Use snprintf() in host based unit tests to format log messages
and add host specific wrapper for LongJump() that is decorated
with NORETURN to provide hint to address sanitizer that LongJump()
never returns.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Add GoogleTest and Framework based unit tests that are expected
to fail and be caught by Address Sanitizer. These unit tests
verify that an address sanitizer is enabled and detecting the
following conditions. It also provide examples of the expected
output when an Address Sanitizer detected these types of issues.
* double free
* buffer overflow
* buffer underflow
* null ptr
* invalid address
* divide by zero
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
* Update host based unit test VS20xx builds to use /MTd instead of
/MT to enable use of debug libraries for host based unit tests.
* Enable /fsanitize=address for host based unit test VS2019 builds
* Enable /fsanitize=address for host based unit test VS2022 builds
* Enable -fsanitize=address for host based unit test GCC builds
* Add UNIT_TESTING_ADDRESS_SANITIZER_ENABLE define that is set to
TRUE by default so it is always enabled, but can be set to FALSE
to temporarily disable during development/debug of unit tests.
* Add address sanitizer information to ReadMe.md
Enabling the Address Sanitizer can detect double frees, buffer
overflow, buffer underflow, access to invalid addresses, and
various exceptions. These can be detected in both the unit test
case sources as well as the code under test.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Add Empty_C_File_Host_Application_Build.c to BaseTools/Conf
that is a C source file with only comments that is used to
compile into an OBJ file using CC_FLAGS for a HOST_APPLICATION
module and the OBJ is passed into the VS20xx DLINK action to
provide the context required to select the correct default
windows application libraries.
Update build_rule.template to compile the empty C file and
generate OBJ in the OUTPUT_DIR of the HOST_APPLICATION
component and use the OBJ in the DLINK action.
This simplifies CC_FLAGS and DLINK_FLAGS for all modules
of type HOST_APPLICATION.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Update DSC files to always enable DEBUG_CLEAR_MEMORY() macros
so memory is cleared on every memory allocation/free operation.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Implement FreeUnitTestEntry(), FreeUnitTestSuiteEntry(), and
FreeUnitTestFramework() so the UnitTestLib does not introduce
any memory leaks.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Add use of DEBUG_CLEAR_MEMORY() macros on all allocation and free
operations in MemoryAllocationLibPosix to match behavior of all other
MemoryAllocationLib instances.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Setting PcdSetupConOut* to zero turns on autodetection mode
for rows and cols, so the firmware setup application will use
the use complete available screen space.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set both PcdVideo*Resolution and PcdSetupVideo*Resolution PCDs.
This avoids pointless video mode changes when entering and leaving
the firmware setup application.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set both PcdVideo*Resolution and PcdSetupVideo*Resolution PCDs.
This avoids pointless video mode changes when entering and leaving
the firmware setup application.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set both PcdVideo*Resolution and PcdSetupVideo*Resolution PCDs.
This avoids pointless video mode changes when entering and leaving
the firmware setup application.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set both PcdVideo*Resolution and PcdSetupVideo*Resolution PCDs.
This avoids pointless video mode changes when entering and leaving
the firmware setup application.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This way we have the display configuration in a single place and
need to change one file only to update all build variants.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
On some Arm platforms the boot firmware volume passed in the HOB
by the secure world firmware (TF-A) is never freed and is always
mapped as read-only.
On such platforms the heap memory can be saved by disabling the
shadow copy of the boot firmware volume. This is useful as on
some platforms the amount of memory available is limited.
Therefore, introduce a PCD PcdShadowBfv that platforms
can configure to disable the shadow boot FV. This PCD is set to
TRUE by default.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
When re-entering EDK2 from a high level OS such as Linux, the GICv3 may
be configured to use split priority drop and deactivate (EOImode == 1),
whereas EDK2's GICv3 driver assumes the default setting of EOImode == 0.
So clear the EOImode bit explicitly when taking control of the GIC.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Now that ArmPkg/Drivers/ArmGic no longer carries a combination of
libraries and DXE drivers, rename the directory to the more idiomatic
ArmPkg/Drivers/ArmGicDxe
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Most platforms do not require the flexibility of the ordinary GIC
driver, which supports both GICv2 and GICv3+, and decides at runtime
which version to use.
