This patch fixes the following Ecc reported error:
There should be no initialization of a variable as
part of its declaration
Fixing this error implies extracting the CpsrChar
array from CpsrString and making it a static variable.
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
This patch fixes the following Ecc reported error:
There should be no initialization of a variable as
part of its declaration
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
This patch fixes the following Ecc reported error:
There should be no initialization of a variable as
part of its declaration
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
This patch fixes the following Ecc reported error:
There should be no initialization of a variable as
part of its declaration
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
This patch fixes the following Ecc reported error:
There should be no initialization of a variable as
part of its declaration
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
This patch fixes the following Ecc reported error:
There should be no initialization of a variable as
part of its declaration
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
This patch fixes the following Ecc reported error:
There should be no initialization of a variable as
part of its declaration
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
This patch fixes the following Ecc reported error:
There should be no initialization of a variable as
part of its declaration
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
This patch fixes the following Ecc reported error:
There should be no initialization of a variable as
part of its declaration
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
This patch fixes the following Ecc reported error:
The body of a function should be contained by open
and close braces that must be in the first column
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
This patch fixes the following Ecc reported error:
Non-Boolean comparisons should use a compare operator
(==, !=, >, < >=, <=)
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
This patch fixes the following Ecc reported error:
Non-Boolean comparisons should use a compare operator
(==, !=, >, < >=, <=)
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
This patch fixes the following Ecc reported error:
Non-Boolean comparisons should use a compare operator
(==, !=, >, < >=, <=)
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
This patch fixes the following Ecc reported error:
Non-Boolean comparisons should use a compare operator
(==, !=, >, < >=, <=)
Brackets are also added to comply to with the coding
standard.
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
The header of the file is not formatted properly, making
the Ecc tool crash when running on the ArmPkg.
The following command was run:
./BaseTools/BinWrappers/PosixLike/Ecc
-c BaseTools/Source/Python/Ecc/config.ini
-e BaseTools/Source/Python/Ecc/exception.xml
-t ArmPkg -r ArmPkgEcc.xls
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
ArmReadIdPfr0 () and ArmReadIdPfr1 () are now used only inside ArmLib.
Remove the prototypes from the public header to discourage new id
register accessor additions, and direct id register access in general.
Move them into local header Arm/ArmV7Lib.h.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
ArmReadIdPfr0 is now used only inside ArmLib. Rename the AArch64
variant ArmReadIdAA64Pfr0 and add a declaration of that only into
local header AArch64/AArch64Lib.h.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
The AArch64 version of ArmReadIdPfr1 is not used by any code in tree,
or in edk2-platforms. Delete it.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Create a helper function to eliminate direct feature register reading.
Returns BOOLEAN True if the CPU implements the Security extensions,
otherwise returns BOOL False.
This function is only implemented for ARM, not AArch64.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
The ID register access was the only difference between them, so
after switching to the ArmHasGicSystemRegisters () helper, there
is no longer any need to have separate ARM/AArch64 source files
for ArmGicArchSecLib, so unify them and drop the subdirectories.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
The ID register access was the only difference between them, so
after switching to the ArmHasGicSystemRegisters () helper, there
is no longer any need to have separate ARM/AArch64 source files
for ArmGicArchLib, so unify them and drop the subdirectories.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Create a helper function to eliminate direct feature register reading,
which gets messy in code shared between ARM/AArch64.
Returns BOOLEAN True if the CPU implements the GIC System Register
Interface (any version), otherwise returns BOOL False.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
As shift = (OpCode >> 5) & 0x3, shift will never be larger than 0x3,
so the comparison between shift and 0x12 will always be false. The right
shift type of ASR is 0x2.
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Wenyi Xie <xiewenyi2@huawei.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
The function ArmReplaceLiveTranslationEntry () is passed as a VOID
pointer to WriteBackDataCacheRange (). This produces the following
warning on VS2019:
warning C4152: nonstandard extension, function/data pointer
conversion in expression
This change explicitly casts the argument to the formal parameter
type VOID*.
This can be reproduced with the following build command:
build -b DEBUG -a AARCH64 -t VS2019 -p ArmPkg/ArmPkg.dsc
-m ArmPkg/Library/ArmMmuLib/ArmMmuPeiLib.inf
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2835
There's several occurrences of a UINT64 or an EFI_PHYSICAL_ADDRESS
being assigned to a UINT32 value in ArmMmuLib. These result in
warning C4244 in VS2019:
warning C4244: '=': conversion from 'UINT64' to 'UINT32', possible
loss of data
warning C4244: '=': conversion from 'EFI_PHYSICAL_ADDRESS' to
'UINT32', possible loss of data
This change explicitly casts the values to UINT32.
