Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way: e0ea0928d5 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a2 ("drivers: add tzc380 support").
This problem was introduced in commit 4ecca33988 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.
Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.
Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch allows platforms to define their
own jump table list for library at ROM. The
file has the list of functions to be used
from library at ROM. It can also include
other list files.
Change-Id: I721c35d7dad3dcadbb3a7f3277bfd5d3e1f6e00a
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass
Safe) bit to mitigate against Variant 4 vulnerabilities. Although an
Armv8.5 feature, this can be implemented by CPUs implementing earlier
version of the architecture.
With this patch, when both PSTATE.SSBS is implemented and
DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for
SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to
indicate that mitigation on the PE is either permanently enabled or not
required.
When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset
of every BL stage. This means that EL3 always executes with mitigation
applied.
For Cortex A76, if the PE implements SSBS, the existing mitigation (by
using a different vector table, and tweaking CPU ACTLR2) is not used.
Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Initial Spectre Variant 1 mitigations (CVE-2017-5753).
A potential speculative data leak was found in PSCI code, this depends
on a non-robust implementation of the `plat_get_core_pos_by_mpidr()`
function. This is considered very low-risk. This patch adds a macro to
mitigate this. Note not all code paths could be analyzed with current
tools.
Add a macro which makes a variable 'speculation safe', using the
__builtin_speculation_safe_value function of GCC and llvm. This will be
available in GCC 9, and is planned for llvm, but is not currently in
mainline GCC or llvm. In order to implement this mitigation the compiler
must support this builtin. Support is indicated by the
__HAVE_SPECULATION_SAFE_VALUE flag.
The -mtrack-speculation option maintains a 'tracker' register, which
determines if the processor is in false speculation at any point. This
adds instructions and increases code size, but avoids the performance
impact of a hard barrier.
Without the -mtrack-speculation option, __builtin_speculation_safe_value
expands to a
ISB
DSB SY
sequence after a conditional branch, before the
speculation safe variable is used. With -mtrack-speculation a
CSEL tracker, tracker, XZR, [cond];
AND safeval,tracker;
CSDB
sequence is added instead, clearing the vulnerable variable by
AND'ing it with the tracker register, which is zero during speculative
execution. [cond] are the status flags which will only be true during
speculative execution. For more information on
__builtin_speculation_safe_value and the -mtrack-speculation option see
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/compiler-support-for-mitigations
The -mtracking option was not added, as the performance impact of the
mitigation is low, and there is only one occurence.
Change-Id: Ic9e66d1f4a5155e42e3e4055594974c230bfba3c
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
This patch adds support to build a combined BL1
and ROMLIB binary file with the right page
alignment in Juno. When USE_ROMLIB=1 is set for
Juno, it generates the combined file
bl1_romlib.bin which needs to be used instead of
bl1.bin
Change-Id: I407efbe48d3e522fa6ef855538a9587193cb1919
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
Register functions have to be added to the
jump table to allow patching in the
future
Change-Id: I57a885f7fc6290ea74a6096aea5b1867b2098eb7
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
This change allows patching of functions in the
romlib. This can be done by adding "patch" at the
end of the jump table entry for the function that
needs to be patched in the file jmptbl.i.
Functions patched in the jump table list will be
built as part of the BL image and the romlib
version will not be used
Change-Id: Iefb200cb86e2a4b61ad3ee6180d3ecc39bad537f
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
Provide new APIs to add new regions without specifying the base VA.
- `mmap_add_region_alloc_va` adds a static region to mmap choosing as
base VA the first possible address after all the currently mapped
regions. It is aligned to an appropriate boundary in relation to the
size and base PA of the requested region. No attempt is made to fill
any unused VA holes.
- `mmap_add_dynamic_region_alloc_va` it adds a region the same way as
`mmap_add_region_alloc_va` does, but it's dynamic instead of static.
- `mmap_add_alloc_va` takes an array of non const `mmap_region_t`,
maps them in the same way as `mmap_add_region_alloc_va` and fills
their `base_va` field. A helper macro has been created to help create
the array, called `MAP_REGION_ALLOC_VA`.
Change-Id: I5ef3f82ca0dfd0013d2e8034aa22f13ca528ba37
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Imported from the LLVM compiler_rt library on master branch as of
30 Oct 2018 (SVN revision: r345645).
This is to get the __aeabi_llsr() builtin, which is required by a
subsequent patch that uses a logical right shift operator in AArch32.
