1 /*
2 * Copyright (c) 2017-2021, ARM Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <inttypes.h>
9 #include <stdint.h>
10 #include <string.h>
11
12 #include <arch_helpers.h>
13 #include <arch_features.h>
14 #include <bl31/ehf.h>
15 #include <bl31/interrupt_mgmt.h>
16 #include <common/bl_common.h>
17 #include <common/debug.h>
18 #include <common/runtime_svc.h>
19 #include <lib/cassert.h>
20 #include <services/sdei.h>
21
22 #include "sdei_private.h"
23
24 /* x0-x17 GPREGS context */
25 #define SDEI_SAVED_GPREGS 18U
26
27 /* Maximum preemption nesting levels: Critical priority and Normal priority */
28 #define MAX_EVENT_NESTING 2U
29
30 /* Per-CPU SDEI state access macro */
31 #define sdei_get_this_pe_state() (&cpu_state[plat_my_core_pos()])
32
33 /* Structure to store information about an outstanding dispatch */
34 typedef struct sdei_dispatch_context {
35 sdei_ev_map_t *map;
36 uint64_t x[SDEI_SAVED_GPREGS];
37 jmp_buf *dispatch_jmp;
38
39 /* Exception state registers */
40 uint64_t elr_el3;
41 uint64_t spsr_el3;
42
43 #if DYNAMIC_WORKAROUND_CVE_2018_3639
44 /* CVE-2018-3639 mitigation state */
45 uint64_t disable_cve_2018_3639;
46 #endif
47 } sdei_dispatch_context_t;
48
49 /* Per-CPU SDEI state data */
50 typedef struct sdei_cpu_state {
51 sdei_dispatch_context_t dispatch_stack[MAX_EVENT_NESTING];
52 unsigned short stack_top; /* Empty ascending */
53 bool pe_masked;
54 bool pending_enables;
55 } sdei_cpu_state_t;
56
57 /* SDEI states for all cores in the system */
58 static sdei_cpu_state_t cpu_state[PLATFORM_CORE_COUNT];
59
sdei_pe_mask(void)60 int64_t sdei_pe_mask(void)
61 {
62 int64_t ret = 0;
63 sdei_cpu_state_t *state = sdei_get_this_pe_state();
64
65 /*
66 * Return value indicates whether this call had any effect in the mask
67 * status of this PE.
68 */
69 if (!state->pe_masked) {
70 state->pe_masked = true;
71 ret = 1;
72 }
73
74 return ret;
75 }
76
sdei_pe_unmask(void)77 void sdei_pe_unmask(void)
78 {
79 unsigned int i;
80 sdei_ev_map_t *map;
81 sdei_entry_t *se;
82 sdei_cpu_state_t *state = sdei_get_this_pe_state();
83 uint64_t my_mpidr = read_mpidr_el1() & MPIDR_AFFINITY_MASK;
84
85 /*
86 * If there are pending enables, iterate through the private mappings
87 * and enable those bound maps that are in enabled state. Also, iterate
88 * through shared mappings and enable interrupts of events that are
89 * targeted to this PE.
