Manish Pandey [Thu, 19 Jan 2023 17:19:50 +0000 (18:19 +0100)]
Merge changes from topic "feat_state_rework" into integration
* changes:
feat(fvp): enable FEAT_HCX by default
refactor(context-mgmt): move FEAT_HCX save/restore into C
refactor(cpufeat): convert FEAT_HCX to new scheme
feat(fvp): enable FEAT_FGT by default
refactor(context-mgmt): move FEAT_FGT save/restore code into C
refactor(amu): convert FEAT_AMUv1 to new scheme
refactor(cpufeat): decouple FGT feature detection and build flags
refactor(cpufeat): check FEAT_FGT in a new way
refactor(cpufeat): move helpers into .c file, rename FEAT_STATE_
feat(aarch64): make ID system register reads non-volatile
Waleed Elmelegy [Mon, 16 Jan 2023 15:10:38 +0000 (15:10 +0000)]
fix(plat/css): fix invalid redistributor poweroff
Commit 4d8c18196378824e388cf31ef991ba8fbbb09cbf
introduced an invalid redistributor power off
where we turn off the redistributor without
checking if the system power domain level is
turning off, otherwise we can turn off a
redistributor when other cores or clusters are
sharing it, also if it does indeed needs
powering off during suspend we do it twice.
This change fixes this by checking on the
system power state first then turning off
the redistributor.
Manish Pandey [Wed, 18 Jan 2023 11:06:11 +0000 (12:06 +0100)]
Merge changes from topic "mtk_spm" into integration
* changes:
refactor(mediatek): add new LPM API for further extension
refactor(mediatek): change the parameters of LPM API
refactor(mediatek): change LPM header file path for further extension
feat(mt8188): keep infra and peri on when system suspend
feat(mt8188): enable SPM and LPM
feat(mt8188): add SPM feature support
feat(mt8188): add MT8188 SPM support
feat(mediatek): add SPM's SSPM notifier
feat(mt8188): add the register definitions accessed by SPM
feat(mediatek): add new features of LPM
Michal Simek [Wed, 18 Jan 2023 07:55:20 +0000 (08:55 +0100)]
fix(zynqmp): fix xck24 silicon ID
Origin ID code has changed from origin description. After receiving part
new ID code come up that's why fix it. The origin ID code has been added
by commit 86869f99d0c1 ("feat(zynqmp): add support for xck24 silicon").
Change-Id: I727bfe43fd7ef9e604f63bde5fa37fa3666db8c4 Signed-off-by: Michal Simek <michal.simek@amd.com>
Manish Pandey [Tue, 17 Jan 2023 16:43:29 +0000 (17:43 +0100)]
Merge changes from topic "st_dt_update" into integration
* changes:
refactor(stm32mp15-fdts): remove unused PMIC nodes
fix(stm32mp15-fdts): use interrupts-extended for i2c2
style(stm32mp15-fdts): remove extra spaces on vbus
Merge changes from topic "ti-k3-checks-and-refactor" into integration
* changes:
fix(ti): fix typo in boot authentication message name
refactor(ti): remove empty validate_ns_entrypoint function
refactor(ti): use console_set_scope() rather than empty function hack
refactor(ti): factor out common board code into common files
feat(ti): add PSCI system_off support
feat(ti): do not handle EAs in EL3
feat(ti): set snoop-delayed exclusive handling on A72 cores
feat(ti): disable L2 dataless UniqueClean evictions
feat(ti): set L2 cache ECC and and parity on A72 cores
feat(ti): set L2 cache data ram latency on A72 cores to 4 cycles
Manish Pandey [Mon, 16 Jan 2023 15:44:17 +0000 (16:44 +0100)]
Merge changes from topic "refactor_st_common" into integration
* changes:
refactor(st): move board info in common code
refactor(st): move GIC code to common directory
refactor(st): move boot backup register management
Andrew Davis [Tue, 27 Sep 2022 12:13:21 +0000 (07:13 -0500)]
feat(ti): do not handle EAs in EL3
This could be useful if we had extra information to print or
when RAS extensions are available, neither apply here so lets
not trap these in EL3 for now.
