Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 1 | /* |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 2 | * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved. |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 3 | * |
dp-arm | fa3cf0b | 2017-05-03 09:38:09 +0100 | [diff] [blame] | 4 | * SPDX-License-Identifier: BSD-3-Clause |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 5 | */ |
| 6 | |
| 7 | |
| 8 | /******************************************************************************* |
| 9 | * This is the Secure Payload Dispatcher (SPD). The dispatcher is meant to be a |
| 10 | * plug-in component to the Secure Monitor, registered as a runtime service. The |
| 11 | * SPD is expected to be a functional extension of the Secure Payload (SP) that |
| 12 | * executes in Secure EL1. The Secure Monitor will delegate all SMCs targeting |
| 13 | * the Trusted OS/Applications range to the dispatcher. The SPD will either |
| 14 | * handle the request locally or delegate it to the Secure Payload. It is also |
| 15 | * responsible for initialising and maintaining communication with the SP. |
| 16 | ******************************************************************************/ |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 17 | #include <arch_helpers.h> |
Dan Handley | 2bd4ef2 | 2014-04-09 13:14:54 +0100 | [diff] [blame] | 18 | #include <assert.h> |
| 19 | #include <bl_common.h> |
| 20 | #include <bl31.h> |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 21 | #include <context_mgmt.h> |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 22 | #include <debug.h> |
| 23 | #include <errno.h> |
| 24 | #include <platform.h> |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 25 | #include <runtime_svc.h> |
Dan Handley | 2bd4ef2 | 2014-04-09 13:14:54 +0100 | [diff] [blame] | 26 | #include <stddef.h> |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 27 | #include <string.h> |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 28 | #include <tsp.h> |
Jeenu Viswambharan | df1ddb5 | 2014-02-28 11:23:35 +0000 | [diff] [blame] | 29 | #include <uuid.h> |
Dan Handley | 714a0d2 | 2014-04-09 13:13:04 +0100 | [diff] [blame] | 30 | #include "tspd_private.h" |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 31 | |
| 32 | /******************************************************************************* |
Andrew Thoelke | 891c4ca | 2014-05-20 21:43:27 +0100 | [diff] [blame] | 33 | * Address of the entrypoint vector table in the Secure Payload. It is |
| 34 | * initialised once on the primary core after a cold boot. |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 35 | ******************************************************************************/ |
Andrew Thoelke | 891c4ca | 2014-05-20 21:43:27 +0100 | [diff] [blame] | 36 | tsp_vectors_t *tsp_vectors; |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 37 | |
| 38 | /******************************************************************************* |
| 39 | * Array to keep track of per-cpu Secure Payload state |
| 40 | ******************************************************************************/ |
Dan Handley | e2712bc | 2014-04-10 15:37:22 +0100 | [diff] [blame] | 41 | tsp_context_t tspd_sp_context[TSPD_CORE_COUNT]; |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 42 | |
Jeenu Viswambharan | 7f36660 | 2014-02-20 17:11:00 +0000 | [diff] [blame] | 43 | |
Jeenu Viswambharan | df1ddb5 | 2014-02-28 11:23:35 +0000 | [diff] [blame] | 44 | /* TSP UID */ |
| 45 | DEFINE_SVC_UUID(tsp_uuid, |
| 46 | 0x5b3056a0, 0x3291, 0x427b, 0x98, 0x11, |
| 47 | 0x71, 0x68, 0xca, 0x50, 0xf3, 0xfa); |
| 48 | |
Vikram Kanigiri | d8c9d26 | 2014-05-16 18:48:12 +0100 | [diff] [blame] | 49 | int32_t tspd_init(void); |
Jeenu Viswambharan | 7f36660 | 2014-02-20 17:11:00 +0000 | [diff] [blame] | 50 | |
Soby Mathew | bc91282 | 2015-09-22 12:01:18 +0100 | [diff] [blame] | 51 | /* |
| 52 | * This helper function handles Secure EL1 preemption. The preemption could be |
| 53 | * due Non Secure interrupts or EL3 interrupts. In both the cases we context |
| 54 | * switch to the normal world and in case of EL3 interrupts, it will again be |
| 55 | * routed to EL3 which will get handled at the exception vectors. |
| 56 | */ |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 57 | uint64_t tspd_handle_sp_preemption(void *handle) |
| 58 | { |
| 59 | cpu_context_t *ns_cpu_context; |
Soby Mathew | bc91282 | 2015-09-22 12:01:18 +0100 | [diff] [blame] | 60 | |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 61 | assert(handle == cm_get_context(SECURE)); |
| 62 | cm_el1_sysregs_context_save(SECURE); |
| 63 | /* Get a reference to the non-secure context */ |
| 64 | ns_cpu_context = cm_get_context(NON_SECURE); |
| 65 | assert(ns_cpu_context); |
| 66 | |
| 67 | /* |
Soby Mathew | 7866424 | 2015-11-13 02:08:43 +0000 | [diff] [blame] | 68 | * To allow Secure EL1 interrupt handler to re-enter TSP while TSP |
| 69 | * is preempted, the secure system register context which will get |
| 70 | * overwritten must be additionally saved. This is currently done |
| 71 | * by the TSPD S-EL1 interrupt handler. |
| 72 | */ |
| 73 | |
| 74 | /* |
| 75 | * Restore non-secure state. |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 76 | */ |
