$(error "BL2_IN_XIP_MEM is only supported when RESET_TO_BL2 is enabled")
endif
-# For RAS_EXTENSION, require that EAs are handled in EL3 first
+# RAS_EXTENSION is deprecated, provide alternate build options
ifeq ($(RAS_EXTENSION),1)
+ $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS and RAS_FFH_SUPPORT instead")
+endif
+# RAS firmware first handling requires that EAs are handled in EL3 first
+ifeq ($(RAS_FFH_SUPPORT),1)
+ ifneq ($(ENABLE_FEAT_RAS),1)
+ $(error For RAS_FFH_SUPPORT, ENABLE_FEAT_RAS must also be 1)
+ endif
ifneq ($(HANDLE_EA_EL3_FIRST_NS),1)
- $(error For RAS_EXTENSION, HANDLE_EA_EL3_FIRST_NS must also be 1)
+ $(error For RAS_FFH_SUPPORT, HANDLE_EA_EL3_FIRST_NS must also be 1)
endif
endif
-
-# When FAULT_INJECTION_SUPPORT is used, require that RAS_EXTENSION is enabled
+# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled
ifeq ($(FAULT_INJECTION_SUPPORT),1)
- ifneq ($(RAS_EXTENSION),1)
- $(error For FAULT_INJECTION_SUPPORT, RAS_EXTENSION must also be 1)
+ ifneq ($(ENABLE_FEAT_RAS),1)
+ $(error For FAULT_INJECTION_SUPPORT, ENABLE_FEAT_RAS must also be 1)
endif
endif
FEATURE_DETECTION \
TRNG_SUPPORT \
CONDITIONAL_CMO \
+ RAS_FFH_SUPPORT \
)))
$(eval $(call assert_numerics,\
ENABLE_FEAT_AMU \
ENABLE_FEAT_AMUv1p1 \
ENABLE_FEAT_CSV2_2 \
+ ENABLE_FEAT_RAS \
ENABLE_FEAT_DIT \
ENABLE_FEAT_ECV \
ENABLE_FEAT_FGT \
FW_ENC_STATUS \
NR_OF_FW_BANKS \
NR_OF_IMAGES_IN_FW_BANK \
- RAS_EXTENSION \
TWED_DELAY \
ENABLE_FEAT_TWED \
SVE_VECTOR_LEN \
PROGRAMMABLE_RESET_ADDRESS \
PSCI_EXTENDED_STATE_ID \
PSCI_OS_INIT_MODE \
- RAS_EXTENSION \
+ ENABLE_FEAT_RAS \
+ RAS_FFH_SUPPORT \
RESET_TO_BL31 \
SEPARATE_CODE_AND_RODATA \
SEPARATE_BL2_NOLOAD_REGION \
* x1: EA syndrome
*/
func delegate_sync_ea
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
/*
* Check for Uncontainable error type. If so, route to the platform
* fatal error handler rather than the generic EA one.
* x1: EA syndrome
*/
func delegate_async_ea
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
/* Check Exception Class to ensure SError, as this function should
* only be invoked for SError. If that is not the case, which implies
* either an HW error or programming error, panic.
/*
* Macro that prepares entry to EL3 upon taking an exception.
*
- * With RAS_EXTENSION, this macro synchronizes pending errors with an ESB
- * instruction. When an error is thus synchronized, the handling is
+ * With RAS_FFH_SUPPORT, this macro synchronizes pending errors with an
+ * ESB instruction. When an error is thus synchronized, the handling is
* delegated to platform EA handler.
*
- * Without RAS_EXTENSION, this macro synchronizes pending errors using
+ * Without RAS_FFH_SUPPORT, this macro synchronizes pending errors using
* a DSB, unmasks Asynchronous External Aborts and saves X30 before
* setting the flag CTX_IS_IN_EL3.