So expose a GICv3+ version, which only supports a GICv3 or newer.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Most platforms do not require the flexibility of the ordinary GIC
driver, which supports both GICv2 and GICv3+, and decides at runtime
which version to use.
So expose a GICv2 only version, which only supports a GICv2.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Retire all implementations of the ArmGicLib library class, which are no
longer used. For now, retain the library header and library class
declaration: the header file only contains pre-processor defines derived
from the GIC architecture spec, and so this code should probably move
into MdePkg at a later moment.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Move the remaining code in ArmGicLib into ArmGicDxe, its only user, and
drop the dependency on ArmGicLib. Note that ArmGicDxe has an undeclared
dependency on ArmLib, so declare that instead.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
ArmGicArchLib is no longer use so remove all remaining references and
implementations.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
ArmGicArchLib is going away, and preprocessor defines related to the GIC
have been moved into ArmGicLib.h instead.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Before getting rid of ArmGicArchLib entirely, preserve some GIC
architecture related preprocessor defines by moving them into
ArmGicLib.h instead.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Before retiring ArmGicArchLib entirely, convert the existing
implementation in ArmVirtPkg into a NULL class library and inject it
into ArmGicDxe on all ARM virtual platforms. This ensures that the PCDs
describing the GIC are intialized correctly before ArmGicDxe is
dispatched.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
ArmGicArchLib implements a check on the accessibility of the GIC system
register interface, which is a prerequisite for using the GIC in v3
mode. It might be possible to use GICv2 compatibility mode on poorly
configured platforms where the GIC is v3 capable but not accessible, but
in most cases, the GIC is driven in its native mode.
This check is now only carried out in a single place, and there is not
really any reason to keep this in a separate library. Even though
ArmVirtPkg implements its own version, the basic check (and enablement
of the sysreg interface) is still needed.
So move this check into the DXE driver itself, and drop the dependency
on ArmGicArchLib. This allows it to be retired in a subsequent patch.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
ArmGicDxe is the only remaining user of ArmGicLib, and so there is no
need for the abstraction, which is drawn at an arbitrary boundary
anyway. So remove the remaining V2 specific code into the DXE driver.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Move the remaining ArmGicLib code that is shared between the v2 and v3
GIC DXE drivers into ArmGicCommonDxe.c
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Split ArmGicEnableDistributor () into GICv2 and v3 specific versions,
and move them into their single respective callers, so that the original
can be dropped from ArmGicLib altogether.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
ArmGicLib is agnostic about the difference between v2 and v3, but its
APIs are only called from code that is either v2-specific or
v3-specific. That makes the generic interface kind of pointless, and we
can just merge this code into the callers.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
ArmGicEndOfInterrupt () is never used: the v2 and v3 versions of the
driver call respective specific versions directly, and so this API can
be removed.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
ArmGicSendSgiTo () is never used, and is fundamentally tied to multi-CPU
operation which is no longer supported. So drop the implementation.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
The ArmGicLib API exposes ArmGicEnableInterruptInterface () and
ArmGicDisableInterruptInterface (), but only the former is actually
used, and only from the GICv2 driver. So drop the API entirely, and
invoke the v2 version of the underlying interface directly.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Support for GICv2 legacy mode was introduced to accommodate secure world
firmware that was lagging behind in terms of development, and was
running the GIC in v2 mode on the secure side for lack of a GICv3
driver.
As per the GIC architecture, the non-secure world can only run the GIC
in v3 mode if the secure world does so too.
At this point, there is no longer a need to for this fallback: GICv2
support it still needed for platforms such as Raspberry Pi 4 that do not
implement GICv3 at all. But on platforms that do implement it, falling
back to GICv2 is unnecessary.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
STATIC_ASSERT is #define'd to a compiler specific value, based on
built-in macros exposed by those compilers. If none of those are found,
an #error is raised.
This breaks the DTCPP build rule, which relies on the C preprocessor
for header file inclusion and value substitution, but doesn't define any
of the compiler macros we look for.
So drop the error case. If STATIC_ASSERT is used without a definition,
an error will be raised anyway.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
StandaloneMmCpu driver is only used for Arm architecture and
StandaloneMmCoreEntryPointLib for Arm has specific implementation with
StandaloneMmCpu driver.