| 77 | cm_el1_sysregs_context_restore(NON_SECURE); |
| 78 | cm_set_next_eret_context(NON_SECURE); |
| 79 | |
Soby Mathew | bc91282 | 2015-09-22 12:01:18 +0100 | [diff] [blame] | 80 | /* |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 81 | * The TSP was preempted during execution of a Yielding SMC Call. |
Soby Mathew | 7866424 | 2015-11-13 02:08:43 +0000 | [diff] [blame] | 82 | * Return back to the normal world with SMC_PREEMPTED as error |
| 83 | * code in x0. |
Soby Mathew | bc91282 | 2015-09-22 12:01:18 +0100 | [diff] [blame] | 84 | */ |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 85 | SMC_RET1(ns_cpu_context, SMC_PREEMPTED); |
| 86 | } |
Soby Mathew | bc91282 | 2015-09-22 12:01:18 +0100 | [diff] [blame] | 87 | |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 88 | /******************************************************************************* |
| 89 | * This function is the handler registered for S-EL1 interrupts by the TSPD. It |
| 90 | * validates the interrupt and upon success arranges entry into the TSP at |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 91 | * 'tsp_sel1_intr_entry()' for handling the interrupt. |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 92 | ******************************************************************************/ |
| 93 | static uint64_t tspd_sel1_interrupt_handler(uint32_t id, |
| 94 | uint32_t flags, |
| 95 | void *handle, |
| 96 | void *cookie) |
| 97 | { |
| 98 | uint32_t linear_id; |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 99 | tsp_context_t *tsp_ctx; |
| 100 | |
| 101 | /* Check the security state when the exception was generated */ |
| 102 | assert(get_interrupt_src_ss(flags) == NON_SECURE); |
| 103 | |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 104 | /* Sanity check the pointer to this cpu's context */ |
Andrew Thoelke | a2f6553 | 2014-05-14 17:09:32 +0100 | [diff] [blame] | 105 | assert(handle == cm_get_context(NON_SECURE)); |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 106 | |
| 107 | /* Save the non-secure context before entering the TSP */ |
| 108 | cm_el1_sysregs_context_save(NON_SECURE); |
| 109 | |
| 110 | /* Get a reference to this cpu's TSP context */ |
Soby Mathew | da43b66 | 2015-07-08 21:45:46 +0100 | [diff] [blame] | 111 | linear_id = plat_my_core_pos(); |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 112 | tsp_ctx = &tspd_sp_context[linear_id]; |
Andrew Thoelke | a2f6553 | 2014-05-14 17:09:32 +0100 | [diff] [blame] | 113 | assert(&tsp_ctx->cpu_ctx == cm_get_context(SECURE)); |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 114 | |
| 115 | /* |
| 116 | * Determine if the TSP was previously preempted. Its last known |
| 117 | * context has to be preserved in this case. |
| 118 | * The TSP should return control to the TSPD after handling this |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 119 | * S-EL1 interrupt. Preserve essential EL3 context to allow entry into |
| 120 | * the TSP at the S-EL1 interrupt entry point using the 'cpu_context' |
| 121 | * structure. There is no need to save the secure system register |
| 122 | * context since the TSP is supposed to preserve it during S-EL1 |
| 123 | * interrupt handling. |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 124 | */ |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 125 | if (get_yield_smc_active_flag(tsp_ctx->state)) { |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 126 | tsp_ctx->saved_spsr_el3 = SMC_GET_EL3(&tsp_ctx->cpu_ctx, |
| 127 | CTX_SPSR_EL3); |
| 128 | tsp_ctx->saved_elr_el3 = SMC_GET_EL3(&tsp_ctx->cpu_ctx, |
| 129 | CTX_ELR_EL3); |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 130 | #if TSP_NS_INTR_ASYNC_PREEMPT |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 131 | /*Need to save the previously interrupted secure context */ |
| 132 | memcpy(&tsp_ctx->sp_ctx, &tsp_ctx->cpu_ctx, TSPD_SP_CTX_SIZE); |
| 133 | #endif |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 134 | } |
| 135 | |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 136 | cm_el1_sysregs_context_restore(SECURE); |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 137 | cm_set_elr_spsr_el3(SECURE, (uint64_t) &tsp_vectors->sel1_intr_entry, |
Andrew Thoelke | 4e12607 | 2014-06-04 21:10:52 +0100 | [diff] [blame] | 138 | SPSR_64(MODE_EL1, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS)); |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 139 | |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 140 | cm_set_next_eret_context(SECURE); |
| 141 | |
| 142 | /* |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 143 | * Tell the TSP that it has to handle a S-EL1 interrupt synchronously. |
| 144 | * Also the instruction in normal world where the interrupt was |
| 145 | * generated is passed for debugging purposes. It is safe to retrieve |
| 146 | * this address from ELR_EL3 as the secure context will not take effect |
