| Age | Commit message (Collapse) | Author |
|---|
|
According to the SMC Calling Convention (ARM DEN0028B):
The Unknown SMC Function Identifier is a sign-extended value of
(-1) that is returned in R0, W0 or X0 register.
The value wasn't sign-extended because it was defined as a 32-bit
unsigned value (0xFFFFFFFF).
SMC_PREEMPT has been redefined as -2 for the same reason.
NOTE: This might be a compatibility break for some AArch64 platforms
that don't follow the previous version of the SMCCC (ARM DEN0028A)
correctly. That document specifies that only the bottom 32 bits of the
returned value must be checked. If a platform relies on the top 32 bits
of the result being 0 (so that SMC_UNK is 0x00000000FFFFFFFF), it will
have to fix its code to comply with the SMCCC.
Change-Id: I7f7b109f6b30c114fe570aa0ead3c335383cb54d
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
In preparation for SMCCC v1.1 support, save x4 to x29 unconditionally.
Previously we expected callers coming from AArch64 mode to preserve
x8-x17. This is no longer the case with SMCCC v1.1 as AArch64 callers
only need to save x0-x3.
Change-Id: Ie62d620776533969ff4a02c635422f1b9208be9c
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
|
|
Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling
and enabling the MMU. To achieve this without performing any branch
instruction, a per-cpu vbar is installed which executes the workaround
and then branches off to the corresponding vector entry in the main
vector table. A side effect of this change is that the main vbar is
configured before any reset handling. This is to allow the per-cpu
reset function to override the vbar setting.
This workaround is enabled by default on the affected CPUs.
Change-Id: I97788d38463a5840a410e3cea85ed297a1678265
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
|
|
Some error paths that lead to a crash dump will overwrite the value in
the x30 register by calling functions with the no_ret macro, which
resolves to a BL instruction. This is not very useful and not what the
reader would expect, since a crash dump should usually show all
registers in the state they were in when the exception happened. This
patch replaces the offending function calls with a B instruction to
preserve the value in x30.
Change-Id: I2a3636f2943f79bab0cd911f89d070012e697c2a
Signed-off-by: Julius Werner <jwerner@chromium.org>
|
|
To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.
NOTE: Files that have been imported by FreeBSD have not been modified.
[0]: https://spdx.org/
Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
|
|
There are many instances in ARM Trusted Firmware where control is
transferred to functions from which return isn't expected. Such jumps
are made using 'bl' instruction to provide the callee with the location
from which it was jumped to. Additionally, debuggers infer the caller by
examining where 'lr' register points to. If a 'bl' of the nature
described above falls at the end of an assembly function, 'lr' will be
left pointing to a location outside of the function range. This misleads
the debugger back trace.
This patch defines a 'no_ret' macro to be used when jumping to functions
from which return isn't expected. The macro ensures to use 'bl'
instruction for the jump, and also, for debug builds, places a 'nop'
instruction immediately thereafter (unless instructed otherwise) so as
to leave 'lr' pointing within the function range.
Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
|
|
* Move comments on unhandled exceptions at the right place.
* Reformat the existing comments to highlight the start of
each block of 4 entries in the exception table to ease
navigation (lines of dash reserved for head comments).
* Reflow comments to 80 columns.
Change-Id: I5ab88a93d0628af8e151852cb5b597eb34437677
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
|
|
In order to quantify the overall time spent in the PSCI software
implementation, an initial collection of PMF instrumentation points
has been added.
Instrumentation has been added to the following code paths:
- Entry to PSCI SMC handler. The timestamp is captured as early
as possible during the runtime exception and stored in memory
before entering the PSCI SMC handler.
- Exit from PSCI SMC handler. The timestamp is captured after
normal return from the PSCI SMC handler or if a low power state
was requested it is captured in the bl31 warm boot path before
return to normal world.
- Entry to low power state. The timestamp is captured before entry
to a low power state which implies either standby or power down.
As these power states are mutually exclusive, only one timestamp
is defined to describe both. It is possible to differentiate between
the two power states using the PSCI STAT interface.
- Exit from low power state. The timestamp is captured after a standby
or power up operation has completed.
To calculate the number of cycles spent running code in Trusted Firmware
one can perform the following calculation:
(exit_psci - enter_psci) - (exit_low_pwr - enter_low_pwr).
The resulting number of cycles can be converted to time given the
frequency of the counter.
Change-Id: Ie3b8f3d16409b6703747093b3a2d5c7429ad0166
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
|
|
This patch introduces some assembler macros to simplify the
declaration of the exception vectors. It abstracts the section
the exception code is put into as well as the alignments
constraints mandated by the ARMv8 architecture. For all TF images,
the exception code has been updated to make use of these macros.
