2, [\reg, #2, MUL VL]
160	\op p3, [\reg, #3, MUL VL]
161	\op p4, [\reg, #4, MUL VL]
162	\op p5, [\reg, #5, MUL VL]
163	\op p6, [\reg, #6, MUL VL]
164	\op p7, [\reg, #7, MUL VL]
165	\op p8, [\reg, #8, MUL VL]
166	\op p9, [\reg, #9, MUL VL]
167	\op p10, [\reg, #10, MUL VL]
168	\op p11, [\reg, #11, MUL VL]
169	\op p12, [\reg, #12, MUL VL]
170	\op p13, [\reg, #13, MUL VL]
171	\op p14, [\reg, #14, MUL VL]
172	\op p15, [\reg, #15, MUL VL]
173.endm
174
175.macro sve_vectors_op op:req reg:req
176	\op z0, [\reg, #0, MUL VL]
177	\op z1, [\reg, #1, MUL VL]
178	\op z2, [\reg, #2, MUL VL]
179	\op z3, [\reg, #3, MUL VL]
180	\op z4, [\reg, #4, MUL VL]
181	\op z5, [\reg, #5, MUL VL]
182	\op z6, [\reg, #6, MUL VL]
183	\op z7, [\reg, #7, MUL VL]
184	\op z8, [\reg, #8, MUL VL]
185	\op z9, [\reg, #9, MUL VL]
186	\op z10, [\reg, #10, MUL VL]
187	\op z11, [\reg, #11, MUL VL]
188	\op z12, [\reg, #12, MUL VL]
189	\op z13, [\reg, #13, MUL VL]
190	\op z14, [\reg, #14, MUL VL]
191	\op z15, [\reg, #15, MUL VL]
192	\op z16, [\reg, #16, MUL VL]
193	\op z17, [\reg, #17, MUL VL]
194	\op z18, [\reg, #18, MUL VL]
195	\op z19, [\reg, #19, MUL VL]
196	\op z20, [\reg, #20, MUL VL]
197	\op z21, [\reg, #21, MUL VL]
198	\op z22, [\reg, #22, MUL VL]
199	\op z23, [\reg, #23, MUL VL]
200	\op z24, [\reg, #24, MUL VL]
201	\op z25, [\reg, #25, MUL VL]
202	\op z26, [\reg, #26, MUL VL]
203	\op z27, [\reg, #27, MUL VL]
204	\op z28, [\reg, #28, MUL VL]
205	\op z29, [\reg, #29, MUL VL]
206	\op z30, [\reg, #30, MUL VL]
207	\op z31, [\reg, #31, MUL VL]
208.endm
209
210/* ------------------------------------------------------------------
211 * The following function follows the aapcs_64 strictly to use x9-x17
212 * (temporary caller-saved registers according to AArch64 PCS) to
213 * restore SVE register context. It assumes that 'x0' is
214 * pointing to a 'sve_regs_t' structure to which the register context
215 * will be saved.
216 * ------------------------------------------------------------------
217 */
218func sve_context_save
219.arch_extension sve
220	/* Predicate registers */
221	mov x13, #CTX_SIMD_PREDICATES
222	add	x9, x0, x13
223	sve_predicate_op str, x9
224
225	/* Save FFR after predicates */
226	mov x13, #CTX_SIMD_FFR
227	add	x9, x0, x13
228	rdffr   p0.b
229	str	p0, [x9]
230
231	/* Save vector registers */
232	mov x13, #CTX_SIMD_VECTORS
233	add	x9, x0, x13
234	sve_vectors_op  str, x9
235.arch_extension nosve
236
237	/* Save FPSR, FPCR and FPEXC32 */
238	fpregs_state_save x0, x9
239
240	ret
241endfunc sve_context_save
242
243/* ------------------------------------------------------------------
244 * The following function follows the aapcs_64 strictly to use x9-x17
245 * (temporary caller-saved registers according to AArch64 PCS) to
246 * restore SVE register context. It assumes that 'x0' is pointing to
247 * a 'sve_regs_t' structure from where the register context will be
248 * restored.
