diff options
| author | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-06 21:04:10 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-06 21:04:10 +0000 |
| commit | cabe6937f2c9d0a50e4631c0545bddd650233ae8 (patch) | |
| tree | 76d9e0cabe45c1ed6d9ea87a5deb9c75c4345653 /bl32 | |
| parent | fb75a334a971078f2f231280ca87837aef5a2000 (diff) | |
| parent | 1d4a3be615bde2ff311fece1ab3225cb0a0cb65d (diff) | |
| download | platform_external_arm-trusted-firmware-android11-qpr1-c-release.tar.gz platform_external_arm-trusted-firmware-android11-qpr1-c-release.tar.bz2 platform_external_arm-trusted-firmware-android11-qpr1-c-release.zip | |
Merge '5f62213e684dbea03b5a2bb732405a03ccc1a815' into master am: 5dfd96a0b3 am: 780068d4ee am: 1d4a3be615android-mainline-11.0.0_r9android-mainline-11.0.0_r8android-mainline-11.0.0_r7android-mainline-11.0.0_r6android-mainline-11.0.0_r5android-mainline-11.0.0_r44android-mainline-11.0.0_r43android-mainline-11.0.0_r42android-mainline-11.0.0_r41android-mainline-11.0.0_r40android-mainline-11.0.0_r4android-mainline-11.0.0_r39android-mainline-11.0.0_r38android-mainline-11.0.0_r37android-mainline-11.0.0_r36android-mainline-11.0.0_r35android-mainline-11.0.0_r34android-mainline-11.0.0_r33android-mainline-11.0.0_r32android-mainline-11.0.0_r31android-mainline-11.0.0_r30android-mainline-11.0.0_r3android-mainline-11.0.0_r29android-mainline-11.0.0_r28android-mainline-11.0.0_r27android-mainline-11.0.0_r26android-mainline-11.0.0_r25android-mainline-11.0.0_r24android-mainline-11.0.0_r23android-mainline-11.0.0_r22android-mainline-11.0.0_r21android-mainline-11.0.0_r20android-mainline-11.0.0_r2android-mainline-11.0.0_r19android-mainline-11.0.0_r18android-mainline-11.0.0_r17android-mainline-11.0.0_r16android-mainline-11.0.0_r15android-mainline-11.0.0_r14android-mainline-11.0.0_r13android-mainline-11.0.0_r12android-mainline-11.0.0_r10android-mainline-11.0.0_r1android-11.0.0_r45android-11.0.0_r44android-11.0.0_r43android-11.0.0_r42android-11.0.0_r41android-11.0.0_r40android-11.0.0_r39android-11.0.0_r38android-11.0.0_r37android-11.0.0_r36android-11.0.0_r35android-11.0.0_r34android-11.0.0_r33android-11.0.0_r32android-11.0.0_r31android-11.0.0_r30android-11.0.0_r29android-11.0.0_r28android-11.0.0_r27android-11.0.0_r26android-11.0.0_r24android-11.0.0_r23android-11.0.0_r22android-11.0.0_r21android-11.0.0_r20android-11.0.0_r19android-11.0.0_r18android-11.0.0_r16android11-qpr3-s1-releaseandroid11-qpr3-releaseandroid11-qpr2-releaseandroid11-qpr1-s2-releaseandroid11-qpr1-s1-releaseandroid11-qpr1-releaseandroid11-qpr1-d-s1-releaseandroid11-qpr1-d-releaseandroid11-qpr1-c-releaseandroid11-mainline-tethering-releaseandroid11-mainline-sparse-2021-jan-releaseandroid11-mainline-sparse-2020-dec-releaseandroid11-mainline-releaseandroid11-mainline-permission-releaseandroid11-mainline-os-statsd-releaseandroid11-mainline-networkstack-releaseandroid11-mainline-media-swcodec-releaseandroid11-mainline-media-releaseandroid11-mainline-extservices-releaseandroid11-mainline-documentsui-releaseandroid11-mainline-conscrypt-releaseandroid11-mainline-cellbroadcast-releaseandroid11-mainline-captiveportallogin-releaseandroid11-devandroid11-d2-releaseandroid11-d1-b-release
