There is no guarantee on the signedness of char. It can be either
signed or unsigned. On ARM it is unsigned and hence this memcmp()
implementation works as intended.
On other machines, char can be signed (x86 for example). In that case
(and assuming a 2's complement implementation), interpreting a
bit-pattern of 0xFF as signed char can yield -1. If *s1 is 0 and *s2
is 255 then the difference *s1 - *s2 should be negative. The C
integer promotion rules guarantee that the unsigned chars will be
converted to int before the operation takes place. The current
implementation will return a positive value (0 - (-1)) instead, which
is wrong.
Fix it by changing the signedness to unsigned to avoid surprises for
anyone using this code on non-ARM systems.
Change-Id: Ie222fcaa7c0c4272d7a521a6f2f51995fd5130cc
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
The AArch32 Procedure call Standard mandates that the stack must be aligned
to 8 byte boundary at external interfaces. This patch does the required
changes.
This problem was detected when a crash was encountered in
`psci_print_power_domain_map()` while printing 64 bit values. Aligning
the stack to 8 byte boundary resolved the problem.
FixesARM-Software/tf-issues#437
Change-Id: I517bd8203601bb88e9311bd36d477fb7b3efb292
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The capabilities exposed by the PSCI generic layer depends on the hooks
populated by the platform in `plat_arm_psci_pm_ops`. Currently ARM
Standard platforms statically define this structure. However, some
platforms may want to modify the hooks at runtime before registering
them with the generic layer.
This patch introduces a new ARM platform layer API
`plat_arm_psci_override_pm_ops` which allows the platform to probe
the power controller and modify `plat_arm_psci_pm_ops` if required.
Consequently, 'plat_arm_psci_pm_ops' is no longer qualified as
`const` on ARM Standard platforms.
Change-Id: I7dbb44b7bd36c20ec14ded5ee45a96816ca2ab9d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch introduces an additional layer of abstraction between
CSS power management hooks and the SCPI driver. A new set of APIs
are introduced in order to abstract out power management operations
from underlying communication mechanism with the SCP.
The SCPI and the associated MHU drivers are moved into a `drivers`
folder in CSS. The new SCP communication abstraction layer is added
in the `drivers/scp` folder. The existing CSS power management
uses the new APIs to reflect this abstraction.
Change-Id: I7d775129fc0558e9703c2724523fb8f0a916838c
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
There are many instances in ARM Trusted Firmware where control is
transferred to functions from which return isn't expected. Such jumps
are made using 'bl' instruction to provide the callee with the location
from which it was jumped to. Additionally, debuggers infer the caller by
examining where 'lr' register points to. If a 'bl' of the nature
described above falls at the end of an assembly function, 'lr' will be
left pointing to a location outside of the function range. This misleads
the debugger back trace.
This patch defines a 'no_ret' macro to be used when jumping to functions
from which return isn't expected. The macro ensures to use 'bl'
instruction for the jump, and also, for debug builds, places a 'nop'
instruction immediately thereafter (unless instructed otherwise) so as
to leave 'lr' pointing within the function range.
Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Additionally, remove the -o option for the create command
as it is not supported.
Change-Id: I27993a6fc5e3b0b9710e2ec5322e4296bc87d0df
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
This patch resets EL2 and EL3 registers that have architecturally
UNKNOWN values on reset and that also provide EL2/EL3 configuration
and trap controls.
Specifically, the EL2 physical timer is disabled to prevent timer
interrups into EL2 - CNTHP_CTL_EL2 and CNTHP_CTL for AArch64 and AArch32,
respectively.
Additionally, for AArch64, HSTR_EL2 is reset to avoid unexpected traps of
non-secure access to certain system registers at EL1 or lower.
For AArch32, the patch also reverts the reset to SDCR which was
incorrectly added in a previous change.
Change-Id: If00eaa23afa7dd36a922265194ccd6223187414f
Signed-off-by: David Cunado <david.cunado@arm.com>
C99 restricts bitfields type is signed and unsigned integer or _Bool.
See section 6.7.2.1 Structure and union specifiers.
"A bit-field shall have a type that is a qualified or unqualified version
of _Bool, signed int, unsigned int, or some other implementation-defined type."
Since the compiler packs bitfields anyways, actual data layout in the structure is unaffected.
Signed-off-by: Alex Nemirovsky <alex.nemirovsky@cortina-access.com>
This patch makes following miscellaneous fixes:
* pl011_console.S: Fixed the bit mask used to check if the
transmit FIFO is full or empty.
* smcc_macros.S: Added `_fsxc` suffix while updating the SPSR.
By default the assembler assumes `_fc` suffix which does not
update all the fields in SPSR. By adding `_fsxc` suffix all
the fields gets updated.
* platform_helpers.S: Removed the weak definition for
`plat_my_core_pos()` as this is a mandatory function which
needs to be defined by all platforms.
