Linker may decide to put new unspecified sections before .text
section. That will cause non-working image, because entry point isn't
at __BLXX_START__. Device just not booted with such image.

This happened for example with .note.gnu.build-id section generated
for LTO build in some cases. Now linker will report this situation as
an error.

```
/usr/lib/gcc-cross/aarch64-linux-gnu/13/../../../../aarch64-linux-gnu/bin/ld: .text is not aligned on a page boundary.
collect2: error: ld returned 1 exit status
```

Signed-off-by: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Change-Id: I5ae46ddd1e6e431e1df1715d1d301f6dd7181cc7

When ENABLE_RUNTIME_INSTRUMENTATION flag is set timestamps are captured
and output to the fvp console at various boot stages using the PMF
library (which are based on aarch timers).

Timestamps are captured at entry and exit points for Bl1, Bl2
and, Bl3 respectively.

Change-Id: I7c0c502e5dbf73d711700b2fe0085ca3eb9346d2
Signed-off-by: Thaddeus Serna <Thaddeus.Gonzalez-Serna@arm.com>

The FEAT_MTPMU feature disable runs very early after reset. This means,
it needs to be written in assembly, since the C runtime has not been
initialised yet.

However, there is no need for it to be initialised so soon. The PMU
state is only relevant after TF-A has relinquished control. The code
to do this is also very verbose and difficult to read. Delaying the
initialisation allows for it to happen with the rest of the PMU. Align
with FEAT_STATE in the process.

BREAKING CHANGE: This patch explicitly breaks the EL2 entry path. It is
currently unsupported.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I2aa659d026fbdb75152469f6d19812ece3488c6f

Add symbols to mark end of TEXT/RODATA before page alignment.
Similar change was done by commit 8d69a03f

 ("Various
improvements/cleanups on the linker scripts") for
RO_END/COHERENT_RAM. These symbols help to know how much free
space is in the final binary because of page alignment.

Also show all *UNALIGNED__ symbols via poetry.
For example:
poetry run memory -p zynqmp -b debug

Change-Id: I322beba37dad76be9f4e88ca7e5b3eff2df7d96e
Signed-off-by: Michal Simek <michal.simek@amd.com>

The ERRATA_XXX macros, used in cpu_helpers.S, are necessary for the
check_errata_xxx family of functions. The CPU_REV should be used in the
cpu files but for whatever reason the values have been hard-coded so far
(at the cost of readability). It's evident this file is not strictly for
status reporting.

The new purpose of this file is to make it a one-stop-shop for all
things errata.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1ce22dd36df5aa0bcfc5f2772251f91af8703dfb

Add symbols for mapping the physical memory layout of BL1. There are
symbols that partially satisfy this requirement, however, the naming of
these is inconsistent.

Change-Id: I615a7eb28d17e4c2983636ec021124de304573df
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

Reading back a RES0 bit does not necessarily mean it will be read as 0.
The Arm ARM explicitly warns against doing this. The PMU initialisation
code tries to set such bits to 1 (in MDCR_EL3) regardless of whether
they are in use or are RES0, checking their value could be wrong and
PMCR_EL0 might not end up being saved.

Save PMCR_EL0 unconditionally to prevent this. Remove the security state
change as the outgoing state is not relevant to what the root world
context should look like.

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Id43667d37b0e2da3ded0beaf23fa0d4f9013f470

bl1_arch_next_el_setup has no references anywhere in TF-A. Remove it as
it is redundant

Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ice2997f33c318390883347acdd03dc6755f87ea5

This change forces LD to sort all input sections by alignment when
allocating them within an output section. This is done in some places
explicitly in the linker scripts today, but this makes sure we don't
miss any easy targets.