90 */
91 if (state->pending_enables) {
92 for_each_private_map(i, map) {
93 se = get_event_entry(map);
94 if (is_map_bound(map) && GET_EV_STATE(se, ENABLED))
95 plat_ic_enable_interrupt(map->intr);
96 }
97
98 for_each_shared_map(i, map) {
99 se = get_event_entry(map);
100
101 sdei_map_lock(map);
102 if (is_map_bound(map) && GET_EV_STATE(se, ENABLED) &&
103 (se->reg_flags == SDEI_REGF_RM_PE) &&
104 (se->affinity == my_mpidr)) {
105 plat_ic_enable_interrupt(map->intr);
106 }
107 sdei_map_unlock(map);
108 }
109 }
110
111 state->pending_enables = false;
112 state->pe_masked = false;
113 }
114
115 /* Push a dispatch context to the dispatch stack */
push_dispatch(void)116 static sdei_dispatch_context_t *push_dispatch(void)
117 {
118 sdei_cpu_state_t *state = sdei_get_this_pe_state();
119 sdei_dispatch_context_t *disp_ctx;
120
121 /* Cannot have more than max events */
122 assert(state->stack_top < MAX_EVENT_NESTING);
123
124 disp_ctx = &state->dispatch_stack[state->stack_top];
125 state->stack_top++;
126
127 return disp_ctx;
128 }
129
130 /* Pop a dispatch context to the dispatch stack */
pop_dispatch(void)131 static sdei_dispatch_context_t *pop_dispatch(void)
132 {
133 sdei_cpu_state_t *state = sdei_get_this_pe_state();
134
135 if (state->stack_top == 0U)
136 return NULL;
137
138 assert(state->stack_top <= MAX_EVENT_NESTING);
139
140 state->stack_top--;
141
142 return &state->dispatch_stack[state->stack_top];
143 }
144
145 /* Retrieve the context at the top of dispatch stack */
get_outstanding_dispatch(void)146 static sdei_dispatch_context_t *get_outstanding_dispatch(void)
147 {
148 sdei_cpu_state_t *state = sdei_get_this_pe_state();
149
150 if (state->stack_top == 0U)
151 return NULL;
152
153 assert(state->stack_top <= MAX_EVENT_NESTING);
154
155 return &state->dispatch_stack[state->stack_top - 1U];
156 }
157
save_event_ctx(sdei_ev_map_t * map,void * tgt_ctx)158 static sdei_dispatch_context_t *save_event_ctx(sdei_ev_map_t *map,
159 void *tgt_ctx)
160 {
161 sdei_dispatch_context_t *disp_ctx;
162 const gp_regs_t *tgt_gpregs;
163 const el3_state_t *tgt_el3;
164
165 assert(tgt_ctx != NULL);
166 tgt_gpregs = get_gpregs_ctx(tgt_ctx);
167 tgt_el3 = get_el3state_ctx(tgt_ctx);
168
169 disp_ctx = push_dispatch();
170 assert(disp_ctx != NULL);
171 disp_ctx->map = map;
172
173 /* Save general purpose and exception registers */
174 memcpy(disp_ctx->x, tgt_gpregs, sizeof(disp_ctx->x));
175 disp_ctx->spsr_el3 = read_ctx_reg(tgt_el3, CTX_SPSR_EL3);
176 disp_ctx->elr_el3 = read_ctx_reg(tgt_el3, CTX_ELR_EL3);
177
178 return disp_ctx;
179 }
180
restore_event_ctx(const sdei_dispatch_context_t * disp_ctx,void * tgt_ctx)181 static void restore_event_ctx(const sdei_dispatch_context_t *disp_ctx, void *tgt_ctx)
182 {
183 gp_regs_t *tgt_gpregs;
184 el3_state_t *tgt_el3;
185
186 assert(tgt_ctx != NULL);
187 tgt_gpregs = get_gpregs_ctx(tgt_ctx);
188 tgt_el3 = get_el3state_ctx(tgt_ctx);
189
190 CASSERT(sizeof(disp_ctx->x) == (SDEI_SAVED_GPREGS * sizeof(uint64_t)),
191 foo);
192
193 /* Restore general purpose and exception registers */
194 memcpy(tgt_gpregs, disp_ctx->x, sizeof(disp_ctx->x));
195 write_ctx_reg(tgt_el3, CTX_SPSR_EL3, disp_ctx->spsr_el3);
196 write_ctx_reg(tgt_el3, CTX_ELR_EL3, disp_ctx->elr_el3);
197
198 #if DYNAMIC_WORKAROUND_CVE_2018_3639
199 cve_2018_3639_t *tgt_cve_2018_3639;
200 tgt_cve_2018_3639 = get_cve_2018_3639_ctx(tgt_ctx);
201
202 /* Restore CVE-2018-3639 mitigation state */
203 write_ctx_reg(tgt_cve_2018_3639, CTX_CVE_2018_3639_DISABLE,
204 disp_ctx->disable_cve_2018_3639);
205 #endif
206 }
207
save_secure_context(void)208 static void save_secure_context(void)
209 {
210 cm_el1_sysregs_context_save(SECURE);
211 }
212
213 /* Restore Secure context and arrange to resume it at the next ERET */
restore_and_resume_secure_context(void)214 static void restore_and_resume_secure_context(void)
215 {
216 cm_el1_sysregs_context_restore(SECURE);
217 cm_set_next_eret_context(SECURE);
218 }
219
220 /*
221 * Restore Non-secure context and arrange to resume it at the next ERET. Return
222 * pointer to the Non-secure context.
