9  * This is the Secure Payload Dispatcher (SPD). The dispatcher is meant to be a
10  * plug-in component to the Secure Monitor, registered as a runtime service. The
11  * SPD is expected to be a functional extension of the Secure Payload (SP) that
12  * executes in Secure EL1. The Secure Monitor will delegate all SMCs targeting
14  * handle the request locally or delegate it to the Secure Payload. It is also
36  * Address of the entrypoint vector table in the Secure Payload. It is
42  * Array to keep track of per-cpu Secure Payload state
55  * This helper function handles Secure EL1 preemption. The preemption could be
56  * due Non Secure interrupts or EL3 interrupts. In both the cases we context
64 	assert(handle == cm_get_context(SECURE));  in tspd_handle_sp_preemption()
65 	cm_el1_sysregs_context_save(SECURE);  in tspd_handle_sp_preemption()
66 	/* Get a reference to the non-secure context */  in tspd_handle_sp_preemption()
71 	 * To allow Secure EL1 interrupt handler to re-enter TSP while TSP  in tspd_handle_sp_preemption()
72 	 * is preempted, the secure system register context which will get  in tspd_handle_sp_preemption()
78 	 * Restore non-secure state.  in tspd_handle_sp_preemption()
97  * example, if a non-secure interrupt gets fired when CPU is executing in NS-EL2
98  * it gets handled in the non-secure world.
101  * states a secure interrupt has to be handled in the secure world.
102  * Hence, the TSPD in EL3 expects the context(handle) for a secure interrupt to
103  * be non-secure and vice versa.
104  * However, a race condition between non-secure and secure interrupts can lead to
127 	 * 1/ A non-secure payload(like tftf) requests a secure service from  in tspd_sel1_interrupt_handler()
130 	 *    Dispatcher in Secure Monitor(EL3).  in tspd_sel1_interrupt_handler()
131 	 * 3/ While CPU is executing TSP, a Non-secure interrupt gets fired.  in tspd_sel1_interrupt_handler()
132 	 *    this demands a context switch to the non-secure world through  in tspd_sel1_interrupt_handler()
133 	 *    secure monitor.  in tspd_sel1_interrupt_handler()
135 	 *    execution switches to secure monitor(EL3).  in tspd_sel1_interrupt_handler()
136 	 * 5/ EL3 tries to triage the (Non-secure) interrupt based on the  in tspd_sel1_interrupt_handler()
138 	 * 6/ However, while the NS Interrupt was pending, secure timer gets  in tspd_sel1_interrupt_handler()
142 	 *    was pre-empted due to non-secure interrupt.  in tspd_sel1_interrupt_handler()
148 	 *    pre-empted when execution resumes in non-secure world.  in tspd_sel1_interrupt_handler()
156 		/* Save the non-secure context before entering the TSP */  in tspd_sel1_interrupt_handler()
161 		assert(handle == cm_get_context(SECURE));  in tspd_sel1_interrupt_handler()
163 		/* Save the secure context before entering the TSP for S-EL1  in tspd_sel1_interrupt_handler()
166 		cm_el1_sysregs_context_save(SECURE);  in tspd_sel1_interrupt_handler()
176 	/* Save the non-secure context before entering the TSP */  in tspd_sel1_interrupt_handler()
180 	assert(&tsp_ctx->cpu_ctx == cm_get_context(SECURE));  in tspd_sel1_interrupt_handler()
188 	 * structure. There is no need to save the secure system register  in tspd_sel1_interrupt_handler()
202 	cm_el1_sysregs_context_restore(SECURE);  in tspd_sel1_interrupt_handler()
203 	cm_set_elr_spsr_el3(SECURE, (uint64_t) &tsp_vectors->sel1_intr_entry,  in tspd_sel1_interrupt_handler()
206 	cm_set_next_eret_context(SECURE);  in tspd_sel1_interrupt_handler()
212 	 * this address from ELR_EL3 as the secure context will not take effect  in tspd_sel1_interrupt_handler()
220  * This function is the handler registered for Non secure interrupts by the
230 	assert(get_interrupt_src_ss(flags) == SECURE);  in tspd_ns_interrupt_handler()
233 	 * Disable the routing of NS interrupts from secure world to EL3 while  in tspd_ns_interrupt_handler()
236 	disable_intr_rm_local(INTR_TYPE_NS, SECURE);  in tspd_ns_interrupt_handler()
243  * Secure Payload Dispatcher setup. The SPD finds out the SP entrypoint and type
255 	 * Get information about the Secure Payload (BL32) image. Its  in tspd_setup()
259 	tsp_ep_info = bl31_plat_get_next_image_ep_info(SECURE);  in tspd_setup()
286 	bl31_set_next_image_type(SECURE);  in tspd_setup()
298  * This function passes control to the Secure Payload image (BL32) for the first
299  * time on the primary cpu after a cold boot. It assumes that a valid secure
301  * It also assumes that a valid non-secure context has been initialised by PSCI
302  * so it does not need to save and restore any non-secure state. This function