249 * ------------------------------------------------------------------
250 */
251func sve_context_restore
252.arch_extension sve
253	/* Restore FFR register before predicates */
254	mov x13, #CTX_SIMD_FFR
255	add	x9, x0, x13
256	ldr	p0, [x9]
257	wrffr	p0.b
258
259	/* Restore predicate registers */
260	mov x13, #CTX_SIMD_PREDICATES
261	add	x9, x0, x13
262	sve_predicate_op ldr, x9
263
264	/* Restore vector registers */
265	mov x13, #CTX_SIMD_VECTORS
266	add	x9, x0, x13
267	sve_vectors_op	ldr, x9
268.arch_extension nosve
269
270	/* Restore FPSR, FPCR and FPEXC32 */
271	fpregs_state_restore x0, x9
272	ret
273endfunc sve_context_restore
274#endif /* CTX_INCLUDE_SVE_REGS */
275
276	/*
277	 * Set SCR_EL3.EA bit to enable SErrors at EL3
278	 */
279	.macro enable_serror_at_el3
280	mrs	x8, scr_el3
281	orr	x8, x8, #SCR_EA_BIT
282	msr	scr_el3, x8
283	.endm
284
285	/*
286	 * Set the PSTATE bits not set when the exception was taken as
287	 * described in the AArch64.TakeException() pseudocode function
288	 * in ARM DDI 0487F.c page J1-7635 to a default value.
289	 */
290	.macro set_unset_pstate_bits
291	/*
292	 * If Data Independent Timing (DIT) functionality is implemented,
293	 * always enable DIT in EL3
294	 */
295#if ENABLE_FEAT_DIT
296#if ENABLE_FEAT_DIT >= 2
297	mrs	x8, id_aa64pfr0_el1
298	and	x8, x8, #(ID_AA64PFR0_DIT_MASK << ID_AA64PFR0_DIT_SHIFT)
299	cbz	x8, 1f
300#endif
301	mov	x8, #DIT_BIT
302	msr	DIT, x8
3031:
304#endif /* ENABLE_FEAT_DIT */
305	.endm /* set_unset_pstate_bits */
306
307/*-------------------------------------------------------------------------
308 * This macro checks the ENABLE_FEAT_MPAM state, performs ID register
309 * check to see if the platform supports MPAM extension and restores MPAM3
310 * register value if it is FEAT_STATE_ENABLED/FEAT_STATE_CHECKED.
311 *
312 * This is particularly more complicated because we can't check
313 * if the platform supports MPAM  by looking for status of a particular bit
314 * in the MDCR_EL3 or CPTR_EL3 register like other extensions.
315 * ------------------------------------------------------------------------
316 */
317
318	.macro	restore_mpam3_el3
319#if ENABLE_FEAT_MPAM
320#if ENABLE_FEAT_MPAM >= 2
321	mrs x8, id_aa64pfr0_el1
322	lsr x8, x8, #(ID_AA64PFR0_MPAM_SHIFT)
323	and x8, x8, #(ID_AA64PFR0_MPAM_MASK)
324	mrs x7, id_aa64pfr1_el1
325	lsr x7, x7, #(ID_AA64PFR1_MPAM_FRAC_SHIFT)
326	and x7, x7, #(ID_AA64PFR1_MPAM_FRAC_MASK)
327	orr x7, x7, x8
328	cbz x7, no_mpam
329#endif
330	/* -----------------------------------------------------------
331	 * Restore MPAM3_EL3 register as per context state
332	 * Currently we only enable MPAM for NS world and trap to EL3
333	 * for MPAM access in lower ELs of Secure and Realm world
334	 * x9 holds address of the per_world context
335	 * -----------------------------------------------------------
336	 */
337
338	ldr	x17, [x9, #CTX_MPAM3_EL3]
339	msr	S3_6_C10_C5_0, x17 /* mpam3_el3 */
340
341no_mpam:
342#endif
343	.endm /* restore_mpam3_el3 */
344
345/* ------------------------------------------------------------------
346 * The following macro is used to save all the general purpose
347 * registers and swap the FEAT_PAUTH keys with BL31's keys in
348 * cpu_data. It also checks if the Secure Cycle Counter (PMCCNTR_EL0)
349 * is disabled in EL3/Secure (ARMv8.5-PMU), wherein PMCCNTR_EL0 needs
350 * not to be saved/restored during world switch.
351 *
352 * Ideally we would only save and restore the callee saved registers
353 * when a world switch occurs but that type of implementation is more
354 * complex. So currently we will always save and restore these
355 * registers on entry and exit of EL3.