These can be reproduced with the following build command:
build -b DEBUG -a ARM -t VS2019 -p ArmPkg/ArmPkg.dsc
-m ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
While building with the following command line:
build -b DEBUG -a AARCH64 -t VS2017 -p MdeModulePkg\MdeModulePkg.dsc
A missing cast triggers the following warning, then triggering an error:
ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c(652):
warning C4152: nonstandard extension, function/data pointer
conversion in expression
This patch first casts the function pointer to (UINTN), then to (VOID *),
followowing the C99 standard s6.3.2.3 "Pointer", paragraphs 5 and 6.
This suppresses the warning.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
One of the side effects of the recent changes to PlatformBootManagerLib
changes to avoid connecting all devices on every boot is that we no
longer default to network boot on a virgin boot, but end up in the
UiApp menu. At this point, the UiApp will instantiate the autogenerated
boot options that we used to rely on as before, but since we are already
sitting idle in the root UiApp menu at that point, it does break the
unattended boot case where devices are expected to attempt a network
boot on the very first power on.
Let's work around this by refreshing all boot options explicitly in
the UnableToBoot() handler, and rebooting the system if doing so
resulted in a change to the total number of configured boot options.
This way, we ultimately end up in the UiApp as before if no boot
options could be started, but only after all the autogenerated ones
have been attempted as well.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Andrei Warkentin <awarkentin@vmware.com>
The exception library is also used in DxeMain before memory services
are available, and AllocatePages() will fail in this case and cause
sp_el0 remains 0. Then if any exception occurs before CpuDxe driver is
loaded, a recursive exception will be trigged by page translation
fault for sp = 0 - 0x130.
Use static buffer instead to fix this issue.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
In order to avoid boot delays from devices such as network controllers
that may not even be involved in booting at all, drop the call to
EfiBootManagerConnectAll () from the boot path. It will be called by
UiApp, so when going through the menu, all devices will be connected
as usual, but for the default boot, it is really not necessary so
let's get rid of this.
Enumerating all possible boot options and creating Boot#### variables
for them is equally unnecessary in the default case, and also happens
automatically in UiApp, so drop that as well.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Without ConnectAll() being called on the boot path, the UEFI shell will
be entered with no block devices or anything else connected, and so for
the novice user, this is not a very accommodating environment. Now that
we have made the UiApp the last resort on boot failure, and made the
UEFI Shell accessible directly via the 's' hotkey if you really need
it, let's hide it as an ordinary boot option.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
As a last resort, drop into the UiApp application when no active boot
options could be started. Doing so will connect all devices, and so
it will allow the user to enter the Boot Manager submenu and pick a
network or removable disk option.
Note that this only occurs if even the default removable filepath
could not be booted (e.g., \EFI\BOOT\BOOTAA64.EFI on AArch64)
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
In preparation of hiding the UEFI Shell boot option as an ordinary
boot option, make sure we can invoke it directly using the 's'
hotkey. Without ConnectAll() having been called, this results in
a shell that may have no block devices or other things connected,
so don't advertise the 's' in the console string that is printed
at boot - for novice users, we will go through the UiApp which
connects everything first. For advanced use, having the ability
to invoke the UEFI shell without any devices connected may be an
advantage, so let's keep this behavior as is for now.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
The way the BDS handles the short-form USB device path of the console
keyboard relies on USB host controllers to be locatable via their PCI
metadata, which implies that these controllers already have a PCI I/O
protocol installed on their handle.
This is not the case for non-discoverable USB host controllers that are
supported by the NonDiscoverable PCI device driver. These controllers
must be connected first, or the BDS will never notice their existence,
and will not enable any USB keyboards connected through them.
Let's work around this by connecting these handles explicitly. This is
a bit of a stopgap, but it is the cleanest way of dealing with this
without violating the UEFI driver model entirely. This ensures that
platforms that do not rely on ConnectAll() will keep working as
expected.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Supervisor Call instruction (SVC) is used by the Arm Standalone MM
environment to request services from the privileged software (such as
ARM Trusted Firmware running in EL3) and also return back to the
non-secure caller via EL3. Some Arm CPUs speculatively executes the
instructions after the SVC instruction without crossing the privilege
level (S-EL0). Although the results of this execution are
architecturally discarded, adversary running on the non-secure side can
manipulate the contents of the general purpose registers to leak the
secure work memory through spectre like micro-architectural side channel
attacks. This behavior is demonstrated by the SafeSide project [1] and
[2]. Add barrier instructions after SVC to prevent speculative execution
to mitigate such attacks.
[1]: https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc
[2]: https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
In the ArmPkg version of PlatformBootManagerLib, we construct a
serial device path based on the default settings for baud rate,
parity and the number of stop bits, to ensure that a serial console
is available even on the very first boot.
This assumes that PcdUartDefaultParity or PcdUartDefaultStopBits are
not set to '0', meaning 'the default', as there is no default for
these when constructing a device path.
