andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
arm-trusted-firmware/include/lib/xlat_tables/xlat_tables_v2_helpers.h

218 lines
6.6 KiB
C
Raw Normal View History

xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
/*
Read-only xlat tables for BL31 memory This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
2019-11-07 15:18:03 +00:00
* Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/*
* This header file contains internal definitions that are not supposed to be
* used outside of this library code.
*/
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
#ifndef XLAT_TABLES_V2_HELPERS_H
#define XLAT_TABLES_V2_HELPERS_H
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
#ifndef XLAT_TABLES_V2_H
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
#error "Do not include this header file directly. Include xlat_tables_v2.h instead."
#endif
Replace __ASSEMBLY__ with compiler-builtin __ASSEMBLER__ NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__. All common C compilers predefine a macro called __ASSEMBLER__ when preprocessing a .S file. There is no reason for TF-A to define it's own __ASSEMBLY__ macro for this purpose instead. To unify code with the export headers (which use __ASSEMBLER__ to avoid one extra dependency), let's deprecate __ASSEMBLY__ and switch the code base over to the predefined standard. Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417 Signed-off-by: Julius Werner <jwerner@chromium.org>
2019-07-09 21:49:11 +01:00
#ifndef __ASSEMBLER__
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
xlat: Use bool instead of int Change-Id: I35d5b6a7c219f6f38983b30f157c1ed3808af17f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-08-02 09:57:29 +01:00
#include <stdbool.h>
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
#include <stddef.h>
Sanitise includes across codebase Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way: e0ea0928d5b7 ("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems: 46f9b2c3a282 ("drivers: add tzc380 support"). This problem was introduced in commit 4ecca33988b9 ("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-12-14 00:18:21 +00:00
#include <platform_def.h>
#include <lib/cassert.h>
#include <lib/xlat_tables/xlat_tables_arch.h>
#include <lib/xlat_tables/xlat_tables_defs.h>
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
/* Forward declaration */
struct mmap_region;
xlat: Introduce MAP_REGION2() macro The current implementation of the memory mapping API favours mapping memory regions using the biggest possible block size in order to reduce the number of translation tables needed. In some cases, this behaviour might not be desirable. When translation tables are edited at run-time, coarse-grain mappings like that might need splitting into finer-grain tables. This operation has a performance cost. The MAP_REGION2() macro allows to specify the granularity of translation tables used for the initial mapping of a memory region. This might increase performance for memory regions that are likely to be edited in the future, at the expense of a potentially increased memory footprint. The Translation Tables Library Design Guide has been updated to explain the use case for this macro. Also added a few intermediate titles to make the guide easier to digest. Change-Id: I04de9302e0ee3d326b8877043a9f638766b81b7b Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2017-09-28 21:58:12 +01:00
/*
* Helper macro to define an mmap_region_t. This macro allows to specify all
* the fields of the structure but its parameter list is not guaranteed to
* remain stable as we add members to mmap_region_t.
*/
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
#define MAP_REGION_FULL_SPEC(_pa, _va, _sz, _attr, _gr) \
xlat: Introduce MAP_REGION2() macro The current implementation of the memory mapping API favours mapping memory regions using the biggest possible block size in order to reduce the number of translation tables needed. In some cases, this behaviour might not be desirable. When translation tables are edited at run-time, coarse-grain mappings like that might need splitting into finer-grain tables. This operation has a performance cost. The MAP_REGION2() macro allows to specify the granularity of translation tables used for the initial mapping of a memory region. This might increase performance for memory regions that are likely to be edited in the future, at the expense of a potentially increased memory footprint. The Translation Tables Library Design Guide has been updated to explain the use case for this macro. Also added a few intermediate titles to make the guide easier to digest. Change-Id: I04de9302e0ee3d326b8877043a9f638766b81b7b Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2017-09-28 21:58:12 +01:00
{ \
.base_pa = (_pa), \
.base_va = (_va), \
.size = (_sz), \
.attr = (_attr), \
.granularity = (_gr), \
}
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
/* Struct that holds all information about the translation tables. */
struct xlat_ctx {
/*
* Max allowed Virtual and Physical Addresses.
