2013-07-29 11:52:18 +02:00
|
|
|
/** @file
|
|
|
|
|
Processor or Compiler specific defines and types for AArch64.
|
|
|
|
|
|
2018-02-23 10:50:00 +01:00
|
|
|
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
|
2013-07-29 11:52:18 +02:00
|
|
|
Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
|
|
|
|
|
Portions copyright (c) 2011 - 2013, ARM Ltd. All rights reserved.<BR>
|
|
|
|
|
|
2019-04-04 01:06:00 +02:00
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
2013-07-29 11:52:18 +02:00
|
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
|
|
#ifndef __PROCESSOR_BIND_H__
|
|
|
|
|
#define __PROCESSOR_BIND_H__
|
|
|
|
|
|
|
|
|
|
///
|
|
|
|
|
/// Define the processor type so other code can make processor based choices
|
|
|
|
|
///
|
|
|
|
|
#define MDE_CPU_AARCH64
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Make sure we are using the correct packing rules per EFI specification
|
|
|
|
|
//
|
2017-12-06 17:57:55 +01:00
|
|
|
#if !defined(__GNUC__) && !defined(__ASSEMBLER__)
|
2013-07-29 11:52:18 +02:00
|
|
|
#pragma pack()
|
|
|
|
|
#endif
|
|
|
|
|
|
2018-02-23 10:50:00 +01:00
|
|
|
#if defined(_MSC_EXTENSIONS)
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Disable some level 4 compilation warnings (same as IA32 and X64)
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Disabling bitfield type checking warnings.
|
|
|
|
|
//
|
|
|
|
|
#pragma warning ( disable : 4214 )
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Disabling the unreferenced formal parameter warnings.
|
|
|
|
|
//
|
|
|
|
|
#pragma warning ( disable : 4100 )
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Disable slightly different base types warning as CHAR8 * can not be set
|
|
|
|
|
// to a constant string.
|
|
|
|
|
//
|
|
|
|
|
#pragma warning ( disable : 4057 )
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// ASSERT(FALSE) or while (TRUE) are legal constructs so suppress this warning
|
|
|
|
|
//
|
|
|
|
|
#pragma warning ( disable : 4127 )
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// This warning is caused by functions defined but not used. For precompiled header only.
|
|
|
|
|
//
|
|
|
|
|
#pragma warning ( disable : 4505 )
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// This warning is caused by empty (after preprocessing) source file. For precompiled header only.
|
|
|
|
|
//
|
|
|
|
|
#pragma warning ( disable : 4206 )
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Disable 'potentially uninitialized local variable X used' warnings
|
|
|
|
|
//
|
|
|
|
|
#pragma warning ( disable : 4701 )
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Disable 'potentially uninitialized local pointer variable X used' warnings
|
|
|
|
|
//
|
|
|
|
|
#pragma warning ( disable : 4703 )
|
|
|
|
|
|
2013-07-29 11:52:18 +02:00
|
|
|
//
|
2016-09-12 10:35:39 +02:00
|
|
|
// use Microsoft* C compiler dependent integer width types
|
2013-07-29 11:52:18 +02:00
|
|
|
//
|
|
|
|
|
typedef unsigned __int64 UINT64;
|
|
|
|
|
typedef __int64 INT64;
|
|
|
|
|
typedef unsigned __int32 UINT32;
|
|
|
|
|
typedef __int32 INT32;
|
|
|
|
|
typedef unsigned short UINT16;
|
|
|
|
|
typedef unsigned short CHAR16;
|
|
|
|
|
typedef short INT16;
|
|
|
|
|
typedef unsigned char BOOLEAN;
|
|
|
|
|
typedef unsigned char UINT8;
|
|
|
|
|
typedef char CHAR8;
|
2013-08-29 11:00:13 +02:00
|
|
|
typedef signed char INT8;
|
2018-02-23 10:50:00 +01:00
|
|
|
|
2013-07-29 11:52:18 +02:00
|
|
|
#else
|
2018-02-23 10:50:00 +01:00
|
|
|
|
2013-07-29 11:52:18 +02:00
|
|
|
//
|
|
|
|
|
// Assume standard AARCH64 alignment.
