This patch adds guards so that an exception vector exceeding 32
instructions will generate a compile-time error. This keeps the
exception handlers in check from spilling over.
Change-Id: I7aa56dd0071a333664e2814c656d3896032046fe
This patch increases coherent stack size for both debug and release
builds in order to accommodate stack-heavy printf() and extended EL3
functionality
Change-Id: I30ef30530a01517a97e63d703873374828c09f20
This patch uses the reworked exception handling support to handle
runtime service requests through SMCs following the SMC calling
convention. This is a giant commit since all the changes are
inter-related. It does the following:
1. Replace the old exception handling mechanism with the new one
2. Enforce that SP_EL0 is used C runtime stacks.
3. Ensures that the cold and warm boot paths use the 'cpu_context'
structure to program an ERET into the next lower EL.
4. Ensures that SP_EL3 always points to the next 'cpu_context'
structure prior to an ERET into the next lower EL
5. Introduces a PSCI SMC handler which completes the use of PSCI as a
runtime service
Change-Id: I661797f834c0803d2c674d20f504df1b04c2b852
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
This patch introduces the reworked exception handling logic which lays
the foundation for accessing runtime services in later patches. The
type of an exception has a greater say in the way it is
handled. SP_EL3 is used as the stack pointer for:
1. Determining the type of exception and handling the unexpected ones
on the exception stack
2. Saving and restoring the essential general purpose and system
register state after exception entry and prior to exception exit.
SP_EL0 is used as the stack pointer for handling runtime service
requests e.g. SMCs. A new structure for preserving general purpose
register state has been added to the 'cpu_context' structure. All
assembler ensures that it does not use callee saved registers
(x19-x29). The C runtime preserves them across functions calls. Hence
EL3 code does not have to save and restore them explicitly.
Since the exception handling framework has undergone substantial change,
the changes have been kept in separate files to aid readability. These
files will replace the existing ones in subsequent patches.
Change-Id: Ice418686592990ff7a4260771e8d6676e6c8c5ef
This patch introduces the framework to enable registration and
initialisation of runtime services. PSCI is registered and initialised
as a runtime service. Handling of runtime service requests will be
implemented in subsequent patches.
Change-Id: Id21e7ddc5a33d42b7d6e455b41155fc5441a9547
This patch uses the context library to save and restore EL3 state on
the 'cpu_context' data structures allocated by PSCI for managing
non-secure state context on each cpu.
Change-Id: I19c1f26578204a7cd9e0a6c582ced0d97ee4cf80
This patch adds support for a cpu context management library. This
library will be used to:
1. Share pointers to secure and non-secure state cpu contexts between
runtime services e.g. PSCI and Secure Payload Dispatcher services
2. Set SP_EL3 to a context structure which will be used for
programming an ERET into a lower EL
3. Provide wrapper functions to save and restore EL3 & EL1
state. These functions will in turn use the helper functions in
context.S
Change-Id: I655eeef83dcd2a0c6f2eb2ac23efab866ac83ca0
This patch introduces functions for saving and restoring shared system
registers between secure and non-secure EL1 exception levels, VFP
registers and essential EL3 system register and other state. It also
defines the 'cpu_context' data structure which will used for saving and
restoring execution context for a given security state. These functions
will allow runtime services like PSCI and Secure payload dispatcher to
implement logic for switching between the secure and non-secure states.
The save and restore functions follow AArch64 PCS and only use
caller-saved temporary registers.
Change-Id: I8ee3aaa061d3caaedb28ae2c5becb9a206b6fd74
This patch ensures that VBAR_EL3 points to the simple stack-less
'early_exceptions' when the C runtime stack is not correctly setup to
use the more complex 'runtime_exceptions'. It is initialised to
'runtime_exceptions' once this is done.
This patch also moves all exception vectors into a '.vectors' section
and modifies linker scripts to place all such sections together. This
will minimize space wastage from alignment restrictions.
Change-Id: I8c3e596ea3412c8bd582af9e8d622bb1cb2e049d
The SynchronousExceptionA64 vector has gone beyond the 32-instruction
limit for individual exception vector. This patch splits and relocates
the exception handler so that it fits into the 32-instruction window.
Change-Id: Ic60c4fc3f09a1cb071d63ff0e58353ecaecbb62f
This patch moves the translation tables into their own section. This
saves space that would otherwise have been lost in padding due to page
table alignment constraints. The BL31 and BL32 bases have been
consequently adjusted.
