xref: /rk3399_ARM-atf/lib/el3_runtime/aarch64/context.S (revision 2590e819ebccc2223b68b6ed1a4e6145f79e2ea0) 
1/*
2 * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <arch.h>
8#include <asm_macros.S>
9#include <assert_macros.S>
10#include <context.h>
11#include <el3_common_macros.S>
12#include <platform_def.h>
13
14#if CTX_INCLUDE_FPREGS
15	.global	fpregs_context_save
16	.global	fpregs_context_restore
17#endif /* CTX_INCLUDE_FPREGS */
18
19#if CTX_INCLUDE_SVE_REGS
20	.global sve_context_save
21	.global sve_context_restore
22#endif /* CTX_INCLUDE_SVE_REGS */
23
24#if ERRATA_SPECULATIVE_AT
25	.global save_and_update_ptw_el1_sys_regs
26#endif /* ERRATA_SPECULATIVE_AT */
27
28	.global	prepare_el3_entry
29	.global	restore_gp_pmcr_pauth_regs
30	.global	el3_exit
31
32/* Following macros will be used if any of CTX_INCLUDE_FPREGS or CTX_INCLUDE_SVE_REGS is enabled */
33#if CTX_INCLUDE_FPREGS || CTX_INCLUDE_SVE_REGS
34.macro fpregs_state_save base:req hold:req
35	mrs	\hold, fpsr
36	str	\hold, [\base, #CTX_SIMD_FPSR]
37
38	mrs	\hold, fpcr
39	str	\hold, [\base, #CTX_SIMD_FPCR]
40
41#if CTX_INCLUDE_AARCH32_REGS && CTX_INCLUDE_FPREGS
42	mrs	\hold, fpexc32_el2
43	str	\hold, [\base, #CTX_SIMD_FPEXC32]
44#endif
45.endm
46
47.macro fpregs_state_restore base:req hold:req
48	ldr	\hold, [\base, #CTX_SIMD_FPSR]
49	msr	fpsr, \hold
50
51	ldr	\hold, [\base, #CTX_SIMD_FPCR]
52	msr	fpcr, \hold
53
54#if CTX_INCLUDE_AARCH32_REGS && CTX_INCLUDE_FPREGS
55	ldr	\hold, [\base, #CTX_SIMD_FPEXC32]
56	msr	fpexc32_el2, \hold
57#endif
58.endm
59
60#endif /* CTX_INCLUDE_FPREGS || CTX_INCLUDE_SVE_REGS */
61
62/* ------------------------------------------------------------------
63 * The following function follows the aapcs_64 strictly to use
64 * x9-x17 (temporary caller-saved registers according to AArch64 PCS)
65 * to save floating point register context. It assumes that 'x0' is
66 * pointing to a 'fp_regs' structure where the register context will
67 * be saved.
68 *
69 * Access to VFP registers will trap if CPTR_EL3.TFP is set.
70 * However currently we don't use VFP registers nor set traps in
71 * Trusted Firmware, and assume it's cleared.
72 *
73 * TODO: Revisit when VFP is used in secure world
74 * ------------------------------------------------------------------
75 */
76#if CTX_INCLUDE_FPREGS
77func fpregs_context_save
78	/* Save x0 and pass its original value to fpregs_state_save */
79	mov	x1, x0
80
81	stp	q0, q1, [x0], #32
82	stp	q2, q3, [x0], #32
83	stp	q4, q5, [x0], #32
84	stp	q6, q7, [x0], #32
85	stp	q8, q9, [x0], #32
86	stp	q10, q11, [x0], #32
87	stp	q12, q13, [x0], #32
88	stp	q14, q15, [x0], #32
89	stp	q16, q17, [x0], #32
90	stp	q18, q19, [x0], #32
91	stp	q20, q21, [x0], #32
92	stp	q22, q23, [x0], #32
93	stp	q24, q25, [x0], #32
94	stp	q26, q27, [x0], #32
95	stp	q28, q29, [x0], #32
96	stp	q30, q31, [x0], #32
97
98	fpregs_state_save x1, x9
99
100	ret
101endfunc fpregs_context_save
102
103/* ------------------------------------------------------------------
104 * The following function follows the aapcs_64 strictly to use x9-x17
105 * (temporary caller-saved registers according to AArch64 PCS) to
106 * restore floating point register context. It assumes that 'x0' is
107 * pointing to a 'fp_regs' structure from where the register context
108 * will be restored.