|
2013-08-29 11:00:13 +02:00
|
|
|
//
|
2013-07-29 11:52:18 +02:00
|
|
|
typedef unsigned long long UINT64;
|
|
|
|
|
typedef long long INT64;
|
|
|
|
|
typedef unsigned int UINT32;
|
|
|
|
|
typedef int INT32;
|
|
|
|
|
typedef unsigned short UINT16;
|
|
|
|
|
typedef unsigned short CHAR16;
|
|
|
|
|
typedef short INT16;
|
|
|
|
|
typedef unsigned char BOOLEAN;
|
|
|
|
|
typedef unsigned char UINT8;
|
|
|
|
|
typedef char CHAR8;
|
2013-08-29 11:00:13 +02:00
|
|
|
typedef signed char INT8;
|
2018-02-23 10:50:00 +01:00
|
|
|
|
2013-07-29 11:52:18 +02:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
///
|
|
|
|
|
/// Unsigned value of native width. (4 bytes on supported 32-bit processor instructions,
|
|
|
|
|
/// 8 bytes on supported 64-bit processor instructions)
|
|
|
|
|
///
|
|
|
|
|
typedef UINT64 UINTN;
|
|
|
|
|
|
|
|
|
|
///
|
|
|
|
|
/// Signed value of native width. (4 bytes on supported 32-bit processor instructions,
|
|
|
|
|
/// 8 bytes on supported 64-bit processor instructions)
|
|
|
|
|
///
|
|
|
|
|
typedef INT64 INTN;
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Processor specific defines
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
///
|
|
|
|
|
/// A value of native width with the highest bit set.
|
|
|
|
|
///
|
2013-08-29 11:00:13 +02:00
|
|
|
#define MAX_BIT 0x8000000000000000ULL
|
2013-07-29 11:52:18 +02:00
|
|
|
|
|
|
|
|
///
|
|
|
|
|
/// A value of native width with the two highest bits set.
|
|
|
|
|
///
|
2013-08-29 11:00:13 +02:00
|
|
|
#define MAX_2_BITS 0xC000000000000000ULL
|
2013-07-29 11:52:18 +02:00
|
|
|
|
|
|
|
|
///
|
Revert "MdePkg/ProcessorBind.h AARCH64: limit MAX_ADDRESS to 48 bits"
This reverts commit 82379bf6603274e81604d5a6f6bb14bdde616286.
On AArch64, we can only use 48 address bits while running in UEFI,
while the GCD and UEFI memory maps may describe up to 52 bits of
physical address space. For this reason, MAX_ADDRESS was reduced
to 48 bits, to ensure that the firmware does not inadvertently
attempt to allocate memory that we cannot access.
However, MAX_ADDRESS is used in runtime drivers as well, and
runtime drivers may deal with kernel virtual addresses, which have
bits [63:48] set. In fact, the OS may be running with 64 KB pages
and pass addresses into the runtime services that use up to 52
bits of address space, either with the top bits set or cleared,
even if the physical address space does not extend beyond 48 bits.
In summary, changing MAX_ADDRESS is a mistake, and needs to be
reverted.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2018-12-06 22:10:36 +01:00
|
|
|
/// Maximum legal AARCH64 address
|
2013-07-29 11:52:18 +02:00
|
|
|
///
|
Revert "MdePkg/ProcessorBind.h AARCH64: limit MAX_ADDRESS to 48 bits"
This reverts commit 82379bf6603274e81604d5a6f6bb14bdde616286.
On AArch64, we can only use 48 address bits while running in UEFI,
while the GCD and UEFI memory maps may describe up to 52 bits of
physical address space. For this reason, MAX_ADDRESS was reduced
to 48 bits, to ensure that the firmware does not inadvertently
attempt to allocate memory that we cannot access.
However, MAX_ADDRESS is used in runtime drivers as well, and
runtime drivers may deal with kernel virtual addresses, which have
bits [63:48] set. In fact, the OS may be running with 64 KB pages
and pass addresses into the runtime services that use up to 52
bits of address space, either with the top bits set or cleared,
even if the physical address space does not extend beyond 48 bits.
In summary, changing MAX_ADDRESS is a mistake, and needs to be
reverted.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2018-12-06 22:10:36 +01:00
|
|
|
#define MAX_ADDRESS 0xFFFFFFFFFFFFFFFFULL
|
2013-08-29 11:00:13 +02:00
|
|
|
|
2018-12-07 11:27:32 +01:00
|
|
|
///
|
|
|
|
|
/// Maximum usable address at boot time (48 bits using 4 KB pages)
|
|
|
|
|
///
|
|
|
|
|
#define MAX_ALLOC_ADDRESS 0xFFFFFFFFFFFFULL
|
|
|
|
|
|
2013-08-29 11:00:13 +02:00
|
|
|
///
|
|
|
|
|
/// Maximum legal AArch64 INTN and UINTN values.
|
|
|
|
|
///
|
|
|
|
|
#define MAX_INTN ((INTN)0x7FFFFFFFFFFFFFFFULL)
|
|
|
|
|
#define MAX_UINTN ((UINTN)0xFFFFFFFFFFFFFFFFULL)
|
2013-07-29 11:52:18 +02:00
|
|
|
|
MdePkg/BaseSafeIntLib: Add SafeIntLib class and instance
https://bugzilla.tianocore.org/show_bug.cgi?id=798
SafeIntLib provides helper functions to prevent integer overflow
during type conversion, addition, subtraction, and multiplication.