| 147 | * until el3_exit(). |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 148 | */ |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 149 | SMC_RET2(&tsp_ctx->cpu_ctx, TSP_HANDLE_SEL1_INTR_AND_RETURN, read_elr_el3()); |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 150 | } |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 151 | |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 152 | #if TSP_NS_INTR_ASYNC_PREEMPT |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 153 | /******************************************************************************* |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 154 | * This function is the handler registered for Non secure interrupts by the |
| 155 | * TSPD. It validates the interrupt and upon success arranges entry into the |
| 156 | * normal world for handling the interrupt. |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 157 | ******************************************************************************/ |
| 158 | static uint64_t tspd_ns_interrupt_handler(uint32_t id, |
| 159 | uint32_t flags, |
| 160 | void *handle, |
| 161 | void *cookie) |
| 162 | { |
| 163 | /* Check the security state when the exception was generated */ |
| 164 | assert(get_interrupt_src_ss(flags) == SECURE); |
| 165 | |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 166 | /* |
| 167 | * Disable the routing of NS interrupts from secure world to EL3 while |
| 168 | * interrupted on this core. |
| 169 | */ |
| 170 | disable_intr_rm_local(INTR_TYPE_NS, SECURE); |
| 171 | |
| 172 | return tspd_handle_sp_preemption(handle); |
| 173 | } |
| 174 | #endif |
Jeenu Viswambharan | 7f36660 | 2014-02-20 17:11:00 +0000 | [diff] [blame] | 175 | |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 176 | /******************************************************************************* |
| 177 | * Secure Payload Dispatcher setup. The SPD finds out the SP entrypoint and type |
| 178 | * (aarch32/aarch64) if not already known and initialises the context for entry |
| 179 | * into the SP for its initialisation. |
| 180 | ******************************************************************************/ |
| 181 | int32_t tspd_setup(void) |
| 182 | { |
Vikram Kanigiri | 9d70f0f | 2014-07-15 16:46:43 +0100 | [diff] [blame] | 183 | entry_point_info_t *tsp_ep_info; |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 184 | uint32_t linear_id; |
| 185 | |
Soby Mathew | da43b66 | 2015-07-08 21:45:46 +0100 | [diff] [blame] | 186 | linear_id = plat_my_core_pos(); |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 187 | |
| 188 | /* |
| 189 | * Get information about the Secure Payload (BL32) image. Its |
| 190 | * absence is a critical failure. TODO: Add support to |
| 191 | * conditionally include the SPD service |
| 192 | */ |
Vikram Kanigiri | 9d70f0f | 2014-07-15 16:46:43 +0100 | [diff] [blame] | 193 | tsp_ep_info = bl31_plat_get_next_image_ep_info(SECURE); |
| 194 | if (!tsp_ep_info) { |
| 195 | WARN("No TSP provided by BL2 boot loader, Booting device" |
| 196 | " without TSP initialization. SMC`s destined for TSP" |
| 197 | " will return SMC_UNK\n"); |
| 198 | return 1; |
| 199 | } |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 200 | |
| 201 | /* |
Jeenu Viswambharan | 7f36660 | 2014-02-20 17:11:00 +0000 | [diff] [blame] | 202 | * If there's no valid entry point for SP, we return a non-zero value |
| 203 | * signalling failure initializing the service. We bail out without |
| 204 | * registering any handlers |
| 205 | */ |
Vikram Kanigiri | 9d70f0f | 2014-07-15 16:46:43 +0100 | [diff] [blame] | 206 | if (!tsp_ep_info->pc) |
Jeenu Viswambharan | 7f36660 | 2014-02-20 17:11:00 +0000 | [diff] [blame] | 207 | return 1; |
| 208 | |
| 209 | /* |
Sandrine Bailleux | f4119ec | 2015-12-17 13:58:58 +0000 | [diff] [blame] | 210 | * We could inspect the SP image and determine its execution |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 211 | * state i.e whether AArch32 or AArch64. Assuming it's AArch64 |
| 212 | * for the time being. |
| 213 | */ |
Vikram Kanigiri | 9d70f0f | 2014-07-15 16:46:43 +0100 | [diff] [blame] | 214 | tspd_init_tsp_ep_state(tsp_ep_info, |
| 215 | TSP_AARCH64, |
| 216 | tsp_ep_info->pc, |
| 217 | &tspd_sp_context[linear_id]); |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 218 | |
Vikram Kanigiri | 4e81341 | 2014-07-15 16:49:22 +0100 | [diff] [blame] | 219 | #if TSP_INIT_ASYNC |
| 220 | bl31_set_next_image_type(SECURE); |
| 221 | #else |
Jeenu Viswambharan | 7f36660 | 2014-02-20 17:11:00 +0000 | [diff] [blame] | 222 | /* |
| 223 | * All TSPD initialization done. Now register our init function with |
| 224 | * BL31 for deferred invocation |
| 225 | */ |
| 226 | bl31_register_bl32_init(&tspd_init); |
Vikram Kanigiri | 4e81341 | 2014-07-15 16:49:22 +0100 | [diff] [blame] | 227 | #endif |
Vikram Kanigiri | 9d70f0f | 2014-07-15 16:46:43 +0100 | [diff] [blame] | 228 | return 0; |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 229 | } |
| 230 | |
| 231 | /******************************************************************************* |
| 232 | * This function passes control to the Secure Payload image (BL32) for the first |
| 233 | * time on the primary cpu after a cold boot. It assumes that a valid secure |
| 234 | * context has already been created by tspd_setup() which can be directly used. |
| 235 | * It also assumes that a valid non-secure context has been initialised by PSCI |