223 */
restore_and_resume_ns_context(void)224 static cpu_context_t *restore_and_resume_ns_context(void)
225 {
226 cpu_context_t *ns_ctx;
227
228 cm_el1_sysregs_context_restore(NON_SECURE);
229 cm_set_next_eret_context(NON_SECURE);
230
231 ns_ctx = cm_get_context(NON_SECURE);
232 assert(ns_ctx != NULL);
233
234 return ns_ctx;
235 }
236
237 /*
238 * Prepare for ERET:
239 * - Set the ELR to the registered handler address
240 * - Set the SPSR register as described in the SDEI documentation and
241 * the AArch64.TakeException() pseudocode function in
242 * ARM DDI 0487F.c page J1-7635
243 */
244
sdei_set_elr_spsr(sdei_entry_t * se,sdei_dispatch_context_t * disp_ctx)245 static void sdei_set_elr_spsr(sdei_entry_t *se, sdei_dispatch_context_t *disp_ctx)
246 {
247 unsigned int client_el = sdei_client_el();
248 u_register_t sdei_spsr = SPSR_64(client_el, MODE_SP_ELX,
249 DISABLE_ALL_EXCEPTIONS);
250
251 u_register_t interrupted_pstate = disp_ctx->spsr_el3;
252
253 /* Check the SPAN bit in the client el SCTLR */
254 u_register_t client_el_sctlr;
255
256 if (client_el == MODE_EL2) {
257 client_el_sctlr = read_sctlr_el2();
258 } else {
259 client_el_sctlr = read_sctlr_el1();
260 }
261
262 /*
263 * Check whether to force the PAN bit or use the value in the
264 * interrupted EL according to the check described in
265 * TakeException. Since the client can only be Non-Secure
266 * EL2 or El1 some of the conditions in ElIsInHost() we know
267 * will always be True.
268 * When the client_el is EL2 we know that there will be a SPAN
269 * bit in SCTLR_EL2 as we have already checked for the condition
270 * HCR_EL2.E2H = 1 and HCR_EL2.TGE = 1
271 */
272 u_register_t hcr_el2 = read_hcr();
273 bool el_is_in_host = is_armv8_1_vhe_present() &&
274 (hcr_el2 & HCR_TGE_BIT) &&
275 (hcr_el2 & HCR_E2H_BIT);
276
277 if (is_armv8_1_pan_present() &&
278 ((client_el == MODE_EL1) ||
279 (client_el == MODE_EL2 && el_is_in_host)) &&
280 ((client_el_sctlr & SCTLR_SPAN_BIT) == 0U)) {
281 sdei_spsr |= SPSR_PAN_BIT;
282 } else {
283 sdei_spsr |= (interrupted_pstate & SPSR_PAN_BIT);
284 }
285
286 /* If SSBS is implemented, take the value from the client el SCTLR */
287 u_register_t ssbs_enabled = (read_id_aa64pfr1_el1()
288 >> ID_AA64PFR1_EL1_SSBS_SHIFT)
289 & ID_AA64PFR1_EL1_SSBS_MASK;
290 if (ssbs_enabled != SSBS_UNAVAILABLE) {
291 u_register_t ssbs_bit = ((client_el_sctlr & SCTLR_DSSBS_BIT)
292 >> SCTLR_DSSBS_SHIFT)
293 << SPSR_SSBS_SHIFT_AARCH64;
294 sdei_spsr |= ssbs_bit;
295 }
296
297 /* If MTE is implemented in the client el set the TCO bit */
298 if (get_armv8_5_mte_support() >= MTE_IMPLEMENTED_ELX) {
299 sdei_spsr |= SPSR_TCO_BIT_AARCH64;
300 }
301
302 /* Take the DIT field from the pstate of the interrupted el */
303 sdei_spsr |= (interrupted_pstate & SPSR_DIT_BIT);
304
305 cm_set_elr_spsr_el3(NON_SECURE, (uintptr_t) se->ep, sdei_spsr);
306 }
307
308 /*
309 * Populate the Non-secure context so that the next ERET will dispatch to the
310 * SDEI client.
