xref: /rk3399_ARM-atf/lib/el3_runtime/aarch64/context.S (revision e65d3f45d777f086388d13adf2ad8252d60a93a6) 
1/*
2 * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <arch.h>
8#include <asm_macros.S>
9#include <context.h>
10
11	.global	el1_sysregs_context_save
12	.global	el1_sysregs_context_restore
13#if CTX_INCLUDE_FPREGS
14	.global	fpregs_context_save
15	.global	fpregs_context_restore
16#endif
17#if CTX_INCLUDE_PAUTH_REGS
18	.global	pauth_context_restore
19	.global	pauth_context_save
20#endif
21#if ENABLE_PAUTH
22	.global	pauth_load_bl_apiakey
23#endif
24	.global	save_gp_registers
25	.global	restore_gp_registers
26	.global	restore_gp_registers_eret
27	.global	save_pmcr_disable_pmu
28	.global	el3_exit
29
30/* -----------------------------------------------------
31 * If ARMv8.5-PMU is implemented, cycle counting is
32 * disabled by seting MDCR_EL3.SCCD to 1.
33 * -----------------------------------------------------
34 */
35func save_pmcr_disable_pmu
36	/* -----------------------------------------------------
37	 * Check if earlier initialization MDCR_EL3.SCCD to 1
38	 * failed, meaning that ARMv8-PMU is not implemented and
39	 * PMCR_EL0 should be saved in non-secure context.
40	 * -----------------------------------------------------
41	 */
42	mrs	x9, mdcr_el3
43	tst	x9, #MDCR_SCCD_BIT
44	bne	1f
45
46	/* Secure Cycle Counter is not disabled */
47	mrs	x9, pmcr_el0
48
49	/* Check caller's security state */
50	mrs	x10, scr_el3
51	tst	x10, #SCR_NS_BIT
52	beq	2f
53
54	/* Save PMCR_EL0 if called from Non-secure state */
55	str	x9, [sp, #CTX_EL3STATE_OFFSET + CTX_PMCR_EL0]
56
57	/* Disable cycle counter when event counting is prohibited */
582:	orr	x9, x9, #PMCR_EL0_DP_BIT
59	msr	pmcr_el0, x9
60
61	isb
621:	ret
63endfunc save_pmcr_disable_pmu
64
65/* -----------------------------------------------------
66 * The following function strictly follows the AArch64
67 * PCS to use x9-x17 (temporary caller-saved registers)
68 * to save EL1 system register context. It assumes that
69 * 'x0' is pointing to a 'el1_sys_regs' structure where
70 * the register context will be saved.
71 * -----------------------------------------------------
72 */
73func el1_sysregs_context_save
74
75	mrs	x9, spsr_el1
76	mrs	x10, elr_el1
77	stp	x9, x10, [x0, #CTX_SPSR_EL1]
78
79	mrs	x15, sctlr_el1
80	mrs	x16, actlr_el1
81	stp	x15, x16, [x0, #CTX_SCTLR_EL1]
82
83	mrs	x17, cpacr_el1
84	mrs	x9, csselr_el1
85	stp	x17, x9, [x0, #CTX_CPACR_EL1]
86
87	mrs	x10, sp_el1
88	mrs	x11, esr_el1
89	stp	x10, x11, [x0, #CTX_SP_EL1]
90
91	mrs	x12, ttbr0_el1
92	mrs	x13, ttbr1_el1
93	stp	x12, x13, [x0, #CTX_TTBR0_EL1]
94
95	mrs	x14, mair_el1
96	mrs	x15, amair_el1
97	stp	x14, x15, [x0, #CTX_MAIR_EL1]
98
99	mrs	x16, tcr_el1
100	mrs	x17, tpidr_el1
101	stp	x16, x17, [x0, #CTX_TCR_EL1]
102
103	mrs	x9, tpidr_el0
104	mrs	x10, tpidrro_el0
105	stp	x9, x10, [x0, #CTX_TPIDR_EL0]
106
107	mrs	x13, par_el1
