This corrects MISRA C2012-14.4
The controlling expression of an if statement and the controlling
expression of an iteration-statement shall have essentially Boolean type.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Iacc58349cc3ab558fb4ffe0605a623e84e21e035
This corrects MISRA C2012-20.7:
Expressions resulting from the expansion of macro parameters shall be
enclosed in parentheses.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I9989a5aaacf17f6f7a65381c8d41f21a35f6ddd9
This corrects MISRA C2012-18.4:
The +, -, += and -= operators should not be applied to an expression
of pointer type.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ie1a196b875eae2eff9242cf83abfc1a79bdee6f3
This corrects the MISRA violation C2012-12.1:
The precedence of operators within expressions should be made explicit.
This is done either by adding parentheses, or by creating dedicated
variables.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If8312442222ba848ac1f5e38df1bed0a367646a7
This corrects MISRA C2012-9.5:
Where designated initializers are used to initialize an array object
the size of the array shall be specified explicitly.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I4f8da6b0ce73df65b2b45ba10d4ca16ed8b70113
This corrects MISRA C2012-20.7
Expressions resulting from the expansion of macro parameters shall be
enclosed in parentheses.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I9269d7a5b6aa4573bc0ca55b3054c3475dc4b6b2
This corrects MISRA C2012 10.3: The value of an expression shall not be
assigned to an object with a narrower essential type or of a different
essential type category.
Set part_config to be an unsigned char everywhere it is used.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I9cf87848fb016a5630b3c8091290419e3bc62b91
Fix MISRA C2012-17.8:
A function parameter should not be modified
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I08ed4c6768c7988a98de21da181b97b0885139de
This corrects the MISRA violation C2012-12.1:
The precedence of operators within expressions should be made explicit
While at it put the test on one line.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Id19231faaf033c1e7dbe703690e0dddc7aa8f346
This corrects MISRA c2012-7.2 violation:
A "u" or "U" suffix shall be applied to all integer constants that are
represented in an unsigned type.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I5508a7d482213fc4d22e3e7ac53defb4135af596
Add braces to correct MISRA C2012 15.6 warning:
The body of an iteration-statement or a selection-statement shall be a
compound-statement.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I4041b0080b678f5ffdbe074e3cee9ac0afd5e176
This corrects the MISRA violation C2012-12.1:
The precedence of operators within expressions should be made explicit
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I62083c43b3f633504cac3497efe2e984924c63b2
This patch adds X2-X6 and 'smc_ret' parameters to trp_rmi_handler().
The last 'smc_ret' parameter passed in X7 contains address of
'trp_smc_result' structure on stack to return result of RMI SMC call.
This allows to preserve X4 if not used as a return argument as per
SMCCCv1.2. The patch also removes use of trp_args_t in RMI handling.
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I9e3387a7380b37863eeccc53d13e92e0ac5cffbd
This patch is to fix Errata #841119 and #826419 failed apply in linux
because of SMMU_CBn_ACTLR register can't be modified in non-secure
states.
Signed-off-by: Howard Lu <howard.lu@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I2b23e7c8baa809f385917eb45b10ec6b26a9ada8
Coverity Issue 21268351
Fixed unused value of xspi read while reading training values from
xspi during warm reset.
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I779587afedb1c73d174a132bbfbcb21bf45bdff8
This patch adds support for RMM granules allocation
in FVP 2nd DRAM 2GB bank at 0x880000000 base address.
For ENABLE_RME = 1 case it also removes "mem=1G"
Linux kernel command line option in fvp-base-psci-common.dsti
to allow memory layout discovery from the FVP device tree.
FVP parameter 'bp.dram_size' - size of main memory in gigabytes
documented in docs/components/realm-management-extension.rst
is changed from 2 to 4.
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I174da4416ad5a8d41bf0ac89f356dba7c0cd3fe7
rss_comms_init() should return with success (0) in case of an internal
MHU_ERR_ALREADY_INIT error code which is harmless (occurs when
rss_comms_init() is called multiple times in a row).
Change-Id: Ibb1fef48a60866e80d3a389128cb8eef1332ea01
Signed-off-by: David Vincze <david.vincze@arm.com>
No overflow buffer checking for param size. There is a security threat.
Update code to check for param size according to cryto param mode.
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I37a2d047edd9ff835b3f0986d85309c402887bef
This patch is to extend support SMMU in FCS GET_DIGEST, MAC_VERIFY,
ECDSA_SHA2_DATA_SIGNING and ECDSA_SHA2_DATA_SIGNATURE_VERIFY.
It also will change to use asynchronous mailbox send command to improve
fcs_client timing performance.
Increase the SIP_SVC_VERSION_MAJOR because SMMU support is not backward
compatible.
Increase the SIP_SVC_VERSION_MINOR because 8 news function IDs are
introduced.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I15e619e246531b065451f9b201646f3c50e26307
Removed unused global from the assembly file.
