aboutsummaryrefslogtreecommitdiff
path: root/plat/arm
diff options
context:
space:
mode:
authorDavid Horstmann <david.horstmann@arm.com>2020-10-14 15:17:49 +0100
committerDavid Horstmann <david.horstmann@arm.com>2020-10-28 17:58:49 +0000
commit3ed5606bd1156e61241b57cb2dcceb90f75f6332 (patch)
tree6a81a6b7d549bcbc75cc1b78119046d2f46d75b9 /plat/arm
parent7ad39818b184850d263008e7d36ba16adf72a669 (diff)
downloadtrusted-firmware-a-3ed5606bd1156e61241b57cb2dcceb90f75f6332.tar.gz
Use constant stack size with RECLAIM_INIT_CODE
Currently, when RECLAIM_INIT_CODE is set, the stacks are scaled to ensure that the entirety of the init section can be reclaimed as stack. This causes an issue in lib/psci/aarch64/psci_helpers.S, where the stack size is used for cache operations in psci_do_pwrdown_cache_maintenance(). If the stacks are scaled, then the PSCI code may fail to invalidate some of the stack memory before power down. Resizing stacks is also not good for stability in general, since code that works with a small number of cores may overflow the stack when the number of cores is increased. Change to make every stack be PLATFORM_STACK_SIZE big, and allow the total stack to be smaller than the init section. Any pages of the init section not reclaimed as stack will be set to read-only and execute-never, for security. Change-Id: I10b3884981006431f2fcbec3864c81d4a8c246e8 Signed-off-by: David Horstmann <david.horstmann@arm.com>
Diffstat (limited to 'plat/arm')
-rw-r--r--plat/arm/common/arm_bl31_setup.c34
1 files changed, 31 insertions, 3 deletions
diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c
index fc238b1d8c..81ef6e7b26 100644
--- a/plat/arm/common/arm_bl31_setup.c
+++ b/plat/arm/common/arm_bl31_setup.c
@@ -47,9 +47,12 @@ CASSERT(BL31_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl31_base_overflows);
#if RECLAIM_INIT_CODE
IMPORT_SYM(unsigned long, __INIT_CODE_START__, BL_INIT_CODE_BASE);
IMPORT_SYM(unsigned long, __INIT_CODE_END__, BL_CODE_END_UNALIGNED);
+IMPORT_SYM(unsigned long, __STACKS_END__, BL_STACKS_END_UNALIGNED);
#define BL_INIT_CODE_END ((BL_CODE_END_UNALIGNED + PAGE_SIZE - 1) & \
~(PAGE_SIZE - 1))
+#define BL_STACKS_END ((BL_STACKS_END_UNALIGNED + PAGE_SIZE - 1) & \
+ ~(PAGE_SIZE - 1))
#define MAP_BL_INIT_CODE MAP_REGION_FLAT( \
BL_INIT_CODE_BASE, \
@@ -291,14 +294,39 @@ void arm_bl31_plat_runtime_setup(void)
#if RECLAIM_INIT_CODE
/*
- * Zero out and make RW memory used to store image boot time code so it can
- * be reclaimed during runtime
+ * Make memory for image boot time code RW to reclaim it as stack for the
+ * secondary cores, or RO where it cannot be reclaimed:
+ *
+ * |-------- INIT SECTION --------|
+ * -----------------------------------------
+ * | CORE 0 | CORE 1 | CORE 2 | EXTRA |
+ * | STACK | STACK | STACK | SPACE |
+ * -----------------------------------------
+ * <-------------------> <------>
+ * MAKE RW AND XN MAKE
+ * FOR STACKS RO AND XN
*/
void arm_free_init_memory(void)
{
- int ret = xlat_change_mem_attributes(BL_INIT_CODE_BASE,
+ int ret = 0;
+
+ if (BL_STACKS_END < BL_INIT_CODE_END) {
+ /* Reclaim some of the init section as stack if possible. */
+ if (BL_INIT_CODE_BASE < BL_STACKS_END) {
+ ret |= xlat_change_mem_attributes(BL_INIT_CODE_BASE,
+ BL_STACKS_END - BL_INIT_CODE_BASE,
+ MT_RW_DATA);
+ }
+ /* Make the rest of the init section read-only. */
+ ret |= xlat_change_mem_attributes(BL_STACKS_END,
+ BL_INIT_CODE_END - BL_STACKS_END,
+ MT_RO_DATA);
+ } else {
+ /* The stacks cover the init section, so reclaim it all. */
+ ret |= xlat_change_mem_attributes(BL_INIT_CODE_BASE,
BL_INIT_CODE_END - BL_INIT_CODE_BASE,
MT_RW_DATA);
+ }
if (ret != 0) {
ERROR("Could not reclaim initialization code");