Change-Id: I9884139a12855a8a87206fb572aaa7dd35582b09
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Imported from the LLVM compiler_rt library on master branch as of
30 Oct 2018 (SVN revision: r345645).
Change-Id: I058cfb5894daf1d12e1ef971c0ba36b0aa089be5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The macro EL_IMPLEMENTED() has been deprecated in favour of the new
function el_implemented().
Change-Id: Ic9b1b81480b5e019b50a050e8c1a199991bf0ca9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Version 1.4.7 introduces a big performance hit to functions that access
the FDT. Downgrade the library to version 1.4.6-9, before the changes
that introduce the problem. Version 1.4.6 isn't used because one of the
libfdt files (fdt_overlay.c) is missing the license header. This
problem is also fixed in 1.4.6-9.
This version corresponds to commit <aadd0b65c987> checks: centralize
printing of property names in failure messages.
FixesARM-software/tf-issues#643
Change-Id: I73c05f2b1f994bcdcc4366131ce0647553cdcfb8
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch introduces Position Independant Executable(PIE) support
in TF-A. As a initial prototype, only BL31 can support PIE. A trivial
dynamic linker is implemented which supports fixing up Global Offset
Table(GOT) and Dynamic relocations(.rela.dyn). The fixup_gdt_reloc()
helper function implements this linker and this needs to be called
early in the boot sequence prior to invoking C functions. The GOT is
placed in the RO section of BL31 binary for improved security and the
BL31 linker script is modified to export the appropriate symbols
required for the dynamic linker.
The C compiler always generates PC relative addresses to linker symbols
and hence referencing symbols exporting constants are a problem when
relocating the binary. Hence the reference to the
`__PERCPU_TIMESTAMP_SIZE__` symbol in PMF is removed and is now calculated
at runtime based on start and end addresses.
Change-Id: I1228583ff92cf432963b7cef052e95d995cca93d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Previously the errata reporting was optional for CPU operation
files and this was achieved by making use of weak reference to
resolve to 0 if the symbol is not defined. This is error prone
when adding new CPU operation files and weak references are
problematic when fixing up dynamic relocations. Hence this patch
removes the weak reference and makes it mandatory for the CPU
operation files to define the errata reporting function.
Change-Id: I8af192e19b85b7cd8c7579e52f8f05a4294e5396
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch fixes up the AArch64 assembly code to use
adrp/adr instructions instead of ldr instruction for
reference to symbols. This allows these assembly
sequences to be Position Independant. Note that the
the reference to sizes have been replaced with
calculation of size at runtime. This is because size
is a constant value and does not depend on execution
address and using PC relative instructions for loading
them makes them relative to execution address. Also
we cannot use `ldr` instruction to load size as it
generates a dynamic relocation entry which must *not*
be fixed up and it is difficult for a dynamic loader
to differentiate which entries need to be skipped.
Change-Id: I8bf4ed5c58a9703629e5498a27624500ef40a836
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
There are several platforms using arm_setup_page_tables(), which is
supposed to be Arm platform only. This creates several dependency
problems between platforms.
This patch adds the definition XLAT_TABLES_LIB_V2 to the xlat tables lib
v2 makefile. This way it is possible to detect from C code which version
is being used and include the correct header.
The file arm_xlat_tables.h has been renamed to xlat_tables_compat.h and
moved to a common folder. This way, when in doubt, this header can be
used to guarantee compatibility, as it includes the correct header based
on XLAT_TABLES_LIB_V2.
This patch also removes the usage of ARM_XLAT_TABLES_V1 from QEMU (so
that is now locked in xlat lib v2) and ZynqMP (where it was added as a
workaround).
Change-Id: Ie1e22a23b44c549603d1402a237a70d0120d3e04
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The current version of libfdt (1.4.2) has been modified to integrate it
in this repository. In order to do a clean import it is needed to remove
the current version first.
Change-Id: I2cab8c8e5632280d282fa7a2f2339768a0ad1e0f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Imported from lib/libc/string/strrchr.c from commit:
59fd2fb98e4cc7e9bfc89598e28e21d405fd470c
Change-Id: I898206c6f0372d4d211c149ec0fb9522d0a5b01c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Leave the caches on and explicitly flush any data that
may be stale when the core is powered down. This prevents
non-coherent interconnect access which has negative side-
effects on AM65x.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Pointer authentication is an Armv8.3 feature that introduces
instructions that can be used to authenticate and verify pointers.
