1 /*
2 * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * Redistributions of source code must retain the above copyright notice, this
8 * list of conditions and the following disclaimer.
9 *
10 * Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * Neither the name of ARM nor the names of its contributors may be used
15 * to endorse or promote products derived from this software without specific
16 * prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 #include <arch.h>
32 #include <arch_helpers.h>
33 #include <assert.h>
34 #include <bl_common.h>
35 #include <bl31.h>
36 #include <context.h>
37 #include <context_mgmt.h>
38 #include <cpu_data.h>
39 #include <interrupt_mgmt.h>
40 #include <platform.h>
41 #include <platform_def.h>
42 #include <runtime_svc.h>
43 #include <string.h>
44
45
46 /*******************************************************************************
47 * Context management library initialisation routine. This library is used by
48 * runtime services to share pointers to 'cpu_context' structures for the secure
49 * and non-secure states. Management of the structures and their associated
50 * memory is not done by the context management library e.g. the PSCI service
51 * manages the cpu context used for entry from and exit to the non-secure state.
52 * The Secure payload dispatcher service manages the context(s) corresponding to
53 * the secure state. It also uses this library to get access to the non-secure
54 * state cpu context pointers.
55 * Lastly, this library provides the api to make SP_EL3 point to the cpu context
56 * which will used for programming an entry into a lower EL. The same context
57 * will used to save state upon exception entry from that EL.
58 ******************************************************************************/
cm_init(void)59 void cm_init(void)
60 {
61 /*
62 * The context management library has only global data to intialize, but
63 * that will be done when the BSS is zeroed out
64 */
65 }
66
67 /*******************************************************************************
68 * This function returns a pointer to the most recent 'cpu_context' structure
69 * for the CPU identified by MPIDR that was set as the context for the specified
70 * security state. NULL is returned if no such structure has been specified.
71 ******************************************************************************/
cm_get_context_by_mpidr(uint64_t mpidr,uint32_t security_state)72 void *cm_get_context_by_mpidr(uint64_t mpidr, uint32_t security_state)
73 {
74 assert(sec_state_is_valid(security_state));
75
76 return get_cpu_data_by_mpidr(mpidr, cpu_context[security_state]);
77 }
78
79 /*******************************************************************************
80 * This function sets the pointer to the current 'cpu_context' structure for the
81 * specified security state for the CPU identified by MPIDR
82 ******************************************************************************/
cm_set_context_by_mpidr(uint64_t mpidr,void * context,uint32_t security_state)83 void cm_set_context_by_mpidr(uint64_t mpidr, void *context, uint32_t security_state)
84 {
85 assert(sec_state_is_valid(security_state));
86
87 set_cpu_data_by_mpidr(mpidr, cpu_context[security_state], context);
88 }
89
90 /*******************************************************************************
91 * This function is used to program the context that's used for exception
92 * return. This initializes the SP_EL3 to a pointer to a 'cpu_context' set for
93 * the required security state
94 ******************************************************************************/
cm_set_next_context(void * context)95 static inline void cm_set_next_context(void *context)
96 {
97 #if DEBUG
98 uint64_t sp_mode;
99
100 /*
101 * Check that this function is called with SP_EL0 as the stack
102 * pointer
103 */
104 __asm__ volatile("mrs %0, SPSel\n"
105 : "=r" (sp_mode));
106
107 assert(sp_mode == MODE_SP_EL0);
108 #endif
109
110 __asm__ volatile("msr spsel, #1\n"
111 "mov sp, %0\n"
112 "msr spsel, #0\n"
113 : : "r" (context));
114 }
115
116 /*******************************************************************************
117 * The following function initializes a cpu_context for the current CPU for
118 * first use, and sets the initial entrypoint state as specified by the
119 * entry_point_info structure.
120 *
121 * The security state to initialize is determined by the SECURE attribute
122 * of the entry_point_info. The function returns a pointer to the initialized
123 * context and sets this as the next context to return to.