This patch also updates some invalid comments in the exception
vector code.
Change-Id: I35737b8f1c8c24b6da89b0a954c8152a4096fa95
|
|
The upcoming Firmware Update feature needs transitioning across
Secure/Normal worlds to complete the FWU process and hence requires
context management code to perform this task.
Currently context management code is part of BL31 stage only.
This patch moves the code from (include)/bl31 to (include)/common.
Some function declarations/definitions and macros have also moved
to different files to help code sharing.
Change-Id: I3858b08aecdb76d390765ab2b099f457873f7b0c
|
|
The IMF_READ_INTERRUPT_ID build option enables a feature where the interrupt
ID of the highest priority pending interrupt is passed as a parameter to the
interrupt handler registered for that type of interrupt. This additional read
of highest pending interrupt id from GIC is problematic as it is possible that
the original interrupt may get deasserted and another interrupt of different
type maybe become the highest pending interrupt. Hence it is safer to prevent
such behaviour by removing the IMF_READ_INTERRUPT_ID build option.
The `id` parameter of the interrupt handler `interrupt_type_handler_t` is
now made a reserved parameter with this patch. It will always contain
INTR_ID_UNAVAILABLE.
Fixes ARM-software/tf-issues#307
Change-Id: I2173aae1dd37edad7ba6bdfb1a99868635fa34de
|
|
There are couple of issues with how the interrupt routing framework in BL3_1
handles spurious interrupts.
1. In the macro 'handle_interrupt_exception', if a spurious interrupt is
detected by plat_ic_get_pending_interrupt_type(), then execution jumps to
'interrupt_exit_\label'. This macro uses the el3_exit() function to return to
the original exception level. el3_exit() attempts to restore the SPSR_EL3 and
ELR_EL3 registers with values from the current CPU context. Since these
registers were not saved in this code path, it programs stale values into
these registers. This leads to unpredictable behaviour after the execution of
the ERET instruction.
2. When an interrupt is routed to EL3, it could be de-asserted before the
GICC_HPPIR is read in plat_ic_get_pending_interrupt_type(). There could be
another interrupt pending at the same time e.g. a non-secure interrupt. Its
type will be returned instead of the original interrupt. This would result in
a call to get_interrupt_type_handler(). The firmware will panic if the
handler for this type of interrupt has not been registered.
This patch fixes the first problem by saving SPSR_EL3 and ELR_EL3 early in the
'handle_interrupt_exception' macro, instead of only doing so once the validity
of the interrupt has been determined.
The second problem is fixed by returning execution back to the lower exception
level through the 'interrupt_exit_\label' label instead of treating it as an
error condition. The 'interrupt_error_\label' label has been removed since it is
no longer used.
Fixes ARM-software/tf-issues#305
Change-Id: I81c729a206d461084db501bb81b44dff435021e8
|
|
In order for the symbol table in the ELF file to contain the size of
functions written in assembly, it is necessary to report it to the
assembler using the .size directive.
To fulfil the above requirements, this patch introduces an 'endfunc'
macro which contains the .endfunc and .size directives. It also adds
a .func directive to the 'func' assembler macro.
The .func/.endfunc have been used so the assembler can fail if
endfunc is omitted.
Fixes ARM-Software/tf-issues#295
Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc
Signed-off-by: Kévin Petit <kevin.petit@arm.com>
|
|
This patch gathers miscellaneous minor fixes to the documentation, and comments
in the source code.
Change-Id: I631e3dda5abafa2d90f464edaee069a1e58b751b
Co-Authored-By: Soby Mathew <soby.mathew@arm.com>
Co-Authored-By: Dan Handley <dan.handley@arm.com>
|
|
This patch disables routing of external aborts from lower exception levels to
EL3 and ensures that a SError interrupt generated as a result of execution in
EL3 is taken locally instead of a lower exception level.
The SError interrupt is enabled in the TSP code only when the operation has not
been directly initiated by the normal world. This is to prevent the possibility
of an asynchronous external abort which originated in normal world from being
taken when execution is in S-EL1.
Fixes ARM-software/tf-issues#153
Change-Id: I157b996c75996d12fd86d27e98bc73dd8bce6cd5
|
|
Introduce asm assert and optimize crash reporting
|
|
This patch reworks the crash reporting mechanism to further
optimise the stack and code size. The reporting makes use
of assembly console functions to avoid calling C Runtime
to report the CPU state. The crash buffer requirement is
reduced to 64 bytes with this implementation. The crash
buffer is now part of per-cpu data which makes retrieving
the crash buffer trivial.