108	mrs	x14, far_el1
109	stp	x13, x14, [x0, #CTX_PAR_EL1]
110
111	mrs	x15, afsr0_el1
112	mrs	x16, afsr1_el1
113	stp	x15, x16, [x0, #CTX_AFSR0_EL1]
114
115	mrs	x17, contextidr_el1
116	mrs	x9, vbar_el1
117	stp	x17, x9, [x0, #CTX_CONTEXTIDR_EL1]
118
119	/* Save AArch32 system registers if the build has instructed so */
120#if CTX_INCLUDE_AARCH32_REGS
121	mrs	x11, spsr_abt
122	mrs	x12, spsr_und
123	stp	x11, x12, [x0, #CTX_SPSR_ABT]
124
125	mrs	x13, spsr_irq
126	mrs	x14, spsr_fiq
127	stp	x13, x14, [x0, #CTX_SPSR_IRQ]
128
129	mrs	x15, dacr32_el2
130	mrs	x16, ifsr32_el2
131	stp	x15, x16, [x0, #CTX_DACR32_EL2]
132#endif
133
134	/* Save NS timer registers if the build has instructed so */
135#if NS_TIMER_SWITCH
136	mrs	x10, cntp_ctl_el0
137	mrs	x11, cntp_cval_el0
138	stp	x10, x11, [x0, #CTX_CNTP_CTL_EL0]
139
140	mrs	x12, cntv_ctl_el0
141	mrs	x13, cntv_cval_el0
142	stp	x12, x13, [x0, #CTX_CNTV_CTL_EL0]
143
144	mrs	x14, cntkctl_el1
145	str	x14, [x0, #CTX_CNTKCTL_EL1]
146#endif
147
148	/* Save MTE system registers if the build has instructed so */
149#if CTX_INCLUDE_MTE_REGS
150	mrs	x15, TFSRE0_EL1
151	mrs	x16, TFSR_EL1
152	stp	x15, x16, [x0, #CTX_TFSRE0_EL1]
153
154	mrs	x9, RGSR_EL1
155	mrs	x10, GCR_EL1
156	stp	x9, x10, [x0, #CTX_RGSR_EL1]
157#endif
158
159	ret
160endfunc el1_sysregs_context_save
161
162/* -----------------------------------------------------
163 * The following function strictly follows the AArch64
164 * PCS to use x9-x17 (temporary caller-saved registers)
165 * to restore EL1 system register context.  It assumes
166 * that 'x0' is pointing to a 'el1_sys_regs' structure
167 * from where the register context will be restored
168 * -----------------------------------------------------
169 */
170func el1_sysregs_context_restore
171
172	ldp	x9, x10, [x0, #CTX_SPSR_EL1]
173	msr	spsr_el1, x9
174	msr	elr_el1, x10
175
176	ldp	x15, x16, [x0, #CTX_SCTLR_EL1]
177	msr	sctlr_el1, x15
178	msr	actlr_el1, x16
179
180	ldp	x17, x9, [x0, #CTX_CPACR_EL1]
181	msr	cpacr_el1, x17
182	msr	csselr_el1, x9
183
184	ldp	x10, x11, [x0, #CTX_SP_EL1]
185	msr	sp_el1, x10
186	msr	esr_el1, x11
187
188	ldp	x12, x13, [x0, #CTX_TTBR0_EL1]
189	msr	ttbr0_el1, x12
190	msr	ttbr1_el1, x13
191
192	ldp	x14, x15, [x0, #CTX_MAIR_EL1]
193	msr	mair_el1, x14
194	msr	amair_el1, x15
195
196	ldp	x16, x17, [x0, #CTX_TCR_EL1]
197	msr	tcr_el1, x16
198	msr	tpidr_el1, x17
199
200	ldp	x9, x10, [x0, #CTX_TPIDR_EL0]
201	msr	tpidr_el0, x9
202	msr	tpidrro_el0, x10
203
204	ldp	x13, x14, [x0, #CTX_PAR_EL1]
205	msr	par_el1, x13
206	msr	far_el1, x14
207
208	ldp	x15, x16, [x0, #CTX_AFSR0_EL1]
209	msr	afsr0_el1, x15
210	msr	afsr1_el1, x16
211
212	ldp	x17, x9, [x0, #CTX_CONTEXTIDR_EL1]
213	msr	contextidr_el1, x17
214	msr	vbar_el1, x9
215
216	/* Restore AArch32 system registers if the build has instructed so */
217#if CTX_INCLUDE_AARCH32_REGS
218	ldp	x11, x12, [x0, #CTX_SPSR_ABT]
219	msr	spsr_abt, x11