356 * clobbers: x18
357 * ------------------------------------------------------------------
358 */
359	.macro save_gp_pmcr_pauth_regs
360	stp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
361	stp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
362	stp	x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
363	stp	x6, x7, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X6]
364	stp	x8, x9, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X8]
365	stp	x10, x11, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X10]
366	stp	x12, x13, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X12]
367	stp	x14, x15, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X14]
368	stp	x16, x17, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X16]
369	stp	x18, x19, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X18]
370	stp	x20, x21, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X20]
371	stp	x22, x23, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X22]
372	stp	x24, x25, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X24]
373	stp	x26, x27, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X26]
374	stp	x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
375	mrs	x18, sp_el0
376	str	x18, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_SP_EL0]
377
378	/* PMUv3 is presumed to be always present */
379	mrs	x9, pmcr_el0
380	str	x9, [sp, #CTX_EL3STATE_OFFSET + CTX_PMCR_EL0]
381#if CTX_INCLUDE_PAUTH_REGS
382#if CTX_INCLUDE_PAUTH_REGS == 2
383	/* Skip if not present in hardware */
384	is_feat_pauth_present_asm x9, x10
385	beq	no_pauth_\@
386#endif
387	/* ----------------------------------------------------------
388 	 * Save the ARMv8.3-PAuth keys as they are not banked
389 	 * by exception level
390	 * ----------------------------------------------------------
391	 */
392	add	x19, sp, #CTX_PAUTH_REGS_OFFSET
393
394	mrs	x20, APIAKeyLo_EL1	/* x21:x20 = APIAKey */
395	mrs	x21, APIAKeyHi_EL1
396	mrs	x22, APIBKeyLo_EL1	/* x23:x22 = APIBKey */
397	mrs	x23, APIBKeyHi_EL1
398	mrs	x24, APDAKeyLo_EL1	/* x25:x24 = APDAKey */
399	mrs	x25, APDAKeyHi_EL1
400	mrs	x26, APDBKeyLo_EL1	/* x27:x26 = APDBKey */
401	mrs	x27, APDBKeyHi_EL1
402	mrs	x28, APGAKeyLo_EL1	/* x29:x28 = APGAKey */
403	mrs	x29, APGAKeyHi_EL1
404
405	stp	x20, x21, [x19, #CTX_PACIAKEY_LO]
406	stp	x22, x23, [x19, #CTX_PACIBKEY_LO]
407	stp	x24, x25, [x19, #CTX_PACDAKEY_LO]
408	stp	x26, x27, [x19, #CTX_PACDBKEY_LO]
409	stp	x28, x29, [x19, #CTX_PACGAKEY_LO]
410#if ENABLE_PAUTH
411#if IMAGE_BL31
412	/* tpidr_el3 contains the address of the cpu_data structure */
413	mrs	x9, tpidr_el3
414	/* Load APIAKey from cpu_data */
415	ldp	x10, x11, [x9, #CPU_DATA_APIAKEY_OFFSET]
416#endif /* IMAGE_BL31 */
417
418#if IMAGE_BL1
419	/* BL1 does not use cpu_data and has dedicated storage */
420	adr_l	x9, bl1_apiakey
421	ldp	x10, x11, [x9]
422#endif /* IMAGE_BL1 */
423
424	/* Program instruction key A */
425	msr	APIAKeyLo_EL1, x10
426	msr	APIAKeyHi_EL1, x11
427no_pauth_\@:
428#endif /* ENABLE_PAUTH */
429#endif /* CTX_INCLUDE_PAUTH_REGS */
430	.endm /* save_gp_pmcr_pauth_regs */
431
432/* -----------------------------------------------------------------
433 * This function saves the context and sets the PSTATE to a known
434 * state, preparing entry to el3.
435 * Save all the general purpose and ARMv8.3-PAuth (if enabled)
436 * registers.
437 * Then set any of the PSTATE bits that are not set by hardware
438 * according to the Aarch64.TakeException pseudocode in the Arm
439 * Architecture Reference Manual to a default value for EL3.
440 * clobbers: x17
441 * -----------------------------------------------------------------
442 */
443func prepare_el3_entry
444	/*
445	 * context is about to mutate, so make sure we don't affect any still
446	 * in-flight profiling operations. We don't care that they actually
447	 * finish, that can still be later. NOP if not present
448	 */
449#if ENABLE_SPE_FOR_NS
450	psb_csync
451#endif
452#if ENABLE_TRBE_FOR_NS
453	tsb_csync
454#endif
455	isb
456	save_gp_pmcr_pauth_regs
457	setup_el3_execution_context
458	ret
459endfunc prepare_el3_entry
460
461/* ------------------------------------------------------------------
462 * This function restores ARMv8.3-PAuth (if enabled) and all general
463 * purpose registers except x30 from the CPU context.