311 */
setup_ns_dispatch(sdei_ev_map_t * map,sdei_entry_t * se,cpu_context_t * ctx,jmp_buf * dispatch_jmp)312 static void setup_ns_dispatch(sdei_ev_map_t *map, sdei_entry_t *se,
313 cpu_context_t *ctx, jmp_buf *dispatch_jmp)
314 {
315 sdei_dispatch_context_t *disp_ctx;
316
317 /* Push the event and context */
318 disp_ctx = save_event_ctx(map, ctx);
319
320 /*
321 * Setup handler arguments:
322 *
323 * - x0: Event number
324 * - x1: Handler argument supplied at the time of event registration
325 * - x2: Interrupted PC
326 * - x3: Interrupted SPSR
327 */
328 SMC_SET_GP(ctx, CTX_GPREG_X0, (uint64_t) map->ev_num);
329 SMC_SET_GP(ctx, CTX_GPREG_X1, se->arg);
330 SMC_SET_GP(ctx, CTX_GPREG_X2, disp_ctx->elr_el3);
331 SMC_SET_GP(ctx, CTX_GPREG_X3, disp_ctx->spsr_el3);
332
333 /* Setup the elr and spsr register to prepare for ERET */
334 sdei_set_elr_spsr(se, disp_ctx);
335
336 #if DYNAMIC_WORKAROUND_CVE_2018_3639
337 cve_2018_3639_t *tgt_cve_2018_3639;
338 tgt_cve_2018_3639 = get_cve_2018_3639_ctx(ctx);
339
340 /* Save CVE-2018-3639 mitigation state */
341 disp_ctx->disable_cve_2018_3639 = read_ctx_reg(tgt_cve_2018_3639,
342 CTX_CVE_2018_3639_DISABLE);
343
344 /* Force SDEI handler to execute with mitigation enabled by default */
345 write_ctx_reg(tgt_cve_2018_3639, CTX_CVE_2018_3639_DISABLE, 0);
346 #endif
347
348 disp_ctx->dispatch_jmp = dispatch_jmp;
349 }
350
351 /* Handle a triggered SDEI interrupt while events were masked on this PE */
handle_masked_trigger(sdei_ev_map_t * map,sdei_entry_t * se,sdei_cpu_state_t * state,unsigned int intr_raw)352 static void handle_masked_trigger(sdei_ev_map_t *map, sdei_entry_t *se,
353 sdei_cpu_state_t *state, unsigned int intr_raw)
354 {
355 uint64_t my_mpidr __unused = (read_mpidr_el1() & MPIDR_AFFINITY_MASK);
356 bool disable = false;
357
358 /* Nothing to do for event 0 */
359 if (map->ev_num == SDEI_EVENT_0)
360 return;
361
362 /*
363 * For a private event, or for a shared event specifically routed to
364 * this CPU, we disable interrupt, leave the interrupt pending, and do
365 * EOI.
366 */
367 if (is_event_private(map) || (se->reg_flags == SDEI_REGF_RM_PE))
368 disable = true;
369
370 if (se->reg_flags == SDEI_REGF_RM_PE)
371 assert(se->affinity == my_mpidr);
372
373 if (disable) {
374 plat_ic_disable_interrupt(map->intr);
375 plat_ic_set_interrupt_pending(map->intr);
376 plat_ic_end_of_interrupt(intr_raw);
377 state->pending_enables = true;
378
379 return;
380 }
381
382 /*
383 * We just received a shared event with routing set to ANY PE. The
384 * interrupt can't be delegated on this PE as SDEI events are masked.
385 * However, because its routing mode is ANY, it is possible that the
386 * event can be delegated on any other PE that hasn't masked events.
387 * Therefore, we set the interrupt back pending so as to give other
388 * suitable PEs a chance of handling it.
389 */
390 assert(plat_ic_is_spi(map->intr) != 0);
391 plat_ic_set_interrupt_pending(map->intr);
392
393 /*
394 * Leaving the same interrupt pending also means that the same interrupt
395 * can target this PE again as soon as this PE leaves EL3. Whether and
396 * how often that happens depends on the implementation of GIC.
397 *
398 * We therefore call a platform handler to resolve this situation.