Signed-off-by: Andrew Davis <afd@ti.com>
Change-Id: Ia0334eb845686964e794afe45c7777ea64fd6b0b
Andrew Davis [Thu, 12 Jan 2023 15:32:33 +0000 (09:32 -0600)]
feat(ti): set snoop-delayed exclusive handling on A72 cores
Snoop requests should not be responded to during atomic operations. This
can be handled by the interconnect using its global monitor or by the
core's SCU delaying to check for the corresponding atomic monitor state.
TI SoCs take the second approach. Set the snoop-delayed exclusive handling
bit to inform the core it needs to delay responses to perform this check.
As J784s4 is currently the only SoC with multiple A72 clusters, limit
this delay to only that device.
Signed-off-by: Andrew Davis <afd@ti.com>
Change-Id: I875f64e4f53d47a9a0ccbf3415edc565be7f84d9
Andrew Davis [Tue, 10 Jan 2023 19:14:37 +0000 (13:14 -0600)]
feat(ti): set L2 cache data ram latency on A72 cores to 4 cycles
The Cortex-A72 based cores on K3 platforms can be clocked fast
enough that an extra latency cycle is needed to ensure correct
L2 access. Set the latency here for all A72 cores.
Signed-off-by: Andrew Davis <afd@ti.com>
Change-Id: I639091dd0d2de09572bf0f73ac404e306e336883
Tony K Nadackal [Wed, 24 Nov 2021 16:09:26 +0000 (16:09 +0000)]
feat(rdn2): add platform id value for rdn2 variant 3
The RD-N2-Cfg3 platform is a variant of the RD-N2 platform with the
significant difference being the number of ITS blocks and the use of a
different part number.
Signed-off-by: Tony K Nadackal <tony.nadackal@arm.com>
Change-Id: Id4c5faeae44f21da79cb59540558192d0b02b124
Tony K Nadackal [Sat, 12 Nov 2022 23:21:20 +0000 (23:21 +0000)]
refactor(rdn2): reduce use of CSS_SGI_PLATFORM_VARIANT build flag
The core count is one of the significant difference between the various
RD-N2 platform variants. The PLAT_ARM_CLUSTER_COUNT macro defines the
number of core/cluster for a variant. In preparation to add another
variant of RD-N2 platform, replace the use of CSS_SGI_PLATFORM_VARIANT
build flag, where applicable, with the PLAT_ARM_CLUSTER_COUNT macro.
This helps to reduce the changes required to add support for a new
variant.
Signed-off-by: Tony K Nadackal <tony.nadackal@arm.com>
Change-Id: I89b168308d1b5f7edd402205dd25d6c3a355e100
Joanna Farley [Thu, 12 Jan 2023 10:11:28 +0000 (11:11 +0100)]
Merge changes from topic "fix-power-up-dwn-issue" into integration
* changes:
fix(versal-net): enable wake interrupt during client suspend
fix(versal-net): disable wakeup interrupt during client wakeup
fix(versal-net): clear power down bit during wakeup
fix(versal-net): fix setting power down state
fix(versal-net): clear power down interrupt status before enable
fix(versal-net): resolve misra rule 20.7 warnings
fix(versal-net): resolve misra 10.6 warnings
Bipin Ravi [Thu, 22 Dec 2022 20:19:59 +0000 (14:19 -0600)]
fix(cpus): workaround for Cortex-X2 erratum 2282622
Cortex-X2 erratum 2282622 is a Cat B erratum that applies to
all revisions <=r2p1 and is still open. The workaround is to set
CPUACTLR2_EL1[0] to 1 to force PLDW/PFRM ST to behave like
PLD/PRFM LD and not cause invalidations to other PE caches.
Andre Przywara [Thu, 10 Nov 2022 14:42:07 +0000 (14:42 +0000)]
feat(fvp): enable FEAT_HCX by default
FEAT_HCX is one of the features for which Linux necessarily requires EL3
enablement, when the feature is present on a PE.
To cover the effect of different FVP command line parameters, include
the feature into the standard FVP build, but use FEAT_STATE_CHECK, to
always do runtime checks before accessing feature specific registers.
This prevents a Linux crash when the FVP is called with FEAT_HCX
enabled.
Change-Id: I01aaed15c5a6850176d092b2f0157744fe0a9e13 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Tue, 15 Nov 2022 11:45:19 +0000 (11:45 +0000)]
refactor(context-mgmt): move FEAT_HCX save/restore into C
At the moment we save and restore the HCRX_EL2 register in assembly, and
just depend on the build time flags.