Move StandaloneMmCpu Driver and StandaloneMmCoreEntryPointLib for Arm
to ArmPkg.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
The default ExtractGuidedSectionLib used by Standalone MM is the
implementation in EmbeddedPkg. However, the ExtractGuidedSectionLib
implementation in EmbeddedPkg builds HOBs to save the extract handler
information.
Since StandaloneMm is consumer of HOB, not a HOB producer, introduce
a StandaloneMmExtraGuidedSectionLib implementation that saves the
extract handler information in the ConfigurationTable.
This StandaloneMmExtraGuidedSectionLib can be used by MM_STANDALONE
and MM_CORE_STANDALONE modules.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
StandaloneMm in Arm is UP-migratable which means StandaloneMm
cannot run concurrently.
Therefore, remove per-cpu feature in StandaloneMm.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Arm has three types of communication buffer
- Non secure communication buffer: shared buffer with NS partition
- Secure communication buffer: shared buffer with Secure partition
- Internal Misc service buffer: For misc service
i.e. for services that do not use MmCommunication protocol,
a buffer is created and populated internally.
Since, internal Misc service buffer is allocated dynamically in
StandaloneMm there is no additional check required for the Misc
service buffer.
This patch move sanity check of communication buffer from
StandaloneMmCpu Driver to StandaloneMmEntryPoint.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
There are 2 communication interfaces between the SPMC and StandaloneMM
1. SpmMM
2. FF-A
When SpmMM is enabled, TF-A acts as the SPMC at EL3 and the stack is setup
by TF-A for use by StandaloneMm. However, when FF-A is enabled, the SPMC
does not setup the stack for StandaloneMm and it is expected that the
StandaloneMm code will setup its own stack.
Therefore, reserve an area in the data region for use as the stack for
StandaloneMM. This stack will be used in both the scenarios described
above, i.e. when either SpmMM or FF-A is enabled.
Although the stack is reserved from the data section which is expected
to be Read-Write enabled, when TF-A maps the StandaloneMM binary into
the DRAM it configures the entire StandaloneMM memory as Read-Only.
Therefore, before the stack can be utilised, the PE Coff sections
need to be scanned to change the the stack region from Read-Only to
Read-Write.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
StandaloneMm Arm uses stack allocated in data section.
This patch adds Pcd which specify the stack size of StandaloneMm.
Signed-off-by: levi.yun <yeoreum.yun@arm.com>
On Arm all requests are handled as Asynchronous events by the Root
MMI handler.
Since the communication data is conveyed using either the NS shared
buffer or the Secure shared buffer, the Arm implementation does not
setup the mCommunicationBuffer. Therefore, the mCommunicationBuffer
being NULL is not an error case.
Moreover, the existing code switches to Asynchronous event processing
when the mCommunicationBuffer is NULL, which means that the log is an
info log rather than an error.
Therefore, change the log level from ERROR to INFO when the
mCommunicationBuffer is NULL.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
To support the service other than Mmcommunication service,
StandaloneMm should use FF-A v1.2 or later [0].
For this, StandaloneMm needs to change:
1. apply FF-A boot protocol
- FF-A uses its own boot protocol and it can deliver phit hob.
So, StandaloneMm should understand FF-A boot protocol and
get phit hob from it to initialize.
2. Use DIRECT_REQ2 / DIRECT_RESP2
- To support the other service via FF-A protocol
than MmCommunication,
StandaloneMm should use DIRECT_REQ2 / DIRECT_RESP2.
In case of service provided with MmCommunication protocol,
register x2/x3 value is set as gEfiMmCommunication2ProtocolGuid and
register x4 value is set with MmCommunication Buffer
(ServiceTypeMmCommunication).
In case of service with each speicifiation via FF-A,
register x2/x3 value is set as each service guid
and StandaloneMmCoreEntryPoint genreates Mm communication header
with passed arguments to dispatch this service
provided by StandaloneMm.
i.e) Tpm service, Firmware update service and etc.
(ServiceTypeMisc)
Link: https://developer.arm.com/documentation/den0077/latest/ [0]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Michael D Kinney
Gerd Hoffmann
Levi Yun
Ard Biesheuvel