Pointer authentication instructions are allowed to be accessed from all
ELs but only when EL3 explicitly allows for it; otherwise, their usage
will trap to EL3. Since EL3 doesn't have trap handling in place, this
patch unconditionally disables all related traps to EL3 to avoid
potential misconfiguration leading to an unhandled EL3 exception.
FixesARM-software/tf-issues#629
Change-Id: I9bd2efe0dc714196f503713b721ffbf05672c14d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Some platforms can only resume from system suspend from the boot
CPU, hence they should only enter that state from that same core.
The following commit presents an interface that allows the platform to
reject system suspend entry near its very last stage (last CPU).
When a platform enables its caches before it accesses the
psci_non_cpu_pd_nodes structure then explicit cache maintenance
is not needed.
Signed-off-by: Andrew F. Davis <afd@ti.com>
The MMU is not disabled in this path, update the comment to
reflect this. Also clarify that both paths call prepare_cpu_pwr_dwn(),
but the second path does stack cache maintenance.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Commit 79621f0038 broke sgi575.
It is possible to have a region with 0 as value for the attributes. It
means device memory, read only, secure, executable. This is legitimate
if the code is in flash and the code is executed from there.
This is the case for SGI_MAP_FLASH0_RO, defined in the file
plat/arm/css/sgi/sgi_plat.c.
This problem is solved by checking both size and attributes in xlat v1.
In xlat v2, it is enough to check the granularity, as it can never be 0.
Change-Id: I7be11f1b0e51c4c2ffd560b4a6cdfbf15de2c276
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Mark the xlat tables code only used in BL31 initialization as
__init to be reclaimed once no longer needed
Change-Id: I3106bfd994706a57c578624573bcfa525fbbd3c4
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Mark the initialization functions in BL31, such as context management,
EHF, RAS and PSCI as __init so that they can be reclaimed by the
platform when no longer needed
Change-Id: I7446aeee3dde8950b0f410cb766b7a2312c20130
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Depending on the build flags it is possible that some of the memory
regions mapped in page table setup could have a size of 0. In this
case we simply want to do nothing but still wish to map the other
regions in the array. Therefore we cannot only use size == 0 as
the termination logic for the loop.
Since an attributes field with value 0 means that the region is
device memory, read only, secure and executable. Device memory
can't be executable, so this combination should never be used
and it is safe to use as a terminator value.
Therefore by changing the termination logic to use attributes
instead of size we prevent terminating the loop when we don't
intend to.
Change-Id: I92fc7f689ab08543497be6be4896dace2ed7b66a
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Ensure case clauses:
* Terminate with an unconditional break, return or goto statement.
* Use conditional break, return or goto statements as long as the end
of the case clause is unreachable; such case clauses must terminate
with assert(0) /* Unreachable */ or an unconditional __dead2 function
call
* Only fallthough when doing otherwise would result in less
readable/maintainable code; such case clauses must terminate with a
/* Fallthrough */ comment to make it clear this is the case and
indicate that a fallthrough is intended.
This reduces the chance of bugs appearing due to unintended flow through a
switch statement
Change-Id: I70fc2d1f4fd679042397dec12fd1982976646168
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
This patch fixes the name of the Cortex-ares errata function which was
previously named `cortex_a72_errata_report` which was an error.
Change-Id: Ia124df4628261021baa8d9a30308bc286d45712b
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
With the current implementation, it's possible for a contender to
observe accesses in the Critical Section before acquiring or releasing
the lock. Insert fencing in the locking and release codes to prevent any
reorder.
FixesARM-software/tf-issues#609
Change-Id: I773b82aa41dd544a2d3dbacb9a4b42c9eb767bbb
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
For Denver CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.
This approach permanently mitigates the EL3 software stack only. Other
software components are responsible to enable it for their exception
levels.
TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN3
and earlier:
* By setting bit 11 (Disable speculative store buffering) of
`ACTLR_EL3`
* By setting bit 9 (Disable speculative memory disambiguation) of
`ACTLR_EL3`
TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN4
and later:
* By setting bit 18 (Disable speculative store buffering) of
`ACTLR_EL3`
* By setting bit 17 (Disable speculative memory disambiguation) of
`ACTLR_EL3`
Change-Id: If1de96605ce3f7b0aff5fab2c828e5aecb687555
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Denver CPUs expect the power state field to be reset to 'C1'
during boot. This patch updates the reset handler to reset the
ACTLR_.PMSTATE field to 'C1' state during CPU boot.
