2017-03-08 14:40:23 +00:00
|
|
|
/*
|
2019-05-24 12:17:09 +01:00
|
|
|
* Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
|
2017-03-08 14:40:23 +00:00
|
|
|
*
|
2017-05-03 09:38:09 +01:00
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
2017-03-08 14:40:23 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
#include <errno.h>
|
2018-08-02 09:57:29 +01:00
|
|
|
#include <stdbool.h>
|
2018-08-16 16:52:57 +01:00
|
|
|
#include <stdint.h>
|
2017-03-08 14:40:23 +00:00
|
|
|
#include <string.h>
|
2018-12-14 00:18:21 +00:00
|
|
|
|
|
|
|
|
#include <platform_def.h>
|
|
|
|
|
|
2019-05-24 12:17:09 +01:00
|
|
|
#include <arch_features.h>
|
2018-12-14 00:18:21 +00:00
|
|
|
#include <arch_helpers.h>
|
|
|
|
|
#include <common/debug.h>
|
|
|
|
|
#include <lib/utils_def.h>
|
|
|
|
|
#include <lib/xlat_tables/xlat_tables_defs.h>
|
|
|
|
|
#include <lib/xlat_tables/xlat_tables_v2.h>
|
2017-05-19 09:59:37 +01:00
|
|
|
|
2017-03-08 14:40:23 +00:00
|
|
|
#include "xlat_tables_private.h"
|
|
|
|
|
|
xlat v2: Flush xlat tables after being modified
During cold boot, the initial translation tables are created with data
caches disabled, so all modifications go to memory directly. After the
MMU is enabled and data cache is enabled, any modification to the tables
goes to data cache, and eventually may get flushed to memory.
If CPU0 modifies the tables while CPU1 is off, CPU0 will have the
modified tables in its data cache. When CPU1 is powered on, the MMU is
enabled, then it enables coherency, and then it enables the data cache.
Until this is done, CPU1 isn't in coherency, and the translation tables
it sees can be outdated if CPU0 still has some modified entries in its
data cache.
This can be a problem in some cases. For example, the warm boot code
uses only the tables mapped during cold boot, which don't normally
change. However, if they are modified (and a RO page is made RW, or a XN
page is made executable) the CPU will see the old attributes and crash
when it tries to access it.
This doesn't happen in systems with HW_ASSISTED_COHERENCY or
WARMBOOT_ENABLE_DCACHE_EARLY. In these systems, the data cache is
enabled at the same time as the MMU. As soon as this happens, the CPU is
in coherency.
There was an attempt of a fix in psci_helpers.S, but it didn't solve the
problem. That code has been deleted. The code was introduced in commit
<264410306381> ("Invalidate TLB entries during warm boot").
Now, during a map or unmap operation, the memory associated to each
modified table is flushed. Traversing a table will also flush it's
memory, as there is no way to tell in the current implementation if the
table that has been traversed has also been modified.
Change-Id: I4b520bca27502f1018878061bc5fb82af740bb92
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-08-07 12:47:12 +01:00
|
|
|
/* Helper function that cleans the data cache only if it is enabled. */
|
2019-01-30 16:31:07 +00:00
|
|
|
static inline __attribute__((unused)) void xlat_clean_dcache_range(uintptr_t addr, size_t size)
|
xlat v2: Flush xlat tables after being modified
During cold boot, the initial translation tables are created with data
caches disabled, so all modifications go to memory directly. After the
MMU is enabled and data cache is enabled, any modification to the tables
goes to data cache, and eventually may get flushed to memory.
If CPU0 modifies the tables while CPU1 is off, CPU0 will have the
modified tables in its data cache. When CPU1 is powered on, the MMU is
enabled, then it enables coherency, and then it enables the data cache.
Until this is done, CPU1 isn't in coherency, and the translation tables
it sees can be outdated if CPU0 still has some modified entries in its
data cache.
This can be a problem in some cases. For example, the warm boot code
uses only the tables mapped during cold boot, which don't normally
change. However, if they are modified (and a RO page is made RW, or a XN
page is made executable) the CPU will see the old attributes and crash
when it tries to access it.
This doesn't happen in systems with HW_ASSISTED_COHERENCY or
WARMBOOT_ENABLE_DCACHE_EARLY. In these systems, the data cache is
enabled at the same time as the MMU. As soon as this happens, the CPU is
in coherency.