| 236 | * so it does not need to save and restore any non-secure state. This function |
| 237 | * performs a synchronous entry into the Secure payload. The SP passes control |
Vikram Kanigiri | d8c9d26 | 2014-05-16 18:48:12 +0100 | [diff] [blame] | 238 | * back to this routine through a SMC. |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 239 | ******************************************************************************/ |
Vikram Kanigiri | d8c9d26 | 2014-05-16 18:48:12 +0100 | [diff] [blame] | 240 | int32_t tspd_init(void) |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 241 | { |
Soby Mathew | da43b66 | 2015-07-08 21:45:46 +0100 | [diff] [blame] | 242 | uint32_t linear_id = plat_my_core_pos(); |
Dan Handley | e2712bc | 2014-04-10 15:37:22 +0100 | [diff] [blame] | 243 | tsp_context_t *tsp_ctx = &tspd_sp_context[linear_id]; |
Vikram Kanigiri | 9d70f0f | 2014-07-15 16:46:43 +0100 | [diff] [blame] | 244 | entry_point_info_t *tsp_entry_point; |
Vikram Kanigiri | 4e81341 | 2014-07-15 16:49:22 +0100 | [diff] [blame] | 245 | uint64_t rc; |
Vikram Kanigiri | 9d70f0f | 2014-07-15 16:46:43 +0100 | [diff] [blame] | 246 | |
| 247 | /* |
| 248 | * Get information about the Secure Payload (BL32) image. Its |
| 249 | * absence is a critical failure. |
| 250 | */ |
| 251 | tsp_entry_point = bl31_plat_get_next_image_ep_info(SECURE); |
| 252 | assert(tsp_entry_point); |
| 253 | |
Soby Mathew | da43b66 | 2015-07-08 21:45:46 +0100 | [diff] [blame] | 254 | cm_init_my_context(tsp_entry_point); |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 255 | |
| 256 | /* |
Vikram Kanigiri | 4e81341 | 2014-07-15 16:49:22 +0100 | [diff] [blame] | 257 | * Arrange for an entry into the test secure payload. It will be |
| 258 | * returned via TSP_ENTRY_DONE case |
Achin Gupta | 607084e | 2014-02-09 18:24:19 +0000 | [diff] [blame] | 259 | */ |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 260 | rc = tspd_synchronous_sp_entry(tsp_ctx); |
| 261 | assert(rc != 0); |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 262 | |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 263 | return rc; |
| 264 | } |
| 265 | |
Jeenu Viswambharan | 7f36660 | 2014-02-20 17:11:00 +0000 | [diff] [blame] | 266 | |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 267 | /******************************************************************************* |
| 268 | * This function is responsible for handling all SMCs in the Trusted OS/App |
| 269 | * range from the non-secure state as defined in the SMC Calling Convention |
| 270 | * Document. It is also responsible for communicating with the Secure payload |
| 271 | * to delegate work and return results back to the non-secure state. Lastly it |
| 272 | * will also return any information that the secure payload needs to do the |
| 273 | * work assigned to it. |
| 274 | ******************************************************************************/ |
| 275 | uint64_t tspd_smc_handler(uint32_t smc_fid, |
| 276 | uint64_t x1, |
| 277 | uint64_t x2, |
| 278 | uint64_t x3, |
| 279 | uint64_t x4, |
| 280 | void *cookie, |
| 281 | void *handle, |
| 282 | uint64_t flags) |
| 283 | { |
Dan Handley | e2712bc | 2014-04-10 15:37:22 +0100 | [diff] [blame] | 284 | cpu_context_t *ns_cpu_context; |
Soby Mathew | da43b66 | 2015-07-08 21:45:46 +0100 | [diff] [blame] | 285 | uint32_t linear_id = plat_my_core_pos(), ns; |
Dan Handley | e2712bc | 2014-04-10 15:37:22 +0100 | [diff] [blame] | 286 | tsp_context_t *tsp_ctx = &tspd_sp_context[linear_id]; |
Vikram Kanigiri | 4e81341 | 2014-07-15 16:49:22 +0100 | [diff] [blame] | 287 | uint64_t rc; |
| 288 | #if TSP_INIT_ASYNC |
| 289 | entry_point_info_t *next_image_info; |
| 290 | #endif |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 291 | |
| 292 | /* Determine which security state this SMC originated from */ |
| 293 | ns = is_caller_non_secure(flags); |
| 294 | |
| 295 | switch (smc_fid) { |
| 296 | |
| 297 | /* |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 298 | * This function ID is used by TSP to indicate that it was |
| 299 | * preempted by a normal world IRQ. |
| 300 | * |
| 301 | */ |
| 302 | case TSP_PREEMPTED: |
| 303 | if (ns) |
| 304 | SMC_RET1(handle, SMC_UNK); |
| 305 | |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 306 | return tspd_handle_sp_preemption(handle); |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 307 | |
| 308 | /* |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 309 | * This function ID is used only by the TSP to indicate that it has |
Soby Mathew | 7866424 | 2015-11-13 02:08:43 +0000 | [diff] [blame] | 310 | * finished handling a S-EL1 interrupt or was preempted by a higher |
| 311 | * priority pending EL3 interrupt. Execution should resume |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 312 | * in the normal world. |
| 313 | */ |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 314 | case TSP_HANDLED_S_EL1_INTR: |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 315 | if (ns) |
| 316 | SMC_RET1(handle, SMC_UNK); |
| 317 | |
Andrew Thoelke | a2f6553 | 2014-05-14 17:09:32 +0100 | [diff] [blame] | 318 | assert(handle == cm_get_context(SECURE)); |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 319 | |
| 320 | /* |