Change-Id: I7cb629627a4dd1a30ec5cbb3a5e90055244fe30c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The current functions to disable and enable Dynamic Code Optimizer
(DCO) assume that all denver cores are in the same cluster. They
ignore AFF1 field of the mpidr_el1 register, which leads to
incorect logical core id calculation.
This patch calls the platform handler, plat_my_core_pos(), to get
the logical core id to disable/enable DCO for the core.
Original change by: Krishna Sitaraman <ksitaraman@nvidia.com>
Change-Id: I45fbd1f1eb032cc1db677a4fdecc554548b4a830
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
When any of these functions is called the backtrace will be printed to
the console.
Change-Id: Id60842df824b320c485a9323ed6b80600f4ebe35
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch fixes a bug in the context management code that causes it to
ignore the HANDLE_EA_EL3_FIRST compile-time option and instead always
configure SCR_EL3 to force all external aborts to trap into EL3. The
code used #ifdef to read compile-time option declared with add_define in
the Makefile... however, those options are always defined, they're just
defined to either 0 or 1, so #if is the correct syntax to check for
them. Also update the documentation to match.
This bug has existed since the Nov 2017 commit 76454abf4 (AArch64:
Introduce External Abort handling), which changed the
HANDLE_EA_EL3_FIRST option to use add_define.
Change-Id: I7189f41d0daee78fa2fcf4066323e663e1e04d3d
Signed-off-by: Julius Werner <jwerner@chromium.org>
Updated optee_utils.c to fixARM-software/tf-issues#603 related to the
tee-validate-header bug.
Minor updates to the header valid checking logic. It would never make
sense to have less than 1 image to load so this is now checked.
Changed OPTEE_MAX_IMAGE_NUM to OPTEE_MAX_NUM_IMAGES to clarify its
definition. OPTEE_MAX_IMAGE_NUM sounds like an ID assigned to the last
image to load. OPTEE_MAX_NUM_IMAGES sounds like the maximum number of
images to load.
Signed-off-by: Nathan Menhorn <nathan.menhorn@xilinx.com>
The initial implementation was corrupting registers that it shouldn't.
Now this is fixed.
Change-Id: Iaa407c18e668b2d9381391bf10d6876fe936aded
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
armclang replaces calls to printf by calls to one of the symbols
__0printf, __1printf or __2printf. This patch adds new functions with
these names that internally call printf so that the Trusted Firmware can
be compiled with this compiler.
Change-Id: I06a0e3e5001232fe5b2577615666ddd66e81eef0
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
tf_printf and tf_snprintf are now called printf and snprintf, so the
code needs to be updated.
Change-Id: Iffeee97afcd6328c4c2d30830d4923b964682d71
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Change their names to printf and snprintf. They are much smaller than
the previous versions we had, which makes them better suited for the
Trusted Firmware.
Change-Id: Ia872af91b7b967c47fce012eccecede7873a3daf
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The codebase was using non-standard headers. It is needed to replace
them by the correct ones so that we can use the new libc headers.
Change-Id: I530f71d9510cb036e69fe79823c8230afe890b9d
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Remove code specific to FreeBSD so that they can be used in this
repository.
Change-Id: I5c11eb5b3c05a7fb91aed08371a1f7a0e6122a94
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The existing files had some style problems that this patch fixes.
Change-Id: I794e0d96e52f8da0ffa0d70a41f36c4432b4e563
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
They are too big for the Trusted Firmware, and it can be confusing to
have two versions of the same functions with different names. tf_printf
and tf_snprintf will replace them in the next patch.
Change-Id: I978414ac169cc3156e249549ef101a70eb31a295
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
sscanf() is unused and it doesn't work, so it doesn't make sense to
keep it.
timingsafe_bcmp() isn't used anywhere.
Change-Id: Ib5d28ff21d0f3ccc36c5c0fb5474b3384105cf80
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Remove all files that don't have only Arm copyright. This is the first
step to cleanup the C library in this repository. They will be re-added
in the following patches.
Change-Id: I72c40a1620d1df3228fc397ec695d569a20245fd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
These changes address most of the required MISRA rules. In the process,
some from generic code is also fixed.
No functional changes.
Change-Id: I76cacf6e1d73b09510561b5090c2bb66d81bec88
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Memory Partitioning And Monitoring is an Armv8.4 feature that enables
various memory system components and resources to define partitions.
Software running at various ELs can then assign themselves to the
desired partition to control their performance aspects.
With this patch, when ENABLE_MPAM_FOR_LOWER_ELS is set to 1, EL3 allows
lower ELs to access their own MPAM registers without trapping to EL3.