109 *
110 * Access to VFP registers will trap if CPTR_EL3.TFP is set.
111 * However currently we don't use VFP registers nor set traps in
112 * Trusted Firmware, and assume it's cleared.
113 *
114 * TODO: Revisit when VFP is used in secure world
115 * ------------------------------------------------------------------
116 */
117func fpregs_context_restore
118	/* Save x0 and pass its original value to fpregs_state_restore */
119	mov	x1, x0
120
121	ldp	q0, q1, [x0], #32
122	ldp	q2, q3, [x0], #32
123	ldp	q4, q5, [x0], #32
124	ldp	q6, q7, [x0], #32
125	ldp	q8, q9, [x0], #32
126	ldp	q10, q11, [x0], #32
127	ldp	q12, q13, [x0], #32
128	ldp	q14, q15, [x0], #32
129	ldp	q16, q17, [x0], #32
130	ldp	q18, q19, [x0], #32
131	ldp	q20, q21, [x0], #32
132	ldp	q22, q23, [x0], #32
133	ldp	q24, q25, [x0], #32
134	ldp	q26, q27, [x0], #32
135	ldp	q28, q29, [x0], #32
136	ldp	q30, q31, [x0], #32
137
138	fpregs_state_restore x1, x9
139
140	ret
141endfunc fpregs_context_restore
142#endif /* CTX_INCLUDE_FPREGS */
143
144#if CTX_INCLUDE_SVE_REGS
145/*
146 * Helper macros for SVE predicates save/restore operations.
147 */
148.macro sve_predicate_op op:req reg:req
149	\op p0, [\reg, #0, MUL VL]
150	\op p1, [\reg, #1, MUL VL]
151	\op p2, [\reg, #2, MUL VL]
152	\op p3, [\reg, #3, MUL VL]
153	\op p4, [\reg, #4, MUL VL]
154	\op p5, [\reg, #5, MUL VL]
155	\op p6, [\reg, #6, MUL VL]
156	\op p7, [\reg, #7, MUL VL]
157	\op p8, [\reg, #8, MUL VL]
158	\op p9, [\reg, #9, MUL VL]
159	\op p10, [\reg, #10, MUL VL]
160	\op p11, [\reg, #11, MUL VL]
161	\op p12, [\reg, #12, MUL VL]
162	\op p13, [\reg, #13, MUL VL]
163	\op p14, [\reg, #14, MUL VL]
164	\op p15, [\reg, #15, MUL VL]
165.endm
166
167.macro sve_vectors_op op:req reg:req
168	\op z0, [\reg, #0, MUL VL]
169	\op z1, [\reg, #1, MUL VL]
170	\op z2, [\reg, #2, MUL VL]
171	\op z3, [\reg, #3, MUL VL]
172	\op z4, [\reg, #4, MUL VL]
173	\op z5, [\reg, #5, MUL VL]
174	\op z6, [\reg, #6, MUL VL]
175	\op z7, [\reg, #7, MUL VL]
176	\op z8, [\reg, #8, MUL VL]
177	\op z9, [\reg, #9, MUL VL]
178	\op z10, [\reg, #10, MUL VL]
179	\op z11, [\reg, #11, MUL VL]
180	\op z12, [\reg, #12, MUL VL]
181	\op z13, [\reg, #13, MUL VL]
182	\op z14, [\reg, #14, MUL VL]
183	\op z15, [\reg, #15, MUL VL]
184	\op z16, [\reg, #16, MUL VL]
185	\op z17, [\reg, #17, MUL VL]
186	\op z18, [\reg, #18, MUL VL]
187	\op z19, [\reg, #19, MUL VL]
188	\op z20, [\reg, #20, MUL VL]
189	\op z21, [\reg, #21, MUL VL]
190	\op z22, [\reg, #22, MUL VL]
191	\op z23, [\reg, #23, MUL VL]
192	\op z24, [\reg, #24, MUL VL]
193	\op z25, [\reg, #25, MUL VL]
194	\op z26, [\reg, #26, MUL VL]
195	\op z27, [\reg, #27, MUL VL]
196	\op z28, [\reg, #28, MUL VL]
197	\op z29, [\reg, #29, MUL VL]
198	\op z30, [\reg, #30, MUL VL]
199	\op z31, [\reg, #31, MUL VL]
200.endm
201
202/* ------------------------------------------------------------------
203 * The following function follows the aapcs_64 strictly to use x9-x17
204 * (temporary caller-saved registers according to AArch64 PCS) to
205 * restore SVE register context. It assumes that 'x0' is
206 * pointing to a 'sve_regs_t' structure to which the register context
207 * will be saved.
