aboutsummaryrefslogtreecommitdiff
path: root/lib/cpus/aarch64/cortex_a76.S
AgeCommit message (Collapse)Author
2023-08-03refactor(cpus): convert the Cortex-A76 to use cpu helpersGovindraj Raja
Change-Id: I9c9dff626f073d762b5c8c2d8286e1654ac5c2e5 Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
2023-08-03refactor(cpus): convert the Cortex-A76 to use the errata frameworkGovindraj Raja
Testing: - Manual comparison of disassembly with and without conversion. - Using the test script in gerrit - 19136 - Building with errata and stepping through from ArmDS and running tftf. Change-Id: I126f09de44b16e8bbb7e32477b880b4650eef23b Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
2022-11-03fix(cpus): workaround for Cortex-A76 erratum 2743102Bipin Ravi
Cortex-A76 erratum 2743102 is a Cat B erratum that applies to all revisions <=r4p1 and is still open. The workaround is to insert a dsb before the isb in the power down sequence. SDEN documentation: https://developer.arm.com/documentation/SDEN885749/latest Signed-off-by: Bipin Ravi <bipin.ravi@arm.com> Change-Id: Ie2cd73bd91417d30b5633d80b2fbee32944bc2de
2022-07-29feat(plat/qti): fix to support cpu errataSaurabh Gorecha
fix to support ARM CPU errata based on core used. Signed-off-by: Saurabh Gorecha <quic_sgorecha@quicinc.com> Change-Id: If1a438f98f743435a7a0b683a32ccf14164db37e
2022-03-18Merge changes from topic "spectre_bhb" into integrationMadhukar Pappireddy
* changes: fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57 fix(security): workaround for CVE-2022-23960 for Cortex-A57, Cortex-A72 fix(fvp): disable reclaiming init code by default
2022-03-18fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57Bipin Ravi
This patch applies CVE-2022-23960 workarounds for Cortex-A75, Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements the new SMCCC_ARCH_WORKAROUND_3 and enables necessary discovery hooks for Coxtex-A72, Cortex-A57, Cortex-A73 and Cortex-A75 to enable discovery of this SMC via SMC_FEATURES. SMCCC_ARCH_WORKAROUND_3 is implemented for A57/A72 because some revisions are affected by both CVE-2022-23960 and CVE-2017-5715 and this allows callers to replace SMCCC_ARCH_WORKAROUND_1 calls with SMCCC_ARCH_WORKAROUND_3. For details of SMCCC_ARCH_WORKAROUND_3, please refer SMCCCv1.4 specification. Signed-off-by: Bipin Ravi <bipin.ravi@arm.com> Signed-off-by: John Powell <john.powell@arm.com> Change-Id: Ifa6d9c7baa6764924638efe3c70468f98d60ed7c
2022-03-11fix(security): loop workaround for CVE-2022-23960 for Cortex-A76Bipin Ravi
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com> Change-Id: I8d433b39a5c0f9e1cef978df8a2986d7a35d3745
2022-03-11refactor(el3-runtime): change Cortex-A76 implementation of CVE-2018-3639Bipin Ravi
Re-factored the prior implementation of workaround for CVE-2018-3639 using branch and link instruction to save vector space to include the workaround for CVE-2022-23960. Signed-off-by: Bipin Ravi <bipin.ravi@arm.com> Change-Id: Ib3fe949583160429b5de8f0a4a8e623eb91d87d4
2020-12-18Workaround for Cortex A76 erratum 1946160johpow01
Cortex A76 erratum 1946160 is a Cat B erratum, present in some revisions of the A76 processor core. The workaround is to insert a DMB ST before acquire atomic instructions without release semantics. This issue is present in revisions r0p0 - r4p1 but this workaround only applies to revisions r3p0 - r4p1, there is no workaround for older versions. SDEN can be found here: https://documentation-service.arm.com/static/5fbb77d7d77dd807b9a80cc1 Signed-off-by: John Powell <john.powell@arm.com> Change-Id: Ief33779ee76a89ce2649812ae5214b86a139e327
2020-11-12Revert workaround for A76 erratum 1800710johpow01
This errata workaround did not work as intended and was revised in subsequent SDEN releases so we are reverting this change. This is the patch being reverted: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4684 Signed-off-by: John Powell <john.powell@arm.com> Change-Id: I560749a5b55e22fbe49d3f428a8b9545d6bdaaf0
2020-10-03Workaround for Cortex A76 erratum 1868343johpow01