Change-Id: Ibd65ae8a5ce4c4ea9a71a794c95bbff40dc63e65
The Firmware Image Package (FIP) driver allows for data to be loaded
from a FIP on platform storage. The FVP supports loading bootloader
images from a FIP located in NOR FLASH.
The implemented FVP policy states that bootloader images will be
loaded from a FIP in NOR FLASH if available and fall back to loading
individual images from semi-hosting.
NOTE:
- BL3-3(e.g. UEFI) is loaded into DRAM and needs to be configured
to run from the BL33_BASE address. This is currently set to
DRAM_BASE+128MB for the FVP.
Change-Id: I2e4821748e3376b5f9e467cf3ec09509e43579a0
This tool can be used to create a Firmware Image Packages (FIP). These
FIPs store a combined set of firmware images with a Table of Contents
(ToC) that can be loaded by the firmware from platform storage.
- Add uuid.h from FreeBSD.
- Use symbolic links to shared headers otherwise unwanted headers and
definitions are pulled in.
- A FIP is created as part of the default FVP build.
- A BL3-3 image(e.g. UEFI) must be provided.
Change-Id: Ib73feee181df2dba68bf6abec115a83cfa5e26cb
The modified implementation uses the IO abstraction rather than
making direct semi-hosting calls. The semi-hosting driver is now
registered for the FVP platform during initialisation of each boot
stage where it is used. Additionally, the FVP platform includes a
straightforward implementation of 'plat_get_image_source' which
provides a generic means for the 'load_image' function to determine
how to access the image data.
Change-Id: Ia34457b471dbee990c7b3c79de7aee4ceea51aa6
This is intended primarily for use as a storage abstraction.
It allows operations such as image-loading to be implemented
in a platform-independent fashion. Each platform registers
a set of IO drivers during initialisation. The platform must
also provide a function that will return a device and a specifier
that can be used to access specified content.
Clients of the API will primarily use device and entity handles.
The term "entity" is deliberately vague, to allow for different
representations of content accessed using different types of
specifier, but will often be interpreted as a "file" where the
specifier will normally be its path.
This commit builds, but is intended to be paired with a sample
implementation of "load_image" using a semi-hosting driver on FVP.
Change-Id: Id3b52f1c0eb9ce76b44b99fc6b6460803668cc86
memmove needs to allow for overlapping memory regions and, together
with memcpy, should return the input destination pointer, not the
address after the end of the copied data.
fixesARM-software/tf-issues#18
Signed-off-by: Jon Medhurst <tixy@linaro.org>
New phony Makefile targets have been added:
* checkcodebase
* checkpatch
The checkcodebase target will run a Linux style compliance check over the
entire codebase, and honours the V=1 Makefile verbose setting and so will
show more information when this is enabled.
If the local directory is a git checkout then the output of git ls-files is
used to decide which files to test for compliance. If the local directory
is not under git control then a 'best attempt' is made, but in this case it
should be noted that it is possible for additional non-codebase files to be
tested, so care should be taken when parsing the output.
The checkpatch target will compare local changes against the git origin/master
to allow issues with the last set of changes to be identified. To override
the change comparision location, set the BASE_COMMIT variable to your
desired git branch.
Both targets rely on the Linux source tree script checkpatch.pl to do the
syntax checking, and expects that the CHECKPATCH environment variable points
to the location of this file.
Notes on the usage of these targets have been added to the contributing.md
and docs/user-guide.md text files.
Change-Id: I6d73c97af578e24a34226d972afadab9d30f1d8d
The last CPU in a cluster is responsible for issuing the cluster power
down request to the FVP power controller. If another CPU in this
cluster wakes up before the last CPU enters WFI then the cluster power
down request remains pending. If this request is not cancelled and the
newly woken up CPU enters a simple WFI later, the power controller
powers the cluster down. This leads to unpredictable behaviour.
This patch fixes this issue by ensuring that the first CPU to wake up
in a cluster writes its MPIDR to the power controller's PPONR. This
cancels any pending cluster power down request.
Change-Id: I7e787adfd6c9a0bd7308390e3309d46f35c01086
The psci implementation does not track target affinity level requests
specified during cpu_suspend calls correctly as per the following
example.