To allow runtime checking, and to avoid too much code in assembly, move
that over to C, and use the new combined build/runtime feature check.
This also allows to drop the assert, since this should now be covered by
the different FEAT_STATE_x options.
Change-Id: I3e20b9ba17121d423cd08edc20bbf4e7ae7c0178 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Thu, 10 Nov 2022 14:42:07 +0000 (14:42 +0000)]
feat(fvp): enable FEAT_FGT by default
FEAT_FGT is one of the features for which Linux necessarily requires EL3
enablement, when the feature is present on a PE.
To cover the effect of different FVP command line parameters, include
the feature into the standard FVP build, but use FEAT_STATE_CHECK, to
always do runtime checks before accessing feature specific registers.
This prevents a Linux crash when the FVP is called with FEAT_FGT
enabled.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I55fbb2706aefbc3ab67c476e3f8b6ea74ae0d66c
Andre Przywara [Thu, 10 Nov 2022 14:40:37 +0000 (14:40 +0000)]
refactor(context-mgmt): move FEAT_FGT save/restore code into C
At the moment we do the EL2 context save/restore sequence in assembly,
where it is just guarded by #ifdef statement for the build time flags.
This does not cover the FEAT_STATE_CHECK case, where we need to check
for the runtime availability of a feature.
To simplify this extension, and to avoid writing too much code in
assembly, move that sequence into C: it is called from C context
anyways.
This protects the C code with the new version of the is_xxx_present()
check, which combines both build time and runtime check, as necessary,
and allows the compiler to optimise the calls aways, if we don't need
them.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I7c91bec60efcc00a43429dc0381f7e1c203be780
Andre Przywara [Thu, 10 Nov 2022 14:41:07 +0000 (14:41 +0000)]
refactor(amu): convert FEAT_AMUv1 to new scheme
For the FGT context save/restore operation, we need to look at the AMUv1
feature, so migrate this one over to the new scheme.
This uses the generic check function in feat_detect.c, and splits the
feature check into two functions, as was done before for FEAT_FGT.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I95ad797f15001b2c9d1800c9d4af33fba79e136f
Andre Przywara [Thu, 10 Nov 2022 14:28:01 +0000 (14:28 +0000)]
refactor(cpufeat): decouple FGT feature detection and build flags
Split the feature check for FEAT_FGT into two parts:
- A boolean function that just evaluates whether the feature is usable.
This takes build time flags into account, and only evaluates the CPU
feature ID registers when the flexible FEAT_STATE_CHECK method is
used.
- A "raw" function that returns the unfiltered CPU feature ID register.
Change the callers where needed, to give them the version they actually
want.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I9a041132d280451f5d9f653a62904f603b2a916d
Andre Przywara [Mon, 14 Nov 2022 15:42:44 +0000 (15:42 +0000)]
refactor(cpufeat): check FEAT_FGT in a new way
To implement proper runtime checking of features, and to be able to
extend feat_detect.c to catch other cases, rework the FEAT_FGT check to
directly call a generic function instead of providing a trivial specific
one. The #ifdef is moved into the function, and rewritten as a proper C
if statement.
We need to force the compiler to inline that function, otherwise the
optimisation won't work, once we exceed a certain number of callers.
This starts with FEAT_FGT, but all the other features will be moved over
eventually, in separate patches.
For all features checked this way, we delay the panic() until after
every feature has been checked, to list them all during one run.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ic576922ff2c4f8d3c1b87b5843b3626729fe4514
Andre Przywara [Mon, 14 Nov 2022 15:38:58 +0000 (15:38 +0000)]
refactor(cpufeat): move helpers into .c file, rename FEAT_STATE_
The FEATURE_DETECTION functionality had some definitions in a header
file, although they were only used internally in the .c file.
Move them over there, since there are of no interest to other users.
Also use the opportuntiy to rename the less telling FEAT_STATE_[12]
names, and let the "0" case join the game. We use DISABLED, ALWAYS, and
CHECK now, so that the casual reader has some idea what those numbers
are supposed to mean.
feature_panic() becomes "static inline", since disabling all features
makes it unused, so the compiler complains otherwise.