Cortex A76 erratum 1868343 is a Cat B erratum, present in older revisions of the Cortex A76 processor core. The workaround is to set a bit in the CPUACTLR_EL1 system register, which delays instruction fetch after branch misprediction. This workaround will have a small impact on performance. This workaround is the same as workarounds for errata 1262606 and 1275112, so all 3 have been combined into one function call. SDEN can be found here: https://documentation-service.arm.com/static/5f2bed6d60a93e65927bc8e7 Signed-off-by: John Powell <john.powell@arm.com> Change-Id: I7f2f9965f495540a1f84bb7dcc28aff45d6cee5d
2020-08-18lib/cpus: Report AT speculative erratum workaroundManish V Badarkhe
Reported the status (applies, missing) of AT speculative workaround which is applicable for below CPUs. +---------+--------------+ | Errata | CPU | +=========+==============+ | 1165522 | Cortex-A76 | +---------+--------------+ | 1319367 | Cortex-A72 | +---------+--------------+ | 1319537 | Cortex-A57 | +---------+--------------+ | 1530923 | Cortex-A55 | +---------+--------------+ | 1530924 | Cortex-A53 | +---------+--------------+ Also, changes are done to enable common macro 'ERRATA_SPECULATIVE_AT' if AT speculative errata workaround is enabled for any of the above CPUs using 'ERRATA_*' CPU specific build macro. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I3e6a5316a2564071f3920c3ce9ae9a29adbe435b
2020-06-22Workaround for Cortex A76 erratum 1800710johpow01
Cortex A76 erratum 1800710 is a Cat B erratum, present in older revisions of the Cortex A76 processor core. The workaround is to set a bit in the ECTLR_EL1 system register, which disables allocation of splintered pages in the L2 TLB. This errata is explained in this SDEN: https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf Signed-off-by: John Powell <john.powell@arm.com> Change-Id: Ifc34f2e9e053dcee6a108cfb7df7ff7f497c9493
2020-06-22Workaround for Cortex A76 erratum 1791580johpow01
Cortex A76 erratum 1791580 is a Cat B erratum present in earlier revisions of the Cortex A76. The workaround is to set a bit in the implementation defined CPUACTLR2 register, which forces atomic store operations to write-back memory to be performed in the L1 data cache. This errata is explained in this SDEN: https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf Signed-off-by: John Powell <john.powell@arm.com> Change-Id: Iefd58159b3f2e2286138993317b98e57dc361925
2020-01-22Prevent speculative execution past ERETAnthony Steinhauser
Even though ERET always causes a jump to another address, aarch64 CPUs speculatively execute following instructions as if the ERET instruction was not a jump instruction. The speculative execution does not cross privilege-levels (to the jump target as one would expect), but it continues on the kernel privilege level as if the ERET instruction did not change the control flow - thus execution anything that is accidentally linked after the ERET instruction. Later, the results of this speculative execution are always architecturally discarded, however they can leak data using microarchitectural side channels. This speculative execution is very reliable (seems to be unconditional) and it manages to complete even relatively performance-heavy operations (e.g. multiple dependent fetches from uncached memory). This was fixed in Linux, FreeBSD, OpenBSD and Optee OS: https://github.com/torvalds/linux/commit/679db70801da9fda91d26caf13bf5b5ccc74e8e8 https://github.com/freebsd/freebsd/commit/29fb48ace4186a41c409fde52bcf4216e9e50b61 https://github.com/openbsd/src/commit/3a08873ece1cb28ace89fd65e8f3c1375cc98de2 https://github.com/OP-TEE/optee_os/commit/abfd092aa19f9c0251e3d5551e2d68a9ebcfec8a It is demonstrated in a SafeSide example: https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c Signed-off-by: Anthony Steinhauser <asteinhauser@google.com> Change-Id: Iead39b0b9fb4b8d8b5609daaa8be81497ba63a0f
2019-06-04Apply compile-time check for AArch64-only coresJohn Tsichritzis
