2017-09-22 08:32:10 +01:00
|
|
|
/*
|
2018-01-22 12:29:12 +00:00
|
|
|
* Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
|
2017-09-22 08:32:10 +01:00
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __EHF_H__
|
|
|
|
#define __EHF_H__
|
|
|
|
|
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
#include <utils_def.h>
|
|
|
|
|
|
|
|
/* Valid priorities set bit 0 of the priority handler. */
|
|
|
|
#define _EHF_PRI_VALID (((uintptr_t) 1) << 0)
|
|
|
|
|
|
|
|
/* Marker for no handler registered for a valid priority */
|
|
|
|
#define _EHF_NO_HANDLER (0 | _EHF_PRI_VALID)
|
|
|
|
|
|
|
|
/* Extract the specified number of top bits from 7 lower bits of priority */
|
|
|
|
#define EHF_PRI_TO_IDX(pri, plat_bits) \
|
|
|
|
((pri & 0x7f) >> (7 - plat_bits))
|
|
|
|
|
|
|
|
/* Install exception priority descriptor at a suitable index */
|
|
|
|
#define EHF_PRI_DESC(plat_bits, priority) \
|
|
|
|
[EHF_PRI_TO_IDX(priority, plat_bits)] = { \
|
|
|
|
.ehf_handler = _EHF_NO_HANDLER, \
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Macro for platforms to regiter its exception priorities */
|
|
|
|
#define EHF_REGISTER_PRIORITIES(priorities, num, bits) \
|
|
|
|
const ehf_priorities_t exception_data = { \
|
|
|
|
.num_priorities = num, \
|
|
|
|
.ehf_priorities = priorities, \
|
|
|
|
.pri_bits = bits, \
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Priority stack, managed as a bitmap.
|
|
|
|
*
|
|
|
|
* Currently only supports 32 priority levels, allowing platforms to use up to 5
|
|
|
|
* top bits of priority. But the type can be changed to uint64_t should need
|
|
|
|
* arise to support 64 priority levels, allowing platforms to use up to 6 top
|
|
|
|
* bits of priority.
|
|
|
|
*/
|
|
|
|
typedef uint32_t ehf_pri_bits_t;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Per-PE exception data. The data for each PE is kept as a per-CPU data field.
|
|
|
|
* See cpu_data.h.
|
|
|
|
*/
|
|
|
|
typedef struct {
|
|
|
|
ehf_pri_bits_t active_pri_bits;
|
|
|
|
|
|
|
|
/* Priority mask value before any priority levels were active */
|
|
|
|
uint8_t init_pri_mask;
|
BL31: Program Priority Mask for SMC handling
On GICv3 systems, as a side effect of adding provision to handle EL3
interrupts (unconditionally routing FIQs to EL3), pending Non-secure
interrupts (signalled as FIQs) may preempt execution in lower Secure ELs
[1]. This will inadvertently disrupt the semantics of Fast SMC
(previously called Atomic SMC) calls.
To retain semantics of Fast SMCs, the GIC PMR must be programmed to
prevent Non-secure interrupts from preempting Secure execution. To that
effect, two new functions in the Exception Handling Framework subscribe
to events introduced in an earlier commit:
- Upon 'cm_exited_normal_world', the Non-secure PMR is stashed, and
the PMR is programmed to the highest Non-secure interrupt priority.
- Upon 'cm_entering_normal_world', the previously stashed Non-secure
PMR is restored.
The above sequence however prevents Yielding SMCs from being preempted
by Non-secure interrupts as intended. To facilitate this, the public API
exc_allow_ns_preemption() is introduced that programs the PMR to the
original Non-secure PMR value. Another API
exc_is_ns_preemption_allowed() is also introduced to check if
exc_allow_ns_preemption() had been called previously.
API documentation to follow.
[1] On GICv2 systems, this isn't a problem as, unlike GICv3, pending NS
IRQs during Secure execution are signalled as IRQs, which aren't
routed to EL3.
Change-Id: Ief96b162b0067179b1012332cd991ee1b3051dd0
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-10-04 12:21:34 +01:00
|
|
|
|
|
|
|
/* Non-secure priority mask value stashed during Secure execution */
|
|
|
|
uint8_t ns_pri_mask;
|
2017-09-22 08:32:10 +01:00
|
|
|
} __aligned(sizeof(uint64_t)) pe_exc_data_t;
|
|
|
|
|
|
|
|
typedef int (*ehf_handler_t)(uint32_t intr_raw, uint32_t flags, void *handle,
|
|
|
|
void *cookie);
|
|
|
|
|
|
|
|
typedef struct ehf_pri_desc {
|
|
|
|
/*
|
|
|
|
* 4-byte-aligned exception handler. Bit 0 indicates the corresponding
|
|
|
|
* priority level is valid. This is effectively of ehf_handler_t type,
|
|
|
|
* but left as uintptr_t in order to make pointer arithmetic convenient.
|
|
|
|
*/
|
|
|
|
uintptr_t ehf_handler;
|
|
|
|
} ehf_pri_desc_t;
|
|
|
|
|
|
|
|
typedef struct ehf_priorities {
|
|
|
|
ehf_pri_desc_t *ehf_priorities;
|
|
|
|
unsigned int num_priorities;
|
|
|
|
int pri_bits;
|
|
|
|
} ehf_priorities_t;
|
|
|
|
|
|
|
|
void ehf_init(void);
|
|
|
|
void ehf_activate_priority(unsigned int priority);
|
|
|
|
void ehf_deactivate_priority(unsigned int priority);
|
|
|
|
void ehf_register_priority_handler(unsigned int pri, ehf_handler_t handler);
|
2018-01-22 12:29:12 +00:00
|
|
|
void ehf_allow_ns_preemption(uint64_t preempt_ret_code);
|
BL31: Program Priority Mask for SMC handling
On GICv3 systems, as a side effect of adding provision to handle EL3
interrupts (unconditionally routing FIQs to EL3), pending Non-secure
interrupts (signalled as FIQs) may preempt execution in lower Secure ELs
[1]. This will inadvertently disrupt the semantics of Fast SMC
(previously called Atomic SMC) calls.
To retain semantics of Fast SMCs, the GIC PMR must be programmed to
prevent Non-secure interrupts from preempting Secure execution. To that
effect, two new functions in the Exception Handling Framework subscribe
to events introduced in an earlier commit:
- Upon 'cm_exited_normal_world', the Non-secure PMR is stashed, and
the PMR is programmed to the highest Non-secure interrupt priority.
- Upon 'cm_entering_normal_world', the previously stashed Non-secure
PMR is restored.
The above sequence however prevents Yielding SMCs from being preempted
by Non-secure interrupts as intended. To facilitate this, the public API
exc_allow_ns_preemption() is introduced that programs the PMR to the
original Non-secure PMR value. Another API
exc_is_ns_preemption_allowed() is also introduced to check if
exc_allow_ns_preemption() had been called previously.
API documentation to follow.
[1] On GICv2 systems, this isn't a problem as, unlike GICv3, pending NS
IRQs during Secure execution are signalled as IRQs, which aren't
routed to EL3.
Change-Id: Ief96b162b0067179b1012332cd991ee1b3051dd0
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2017-10-04 12:21:34 +01:00
|
|
|
unsigned int ehf_is_ns_preemption_allowed(void);
|
2017-09-22 08:32:10 +01:00
|
|
|
|
|
|
|
#endif /* __ASSEMBLY__ */
|
|
|
|
|
|
|
|
#endif /* __EHF_H__ */
|