Change-Id: I69d6acea822036a6365a7ea10fa732b5e0387f52
Signed-off-by: Chris Kay <chris.kay@arm.com>

found using checkpatch.pl[1]

[1]: https://review.coreboot.org/plugins/gitiles/coreboot/+/refs/heads/master/util/lint/checkpatch.pl



Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Change-Id: I7957c9694300fefb85d11f7819c43af95271f14c

Some of our specialized sections are not prefixed with the conventional
period. The compiler uses input section names to derive certain other
section names (e.g. `.rela.text`, `.relacpu_ops`), and these can be
difficult to select in linker scripts when there is a lack of a
delimiter.

This change introduces the period prefix to all specialized section
names.

BREAKING-CHANGE: All input and output linker section names have been
 prefixed with the period character, e.g. `cpu_ops` -> `.cpu_ops`.

Change-Id: I51c13c5266d5975fbd944ef4961328e72f82fc1c
Signed-off-by: Chris Kay <chris.kay@arm.com>

The following build system variables have been renamed:

- `LINKERFILE` -> `DEFAULT_LINKER_SCRIPT`
- `BL_LINKERFILE` -> `DEFAULT_LINKER_SCRIPT_SOURCE`
- `<IMAGE>_LINKERFILE` -> `<IMAGE>_DEFAULT_LINKER_SCRIPT_SOURCE`

These new names better reflect how each variable is used:

1. the default linker script is passed via `-dT` instead of `-T`
2. linker script source files are first preprocessed

Additionally, linker scripts are now placed in the build directory
relative to where they exist in the source directory. For example,
the `bl32/sp_min/sp_min.ld.S` would now preprocess to
`sp_min/sp_min.ld` instead of just `bl32.ld`

BREAKING-CHANGE: The `LINKERFILE`, `BL_LINKERFILE` and
 `<IMAGE_LINKERFILE>` build system variables have been renamed. See the
 commit message for more information.

Change-Id: If8cef65dcb8820e8993736702c8741e97a66e6cc
Signed-off-by: Chris Kay <chris.kay@arm.com>

There are a variety of code styles used by the various linker scripts
around the code-base. This change brings them in line with one another
and attempts to make the scripts more friendly for skim-readers.

Change-Id: Ibee2afad0d543129c9ba5a8a22e3ec17d77e36ea
Signed-off-by: Chris Kay <chris.kay@arm.com>

Use four spaces for indentation to maintain a consistent style. This
attempts to make the linker scripts more friendly for readers.

Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: Iaf26d3c8bd7053fd9605a64ebccdae0792a90b9e

New helper functions are created to handle data & prefetch aborts
in AARCH32. They call platform functions, just like what
report_exception is doing.
As extended MSR/MRS instructions (to access lr_abt in monitor mode)
are only available if CPU (Armv7) has virtualization extension,
the functions branch to original report_exception handlers if this is
not the case.
Those new helpers are created mainly to distinguish data and prefetch
aborts, as they both share the same mode.
This adds 40 bytes of code.

Change-Id: I5dd31930344ad4e3a658f8a9d366a87a300aeb67
Signed-off-by: Yann Gautier <yann.gautier@st.com>

Invalidate the SP holding `smc_ctx_t` prior to enabling the data cache
when handling SMCs from the secure world. Enabling the data cache
without doing so results in dirty data either being evicted into main
memory, or being used directly from bl1. This corrupted data causes
system failure as the SMC handler attempts to use it.

Change-Id: I5b7225a6fdd1fcfe34ee054ca46dffea06b84b7d
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

In the next patch we add an extra step of setting the PSTATE
registers to a known state on el3 entry. In this patch we create
the function prepare_el3_entry to wrap the steps needed for before
el3 entry. For now this is only save_gp_pmcr_pauth_regs.

Change-Id: Ie26dc8d89bfaec308769165d2649e84d41be196c
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

Measured-Boot and Trusted-Boot are orthogonal to each other and hence
removed dependency of Trusted-Boot on Measured-Boot by making below
changes -
1. BL1 and BL2 main functions are used for initializing Crypto module
   instead of the authentication module
2. Updated Crypto module registration macro for MEASURED_BOOT with only
   necessary callbacks for calculating image hashes
3. The 'load_auth_image' function is now used for the image measurement
   during Trusted or Non-Trusted Boot flow

Change-Id: I3570e80bae8ce8f5b58d84bd955aa43e925d9fff
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.