Change-Id: Ia911040759d199f8c1ec0b51abd4fa556a6b8b40
Diffstat (limited to 'bl32')
| -rw-r--r-- | bl32/sp_min/aarch32/entrypoint.S | 88 | ||||
| -rw-r--r-- | bl32/sp_min/sp_min.ld.S | 8 | ||||
| -rw-r--r-- | bl32/sp_min/sp_min_main.c | 7 | ||||
| -rw-r--r-- | bl32/tsp/aarch64/tsp_entrypoint.S | 46 | ||||
| -rw-r--r-- | bl32/tsp/aarch64/tsp_exceptions.S | 4 | ||||
| -rw-r--r-- | bl32/tsp/tsp.ld.S | 40 | ||||
| -rw-r--r-- | bl32/tsp/tsp_main.c | 28 |
7 files changed, 177 insertions, 44 deletions
diff --git a/bl32/sp_min/aarch32/entrypoint.S b/bl32/sp_min/aarch32/entrypoint.S index 2ffef6a2e..f3a1e440b 100644 --- a/bl32/sp_min/aarch32/entrypoint.S +++ b/bl32/sp_min/aarch32/entrypoint.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -10,6 +10,9 @@ #include <common/runtime_svc.h> #include <context.h> #include <el3_common_macros.S> +#include <lib/el3_runtime/cpu_data.h> +#include <lib/pmf/aarch32/pmf_asm_macros.S> +#include <lib/runtime_instr.h> #include <lib/xlat_tables/xlat_tables_defs.h> #include <smccc_helpers.h> #include <smccc_macros.S> @@ -164,6 +167,20 @@ func sp_min_handle_smc /* On SMC entry, `sp` points to `smc_ctx_t`. Save `lr`. */ str lr, [sp, #SMC_CTX_LR_MON] +#if ENABLE_RUNTIME_INSTRUMENTATION + /* + * Read the timestamp value and store it on top of the C runtime stack. + * The value will be saved to the per-cpu data once the C stack is + * available, as a valid stack is needed to call _cpu_data() + */ + strd r0, r1, [sp, #SMC_CTX_GPREG_R0] + ldcopr16 r0, r1, CNTPCT_64 + ldr lr, [sp, #SMC_CTX_SP_MON] + strd r0, r1, [lr, #-8]! + str lr, [sp, #SMC_CTX_SP_MON] + ldrd r0, r1, [sp, #SMC_CTX_GPREG_R0] +#endif + smccc_save_gp_mode_regs clrex_on_monitor_entry @@ -175,6 +192,23 @@ func sp_min_handle_smc mov r2, sp /* handle */ ldr sp, [r2, #SMC_CTX_SP_MON] +#if ENABLE_RUNTIME_INSTRUMENTATION + /* Save handle to a callee saved register */ + mov r6, r2 + + /* + * Restore the timestamp value and store it in per-cpu data. The value + * will be extracted from per-cpu data by the C level SMC handler and + * saved to the PMF timestamp region. + */ + ldrd r4, r5, [sp], #8 + bl _cpu_data + strd r4, r5, [r0, #CPU_DATA_PMF_TS0_OFFSET] + + /* Restore handle */ + mov r2, r6 +#endif + ldr r0, [r2, #SMC_CTX_SCR] and r3, r0, #SCR_NS_BIT /* flags */ @@ -183,15 +217,6 @@ func sp_min_handle_smc stcopr r0, SCR isb - /* - * Set PMCR.DP to 1 to prohibit cycle counting whilst in Secure Mode. - * Also, the PMCR.LC field has an architecturally UNKNOWN value on reset - * and so set to 1 as ARM has deprecated use of PMCR.LC=0. - */ - ldcopr r0, PMCR - orr r0, r0, #(PMCR_LC_BIT | PMCR_DP_BIT) - stcopr r0, PMCR - ldr r0, [r2, #SMC_CTX_GPREG_R0] /* smc_fid */ /* Check whether an SMC64 is issued */ tst r0, #(FUNCID_CC_MASK << FUNCID_CC_SHIFT) @@ -236,15 +261,6 @@ func sp_min_handle_fiq stcopr r0, SCR isb - /* - * Set PMCR.DP to 1 to prohibit cycle counting whilst in Secure Mode. - * Also, the PMCR.LC field has an architecturally UNKNOWN value on reset - * and so set to 1 as ARM has deprecated use of PMCR.LC=0. - */ - ldcopr r0, PMCR - orr r0, r0, #(PMCR_LC_BIT | PMCR_DP_BIT) - stcopr r0, PMCR - push {r2, r3} bl sp_min_fiq pop {r0, r3} @@ -257,6 +273,16 @@ endfunc sp_min_handle_fiq * The Warm boot entrypoint for SP_MIN. */ func sp_min_warm_entrypoint +#if ENABLE_RUNTIME_INSTRUMENTATION + /* + * This timestamp update happens with cache off. The next + * timestamp collection will need to do cache maintenance prior + * to timestamp update. + */ + pmf_calc_timestamp_addr rt_instr_svc, RT_INSTR_EXIT_HW_LOW_PWR + ldcopr16 r2, r3, CNTPCT_64 + strd r2, r3, [r0] +#endif /* * On the warm boot path, most of the EL3 initialisations performed by * 'el3_entrypoint_common' must be skipped: @@ -313,6 +339,30 @@ func sp_min_warm_entrypoint bl smc_get_next_ctx /* r0 points to `smc_ctx_t` */ /* The PSCI cpu_context registers have been copied to `smc_ctx_t` */ + +#if ENABLE_RUNTIME_INSTRUMENTATION + /* Save smc_ctx_t */ + mov r5, r0 + + pmf_calc_timestamp_addr rt_instr_svc, RT_INSTR_EXIT_PSCI + mov r4, r0 + + /* + * Invalidate before updating timestamp to ensure previous timestamp + * updates on the same cache line with caches disabled are properly + * seen by the same core. Without the cache invalidate, the core might + * write into a stale cache line. + */ + mov r1, #PMF_TS_SIZE + bl inv_dcache_range + + ldcopr16 r0, r1, CNTPCT_64 + strd r0, r1, [r4] + + /* Restore smc_ctx_t */ + mov r0, r5 +#endif + b sp_min_exit endfunc sp_min_warm_entrypoint diff --git a/bl32/sp_min/sp_min.ld.S b/bl32/sp_min/sp_min.ld.S index 4559903bf..6997a7fdb 100644 --- a/bl32/sp_min/sp_min.ld.S +++ b/bl32/sp_min/sp_min.ld.S @@ -55,6 +55,14 @@ SECTIONS KEEP(*(rt_svc_descs)) __RT_SVC_DESCS_END__ = .; +#if ENABLE_PMF + /* Ensure 4-byte alignment for descriptors and ensure inclusion */ + . = ALIGN(4); + __PMF_SVC_DESCS_START__ = .; + KEEP(*(pmf_svc_descs)) + __PMF_SVC_DESCS_END__ = .; +#endif /* ENABLE_PMF */ + /* * Ensure 4-byte alignment for cpu_ops so that its fields are also * aligned. Also ensure cpu_ops inclusion. diff --git a/bl32/sp_min/sp_min_main.c b/bl32/sp_min/sp_min_main.c index f39e33b6b..f050160f3 100644 --- a/bl32/sp_min/sp_min_main.c +++ b/bl32/sp_min/sp_min_main.c @@ -19,7 +19,9 @@ #include <context.h> #include <drivers/console.h> #include <lib/el3_runtime/context_mgmt.h> +#include <lib/pmf/pmf.h> #include <lib/psci/psci.h> +#include <lib/runtime_instr.h> #include <lib/utils.h> #include <plat/common/platform.h> #include <platform_sp_min.h> @@ -28,6 +30,11 @@ #include "sp_min_private.h" +#if ENABLE_RUNTIME_INSTRUMENTATION +PMF_REGISTER_SERVICE_SMC(rt_instr_svc, PMF_RT_INSTR_SVC_ID, + RT_INSTR_TOTAL_IDS, PMF_STORE_ENABLE) +#endif + /* Pointers to per-core cpu contexts */ static void *sp_min_cpu_ctx_ptr[PLATFORM_CORE_COUNT]; diff --git a/bl32/tsp/aarch64/tsp_entrypoint.S b/bl32/tsp/aarch64/tsp_entrypoint.S index fd6b0fbcb..ebc5c2c3d 100644 --- a/bl32/tsp/aarch64/tsp_entrypoint.S +++ b/bl32/tsp/aarch64/tsp_entrypoint.S @@ -1,9 +1,11 @@ /* - * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ +#include <platform_def.h> + #include <arch.h> #include <asm_macros.S> #include <bl32/tsp/tsp.h> @@ -46,6 +48,24 @@ func tsp_entrypoint _align=3 +#if ENABLE_PIE + /* + * ------------------------------------------------------------ + * If PIE is enabled fixup the Global descriptor Table only + * once during primary core cold boot path. + * + * Compile time base address, required for fixup, is calculated + * using "pie_fixup" label present within first page. + * ------------------------------------------------------------ + */ + pie_fixup: + ldr x0, =pie_fixup + and x0, x0, #~(PAGE_SIZE - 1) + mov_imm x1, (BL32_LIMIT - BL32_BASE) + add x1, x1, x0 + bl fixup_gdt_reloc +#endif /* ENABLE_PIE */ + /* --------------------------------------------- * Set the exception vector to something sane. * --------------------------------------------- @@ -129,22 +149,13 @@ func tsp_entrypoint _align=3 */ bl tsp_setup - /* --------------------------------------------- - * Enable pointer authentication - * --------------------------------------------- - */ #if ENABLE_PAUTH - mrs x0, sctlr_el1 - orr x0, x0, #SCTLR_EnIA_BIT -#if ENABLE_BTI /* --------------------------------------------- - * Enable PAC branch type compatibility + * Program APIAKey_EL1 + * and enable pointer authentication * --------------------------------------------- */ - bic x0, x0, #(SCTLR_BT0_BIT | SCTLR_BT1_BIT) -#endif /* ENABLE_BTI */ - msr sctlr_el1, x0 - isb + bl pauth_init_enable_el1 #endif /* ENABLE_PAUTH */ /* --------------------------------------------- @@ -271,6 +282,15 @@ func tsp_cpu_on_entry mov x0, #0 bl bl32_plat_enable_mmu +#if ENABLE_PAUTH + /* --------------------------------------------- + * Program APIAKey_EL1 + * and enable pointer authentication + * --------------------------------------------- + */ + bl pauth_init_enable_el1 +#endif /* ENABLE_PAUTH */ + /* --------------------------------------------- * Enter C runtime to perform any remaining * book keeping diff --git a/bl32/tsp/aarch64/tsp_exceptions.S b/bl32/tsp/aarch64/tsp_exceptions.S index ad4b64887..4c6a56a59 100644 --- a/bl32/tsp/aarch64/tsp_exceptions.S +++ b/bl32/tsp/aarch64/tsp_exceptions.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -64,7 +64,7 @@ smc #0 interrupt_exit_\label: restore_caller_regs_and_lr - eret + exception_return .endm .globl tsp_exceptions diff --git a/bl32/tsp/tsp.ld.S b/bl32/tsp/tsp.ld.S index e9a1df168..592e24557 100644 --- a/bl32/tsp/tsp.ld.S +++ b/bl32/tsp/tsp.ld.