*/
.macro check_and_unmask_ea
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
/* Synchronize pending External Aborts */
esb
end_vector_entry fiq_sp_elx
vector_entry serror_sp_elx
-#if !RAS_EXTENSION
+#if !RAS_FFH_SUPPORT
/*
* This will trigger if the exception was taken due to SError in EL3 or
* because of pending asynchronous external aborts from lower EL that got
vector_entry serror_aarch64
save_x30
apply_at_speculative_wa
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
msr daifclr, #DAIF_ABT_BIT
#else
check_and_unmask_ea
vector_entry serror_aarch32
save_x30
apply_at_speculative_wa
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
msr daifclr, #DAIF_ABT_BIT
#else
check_and_unmask_ea
******************************************************************************/
static void read_feat_ras(void)
{
-#if (RAS_EXTENSION == FEAT_STATE_ALWAYS)
+#if (ENABLE_FEAT_RAS == FEAT_STATE_ALWAYS)
feat_detect_panic(is_armv8_2_feat_ras_present(), "RAS");
#endif
}
Reliability, Availability, and Serviceability (RAS) Extensions
-==============================================================
+**************************************************************
This document describes |TF-A| support for Arm Reliability, Availability, and
Serviceability (RAS) extensions. RAS is a mandatory extension for Armv8.2 and
later CPUs, and also an optional extension to the base Armv8.0 architecture.
-In conjunction with the |EHF|, support for RAS extension enables firmware-first
-paradigm for handling platform errors: exceptions resulting from errors in
-Non-secure world are routed to and handled in EL3.
-Said errors are Synchronous External Abort (SEA), Asynchronous External Abort
-(signalled as SErrors), Fault Handling and Error Recovery interrupts.
-The |EHF| document mentions various :ref:`error handling
-use-cases <delegation-use-cases>` .
-
For the description of Arm RAS extensions, Standard Error Records, and the
precise definition of RAS terminology, please refer to the Arm Architecture
-Reference Manual. The rest of this document assumes familiarity with
-architecture and terminology.
+Reference Manual and `RAS Supplement`_. The rest of this document assumes
+familiarity with architecture and terminology.
+
+There are two philosophies for handling RAS errors from Non-secure world point
+of view.
+
+- :ref:`Firmware First Handling (FFH)`
+- :ref:`Kernel First Handling (KFH)`
+
+.. _Firmware First Handling (FFH):
+
+Firmware First Handling (FFH)
+=============================
+
+Introduction
+------------
+
+EA’s and Error interrupts corresponding to NS nodes are handled first in firmware
+
+- Errors signaled back to NS world via suitable mechanism
+- Kernel is prohibited from accessing the RAS error records directly
+- Firmware creates CPER records for kernel to navigate and process
+- Firmware signals error back to Kernel via SDEI
Overview
--------
-As mentioned above, the RAS support in |TF-A| enables routing to and handling of
-exceptions resulting from platform errors in EL3. It allows the platform to
-define an External Abort handler, and to register RAS nodes and interrupts. RAS
-framework also provides `helpers`__ for accessing Standard Error Records as
-introduced by the RAS extensions.
+FFH works in conjunction with `Exception Handling Framework`. Exceptions resulting from
+errors in Non-secure world are routed to and handled in EL3. Said errors are Synchronous
+External Abort (SEA), Asynchronous External Abort (signalled as SErrors), Fault Handling
+and Error Recovery interrupts.
+RAS Framework in TF-A allows the platform to define an external abort handler and to
+register RAS nodes and interrupts. It also provides `helpers`__ for accessing Standard
+Error Records as introduced by the RAS extensions
+
.. __: `Standard Error Record helpers`_
-The build option ``RAS_EXTENSION`` when set to ``1`` includes the RAS in run
-time firmware; ``EL3_EXCEPTION_HANDLING`` and ``HANDLE_EA_EL3_FIRST_NS`` must also
-be set ``1``. ``RAS_TRAP_NS_ERR_REC_ACCESS`` controls the access to the RAS
-error record registers from Non-secure.
+.. _Kernel First Handling (KFH):
+
+Kernel First Handling (KFH)
+===========================
+
+Introduction
+------------
+
+EA's originating/attributed to NS world are handled first in NS and Kernel navigates
+the std error records directly.
+
+**KFH can be supported in a platform without TF-A being aware of it but there are few
+corner cases where TF-A needs to have special handling, which is currently missing and
+will be added in future**
+
+TF-A build options
+==================
+
+- **ENABLE_FEAT_RAS**: Manage FEAT_RAS extension when switching the world.
+- **RAS_FFH_SUPPORT**: Pull in necessary framework and platform hooks for Firmware first
+ handling(FFH) of RAS errors.