As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2

Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

Following changes done:
  1. Remove "fvp_r" specific check from bl1.mk
  2. Override BL1_SOURCES in fvp_r platform.mk
  3. Regroup source files
  4. Remove platform specific change from arm_common

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I74d0b1f317853ab1333744d8da5c59f937789547

This patch enables BL2 to run in root world (EL3) which is
needed as per the security model of RME-enabled systems.

Using the existing BL2_AT_EL3 TF-A build option is not convenient
because that option assumes TF-A BL1 doesn't exist, which is not
the case for RME-enabled systems. For the purposes of RME, we use
a normal BL1 image but we also want to run BL2 in EL3 as normally as
possible, therefore rather than use the special bl2_entrypoint
function in bl2_el3_entrypoint.S, we use a new bl2_entrypoint
function (in bl2_rme_entrypoint.S) which doesn't need reset or
mailbox initialization code seen in the el3_entrypoint_common macro.

The patch also cleans up bl2_el3_entrypoint.S, moving the
bl2_run_next_image function to its own file to avoid duplicating
code.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I99821b4cd550cadcb701f4c0c4dc36da81c7ef55

For v8-R64, especially R82, creating code to run BL1 at EL2, using MPU.

Signed-off-by: Gary Morrison <gary.morrison@arm.com>
Change-Id: I439ac3915b982ad1e61d24365bdd1584b3070425

Only BL32 (SP_min) is supported at the moment, BL1 and BL2_AT_EL3 are just
stubbed with _pie_fixup_size=0.
The changes are an adaptation for AARCH32 on what has been done for
PIE support on AARCH64.
The RELA_SECTION is redefined for AARCH32, as the created section is
.rel.dyn and the symbols are .rel*.

Change-Id: I92bafe70e6b77735f6f890f32f2b637b98cf01b9
Signed-off-by: Yann Gautier <yann.gautier@st.com>

If FEAT_PMUv3 is implemented and PMEVTYPER<n>(_EL0).MT bit is implemented
as well, it is possible to control whether PMU counters take into account
events happening on other threads.

If FEAT_MTPMU is implemented, EL3 (or EL2) can override the MT bit
leaving it to effective state of 0 regardless of any write to it.

This patch introduces the DISABLE_MTPMU flag, which allows to diable
multithread event count from EL3 (or EL2). The flag is disabled
by default so the behavior is consistent with those architectures
that do not implement FEAT_MTPMU.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: Iee3a8470ae8ba13316af1bd40c8d4aa86e0cb85e

Usually, C has no problem up-converting types to larger bit sizes. MISRA
rule 10.7 requires that you not do this, or be very explicit about this.
This resolves the following required rule:

    bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
    The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
    0x3c0U" (32 bits) is less that the right hand operand
    "18446744073709547519ULL" (64 bits).

This also resolves MISRA defects such as:

    bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
    In the expression "3U << 20", shifting more than 7 bits, the number
    of bits in the essential type of the left expression, "3U", is
    not allowed.

Further, MISRA requires that all shifts don't overflow. The definition of
PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
This fixes the violation by changing the definition to 1UL << 12. Since
this uses 32bits, it should not create any issues for aarch32.

This patch also contains a fix for a build failure in the sun50i_a64
platform. Specifically, these misra fixes removed a single and
instruction,

    92407e73        and     x19, x19, #0xffffffff

from the cm_setup_context function caused a relocation in
psci_cpus_on_start to require a linker-generated stub. This increased the
size of the .text section and caused an alignment later on to go over a
page boundary and round up to the end of RAM before placing the .data
section. This sectionn is of non-zero size and therefore causes a link
error.

