Initialize VTTBR_EL2 when bypassing EL2

In the situation that EL1 is selected as the exception level for the
next image upon BL31 exit for a processor that supports EL2, the
context management code must configure all essential EL2 register
state to ensure correct execution of EL1.

VTTBR_EL2 should be part of this set of EL2 registers because:
 - The ARMv8-A architecture does not define a reset value for this
   register.
 - Cache maintenance operations depend on VTTBR_EL2.VMID even when
   non-secure EL1&0 stage 2 address translation are disabled.

This patch initializes the VTTBR_EL2 register to 0 when bypassing EL2
to address this issue. Note that this bug has not yet manifested
itself on FVP or Juno because VTTBR_EL2.VMID resets to 0 on the
Cortex-A53 and Cortex-A57.

Change-Id: I58ce2d16a71687126f437577a506d93cb5eecf33

bl31/context_mgmt.c

@@ -330,6 +330,14 @@ void cm_prepare_el3_exit(uint32_t security_state)
 			/* Set VPIDR, VMPIDR to match MIDR, MPIDR */
 			write_vpidr_el2(read_midr_el1());
 			write_vmpidr_el2(read_mpidr_el1());
+
+			/*
+			 * Reset VTTBR_EL2.
+			 * Needed because cache maintenance operations depend on
+			 * the VMID even when non-secure EL1&0 stage 2 address
+			 * translation are disabled.
+			 */
+			write_vttbr_el2(0);
 		}
 	}
 

include/lib/aarch64/arch_helpers.h

@@ -270,6 +270,8 @@ DEFINE_SYSREG_RW_FUNCS(ttbr0_el3)
 
 DEFINE_SYSREG_RW_FUNCS(ttbr1_el1)
 
+DEFINE_SYSREG_RW_FUNCS(vttbr_el2)
+
 DEFINE_SYSREG_RW_FUNCS(cptr_el2)
 DEFINE_SYSREG_RW_FUNCS(cptr_el3)