Finally add a new category "cpufeat" to cover CPU feature related
changes.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: If0c8ba91ad22440260ccff383c33bdd055eefbdc
Andre Przywara [Mon, 14 Nov 2022 10:39:48 +0000 (10:39 +0000)]
feat(aarch64): make ID system register reads non-volatile
Our system register access function wrappers are using "volatile"
inline assembly instructions. On the first glance this is a good idea,
since many system registers have side effects, and we don't want the
compiler to optimise or reorder them (what "volatile" prevents).
However this also naturally limits the compiler's freedom to optimise
code better, and those volatile properties don't apply to every type of
system register. One example are the CPU ID registers, which have
constant values, are side-effect free and read-only.
Introduce a new wrapper type that drops the volatile keyword, and use
that for the wrappers instantiating ID register accessors.
This allows the compiler to freely optimise those instructions away, if
their result isn't actually used, which can trigger further
optimisations.
Change-Id: I3c64716ae4f4bf603f0ea57b652bd50bcc67bb0e Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Following macros removed
- handle_async_ea : It duplicates "check_and_unmask_ea" functionality
- check_if_serror_from_EL3: This macro is small and called only once,
replace this macro with instructions at the caller.
get_ext() does not check the return value of the various mbedtls_*
functions, as cert_parse() is assumed to have guaranteed that they will
always succeed. However, it passes the end of an extension as the end
pointer to these functions, whereas cert_parse() passes the end of the
TBSCertificate. Furthermore, cert_parse() does *not* check that the
contents of the extension have the same length as the extension itself.
Before fd37982a19a4a291 ("fix(auth): forbid junk after extensions"),
cert_parse() also does not check that the extension block extends to the
end of the TBSCertificate.
This is a problem, as mbedtls_asn1_get_tag() leaves *p and *len
undefined on failure. In practice, this results in get_ext() continuing
to parse at different offsets than were used (and validated) by
cert_parse(), which means that the in-bounds guarantee provided by
cert_parse() no longer holds.
This patch fixes the remaining flaw by enforcing that the contents of an
extension are the same length as the extension itself.
fix(auth): avoid out-of-bounds read in auth_nvctr()
auth_nvctr() does not check that the buffer provided is long enough to
hold an ASN.1 INTEGER, or even that the buffer is non-empty. Since
auth_nvctr() will only ever read 6 bytes, it is possible to read up to
6 bytes past the end of the buffer.
This out-of-bounds read turns out to be harmless. The only caller of
auth_nvctr() always passes a pointer into an X.509 TBSCertificate, and
all in-tree chains of trust require that the certificate’s signature has
already been validated. This means that the signature algorithm
identifier is at least 4 bytes and the signature itself more than that.
Therefore, the data read will be from the certificate itself. Even if
the certificate signature has not been validated, an out-of-bounds read
is still not possible. Since there are at least two bytes (tag and
length) in both the signature algorithm ID and the signature itself, an
out-of-bounds read would require that the tag byte of the signature
algorithm ID would need to be either the tag or length byte of the
DER-encoded nonvolatile counter. However, this byte must be
(MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) (0x30), which is
greater than 4 and not equal to MBEDTLS_ASN1_INTEGER (2). Therefore,
auth_nvctr() will error out before reading the integer itself,
preventing an out-of-bounds read.
Change-Id: Ibdf1af702fbeb98a94c0c96456ebddd3d392ad44 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Jay Buddhabhatti [Fri, 30 Dec 2022 06:15:19 +0000 (22:15 -0800)]
fix(versal-net): clear power down bit during wakeup
Power down bit and power down interrupt needs to be cleared once core
is wakeup to avoid unnecessary power down events. So disable power down
interrupt and clear power down bit during client wakeup.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I3445991692c441831e4ea8dae112e23b19f185a9
Jay Buddhabhatti [Fri, 30 Dec 2022 05:47:54 +0000 (21:47 -0800)]
fix(versal-net): clear power down interrupt status before enable
Currently power down interrupt status is set by default before its
getting enabled. Because of that Linux is getting crashed since its
triggering interrupt before core goes to WFI state. So clear interrupt
status before enabling power down interrupt.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: Ia8d047b6078a49ab3dbe3e0bf24422357f0138c2
Fix below MISRA violation from versal_net_def.h:
- MISRA Violation: MISRA-C:2012 R.10.6:
- Macro parameter expands into an expression without being wrapped
by parentheses.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: Ie365d24c02bb38163005a3c073642d5c96412e2d
Fix below MISRA violation from versal_net_def.h:
- MISRA Violation: MISRA-C:2012 R.10.6
- The value of a composite expression shall not be assigned to an
object with wider essential type
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I74f8e5d63523f33d245a21f8e4f04d30e40b05e7
Bipin Ravi [Thu, 22 Dec 2022 19:31:46 +0000 (13:31 -0600)]
fix(cpus): workaround for Cortex-A710 erratum 2282622
Cortex-A710 erratum 2282622 is a Cat B erratum that applies to
all revisions <=r2p1 and is still open. The workaround was earlier
applied to all revisions <= r2p0, this patch extends it to r2p1.
