diff options
Diffstat (limited to 'bl32/tsp/aarch64/tsp_entrypoint.S')
| -rw-r--r-- | bl32/tsp/aarch64/tsp_entrypoint.S | 196 |
1 files changed, 124 insertions, 72 deletions
diff --git a/bl32/tsp/aarch64/tsp_entrypoint.S b/bl32/tsp/aarch64/tsp_entrypoint.S index 2714282b..489183c5 100644 --- a/bl32/tsp/aarch64/tsp_entrypoint.S +++ b/bl32/tsp/aarch64/tsp_entrypoint.S @@ -1,37 +1,13 @@ /* - * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of ARM nor the names of its contributors may be used - * to endorse or promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * SPDX-License-Identifier: BSD-3-Clause */ #include <arch.h> #include <asm_macros.S> #include <tsp.h> -#include <xlat_tables.h> +#include <xlat_tables_defs.h> #include "../tsp_private.h" @@ -67,10 +43,7 @@ msr spsr_el1, \reg2 .endm - .section .text, "ax" - .align 3 - -func tsp_entrypoint +func tsp_entrypoint _align=3 /* --------------------------------------------- * Set the exception vector to something sane. @@ -99,6 +72,20 @@ func tsp_entrypoint isb /* --------------------------------------------- + * Invalidate the RW memory used by the BL32 + * image. This includes the data and NOBITS + * sections. This is done to safeguard against + * possible corruption of this memory by dirty + * cache lines in a system cache as a result of + * use by an earlier boot loader stage. + * --------------------------------------------- + */ + adr x0, __RW_START__ + adr x1, __RW_END__ + sub x1, x1, x0 + bl inv_dcache_range + + /* --------------------------------------------- * Zero out NOBITS sections. There are 2 of them: * - the .bss section; * - the coherent memory section. @@ -106,12 +93,12 @@ func tsp_entrypoint */ ldr x0, =__BSS_START__ ldr x1, =__BSS_SIZE__ - bl zeromem16 + bl zeromem #if USE_COHERENT_MEM ldr x0, =__COHERENT_RAM_START__ ldr x1, =__COHERENT_RAM_UNALIGNED_SIZE__ - bl zeromem16 + bl zeromem #endif /* -------------------------------------------- @@ -122,8 +109,16 @@ func tsp_entrypoint * primary cpu is running at the moment. * -------------------------------------------- */ - mrs x0, mpidr_el1 - bl platform_set_stack + bl plat_set_my_stack + + /* --------------------------------------------- + * Initialize the stack protector canary before + * any C code is called. + * --------------------------------------------- + */ +#if STACK_PROTECTOR_ENABLED + bl update_stack_protector_canary +#endif /* --------------------------------------------- * Perform early platform setup & platform @@ -149,6 +144,7 @@ func tsp_entrypoint tsp_entrypoint_panic: b tsp_entrypoint_panic +endfunc tsp_entrypoint /* ------------------------------------------- @@ -157,15 +153,17 @@ tsp_entrypoint_panic: * ------------------------------------------- */ func tsp_vector_table - b tsp_std_smc_entry + b tsp_yield_smc_entry b tsp_fast_smc_entry b tsp_cpu_on_entry b tsp_cpu_off_entry b tsp_cpu_resume_entry b tsp_cpu_suspend_entry - b tsp_fiq_entry + b tsp_sel1_intr_entry b tsp_system_off_entry b tsp_system_reset_entry + b tsp_abort_yield_smc_entry +endfunc tsp_vector_table /*--------------------------------------------- * This entrypoint is used by the TSPD when this @@ -180,6 +178,7 @@ func tsp_vector_table func tsp_cpu_off_entry bl tsp_cpu_off_main restore_args_call_smc +endfunc tsp_cpu_off_entry /*--------------------------------------------- * This entrypoint is used by the TSPD when the @@ -191,6 +190,7 @@ func tsp_cpu_off_entry func tsp_system_off_entry bl tsp_system_off_main restore_args_call_smc +endfunc tsp_system_off_entry /*--------------------------------------------- * This entrypoint is used by the TSPD when the @@ -202,6 +202,7 @@ func tsp_system_off_entry func tsp_system_reset_entry bl tsp_system_reset_main restore_args_call_smc +endfunc tsp_system_reset_entry /*--------------------------------------------- * This entrypoint is used by the TSPD when this @@ -243,8 +244,7 @@ func tsp_cpu_on_entry * enabled. * -------------------------------------------- */ - mrs x0, mpidr_el1 - bl platform_set_stack + bl plat_set_my_stack /* -------------------------------------------- * Enable the MMU with the DCache disabled. It @@ -292,6 +292,7 @@ func tsp_cpu_on_entry /* Should never reach here */ tsp_cpu_on_entry_panic: b tsp_cpu_on_entry_panic +endfunc tsp_cpu_on_entry /*--------------------------------------------- * This entrypoint is used by the TSPD when this @@ -305,14 +306,17 @@ tsp_cpu_on_entry_panic: func tsp_cpu_suspend_entry bl tsp_cpu_suspend_main restore_args_call_smc +endfunc tsp_cpu_suspend_entry - /*--------------------------------------------- + /*------------------------------------------------- * This entrypoint is used by the TSPD to pass - * control for handling a pending S-EL1 FIQ. - * 'x0' contains a magic number which indicates - * this. TSPD expects control to be handed back - * at the end of FIQ processing. This is done - * through an SMC. The handover agreement is: + * control for `synchronously` handling a S-EL1 + * Interrupt which was triggered while executing + * in normal world. 