Merge changes from topic "db/exception_pstate" into integration

* changes:
  test(el3-runtime): dit is retained on world switch
  fix(el3-runtime): set unset pstate bits to default
  refactor(el3-runtime): add prepare_el3_entry func

Makefile

@@ -277,6 +277,10 @@ ifeq "8.6" "$(word 1, $(sort 8.6 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
 ENABLE_FEAT_ECV		=	1
 endif
 
+ifeq "8.4" "$(word 1, $(sort 8.4 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+ENABLE_FEAT_DIT		= 	1
+endif
+
 ifneq ($(findstring armclang,$(notdir $(CC))),)
 TF_CFLAGS_aarch32	=	-target arm-arm-none-eabi $(march32-directive)
 TF_CFLAGS_aarch64	=	-target aarch64-arm-none-eabi $(march64-directive)
@@ -1040,6 +1044,7 @@ $(eval $(call assert_booleans,\
         USE_SP804_TIMER \
         ENABLE_FEAT_RNG \
         ENABLE_FEAT_SB \
+        ENABLE_FEAT_DIT \
         PSA_FWU_SUPPORT \
         ENABLE_TRBE_FOR_NS \
         ENABLE_SYS_REG_TRACE_FOR_NS \
@@ -1154,6 +1159,7 @@ $(eval $(call add_defines,\
         USE_SP804_TIMER \
         ENABLE_FEAT_RNG \
         ENABLE_FEAT_SB \
+        ENABLE_FEAT_DIT \
         NR_OF_FW_BANKS \
         NR_OF_IMAGES_IN_FW_BANK \
         PSA_FWU_SUPPORT \

bl1/aarch64/bl1_exceptions.S

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -224,7 +224,7 @@ smc_handler:
 	 * TODO: Revisit to store only SMCCC specified registers.
 	 * -----------------------------------------------------
 	 */
-	bl	save_gp_pmcr_pauth_regs
+	bl	prepare_el3_entry
 
 #if ENABLE_PAUTH
 	/* -----------------------------------------------------

bl31/aarch64/ea_delegate.S

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -92,8 +92,9 @@ func enter_lower_el_sync_ea
 	 * Save general purpose and ARMv8.3-PAuth registers (if enabled).
 	 * If Secure Cycle Counter is not disabled in MDCR_EL3 when
 	 * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter.
+	 * Also set the PSTATE to a known state.
 	 */
-	bl	save_gp_pmcr_pauth_regs
+	bl	prepare_el3_entry
 
 #if ENABLE_PAUTH
 	/* Load and program APIAKey firmware key */
@@ -139,8 +140,9 @@ handle_lower_el_async_ea:
 	 * Save general purpose and ARMv8.3-PAuth registers (if enabled).
 	 * If Secure Cycle Counter is not disabled in MDCR_EL3 when
 	 * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter.
+	 * Also set the PSTATE to a known state.
 	 */
-	bl	save_gp_pmcr_pauth_regs
+	bl	prepare_el3_entry
 
 #if ENABLE_PAUTH
 	/* Load and program APIAKey firmware key */

bl31/aarch64/runtime_exceptions.S

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -71,8 +71,9 @@
 	 * Save general purpose and ARMv8.3-PAuth registers (if enabled).
 	 * If Secure Cycle Counter is not disabled in MDCR_EL3 when
 	 * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter.
+	 * Also set the PSTATE to a known state.
 	 */
-	bl	save_gp_pmcr_pauth_regs
+	bl	prepare_el3_entry
 
 	bl	handle_lower_el_ea_esb
 
@@ -209,8 +210,9 @@ exp_from_EL3:
 	 * Save general purpose and ARMv8.3-PAuth registers (if enabled).
 	 * If Secure Cycle Counter is not disabled in MDCR_EL3 when
 	 * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter.
+	 * Also set the PSTATE to a known state.
 	 */
-	bl	save_gp_pmcr_pauth_regs
+	bl	prepare_el3_entry
 
 #if ENABLE_PAUTH
 	/* Load and program APIAKey firmware key */
@@ -462,8 +464,9 @@ smc_handler64:
 	 * Save general purpose and ARMv8.3-PAuth registers (if enabled).
 	 * If Secure Cycle Counter is not disabled in MDCR_EL3 when
 	 * ARMv8.5-PMU is implemented, save PMCR_EL0 and disable Cycle Counter.
+	 * Also set the PSTATE to a known state.
 	 */
-	bl	save_gp_pmcr_pauth_regs
+	bl	prepare_el3_entry
 