464 * x30 register must be explicitly restored by the caller.
465 * ------------------------------------------------------------------
466 */
467func restore_gp_pmcr_pauth_regs
468#if CTX_INCLUDE_PAUTH_REGS
469#if CTX_INCLUDE_PAUTH_REGS == 2
470	/* Skip if not present in hardware */
471	is_feat_pauth_present_asm x0, x1
472	beq	no_pauth
473#endif
474 	/* Restore the ARMv8.3 PAuth keys */
475	add	x10, sp, #CTX_PAUTH_REGS_OFFSET
476
477	ldp	x0, x1, [x10, #CTX_PACIAKEY_LO]	/* x1:x0 = APIAKey */
478	ldp	x2, x3, [x10, #CTX_PACIBKEY_LO]	/* x3:x2 = APIBKey */
479	ldp	x4, x5, [x10, #CTX_PACDAKEY_LO]	/* x5:x4 = APDAKey */
480	ldp	x6, x7, [x10, #CTX_PACDBKEY_LO]	/* x7:x6 = APDBKey */
481	ldp	x8, x9, [x10, #CTX_PACGAKEY_LO]	/* x9:x8 = APGAKey */
482
483	msr	APIAKeyLo_EL1, x0
484	msr	APIAKeyHi_EL1, x1
485	msr	APIBKeyLo_EL1, x2
486	msr	APIBKeyHi_EL1, x3
487	msr	APDAKeyLo_EL1, x4
488	msr	APDAKeyHi_EL1, x5
489	msr	APDBKeyLo_EL1, x6
490	msr	APDBKeyHi_EL1, x7
491	msr	APGAKeyLo_EL1, x8
492	msr	APGAKeyHi_EL1, x9
493no_pauth:
494#endif /* CTX_INCLUDE_PAUTH_REGS */
495
496	/* PMUv3 is presumed to be always present */
497	ldr	x0, [sp, #CTX_EL3STATE_OFFSET + CTX_PMCR_EL0]
498	msr	pmcr_el0, x0
499	ldp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
500	ldp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
501	ldp	x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
502	ldp	x6, x7, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X6]
503	ldp	x8, x9, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X8]
504	ldp	x10, x11, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X10]
505	ldp	x12, x13, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X12]
506	ldp	x14, x15, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X14]
507	ldp	x16, x17, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X16]
508	ldp	x18, x19, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X18]
509	ldp	x20, x21, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X20]
510	ldp	x22, x23, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X22]
511	ldp	x24, x25, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X24]
512	ldp	x26, x27, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X26]
513	ldr	x28, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_SP_EL0]
514	msr	sp_el0, x28
515	ldp	x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
516	ret
517endfunc restore_gp_pmcr_pauth_regs
518
519#if ERRATA_SPECULATIVE_AT
520/* --------------------------------------------------------------------
521 * In case of ERRATA_SPECULATIVE_AT, save SCTLR_EL1 and TCR_EL1
522 * registers and update EL1 registers to disable stage1 and stage2
523 * page table walk.
524 * --------------------------------------------------------------------
525 */
526func save_and_update_ptw_el1_sys_regs
527	/* ----------------------------------------------------------
528	 * Save only sctlr_el1 and tcr_el1 registers
529	 * ----------------------------------------------------------
530	 */
531	mrs	x29, sctlr_el1
532	str	x29, [sp, #(CTX_ERRATA_SPEC_AT_OFFSET + CTX_ERRATA_SPEC_AT_SCTLR_EL1)]
533	mrs	x29, tcr_el1
534	str	x29, [sp, #(CTX_ERRATA_SPEC_AT_OFFSET + CTX_ERRATA_SPEC_AT_TCR_EL1)]
535
536	/* ------------------------------------------------------------
537	 * Must follow below order in order to disable page table
538	 * walk for lower ELs (EL1 and EL0). First step ensures that
539	 * page table walk is disabled for stage1 and second step
540	 * ensures that page table walker should use TCR_EL1.EPDx
541	 * bits to perform address translation. ISB ensures that CPU
542	 * does these 2 steps in order.
543	 *
544	 * 1. Update TCR_EL1.EPDx bits to disable page table walk by
545	 *    stage1.
546	 * 2. Enable MMU bit to avoid identity mapping via stage2
547	 *    and force TCR_EL1.EPDx to be used by the page table
548	 *    walker.