124 *
125 * The EE and ST attributes are used to configure the endianess and secure
126 * timer availability for the new excution context.
127 *
128 * To prepare the register state for entry call cm_prepare_el3_exit() and
129 * el3_exit(). For Secure-EL1 cm_prepare_el3_exit() is equivalent to
130 * cm_e1_sysreg_context_restore().
131 ******************************************************************************/
cm_init_context(uint64_t mpidr,const entry_point_info_t * ep)132 void cm_init_context(uint64_t mpidr, const entry_point_info_t *ep)
133 {
134 uint32_t security_state;
135 cpu_context_t *ctx;
136 uint32_t scr_el3;
137 el3_state_t *state;
138 gp_regs_t *gp_regs;
139 unsigned long sctlr_elx;
140
141 security_state = GET_SECURITY_STATE(ep->h.attr);
142 ctx = cm_get_context_by_mpidr(mpidr, security_state);
143 assert(ctx);
144
145 /* Clear any residual register values from the context */
146 memset(ctx, 0, sizeof(*ctx));
147
148 /*
149 * Base the context SCR on the current value, adjust for entry point
150 * specific requirements and set trap bits from the IMF
151 * TODO: provide the base/global SCR bits using another mechanism?
152 */
153 scr_el3 = read_scr();
154 scr_el3 &= ~(SCR_NS_BIT | SCR_RW_BIT | SCR_FIQ_BIT | SCR_IRQ_BIT |
155 SCR_ST_BIT | SCR_HCE_BIT);
156
157 if (security_state != SECURE)
158 scr_el3 |= SCR_NS_BIT;
159
160 if (GET_RW(ep->spsr) == MODE_RW_64)
161 scr_el3 |= SCR_RW_BIT;
162
163 if (EP_GET_ST(ep->h.attr))
164 scr_el3 |= SCR_ST_BIT;
165
166 scr_el3 |= get_scr_el3_from_routing_model(security_state);
167
168 /*
169 * Set up SCTLR_ELx for the target exception level:
170 * EE bit is taken from the entrpoint attributes
171 * M, C and I bits must be zero (as required by PSCI specification)
172 *
173 * The target exception level is based on the spsr mode requested.
174 * If execution is requested to EL2 or hyp mode, HVC is enabled
175 * via SCR_EL3.HCE.
176 *
177 * Always compute the SCTLR_EL1 value and save in the cpu_context
178 * - the EL2 registers are set up by cm_preapre_ns_entry() as they
179 * are not part of the stored cpu_context
180 *
181 * TODO: In debug builds the spsr should be validated and checked
182 * against the CPU support, security state, endianess and pc
183 */
184 sctlr_elx = EP_GET_EE(ep->h.attr) ? SCTLR_EE_BIT : 0;
185 if (GET_RW(ep->spsr) == MODE_RW_64)
186 sctlr_elx |= SCTLR_EL1_RES1;
187 else
188 sctlr_elx |= SCTLR_AARCH32_EL1_RES1;
189 write_ctx_reg(get_sysregs_ctx(ctx), CTX_SCTLR_EL1, sctlr_elx);
190
191 if ((GET_RW(ep->spsr) == MODE_RW_64
192 && GET_EL(ep->spsr) == MODE_EL2)
193 || (GET_RW(ep->spsr) != MODE_RW_64
194 && GET_M32(ep->spsr) == MODE32_hyp)) {
195 scr_el3 |= SCR_HCE_BIT;
196 }
197
198 /* Populate EL3 state so that we've the right context before doing ERET */
199 state = get_el3state_ctx(ctx);
200 write_ctx_reg(state, CTX_SCR_EL3, scr_el3);
201 write_ctx_reg(state, CTX_ELR_EL3, ep->pc);
202 write_ctx_reg(state, CTX_SPSR_EL3, ep->spsr);
203
204 /*
205 * Store the X0-X7 value from the entrypoint into the context
206 * Use memcpy as we are in control of the layout of the structures
207 */
208 gp_regs = get_gpregs_ctx(ctx);
209 memcpy(gp_regs, (void *)&ep->args, sizeof(aapcs64_params_t));
210 }
211
212 /*******************************************************************************
213 * Prepare the CPU system registers for first entry into secure or normal world
214 *
215 * If execution is requested to EL2 or hyp mode, SCTLR_EL2 is initialized
216 * If execution is requested to non-secure EL1 or svc mode, and the CPU supports
217 * EL2 then EL2 is disabled by configuring all necessary EL2 registers.
