diff options
| author | Soby Mathew <soby.mathew@arm.com> | 2014-10-02 16:56:51 +0100 |
|---|---|---|
| committer | Soby Mathew <soby.mathew@arm.com> | 2015-01-23 18:36:15 +0000 |
| commit | 539dcedb7d83804a4237c4385b2cb15f0b7ee0b5 (patch) | |
| tree | 83e9dc96a440e1c2f113bc822c7ecd3ebc7baf5d /docs/porting-guide.md | |
| parent | 31244d74b350d49cfba6ad46d90dad2d5f2f364c (diff) | |
Validate power_state and entrypoint when executing PSCI calls
This patch allows the platform to validate the power_state and
entrypoint information from the normal world early on in PSCI
calls so that we can return the error safely. New optional
pm_ops hooks `validate_power_state` and `validate_ns_entrypoint`
are introduced to do this.
As a result of these changes, all the other pm_ops handlers except
the PSCI_ON handler are expected to be successful. Also, the PSCI
implementation will now assert if a PSCI API is invoked without the
corresponding pm_ops handler being registered by the platform.
NOTE : PLATFORM PORTS WILL BREAK ON MERGE OF THIS COMMIT. The
pm hooks have 2 additional optional callbacks and the return type
of the other hooks have changed.
Fixes ARM-Software/tf-issues#229
Change-Id: I036bc0cff2349187c7b8b687b9ee0620aa7e24dc
Diffstat (limited to 'docs/porting-guide.md')
| -rw-r--r-- | docs/porting-guide.md | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/docs/porting-guide.md b/docs/porting-guide.md index 77c36ccf..03b5888e 100644 --- a/docs/porting-guide.md +++ b/docs/porting-guide.md @@ -1094,13 +1094,14 @@ the passed pointer with a pointer to BL3-1's private `plat_pm_ops` structure. A description of each member of this structure is given below. Please refer to the ARM FVP specific implementation of these handlers in [plat/fvp/fvp_pm.c] -as an example. A platform port may choose not implement some of the power -management operations. +as an example. A platform port is expected to implement these handlers if the +corresponding PSCI operation is to be supported and these handlers are expected +to succeed if the return type is `void`. #### plat_pm_ops.affinst_standby() Perform the platform-specific setup to enter the standby state indicated by the -passed argument. +passed argument. The generic code expects the handler to succeed. #### plat_pm_ops.affinst_on() @@ -1111,7 +1112,8 @@ by the `MPIDR` (first argument) and `affinity level` (third argument). The example, while powering on a CPU, the cluster that contains this CPU might already be in the ON state. The platform decides what actions must be taken to transition from the current state to the target state (indicated by the power -management operation). +management operation). The generic code expects the platform to return +E_SUCCESS on success or E_INTERN_FAIL for any failure. #### plat_pm_ops.affinst_off() @@ -1125,7 +1127,7 @@ current state. This gives the platform port an indication of the state transition it must make to perform the requested action. For example, if the calling CPU is the last powered on CPU in the cluster, after powering down affinity level 0 (CPU), the platform port should power down affinity level 1 -(the cluster) as well. +(the cluster) as well. The generic code expects the handler to succeed. #### plat_pm_ops.affinst_suspend() @@ -1146,7 +1148,7 @@ is that in the former case, the affinity instance is expected to re-initialize its state when its next powered on (see `affinst_on_finish()`). In the latter case, the affinity instance is expected to save enough state so that it can resume execution by restoring this state when its powered on (see -`affinst_suspend_finish()`). +`affinst_suspend_finish()`).The generic code expects the handler to succeed. #### plat_pm_ops.affinst_on_finish() @@ -1157,7 +1159,8 @@ this CPU to enter the normal world and also provide secure runtime firmware services. The `affinity level` (first argument) and `state` (second argument) have a -similar meaning as described in the previous operations. +similar meaning as described in the previous operations. The generic code +expects the handler to succeed. #### plat_pm_ops.affinst_on_suspend() @@ -1169,7 +1172,24 @@ restore the saved state for this CPU to resume execution in the normal world and also provide secure runtime firmware services. The `affinity level` (first argument) and `state` (second argument) have a -similar meaning as described in the previous operations. +similar meaning as described in the previous operations. The generic code +expects the platform to succeed. + +#### plat_pm_ops.validate_power_state() + +This function is called by the PSCI implementation during the `CPU_SUSPEND` +call to validate the `power_state` parameter of the PSCI API. If the +`power_state` is known to be invalid, the platform must return +PSCI_E_INVALID_PARAMS as error, which is propagated back to the normal +world PSCI client. + +#### plat_pm_ops.validate_ns_entrypoint() + +This function is called by the PSCI implementation during the `CPU_SUSPEND` +and `CPU_ON` calls to validate the non-secure `entry_point` parameter passed +by the normal world. If the `entry_point` is known to be invalid, the platform +must return PSCI_E_INVALID_PARAMS as error, which is propagated back to the +normal world PSCI client. BL3-1 platform initialization code must also detect the system topology and the state of each affinity instance in the topology. This information is |