diff options
author | Paul Beesley <paul.beesley@arm.com> | 2019-08-23 11:26:57 +0000 |
---|---|---|
committer | TrustedFirmware Code Review <review@review.trustedfirmware.org> | 2019-08-23 11:26:57 +0000 |
commit | 30560911ddd08880f8a2c8142ce8c69975976adc (patch) | |
tree | 62907e026519c717e5a8476d79aa3da47bda15ef /lib | |
parent | 44e8d5ebc36950943d70f3517d7756e210fc42ab (diff) | |
parent | e290a8fcbc836d51566da1607add8a320d0f1a20 (diff) |
Merge "AArch64: Disable Secure Cycle Counter" into integration
Diffstat (limited to 'lib')
-rw-r--r-- | lib/el3_runtime/aarch64/context.S | 65 | ||||
-rw-r--r-- | lib/el3_runtime/aarch64/context_mgmt.c | 70 |
2 files changed, 96 insertions, 39 deletions
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S index e6ab19bc..53dc02e6 100644 --- a/lib/el3_runtime/aarch64/context.S +++ b/lib/el3_runtime/aarch64/context.S @@ -24,9 +24,45 @@ .global save_gp_registers .global restore_gp_registers .global restore_gp_registers_eret + .global save_pmcr_disable_pmu .global el3_exit /* ----------------------------------------------------- + * If ARMv8.5-PMU is implemented, cycle counting is + * disabled by seting MDCR_EL3.SCCD to 1. + * ----------------------------------------------------- + */ +func save_pmcr_disable_pmu + /* ----------------------------------------------------- + * Check if earlier initialization MDCR_EL3.SCCD to 1 + * failed, meaning that ARMv8-PMU is not implemented and + * PMCR_EL0 should be saved in non-secure context. + * ----------------------------------------------------- + */ + mrs x9, mdcr_el3 + tst x9, #MDCR_SCCD_BIT + bne 1f + + /* Secure Cycle Counter is not disabled */ + mrs x9, pmcr_el0 + + /* Check caller's security state */ + mrs x10, scr_el3 + tst x10, #SCR_NS_BIT + beq 2f + + /* Save PMCR_EL0 if called from Non-secure state */ + str x9, [sp, #CTX_EL3STATE_OFFSET + CTX_PMCR_EL0] + + /* Disable cycle counter when event counting is prohibited */ +2: orr x9, x9, #PMCR_EL0_DP_BIT + msr pmcr_el0, x9 + + isb +1: ret +endfunc save_pmcr_disable_pmu + +/* ----------------------------------------------------- * The following function strictly follows the AArch64 * PCS to use x9-x17 (temporary caller-saved registers) * to save EL1 system register context. It assumes that @@ -80,9 +116,6 @@ func el1_sysregs_context_save mrs x9, vbar_el1 stp x17, x9, [x0, #CTX_CONTEXTIDR_EL1] - mrs x10, pmcr_el0 - str x10, [x0, #CTX_PMCR_EL0] - /* Save AArch32 system registers if the build has instructed so */ #if CTX_INCLUDE_AARCH32_REGS mrs x11, spsr_abt @@ -169,9 +202,6 @@ func el1_sysregs_context_restore msr contextidr_el1, x17 msr vbar_el1, x9 - ldr x10, [x0, #CTX_PMCR_EL0] - msr pmcr_el0, x10 - /* Restore AArch32 system registers if the build has instructed so */ #if CTX_INCLUDE_AARCH32_REGS ldp x11, x12, [x0, #CTX_SPSR_ABT] @@ -503,6 +533,29 @@ func el3_exit msr spsr_el3, x16 msr elr_el3, x17 + /* ----------------------------------------------------- + * Restore PMCR_EL0 when returning to Non-secure state + * if Secure Cycle Counter is not disabled in MDCR_EL3 + * when ARMv8.5-PMU is implemented + * ----------------------------------------------------- + */ + tst x18, #SCR_NS_BIT + beq 2f + + /* ----------------------------------------------------- + * Back to Non-secure state. + * Check if earlier initialization MDCR_EL3.SCCD to 1 + * failed, meaning that ARMv8-PMU is not implemented and + * PMCR_EL0 should be restored from non-secure context. + * ----------------------------------------------------- + */ + mrs x17, mdcr_el3 + tst x17, #MDCR_SCCD_BIT + bne 2f + ldr x17, [sp, #CTX_EL3STATE_OFFSET + CTX_PMCR_EL0] + msr pmcr_el0, x17 +2: + #if IMAGE_BL31 && DYNAMIC_WORKAROUND_CVE_2018_3639 /* Restore mitigation state as it was on entry to EL3 */ ldr x17, [sp, #CTX_CVE_2018_3639_OFFSET + CTX_CVE_2018_3639_DISABLE] diff --git a/lib/el3_runtime/aarch64/context_mgmt.c b/lib/el3_runtime/aarch64/context_mgmt.c index 05ba5ed6..bd5b3aa6 100644 --- a/lib/el3_runtime/aarch64/context_mgmt.c +++ b/lib/el3_runtime/aarch64/context_mgmt.c @@ -66,7 +66,7 @@ void __init cm_init(void) void cm_setup_context(cpu_context_t *ctx, const entry_point_info_t *ep) { unsigned int security_state; - uint32_t scr_el3, pmcr_el0; + uint32_t scr_el3; el3_state_t *state; gp_regs_t *gp_regs; unsigned long sctlr_elx, actlr_elx; @@ -225,31 +225,10 @@ void cm_setup_context(cpu_context_t *ctx, const entry_point_info_t *ep) actlr_elx = read_actlr_el1(); write_ctx_reg((get_sysregs_ctx(ctx)), (CTX_ACTLR_EL1), (actlr_elx)); - if (security_state == SECURE) { - /* - * Initialise PMCR_EL0 for secure context only, setting all - * fields rather than relying on hw. Some fields are - * architecturally UNKNOWN on reset. - * - * PMCR_EL0.LC: Set to one so that cycle counter overflow, that - * is recorded in PMOVSCLR_EL0[31], occurs on the increment - * that changes PMCCNTR_EL0[63] from 1 to 0. - * - * PMCR_EL0.DP: Set to one so that the cycle counter, - * PMCCNTR_EL0 does not count when event counting is prohibited. - * - * PMCR_EL0.X: Set to zero to disable export of events. - * - * PMCR_EL0.D: Set to zero so that, when enabled, PMCCNTR_EL0 - * counts on every clock cycle. - */ - pmcr_el0 = ((PMCR_EL0_RESET_VAL | PMCR_EL0_LC_BIT - | PMCR_EL0_DP_BIT) - & ~(PMCR_EL0_X_BIT | PMCR_EL0_D_BIT)); - write_ctx_reg(get_sysregs_ctx(ctx), CTX_PMCR_EL0, pmcr_el0); - } - - /* Populate EL3 state so that we've the right context before doing ERET */ + /* + * Populate EL3 state so that we've the right context + * before doing ERET + */ state = get_el3state_ctx(ctx); write_ctx_reg(state, CTX_SCR_EL3, scr_el3); write_ctx_reg(state, CTX_ELR_EL3, ep->pc); @@ -441,6 +420,29 @@ void cm_prepare_el3_exit(uint32_t security_state) * relying on hw. Some fields are architecturally * UNKNOWN on reset. * + * MDCR_EL2.HLP: Set to one so that event counter + * overflow, that is recorded in PMOVSCLR_EL0[0-30], + * occurs on the increment that changes + * PMEVCNTR<n>_EL0[63] from 1 to 0, when ARMv8.5-PMU is + * implemented. This bit is RES0 in versions of the + * architecture earlier than ARMv8.5, setting it to 1 + * doesn't have any effect on them. + * + * MDCR_EL2.TTRF: Set to zero so that access to Trace + * Filter Control register TRFCR_EL1 at EL1 is not + * trapped to EL2. This bit is RES0 in versions of + * the architecture earlier than ARMv8.4. + * + * MDCR_EL2.HPMD: Set to one so that event counting is + * prohibited at EL2. This bit is RES0 in versions of + * the architecture earlier than ARMv8.1, setting it + * to 1 doesn't have any effect on them. + * + * MDCR_EL2.TPMS: Set to zero so that accesses to + * Statistical Profiling control registers from EL1 + * do not trap to EL2. This bit is RES0 when SPE is + * not implemented. + * * MDCR_EL2.TDRA: Set to zero so that Non-secure EL0 and * EL1 System register accesses to the Debug ROM * registers are not trapped to EL2. @@ -469,13 +471,15 @@ void cm_prepare_el3_exit(uint32_t security_state) * MDCR_EL2.HPMN: Set to value of PMCR_EL0.N which is the * architecturally-defined reset value. */ - mdcr_el2 = ((MDCR_EL2_RESET_VAL | - ((read_pmcr_el0() & PMCR_EL0_N_BITS) - >> PMCR_EL0_N_SHIFT)) & - ~(MDCR_EL2_TDRA_BIT | MDCR_EL2_TDOSA_BIT - | MDCR_EL2_TDA_BIT | MDCR_EL2_TDE_BIT - | MDCR_EL2_HPME_BIT | MDCR_EL2_TPM_BIT - | MDCR_EL2_TPMCR_BIT)); + mdcr_el2 = ((MDCR_EL2_RESET_VAL | MDCR_EL2_HLP | + MDCR_EL2_HPMD) | + ((read_pmcr_el0() & PMCR_EL0_N_BITS) + >> PMCR_EL0_N_SHIFT)) & + ~(MDCR_EL2_TTRF | MDCR_EL2_TPMS | + MDCR_EL2_TDRA_BIT | MDCR_EL2_TDOSA_BIT | + MDCR_EL2_TDA_BIT | MDCR_EL2_TDE_BIT | + MDCR_EL2_HPME_BIT | MDCR_EL2_TPM_BIT | + MDCR_EL2_TPMCR_BIT); write_mdcr_el2(mdcr_el2); |