| 321 | * Restore the relevant EL3 state which saved to service |
| 322 | * this SMC. |
| 323 | */ |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 324 | if (get_yield_smc_active_flag(tsp_ctx->state)) { |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 325 | SMC_SET_EL3(&tsp_ctx->cpu_ctx, |
| 326 | CTX_SPSR_EL3, |
| 327 | tsp_ctx->saved_spsr_el3); |
| 328 | SMC_SET_EL3(&tsp_ctx->cpu_ctx, |
| 329 | CTX_ELR_EL3, |
| 330 | tsp_ctx->saved_elr_el3); |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 331 | #if TSP_NS_INTR_ASYNC_PREEMPT |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 332 | /* |
| 333 | * Need to restore the previously interrupted |
| 334 | * secure context. |
| 335 | */ |
| 336 | memcpy(&tsp_ctx->cpu_ctx, &tsp_ctx->sp_ctx, |
| 337 | TSPD_SP_CTX_SIZE); |
| 338 | #endif |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 339 | } |
| 340 | |
| 341 | /* Get a reference to the non-secure context */ |
Andrew Thoelke | a2f6553 | 2014-05-14 17:09:32 +0100 | [diff] [blame] | 342 | ns_cpu_context = cm_get_context(NON_SECURE); |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 343 | assert(ns_cpu_context); |
| 344 | |
| 345 | /* |
| 346 | * Restore non-secure state. There is no need to save the |
| 347 | * secure system register context since the TSP was supposed |
| 348 | * to preserve it during S-EL1 interrupt handling. |
| 349 | */ |
| 350 | cm_el1_sysregs_context_restore(NON_SECURE); |
| 351 | cm_set_next_eret_context(NON_SECURE); |
| 352 | |
| 353 | SMC_RET0((uint64_t) ns_cpu_context); |
| 354 | |
Achin Gupta | aeaab68 | 2014-05-09 13:21:31 +0100 | [diff] [blame] | 355 | /* |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 356 | * This function ID is used only by the SP to indicate it has |
| 357 | * finished initialising itself after a cold boot |
| 358 | */ |
| 359 | case TSP_ENTRY_DONE: |
| 360 | if (ns) |
| 361 | SMC_RET1(handle, SMC_UNK); |
| 362 | |
| 363 | /* |
| 364 | * Stash the SP entry points information. This is done |
| 365 | * only once on the primary cpu |
| 366 | */ |
Andrew Thoelke | 891c4ca | 2014-05-20 21:43:27 +0100 | [diff] [blame] | 367 | assert(tsp_vectors == NULL); |
| 368 | tsp_vectors = (tsp_vectors_t *) x1; |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 369 | |
Vikram Kanigiri | 4e81341 | 2014-07-15 16:49:22 +0100 | [diff] [blame] | 370 | if (tsp_vectors) { |
| 371 | set_tsp_pstate(tsp_ctx->state, TSP_PSTATE_ON); |
| 372 | |
| 373 | /* |
| 374 | * TSP has been successfully initialized. Register power |
| 375 | * managemnt hooks with PSCI |
| 376 | */ |
| 377 | psci_register_spd_pm_hook(&tspd_pm); |
| 378 | |
| 379 | /* |
| 380 | * Register an interrupt handler for S-EL1 interrupts |
| 381 | * when generated during code executing in the |
| 382 | * non-secure state. |
| 383 | */ |
| 384 | flags = 0; |
| 385 | set_interrupt_rm_flag(flags, NON_SECURE); |
| 386 | rc = register_interrupt_type_handler(INTR_TYPE_S_EL1, |
| 387 | tspd_sel1_interrupt_handler, |
| 388 | flags); |
| 389 | if (rc) |
| 390 | panic(); |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 391 | |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 392 | #if TSP_NS_INTR_ASYNC_PREEMPT |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 393 | /* |
| 394 | * Register an interrupt handler for NS interrupts when |
| 395 | * generated during code executing in secure state are |
| 396 | * routed to EL3. |
| 397 | */ |
| 398 | flags = 0; |
| 399 | set_interrupt_rm_flag(flags, SECURE); |
| 400 | |
| 401 | rc = register_interrupt_type_handler(INTR_TYPE_NS, |
| 402 | tspd_ns_interrupt_handler, |
| 403 | flags); |
| 404 | if (rc) |
| 405 | panic(); |
| 406 | |
| 407 | /* |
Soby Mathew | bc91282 | 2015-09-22 12:01:18 +0100 | [diff] [blame] | 408 | * Disable the NS interrupt locally. |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 409 | */ |
| 410 | disable_intr_rm_local(INTR_TYPE_NS, SECURE); |
| 411 | #endif |
Vikram Kanigiri | 4e81341 | 2014-07-15 16:49:22 +0100 | [diff] [blame] | 412 | } |
| 413 | |
| 414 | |
| 415 | #if TSP_INIT_ASYNC |
| 416 | /* Save the Secure EL1 system register context */ |
| 417 | assert(cm_get_context(SECURE) == &tsp_ctx->cpu_ctx); |
| 418 | cm_el1_sysregs_context_save(SECURE); |
| 419 | |
| 420 | /* Program EL3 registers to enable entry into the next EL */ |
| 421 | next_image_info = bl31_plat_get_next_image_ep_info(NON_SECURE); |
| 422 | assert(next_image_info); |
| 423 | assert(NON_SECURE == |
| 424 | GET_SECURITY_STATE(next_image_info->h.attr)); |
| 425 | |
Soby Mathew | da43b66 | 2015-07-08 21:45:46 +0100 | [diff] [blame] | 426 | cm_init_my_context(next_image_info); |
Vikram Kanigiri | 4e81341 | 2014-07-15 16:49:22 +0100 | [diff] [blame] | 427 | cm_prepare_el3_exit(NON_SECURE); |
| 428 | SMC_RET0(cm_get_context(NON_SECURE)); |
| 429 | #else |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 430 | /* |
| 431 | * SP reports completion. The SPD must have initiated |
| 432 | * the original request through a synchronous entry |
| 433 | * into the SP. Jump back to the original C runtime |
| 434 | * context. |
| 435 | */ |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 436 | tspd_synchronous_sp_exit(tsp_ctx, x1); |
Vikram Kanigiri | 4e81341 | 2014-07-15 16:49:22 +0100 | [diff] [blame] | 437 | #endif |