 #if ENABLE_PAUTH
 	/* Load and program APIAKey firmware key */

bl32/tsp/tsp_main.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -370,6 +370,7 @@ tsp_args_t *tsp_smc_handler(uint64_t func,
 	uint64_t service_arg1;
 	uint64_t results[2];
 	uint32_t linear_id = plat_my_core_pos();
+	u_register_t dit;
 
 	/* Update this cpu's statistics */
 	tsp_stats[linear_id].smc_count++;
@@ -424,6 +425,23 @@ tsp_args_t *tsp_smc_handler(uint64_t func,
 		results[0] /= service_arg0 ? service_arg0 : 1;
 		results[1] /= service_arg1 ? service_arg1 : 1;
 		break;
+	case TSP_CHECK_DIT:
+		if (!is_armv8_4_dit_present()) {
+#if LOG_LEVEL >= LOG_LEVEL_ERROR
+			spin_lock(&console_lock);
+			ERROR("DIT not supported\n");
+			spin_unlock(&console_lock);
+#endif
+			results[0] = 0;
+			results[1] = 0xffff;
+			break;
+		}
+		dit = read_dit();
+		results[0] = dit == service_arg0;
+		results[1] = dit;
+		/* Toggle the dit bit */
+		write_dit(service_arg0 != 0U ? 0 : DIT_BIT);
+		break;
 	default:
 		break;
 	}

include/arch/aarch64/arch_features.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -46,6 +46,12 @@ static inline bool is_armv8_3_pauth_present(void)
 	return (read_id_aa64isar1_el1() & mask) != 0U;
 }
 
+static inline bool is_armv8_4_dit_present(void)
+{
+	return ((read_id_aa64pfr0_el1() >> ID_AA64PFR0_DIT_SHIFT) &
+		ID_AA64PFR0_DIT_MASK) == 1U;
+}
+
 static inline bool is_armv8_4_ttst_present(void)
 {
 	return ((read_id_aa64mmfr2_el1() >> ID_AA64MMFR2_EL1_ST_SHIFT) &

include/arch/aarch64/arch_helpers.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -529,6 +529,9 @@ DEFINE_RENAME_SYSREG_READ_FUNC(id_aa64mmfr2_el1, ID_AA64MMFR2_EL1)
 DEFINE_RENAME_SYSREG_RW_FUNCS(apiakeyhi_el1, APIAKeyHi_EL1)
 DEFINE_RENAME_SYSREG_RW_FUNCS(apiakeylo_el1, APIAKeyLo_EL1)
 
+/* Armv8.4 Data Independent Timing Register */
+DEFINE_RENAME_SYSREG_RW_FUNCS(dit, DIT)
+
 /* Armv8.5 MTE Registers */
 DEFINE_RENAME_SYSREG_RW_FUNCS(tfsre0_el1, TFSRE0_EL1)
 DEFINE_RENAME_SYSREG_RW_FUNCS(tfsr_el1, TFSR_EL1)

include/arch/aarch64/el3_common_macros.S

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2021, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -9,6 +9,7 @@
 
 #include <arch.h>
 #include <asm_macros.S>
+#include <assert_macros.S>
 #include <context.h>
 #include <lib/xlat_tables/xlat_tables_defs.h>
 
@@ -237,15 +238,20 @@
 
 	/*
 	 * If Data Independent Timing (DIT) functionality is implemented,
-	 * always enable DIT in EL3
+	 * always enable DIT in EL3.
+	 * First assert that the FEAT_DIT build flag matches the feature id
+	 * register value for DIT.
 	 */
+#if ENABLE_FEAT_DIT
+#if ENABLE_ASSERTIONS
 	mrs	x0, id_aa64pfr0_el1
 	ubfx	x0, x0, #ID_AA64PFR0_DIT_SHIFT, #ID_AA64PFR0_DIT_LENGTH
 	cmp	x0, #ID_AA64PFR0_DIT_SUPPORTED
-	bne	1f
+	ASM_ASSERT(eq)
+#endif /* ENABLE_ASSERTIONS */
 	mov	x0, #DIT_BIT
 	msr	DIT, x0
-1:
+#endif
 	.endm
 
 /* -----------------------------------------------------------------------------

include/bl32/tsp/tsp.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -41,6 +41,7 @@
 #define TSP_MUL		0x2002
 #define TSP_DIV		0x2003
 #define TSP_HANDLE_SEL1_INTR_AND_RETURN	0x2004
+#define TSP_CHECK_DIT	0x2005
 