*/
unsigned long long pa_max_address;
uintptr_t va_max_address;
/*
* Array of all memory regions stored in order of ascending end address
* and ascending size to simplify the code that allows overlapping
* regions. The list is terminated by the first entry with size == 0.
* The max size of the list is stored in `mmap_num`. `mmap` points to an
* array of mmap_num + 1 elements, so that there is space for the final
* null entry.
*/
struct mmap_region *mmap;
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
int mmap_num;
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
/*
* Array of finer-grain translation tables.
* For example, if the initial lookup level is 1 then this array would
* contain both level-2 and level-3 entries.
*/
uint64_t (*tables)[XLAT_TABLE_ENTRIES];
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
int tables_num;
Read-only xlat tables for BL31 memory This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
2019-11-07 15:18:03 +00:00
#if PLAT_RO_XLAT_TABLES
bool readonly_tables;
#endif
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
/*
* Keep track of how many regions are mapped in each table. The base
* table can't be unmapped so it isn't needed to keep track of it.
*/
#if PLAT_XLAT_TABLES_DYNAMIC
int *tables_mapped_regions;
#endif /* PLAT_XLAT_TABLES_DYNAMIC */
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
int next_table;
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
/*
* Base translation table. It doesn't need to have the same amount of
* entries as the ones used for other levels.
*/
uint64_t *base_table;
unsigned int base_table_entries;
/*
* Max Physical and Virtual addresses currently in use by the
* translation tables. These might get updated as we map/unmap memory
* regions but they will never go beyond pa/va_max_address.
*/
unsigned long long max_pa;
uintptr_t max_va;
/* Level of the base translation table. */
unsigned int base_level;
xlat: Use bool instead of int Change-Id: I35d5b6a7c219f6f38983b30f157c1ed3808af17f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-08-02 09:57:29 +01:00
/* Set to true when the translation tables are initialized. */
bool initialized;
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
/*
xlat v2: Split code into separate files Instead of having one big file with all the code, it's better to have a few smaller files that are more manageable: - xlat_tables_core.c: Code related to the core functionality of the library (map and unmap regions, initialize xlat context). - xlat_tables_context.c: Instantiation of the active image context as well as APIs to manipulate it. - xlat_tables_utils.c: Helper code that isn't part of the core functionality (change attributes, debug print messages). Change-Id: I3ea956fc1afd7473c0bb5e7c6aab3b2e5d88c711 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-03 11:58:49 +01:00
* Translation regime managed by this xlat_ctx_t. It should be one of
* the EL*_REGIME defines.
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
*/
xlat: Add support for EL0 and EL1 mappings This patch introduces the ability of the xlat tables library to manage EL0 and EL1 mappings from a higher exception level. Attributes MT_USER and MT_PRIVILEGED have been added to allow the user specify the target EL in the translation regime EL1&0. REGISTER_XLAT_CONTEXT2 macro is introduced to allow creating a xlat_ctx_t that targets a given translation regime (EL1&0 or EL3). A new member is added to xlat_ctx_t to represent the translation regime the xlat_ctx_t manages. The execute_never mask member is removed as it is computed from existing information. Change-Id: I95e14abc3371d7a6d6a358cc54c688aa9975c110 Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2017-10-04 16:52:15 +01:00
int xlat_regime;
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
};
#if PLAT_XLAT_TABLES_DYNAMIC
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
#define XLAT_ALLOC_DYNMAP_STRUCT(_ctx_name, _xlat_tables_count) \
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
static int _ctx_name##_mapped_regions[_xlat_tables_count];