+- **RAS_TRAP_NS_ERR_REC_ACCESS**: Trap Non-secure access of RAS error record registers.
+- **RAS_EXTENSION**: Deprecated macro, equivalent to ENABLE_FEAT_RAS and RAS_FFH_SUPPORT
+ put together.
+
+RAS feature has dependency on some other TF-A build flags
+
+- **EL3_EXCEPTION_HANDLING**: Required for FFH
+- **HANDLE_EA_EL3_FIRST_NS**: Required for FFH
+- **FAULT_INJECTION_SUPPORT**: Required for testing RAS feature on fvp platform
+
+RAS Framework
+=============
+
.. _ras-figure:
.. image:: ../resources/diagrams/draw.io/ras.svg
-See more on `Engaging the RAS framework`_.
-
Platform APIs
-------------
Engaging the RAS framework
--------------------------
-Enabling RAS support is a platform choice constructed from three distinct, but
-related, build options:
-
-- ``RAS_EXTENSION=1`` includes the RAS framework in the run time firmware;
-
-- ``EL3_EXCEPTION_HANDLING=1`` enables handling of exceptions at EL3. See
- `Interaction with Exception Handling Framework`_;
-
-- ``HANDLE_EA_EL3_FIRST_NS=1`` enables routing of External Aborts and SErrors,
- resulting from errors in NS world, to EL3.
+Enabling RAS support is a platform choice
The RAS support in |TF-A| introduces a default implementation of
-``plat_ea_handler``, the External Abort handler in EL3. When ``RAS_EXTENSION``
+``plat_ea_handler``, the External Abort handler in EL3. When ``RAS_FFH_SUPPORT``
is set to ``1``, it'll first call ``ras_ea_handler()`` function, which is the
top-level RAS exception handler. ``ras_ea_handler`` is responsible for iterating
to through platform-supplied error records, probe them, and when an error is
--------------
-*Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.*
+
+.. _RAS Supplement: https://developer.arm.com/documentation/ddi0587/latest
- ``PSCI_OS_INIT_MODE``: Boolean flag to enable support for optional PSCI
OS-initiated mode. This option defaults to 0.
-- ``RAS_EXTENSION``: Numeric value to enable Armv8.2 RAS features. RAS features
+- ``ENABLE_FEAT_RAS``: Numeric value to enable Armv8.2 RAS features. RAS features
are an optional extension for pre-Armv8.2 CPUs, but are mandatory for Armv8.2
or later CPUs. This flag can take the values 0 to 2, to align with the
``FEATURE_DETECTION`` mechanism.
- When ``RAS_EXTENSION`` is set to ``1``, ``HANDLE_EA_EL3_FIRST_NS`` must also be
- set to ``1``.
-
- This option is disabled by default.
+- ``RAS_FFH_SUPPORT``: Support to enable Firmware first handling of RAS errors
+ originating from NS world. When ``RAS_FFH_SUPPORT`` is set to ``1``,
+ ``HANDLE_EA_EL3_FIRST_NS`` and ``ENABLE_FEAT_RAS`` must also be set to ``1``.
- ``RESET_TO_BL31``: Enable BL31 entrypoint as the CPU reset vector instead
of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1
(``uint64_t flags``) indicates the preempted security state. These parameters
are received from the top-level exception handler.
-If ``RAS_EXTENSION`` is set to ``1``, the default implementation of this
+If ``RAS_FFH_SUPPORT`` is set to ``1``, the default implementation of this
function iterates through RAS handlers registered by the platform. If any of the
RAS handlers resolve the External Abort, no further action is taken.