Conversion Functions
====================
* Converting from a signed type to an unsigned type of the same
size, or vice-versa.
* Converting to a smaller type that could possibly overflow.
* Converting from a signed type to a larger unsigned type.
Unsigned Addition, Subtraction, Multiplication
===============================================
* Unsigned integer math functions protect from overflow and
underflow (in case of subtraction).
Signed Addition, Subtraction, Multiplication
============================================
* Strongly consider using unsigned numbers.
* Signed numbers are often used where unsigned numbers should
be used. For example file sizes and array indices should always
be unsigned. Subtracting a larger positive signed number from a
smaller positive signed number with SafeInt32Sub() will succeed,
producing a negative number, that then must not be used as an
array index (but can occasionally be used as a pointer index.)
Similarly for adding a larger magnitude negative number to a
smaller magnitude positive number.
* SafeIntLib does not protect you from such errors. It tells you
if your integer operations overflowed, not if you are doing the
right thing with your non-overflowed integers.
* Likewise you can overflow a buffer with a non-overflowed
unsigned index.
Based on content from the following branch/commits:
https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport
https://github.com/Microsoft/MS_UEFI/commit/21ef3a321c907b40fa93797619c9f6c686dd92e0
https://github.com/Microsoft/MS_UEFI/commit/ca516b1a61315c2d823f453e12d2135098f53d61
https://github.com/Microsoft/MS_UEFI/commit/33bab4031a417d7d5a7d356c15a14c2e60302b2d
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-04-25 01:37:20 +02:00
|
|
|
///
|
|
|
|
|
/// Minimum legal AArch64 INTN value.
|
|
|
|
|
///
|
|
|
|
|
#define MIN_INTN (((INTN)-9223372036854775807LL) - 1)
|
|
|
|
|
|
2013-07-29 11:52:18 +02:00
|
|
|
///
|
|
|
|
|
/// The stack alignment required for AARCH64
|
|
|
|
|
///
|
|
|
|
|
#define CPU_STACK_ALIGNMENT 16
|
|
|
|
|
|
2017-03-03 16:11:31 +01:00
|
|
|
///
|
|
|
|
|
/// Page allocation granularity for AARCH64
|
|
|
|
|
///
|
|
|
|
|
#define DEFAULT_PAGE_ALLOCATION_GRANULARITY (0x1000)
|
|
|
|
|
#define RUNTIME_PAGE_ALLOCATION_GRANULARITY (0x10000)
|
|
|
|
|
|
2013-07-29 11:52:18 +02:00
|
|
|
//
|
|
|
|
|
// Modifier to ensure that all protocol member functions and EFI intrinsics
|
|
|
|
|
// use the correct C calling convention. All protocol member functions and
|
|
|
|
|
// EFI intrinsics are required to modify their member functions with EFIAPI.
|
|
|
|
|
//
|
|
|
|
|
#define EFIAPI
|
|
|
|
|
|
2014-10-31 15:05:09 +01:00
|
|
|
// When compiling with Clang, we still use GNU as for the assembler, so we still
|
|
|
|
|
// need to define the GCC_ASM* macros.
|
|
|
|
|
#if defined(__GNUC__) || defined(__clang__)
|
2013-07-29 11:52:18 +02:00
|
|
|
///
|
|
|
|
|
/// For GNU assembly code, .global or .globl can declare global symbols.
|
|
|
|
|
/// Define this macro to unify the usage.
|
|
|
|
|
///
|
|
|
|
|
#define ASM_GLOBAL .globl
|
|
|
|
|
|
|
|
|
|
#define GCC_ASM_EXPORT(func__) \
|
|
|
|
|
.global _CONCATENATE (__USER_LABEL_PREFIX__, func__) ;\
|
|
|
|
|
.type ASM_PFX(func__), %function
|
|
|
|
|
|
|
|
|
|
#define GCC_ASM_IMPORT(func__) \
|
|
|
|
|
.extern _CONCATENATE (__USER_LABEL_PREFIX__, func__)
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
Return the pointer to the first instruction of a function given a function pointer.
|
|
|
|
|
On ARM CPU architectures, these two pointer values are the same,
|
|
|
|
|
so the implementation of this macro is very simple.
|
|
|
|
|
|
|
|
|
|
@param FunctionPointer A pointer to a function.
|
|
|
|
|
|
|
|
|
|
@return The pointer to the first instruction of a function given a function pointer.
|
|
|
|
|
|
|
|
|
|
**/
|
|
|
|
|
#define FUNCTION_ENTRY_POINT(FunctionPointer) (VOID *)(UINTN)(FunctionPointer)
|
|
|
|
|
|
2014-09-01 19:23:10 +02:00
|
|
|
#ifndef __USER_LABEL_PREFIX__
|
|
|
|
|
#define __USER_LABEL_PREFIX__
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-07-29 11:52:18 +02:00
|
|
|
#endif
|