218 * For all entries, the EL1 registers are initialized from the cpu_context
219 ******************************************************************************/
cm_prepare_el3_exit(uint32_t security_state)220 void cm_prepare_el3_exit(uint32_t security_state)
221 {
222 uint32_t sctlr_elx, scr_el3, cptr_el2;
223 cpu_context_t *ctx = cm_get_context(security_state);
224
225 assert(ctx);
226
227 if (security_state == NON_SECURE) {
228 scr_el3 = read_ctx_reg(get_el3state_ctx(ctx), CTX_SCR_EL3);
229 if (scr_el3 & SCR_HCE_BIT) {
230 /* Use SCTLR_EL1.EE value to initialise sctlr_el2 */
231 sctlr_elx = read_ctx_reg(get_sysregs_ctx(ctx),
232 CTX_SCTLR_EL1);
233 sctlr_elx &= ~SCTLR_EE_BIT;
234 sctlr_elx |= SCTLR_EL2_RES1;
235 write_sctlr_el2(sctlr_elx);
236 } else if (read_id_aa64pfr0_el1() &
237 (ID_AA64PFR0_ELX_MASK << ID_AA64PFR0_EL2_SHIFT)) {
238 /* EL2 present but unused, need to disable safely */
239
240 /* HCR_EL2 = 0, except RW bit set to match SCR_EL3 */
241 write_hcr_el2((scr_el3 & SCR_RW_BIT) ? HCR_RW_BIT : 0);
242
243 /* SCTLR_EL2 : can be ignored when bypassing */
244
245 /* CPTR_EL2 : disable all traps TCPAC, TTA, TFP */
246 cptr_el2 = read_cptr_el2();
247 cptr_el2 &= ~(TCPAC_BIT | TTA_BIT | TFP_BIT);
248 write_cptr_el2(cptr_el2);
249
250 /* Enable EL1 access to timer */
251 write_cnthctl_el2(EL1PCEN_BIT | EL1PCTEN_BIT);
252
253 /* Reset CNTVOFF_EL2 */
254 write_cntvoff_el2(0);
255
256 /* Set VPIDR, VMPIDR to match MIDR, MPIDR */
257 write_vpidr_el2(read_midr_el1());
258 write_vmpidr_el2(read_mpidr_el1());
259 }
260 }
261
262 el1_sysregs_context_restore(get_sysregs_ctx(ctx));
263
264 cm_set_next_context(ctx);
265 }
266
267 /*******************************************************************************
268 * The next four functions are used by runtime services to save and restore
269 * EL1 context on the 'cpu_context' structure for the specified security
270 * state.