Also now panic() will use crash reporting if
invoked from BL3-1.
Fixes ARM-software/tf-issues#199
Change-Id: I79d27a4524583d723483165dc40801f45e627da5
|
|
This patch uses stacks allocated in normal memory to enable the MMU early in the
warm boot path thus removing the dependency on stacks allocated in coherent
memory. Necessary cache and stack maintenance is performed when a cpu is being
powered down and up. This avoids any coherency issues that can arise from
reading speculatively fetched stale stack memory from another CPUs cache. These
changes affect the warm boot path in both BL3-1 and BL3-2.
The EL3 system registers responsible for preserving the MMU state are not saved
and restored any longer. Static values are used to program these system
registers when a cpu is powered on or resumed from suspend.
Change-Id: I8357e2eb5eb6c5f448492c5094b82b8927603784
|
|
This patch fixes the compilation issue for trusted firmware when the
IMF_READ_INTERRUPT_ID is enabled.
Change-Id: I94ab613b9bc96a7c1935796c674dc42246aaafee
|
|
The interrupt handling routine in BL3-1 expects a cookie as its last
parameter which was not being passed when invoking the interrupt
handler in BL3-1. This patch fixes that by passing a dummy cookie
parameter in the x3 register.
Fixes ARM-software/tf-issues#171
Change-Id: Ic98abbbd9f849e6f1c55343e865b5e0a4904a1c5
|
|
Rename the ic_* platform porting functions to plat_ic_* to be
consistent with the other functions in platform.h. Also rename
bl31_get_next_image_info() to bl31_plat_get_next_image_ep_info()
and remove the duplicate declaration in bl31.h.
Change-Id: I4851842069d3cff14c0a468daacc0a891a7ede84
|
|
Previously, platform.h contained many declarations and definitions
used for different purposes. This file has been split so that:
* Platform definitions used by common code that must be defined
by the platform are now in platform_def.h. The exact include
path is exported through $PLAT_INCLUDES in the platform makefile.
* Platform definitions specific to the FVP platform are now in
/plat/fvp/fvp_def.h.
* Platform API declarations specific to the FVP platform are now
in /plat/fvp/fvp_private.h.
* The remaining platform API declarations that must be ported by
each platform are still in platform.h but this file has been
moved to /include/plat/common since this can be shared by all
platforms.
Change-Id: Ieb3bb22fbab3ee8027413c6b39a783534aee474a
|
|
This patch adds a common handler for FIQ and IRQ exceptions in the
BL3-1 runtime exception vector table. This function determines the
interrupt type and calls its handler. A crash is reported if an
inconsistency in the interrupt management framework is detected. In
the event of a spurious interrupt, execution resumes from the
instruction where the interrupt was generated.
This patch also removes 'cm_macros.S' as its contents have been moved
to 'runtime_exceptions.S'
Change-Id: I3c85ecf8eaf43a3fac429b119ed0bd706d2e2093
|
|
This patch implements the register reporting when unhandled exceptions are
taken in BL3-1. Unhandled exceptions will result in a dump of registers
to the console, before halting execution by that CPU. The Crash Stack,
previously called the Exception Stack, is used for this activity.
This stack is used to preserve the CPU context and runtime stack
contents for debugging and analysis.
This also introduces the per_cpu_ptr_cache, referenced by tpidr_el3,
to provide easy access to some of BL3-1 per-cpu data structures.
Initially, this is used to provide a pointer to the Crash stack.
panic() now prints the the error file and line number in Debug mode
and prints the PC value in release mode.
The Exception Stack is renamed to Crash Stack with this patch.
The original intention of exception stack is no longer valid
since we intend to support several valid exceptions like IRQ
and FIQ in the trusted firmware context. This stack is now
utilized for dumping and reporting the system state when a
crash happens and hence the rename.
Fixes ARM-software/tf-issues#79 Improve reporting of unhandled exception
Change-Id: I260791dc05536b78547412d147193cdccae7811a
|
|
Previously exception handlers in BL3-1, X19-X29 were not saved
and restored on every SMC/trap into EL3. Instead these registers
were 'saved as needed' as a side effect of the A64 ABI used by the C
compiler.
That approach failed when world switching but was not visible
with the TSP/TSPD code because the TSP is 64-bit, did not
clobber these registers when running and did not support pre-emption
by normal world interrupts. These scenarios showed
that the values in these registers can be passed through a world
switch, which broke the normal and trusted world assumptions
about these registers being preserved.