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
#define XLAT_REGISTER_DYNMAP_STRUCT(_ctx_name) \
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
.tables_mapped_regions = _ctx_name##_mapped_regions,
#else
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
#define XLAT_ALLOC_DYNMAP_STRUCT(_ctx_name, _xlat_tables_count) \
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
/* do nothing */
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
#define XLAT_REGISTER_DYNMAP_STRUCT(_ctx_name) \
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
/* do nothing */
#endif /* PLAT_XLAT_TABLES_DYNAMIC */
Read-only xlat tables for BL31 memory This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
2019-11-07 15:18:03 +00:00
#if PLAT_RO_XLAT_TABLES
#define XLAT_CTX_INIT_TABLE_ATTR() \
.readonly_tables = false,
#else
#define XLAT_CTX_INIT_TABLE_ATTR()
/* do nothing */
#endif
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
#define REGISTER_XLAT_CONTEXT_FULL_SPEC(_ctx_name, _mmap_count, \
_xlat_tables_count, _virt_addr_space_size, \
_phy_addr_space_size, _xlat_regime, _section_name)\
CASSERT(CHECK_PHY_ADDR_SPACE_SIZE(_phy_addr_space_size), \
assert_invalid_physical_addr_space_sizefor_##_ctx_name);\
\
static mmap_region_t _ctx_name##_mmap[_mmap_count + 1]; \
\
static uint64_t _ctx_name##_xlat_tables[_xlat_tables_count] \
[XLAT_TABLE_ENTRIES] \
__aligned(XLAT_TABLE_SIZE) __section(_section_name); \
\
static uint64_t _ctx_name##_base_xlat_table \
[GET_NUM_BASE_LEVEL_ENTRIES(_virt_addr_space_size)] \
__aligned(GET_NUM_BASE_LEVEL_ENTRIES(_virt_addr_space_size)\
* sizeof(uint64_t)); \
\
XLAT_ALLOC_DYNMAP_STRUCT(_ctx_name, _xlat_tables_count) \
\
static xlat_ctx_t _ctx_name##_xlat_ctx = { \
.pa_max_address = (_phy_addr_space_size) - 1ULL, \
Read-only xlat tables for BL31 memory This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
2019-11-07 15:18:03 +00:00
.va_max_address = (_virt_addr_space_size) - 1UL, \
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
.mmap = _ctx_name##_mmap, \
.mmap_num = (_mmap_count), \
Read-only xlat tables for BL31 memory This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
2019-11-07 15:18:03 +00:00
.tables = _ctx_name##_xlat_tables, \
.tables_num = _xlat_tables_count, \
XLAT_CTX_INIT_TABLE_ATTR() \
XLAT_REGISTER_DYNMAP_STRUCT(_ctx_name) \
.next_table = 0, \
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
.base_table = _ctx_name##_base_xlat_table, \
.base_table_entries = \
GET_NUM_BASE_LEVEL_ENTRIES(_virt_addr_space_size),\
Read-only xlat tables for BL31 memory This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
2019-11-07 15:18:03 +00:00
.max_pa = 0U, \
.max_va = 0U, \
.base_level = GET_XLAT_TABLE_LEVEL_BASE(_virt_addr_space_size),\
.initialized = false, \
.xlat_regime = (_xlat_regime) \
}
#define REGISTER_XLAT_CONTEXT_RO_BASE_TABLE(_ctx_name, _mmap_count, \
_xlat_tables_count, _virt_addr_space_size, \
_phy_addr_space_size, _xlat_regime, _section_name)\
CASSERT(CHECK_PHY_ADDR_SPACE_SIZE(_phy_addr_space_size), \
assert_invalid_physical_addr_space_sizefor_##_ctx_name);\
\
static mmap_region_t _ctx_name##_mmap[_mmap_count + 1]; \
\
static uint64_t _ctx_name##_xlat_tables[_xlat_tables_count] \
[XLAT_TABLE_ENTRIES] \
__aligned(XLAT_TABLE_SIZE) __section(_section_name); \
\
static uint64_t _ctx_name##_base_xlat_table \
[GET_NUM_BASE_LEVEL_ENTRIES(_virt_addr_space_size)] \
__aligned(GET_NUM_BASE_LEVEL_ENTRIES(_virt_addr_space_size)\
* sizeof(uint64_t)) \
__section(".rodata"); \
\
XLAT_ALLOC_DYNMAP_STRUCT(_ctx_name, _xlat_tables_count) \
\
static xlat_ctx_t _ctx_name##_xlat_ctx = { \
.pa_max_address = (_phy_addr_space_size) - 1ULL, \
.va_max_address = (_virt_addr_space_size) - 1UL, \
.mmap = _ctx_name##_mmap, \
.mmap_num = (_mmap_count), \
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
.tables = _ctx_name##_xlat_tables, \
.tables_num = _xlat_tables_count, \
Read-only xlat tables for BL31 memory This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
2019-11-07 15:18:03 +00:00
XLAT_CTX_INIT_TABLE_ATTR() \
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