220	msr	spsr_und, x12
221
222	ldp	x13, x14, [x0, #CTX_SPSR_IRQ]
223	msr	spsr_irq, x13
224	msr	spsr_fiq, x14
225
226	ldp	x15, x16, [x0, #CTX_DACR32_EL2]
227	msr	dacr32_el2, x15
228	msr	ifsr32_el2, x16
229#endif
230	/* Restore NS timer registers if the build has instructed so */
231#if NS_TIMER_SWITCH
232	ldp	x10, x11, [x0, #CTX_CNTP_CTL_EL0]
233	msr	cntp_ctl_el0, x10
234	msr	cntp_cval_el0, x11
235
236	ldp	x12, x13, [x0, #CTX_CNTV_CTL_EL0]
237	msr	cntv_ctl_el0, x12
238	msr	cntv_cval_el0, x13
239
240	ldr	x14, [x0, #CTX_CNTKCTL_EL1]
241	msr	cntkctl_el1, x14
242#endif
243	/* Restore MTE system registers if the build has instructed so */
244#if CTX_INCLUDE_MTE_REGS
245	ldp	x11, x12, [x0, #CTX_TFSRE0_EL1]
246	msr	TFSRE0_EL1, x11
247	msr	TFSR_EL1, x12
248
249	ldp	x13, x14, [x0, #CTX_RGSR_EL1]
250	msr	RGSR_EL1, x13
251	msr	GCR_EL1, x14
252#endif
253
254	/* No explict ISB required here as ERET covers it */
255	ret
256endfunc el1_sysregs_context_restore
257
258/* -----------------------------------------------------
259 * The following function follows the aapcs_64 strictly
260 * to use x9-x17 (temporary caller-saved registers
261 * according to AArch64 PCS) to save floating point
262 * register context. It assumes that 'x0' is pointing to
263 * a 'fp_regs' structure where the register context will
264 * be saved.
265 *
266 * Access to VFP registers will trap if CPTR_EL3.TFP is
267 * set.  However currently we don't use VFP registers
268 * nor set traps in Trusted Firmware, and assume it's
269 * cleared
270 *
271 * TODO: Revisit when VFP is used in secure world
272 * -----------------------------------------------------
273 */
274#if CTX_INCLUDE_FPREGS
275func fpregs_context_save
276	stp	q0, q1, [x0, #CTX_FP_Q0]
277	stp	q2, q3, [x0, #CTX_FP_Q2]
278	stp	q4, q5, [x0, #CTX_FP_Q4]
279	stp	q6, q7, [x0, #CTX_FP_Q6]
280	stp	q8, q9, [x0, #CTX_FP_Q8]
281	stp	q10, q11, [x0, #CTX_FP_Q10]
282	stp	q12, q13, [x0, #CTX_FP_Q12]
283	stp	q14, q15, [x0, #CTX_FP_Q14]
284	stp	q16, q17, [x0, #CTX_FP_Q16]
285	stp	q18, q19, [x0, #CTX_FP_Q18]
286	stp	q20, q21, [x0, #CTX_FP_Q20]
287	stp	q22, q23, [x0, #CTX_FP_Q22]
288	stp	q24, q25, [x0, #CTX_FP_Q24]
289	stp	q26, q27, [x0, #CTX_FP_Q26]
290	stp	q28, q29, [x0, #CTX_FP_Q28]
291	stp	q30, q31, [x0, #CTX_FP_Q30]
292
293	mrs	x9, fpsr
294	str	x9, [x0, #CTX_FP_FPSR]
295
296	mrs	x10, fpcr
297	str	x10, [x0, #CTX_FP_FPCR]
298
299#if CTX_INCLUDE_AARCH32_REGS
300	mrs	x11, fpexc32_el2
301	str	x11, [x0, #CTX_FP_FPEXC32_EL2]
302#endif
303	ret
304endfunc fpregs_context_save
305
306/* -----------------------------------------------------
307 * The following function follows the aapcs_64 strictly
308 * to use x9-x17 (temporary caller-saved registers
309 * according to AArch64 PCS) to restore floating point
310 * register context. It assumes that 'x0' is pointing to
311 * a 'fp_regs' structure from where the register context
312 * will be restored.