This was thought to have been fixed in r2p1 which is not the case.
Rohit Mathew [Tue, 18 Oct 2022 21:57:06 +0000 (22:57 +0100)]
fix(mpam): remove unwanted param for "endfunc" macro
"endfunc" macro is used to mark the end of a function. It takes the
function label as an argument. For el2_sysregs_context_save_mpam
function, "endfunc" has been called with an assumed typo, "func", along
with the function label. Remove this unwanted param to fix the endfunc
call.
Yann Gautier [Fri, 18 Nov 2022 13:04:03 +0000 (14:04 +0100)]
fix(fconf): make struct fconf_populator static
In FCONF_REGISTER_POPULATOR macro, add static for the fconf_populator
struct. This avoids this kind of sparse warning:
plat/st/common/stm32mp_fconf_io.c:181:1: warning:
symbol 'stm32mp_io__populator' was not declared. Should it be static?
Yann Gautier [Fri, 21 Oct 2022 13:31:36 +0000 (15:31 +0200)]
fix(stm32mp15-fdts): use interrupts-extended for i2c2
Update SoC DT file STM32MP151 to use interrupts-extended instead of
interrupts for i2c2. This correct a compilation warning:
build/stm32mp1/debug/fdts/stm32mp157c-ev1-bl2.pre.dts:23.3-26:
Warning (interrupts_property): /soc/i2c@40013000:#interrupt-cells:
size is (28), expected multiple of 12
Yann Gautier [Fri, 21 Oct 2022 09:25:49 +0000 (11:25 +0200)]
style(stm32mp15-fdts): remove extra spaces on vbus
Remove extra spaces before the closing brace of vbus_otg node in
stm32mp157c-ed1 DT file, before the vbus_sw label, and before the
closing brace of vbus_sw node.
Yann Gautier [Wed, 4 Jan 2023 15:46:07 +0000 (16:46 +0100)]
refactor(st): move board info in common code
Create a function stm32_display_board_info() that will display ST
board information, from a parameter taken from OTP fuse. The code
is just moved from STM32MP1 part to common directory.
Yann Gautier [Tue, 6 Aug 2019 15:28:23 +0000 (17:28 +0200)]
refactor(st): move GIC code to common directory
The GIC v2 initialization code could be shared to other ST platforms.
The stm32mp1_gic.c file is then moved to common directory, and renamed
stm32mp_gic.c.
The functions are also prefixed with stm32mp_gic.
This backup register used to pass boot information to BL33, has the
same mapping for ST platforms. Its management can then be moved to
common directory.
Merge changes I794d2927,Ie33205fb,Ifdbe3b4c into integration
* changes:
refactor(auth): do not include SEQUENCE tag in saved extensions
fix(auth): reject junk after certificates
fix(auth): require bit strings to have no unused bits
Merge changes Ia748b6ae,Id8a48e14,Id25ab231,Ie26eed8a,Idf48f716, ... into integration
* changes:
refactor(auth): partially validate SubjectPublicKeyInfo early
fix(auth): reject padding after BIT STRING in signatures
fix(auth): reject invalid padding in digests
fix(auth): require at least one extension to be present
fix(auth): forbid junk after extensions
fix(auth): only accept v3 X.509 certificates
Since the two instances of the signature algorithm in a certificate must
be bitwise identical, it is not necessary to parse both of them.
Instead, it suffices to parse one of them, and then check that the other
fits in the remaining buffer space and is equal to the first.
Change-Id: Id0a0663165f147879ac83b6a540378fd4873b0dd Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
projects / arm-tf.git / log