Usually, C has no problem up-converting types to larger bit sizes. MISRA
rule 10.7 requires that you not do this, or be very explicit about this.
This resolves the following required rule:
bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
0x3c0U" (32 bits) is less that the right hand operand
"18446744073709547519ULL" (64 bits).
This also resolves MISRA defects such as:
bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
In the expression "3U << 20", shifting more than 7 bits, the number
of bits in the essential type of the left expression, "3U", is
not allowed.
Further, MISRA requires that all shifts don't overflow. The definition of
PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
This fixes the violation by changing the definition to 1UL << 12. Since
this uses 32bits, it should not create any issues for aarch32.
This patch also contains a fix for a build failure in the sun50i_a64
platform. Specifically, these misra fixes removed a single and
instruction,
92407e73 and x19, x19, #0xffffffff
from the cm_setup_context function caused a relocation in
psci_cpus_on_start to require a linker-generated stub. This increased the
size of the .text section and caused an alignment later on to go over a
page boundary and round up to the end of RAM before placing the .data
section. This sectionn is of non-zero size and therefore causes a link
error.
The fix included in this reorders the functions during link time
without changing their ording with respect to alignment.
Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
The WARMBOOT_ENABLE_DCACHE_EARLY allows caches to be turned on early during
the boot. But the xlat_change_mem_attributes_ctx() API did not do the required
cache maintenance after the mmap tables are modified if
WARMBOOT_ENABLE_DCACHE_EARLY is enabled. This meant that when the caches are turned
off during power down, the tables in memory are accessed as part of cache
maintenance for power down, and the tables are not correct at this point which
results in a data abort.
This patch removes the optimization within xlat_change_mem_attributes_ctx()
when WARMBOOT_ENABLE_DCACHE_EARLY is enabled.
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: I82de3decba87dd13e9856b5f3620a1c8571c8d87
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
All common C compilers pre-define the same macros to signal which
architecture the code is being compiled for: __arm__ for AArch32 (or
earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
to define its own custom macros for this. In order to unify code with
the export headers (which use __aarch64__ to avoid another dependency),
let's deprecate the AARCH32 and AARCH64 macros and switch the code base
over to the pre-defined standard macro. (Since it is somewhat
unintuitive that __arm__ only means AArch32, let's standardize on only
using __aarch64__.)
Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
Signed-off-by: Julius Werner <jwerner@chromium.org>
This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by adding BTI instruction used to mark valid targets
for indirect branches. The patch sets new GP bit [50] to the stage 1
Translation Table Block and Page entries to denote guarded EL3 code
pages which will cause processor to trap instructions in protected
pages trying to perform an indirect branch to any instruction other
than BTI.
BTI feature is selected by BRANCH_PROTECTION option which supersedes
the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
and is disabled by default. Enabling BTI requires compiler support
and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
The assembly macros and helpers are modified to accommodate the BTI
instruction.
This is an experimental feature.
Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
is now made as an internal flag and BRANCH_PROTECTION flag should be
used instead to enable Pointer Authentication.
Note. USE_LIBROM=1 option is currently not supported.
Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This commit reverts the following commits:
- c54c7fc358 ("xlat_tables_v2: print xlat tables without recursion")
- db8cac2d98 ("xlat_tables_v2: unmap region without recursion.")
- 0ffe269215 ("xlat_tables_v2: map region without recursion.")
This was part of PR#1843.
A problem has been detected in one of our test run configurations
involving dynamic mapping of regions and it is blocking the next
release. Until the problem can be solved, it is safer to revert
the changes.
Change-Id: I3d5456e4dbebf291c8b74939c6fb02a912e0903b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch uses an array on stack to save parent xlat table information when
traversing the xlat tables. It keeps exactly same xlat table traversal
order compared to recursive version.
fixesarm-software/tf-issues#664
Signed-off-by: David Pu <dpu@nvidia.com>
Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way: e0ea0928d5 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a2 ("drivers: add tzc380 support").
This problem was introduced in commit 4ecca33988 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.
Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.
Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
tf_printf and tf_snprintf are now called printf and snprintf, so the
code needs to be updated.
Change-Id: Iffeee97afcd6328c4c2d30830d4923b964682d71
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The codebase was using non-standard headers. It is needed to replace
them by the correct ones so that we can use the new libc headers.