Some cores support only AArch64 mode. In those cores, only a limited subset of the AArch32 system registers are implemented. Hence, if TF-A is supposed to run on AArch64-only cores, it must be compiled with CTX_INCLUDE_AARCH32_REGS=0. Currently, the default settings for compiling TF-A are with the AArch32 system registers included. So, if we compile TF-A the default way and attempt to run it on an AArch64-only core, we only get a runtime panic. Now a compile-time check has been added to ensure that this flag has the appropriate value when AArch64-only cores are included in the build. Change-Id: I298ec550037fafc9347baafb056926d149197d4c Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
2019-05-07Merge changes from topic "sm/fix_a76_errata" into integrationSoby Mathew
* changes: Workaround for cortex-A76 errata 1286807 Cortex-A76: workarounds for errata 1257314, 1262606, 1262888, 1275112
2019-05-07Workaround for cortex-A76 errata 1286807Soby Mathew
The workaround for Cortex-A76 errata #1286807 is implemented in this patch. Change-Id: I6c15af962ac99ce223e009f6d299cefb41043bed Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2019-05-07Cortex-A76: workarounds for errata 1257314, 1262606, 1262888, 1275112Soby Mathew
The workarounds for errata 1257314, 1262606, 1262888 and 1275112 are added to the Cortex-A76 cpu specific file. The workarounds are disabled by default and have to be explicitly enabled by the platform integrator. Change-Id: I70474927374cb67725f829d159ddde9ac4edc343 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2019-05-03Add compile-time errors for HW_ASSISTED_COHERENCY flagJohn Tsichritzis
This patch fixes this issue: https://github.com/ARM-software/tf-issues/issues/660 The introduced changes are the following: 1) Some cores implement cache coherency maintenance operation on the hardware level. For those cores, such as - but not only - the DynamIQ cores, it is mandatory that TF-A is compiled with the HW_ASSISTED_COHERENCY flag. If not, the core behaviour at runtime is unpredictable. To prevent this, compile time checks have been added and compilation errors are generated, if needed. 2) To enable this change for FVP, a logical separation has been done for the core libraries. A system cannot contain cores of both groups, i.e. cores that manage coherency on hardware and cores that don't do it. As such, depending on the HW_ASSISTED_COHERENCY flag, FVP includes the libraries only of the relevant cores. 3) The neoverse_e1.S file has been added to the FVP sources. Change-Id: I787d15819b2add4ec0d238249e04bf0497dc12f3 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
2019-04-17DSU: Implement workaround for errata 798953Louis Mayencourt
Under certain near idle conditions, DSU may miss response transfers on the ACE master or Peripheral port, leading to deadlock. This workaround disables high-level clock gating of the DSU to prevent this. Change-Id: I820911d61570bacb38dd325b3519bc8d12caa14b Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
2019-03-14Cortex-A76: Optimize CVE_2018_3639 workaroundAmbroise Vincent
Switched from a static check to a runtime assert to make sure a workaround is implemented for CVE_2018_3639. This allows platforms that know they have the SSBS hardware workaround in the CPU to compile out code under DYNAMIC_WORKAROUND_CVE_2018_3639. The gain in memory size without the dynamic workaround is 4KB in bl31. Change-Id: I61bb7d87c59964b0c7faac5d6bc7fc5c4651cbf3 Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
2019-03-14Cortex-A76: fix spellingAmbroise Vincent
Change-Id: I6adf7c14e8a974a7d40d51615b5e69eab1a7436f Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
2019-02-26Add workaround for errata 1073348 for Cortex-A76Louis Mayencourt
Concurrent instruction TLB miss and mispredicted return instruction might fetch wrong instruction stream. Set bit 6 of CPUACTLR_EL1 to prevent this. Change-Id: I2da4f30cd2df3f5e885dd3c4825c557492d1ac58 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
2019-02-26Add workaround for errata 1220197 for Cortex-A76Louis Mayencourt