399 */
400 plat_sdei_handle_masked_trigger(my_mpidr, map->intr);
401
402 /* This PE is masked. We EOI the interrupt, as it can't be delegated */
403 plat_ic_end_of_interrupt(intr_raw);
404 }
405
406 /* SDEI main interrupt handler */
sdei_intr_handler(uint32_t intr_raw,uint32_t flags,void * handle,void * cookie)407 int sdei_intr_handler(uint32_t intr_raw, uint32_t flags, void *handle,
408 void *cookie)
409 {
410 sdei_entry_t *se;
411 cpu_context_t *ctx;
412 sdei_ev_map_t *map;
413 const sdei_dispatch_context_t *disp_ctx;
414 unsigned int sec_state;
415 sdei_cpu_state_t *state;
416 uint32_t intr;
417 jmp_buf dispatch_jmp;
418 const uint64_t mpidr = read_mpidr_el1();
419
420 /*
421 * To handle an event, the following conditions must be true:
422 *
423 * 1. Event must be signalled
424 * 2. Event must be enabled
425 * 3. This PE must be a target PE for the event
426 * 4. PE must be unmasked for SDEI
427 * 5. If this is a normal event, no event must be running
428 * 6. If this is a critical event, no critical event must be running
429 *
430 * (1) and (2) are true when this function is running
431 * (3) is enforced in GIC by selecting the appropriate routing option
432 * (4) is satisfied by client calling PE_UNMASK
433 * (5) and (6) is enforced using interrupt priority, the RPR, in GIC:
434 * - Normal SDEI events belong to Normal SDE priority class
435 * - Critical SDEI events belong to Critical CSDE priority class
436 *
437 * The interrupt has already been acknowledged, and therefore is active,
438 * so no other PE can handle this event while we are at it.
439 *
440 * Find if this is an SDEI interrupt. There must be an event mapped to
441 * this interrupt
442 */
443 intr = plat_ic_get_interrupt_id(intr_raw);
444 map = find_event_map_by_intr(intr, (plat_ic_is_spi(intr) != 0));
445 if (map == NULL) {
446 ERROR("No SDEI map for interrupt %u\n", intr);
447 panic();
448 }
449
450 /*
451 * Received interrupt number must either correspond to event 0, or must
452 * be bound interrupt.
453 */
454 assert((map->ev_num == SDEI_EVENT_0) || is_map_bound(map));
455
456 se = get_event_entry(map);
457 state = sdei_get_this_pe_state();
458
459 if (state->pe_masked) {
460 /*
461 * Interrupts received while this PE was masked can't be
462 * dispatched.
463 */
464 SDEI_LOG("interrupt %u on %" PRIx64 " while PE masked\n",
465 map->intr, mpidr);
466 if (is_event_shared(map))
467 sdei_map_lock(map);
468
469 handle_masked_trigger(map, se, state, intr_raw);
470
471 if (is_event_shared(map))
472 sdei_map_unlock(map);
473
474 return 0;
475 }
476
477 /* Insert load barrier for signalled SDEI event */
478 if (map->ev_num == SDEI_EVENT_0)
479 dmbld();
480
481 if (is_event_shared(map))
482 sdei_map_lock(map);
483
484 /* Assert shared event routed to this PE had been configured so */
485 if (is_event_shared(map) && (se->reg_flags == SDEI_REGF_RM_PE)) {
486 assert(se->affinity == (mpidr & MPIDR_AFFINITY_MASK));
487 }
488
489 if (!can_sdei_state_trans(se, DO_DISPATCH)) {
490 SDEI_LOG("SDEI event 0x%x can't be dispatched; state=0x%x\n",
491 map->ev_num, se->state);
492
493 /*
494 * If the event is registered, leave the interrupt pending so
495 * that it's delivered when the event is enabled.
496 */
497 if (GET_EV_STATE(se, REGISTERED))
498 plat_ic_set_interrupt_pending(map->intr);
499
500 /*
501 * The interrupt was disabled or unregistered after the handler
502 * started to execute, which means now the interrupt is already
503 * disabled and we just need to EOI the interrupt.
504 */
505 plat_ic_end_of_interrupt(intr_raw);
506
507 if (is_event_shared(map))
508 sdei_map_unlock(map);
509
510 return 0;
511 }
512
513 disp_ctx = get_outstanding_dispatch();
514 if (is_event_critical(map)) {
515 /*
516 * If this event is Critical, and if there's an outstanding
517 * dispatch, assert the latter is a Normal dispatch. Critical
518 * events can preempt an outstanding Normal event dispatch.
519 */
520 if (disp_ctx != NULL)
521 assert(is_event_normal(disp_ctx->map));
522 } else {
523 /*
524 * If this event is Normal, assert that there are no outstanding
525 * dispatches. Normal events can't preempt any outstanding event
526 * dispatches.
