Leave the caches on and explicitly flush any data that
may be stale when the core is powered down. This prevents
non-coherent interconnect access which has negative side-
effects on AM65x.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Some platforms can only resume from system suspend from the boot
CPU, hence they should only enter that state from that same core.
The following commit presents an interface that allows the platform to
reject system suspend entry near its very last stage (last CPU).
When a platform enables its caches before it accesses the
psci_non_cpu_pd_nodes structure then explicit cache maintenance
is not needed.
Signed-off-by: Andrew F. Davis <afd@ti.com>
The MMU is not disabled in this path, update the comment to
reflect this. Also clarify that both paths call prepare_cpu_pwr_dwn(),
but the second path does stack cache maintenance.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Commit 79621f0038 broke sgi575.
It is possible to have a region with 0 as value for the attributes. It
means device memory, read only, secure, executable. This is legitimate
if the code is in flash and the code is executed from there.
This is the case for SGI_MAP_FLASH0_RO, defined in the file
plat/arm/css/sgi/sgi_plat.c.
This problem is solved by checking both size and attributes in xlat v1.
In xlat v2, it is enough to check the granularity, as it can never be 0.
Change-Id: I7be11f1b0e51c4c2ffd560b4a6cdfbf15de2c276
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Mark the xlat tables code only used in BL31 initialization as
__init to be reclaimed once no longer needed
Change-Id: I3106bfd994706a57c578624573bcfa525fbbd3c4
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Mark the initialization functions in BL31, such as context management,
EHF, RAS and PSCI as __init so that they can be reclaimed by the
platform when no longer needed
Change-Id: I7446aeee3dde8950b0f410cb766b7a2312c20130
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Depending on the build flags it is possible that some of the memory
regions mapped in page table setup could have a size of 0. In this
case we simply want to do nothing but still wish to map the other
regions in the array. Therefore we cannot only use size == 0 as
the termination logic for the loop.
Since an attributes field with value 0 means that the region is
device memory, read only, secure and executable. Device memory
can't be executable, so this combination should never be used
and it is safe to use as a terminator value.
Therefore by changing the termination logic to use attributes
instead of size we prevent terminating the loop when we don't
intend to.
Change-Id: I92fc7f689ab08543497be6be4896dace2ed7b66a
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Ensure case clauses:
* Terminate with an unconditional break, return or goto statement.
* Use conditional break, return or goto statements as long as the end
of the case clause is unreachable; such case clauses must terminate
with assert(0) /* Unreachable */ or an unconditional __dead2 function
call
* Only fallthough when doing otherwise would result in less
readable/maintainable code; such case clauses must terminate with a
/* Fallthrough */ comment to make it clear this is the case and
indicate that a fallthrough is intended.
This reduces the chance of bugs appearing due to unintended flow through a
switch statement
Change-Id: I70fc2d1f4fd679042397dec12fd1982976646168
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
This patch fixes the name of the Cortex-ares errata function which was
previously named `cortex_a72_errata_report` which was an error.
Change-Id: Ia124df4628261021baa8d9a30308bc286d45712b
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
With the current implementation, it's possible for a contender to
observe accesses in the Critical Section before acquiring or releasing
the lock. Insert fencing in the locking and release codes to prevent any
reorder.
FixesARM-software/tf-issues#609
Change-Id: I773b82aa41dd544a2d3dbacb9a4b42c9eb767bbb
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
For Denver CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.
This approach permanently mitigates the EL3 software stack only. Other
software components are responsible to enable it for their exception
levels.
TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN3
and earlier:
* By setting bit 11 (Disable speculative store buffering) of
`ACTLR_EL3`
* By setting bit 9 (Disable speculative memory disambiguation) of
`ACTLR_EL3`
TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN4
and later:
* By setting bit 18 (Disable speculative store buffering) of
`ACTLR_EL3`
* By setting bit 17 (Disable speculative memory disambiguation) of
`ACTLR_EL3`
Change-Id: If1de96605ce3f7b0aff5fab2c828e5aecb687555
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Denver CPUs expect the power state field to be reset to 'C1'
during boot. This patch updates the reset handler to reset the
ACTLR_.PMSTATE field to 'C1' state during CPU boot.
Change-Id: I7cb629627a4dd1a30ec5cbb3a5e90055244fe30c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The current functions to disable and enable Dynamic Code Optimizer
(DCO) assume that all denver cores are in the same cluster. They
ignore AFF1 field of the mpidr_el1 register, which leads to
incorect logical core id calculation.
This patch calls the platform handler, plat_my_core_pos(), to get
the logical core id to disable/enable DCO for the core.
Original change by: Krishna Sitaraman <ksitaraman@nvidia.com>
Change-Id: I45fbd1f1eb032cc1db677a4fdecc554548b4a830
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
When any of these functions is called the backtrace will be printed to
the console.