313 *
314 * Access to VFP registers will trap if CPTR_EL3.TFP is
315 * set.  However currently we don't use VFP registers
316 * nor set traps in Trusted Firmware, and assume it's
317 * cleared
318 *
319 * TODO: Revisit when VFP is used in secure world
320 * -----------------------------------------------------
321 */
322func fpregs_context_restore
323	ldp	q0, q1, [x0, #CTX_FP_Q0]
324	ldp	q2, q3, [x0, #CTX_FP_Q2]
325	ldp	q4, q5, [x0, #CTX_FP_Q4]
326	ldp	q6, q7, [x0, #CTX_FP_Q6]
327	ldp	q8, q9, [x0, #CTX_FP_Q8]
328	ldp	q10, q11, [x0, #CTX_FP_Q10]
329	ldp	q12, q13, [x0, #CTX_FP_Q12]
330	ldp	q14, q15, [x0, #CTX_FP_Q14]
331	ldp	q16, q17, [x0, #CTX_FP_Q16]
332	ldp	q18, q19, [x0, #CTX_FP_Q18]
333	ldp	q20, q21, [x0, #CTX_FP_Q20]
334	ldp	q22, q23, [x0, #CTX_FP_Q22]
335	ldp	q24, q25, [x0, #CTX_FP_Q24]
336	ldp	q26, q27, [x0, #CTX_FP_Q26]
337	ldp	q28, q29, [x0, #CTX_FP_Q28]
338	ldp	q30, q31, [x0, #CTX_FP_Q30]
339
340	ldr	x9, [x0, #CTX_FP_FPSR]
341	msr	fpsr, x9
342
343	ldr	x10, [x0, #CTX_FP_FPCR]
344	msr	fpcr, x10
345
346#if CTX_INCLUDE_AARCH32_REGS
347	ldr	x11, [x0, #CTX_FP_FPEXC32_EL2]
348	msr	fpexc32_el2, x11
349#endif
350	/*
351	 * No explict ISB required here as ERET to
352	 * switch to secure EL1 or non-secure world
353	 * covers it
354	 */
355
356	ret
357endfunc fpregs_context_restore
358#endif /* CTX_INCLUDE_FPREGS */
359
360#if CTX_INCLUDE_PAUTH_REGS
361/* -----------------------------------------------------
362 * The following function strictly follows the AArch64
363 * PCS to use x9-x17 (temporary caller-saved registers)
364 * to save the ARMv8.3-PAuth register context. It assumes
365 * that 'sp' is pointing to a 'cpu_context_t' structure
366 * to where the register context will be saved.
367 * -----------------------------------------------------
368 */
369func pauth_context_save
370	add	x11, sp, #CTX_PAUTH_REGS_OFFSET
371
372	mrs	x9, APIAKeyLo_EL1
373	mrs	x10, APIAKeyHi_EL1
374	stp	x9, x10, [x11, #CTX_PACIAKEY_LO]
375
376	mrs	x9, APIBKeyLo_EL1
377	mrs	x10, APIBKeyHi_EL1
378	stp	x9, x10, [x11, #CTX_PACIBKEY_LO]
379
380	mrs	x9, APDAKeyLo_EL1
381	mrs	x10, APDAKeyHi_EL1
382	stp	x9, x10, [x11, #CTX_PACDAKEY_LO]
383
384	mrs	x9, APDBKeyLo_EL1
385	mrs	x10, APDBKeyHi_EL1
386	stp	x9, x10, [x11, #CTX_PACDBKEY_LO]
387
388	mrs	x9, APGAKeyLo_EL1
389	mrs	x10, APGAKeyHi_EL1
390	stp	x9, x10, [x11, #CTX_PACGAKEY_LO]
391
392	ret
393endfunc pauth_context_save
394
395/* -----------------------------------------------------
396 * The following function strictly follows the AArch64
397 * PCS to use x9-x17 (temporary caller-saved registers)
398 * to restore the ARMv8.3-PAuth register context. It assumes
399 * that 'sp' is pointing to a 'cpu_context_t' structure
400 * from where the register context will be restored.