Douglas Raillard | f212965 | 2016-11-24 15:43:19 +0000 | [diff] [blame] | 438 | /* |
| 439 | * This function ID is used only by the SP to indicate it has finished |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 440 | * aborting a preempted Yielding SMC Call. |
Douglas Raillard | f212965 | 2016-11-24 15:43:19 +0000 | [diff] [blame] | 441 | */ |
| 442 | case TSP_ABORT_DONE: |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 443 | |
Achin Gupta | 607084e | 2014-02-09 18:24:19 +0000 | [diff] [blame] | 444 | /* |
Sandrine Bailleux | f4119ec | 2015-12-17 13:58:58 +0000 | [diff] [blame] | 445 | * These function IDs are used only by the SP to indicate it has |
Achin Gupta | 607084e | 2014-02-09 18:24:19 +0000 | [diff] [blame] | 446 | * finished: |
| 447 | * 1. turning itself on in response to an earlier psci |
| 448 | * cpu_on request |
| 449 | * 2. resuming itself after an earlier psci cpu_suspend |
| 450 | * request. |
| 451 | */ |
| 452 | case TSP_ON_DONE: |
| 453 | case TSP_RESUME_DONE: |
| 454 | |
| 455 | /* |
Sandrine Bailleux | f4119ec | 2015-12-17 13:58:58 +0000 | [diff] [blame] | 456 | * These function IDs are used only by the SP to indicate it has |
Achin Gupta | 607084e | 2014-02-09 18:24:19 +0000 | [diff] [blame] | 457 | * finished: |
| 458 | * 1. suspending itself after an earlier psci cpu_suspend |
| 459 | * request. |
| 460 | * 2. turning itself off in response to an earlier psci |
| 461 | * cpu_off request. |
| 462 | */ |
| 463 | case TSP_OFF_DONE: |
| 464 | case TSP_SUSPEND_DONE: |
Juan Castillo | 4dc4a47 | 2014-08-12 11:17:06 +0100 | [diff] [blame] | 465 | case TSP_SYSTEM_OFF_DONE: |
| 466 | case TSP_SYSTEM_RESET_DONE: |
Achin Gupta | 607084e | 2014-02-09 18:24:19 +0000 | [diff] [blame] | 467 | if (ns) |
| 468 | SMC_RET1(handle, SMC_UNK); |
| 469 | |
| 470 | /* |
| 471 | * SP reports completion. The SPD must have initiated the |
| 472 | * original request through a synchronous entry into the SP. |
| 473 | * Jump back to the original C runtime context, and pass x1 as |
| 474 | * return value to the caller |
| 475 | */ |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 476 | tspd_synchronous_sp_exit(tsp_ctx, x1); |
Achin Gupta | 607084e | 2014-02-09 18:24:19 +0000 | [diff] [blame] | 477 | |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 478 | /* |
| 479 | * Request from non-secure client to perform an |
| 480 | * arithmetic operation or response from secure |
| 481 | * payload to an earlier request. |
| 482 | */ |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 483 | case TSP_FAST_FID(TSP_ADD): |
| 484 | case TSP_FAST_FID(TSP_SUB): |
| 485 | case TSP_FAST_FID(TSP_MUL): |
| 486 | case TSP_FAST_FID(TSP_DIV): |
| 487 | |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 488 | case TSP_YIELD_FID(TSP_ADD): |
| 489 | case TSP_YIELD_FID(TSP_SUB): |
| 490 | case TSP_YIELD_FID(TSP_MUL): |
| 491 | case TSP_YIELD_FID(TSP_DIV): |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 492 | if (ns) { |
| 493 | /* |
| 494 | * This is a fresh request from the non-secure client. |
| 495 | * The parameters are in x1 and x2. Figure out which |
| 496 | * registers need to be preserved, save the non-secure |
| 497 | * state and send the request to the secure payload. |
| 498 | */ |
Andrew Thoelke | a2f6553 | 2014-05-14 17:09:32 +0100 | [diff] [blame] | 499 | assert(handle == cm_get_context(NON_SECURE)); |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 500 | |
| 501 | /* Check if we are already preempted */ |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 502 | if (get_yield_smc_active_flag(tsp_ctx->state)) |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 503 | SMC_RET1(handle, SMC_UNK); |
| 504 | |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 505 | cm_el1_sysregs_context_save(NON_SECURE); |
| 506 | |
| 507 | /* Save x1 and x2 for use by TSP_GET_ARGS call below */ |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 508 | store_tsp_args(tsp_ctx, x1, x2); |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 509 | |
| 510 | /* |
| 511 | * We are done stashing the non-secure context. Ask the |
| 512 | * secure payload to do the work now. |
| 513 | */ |
| 514 | |
| 515 | /* |
| 516 | * Verify if there is a valid context to use, copy the |
| 517 | * operation type and parameters to the secure context |
| 518 | * and jump to the fast smc entry point in the secure |
| 519 | * payload. Entry into S-EL1 will take place upon exit |
| 520 | * from this function. |
| 521 | */ |
Andrew Thoelke | a2f6553 | 2014-05-14 17:09:32 +0100 | [diff] [blame] | 522 | assert(&tsp_ctx->cpu_ctx == cm_get_context(SECURE)); |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 523 | |
| 524 | /* Set appropriate entry for SMC. |
| 525 | * We expect the TSP to manage the PSTATE.I and PSTATE.F |
| 526 | * flags as appropriate. |
| 527 | */ |
| 528 | if (GET_SMC_TYPE(smc_fid) == SMC_TYPE_FAST) { |
| 529 | cm_set_elr_el3(SECURE, (uint64_t) |