Streaming store under specific conditions might cause deadlock or data corruption. Set bit 25:24 of CPUECTLR_EL1, which disables write streaming to the L2 to prevent this. Change-Id: Ib5cabb997b35ada78b27e75787afd610ea606dcf Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
2019-02-26Add workaround for errata 1130799 for Cortex-A76Louis Mayencourt
TLBI VAAE1 or TLBI VAALE1 targeting a page within hardware page aggregated address translation data in the L2 TLB might cause corruption of address translation data. Set bit 59 of CPUACTLR2_EL1 to prevent this. Change-Id: I59f3edea54e87d264e0794f5ca2a8c68a636e586 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
2019-01-04Sanitise includes across codebaseAntonio Nino Diaz
Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928d5b7 ("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems: 46f9b2c3a282 ("drivers: add tzc380 support"). This problem was introduced in commit 4ecca33988b9 ("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-12-10AArch64: Use SSBS for CVE_2018_3639 mitigationJeenu Viswambharan
The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass Safe) bit to mitigate against Variant 4 vulnerabilities. Although an Armv8.5 feature, this can be implemented by CPUs implementing earlier version of the architecture. With this patch, when both PSTATE.SSBS is implemented and DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to indicate that mitigation on the PE is either permanently enabled or not required. When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset of every BL stage. This means that EL3 always executes with mitigation applied. For Cortex A76, if the PE implements SSBS, the existing mitigation (by using a different vector table, and tweaking CPU ACTLR2) is not used. Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2018-08-17DSU erratum 936184 workaroundJohn Tsichritzis
If the system is in near idle conditions, this erratum could cause a deadlock or data corruption. This patch applies the workaround that prevents this. This DSU erratum affects only the DSUs that contain the ACP interface and it was fixed in r2p0. The workaround is applied only to the DSUs that are actually affected. Link to respective Arm documentation: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm138168/index.html Change-Id: I033213b3077685130fc1e3f4f79c4d15d7483ec9 Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
2018-07-11Add end_vector_entry assembler macroRoberto Vargas
Check_vector_size checks if the size of the vector fits in the size reserved for it. This check creates problems in the Clang assembler. A new macro, end_vector_entry, is added and check_vector_size is deprecated. This new macro fills the current exception vector until the next exception vector. If the size of the current vector is bigger than 32 instructions then it gives an error. Change-Id: Ie8545cf1003a1e31656a1018dd6b4c28a4eaf671 Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
2018-06-08Implement dynamic mitigation for CVE-2018-3639 on Cortex-A76Dimitris Papastamos
The Cortex-A76 implements SMCCC_ARCH_WORKAROUND_2 as defined in "Firmware interfaces for mitigating cache speculation vulnerabilities System Software on Arm Systems"[0]. Dynamic mitigation for CVE-2018-3639 is enabled/disabled by setting/clearning bit 16 (Disable load pass store) of `CPUACTLR2_EL1`. NOTE: The generic code that implements dynamic mitigation does not currently implement the expected semantics when dispatching an SDEI event to a lower EL. This will be fixed in a separate patch. [0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification Change-Id: I8fb2862b9ab24d55a0e9693e48e8be4df32afb5a Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
2018-06-08Add support for Cortex-Ares and Cortex-A76 CPUsIsla Mitchell
Both Cortex-Ares and Cortex-A76 CPUs use the ARM DynamIQ Shared Unit (DSU). The power-down and power-up sequences are therefore mostly managed in hardware, and required software operations are simple. Change-Id: I3a9447b5bdbdbc5ed845b20f6564d086516fa161 Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>