401 * -----------------------------------------------------
402 */
403func pauth_context_restore
404	add	x11, sp, #CTX_PAUTH_REGS_OFFSET
405
406	ldp	x9, x10, [x11, #CTX_PACIAKEY_LO]
407	msr	APIAKeyLo_EL1, x9
408	msr	APIAKeyHi_EL1, x10
409
410	ldp	x9, x10, [x11, #CTX_PACIBKEY_LO]
411	msr	APIBKeyLo_EL1, x9
412	msr	APIBKeyHi_EL1, x10
413
414	ldp	x9, x10, [x11, #CTX_PACDAKEY_LO]
415	msr	APDAKeyLo_EL1, x9
416	msr	APDAKeyHi_EL1, x10
417
418	ldp	x9, x10, [x11, #CTX_PACDBKEY_LO]
419	msr	APDBKeyLo_EL1, x9
420	msr	APDBKeyHi_EL1, x10
421
422	ldp	x9, x10, [x11, #CTX_PACGAKEY_LO]
423	msr	APGAKeyLo_EL1, x9
424	msr	APGAKeyHi_EL1, x10
425
426	ret
427endfunc pauth_context_restore
428#endif /* CTX_INCLUDE_PAUTH_REGS */
429
430/* -----------------------------------------------------
431 * The following function strictly follows the AArch64
432 * PCS to use x9-x17 (temporary caller-saved registers)
433 * to load the APIA key used by the firmware.
434 * -----------------------------------------------------
435 */
436#if ENABLE_PAUTH
437func pauth_load_bl_apiakey
438	/* Load instruction key A used by the Trusted Firmware. */
439	adrp	x11, plat_apiakey
440	add	x11, x11, :lo12:plat_apiakey
441	ldp	x9, x10, [x11, #0]
442
443	msr	APIAKeyLo_EL1, x9
444	msr	APIAKeyHi_EL1, x10
445
446	ret
447endfunc pauth_load_bl_apiakey
448#endif /* ENABLE_PAUTH */
449
450/* -----------------------------------------------------
451 * The following functions are used to save and restore
452 * all the general purpose registers. Ideally we would
453 * only save and restore the callee saved registers when
454 * a world switch occurs but that type of implementation
455 * is more complex. So currently we will always save and
456 * restore these registers on entry and exit of EL3.
457 * These are not macros to ensure their invocation fits
458 * within the 32 instructions per exception vector.
459 * clobbers: x18
460 * -----------------------------------------------------
461 */
462func save_gp_registers
463	stp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
464	stp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
465	stp	x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
466	stp	x6, x7, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X6]
467	stp	x8, x9, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X8]
468	stp	x10, x11, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X10]
469	stp	x12, x13, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X12]
470	stp	x14, x15, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X14]
471	stp	x16, x17, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X16]
472	stp	x18, x19, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X18]
473	stp	x20, x21, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X20]
474	stp	x22, x23, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X22]
475	stp	x24, x25, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X24]
476	stp	x26, x27, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X26]
477	stp	x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
478	mrs	x18, sp_el0
479	str	x18, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_SP_EL0]
480	ret
481endfunc save_gp_registers
482
483/* -----------------------------------------------------
484 * This function restores all general purpose registers except x30 from the
485 * CPU context. x30 register must be explicitly restored by the caller.