Andrew Thoelke | 891c4ca | 2014-05-20 21:43:27 +0100 | [diff] [blame] | 530 | &tsp_vectors->fast_smc_entry); |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 531 | } else { |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 532 | set_yield_smc_active_flag(tsp_ctx->state); |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 533 | cm_set_elr_el3(SECURE, (uint64_t) |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 534 | &tsp_vectors->yield_smc_entry); |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 535 | #if TSP_NS_INTR_ASYNC_PREEMPT |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 536 | /* |
| 537 | * Enable the routing of NS interrupts to EL3 |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 538 | * during processing of a Yielding SMC Call on |
| 539 | * this core. |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 540 | */ |
| 541 | enable_intr_rm_local(INTR_TYPE_NS, SECURE); |
| 542 | #endif |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 543 | } |
| 544 | |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 545 | cm_el1_sysregs_context_restore(SECURE); |
| 546 | cm_set_next_eret_context(SECURE); |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 547 | SMC_RET3(&tsp_ctx->cpu_ctx, smc_fid, x1, x2); |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 548 | } else { |
| 549 | /* |
| 550 | * This is the result from the secure client of an |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 551 | * earlier request. The results are in x1-x3. Copy it |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 552 | * into the non-secure context, save the secure state |
| 553 | * and return to the non-secure state. |
| 554 | */ |
Andrew Thoelke | a2f6553 | 2014-05-14 17:09:32 +0100 | [diff] [blame] | 555 | assert(handle == cm_get_context(SECURE)); |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 556 | cm_el1_sysregs_context_save(SECURE); |
| 557 | |
| 558 | /* Get a reference to the non-secure context */ |
Andrew Thoelke | a2f6553 | 2014-05-14 17:09:32 +0100 | [diff] [blame] | 559 | ns_cpu_context = cm_get_context(NON_SECURE); |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 560 | assert(ns_cpu_context); |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 561 | |
| 562 | /* Restore non-secure state */ |
| 563 | cm_el1_sysregs_context_restore(NON_SECURE); |
| 564 | cm_set_next_eret_context(NON_SECURE); |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 565 | if (GET_SMC_TYPE(smc_fid) == SMC_TYPE_YIELD) { |
| 566 | clr_yield_smc_active_flag(tsp_ctx->state); |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 567 | #if TSP_NS_INTR_ASYNC_PREEMPT |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 568 | /* |
| 569 | * Disable the routing of NS interrupts to EL3 |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 570 | * after processing of a Yielding SMC Call on |
| 571 | * this core is finished. |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 572 | */ |
| 573 | disable_intr_rm_local(INTR_TYPE_NS, SECURE); |
| 574 | #endif |
| 575 | } |
| 576 | |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 577 | SMC_RET3(ns_cpu_context, x1, x2, x3); |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 578 | } |
| 579 | |
Douglas Raillard | f212965 | 2016-11-24 15:43:19 +0000 | [diff] [blame] | 580 | break; |
| 581 | /* |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 582 | * Request from the non-secure world to abort a preempted Yielding SMC |
| 583 | * Call. |
Douglas Raillard | f212965 | 2016-11-24 15:43:19 +0000 | [diff] [blame] | 584 | */ |
| 585 | case TSP_FID_ABORT: |
| 586 | /* ABORT should only be invoked by normal world */ |
| 587 | if (!ns) { |
| 588 | assert(0); |
| 589 | break; |
| 590 | } |
| 591 | |
Douglas Raillard | bcc3dd3 | 2017-02-03 18:01:51 +0000 | [diff] [blame] | 592 | assert(handle == cm_get_context(NON_SECURE)); |
| 593 | cm_el1_sysregs_context_save(NON_SECURE); |
| 594 | |
Douglas Raillard | f212965 | 2016-11-24 15:43:19 +0000 | [diff] [blame] | 595 | /* Abort the preempted SMC request */ |
Douglas Raillard | bcc3dd3 | 2017-02-03 18:01:51 +0000 | [diff] [blame] | 596 | if (!tspd_abort_preempted_smc(tsp_ctx)) { |
Douglas Raillard | f212965 | 2016-11-24 15:43:19 +0000 | [diff] [blame] | 597 | /* |
| 598 | * If there was no preempted SMC to abort, return |
| 599 | * SMC_UNK. |
Douglas Raillard | bcc3dd3 | 2017-02-03 18:01:51 +0000 | [diff] [blame] | 600 | * |
| 601 | * Restoring the NON_SECURE context is not necessary as |
| 602 | * the synchronous entry did not take place if the |
| 603 | * return code of tspd_abort_preempted_smc is zero. |
Douglas Raillard | f212965 | 2016-11-24 15:43:19 +0000 | [diff] [blame] | 604 | */ |
Douglas Raillard | bcc3dd3 | 2017-02-03 18:01:51 +0000 | [diff] [blame] | 605 | cm_set_next_eret_context(NON_SECURE); |
| 606 | break; |
| 607 | } |
Douglas Raillard | f212965 | 2016-11-24 15:43:19 +0000 | [diff] [blame] | 608 | |
Douglas Raillard | bcc3dd3 | 2017-02-03 18:01:51 +0000 | [diff] [blame] | 609 | cm_el1_sysregs_context_restore(NON_SECURE); |
| 610 | cm_set_next_eret_context(NON_SECURE); |
Antonio Nino Diaz | acb2914 | 2017-04-04 17:08:32 +0100 | [diff] [blame] | 611 | SMC_RET1(handle, SMC_OK); |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 612 | |
| 613 | /* |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 614 | * Request from non secure world to resume the preempted |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 615 | * Yielding SMC Call. |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 616 | */ |