303  * performs a synchronous entry into the Secure payload. The SP passes control
314 	 * Get information about the Secure Payload (BL32) image. Its  in tspd_init()
317 	tsp_entry_point = bl31_plat_get_next_image_ep_info(SECURE);  in tspd_init()
323 	 * Arrange for an entry into the test secure payload. It will be  in tspd_init()
335  * range from the non-secure state as defined in the SMC Calling Convention
336  * Document. It is also responsible for communicating with the Secure payload
337  * to delegate work and return results back to the non-secure state. Lastly it
338  * will also return any information that the secure payload needs to do the
384 		assert(handle == cm_get_context(SECURE));  in tspd_smc_handler()
400 			 * secure context.  in tspd_smc_handler()
407 		/* Get a reference to the non-secure context */  in tspd_smc_handler()
412 		 * Restore non-secure state. There is no need to save the  in tspd_smc_handler()
413 		 * secure system register context since the TSP was supposed  in tspd_smc_handler()
461 			 * non-secure state.  in tspd_smc_handler()
474 			 * generated during code executing in secure state are  in tspd_smc_handler()
478 			set_interrupt_rm_flag(flags, SECURE);  in tspd_smc_handler()
489 			disable_intr_rm_local(INTR_TYPE_NS, SECURE);  in tspd_smc_handler()
495 		/* Save the Secure EL1 system register context */  in tspd_smc_handler()
496 		assert(cm_get_context(SECURE) == &tsp_ctx->cpu_ctx);  in tspd_smc_handler()
497 		cm_el1_sysregs_context_save(SECURE);  in tspd_smc_handler()
560 		 * Request from non-secure client to perform an  in tspd_smc_handler()
561 		 * arithmetic operation or response from secure  in tspd_smc_handler()
575 			 * This is a fresh request from the non-secure client.  in tspd_smc_handler()
577 			 * registers need to be preserved, save the non-secure  in tspd_smc_handler()
578 			 * state and send the request to the secure payload.  in tspd_smc_handler()
592 			 * We are done stashing the non-secure context. Ask the  in tspd_smc_handler()
593 			 * secure payload to do the work now.  in tspd_smc_handler()
598 			 * operation type and parameters to the secure context  in tspd_smc_handler()
599 			 * and jump to the fast smc entry point in the secure  in tspd_smc_handler()
603 			assert(&tsp_ctx->cpu_ctx == cm_get_context(SECURE));  in tspd_smc_handler()
610 				cm_set_elr_el3(SECURE, (uint64_t)  in tspd_smc_handler()
614 				cm_set_elr_el3(SECURE, (uint64_t)  in tspd_smc_handler()
622 				enable_intr_rm_local(INTR_TYPE_NS, SECURE);  in tspd_smc_handler()
628 				 * being processed, Non-secure interrupts can't  in tspd_smc_handler()
629 				 * preempt Secure execution. However, for  in tspd_smc_handler()
639 			cm_el1_sysregs_context_restore(SECURE);  in tspd_smc_handler()
640 			cm_set_next_eret_context(SECURE);  in tspd_smc_handler()
644 			 * This is the result from the secure client of an  in tspd_smc_handler()
646 			 * into the non-secure context, save the secure state  in tspd_smc_handler()
647 			 * and return to the non-secure state.  in tspd_smc_handler()
649 			assert(handle == cm_get_context(SECURE));  in tspd_smc_handler()
650 			cm_el1_sysregs_context_save(SECURE);  in tspd_smc_handler()
652 			/* Get a reference to the non-secure context */  in tspd_smc_handler()
656 			/* Restore non-secure state */  in tspd_smc_handler()
667 				disable_intr_rm_local(INTR_TYPE_NS, SECURE);  in tspd_smc_handler()
676 	 * Request from the non-secure world to abort a preempted Yielding SMC  in tspd_smc_handler()
708 		 * Request from non secure world to resume the preempted  in tspd_smc_handler()
719 		 * This is a resume request from the non-secure client.  in tspd_smc_handler()
720 		 * save the non-secure state and send the request to  in tspd_smc_handler()
721 		 * the secure payload.  in tspd_smc_handler()
732 		 * We are done stashing the non-secure context. Ask the  in tspd_smc_handler()
733 		 * secure payload to do the work now.  in tspd_smc_handler()
740 		enable_intr_rm_local(INTR_TYPE_NS, SECURE);  in tspd_smc_handler()
746 		 * Non-secure interrupts. Also, supply the preemption return  in tspd_smc_handler()
755 		cm_el1_sysregs_context_restore(SECURE);  in tspd_smc_handler()
756 		cm_set_next_eret_context(SECURE);  in tspd_smc_handler()
760 		 * This is a request from the secure payload for more arguments  in tspd_smc_handler()
762 		 * non-secure world. Simply return the arguments from the non-  in tspd_smc_handler()
763 		 * secure client in the original call.  in tspd_smc_handler()
775 		 * provide service to non-secure  in tspd_smc_handler()