Change-Id: I530f71d9510cb036e69fe79823c8230afe890b9d
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The translation library is useful elsewhere. Even though this repository
doesn't exercise the EL2 support of the library, it is better to have it
here as well to make it easier to maintain.
enable_mmu_secure() and enable_mmu_direct() have been deprecated. The
functions are still present, but they are behind ERROR_DEPRECATED and
they call the new functions enable_mmu_svc_mon() and
enable_mmu_direct_svc_mon().
Change-Id: I13ad10cd048d9cc2d55e0fff9a5133671b67dcba
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
During cold boot, the initial translation tables are created with data
caches disabled, so all modifications go to memory directly. After the
MMU is enabled and data cache is enabled, any modification to the tables
goes to data cache, and eventually may get flushed to memory.
If CPU0 modifies the tables while CPU1 is off, CPU0 will have the
modified tables in its data cache. When CPU1 is powered on, the MMU is
enabled, then it enables coherency, and then it enables the data cache.
Until this is done, CPU1 isn't in coherency, and the translation tables
it sees can be outdated if CPU0 still has some modified entries in its
data cache.
This can be a problem in some cases. For example, the warm boot code
uses only the tables mapped during cold boot, which don't normally
change. However, if they are modified (and a RO page is made RW, or a XN
page is made executable) the CPU will see the old attributes and crash
when it tries to access it.
This doesn't happen in systems with HW_ASSISTED_COHERENCY or
WARMBOOT_ENABLE_DCACHE_EARLY. In these systems, the data cache is
enabled at the same time as the MMU. As soon as this happens, the CPU is
in coherency.
There was an attempt of a fix in psci_helpers.S, but it didn't solve the
problem. That code has been deleted. The code was introduced in commit
<264410306381> ("Invalidate TLB entries during warm boot").
Now, during a map or unmap operation, the memory associated to each
modified table is flushed. Traversing a table will also flush it's
memory, as there is no way to tell in the current implementation if the
table that has been traversed has also been modified.
Change-Id: I4b520bca27502f1018878061bc5fb82af740bb92
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Changed the names for consistency with the rest of the library. Introduced
new helpers that manipulate the active translation tables context.
Change-Id: Icaca56b67fcf6a96e88aa3c7e47411162e8e6856
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
xlat_arch_tlbi_va_regime() isn't used, so it has been renamed to
xlat_arch_tlbi_va() and the previous implementation has been removed.
Change-Id: Ic118bed3fb68234748d86b2e9e95b25650289276
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
They only contained one function that is easily integrated in the private
library header and the existing architectural C files.
This also helps making the library more portable, as the Makefile of the
library now doesn't use the variable INCLUDES, which is specific to this
codebase and doesn't respect the namespace of the library.
Change-Id: I22228e6a97e9b4f346f5cd8947609263e8df71d8
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
It is useful to have LOG_LEVEL_VERBOSE because it prints the memory map
of each image, but that also means that the change_mem_attributes and
get_mem_attributes functions have verbose prints, and generate a too
long text output that hides other useful information.
As they were mostly there for debug purposes, this patch removes them.
Change-Id: I2986537377d1f78be2b79cc8a6cf230c380bdb55
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The previous debug output for EL1&0 translation regimes was too verbose,
which makes it hard to read and hides the intent behind the parameters
assigned to each region. This patch simplifies this output and makes the
outputs for EL3 and EL1&0 mostly the same. The difference is that in
EL1&0 it is specified whether the region is exclusively accessible from
EL1 (PRIV) or both EL0 and EL1 (USER).
For example:
MEM-RW(PRIV)-NOACCESS(USER)-XN(PRIV)-XN(USER)-S
MEM-RO(PRIV)-NOACCESS(USER)-EXEC(PRIV)-EXEC(USER)-S
After the change, it becomes this:
MEM-RW-XN-PRIV-S
MEM-RO-EXEC-PRIV-S
Change-Id: I15f4b99058429d42107fbf89e15f4838a9b559a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Instead of having one big file with all the code, it's better to have
a few smaller files that are more manageable:
- xlat_tables_core.c: Code related to the core functionality of the
library (map and unmap regions, initialize xlat context).
- xlat_tables_context.c: Instantiation of the active image context
as well as APIs to manipulate it.
- xlat_tables_utils.c: Helper code that isn't part of the core
functionality (change attributes, debug print messages).
Change-Id: I3ea956fc1afd7473c0bb5e7c6aab3b2e5d88c711
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Jimmy Brisson
Artsem Artsemenka
Julius Werner
Alexei Fedorov
Antonio Nino Diaz
David Pu