-If ``RAS_EXTENSION`` is set to ``0``, or if none of the platform RAS handlers
+If ``RAS_FFH_SUPPORT`` is set to ``0``, or if none of the platform RAS handlers
could resolve the External Abort, the default implementation prints an error
message, and panics.
void el2_sysregs_context_save_mte(el2_sysregs_t *regs);
void el2_sysregs_context_restore_mte(el2_sysregs_t *regs);
#endif /* CTX_INCLUDE_MTE_REGS */
-#if RAS_EXTENSION
+#if ENABLE_FEAT_RAS
void el2_sysregs_context_save_ras(el2_sysregs_t *regs);
void el2_sysregs_context_restore_ras(el2_sysregs_t *regs);
-#endif /* RAS_EXTENSION */
+#endif /* ENABLE_FEAT_RAS */
#endif /* CTX_INCLUDE_EL2_REGS */
#if CTX_INCLUDE_FPREGS
.global el2_sysregs_context_save_mte
.global el2_sysregs_context_restore_mte
#endif /* CTX_INCLUDE_MTE_REGS */
-#if RAS_EXTENSION
+#if ENABLE_FEAT_RAS
.global el2_sysregs_context_save_ras
.global el2_sysregs_context_restore_ras
-#endif /* RAS_EXTENSION */
+#endif /* ENABLE_FEAT_RAS */
#endif /* CTX_INCLUDE_EL2_REGS */
.global el1_sysregs_context_save
endfunc el2_sysregs_context_restore_mte
#endif /* CTX_INCLUDE_MTE_REGS */
-#if RAS_EXTENSION
+#if ENABLE_FEAT_RAS
func el2_sysregs_context_save_ras
/*
* VDISR_EL2 and VSESR_EL2 registers are saved only when
msr vsesr_el2, x12
ret
endfunc el2_sysregs_context_restore_ras
-#endif /* RAS_EXTENSION */
+#endif /* ENABLE_FEAT_RAS */
#endif /* CTX_INCLUDE_EL2_REGS */
1:
#endif /* IMAGE_BL31 && DYNAMIC_WORKAROUND_CVE_2018_3639 */
-#if IMAGE_BL31 && RAS_EXTENSION
+#if IMAGE_BL31 && ENABLE_FEAT_RAS
/* ----------------------------------------------------------
* Issue Error Synchronization Barrier to synchronize SErrors
* before exiting EL3. We're running with EAs unmasked, so
esb
#else
dsb sy
-#endif /* IMAGE_BL31 && RAS_EXTENSION */
+#endif /* IMAGE_BL31 && ENABLE_FEAT_RAS */
/* ----------------------------------------------------------
* Restore SPSR_EL3, ELR_EL3 and SCR_EL3 prior to ERET
write_ctx_reg(el2_sysregs_ctx, CTX_TTBR1_EL2,
read_ttbr1_el2());
}
-#if RAS_EXTENSION
+#if ENABLE_FEAT_RAS
el2_sysregs_context_save_ras(el2_sysregs_ctx);
#endif
write_contextidr_el2(read_ctx_reg(el2_sysregs_ctx, CTX_CONTEXTIDR_EL2));
write_ttbr1_el2(read_ctx_reg(el2_sysregs_ctx, CTX_TTBR1_EL2));
}
-#if RAS_EXTENSION
+#if ENABLE_FEAT_RAS
el2_sysregs_context_restore_ras(el2_sysregs_ctx);
#endif
ENABLE_FEAT_VHE = 1
endif
+# Enable the features which are mandatory from ARCH version 8.2 and upwards.
+ifeq "8.2" "$(word 1, $(sort 8.2 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
+ENABLE_FEAT_RAS = 1
+endif
+
# Enable the features which are mandatory from ARCH version 8.4 and upwards.
ifeq "8.4" "$(word 1, $(sort 8.4 $(ARM_ARCH_MAJOR).$(ARM_ARCH_MINOR)))"
ENABLE_FEAT_DIT = 1
# Enable PSCI OS-initiated mode support
PSCI_OS_INIT_MODE := 0
-# Enable RAS support
-RAS_EXTENSION := 0
+# Enable RAS Support
+ENABLE_FEAT_RAS := 0
+RAS_FFH_SUPPORT := 0
# By default, BL1 acts as the reset handler, not BL31
RESET_TO_BL31 := 0
endif
endif
-ifeq (${RAS_EXTENSION},1)
+ifeq (${RAS_FFH_SUPPORT},1)
BL31_SOURCES += plat/arm/board/fvp/aarch64/fvp_ras.c
endif
CSS_USE_SCMI_SDS_DRIVER := 1
-RAS_EXTENSION := 0
+ENABLE_FEAT_RAS := 1
+
+RAS_FFH_SUPPORT := 0
SDEI_SUPPORT := 0
/* Initialize power controller before setting up topology */
plat_arm_pwrc_setup();
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
ras_init();
#endif
endif
# RAS sources
-ifeq (${RAS_EXTENSION},1)
+ifeq (${RAS_FFH_SUPPORT},1)
BL31_SOURCES += lib/extensions/ras/std_err_record.c \
lib/extensions/ras/ras_common.c
endif
#define PLAT_SP_PRI PLAT_RAS_PRI
-#if SPM_MM && RAS_EXTENSION
+#if SPM_MM && RAS_FFH_SUPPORT
/*
* CPER buffer memory of 128KB is reserved and it is placed adjacent to the
* memory shared between EL3 and S-EL0.