This patch however doesn't make use of partitioning in EL3; platform
initialisation code should configure and use partitions in EL3 if
required.
Change-Id: I5a55b6771ccaa0c1cffc05543d2116b60cbbcdcd
Co-authored-by: James Morse <james.morse@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch uses the 'declare_cpu_ops_wa' macro, to set the check function,
to report that Denver cores are mitigated.
Denver cores are vulnerable to this anomaly and require the mitigation to
be enabled always.
Change-Id: I1bb6eefdec8c01fb8b645e112f8d04d4bb8811ef
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
If the system is in near idle conditions, this erratum could cause a
deadlock or data corruption. This patch applies the workaround that
prevents this.
This DSU erratum affects only the DSUs that contain the ACP interface
and it was fixed in r2p0. The workaround is applied only to the DSUs
that are actually affected.
Link to respective Arm documentation:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm138168/index.html
Change-Id: I033213b3077685130fc1e3f4f79c4d15d7483ec9
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The translation library is useful elsewhere. Even though this repository
doesn't exercise the EL2 support of the library, it is better to have it
here as well to make it easier to maintain.
enable_mmu_secure() and enable_mmu_direct() have been deprecated. The
functions are still present, but they are behind ERROR_DEPRECATED and
they call the new functions enable_mmu_svc_mon() and
enable_mmu_direct_svc_mon().
Change-Id: I13ad10cd048d9cc2d55e0fff9a5133671b67dcba
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
During cold boot, the initial translation tables are created with data
caches disabled, so all modifications go to memory directly. After the
MMU is enabled and data cache is enabled, any modification to the tables
goes to data cache, and eventually may get flushed to memory.
If CPU0 modifies the tables while CPU1 is off, CPU0 will have the
modified tables in its data cache. When CPU1 is powered on, the MMU is
enabled, then it enables coherency, and then it enables the data cache.
Until this is done, CPU1 isn't in coherency, and the translation tables
it sees can be outdated if CPU0 still has some modified entries in its
data cache.
This can be a problem in some cases. For example, the warm boot code
uses only the tables mapped during cold boot, which don't normally
change. However, if they are modified (and a RO page is made RW, or a XN
page is made executable) the CPU will see the old attributes and crash
when it tries to access it.
This doesn't happen in systems with HW_ASSISTED_COHERENCY or
WARMBOOT_ENABLE_DCACHE_EARLY. In these systems, the data cache is
enabled at the same time as the MMU. As soon as this happens, the CPU is
in coherency.
There was an attempt of a fix in psci_helpers.S, but it didn't solve the
problem. That code has been deleted. The code was introduced in commit
<264410306381> ("Invalidate TLB entries during warm boot").
Now, during a map or unmap operation, the memory associated to each
modified table is flushed. Traversing a table will also flush it's
memory, as there is no way to tell in the current implementation if the
table that has been traversed has also been modified.
Change-Id: I4b520bca27502f1018878061bc5fb82af740bb92
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Changed the names for consistency with the rest of the library. Introduced
new helpers that manipulate the active translation tables context.
Change-Id: Icaca56b67fcf6a96e88aa3c7e47411162e8e6856
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Romlib is a new image that is stored in ROM and contains the code of
several libraries that can be shared between different images. All
the functions within in the library are accessed using a jump table
which allows to update the romlib image whithout changing the binary
compatibility. This jump table can be also stored in RAM and it can
allow to patch a romlib with potential bugs fixes..
Change-Id: If980ccdaca24b7aaca900e32acc68baf6f94ab35
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
We had exit but we didn't have atexit, and we were calling panic and
tf_printf from exit, which generated a dependency from exit to them.
Having atexit allows to set a different function pointer in every image.
Change-Id: I95b9556d680d96249ed3b14da159b6f417da7661
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
TF Makefile was linking all the objects files generated for the
c library instead of creating a static library that could be
used in the linking stage.
Change-Id: I721daea097e9b13cbb42c9f8eaa2af8fea0799cf
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
TF Makefile was linking all the objects files generated for the
fdt library instead of creating a static library that could be
used in the linking stage.
Change-Id: If3705bba188ec39e1fbf2322a7f2a9a941e1b90d
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Antonio Nino Diaz
Sathees Balya
Soby Mathew
Jeenu Viswambharan
Joel Hutton
Sandrine Bailleux
Andrew F. Davis
ldts
Daniel Boulby
Roberto Vargas
Varun Wadekar
Dimitris Papastamos
Julius Werner
nathan-menhorn
John Tsichritzis