XLAT_REGISTER_DYNMAP_STRUCT(_ctx_name) \
Read-only xlat tables for BL31 memory This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
2019-11-07 15:18:03 +00:00
.next_table = 0, \
.base_table = _ctx_name##_base_xlat_table, \
.base_table_entries = \
GET_NUM_BASE_LEVEL_ENTRIES(_virt_addr_space_size),\
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
.max_pa = 0U, \
.max_va = 0U, \
Read-only xlat tables for BL31 memory This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
2019-11-07 15:18:03 +00:00
.base_level = GET_XLAT_TABLE_LEVEL_BASE(_virt_addr_space_size),\
xlat: Use bool instead of int Change-Id: I35d5b6a7c219f6f38983b30f157c1ed3808af17f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-08-02 09:57:29 +01:00
.initialized = false, \
Read-only xlat tables for BL31 memory This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
2019-11-07 15:18:03 +00:00
.xlat_regime = (_xlat_regime) \
xlat lib v2: Export translation context as an opaque type At the moment, the translation context type (xlat_ctx_t) is a private type reserved for the internal usage of the translation table library. All exported APIs (implemented in xlat_tables_common.c) are wrappers over the internal implementations that use such a translation context. These wrappers unconditionally pass the current translation context representing the memory mappings of the executing BL image. This means that the caller has no control over which translation context the library functions act on. As a first step to make this code more flexible, this patch exports the 'xlat_ctx_t' type. Note that, although the declaration of this type is now public, its definition stays private. A macro is introduced to statically allocate and initialize such a translation context. The library now internally uses this macro to allocate the default translation context for the running BL image. Change-Id: Icece1cde4813fac19452c782b682c758142b1489 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-10 13:37:48 +01:00
}
Replace __ASSEMBLY__ with compiler-builtin __ASSEMBLER__ NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__. All common C compilers predefine a macro called __ASSEMBLER__ when preprocessing a .S file. There is no reason for TF-A to define it's own __ASSEMBLY__ macro for this purpose instead. To unify code with the export headers (which use __ASSEMBLER__ to avoid one extra dependency), let's deprecate __ASSEMBLY__ and switch the code base over to the predefined standard. Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417 Signed-off-by: Julius Werner <jwerner@chromium.org>
2019-07-09 21:49:11 +01:00
#endif /*__ASSEMBLER__*/
xlat v2: Split MMU setup and enable At present, the function provided by the translation library to enable MMU constructs appropriate values for translation library, and programs them to the right registers. The construction of initial values, however, is only required once as both the primary and secondaries program the same values. Additionally, the MMU-enabling function is written in C, which means there's an active stack at the time of enabling MMU. On some systems, like Arm DynamIQ, having active stack while enabling MMU during warm boot might lead to coherency problems. This patch addresses both the above problems by: - Splitting the MMU-enabling function into two: one that sets up values to be programmed into the registers, and another one that takes the pre-computed values and writes to the appropriate registers. With this, the primary effectively calls both functions to have the MMU enabled, but secondaries only need to call the latter. - Rewriting the function that enables MMU in assembly so that it doesn't use stack. This patch fixes a bunch of MISRA issues on the way. Change-Id: I0faca97263a970ffe765f0e731a1417e43fbfc45 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2018-04-27 15:06:57 +01:00
xlat: Fix MISRA defects Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6, 14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9. Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
#endif /* XLAT_TABLES_V2_HELPERS_H */