1. cpu0.cluster0 calls cpu_suspend with the target affinity level as 0
2. Only the cpu0.cluster0 is powered down while cluster0 remains
powered up
3. cpu1.cluster0 calls cpu_off to power itself down to highest
possible affinity level
4. cluster0 will be powered off even though cpu0.cluster0 does not
allow cluster shutdown
This patch introduces reference counts at affinity levels > 0 to track
the number of cpus which want an affinity instance at level X to
remain powered up. This instance can be turned off only if its
reference count is 0. Cpus still undergo the normal state transitions
(ON, OFF, ON_PENDING, SUSPEND) but the higher levels can only be
either ON or OFF depending upon their reference count.
The above issue is thus fixed as follows:
1. cluster0's reference count is incremented by two when cpu0 and cpu1
are initially powered on.
2. cpu0.cluster0 calls cpu_suspend with the target affinity level as
0. This does not affect the cluster0 reference count.
3. Only the cpu0.cluster0 is powered down while cluster0 remains
powered up as it has a non-zero reference count.
4. cpu1.cluster0 call cpu_off to power itself down to highest possible
affinity level. This decrements the cluster0 reference count.
5. cluster0 is still not powered off since its reference count will at
least be 1 due to the restriction placed by cpu0.
Change-Id: I433dfe82b946f5f6985b1602c2de87800504f7a9
This patch adds support to save and restore the target affinity level
specified during a cpu_suspend psci call. This ensures that we
traverse only through the affinity levels that we originally intended
to after resuming from suspend.
Change-Id: I0900ae49a50b496da137cfec8f158da0397ec56c
The secure context saved and restored across a cpu_suspend operation
can be more than just the state of the secure system registers e.g. we
also need to save the affinity level till which the cpu is being
powered down. This patch creates a suspend_context data structure
which includes the system register context. This will allow other bits
to be saved and restored as well in subsequent patches.
Change-Id: I1c1f7d25497388b54b7d6ee4fab77e8c6a9992c4
The FVP platform has a few filenames that begin with fvp_. These are
renamed to plat_ to make it easier to use the FVP port as a template.
Change-Id: I601e6256d5ef3bae81a2e1f5df6de56db5b27069
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
Add the 'help' target to the Makefile to present a brief guide to the
various build options available.
Change-Id: Ic3a3489860b6362eb236470ea6b43a16a1b2fe3a
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
Tidy up the spacing of variable definitions within the makefiles to make
them more consistent, easier to read and amend.
Change-Id: Ic6d7c8489ca4330824abb5cd1ead8f1d449d1a85
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
Move all explicit platform or architecture specific references
into a new platform.mk file that is defined for each platform.
Change-Id: I9d6320d1ba957e0cc8d9b316b3578132331fa428
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
This patch replaces the empty definition of display_boot_progress() in
bl2_main.c with a weak definition. The former allowed bl2 to use the
early_exceptions(). It is possible to do that with a simple weak
definition as well.
Change-Id: Idb3f425a5e265f3579b638e3d26bd8c9bb78f80d
Ctags seem to have a problem with generating tags for assembler symbols
when a comment immediately follows an assembly label.
This patch inserts a single space character between the label
definition and the following comments to help ctags.
The patch is generated by the command:
git ls-files -- \*.S | xargs sed -i 's/^\([^:]\+\):;/\1: ;/1'
Change-Id: If7a3c9d0f51207ea033cc8b8e1b34acaa0926475
The GICv3 distributor can have more ports than CPUs are available in
the system. Probe all re-distributors and use the matching affinity
levels as specified by each core and re-distributor to decide which
re-distributor to use with which CPU core.
If a core cannot be matched with a re-distributor, the core panics and
is placed in an endless loop.
Change-Id: Ie393cfe07c7449a2383959e3c968664882e18afc
Traps when accessing architectural features are disabled by clearing bits
in CPTR_EL3 during early boot, including accesses to floating point
registers. The value of this register was previously undetermined, causing
unwanted traps to EL3. Future EL3 code (for example, context save/restore
code) may use floating point registers, although they are not used by current
code.
Also, the '-mgeneral-regs-only' flag is enabled in the GCC settings to
prevent generation of code that uses floating point registers.
Change-Id: I9a03675f6387bbbee81a6f2c9ccf81150db03747
GIC setup code which used to be in bl31_plat_setup.c is now in fvp_gic.c
to simplify future changes to other bootloader stages. This patch moves
code from bl31_plat_setup.c to fvp_gic.c, simplifies the include file
list for bl31_plat_setup.c, moves GIC declarations from the bl31.h header
file into the platform.h, and reworks files according to coding style
guide.