Change-Id: I17ab70aa888af27865a9fb4436495197f460780f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
TF-A is quite strict with warnings and redundant code. This flag
furthers this so it would be useful to have it. Add it to W=2 as it sets
off a few platforms which require a somewhat involved fix.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Id52b3d477b4ada7dd69a36101ab22c575ab4ef19
TF-A is more strict with compiler warnings in comparison to other
projects (notably Linux) for security and -Wextra enables a lot of
desirable warnings. This patch enables -Wextra by default (from W=1
previously) and reorganises the warning levels so that they can useful
when enabled and not just a build failure. This will help us move
towards fixing the warnings that are too many to fix at once and
enabling all W={1, 2} warnings.
The warning levels get new meanings:
* W=1: warnings we want the generic build to include but are too time
consuming to fix at the moment. They re-enable warnings taken out for
generic builds.
* W=2: warnings we want the generic build to include but cannot be
enabled due to external libraries.
* W=3: warnings that are informative but not necessary and generally too
verbose and frequently ignored.
Quality expectations for new contributions mean that generally they
should have no warnings up to W=2. To allow code to be developed with
them in mind, -Werror is disabled when W=x is set. This way enabling
warnings will not just fail the build due to technicalities we have and
contributors will be able to actually see if they get any.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ieb15ddd635d458a956a34b0f9d0ea2f81b9c0745
The BL31 part has been there forever and the PSCI reference is neither
at section 3.3 or directly below. Update this to locate the section more
easily.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I9a86e4ef13d1ac5da743917493f63ddd7690e087
Returning enum usb_status in an enum usb_action function is wrong as
they have different meanings. However, usb_dwc2_ep0_out_start() and
usb_dwc2_activate_setup() only return USBD_OK so we will never get to
there. Replace these checks with asserts in case the code changes in
future.
This also silences a warning when compiling with -Wextra.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I73dfd5c189a357544c15ceb3f4268da82ce272b9
On release builds EMMC_TRACE doesn't expand to anything. Some
conditionals with no braces end up with empty bodies. This produces a
warning when compiling with -Werror=empty-body (enabled by -Wextra).
Since TF-A coding guidelines require braces to comply with MISRA
guidelines anyway, add them in the whole file.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ib4e691efc7acdb8fb8692278c7a9772fc894f77f
secure_boot_api_f is defined to take uint32_t, uint32_t, and void *
parameters. However rom_secure_boot_api_f is defined to take uint32_t *,
uint32_t *, void *. These are incompatible and cause a warning when
compiling with -Wextra. Align the rom definition to the more generic
definition from where it's called.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ia030803b3c2335d220aff09fc0eef5c7615276aa
The api_version is checked in pm_setup() and an error is returned. The
smc handlers will not be registered on error so doing the check again is
redundant. This also silences a warning when compiling with -Wextra.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I09395e6a20e3f6eb22a1f81ec2f6bdf034eeb4bf
TF-A wants to eventually enable -Wold-style-definition globally. Convert
the rare few instances where this is still the case.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I9c450fc875cf097e6de2ed577ea3b085821c9f5e
Compiling with -Wimplicit-fallthrough=3 (enabled by -Wextra) produces
many warnings about fallthrough comments either missing or being wrong.
Unify the comments so we comply with -Wextra.
Note that Coverity recommends against using the __attribute__ directive.
Also, zlib does not build with a higher value of -Wimplicit-fallthrough.
Finally, compilers strip comments before expanding macros. As such,
checkpatch's fallthrough annotation (or higher levels of the flag) isn't
really possible.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I060cf4f8dc04c02cbb45cf4ceb69569a8369ccee
Adding a new threat which is about leaving
sensitive information in internal buffers
which could be stolen by an attacker.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I737e802c0adc9b00c89a0e21779745c51afb4b17
MISRA Violation: MISRA C-2012 Rule 7.2
- Initialize the unsigned int with value 0u in pm_service component.
Current misra warning detection tool is not reporting this as
warning. It reports only when the initialized value exceeds the
range of data type based on compiler used.
But, this change is added as a part of precaution as some other
misra checker tool may report it as violation of rule 7.2.
Signed-off-by: Naman Patel <naman.patel@amd.com>
Change-Id: I50a5cee2a077fe157e79757d959ce33064225af3
CTX_INCLUDE_EL2_REGS is used to save/restore EL2 registers and
it should be only used when there is SPMD or RME enabled.
Make CTX_INCLUDE_EL2_REGS an internal macro and remove
from documentation.
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Change-Id: I6a70edfd88163423ff0482de094601cf794246d6
SCR_EL3 register is restored before esb issued and it is assumed
that EAs are unmasked at that point, which is wrong, as the SCR_EL3
value at that time is restored from the context of the world where
it is returning to.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Id1c7150a70b5f589b0dc7c50c359b4d23ee9f256
* changes:
refactor(qemu): pass platform metadata as a function's argument
refactor(imx8m): pass platform metadata as a function's argument
refactor(fvp): pass platform metadata as a function's argument
refactor(measured-boot): accept metadata as a function's argument
Current code skips load of spinlock address when cache is disabled. The
following call to spin_unlock stores into the random location that x0
points to.
Move spinlock address load earlier so that x0 is always valid on
spin_unlock call.
Change-Id: Iac640289725dce2518f2fed483d7d36ca748ffe8
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