549	 * ------------------------------------------------------------
550	 */
551	orr	x29, x29, #(TCR_EPD0_BIT)
552	orr	x29, x29, #(TCR_EPD1_BIT)
553	msr	tcr_el1, x29
554	isb
555	mrs	x29, sctlr_el1
556	orr	x29, x29, #SCTLR_M_BIT
557	msr	sctlr_el1, x29
558	isb
559	ret
560endfunc save_and_update_ptw_el1_sys_regs
561
562#endif /* ERRATA_SPECULATIVE_AT */
563
564/* -----------------------------------------------------------------
565* The below macro returns the address of the per_world context for
566* the security state, retrieved through "get_security_state" macro.
567* The per_world context address is returned in the register argument.
568* Clobbers: x9, x10
569* ------------------------------------------------------------------
570*/
571
572.macro get_per_world_context _reg:req
573	ldr 	x10, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
574	get_security_state x9, x10
575	mov_imm	x10, (CTX_PERWORLD_EL3STATE_END - CTX_CPTR_EL3)
576	mul	x9, x9, x10
577	adrp	x10, per_world_context
578	add	x10, x10, :lo12:per_world_context
579	add	x9, x9, x10
580	mov 	\_reg, x9
581.endm
582
583/* ------------------------------------------------------------------
584 * This routine assumes that the SP_EL3 is pointing to a valid
585 * context structure from where the gp regs and other special
586 * registers can be retrieved.
587 * ------------------------------------------------------------------
588 */
589func el3_exit
590#if ENABLE_ASSERTIONS
591	/* el3_exit assumes SP_EL0 on entry */
592	mrs	x17, spsel
593	cmp	x17, #MODE_SP_EL0
594	ASM_ASSERT(eq)
595#endif /* ENABLE_ASSERTIONS */
596
597	/* ----------------------------------------------------------
598	 * Save the current SP_EL0 i.e. the EL3 runtime stack which
599	 * will be used for handling the next SMC.
600	 * Then switch to SP_EL3.
601	 * ----------------------------------------------------------
602	 */
603	mov	x17, sp
604	msr	spsel, #MODE_SP_ELX
605	str	x17, [sp, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP]
606
607	/* ----------------------------------------------------------
608	 * Restore CPTR_EL3.
609	 * ---------------------------------------------------------- */
610
611	/* The address of the per_world context is stored in x9 */
612	get_per_world_context x9
613
614	ldp	x19, x20, [x9, #CTX_CPTR_EL3]
615	msr	cptr_el3, x19
616
617#if IMAGE_BL31
618	restore_mpam3_el3
619
620#endif /* IMAGE_BL31 */
621
622#if IMAGE_BL31 && DYNAMIC_WORKAROUND_CVE_2018_3639
623	/* ----------------------------------------------------------
624	 * Restore mitigation state as it was on entry to EL3
625	 * ----------------------------------------------------------
626	 */
627	ldr	x17, [sp, #CTX_CVE_2018_3639_OFFSET + CTX_CVE_2018_3639_DISABLE]
628	cbz	x17, 1f
629	blr	x17
6301:
631#endif /* IMAGE_BL31 && DYNAMIC_WORKAROUND_CVE_2018_3639 */
632
633#if IMAGE_BL31
634	synchronize_errors
635#endif /* IMAGE_BL31 */
636
637	/* --------------------------------------------------------------
638	 * Restore MDCR_EL3, SPSR_EL3, ELR_EL3 and SCR_EL3 prior to ERET
639	 * --------------------------------------------------------------
640	 */
641	ldp	x16, x17, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
642	ldr	x18, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
643	ldr	x19, [sp, #CTX_EL3STATE_OFFSET + CTX_MDCR_EL3]
644	msr	spsr_el3, x16
645	msr	elr_el3, x17
646	msr	scr_el3, x18
647	msr	mdcr_el3, x19
648
649	restore_ptw_el1_sys_regs
650
651	/* ----------------------------------------------------------
652	 * Restore general purpose (including x30), PMCR_EL0 and
653	 * ARMv8.3-PAuth registers.
654	 * Exit EL3 via ERET to a lower exception level.
655 	 * ----------------------------------------------------------
656 	 */
657	bl	restore_gp_pmcr_pauth_regs
658	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
659
660#ifdef IMAGE_BL31
661	/* Clear the EL3 flag as we are exiting el3 */
662	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
663#endif /* IMAGE_BL31 */
664
665	exception_return
666
667endfunc el3_exit
668