527 */
528 assert(disp_ctx == NULL);
529 }
530
531 sec_state = get_interrupt_src_ss(flags);
532
533 if (is_event_shared(map))
534 sdei_map_unlock(map);
535
536 SDEI_LOG("ACK %" PRIx64 ", ev:0x%x ss:%d spsr:%lx ELR:%lx\n",
537 mpidr, map->ev_num, sec_state, read_spsr_el3(), read_elr_el3());
538
539 ctx = handle;
540
541 /*
542 * Check if we interrupted secure state. Perform a context switch so
543 * that we can delegate to NS.
544 */
545 if (sec_state == SECURE) {
546 save_secure_context();
547 ctx = restore_and_resume_ns_context();
548 }
549
550 /* Synchronously dispatch event */
551 setup_ns_dispatch(map, se, ctx, &dispatch_jmp);
552 begin_sdei_synchronous_dispatch(&dispatch_jmp);
553
554 /*
555 * We reach here when client completes the event.
556 *
557 * If the cause of dispatch originally interrupted the Secure world,
558 * resume Secure.
559 *
560 * No need to save the Non-secure context ahead of a world switch: the
561 * Non-secure context was fully saved before dispatch, and has been
562 * returned to its pre-dispatch state.
563 */
564 if (sec_state == SECURE)
565 restore_and_resume_secure_context();
566
567 /*
568 * The event was dispatched after receiving SDEI interrupt. With
569 * the event handling completed, EOI the corresponding
570 * interrupt.
571 */
572 if ((map->ev_num != SDEI_EVENT_0) && !is_map_bound(map)) {
573 ERROR("Invalid SDEI mapping: ev=0x%x\n", map->ev_num);
574 panic();
575 }
576 plat_ic_end_of_interrupt(intr_raw);
577
578 return 0;
579 }
580
581 /*
582 * Explicitly dispatch the given SDEI event.
583 *
584 * When calling this API, the caller must be prepared for the SDEI dispatcher to
585 * restore and make Non-secure context as active. This call returns only after
586 * the client has completed the dispatch. Then, the Non-secure context will be
587 * active, and the following ERET will return to Non-secure.
588 *
589 * Should the caller require re-entry to Secure, it must restore the Secure
590 * context and program registers for ERET.
591 */
sdei_dispatch_event(int ev_num)592 int sdei_dispatch_event(int ev_num)
593 {
594 sdei_entry_t *se;
595 sdei_ev_map_t *map;
596 cpu_context_t *ns_ctx;
597 sdei_dispatch_context_t *disp_ctx;
598 sdei_cpu_state_t *state;
599 jmp_buf dispatch_jmp;
600
601 /* Can't dispatch if events are masked on this PE */
602 state = sdei_get_this_pe_state();
603 if (state->pe_masked)
604 return -1;
605
606 /* Event 0 can't be dispatched */
607 if (ev_num == SDEI_EVENT_0)
608 return -1;
609
610 /* Locate mapping corresponding to this event */
611 map = find_event_map(ev_num);
612 if (map == NULL)
613 return -1;
614
615 /* Only explicit events can be dispatched */
616 if (!is_map_explicit(map))
617 return -1;
618
619 /* Examine state of dispatch stack */
620 disp_ctx = get_outstanding_dispatch();
621 if (disp_ctx != NULL) {
622 /*
623 * There's an outstanding dispatch. If the outstanding dispatch
624 * is critical, no more dispatches are possible.
625 */
626 if (is_event_critical(disp_ctx->map))
627 return -1;
628
629 /*
630 * If the outstanding dispatch is Normal, only critical events
631 * can be dispatched.
632 */
633 if (is_event_normal(map))
634 return -1;
635 }
636
637 se = get_event_entry(map);
638 if (!can_sdei_state_trans(se, DO_DISPATCH))
639 return -1;
640
641 /*
642 * Prepare for NS dispatch by restoring the Non-secure context and
643 * marking that as active.
644 */
645 ns_ctx = restore_and_resume_ns_context();
646
647 /* Activate the priority corresponding to the event being dispatched */
648 ehf_activate_priority(sdei_event_priority(map));
649
650 /* Dispatch event synchronously */
651 setup_ns_dispatch(map, se, ns_ctx, &dispatch_jmp);
652 begin_sdei_synchronous_dispatch(&dispatch_jmp);
653
654 /*
655 * We reach here when client completes the event.