Change-Id: I48d82a4ba33e7114dcc88f9ca98767a06cf8f417
Tighten up ISO C standard checking. Fix 'CASSERT' implementation to
conform to C99 as opposed to GNU99 standard.
Change-Id: I58ddc61913617b66f11da5b6e3f7363136d5cf7d
In order to reduce the software dependency on the compiler, the project
is now compiled with the '-ffreestanding' flag. This is to prevent GCC
from replacing functions with more optimised versions. An example is
where GCC replaces a simple printf() with a puts().
Change-Id: I1973fe6957cd708e8432a0039af9d50e037bd884
SPSR is a 32-bit register and so its size should be reflected in
the gp_regs structure. This patch fixes the type of gp_regs.spsr
to use a 32-bit variable. It also makes the size of the other
register fields more explicit.
Change-Id: I27e0367df1a91cc501d5217c1b3856d4097c60ba
- Update porting guide to describe where files live and how to get
FreeBSD source code.
- Update change-log to describe relocation and new functions.
Change-Id: Id8f30cc7bafdd1064b3a5c5aae958c5aa3fb79f3
- This change is split into two separate patches in order to
simplify the history as interpreted by 'git'. The split is
between the move/rename and addition of new files.
- Remove dependency on toolchain C library headers and functions in
order to ensure behavioural compatibility between toolchains.
- Use FreeBSD as reference for C library implementation.
- Do not let GCC use default library include paths.
- Remove unused definitions in modified headers and implementations.
- Move C library files to 'lib/stdlib' and 'include/stdlib'.
- Break std.c functions out into separate files.
Change-Id: I3e3d8d992052264d2a02489034ae4c03bf0f5512
- This change is split into two separate patches in order to
simplify the history as interpreted by 'git'. The split is
between the move/rename and addition of new files.
- Remove dependency on toolchain C library headers and functions in
order to ensure behavioural compatibility between toolchains.
- Use FreeBSD as reference for C library implementation.
- Do not let GCC use default library include paths.
- Remove unused definitions in modified headers and implementations.
- Move C library files to 'lib/stdlib' and 'include/stdlib'.
- Break std.c functions out into separate files.
Change-Id: I91cddfb3229775f770ad781589670c57d347a154
- Add 'debug.h' with INFO, WARN and ERROR macros.
- This prints the specified message with the appropriate tag.
- INFO and WARN messages are only displayed when building with
the DEBUG flag set. Error messages are always printed.
Change-Id: I21835b6063fcc99649b30ac7489387cbd3705bc0
ns_entry_info used to be a per-cpu array. This is a waste of space
because it is only accessed by the primary CPU on the cold boot path.
This patch reduces ns_entry_info to a single-cpu area.
Change-Id: I647c70c4e76069560f1aaad37a1d5910f56fba4c
Platform setup code has to reserve some memory for storing the
memory layout information. It is populated in early platform setup
code.
blx_get_sec_mem_layout() functions used to return a copy of this
structure. This patch modifies blx_get_sec_mem_layout() functions
so that they now directly return a pointer to their memory layout
structure. It ensures that the memory layout returned by
blx_get_sec_mem_layout() is always up-to-date and also avoids a
useless copy of the meminfo structure.
Also rename blx_get_sec_mem_layout() to blx_plat_sec_mem_layout()
to make it clear those functions are platform specific.
Change-Id: Ic7a6f9d6b6236b14865ab48a9f5eff545ce56551
This patch makes changes to the documents to reflect the current
state of play of the psci cpu_suspend function.
Change-Id: I086509fb75111b6e9f93b7f6dbcd33cc4591b9f3
This patch performs a major rework of the psci generic implementation
to achieve the following:
1. replace recursion with iteration where possible to aid code
readability e.g. affinity instance states are changed iteratively
instead of recursively.
2. acquire pointers to affinity instance nodes at the beginning of a
psci operation. All subsequent actions use these pointers instead
of calling psci_get_aff_map_node() repeatedly e.g. management of
locks has been abstracted under functions which use these pointers
to ensure correct ordering. Helper functions have been added to
create these abstractions.
3. assertions have been added to cpu level handlers to ensure correct
state transition
4. the affinity level extents specified to various functions have the
same meaning i.e. start level is always less than the end level.
Change-Id: If0508c3a7b20ea3ddda2a66128429382afc3dfc8