The Ideal solution saves and restores these registers when a
world switch occurs - but that type of implementation is more complex.
So this patch always saves and restores these registers on entry and
exit of EL3.
Fixes ARM-software/tf-issues#141
Change-Id: I9a727167bbc594454e81cf78a97ca899dfb11c27
|
|
Reduce the number of header files included from other header
files as much as possible without splitting the files. Use forward
declarations where possible. This allows removal of some unnecessary
"#ifndef __ASSEMBLY__" statements.
Also, review the .c and .S files for which header files really need
including and reorder the #include statements alphabetically.
Fixes ARM-software/tf-issues#31
Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
|
|
Make codebase consistent in its use of #include "" syntax for
user includes and #include <> syntax for system includes.
Fixes ARM-software/tf-issues#65
Change-Id: If2f7c4885173b1fd05ac2cde5f1c8a07000c7a33
|
|
The BL images share common stack management code which provides
one coherent and one cacheable stack for every CPU. BL1 and BL2
just execute on the primary CPU during boot and do not require
the additional CPU stacks. This patch provides separate stack
support code for UP and MP images, substantially reducing the
RAM usage for BL1 and BL2 for the FVP platform.
This patch also provides macros for declaring stacks and
calculating stack base addresses to improve consistency where
this has to be done in the firmware.
The stack allocation source files are now included via
platform.mk rather than the common BLx makefiles. This allows
each platform to select the appropriate MP/UP stack support
for each BL image.
Each platform makefile must be updated when including this
commit.
Fixes ARM-software/tf-issues#76
Change-Id: Ia251f61b8148ffa73eae3f3711f57b1ffebfa632
|
|
This extends the --gc-sections behaviour to the many assembler
support functions in the firmware images by placing each function
into its own code section. This is achieved by creating a 'func'
macro used to declare each function label.
Fixes ARM-software/tf-issues#80
Change-Id: I301937b630add292d2dec6d2561a7fcfa6fec690
|
|
Fixes ARM-software/tf-issues#70
Change-Id: I7f024f173fbdecd315076f528b05d6295aff7276
|
|
This patch adds guards so that an exception vector exceeding 32
instructions will generate a compile-time error. This keeps the
exception handlers in check from spilling over.
Change-Id: I7aa56dd0071a333664e2814c656d3896032046fe
|
|
This patch uses the reworked exception handling support to handle
runtime service requests through SMCs following the SMC calling
convention. This is a giant commit since all the changes are
inter-related. It does the following:
1. Replace the old exception handling mechanism with the new one
2. Enforce that SP_EL0 is used C runtime stacks.
3. Ensures that the cold and warm boot paths use the 'cpu_context'
structure to program an ERET into the next lower EL.
4. Ensures that SP_EL3 always points to the next 'cpu_context'
structure prior to an ERET into the next lower EL
5. Introduces a PSCI SMC handler which completes the use of PSCI as a
runtime service
Change-Id: I661797f834c0803d2c674d20f504df1b04c2b852
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
|
|
This patch ensures that VBAR_EL3 points to the simple stack-less
'early_exceptions' when the C runtime stack is not correctly setup to
use the more complex 'runtime_exceptions'. It is initialised to
'runtime_exceptions' once this is done.
This patch also moves all exception vectors into a '.vectors' section
and modifies linker scripts to place all such sections together. This
will minimize space wastage from alignment restrictions.
Change-Id: I8c3e596ea3412c8bd582af9e8d622bb1cb2e049d
|
|
Change-Id: Ic7fb61aabae1d515b9e6baf3dd003807ff42da60
|
|
The runtime exception handling assembler code used magic numbers for
saving and restoring the general purpose register context on stack
memory. The memory is interpreted as a 'gp_regs' structure and the
magic numbers are offsets to members of this structure. This patch
replaces the magic number offsets with constants. It also adds compile
time assertions to prevent an incorrect assembler view of this
structure.
Change-Id: Ibf125bfdd62ba3a33e58c5f1d71f8c229720781c
|
|
- Add instructions for contributing to ARM Trusted Firmware.
- Update copyright text in all files to acknowledge contributors.
Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5
|
|
- Check at link-time that bootloader images will fit in memory
at run time and that they won't overlap each other.
- Remove text and rodata orphan sections.
- Define new linker symbols to remove the need for platform setup
code to know the order of sections.
- Reduce the size of the raw binary images by cutting some sections
out of the disk image and allocating them at load time, whenever
possible.
- Rework alignment constraints on sections.
- Remove unused linker symbols.
- Homogenize linker symbols names across all BLs.
- Add some comments in the linker scripts.
Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
|
|
|