So add a couple of STATIC_ASSERT()s to make sure that we catch this
condition, since it otherwise ignores the bogus device path silently,
which is rather tedious to debug,.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Sami Mujawar <Sami.Mujawar@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Replace the runtime ASSERT with the build time STATIC_ASSERT on the
check that ensures that the terminal type we use for the serial
console matches the one we explicitly add to the ConIn/ConOut/StdErr
variables.
This helps catch serial console issues early, even in RELEASE builds,
reducing the risk of ending up with no console at all, which can be
tricky to debug on bare metal.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Sami Mujawar <Sami.Mujawar@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Gary reports the GCC 10 will emit calls to atomics intrinsics routines
unless -mno-outline-atomics is specified. This means GCC-10 introduces
new intrinsics, and even though it would be possible to work around this
by specifying the command line option, this would require a new GCC10
toolchain profile to be created, which we prefer to avoid.
So instead, add the new intrinsics to our library so they are provided
when necessary.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Tested-by: Gary Lin <glin@suse.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
TT_ATTR_INDX_INVALID is #define'd but never used so drop it. Note
that this leaves a CPP macro of the same name in CpuDxe, but there,
it is actually being used, and although the name suggests that this
value is somehow defined by the architecture, this is really not the
case and it only has meaning within the scope of CpuDxe's implementation.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Only a single call to GetRootTranslationTableInfo() remains, which
only provides the root table level. So let's create a new static
helper function that returns just this value, and use it instead.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
LookupAddresstoRootTable() uses a loop to go over its MaxAddress
argument, essentially to do a log2() and determine how many bits are
needed to represent it. Since the argument is the result of a shift-left
expression, there is some room for improvement here, and we can simply
use the bit count directly to calculate the value of T0SZ. At the same
time, we can omit calling GetRootTranslationTableInfo() to determine the
number of root table entries, and add a new helper that applies the
trivial calculation directly.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
The routine PageAttributeToGcdAttribute() is exported by ArmMmuLib
but only ever used in the implementation of CpuDxe. So let's move
the function there and make it STATIC.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Currently, depending on the size of the region being (re)mapped, the
page table manipulation code may replace a table entry with a block entry,
even if the existing table entry uses different mapping attributes to
describe different parts of the region it covers. This is undesirable, and
instead, we should avoid doing so unless we are disregarding the original
attributes anyway. And if we make such a replacement, we should free all
the page tables that have become orphaned in the process.
So let's implement this, by taking the table entry path through the code
for block sized regions if a table entry already exists, and the clear
mask is set (which means we are preserving attributes from the existing
mapping). And when we do replace a table entry with a block entry, free
all the pages that are no longer referenced.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Ashish Singhal <ashishsingha@nvidia.com>
Tested-by: Ashish Singhal <ashishsingha@nvidia.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Given how the meaning of the attribute bits for page table entry types
is slightly awkward, and changes between levels, add some helpers to
abstract from this.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Ashish Singhal <ashishsingha@nvidia.com>
Tested-by: Ashish Singhal <ashishsingha@nvidia.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
FreePageTablesRecursive () traverses the page table tree depth first
to free all pages that it finds, without taking into account the
level at which it is operating.
Since TT_TYPE_TABLE_ENTRY aliases TT_TYPE_BLOCK_ENTRY_LEVEL3, we cannot
distinguish table entries from block entries unless we take the level
into account, and so we may be dereferencing garbage if we happen to
try and free a hierarchy of page tables that has level 3 pages in it.
Let's fix this by passing the level into FreePageTablesRecursive (),
and limit the recursion to levels < 3.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Ashish Singhal <ashishsingha@nvidia.com>
Tested-by: Ashish Singhal <ashishsingha@nvidia.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Because of a bug, current EL gets passed to DC IVAC instruction instead
of the VA entry that needs to be invalidated.
Signed-off-by: Ashish Singhal <ashishsingha@nvidia.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Some cosmetic fixups to the AArch64 MMU code:
- reflow overly long lines unless it hurts legibility
- add/remove whitespace according to the [de facto] coding style
- use camel case for goto labels
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-Id: <20200307091008.14918-3-ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
This is the AARCH64 counterpart of commit 1f3b1eb308, to remove
a pointless check against the memory type of the allocations that the
page tables happened to land in. On ArmV8, we use writeback cacheable
exclusively for all memory.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Message-Id: <20200307091008.14918-2-ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
As it turns out, ARMv8 also permits accesses made with the MMU and
caches off to hit in the caches, so to ensure that any modifications
we make before enabling the MMU are visible afterwards as well, we
should invalidate page tables right after allocation like we do now on
ARM, if the MMU is still disabled at that point.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Message-Id: <20200307083849.8940-3-ard.biesheuvel@linaro.org>
Pierre Gondois
Leif Lindholm
wenyi,xie via groups.io
Michael Kubacki
Ard Biesheuvel
Heyi Guo
Vijayenthiran Subramaniam
Ard Biesheuvel
Ashish Singhal