Change-Id: I8302292533c943686fff8d7c749a07132c052a3b
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
Add a debug assertion in the initialization function of Trusty's SPD
to check for the presence of Trusty. If Trusty is absent then the SPD's
setup function already detects it and returns an error code so the init
function will never been called. Therefore, a debug assertion is enough
to catch this improbable error case.
Change-Id: Id20013e9291cdeef7827b919de2a22455f6cd9f9
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
When loading and authenticating an image, all parent images must also
be authenticated. The parent images are just certificates that don't
need to be used by any other CPU except the one loading the image, and
so there is no need to flush the cache of memory regions where they
are loaded.
Change-Id: Ice8d6979d1c02eabf1a543281ae1a07d098e4a99
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Commit b91d935fee
("Add CFI debug frame information for ASM functions") modifies the
assembly macros 'func' and 'endfunc' to include CFI debug frame
information.
The rockchip platform uses a custom version of the 'func' macro with the
common 'endfunc' macro. The custom macro wasn't updated in
b91d935fee resulting in the following
build error:
plat/rockchip/rk3399/drivers/pmu/plat_pmu_macros.S: Assembler messages:
plat/rockchip/rk3399/drivers/pmu/plat_pmu_macros.S:155: Error: .cfi_endproc without corresponding .cfi_startproc
Makefile:532: recipe for target 'build/rk3399/release/bl31/plat_helpers.o' failed
make: *** [build/rk3399/release/bl31/plat_helpers.o] Error 1
Fixing this by updating the sram_func macro in the rk3399 port.
Fixes: b91d935fee ("Add CFI debug frame information for ASM functions")
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
This patch fixes the following coding style error reported
by the checkpatch.pl script:
Bad function definition - void el3_exit() should probably
be void el3_exit(void)
There is another one but it's a false positive so there's no
point in fixing it:
space prohibited after that '&' (ctx:WxW)
+#define SMC_NR(entity, fn, fastcall, smc64) ((((fastcall) & 0x1) << 31) | \
^
Change-Id: I34de0337c7216dabd16395879f13845a60ee6df0
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
In release builds, the Trusty SPD fails to build because of an unused
variable. Note that this warning message doesn't show in debug builds
because INFO() messages are not compiled out like in release mode.
This patch fixes this issue by removing this variable and using its
value in place directly in the INFO() macro call.
Change-Id: I1f552421181a09412315eef4eaca586012022018
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Add dependency information in the user guide for ARM_RECOM_STATE_ID_ENC
that needs to be set when using PSCI_EXTENDED_STATE_ID on ARM
platforms. Also clarify the build error message.
Change-Id: Id125a0299b179f5f222bca4e2503204bf89a3c59
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
This patch fixes an issue in the normal memory bakery lock
implementation. During assertion of lock status, there is a possibility
that the assertion could fail. This is because the previous update done
to the lock status by the owning CPU when not participating in cache
coherency could result in stale data in the cache due to cache maintenance
operations not propagating to all the caches. This patch fixes this issue
by doing an extra read cache maintenance operation prior to the assertion.
FixesARM-software/tf-issues#402
Change-Id: I0f38a7c52476a4f58e17ebe0141d256d198be88d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This allows the debugger to print the callstack when there is an
assembly function in the callstack.
It will work as long as the CFA pointer (frame pointer) location is not
modified (i.e. x29 is not touched in AArch64 state). It is the case in
almost all assembly functions, so this patch improves the average
debugging experience. Call stacks from the debugger should still be
interpreted with care. In more complex functions, one could use .cfi*
directives to inform the debugger about the new location of the CFA
pointer.
Change-Id: I9dabfbc033b45e8528e67f4823c17de7bf02fa24
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
The API description currently states that interrupt handlers
(interrupt_type_handler_t pointers) SHOULD return a pointer
to the target cpu_context.
This patch rewords the description of the interrupts handlers to state
that it MUST return a pointer to the target security context. It also
warns about potential portability issue. Specifically, this pointer is
not used on AArch64 and calls to context library APIs must be used to
ask BL31 to return to a specific context. However, this could change in
the future and interrupt handlers must always return the pointer.
Change-Id: I3f82a046de4d7a5b51a8cbebe7eb2a00dbbdb4f0
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
The callback IRQ is delivered to the NS OS. Provide an interface to
allow the NS OS to obtain the callback data from the secure HW.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
The IPI hardware is secure and managed by ATF, nevertheless we deliver
the IRQ to the rich OS. The IRQ is needed to receive PM callbacks.
Enable the IPI interrupt when the rich OS probes the API version.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Use the PMUFW get_chipid call to obtain IDCODE and version register.
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
On ZynqMP the FSBL will configure the system counter. Hence, remove the
initialization of the system counter with hardcoded values from the ATF
and use the setup provided by the bootloader.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
The silicon ID does not change at runtime. Skip the IO access if the
ID has been read before.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
danh-arm
dp-arm
Soby Mathew
Jeenu Viswambharan
David Cunado
Qixiang.Xu
Yatharth Kochar
Sandrine Bailleux
Antonio Nino Diaz
Soren Brinkmann
Douglas Raillard