| 617 | case TSP_FID_RESUME: |
Soby Mathew | 3d57851 | 2014-05-27 10:20:01 +0100 | [diff] [blame] | 618 | /* RESUME should be invoked only by normal world */ |
| 619 | if (!ns) { |
| 620 | assert(0); |
| 621 | break; |
| 622 | } |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 623 | |
Soby Mathew | 3d57851 | 2014-05-27 10:20:01 +0100 | [diff] [blame] | 624 | /* |
| 625 | * This is a resume request from the non-secure client. |
| 626 | * save the non-secure state and send the request to |
| 627 | * the secure payload. |
| 628 | */ |
Andrew Thoelke | a2f6553 | 2014-05-14 17:09:32 +0100 | [diff] [blame] | 629 | assert(handle == cm_get_context(NON_SECURE)); |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 630 | |
Soby Mathew | 3d57851 | 2014-05-27 10:20:01 +0100 | [diff] [blame] | 631 | /* Check if we are already preempted before resume */ |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 632 | if (!get_yield_smc_active_flag(tsp_ctx->state)) |
Soby Mathew | 3d57851 | 2014-05-27 10:20:01 +0100 | [diff] [blame] | 633 | SMC_RET1(handle, SMC_UNK); |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 634 | |
Soby Mathew | 3d57851 | 2014-05-27 10:20:01 +0100 | [diff] [blame] | 635 | cm_el1_sysregs_context_save(NON_SECURE); |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 636 | |
Soby Mathew | 3d57851 | 2014-05-27 10:20:01 +0100 | [diff] [blame] | 637 | /* |
| 638 | * We are done stashing the non-secure context. Ask the |
| 639 | * secure payload to do the work now. |
| 640 | */ |
Soby Mathew | bec9851 | 2015-09-03 18:29:38 +0100 | [diff] [blame] | 641 | #if TSP_NS_INTR_ASYNC_PREEMPT |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 642 | /* |
| 643 | * Enable the routing of NS interrupts to EL3 during resumption |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 644 | * of a Yielding SMC Call on this core. |
Soby Mathew | 47903c0 | 2015-01-13 15:48:26 +0000 | [diff] [blame] | 645 | */ |
| 646 | enable_intr_rm_local(INTR_TYPE_NS, SECURE); |
| 647 | #endif |
| 648 | |
| 649 | |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 650 | |
Soby Mathew | 3d57851 | 2014-05-27 10:20:01 +0100 | [diff] [blame] | 651 | /* We just need to return to the preempted point in |
| 652 | * TSP and the execution will resume as normal. |
| 653 | */ |
| 654 | cm_el1_sysregs_context_restore(SECURE); |
| 655 | cm_set_next_eret_context(SECURE); |
| 656 | SMC_RET0(&tsp_ctx->cpu_ctx); |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 657 | |
| 658 | /* |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 659 | * This is a request from the secure payload for more arguments |
| 660 | * for an ongoing arithmetic operation requested by the |
| 661 | * non-secure world. Simply return the arguments from the non- |
| 662 | * secure client in the original call. |
| 663 | */ |
| 664 | case TSP_GET_ARGS: |
| 665 | if (ns) |
| 666 | SMC_RET1(handle, SMC_UNK); |
| 667 | |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 668 | get_tsp_args(tsp_ctx, x1, x2); |
| 669 | SMC_RET2(handle, x1, x2); |
Achin Gupta | 916a2c1 | 2014-02-09 23:11:46 +0000 | [diff] [blame] | 670 | |
Jeenu Viswambharan | df1ddb5 | 2014-02-28 11:23:35 +0000 | [diff] [blame] | 671 | case TOS_CALL_COUNT: |
| 672 | /* |
| 673 | * Return the number of service function IDs implemented to |
| 674 | * provide service to non-secure |
| 675 | */ |
| 676 | SMC_RET1(handle, TSP_NUM_FID); |
| 677 | |
| 678 | case TOS_UID: |
| 679 | /* Return TSP UID to the caller */ |
| 680 | SMC_UUID_RET(handle, tsp_uuid); |
| 681 | |
| 682 | case TOS_CALL_VERSION: |
| 683 | /* Return the version of current implementation */ |
| 684 | SMC_RET2(handle, TSP_VERSION_MAJOR, TSP_VERSION_MINOR); |
| 685 | |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 686 | default: |
Achin Gupta | 607084e | 2014-02-09 18:24:19 +0000 | [diff] [blame] | 687 | break; |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 688 | } |
| 689 | |
Achin Gupta | 607084e | 2014-02-09 18:24:19 +0000 | [diff] [blame] | 690 | SMC_RET1(handle, SMC_UNK); |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 691 | } |
| 692 | |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 693 | /* Define a SPD runtime service descriptor for fast SMC calls */ |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 694 | DECLARE_RT_SVC( |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 695 | tspd_fast, |
Achin Gupta | 375f538 | 2014-02-18 18:12:48 +0000 | [diff] [blame] | 696 | |
| 697 | OEN_TOS_START, |
| 698 | OEN_TOS_END, |
| 699 | SMC_TYPE_FAST, |
| 700 | tspd_setup, |
| 701 | tspd_smc_handler |
| 702 | ); |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 703 | |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 704 | /* Define a SPD runtime service descriptor for Yielding SMC Calls */ |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 705 | DECLARE_RT_SVC( |
| 706 | tspd_std, |
| 707 | |
| 708 | OEN_TOS_START, |
| 709 | OEN_TOS_END, |
David Cunado | 28f69ab | 2017-04-05 11:34:03 +0100 | [diff] [blame] | 710 | SMC_TYPE_YIELD, |
Soby Mathew | 9f71f70 | 2014-05-09 20:49:17 +0100 | [diff] [blame] | 711 | NULL, |
| 712 | tspd_smc_handler |
| 713 | ); |