The fix included in this reorders the functions during link time
without changing their ording with respect to alignment.

Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>

This reduces the scope of these variables and resolves Misra violations
such as:
    bl1/aarch64/bl1_context_mgmt.c:21:[MISRA C-2012 Rule 8.9 (advisory)]
    "bl1_cpu_context" should be defined at block scope.

Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Change-Id: I9b0b26395bce07e10e61d10158c67f9c22ecce44

Move the data section to the common header.

I slightly tweaked some scripts as follows:

[1] bl1.ld.S has ALIGN(16). I added DATA_ALIGN macro, which is 1
    by default, but overridden by bl1.ld.S. Currently, ALIGN(16)
    of the .data section is redundant because commit 41286590
    ("Fix boot failures on some builds linked with ld.lld.") padded
    out the previous section to work around the issue of LLD version
    <= 10.0. This will be fixed in the future release of LLVM, so
    I am keeping the proper way to align LMA.

[2] bl1.ld.S and bl2_el3.ld.S define __DATA_RAM_{START,END}__ instead
    of __DATA_{START,END}__. I put them out of the .data section.

[3] SORT_BY_ALIGNMENT() is missing tsp.ld.S, sp_min.ld.S, and
    mediatek/mt6795/bl31.ld.S. This commit adds SORT_BY_ALIGNMENT()
    for all images, so the symbol order in those three will change,
    but I do not think it is a big deal.

Change-Id: I215bb23c319f045cd88e6f4e8ee2518c67f03692
Si...

The stacks section is the same for all BL linker scripts.

Move it to the common header file.

Change-Id: Ibd253488667ab4f69702d56ff9e9929376704f6c
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

Only BL1 specifies '.' in the address field of the stacks section.

Commit 4f59d835 ("Make BL1 RO and RW base addresses configurable")
added '.' on purpose but the commit message does not help to understand
why.

This commit gets rid of it in order to factor out the stacks section
into include/common/bl_common.ld.h

I compared the build result for PLAT=qemu.

'aarch64-linux-gnu-nm -n build/qemu/release/bl1/bl1.elf' will change
as follows:

@@ -336,8 +336,8 @@
 000000000e04e0e0 d max_log_level
 000000000e04e0e4 D console_state
 000000000e04e0e5 D __DATA_RAM_END__
-000000000e04e0e5 B __STACKS_START__
 000000000e04e100 b platform_normal_stacks
+000000000e04e100 B __STACKS_START__
 000000000e04f100 b bl1_cpu_context
 000000000e04f100 B __BSS_START__
 000000000e04f100 B __STACKS_END__

After this change, __STACKS_START__ will match to platform_normal_stacks,
and I think it makes more sense.

'aarch64-linux-gnu-objdump -h build/qemu/release/bl1/bl1.elf' will change
as follows:

@@ -9,11 +9,11 @@
                   CONTENTS, ALLOC, LOAD, READONLY, DATA
   2 .data         000000e5  000000000e04e000  0000000000004a60  0001e000  2**4
                   CONTENTS, ALLOC, LOAD, DATA
-  3 stacks        0000101b  000000000e04e0e5  000000000e04e0e5  0001e0e5  2**6
+  3 stacks        00001000  000000000e04e100  0000000000004b45  0001e100  2**6
                   ALLOC
-  4 .bss          000007e0  000000000e04f100  000000000e04f100  0001e0e5  2**5
+  4 .bss          000007e0  000000000e04f100  0000000000004b50  0001f100  2**5
                   ALLOC
-  5 xlat_table    00006000  000000000e050000  000000000e050000  0001e0e5  2**12
+  5 xlat_table    00006000  000000000e050000  0000000000004b45  00020000  2**12
                   ALLOC
   6 coherent_ram  00000000  000000000e056000  000000000e056000  0001f000  2**12
                   CONTENTS

Sandrine pointed me to a useful document [1] to understand why LMAs of
stacks, .bss, and xlat_table section have changed.