271 ******************************************************************************/
cm_el1_sysregs_context_save(uint32_t security_state)272 void cm_el1_sysregs_context_save(uint32_t security_state)
273 {
274 cpu_context_t *ctx;
275
276 ctx = cm_get_context(security_state);
277 assert(ctx);
278
279 el1_sysregs_context_save(get_sysregs_ctx(ctx));
280 }
281
cm_el1_sysregs_context_restore(uint32_t security_state)282 void cm_el1_sysregs_context_restore(uint32_t security_state)
283 {
284 cpu_context_t *ctx;
285
286 ctx = cm_get_context(security_state);
287 assert(ctx);
288
289 el1_sysregs_context_restore(get_sysregs_ctx(ctx));
290 }
291
292 /*******************************************************************************
293 * This function populates ELR_EL3 member of 'cpu_context' pertaining to the
294 * given security state with the given entrypoint
295 ******************************************************************************/
cm_set_elr_el3(uint32_t security_state,uint64_t entrypoint)296 void cm_set_elr_el3(uint32_t security_state, uint64_t entrypoint)
297 {
298 cpu_context_t *ctx;
299 el3_state_t *state;
300
301 ctx = cm_get_context(security_state);
302 assert(ctx);
303
304 /* Populate EL3 state so that ERET jumps to the correct entry */
305 state = get_el3state_ctx(ctx);
306 write_ctx_reg(state, CTX_ELR_EL3, entrypoint);
307 }
308
309 /*******************************************************************************
310 * This function populates ELR_EL3 and SPSR_EL3 members of 'cpu_context'
311 * pertaining to the given security state
312 ******************************************************************************/
cm_set_elr_spsr_el3(uint32_t security_state,uint64_t entrypoint,uint32_t spsr)313 void cm_set_elr_spsr_el3(uint32_t security_state,
314 uint64_t entrypoint, uint32_t spsr)
315 {
316 cpu_context_t *ctx;
317 el3_state_t *state;
318
319 ctx = cm_get_context(security_state);
320 assert(ctx);
321
322 /* Populate EL3 state so that ERET jumps to the correct entry */
323 state = get_el3state_ctx(ctx);
324 write_ctx_reg(state, CTX_ELR_EL3, entrypoint);
325 write_ctx_reg(state, CTX_SPSR_EL3, spsr);
326 }
327
328 /*******************************************************************************
329 * This function updates a single bit in the SCR_EL3 member of the 'cpu_context'
330 * pertaining to the given security state using the value and bit position
331 * specified in the parameters. It preserves all other bits.
332 ******************************************************************************/
cm_write_scr_el3_bit(uint32_t security_state,uint32_t bit_pos,uint32_t value)333 void cm_write_scr_el3_bit(uint32_t security_state,
334 uint32_t bit_pos,
335 uint32_t value)
336 {
337 cpu_context_t *ctx;
338 el3_state_t *state;
339 uint32_t scr_el3;
340
341 ctx = cm_get_context(security_state);
342 assert(ctx);
343
344 /* Ensure that the bit position is a valid one */
345 assert((1 << bit_pos) & SCR_VALID_BIT_MASK);
346
347 /* Ensure that the 'value' is only a bit wide */
348 assert(value <= 1);
349
350 /*
351 * Get the SCR_EL3 value from the cpu context, clear the desired bit
352 * and set it to its new value.
353 */
354 state = get_el3state_ctx(ctx);
355 scr_el3 = read_ctx_reg(state, CTX_SCR_EL3);
356 scr_el3 &= ~(1 << bit_pos);
357 scr_el3 |= value << bit_pos;
358 write_ctx_reg(state, CTX_SCR_EL3, scr_el3);
359 }
360
361 /*******************************************************************************
362 * This function retrieves SCR_EL3 member of 'cpu_context' pertaining to the
363 * given security state.
364 ******************************************************************************/
cm_get_scr_el3(uint32_t security_state)365 uint32_t cm_get_scr_el3(uint32_t security_state)
366 {
367 cpu_context_t *ctx;
368 el3_state_t *state;
369
370 ctx = cm_get_context(security_state);
371 assert(ctx);
372
373 /* Populate EL3 state so that ERET jumps to the correct entry */
374 state = get_el3state_ctx(ctx);
375 return read_ctx_reg(state, CTX_SCR_EL3);
376 }
377
378 /*******************************************************************************
379 * This function is used to program the context that's used for exception
380 * return. This initializes the SP_EL3 to a pointer to a 'cpu_context' set for
381 * the required security state
382 ******************************************************************************/
cm_set_next_eret_context(uint32_t security_state)383 void cm_set_next_eret_context(uint32_t security_state)
384 {
385 cpu_context_t *ctx;
386
387 ctx = cm_get_context(security_state);
388 assert(ctx);
389
390 cm_set_next_context(ctx);
391 }
392