208 * ------------------------------------------------------------------
209 */
210func sve_context_save
211.arch_extension sve
212	/* Temporarily enable SVE */
213	mrs	x10, cptr_el3
214	orr	x11, x10, #CPTR_EZ_BIT
215	bic	x11, x11, #TFP_BIT
216	msr	cptr_el3, x11
217	isb
218
219	/* zcr_el3 */
220	mrs	x12, S3_6_C1_C2_0
221	mov	x13, #((SVE_VECTOR_LEN >> 7) - 1)
222	msr	S3_6_C1_C2_0, x13
223	isb
224
225	/* Predicate registers */
226	mov x13, #CTX_SIMD_PREDICATES
227	add	x9, x0, x13
228	sve_predicate_op str, x9
229
230	/* Save FFR after predicates */
231	mov x13, #CTX_SIMD_FFR
232	add	x9, x0, x13
233	rdffr   p0.b
234	str	p0, [x9]
235
236	/* Save vector registers */
237	mov x13, #CTX_SIMD_VECTORS
238	add	x9, x0, x13
239	sve_vectors_op  str, x9
240
241	/* Restore SVE enablement */
242	msr	S3_6_C1_C2_0, x12 /* zcr_el3 */
243	msr	cptr_el3, x10
244	isb
245.arch_extension nosve
246
247	/* Save FPSR, FPCR and FPEXC32 */
248	fpregs_state_save x0, x9
249
250	ret
251endfunc sve_context_save
252
253/* ------------------------------------------------------------------
254 * The following function follows the aapcs_64 strictly to use x9-x17
255 * (temporary caller-saved registers according to AArch64 PCS) to
256 * restore SVE register context. It assumes that 'x0' is pointing to
257 * a 'sve_regs_t' structure from where the register context will be
258 * restored.
259 * ------------------------------------------------------------------
260 */
261func sve_context_restore
262.arch_extension sve
263	/* Temporarily enable SVE for EL3 */
264	mrs	x10, cptr_el3
265	orr	x11, x10, #CPTR_EZ_BIT
266	bic	x11, x11, #TFP_BIT
267	msr	cptr_el3, x11
268	isb
269
270	/* zcr_el3 */
271	mrs	x12, S3_6_C1_C2_0
272	mov	x13, #((SVE_VECTOR_LEN >> 7) - 1)
273	msr	S3_6_C1_C2_0, x13
274	isb
275
276	/* Restore FFR register before predicates */
277	mov x13, #CTX_SIMD_FFR
278	add	x9, x0, x13
279	ldr	p0, [x9]
280	wrffr	p0.b
281
282	/* Restore predicate registers */
283	mov x13, #CTX_SIMD_PREDICATES
284	add	x9, x0, x13
285	sve_predicate_op ldr, x9
286
287	/* Restore vector registers */
288	mov x13, #CTX_SIMD_VECTORS
289	add	x9, x0, x13
290	sve_vectors_op	ldr, x9
291
292	/* Restore SVE enablement */
293	msr	S3_6_C1_C2_0, x12 /* zcr_el3 */
294	msr	cptr_el3, x10
295	isb
296.arch_extension nosve
297
298	/* Restore FPSR, FPCR and FPEXC32 */
299	fpregs_state_restore x0, x9
300	ret
301endfunc sve_context_restore
302#endif /* CTX_INCLUDE_SVE_REGS */
303
304	/*
305	 * Set SCR_EL3.EA bit to enable SErrors at EL3
306	 */
307	.macro enable_serror_at_el3
308	mrs	x8, scr_el3
309	orr	x8, x8, #SCR_EA_BIT
310	msr	scr_el3, x8
311	.endm
312
313	/*
314	 * Set the PSTATE bits not set when the exception was taken as
315	 * described in the AArch64.TakeException() pseudocode function
316	 * in ARM DDI 0487F.c page J1-7635 to a default value.