Before this patch, they fell into this scenario:
 "If the section has a specific VMA address, then this is used as the
  LMA address as well."

With this commit, the following applies:
 "Otherwise if a memory region can be found that is compatible with the
  current section, and this region contains at least one section, then
  the LMA is set so the difference between the VMA and LMA is the same
  as the difference between the VMA and LMA of the last section in the
  located region."

Anyway, those three sections are not loaded, so the LMA changes will not
be a problem. The size of bl1.bin is still the same.

QEMU still boots successfully with this change.

A good thing is, this fixes the error for the latest LLD. If I use the
mainline LLVM, I see the following error. The alignment check will probably
be included in the LLVM 11 release, so it is better to fix it now.

$ PLAT=qemu CC=clang CROSS_COMPILE=aarch64-linux-gnu-
  [ snip ]
ld.lld: error: address (0xe04e0e5) of section stacks is not a multiple of alignment (64)
make: *** [Makefile:1050: build/qemu/release/bl1/bl1.elf] Error 1

[1]: https://sourceware.org/binutils/docs/ld/Output-Section-LMA.html#Output-Section-LMA



Change-Id: I3d2f3cc2858be8b3ce2eab3812a76d1e0b5f3a32
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

Attempts to address MISRA compliance issues in BL1, BL2, and BL31 code.
Mainly issues like not using boolean expressions in conditionals,
conflicting variable names, ignoring return values without (void), adding
explicit casts, etc.

Change-Id: If1fa18ab621b9c374db73fa6eaa6f6e5e55c146a
Signed-off-by: John Powell <john.powell@arm.com>

Move the bss section to the common header. This adds BAKERY_LOCK_NORMAL
and PMF_TIMESTAMP, which previously existed only in BL31. This is not
a big deal because unused data should not be compiled in the first
place. I believe this should be controlled by BL*_SOURCES in Makefiles,
not by linker scripts.

I investigated BL1, BL2, BL2U, BL31 for plat=fvp, and BL2-AT-EL3,
BL31, BL31 for plat=uniphier. I did not see any more  unexpected
code addition.

The bss section has bigger alignment. I added BSS_ALIGN for this.

Currently, SORT_BY_ALIGNMENT() is missing in sp_min.ld.S, and with this
change, the BSS symbols in SP_MIN will be sorted by the alignment.
This is not a big deal (or, even better in terms of the image size).

Change-Id: I680ee61f84067a559bac0757f9d03e73119beb33
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

The common section data are repeated in many linker scripts (often
twice in each script to support SEPARATE_CODE_AND_RODATA). When you
add a new read-only data section, you end up with touching lots of
places.

After this commit, you will only need to touch bl_common.ld.h when
you add a new section to RODATA_COMMON.

Replace a series of RO section with RODATA_COMMON, which contains
6 sections, some of which did not exist before.

This is not a big deal because unneeded data should not be compiled
in the first place. I believe this should be controlled by BL*_SOURCES
in Makefiles, not by linker scripts.

When I was working on this commit, the BL1 image size increased
due to the fconf_populator. Commit c452ba15

 ("fconf: exclude
fconf_dyn_cfg_getter.c from BL1_SOURCES") fixed this issue.

I investigated BL1, BL2, BL2U, BL31 for plat=fvp, and BL2-AT-EL3,
BL31, BL31 for plat=uniphier. I did not see any more  unexpected
code addition.

Change-Id: I5d14d60dbe3c821765bce3ae538968ef266f1460
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

These are mostly used to collect data from special structure,
and repeated in many linker scripts.

To differentiate the alignment size between aarch32/aarch64, I added
a new macro STRUCT_ALIGN.

While I moved the PMF_SVC_DESCS, I dropped #if ENABLE_PMF conditional.
As you can see in include/lib/pmf/pmf_helpers.h, PMF_REGISTER_SERVICE*
are no-op when ENABLE_PMF=0. So, pmf_svc_descs and pmf_timestamp_array
data are not populated.