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -36,6 +36,17 @@ SECTIONS .rodata . : { __RODATA_START__ = .; *(.rodata*) + + /* + * Keep the .got section in the RO section as it is patched + * prior to enabling the MMU and having the .got in RO is better for + * security. GOT is a table of addresses so ensure 8-byte alignment. + */ + . = ALIGN(8); + __GOT_START__ = .; + *(.got) + __GOT_END__ = .; + . = ALIGN(PAGE_SIZE); __RODATA_END__ = .; } >RAM @@ -45,7 +56,19 @@ SECTIONS *tsp_entrypoint.o(.text*) *(.text*) *(.rodata*) + + /* + * Keep the .got section in the RO section as it is patched + * prior to enabling the MMU and having the .got in RO is better for + * security. GOT is a table of addresses so ensure 8-byte alignment. + */ + . = ALIGN(8); + __GOT_START__ = .; + *(.got) + __GOT_END__ = .; + *(.vectors) + __RO_END_UNALIGNED__ = .; /* * Memory page(s) mapped to this section will be marked as @@ -69,6 +92,17 @@ SECTIONS __DATA_END__ = .; } >RAM + /* + * .rela.dyn needs to come after .data for the read-elf utility to parse + * this section correctly. Ensure 8-byte alignment so that the fields of + * RELA data structure are aligned. + */ + . = ALIGN(8); + __RELA_START__ = .; + .rela.dyn . : { + } >RAM + __RELA_END__ = .; + #ifdef TSP_PROGBITS_LIMIT ASSERT(. <= TSP_PROGBITS_LIMIT, "TSP progbits has exceeded its limit.") #endif @@ -129,6 +163,10 @@ SECTIONS __RW_END__ = .; __BL32_END__ = .; + /DISCARD/ : { + *(.dynsym .dynstr .hash .gnu.hash) + } + __BSS_SIZE__ = SIZEOF(.bss); #if USE_COHERENT_MEM __COHERENT_RAM_UNALIGNED_SIZE__ = diff --git a/bl32/tsp/tsp_main.c b/bl32/tsp/tsp_main.c index 30bf6ffc8..e1d961cc6 100644 --- a/bl32/tsp/tsp_main.c +++ b/bl32/tsp/tsp_main.c @@ -4,14 +4,16 @@ * SPDX-License-Identifier: BSD-3-Clause */ -#include <platform_def.h> +#include <assert.h> +#include <arch_features.h> #include <arch_helpers.h> #include <bl32/tsp/tsp.h> #include <common/bl_common.h> #include <common/debug.h> #include <lib/spinlock.h> #include <plat/common/platform.h> +#include <platform_def.h> #include <platform_tsp.h> #include "tsp_private.h" @@ -79,16 +81,16 @@ void tsp_setup(void) /* Perform early platform-specific setup */ tsp_early_platform_setup(); - /* - * Update pointer authentication key before the MMU is enabled. It is - * saved in the rodata section, that can be writen before enabling the - * MMU. This function must be called after the console is initialized - * in the early platform setup. - */ - bl_handle_pauth(); - /* Perform late platform-specific setup */ tsp_plat_arch_setup(); + +#if ENABLE_PAUTH + /* + * Assert that the ARMv8.3-PAuth registers are present or an access + * fault will be triggered when they are being saved or restored. + */ + assert(is_armv8_3_pauth_present()); +#endif /* ENABLE_PAUTH */ } /******************************************************************************* @@ -386,6 +388,14 @@ tsp_args_t *tsp_smc_handler(uint64_t func, */ tsp_get_magic(service_args); +#if CTX_INCLUDE_MTE_REGS + /* + * Write a dummy value to an MTE register, to simulate usage in the + * secure world + */ + write_gcr_el1(0x99); +#endif + /* Determine the function to perform based on the function ID */ switch (TSP_BARE_FID(func)) { case TSP_ADD: |