656 *
657 * Deactivate the priority level that was activated at the time of
658 * explicit dispatch.
659 */
660 ehf_deactivate_priority(sdei_event_priority(map));
661
662 return 0;
663 }
664
end_sdei_synchronous_dispatch(jmp_buf * buffer)665 static void end_sdei_synchronous_dispatch(jmp_buf *buffer)
666 {
667 longjmp(*buffer, 1);
668 }
669
sdei_event_complete(bool resume,uint64_t pc)670 int sdei_event_complete(bool resume, uint64_t pc)
671 {
672 sdei_dispatch_context_t *disp_ctx;
673 sdei_entry_t *se;
674 sdei_ev_map_t *map;
675 cpu_context_t *ctx;
676 sdei_action_t act;
677 unsigned int client_el = sdei_client_el();
678
679 /* Return error if called without an active event */
680 disp_ctx = get_outstanding_dispatch();
681 if (disp_ctx == NULL)
682 return SDEI_EDENY;
683
684 /* Validate resumption point */
685 if (resume && (plat_sdei_validate_entry_point(pc, client_el) != 0))
686 return SDEI_EDENY;
687
688 map = disp_ctx->map;
689 assert(map != NULL);
690 se = get_event_entry(map);
691
692 if (is_event_shared(map))
693 sdei_map_lock(map);
694
695 act = resume ? DO_COMPLETE_RESUME : DO_COMPLETE;
696 if (!can_sdei_state_trans(se, act)) {
697 if (is_event_shared(map))
698 sdei_map_unlock(map);
699 return SDEI_EDENY;
700 }
701
702 if (is_event_shared(map))
703 sdei_map_unlock(map);
704
705 /* Having done sanity checks, pop dispatch */
706 (void) pop_dispatch();
707
708 SDEI_LOG("EOI:%lx, %d spsr:%lx elr:%lx\n", read_mpidr_el1(),
709 map->ev_num, read_spsr_el3(), read_elr_el3());
710
711 /*
712 * Restore Non-secure to how it was originally interrupted. Once done,
713 * it's up-to-date with the saved copy.
714 */
715 ctx = cm_get_context(NON_SECURE);
716 restore_event_ctx(disp_ctx, ctx);
717
718 if (resume) {
719 /*
720 * Complete-and-resume call. Prepare the Non-secure context
721 * (currently active) for complete and resume.
722 */
723 cm_set_elr_spsr_el3(NON_SECURE, pc, SPSR_64(client_el,
724 MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS));
725
726 /*
727 * Make it look as if a synchronous exception were taken at the
728 * supplied Non-secure resumption point. Populate SPSR and
729 * ELR_ELx so that an ERET from there works as expected.
730 *
731 * The assumption is that the client, if necessary, would have
732 * saved any live content in these registers before making this
733 * call.
734 */
735 if (client_el == MODE_EL2) {
736 write_elr_el2(disp_ctx->elr_el3);
737 write_spsr_el2(disp_ctx->spsr_el3);
738 } else {
739 /* EL1 */
740 write_elr_el1(disp_ctx->elr_el3);
741 write_spsr_el1(disp_ctx->spsr_el3);
742 }
743 }
744
745 /* End the outstanding dispatch */
746 end_sdei_synchronous_dispatch(disp_ctx->dispatch_jmp);
747
748 return 0;
749 }
750
sdei_event_context(void * handle,unsigned int param)751 int64_t sdei_event_context(void *handle, unsigned int param)
752 {
753 sdei_dispatch_context_t *disp_ctx;
754
755 if (param >= SDEI_SAVED_GPREGS)
756 return SDEI_EINVAL;
757
758 /* Get outstanding dispatch on this CPU */
759 disp_ctx = get_outstanding_dispatch();
760 if (disp_ctx == NULL)
761 return SDEI_EDENY;
762
763 assert(disp_ctx->map != NULL);
764
765 if (!can_sdei_state_trans(get_event_entry(disp_ctx->map), DO_CONTEXT))
766 return SDEI_EDENY;
767
768 /*
769 * No locking is required for the Running status as this is the only CPU
770 * which can complete the event
771 */
772
773 return (int64_t) disp_ctx->x[param];
774 }
775