Change-Id: I3f4ab7fa18f76339f1789103407ba76bda7e56d0
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

TF-A has so many linker scripts, at least one linker script for each BL
image, and some platforms have their own ones. They duplicate quite
similar code (and comments).

When we add some changes to linker scripts, we end up with touching
so many files. This is not nice in the maintainability perspective.

When you look at Linux kernel, the common code is macrofied in
include/asm-generic/vmlinux.lds.h, which is included from each arch
linker script, arch/*/kernel/vmlinux.lds.S

TF-A can follow this approach. Let's factor out the common code into
include/common/bl_common.ld.h

As a start point, this commit factors out the xlat_table section.

Change-Id: Ifa369e9b48e8e12702535d721cc2a16d12397895
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

aarch32 CPUs speculatively execute instructions following a
ERET as if it was not a jump instruction. This could lead to
cache-based side channel vulnerabilities. The software fix is
to place barrier instructions following ERET.

The counterpart patch for aarch64 is merged:
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=f461fe346b728d0e88142fd7b8f2816415af18bc



Change-Id: I2aa3105bee0b92238f389830b3a3b8650f33af3d
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

Fixes for the following MISRA violations:
- Missing explicit parentheses on sub-expression
- An identifier or macro name beginning with an
  underscore, shall not be declared
- Type mismatch in BL1 SMC handlers and tspd_main.c

Change-Id: I7a92abf260da95acb0846b27c2997b59b059efc4
Signed-off-by: Zelalem <zelalem.aweke@arm.com>

Pad the .rodata section to 16 bytes as ld.lld does not apply the ALIGN
statement on the .data section to the LMA. Fixes boot failure on builds
where the .rodata section happens to not be 16 bytes aligned.

Change-Id: I4e95678f73d8b326c5fc749dc7d0ce84e2d603f5
Signed-off-by: Arve Hjønnevåg <arve@android.com>

Fix code that violates the MISRA rule:
MISRA C-2012 Rule 11.9: Literal "0" shall not be used as
null pointer constant.

The fix explicitly checks whether a pointer is NULL.

Change-Id: Ibc318dc0f464982be9a34783f24ccd1d44800551
Signed-off-by: Zelalem <zelalem.aweke@arm.com>

This patch removes unnecessary header file includes
discovered by Coverity HFA option.

Change-Id: I2827c37c1c24866c87db0e206e681900545925d4
Signed-off-by: Zelalem <zelalem.aweke@arm.com>

Even though ERET always causes a jump to another address, aarch64 CPUs
speculatively execute following instructions as if the ERET
instruction was not a jump instruction.
The speculative execution does not cross privilege-levels (to the jump
target as one would expect), but it continues on the kernel privilege
level as if the ERET instruction did not change the control flow -
thus execution anything that is accidentally linked after the ERET
instruction. Later, the results of this speculative execution are
always architecturally discarded, however they can leak data using
microarchitectural side channels. This speculative execution is very
reliable (seems to be unconditional) and it manages to complete even
relatively performance-heavy operations (e.g. multiple dependent
fetches from uncached memory).

This was fixed in Linux, FreeBSD, OpenBSD and Optee OS:
https://github.com/torvalds/linux/commit/679db70801da9fda91d26caf13bf5b5ccc74e8e8
https://github.com/freebsd/freebsd/commit/29fb48ace4186a41c409fde52bcf4216e9e50b61
https://github.com/openbsd/src/commit/3a08873ece1cb28ace89fd65e8f3c1375cc98de2
https://github.com/OP-TEE/optee_os/commit/abfd092aa19f9c0251e3d5551e2d68a9ebcfec8a

It is demonstrated in a SafeSide example:
https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc
https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c



Signed-off-by: Anthony Steinhauser <asteinhauser@google.com>
Change-Id: Iead39b0b9fb4b8d8b5609daaa8be81497ba63a0f