'x0' contains a magic number + * which indicates this. TSPD expects control to + * be handed back at the end of interrupt + * processing. This is done through an SMC. + * The handover agreement is: * * 1. PSTATE.DAIF are set upon entry. 'x1' has * the ELR_EL3 from the non-secure state. @@ -324,39 +328,54 @@ func tsp_cpu_suspend_entry * 4. TSP can use 'x0-x18' to enable its C * runtime. * 5. TSP returns to TSPD using an SMC with - * 'x0' = TSP_HANDLED_S_EL1_FIQ - * --------------------------------------------- + * 'x0' = TSP_HANDLED_S_EL1_INTR + * ------------------------------------------------ */ -func tsp_fiq_entry +func tsp_sel1_intr_entry #if DEBUG - mov x2, #(TSP_HANDLE_FIQ_AND_RETURN & ~0xffff) - movk x2, #(TSP_HANDLE_FIQ_AND_RETURN & 0xffff) + mov_imm x2, TSP_HANDLE_SEL1_INTR_AND_RETURN cmp x0, x2 - b.ne tsp_fiq_entry_panic + b.ne tsp_sel1_int_entry_panic #endif - /*--------------------------------------------- + /*------------------------------------------------- * Save any previous context needed to perform * an exception return from S-EL1 e.g. context - * from a previous IRQ. Update statistics and - * handle the FIQ before returning to the TSPD. + * from a previous Non secure Interrupt. + * Update statistics and handle the S-EL1 + * interrupt before returning to the TSPD. * IRQ/FIQs are not enabled since that will * complicate the implementation. Execution * will be transferred back to the normal world - * in any case. A non-zero return value from the - * fiq handler is an error. - * --------------------------------------------- + * in any case. The handler can return 0 + * if the interrupt was handled or TSP_PREEMPTED + * if the expected interrupt was preempted + * by an interrupt that should be handled in EL3 + * e.g. Group 0 interrupt in GICv3. In both + * the cases switch to EL3 using SMC with id + * TSP_HANDLED_S_EL1_INTR. Any other return value + * from the handler will result in panic. + * ------------------------------------------------ */ save_eret_context x2 x3 - bl tsp_update_sync_fiq_stats - bl tsp_fiq_handler - cbnz x0, tsp_fiq_entry_panic + bl tsp_update_sync_sel1_intr_stats + bl tsp_common_int_handler + /* Check if the S-EL1 interrupt has been handled */ + cbnz x0, tsp_sel1_intr_check_preemption + b tsp_sel1_intr_return +tsp_sel1_intr_check_preemption: + /* Check if the S-EL1 interrupt has been preempted */ + mov_imm x1, TSP_PREEMPTED + cmp x0, x1 + b.ne tsp_sel1_int_entry_panic +tsp_sel1_intr_return: + mov_imm x0, TSP_HANDLED_S_EL1_INTR restore_eret_context x2 x3 - mov x0, #(TSP_HANDLED_S_EL1_FIQ & ~0xffff) - movk x0, #(TSP_HANDLED_S_EL1_FIQ & 0xffff) smc #0 -tsp_fiq_entry_panic: - b tsp_fiq_entry_panic + /* Should never reach here */ +tsp_sel1_int_entry_panic: + no_ret plat_panic_handler +endfunc tsp_sel1_intr_entry /*--------------------------------------------- * This entrypoint is used by the TSPD when this @@ -371,8 +390,10 @@ tsp_fiq_entry_panic: func tsp_cpu_resume_entry bl tsp_cpu_resume_main restore_args_call_smc -tsp_cpu_resume_panic: - b tsp_cpu_resume_panic + + /* Should never reach here */ + no_ret plat_panic_handler +endfunc tsp_cpu_resume_entry /*--------------------------------------------- * This entrypoint is used by the TSPD to ask @@ -382,20 +403,51 @@ tsp_cpu_resume_panic: func tsp_fast_smc_entry bl tsp_smc_handler restore_args_call_smc -tsp_fast_smc_entry_panic: - b tsp_fast_smc_entry_panic + + /* Should never reach here */ + no_ret plat_panic_handler +endfunc tsp_fast_smc_entry /*--------------------------------------------- * This entrypoint is used by the TSPD to ask - * the TSP to service a std smc request. + * the TSP to service a Yielding SMC request. * We will enable preemption during execution * of tsp_smc_handler. * --------------------------------------------- */ -func tsp_std_smc_entry +func tsp_yield_smc_entry msr daifclr, #DAIF_FIQ_BIT | DAIF_IRQ_BIT bl tsp_smc_handler msr daifset, #DAIF_FIQ_BIT | DAIF_IRQ_BIT restore_args_call_smc -tsp_std_smc_entry_panic: - b tsp_std_smc_entry_panic + + /* Should never reach here */ + no_ret plat_panic_handler +endfunc tsp_yield_smc_entry + + /*--------------------------------------------------------------------- + * This entrypoint is used by the TSPD to abort a pre-empted Yielding + * SMC. It could be on behalf of non-secure world or because a CPU + * suspend/CPU off request needs to abort the preempted SMC. + * -------------------------------------------------------------------- + */ +func tsp_abort_yield_smc_entry + + /* + * Exceptions masking is already done by the TSPD when entering this + * hook so there is no need to do it here. + */ + + /* Reset the stack used by the pre-empted SMC */ + bl plat_set_my_stack + + /* + * Allow some cleanup such as releasing locks. + */ + bl tsp_abort_smc_handler + + restore_args_call_smc + + /* Should never reach here */ + bl plat_panic_handler +endfunc tsp_abort_yield_smc_entry |