Change-Id: Id60842df824b320c485a9323ed6b80600f4ebe35
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch fixes a bug in the context management code that causes it to
ignore the HANDLE_EA_EL3_FIRST compile-time option and instead always
configure SCR_EL3 to force all external aborts to trap into EL3. The
code used #ifdef to read compile-time option declared with add_define in
the Makefile... however, those options are always defined, they're just
defined to either 0 or 1, so #if is the correct syntax to check for
them. Also update the documentation to match.
This bug has existed since the Nov 2017 commit 76454abf4 (AArch64:
Introduce External Abort handling), which changed the
HANDLE_EA_EL3_FIRST option to use add_define.
Change-Id: I7189f41d0daee78fa2fcf4066323e663e1e04d3d
Signed-off-by: Julius Werner <jwerner@chromium.org>
Updated optee_utils.c to fixARM-software/tf-issues#603 related to the
tee-validate-header bug.
Minor updates to the header valid checking logic. It would never make
sense to have less than 1 image to load so this is now checked.
Changed OPTEE_MAX_IMAGE_NUM to OPTEE_MAX_NUM_IMAGES to clarify its
definition. OPTEE_MAX_IMAGE_NUM sounds like an ID assigned to the last
image to load. OPTEE_MAX_NUM_IMAGES sounds like the maximum number of
images to load.
Signed-off-by: Nathan Menhorn <nathan.menhorn@xilinx.com>
The initial implementation was corrupting registers that it shouldn't.
Now this is fixed.
Change-Id: Iaa407c18e668b2d9381391bf10d6876fe936aded
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
armclang replaces calls to printf by calls to one of the symbols
__0printf, __1printf or __2printf. This patch adds new functions with
these names that internally call printf so that the Trusted Firmware can
be compiled with this compiler.
Change-Id: I06a0e3e5001232fe5b2577615666ddd66e81eef0
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
tf_printf and tf_snprintf are now called printf and snprintf, so the
code needs to be updated.
Change-Id: Iffeee97afcd6328c4c2d30830d4923b964682d71
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Change their names to printf and snprintf. They are much smaller than
the previous versions we had, which makes them better suited for the
Trusted Firmware.
Change-Id: Ia872af91b7b967c47fce012eccecede7873a3daf
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The codebase was using non-standard headers. It is needed to replace
them by the correct ones so that we can use the new libc headers.
Change-Id: I530f71d9510cb036e69fe79823c8230afe890b9d
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Remove code specific to FreeBSD so that they can be used in this
repository.
Change-Id: I5c11eb5b3c05a7fb91aed08371a1f7a0e6122a94
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The existing files had some style problems that this patch fixes.
Change-Id: I794e0d96e52f8da0ffa0d70a41f36c4432b4e563
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
They are too big for the Trusted Firmware, and it can be confusing to
have two versions of the same functions with different names. tf_printf
and tf_snprintf will replace them in the next patch.
Change-Id: I978414ac169cc3156e249549ef101a70eb31a295
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
sscanf() is unused and it doesn't work, so it doesn't make sense to
keep it.
timingsafe_bcmp() isn't used anywhere.
Change-Id: Ib5d28ff21d0f3ccc36c5c0fb5474b3384105cf80
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Remove all files that don't have only Arm copyright. This is the first
step to cleanup the C library in this repository. They will be re-added
in the following patches.
Change-Id: I72c40a1620d1df3228fc397ec695d569a20245fd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
These changes address most of the required MISRA rules. In the process,
some from generic code is also fixed.
No functional changes.
Change-Id: I76cacf6e1d73b09510561b5090c2bb66d81bec88
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Memory Partitioning And Monitoring is an Armv8.4 feature that enables
various memory system components and resources to define partitions.
Software running at various ELs can then assign themselves to the
desired partition to control their performance aspects.
With this patch, when ENABLE_MPAM_FOR_LOWER_ELS is set to 1, EL3 allows
lower ELs to access their own MPAM registers without trapping to EL3.
This patch however doesn't make use of partitioning in EL3; platform
initialisation code should configure and use partitions in EL3 if
required.
Change-Id: I5a55b6771ccaa0c1cffc05543d2116b60cbbcdcd
Co-authored-by: James Morse <james.morse@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch uses the 'declare_cpu_ops_wa' macro, to set the check function,
to report that Denver cores are mitigated.
Denver cores are vulnerable to this anomaly and require the mitigation to
be enabled always.
Change-Id: I1bb6eefdec8c01fb8b645e112f8d04d4bb8811ef
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
If the system is in near idle conditions, this erratum could cause a
deadlock or data corruption. This patch applies the workaround that
prevents this.
This DSU erratum affects only the DSUs that contain the ACP interface
and it was fixed in r2p0. The workaround is applied only to the DSUs
that are actually affected.
Link to respective Arm documentation:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm138168/index.html
Change-Id: I033213b3077685130fc1e3f4f79c4d15d7483ec9
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>