486 * -----------------------------------------------------
487 */
488func restore_gp_registers
489	ldp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
490	ldp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
491	ldp	x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
492	ldp	x6, x7, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X6]
493	ldp	x8, x9, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X8]
494	ldp	x10, x11, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X10]
495	ldp	x12, x13, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X12]
496	ldp	x14, x15, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X14]
497	ldp	x16, x17, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X16]
498	ldp	x18, x19, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X18]
499	ldp	x20, x21, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X20]
500	ldp	x22, x23, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X22]
501	ldp	x24, x25, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X24]
502	ldp	x26, x27, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X26]
503	ldr	x28, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_SP_EL0]
504	msr	sp_el0, x28
505	ldp	x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
506	ret
507endfunc restore_gp_registers
508
509/* -----------------------------------------------------
510 * Restore general purpose registers (including x30), and exit EL3 via ERET to
511 * a lower exception level.
512 * -----------------------------------------------------
513 */
514func restore_gp_registers_eret
515	bl	restore_gp_registers
516	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
517
518#if IMAGE_BL31 && RAS_EXTENSION
519	/*
520	 * Issue Error Synchronization Barrier to synchronize SErrors before
521	 * exiting EL3. We're running with EAs unmasked, so any synchronized
522	 * errors would be taken immediately; therefore no need to inspect
523	 * DISR_EL1 register.
524	 */
525	esb
526#endif
527	eret
528endfunc	restore_gp_registers_eret
529
530/* -----------------------------------------------------
531 * This routine assumes that the SP_EL3 is pointing to
532 * a valid context structure from where the gp regs and
533 * other special registers can be retrieved.
534 * -----------------------------------------------------
535 */
536func el3_exit
537	/* -----------------------------------------------------
538	 * Save the current SP_EL0 i.e. the EL3 runtime stack
539	 * which will be used for handling the next SMC. Then
540	 * switch to SP_EL3
541	 * -----------------------------------------------------
542	 */
543	mov	x17, sp
544	msr	spsel, #1
545	str	x17, [sp, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP]
546
547	/* -----------------------------------------------------
548	 * Restore SPSR_EL3, ELR_EL3 and SCR_EL3 prior to ERET
549	 * -----------------------------------------------------
550	 */
551	ldr	x18, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
552	ldp	x16, x17, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
553	msr	scr_el3, x18
554	msr	spsr_el3, x16
555	msr	elr_el3, x17
556
557	/* -----------------------------------------------------
558	 * Restore PMCR_EL0 when returning to Non-secure state
559	 * if Secure Cycle Counter is not disabled in MDCR_EL3
560	 * when ARMv8.5-PMU is implemented
561	 * -----------------------------------------------------
562	 */
563	tst	x18, #SCR_NS_BIT
564	beq	2f
565
566	/* -----------------------------------------------------
567	 * Back to Non-secure state.
568	 * Check if earlier initialization MDCR_EL3.SCCD to 1
569	 * failed, meaning that ARMv8-PMU is not implemented and
570	 * PMCR_EL0 should be restored from non-secure context.
571	 * -----------------------------------------------------
572	 */
573	mrs	x17, mdcr_el3
574	tst	x17, #MDCR_SCCD_BIT
575	bne	2f
576	ldr	x17, [sp, #CTX_EL3STATE_OFFSET + CTX_PMCR_EL0]
577	msr	pmcr_el0, x17
5782:
579
580#if IMAGE_BL31 && DYNAMIC_WORKAROUND_CVE_2018_3639
581	/* Restore mitigation state as it was on entry to EL3 */
582	ldr	x17, [sp, #CTX_CVE_2018_3639_OFFSET + CTX_CVE_2018_3639_DISABLE]
583	cmp	x17, xzr
584	beq	1f
585	blr	x17
5861:
587#endif
588
589#if CTX_INCLUDE_PAUTH_REGS
590	/* Restore ARMv8.3-PAuth registers */
591	bl	pauth_context_restore
592#endif
593
594	/* Restore saved general purpose registers and return */
595	b	restore_gp_registers_eret
596endfunc el3_exit
597