317	 */
318	.macro set_unset_pstate_bits
319	/*
320	 * If Data Independent Timing (DIT) functionality is implemented,
321	 * always enable DIT in EL3
322	 */
323#if ENABLE_FEAT_DIT
324#if ENABLE_FEAT_DIT >= 2
325	mrs	x8, id_aa64pfr0_el1
326	and	x8, x8, #(ID_AA64PFR0_DIT_MASK << ID_AA64PFR0_DIT_SHIFT)
327	cbz	x8, 1f
328#endif
329	mov	x8, #DIT_BIT
330	msr	DIT, x8
3311:
332#endif /* ENABLE_FEAT_DIT */
333	.endm /* set_unset_pstate_bits */
334
335/*-------------------------------------------------------------------------
336 * This macro checks the ENABLE_FEAT_MPAM state, performs ID register
337 * check to see if the platform supports MPAM extension and restores MPAM3
338 * register value if it is FEAT_STATE_ENABLED/FEAT_STATE_CHECKED.
339 *
340 * This is particularly more complicated because we can't check
341 * if the platform supports MPAM  by looking for status of a particular bit
342 * in the MDCR_EL3 or CPTR_EL3 register like other extensions.
343 * ------------------------------------------------------------------------
344 */
345
346	.macro	restore_mpam3_el3
347#if ENABLE_FEAT_MPAM
348#if ENABLE_FEAT_MPAM >= 2
349	mrs x8, id_aa64pfr0_el1
350	lsr x8, x8, #(ID_AA64PFR0_MPAM_SHIFT)
351	and x8, x8, #(ID_AA64PFR0_MPAM_MASK)
352	mrs x7, id_aa64pfr1_el1
353	lsr x7, x7, #(ID_AA64PFR1_MPAM_FRAC_SHIFT)
354	and x7, x7, #(ID_AA64PFR1_MPAM_FRAC_MASK)
355	orr x7, x7, x8
356	cbz x7, no_mpam
357#endif
358	/* -----------------------------------------------------------
359	 * Restore MPAM3_EL3 register as per context state
360	 * Currently we only enable MPAM for NS world and trap to EL3
361	 * for MPAM access in lower ELs of Secure and Realm world
362	 * x9 holds address of the per_world context
363	 * -----------------------------------------------------------
364	 */
365
366	ldr	x17, [x9, #CTX_MPAM3_EL3]
367	msr	S3_6_C10_C5_0, x17 /* mpam3_el3 */
368
369no_mpam:
370#endif
371	.endm /* restore_mpam3_el3 */
372
373/* ------------------------------------------------------------------
374 * The following macro is used to save and restore all the general
375 * purpose and ARMv8.3-PAuth (if enabled) registers.
376 * It also checks if the Secure Cycle Counter (PMCCNTR_EL0)
377 * is disabled in EL3/Secure (ARMv8.5-PMU), wherein PMCCNTR_EL0
378 * needs not to be saved/restored during world switch.
379 *
380 * Ideally we would only save and restore the callee saved registers
381 * when a world switch occurs but that type of implementation is more
382 * complex. So currently we will always save and restore these
383 * registers on entry and exit of EL3.
