feat(cpus): add a concise way to implement AArch64 errata
Errata implementation involves adding a lot of boilerplate to random
places with just conventions on how to do them. Copy pasting is the
usual method for doing this. The result is an error-prone and verbose
patch that is a nightmare to get through review.
Errata workarounds have a very large degree of similarity - most of them
involve setting a bit at reset. As such most of the boilerplate is not
strictly necessary. To solve this, add a collection of assembly macros
to wrap errata implementations such that only the actual mitigations
need to be written. A new erratum mitigation looks something like:
workaround_reset_start cortex_a77, ERRATUM(1925769), ERRATA_A77_1925769
sysreg_bit_set CORTEX_A77_CPUECTLR_EL1, CORTEX_A77_CPUECTLR_EL1_BIT_8
workaround_reset_end cortex_a77, ERRATUM(1925769)
check_erratum_ls cortex_a77, ERRATUM(1925769), CPU_REV(1, 1)
Note, that the long comment on every mitigation is missing. This is on
purpose, as this new format includes all of its contents into an easily
readable format.
The workaround wrappers add an erratum entry (24 bytes) to a per-cpu
data structure which can then be read by a standard reset function to
apply all errata automatically. This has the added benefit of collecting
all errata TF-A knows about in a central way, which was previously
missing. This can then be used at runtime with the errata ABI.
If an erratum doesn't fit this standard definition (eg. the
CVE_2022_23960), it can progressively be unwrapped to the old
convention. The only differences are that the naming format is slightly
more verbose and a call to add_erratum_entry is needed to inform the
framework about the errata.
Finally, the internal workaround names change a tiny bit, especially
CVEs.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iac644f85dcf85b8279b25e83baf1e7d08b253b16
diff --git a/include/lib/cpus/errata.h b/include/lib/cpus/errata.h
index f9ab520..e8e2d63 100644
--- a/include/lib/cpus/errata.h
+++ b/include/lib/cpus/errata.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,11 +7,45 @@
#ifndef ERRATA_REPORT_H
#define ERRATA_REPORT_H
+#include <lib/cpus/cpu_ops.h>
+
+
+#define ERRATUM_WA_FUNC_SIZE CPU_WORD_SIZE
+#define ERRATUM_CHECK_FUNC_SIZE CPU_WORD_SIZE
+#define ERRATUM_ID_SIZE 4
+#define ERRATUM_CVE_SIZE 2
+#define ERRATUM_CHOSEN_SIZE 1
+#define ERRATUM_MITIGATED_SIZE 1
+
+#define ERRATUM_WA_FUNC 0
+#define ERRATUM_CHECK_FUNC ERRATUM_WA_FUNC + ERRATUM_WA_FUNC_SIZE
+#define ERRATUM_ID ERRATUM_CHECK_FUNC + ERRATUM_CHECK_FUNC_SIZE
+#define ERRATUM_CVE ERRATUM_ID + ERRATUM_ID_SIZE
+#define ERRATUM_CHOSEN ERRATUM_CVE + ERRATUM_CVE_SIZE
+#define ERRATUM_MITIGATED ERRATUM_CHOSEN + ERRATUM_CHOSEN_SIZE
+#define ERRATUM_ENTRY_SIZE ERRATUM_MITIGATED + ERRATUM_MITIGATED_SIZE
+
#ifndef __ASSEMBLER__
void print_errata_status(void);
void errata_print_msg(unsigned int status, const char *cpu, const char *id);
+#else
+
+/*
+ * errata framework macro helpers
+ *
+ * NOTE an erratum and CVE id could clash. However, both numbers are very large
+ * and the probablity is minuscule. Working around this makes code very
+ * complicated and extremely difficult to read so it is not considered. In the
+ * unlikely event that this does happen, prepending the CVE id with a 0 should
+ * resolve the conflict
+ */
+#define ERRATUM(id) 0, id
+#define CVE(year, id) year, id
+#define NO_ISB 1
+#define NO_ASSERT 0
+
#endif /* __ASSEMBLER__ */
/* Errata status */