Validate power_state and entrypoint when executing PSCI calls
This patch allows the platform to validate the power_state and
entrypoint information from the normal world early on in PSCI
calls so that we can return the error safely. New optional
pm_ops hooks `validate_power_state` and `validate_ns_entrypoint`
are introduced to do this.
As a result of these changes, all the other pm_ops handlers except
the PSCI_ON handler are expected to be successful. Also, the PSCI
implementation will now assert if a PSCI API is invoked without the
corresponding pm_ops handler being registered by the platform.
NOTE : PLATFORM PORTS WILL BREAK ON MERGE OF THIS COMMIT. The
pm hooks have 2 additional optional callbacks and the return type
of the other hooks have changed.
Fixes ARM-Software/tf-issues#229
Change-Id: I036bc0cff2349187c7b8b687b9ee0620aa7e24dc
diff --git a/include/bl31/services/psci.h b/include/bl31/services/psci.h
index 7513326..3804bf2 100644
--- a/include/bl31/services/psci.h
+++ b/include/bl31/services/psci.h
@@ -89,12 +89,12 @@
#define PSTATE_TYPE_STANDBY 0x0
#define PSTATE_TYPE_POWERDOWN 0x1
-#define psci_get_pstate_id(pstate) (pstate >> PSTATE_ID_SHIFT) & \
- PSTATE_ID_MASK
-#define psci_get_pstate_type(pstate) (pstate >> PSTATE_TYPE_SHIFT) & \
- PSTATE_TYPE_MASK
-#define psci_get_pstate_afflvl(pstate) (pstate >> PSTATE_AFF_LVL_SHIFT) & \
- PSTATE_AFF_LVL_MASK
+#define psci_get_pstate_id(pstate) ((pstate >> PSTATE_ID_SHIFT) & \
+ PSTATE_ID_MASK)
+#define psci_get_pstate_type(pstate) ((pstate >> PSTATE_TYPE_SHIFT) & \
+ PSTATE_TYPE_MASK)
+#define psci_get_pstate_afflvl(pstate) ((pstate >> PSTATE_AFF_LVL_SHIFT) & \
+ PSTATE_AFF_LVL_MASK)
/*******************************************************************************
* PSCI version
@@ -161,20 +161,22 @@
* perform common low level pm functions
******************************************************************************/
typedef struct plat_pm_ops {
- int (*affinst_standby)(unsigned int power_state);
+ void (*affinst_standby)(unsigned int power_state);
int (*affinst_on)(unsigned long mpidr,
unsigned long sec_entrypoint,
unsigned int afflvl,
unsigned int state);
- int (*affinst_off)(unsigned int afflvl, unsigned int state);
- int (*affinst_suspend)(unsigned long sec_entrypoint,
+ void (*affinst_off)(unsigned int afflvl, unsigned int state);
+ void (*affinst_suspend)(unsigned long sec_entrypoint,
unsigned int afflvl,
unsigned int state);
- int (*affinst_on_finish)(unsigned int afflvl, unsigned int state);
- int (*affinst_suspend_finish)(unsigned int afflvl,
+ void (*affinst_on_finish)(unsigned int afflvl, unsigned int state);
+ void (*affinst_suspend_finish)(unsigned int afflvl,
unsigned int state);
void (*system_off)(void) __dead2;
void (*system_reset)(void) __dead2;
+ int (*validate_power_state)(unsigned int power_state);
+ int (*validate_ns_entrypoint)(unsigned long ns_entrypoint);
} plat_pm_ops_t;
/*******************************************************************************