384 * clobbers: x18
385 * ------------------------------------------------------------------
386 */
387	.macro save_gp_pmcr_pauth_regs
388	stp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
389	stp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
390	stp	x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
391	stp	x6, x7, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X6]
392	stp	x8, x9, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X8]
393	stp	x10, x11, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X10]
394	stp	x12, x13, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X12]
395	stp	x14, x15, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X14]
396	stp	x16, x17, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X16]
397	stp	x18, x19, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X18]
398	stp	x20, x21, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X20]
399	stp	x22, x23, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X22]
400	stp	x24, x25, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X24]
401	stp	x26, x27, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X26]
402	stp	x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
403	mrs	x18, sp_el0
404	str	x18, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_SP_EL0]
405
406	/* PMUv3 is presumed to be always present */
407	mrs	x9, pmcr_el0
408	str	x9, [sp, #CTX_EL3STATE_OFFSET + CTX_PMCR_EL0]
409#if CTX_INCLUDE_PAUTH_REGS
410	/* ----------------------------------------------------------
411 	 * Save the ARMv8.3-PAuth keys as they are not banked
412 	 * by exception level
413	 * ----------------------------------------------------------
414	 */
415	add	x19, sp, #CTX_PAUTH_REGS_OFFSET
416
417	mrs	x20, APIAKeyLo_EL1	/* x21:x20 = APIAKey */
418	mrs	x21, APIAKeyHi_EL1
419	mrs	x22, APIBKeyLo_EL1	/* x23:x22 = APIBKey */
420	mrs	x23, APIBKeyHi_EL1
421	mrs	x24, APDAKeyLo_EL1	/* x25:x24 = APDAKey */
422	mrs	x25, APDAKeyHi_EL1
423	mrs	x26, APDBKeyLo_EL1	/* x27:x26 = APDBKey */
424	mrs	x27, APDBKeyHi_EL1
425	mrs	x28, APGAKeyLo_EL1	/* x29:x28 = APGAKey */
426	mrs	x29, APGAKeyHi_EL1
427
428	stp	x20, x21, [x19, #CTX_PACIAKEY_LO]
429	stp	x22, x23, [x19, #CTX_PACIBKEY_LO]
430	stp	x24, x25, [x19, #CTX_PACDAKEY_LO]
431	stp	x26, x27, [x19, #CTX_PACDBKEY_LO]
432	stp	x28, x29, [x19, #CTX_PACGAKEY_LO]
433#endif /* CTX_INCLUDE_PAUTH_REGS */
434	.endm /* save_gp_pmcr_pauth_regs */
435
436/* -----------------------------------------------------------------
437 * This function saves the context and sets the PSTATE to a known
438 * state, preparing entry to el3.
439 * Save all the general purpose and ARMv8.3-PAuth (if enabled)
440 * registers.
441 * Then set any of the PSTATE bits that are not set by hardware
442 * according to the Aarch64.TakeException pseudocode in the Arm
443 * Architecture Reference Manual to a default value for EL3.
444 * clobbers: x17
445 * -----------------------------------------------------------------
446 */
447func prepare_el3_entry
448	/*
449	 * context is about to mutate, so make sure we don't affect any still
450	 * in-flight profiling operations. We don't care that they actually
451	 * finish, that can still be later. NOP if not present
452	 */
453#if ENABLE_SPE_FOR_NS
454	psb_csync
455#endif
456#if ENABLE_TRBE_FOR_NS
457	tsb_csync
458#endif
459	isb
460	save_gp_pmcr_pauth_regs
461	setup_el3_execution_context
462	ret
463endfunc prepare_el3_entry
464
465/* ------------------------------------------------------------------
466 * This function restores ARMv8.3-PAuth (if enabled) and all general
467 * purpose registers except x30 from the CPU context.
468 * x30 register must be explicitly restored by the caller.