 /*
  * Identify a TSP service from function ID filtering the last 16 bits from the

lib/el3_runtime/aarch64/context.S

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -21,7 +21,7 @@
 	.global	fpregs_context_save
 	.global	fpregs_context_restore
 #endif
-	.global	save_gp_pmcr_pauth_regs
+	.global	prepare_el3_entry
 	.global	restore_gp_pmcr_pauth_regs
 	.global save_and_update_ptw_el1_sys_regs
 	.global	el3_exit
@@ -682,8 +682,24 @@ func fpregs_context_restore
 endfunc fpregs_context_restore
 #endif /* CTX_INCLUDE_FPREGS */
 
+	/*
+	 * Set the PSTATE bits not set when the exception was taken as
+	 * described in the AArch64.TakeException() pseudocode function
+	 * in ARM DDI 0487F.c page J1-7635 to a default value.
+	 */
+	.macro set_unset_pstate_bits
+        /*
+         * If Data Independent Timing (DIT) functionality is implemented,
+         * always enable DIT in EL3
+         */
+#if ENABLE_FEAT_DIT
+        mov     x8, #DIT_BIT
+        msr     DIT, x8
+#endif /* ENABLE_FEAT_DIT */
+	.endm /* set_unset_pstate_bits */
+
 /* ------------------------------------------------------------------
- * The following function is used to save and restore all the general
+ * The following macro is used to save and restore all the general
  * purpose and ARMv8.3-PAuth (if enabled) registers.
  * It also checks if Secure Cycle Counter is not disabled in MDCR_EL3
  * when ARMv8.5-PMU is implemented, and if called from Non-secure
@@ -693,12 +709,10 @@ endfunc fpregs_context_restore
  * when a world switch occurs but that type of implementation is more
  * complex. So currently we will always save and restore these
  * registers on entry and exit of EL3.
- * These are not macros to ensure their invocation fits within the 32
- * instructions per exception vector.
  * clobbers: x18
  * ------------------------------------------------------------------
  */
-func save_gp_pmcr_pauth_regs
+	.macro save_gp_pmcr_pauth_regs
 	stp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
 	stp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
 	stp	x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
@@ -769,9 +783,28 @@ func save_gp_pmcr_pauth_regs
 	stp	x26, x27, [x19, #CTX_PACDBKEY_LO]
 	stp	x28, x29, [x19, #CTX_PACGAKEY_LO]
 #endif /* CTX_INCLUDE_PAUTH_REGS */
+	.endm /* save_gp_pmcr_pauth_regs */
 
+/* -----------------------------------------------------------------
+ * This function saves the context and sets the PSTATE to a known
+ * state, preparing entry to el3.
+ * Save all the general purpose and ARMv8.3-PAuth (if enabled)
+ * registers.
+ * Then set any of the PSTATE bits that are not set by hardware
+ * according to the Aarch64.TakeException pseudocode in the Arm
+ * Architecture Reference Manual to a default value for EL3.
+ * clobbers: x17
+ * -----------------------------------------------------------------
+ */
+func prepare_el3_entry
+	save_gp_pmcr_pauth_regs
+	/*
+	 * Set the PSTATE bits not described in the Aarch64.TakeException
+	 * pseudocode to their default values.
+	 */
+	set_unset_pstate_bits
 	ret
-endfunc save_gp_pmcr_pauth_regs
+endfunc prepare_el3_entry
 
 /* ------------------------------------------------------------------
  * This function restores ARMv8.3-PAuth (if enabled) and all general

make_helpers/defaults.mk

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2016-2021, Arm Limited. All rights reserved.
+# Copyright (c) 2016-2022, Arm Limited. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -145,6 +145,9 @@ ENABLE_FEAT_FGT			:= 0
 # Flag to enable access to the CNTPOFF_EL2 register
 ENABLE_FEAT_ECV			:= 0
 
+# Flag to enable use of the DIT feature.
+ENABLE_FEAT_DIT			:= 0
+
 # By default BL31 encryption disabled
 ENCRYPT_BL31			:= 0
 

services/spd/tspd/tspd_main.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -570,6 +570,11 @@ static uintptr_t tspd_smc_handler(uint32_t smc_fid,
 	case TSP_YIELD_FID(TSP_SUB):
 	case TSP_YIELD_FID(TSP_MUL):
 	case TSP_YIELD_FID(TSP_DIV):
+		/*
+		 * Request from non-secure client to perform a check
+		 * of the DIT PSTATE bit.
+		 */
+	case TSP_YIELD_FID(TSP_CHECK_DIT):
 		if (ns) {
 			/*
 			 * This is a fresh request from the non-secure client.