*/
#define PLAT_ARM_SP_IMAGE_STACK_BASE (PLAT_SP_IMAGE_NS_BUF_BASE + \
PLAT_SP_IMAGE_NS_BUF_SIZE)
-#endif /* SPM_MM && RAS_EXTENSION */
+#endif /* SPM_MM && RAS_FFH_SUPPORT */
/* Platform ID address */
#define SSC_VERSION (SSC_REG_BASE + SSC_VERSION_OFFSET)
CSS_ENT_BASE := plat/arm/css/sgi
-RAS_EXTENSION := 0
+ENABLE_FEAT_RAS := 1
+
+RAS_FFH_SUPPORT := 0
SDEI_SUPPORT := 0
${CSS_ENT_BASE}/sgi_bl31_setup.c \
${CSS_ENT_BASE}/sgi_topology.c
-ifeq (${RAS_EXTENSION},1)
+ifeq (${RAS_FFH_SUPPORT},1)
BL31_SOURCES += ${CSS_ENT_BASE}/sgi_ras.c
endif
{
arm_bl31_platform_setup();
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
sgi_ras_intr_handler_setup();
#endif
PLAT_ARM_SECURE_MAP_DEVICE,
ARM_SP_IMAGE_MMAP,
ARM_SP_IMAGE_NS_BUF_MMAP,
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
CSS_SGI_SP_CPER_BUF_MMAP,
#endif
ARM_SP_IMAGE_RW_MMAP,
#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/console.h>
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
#include <lib/extensions/ras.h>
#endif
#include <lib/xlat_tables/xlat_mmu_helpers.h>
void plat_default_ea_handler(unsigned int ea_reason, uint64_t syndrome, void *cookie,
void *handle, uint64_t flags)
{
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
/* Call RAS EA handler */
int handled = ras_ea_handler(ea_reason, syndrome, cookie, handle, flags);
if (handled != 0)
* Enumeration of priority levels on ARM platforms.
*/
ehf_pri_desc_t plat_exceptions[] = {
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
/* RAS Priority */
EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_RAS_PRI),
#endif
void *handle,
uint64_t flags);
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
void tegra194_ras_enable(void);
void tegra194_ras_corrected_err_clear(uint64_t *cookie);
#endif
void plat_ea_handler(unsigned int ea_reason, uint64_t syndrome, void *cookie,
void *handle, uint64_t flags)
{
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
tegra194_ea_handler(ea_reason, syndrome, cookie, handle, flags);
#else
plat_default_ea_handler(ea_reason, syndrome, cookie, handle, flags);
/* sanity check MCE firmware compatibility */
mce_verify_firmware_version();
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
/* Enable Uncorrectable RAS error */
tegra194_ras_enable();
#endif
break;
-#if RAS_EXTENSION
+#if RAS_FFH_SUPPORT
case TEGRA_SIP_CLEAR_RAS_CORRECTED_ERRORS:
{
/*
# enable RAS handling
HANDLE_EA_EL3_FIRST_NS := 1
-RAS_EXTENSION := 1
+ENABLE_FEAT_RAS := 1
+RAS_FFH_SUPPORT := 1
# platform files
PLAT_INCLUDES += -Iplat/nvidia/tegra/include/t194 \
endif
# RAS sources
-ifeq (${RAS_EXTENSION},1)
+ifeq (${RAS_FFH_SUPPORT},1)
BL31_SOURCES += lib/extensions/ras/std_err_record.c \
lib/extensions/ras/ras_common.c \
${SOC_DIR}/plat_ras.c
projects / arm-tf.git / commitdiff