469 * ------------------------------------------------------------------
470 */
471func restore_gp_pmcr_pauth_regs
472#if CTX_INCLUDE_PAUTH_REGS
473 	/* Restore the ARMv8.3 PAuth keys */
474	add	x10, sp, #CTX_PAUTH_REGS_OFFSET
475
476	ldp	x0, x1, [x10, #CTX_PACIAKEY_LO]	/* x1:x0 = APIAKey */
477	ldp	x2, x3, [x10, #CTX_PACIBKEY_LO]	/* x3:x2 = APIBKey */
478	ldp	x4, x5, [x10, #CTX_PACDAKEY_LO]	/* x5:x4 = APDAKey */
479	ldp	x6, x7, [x10, #CTX_PACDBKEY_LO]	/* x7:x6 = APDBKey */
480	ldp	x8, x9, [x10, #CTX_PACGAKEY_LO]	/* x9:x8 = APGAKey */
481
482	msr	APIAKeyLo_EL1, x0
483	msr	APIAKeyHi_EL1, x1
484	msr	APIBKeyLo_EL1, x2
485	msr	APIBKeyHi_EL1, x3
486	msr	APDAKeyLo_EL1, x4
487	msr	APDAKeyHi_EL1, x5
488	msr	APDBKeyLo_EL1, x6
489	msr	APDBKeyHi_EL1, x7
490	msr	APGAKeyLo_EL1, x8
491	msr	APGAKeyHi_EL1, x9
492#endif /* CTX_INCLUDE_PAUTH_REGS */
493
494	/* PMUv3 is presumed to be always present */
495	ldr	x0, [sp, #CTX_EL3STATE_OFFSET + CTX_PMCR_EL0]
496	msr	pmcr_el0, x0
497	ldp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
498	ldp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
499	ldp	x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
500	ldp	x6, x7, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X6]
501	ldp	x8, x9, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X8]
502	ldp	x10, x11, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X10]
503	ldp	x12, x13, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X12]
504	ldp	x14, x15, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X14]
505	ldp	x16, x17, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X16]
506	ldp	x18, x19, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X18]
507	ldp	x20, x21, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X20]
508	ldp	x22, x23, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X22]
509	ldp	x24, x25, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X24]
510	ldp	x26, x27, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X26]
511	ldr	x28, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_SP_EL0]
512	msr	sp_el0, x28
513	ldp	x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
514	ret
515endfunc restore_gp_pmcr_pauth_regs
516
517#if ERRATA_SPECULATIVE_AT
518/* --------------------------------------------------------------------
519 * In case of ERRATA_SPECULATIVE_AT, save SCTLR_EL1 and TCR_EL1
520 * registers and update EL1 registers to disable stage1 and stage2
521 * page table walk.
522 * --------------------------------------------------------------------
523 */
524func save_and_update_ptw_el1_sys_regs
525	/* ----------------------------------------------------------
526	 * Save only sctlr_el1 and tcr_el1 registers
527	 * ----------------------------------------------------------
528	 */
529	mrs	x29, sctlr_el1
530	str	x29, [sp, #(CTX_ERRATA_SPEC_AT_OFFSET + CTX_ERRATA_SPEC_AT_SCTLR_EL1)]
531	mrs	x29, tcr_el1
532	str	x29, [sp, #(CTX_ERRATA_SPEC_AT_OFFSET + CTX_ERRATA_SPEC_AT_TCR_EL1)]
533
534	/* ------------------------------------------------------------
535	 * Must follow below order in order to disable page table
536	 * walk for lower ELs (EL1 and EL0). First step ensures that
537	 * page table walk is disabled for stage1 and second step
538	 * ensures that page table walker should use TCR_EL1.EPDx
539	 * bits to perform address translation. ISB ensures that CPU
540	 * does these 2 steps in order.
541	 *
542	 * 1. Update TCR_EL1.EPDx bits to disable page table walk by
543	 *    stage1.
544	 * 2. Enable MMU bit to avoid identity mapping via stage2
545	 *    and force TCR_EL1.EPDx to be used by the page table
546	 *    walker.
547	 * ------------------------------------------------------------
548	 */
549	orr	x29, x29, #(TCR_EPD0_BIT)
550	orr	x29, x29, #(TCR_EPD1_BIT)
551	msr	tcr_el1, x29
552	isb
553	mrs	x29, sctlr_el1
554	orr	x29, x29, #SCTLR_M_BIT
555	msr	sctlr_el1, x29
556	isb
557	ret
558endfunc save_and_update_ptw_el1_sys_regs
559
560#endif /* ERRATA_SPECULATIVE_AT */
561
562/* -----------------------------------------------------------------
563* The below macro returns the address of the per_world context for
564* the security state, retrieved through "get_security_state" macro.
565* The per_world context address is returned in the register argument.
566* Clobbers: x9, x10
567* ------------------------------------------------------------------
568*/
569
570.macro get_per_world_context _reg:req
571	ldr 	x10, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
572	get_security_state x9, x10
573	mov_imm	x10, (CTX_PERWORLD_EL3STATE_END - CTX_CPTR_EL3)
574	mul	x9, x9, x10
575	adrp	x10, per_world_context
576	add	x10, x10, :lo12:per_world_context
577	add	x9, x9, x10
578	mov 	\_reg, x9
579.endm
580
581/* ------------------------------------------------------------------
582 * This routine assumes that the SP_EL3 is pointing to a valid
583 * context structure from where the gp regs and other special
584 * registers can be retrieved.
585 * ------------------------------------------------------------------
586 */
587func el3_exit
588#if ENABLE_ASSERTIONS
589	/* el3_exit assumes SP_EL0 on entry */
590	mrs	x17, spsel
591	cmp	x17, #MODE_SP_EL0
592	ASM_ASSERT(eq)
593#endif /* ENABLE_ASSERTIONS */
594
595	/* ----------------------------------------------------------
596	 * Save the current SP_EL0 i.e. the EL3 runtime stack which
597	 * will be used for handling the next SMC.
598	 * Then switch to SP_EL3.
599	 * ----------------------------------------------------------
600	 */
601	mov	x17, sp
602	msr	spsel, #MODE_SP_ELX
603	str	x17, [sp, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP]
604
605	/* ----------------------------------------------------------
606	 * Restore CPTR_EL3.
607	 * ZCR is only restored if SVE is supported and enabled.
608	 * Synchronization is required before zcr_el3 is addressed.
609	 * ----------------------------------------------------------
610	 */
611
612	/* The address of the per_world context is stored in x9 */
613	get_per_world_context x9
614
615	ldp	x19, x20, [x9, #CTX_CPTR_EL3]
616	msr	cptr_el3, x19
617
618#if IMAGE_BL31
619	ands	x19, x19, #CPTR_EZ_BIT
620	beq	sve_not_enabled
621
622	isb
623	msr	S3_6_C1_C2_0, x20 /* zcr_el3 */
624sve_not_enabled:
625
626	restore_mpam3_el3
627
628#endif /* IMAGE_BL31 */
629
630#if IMAGE_BL31 && DYNAMIC_WORKAROUND_CVE_2018_3639
631	/* ----------------------------------------------------------
632	 * Restore mitigation state as it was on entry to EL3
633	 * ----------------------------------------------------------
634	 */
635	ldr	x17, [sp, #CTX_CVE_2018_3639_OFFSET + CTX_CVE_2018_3639_DISABLE]
636	cbz	x17, 1f
637	blr	x17
6381:
639#endif /* IMAGE_BL31 && DYNAMIC_WORKAROUND_CVE_2018_3639 */
640
641#if IMAGE_BL31
642	synchronize_errors
643#endif /* IMAGE_BL31 */
644
645	/* --------------------------------------------------------------
646	 * Restore MDCR_EL3, SPSR_EL3, ELR_EL3 and SCR_EL3 prior to ERET
647	 * --------------------------------------------------------------
648	 */
649	ldp	x16, x17, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
650	ldr	x18, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
651	ldr	x19, [sp, #CTX_EL3STATE_OFFSET + CTX_MDCR_EL3]
652	msr	spsr_el3, x16
653	msr	elr_el3, x17
654	msr	scr_el3, x18
655	msr	mdcr_el3, x19
656
657	restore_ptw_el1_sys_regs
658
659	/* ----------------------------------------------------------
660	 * Restore general purpose (including x30), PMCR_EL0 and
661	 * ARMv8.3-PAuth registers.
662	 * Exit EL3 via ERET to a lower exception level.
663 	 * ----------------------------------------------------------
664 	 */
665	bl	restore_gp_pmcr_pauth_regs
666	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
667
668#ifdef IMAGE_BL31
669	/* Clear the EL3 flag as we are exiting el3 */
670	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
671#endif /* IMAGE_BL31 */
672
673	exception_return
674
675endfunc el3_exit
676