There was an attempt of a fix in psci_helpers.S, but it didn't solve the
problem. That code has been deleted. The code was introduced in commit
<264410306381> ("Invalidate TLB entries during warm boot").
Now, during a map or unmap operation, the memory associated to each
modified table is flushed. Traversing a table will also flush it's
memory, as there is no way to tell in the current implementation if the
table that has been traversed has also been modified.
Change-Id: I4b520bca27502f1018878061bc5fb82af740bb92
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-08-07 12:47:12 +01:00
|
|
|
{
|
|
|
|
|
if (is_dcache_enabled())
|
|
|
|
|
clean_dcache_range(addr, size);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-27 17:23:54 +00:00
|
|
|
#if PLAT_XLAT_TABLES_DYNAMIC
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The following functions assume that they will be called using subtables only.
|
|
|
|
|
* The base table can't be unmapped, so it is not needed to do any special
|
|
|
|
|
* handling for it.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Returns the index of the array corresponding to the specified translation
|
|
|
|
|
* table.
|
|
|
|
|
*/
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
static int xlat_table_get_index(const xlat_ctx_t *ctx, const uint64_t *table)
|
2017-02-27 17:23:54 +00:00
|
|
|
{
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
for (int i = 0; i < ctx->tables_num; i++)
|
2017-02-27 17:23:54 +00:00
|
|
|
if (ctx->tables[i] == table)
|
|
|
|
|
return i;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Maybe we were asked to get the index of the base level table, which
|
|
|
|
|
* should never happen.
|
|
|
|
|
*/
|
2018-08-02 09:57:29 +01:00
|
|
|
assert(false);
|
2017-02-27 17:23:54 +00:00
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Returns a pointer to an empty translation table. */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
static uint64_t *xlat_table_get_empty(const xlat_ctx_t *ctx)
|
2017-02-27 17:23:54 +00:00
|
|
|
{
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
for (int i = 0; i < ctx->tables_num; i++)
|
2017-02-27 17:23:54 +00:00
|
|
|
if (ctx->tables_mapped_regions[i] == 0)
|
|
|
|
|
return ctx->tables[i];
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Increments region count for a given table. */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
static void xlat_table_inc_regions_count(const xlat_ctx_t *ctx,
|
|
|
|
|
const uint64_t *table)
|
2017-02-27 17:23:54 +00:00
|
|
|
{
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
int idx = xlat_table_get_index(ctx, table);
|
|
|
|
|
|
|
|
|
|
ctx->tables_mapped_regions[idx]++;
|
2017-02-27 17:23:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Decrements region count for a given table. */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
static void xlat_table_dec_regions_count(const xlat_ctx_t *ctx,
|
|
|
|
|
const uint64_t *table)
|
2017-02-27 17:23:54 +00:00
|
|
|
{
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
int idx = xlat_table_get_index(ctx, table);
|
|
|
|
|
|
|
|
|
|
ctx->tables_mapped_regions[idx]--;
|
2017-02-27 17:23:54 +00:00
|
|
|
}
|
|
|
|
|
|
2018-07-03 11:58:49 +01:00
|
|
|
/* Returns 0 if the specified table isn't empty, otherwise 1. */
|
2018-08-02 09:57:29 +01:00
|
|
|
static bool xlat_table_is_empty(const xlat_ctx_t *ctx, const uint64_t *table)
|
2017-02-27 17:23:54 +00:00
|
|
|
{
|
2018-08-02 09:57:29 +01:00
|
|
|
return ctx->tables_mapped_regions[xlat_table_get_index(ctx, table)] == 0;
|
2017-02-27 17:23:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#else /* PLAT_XLAT_TABLES_DYNAMIC */
|
|
|
|
|
|
2017-03-08 14:40:23 +00:00
|
|
|
/* Returns a pointer to the first empty translation table. */
|
|
|
|
|
static uint64_t *xlat_table_get_empty(xlat_ctx_t *ctx)
|
|
|
|
|
{
|
|
|
|
|
assert(ctx->next_table < ctx->tables_num);
|
|
|
|
|
|
|
|
|
|
return ctx->tables[ctx->next_table++];
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-27 17:23:54 +00:00
|
|
|
#endif /* PLAT_XLAT_TABLES_DYNAMIC */
|
|
|
|
|
|
2017-10-04 16:52:15 +01:00
|
|
|
/*
|
|
|
|
|
* Returns a block/page table descriptor for the given level and attributes.
|
|
|
|
|
*/
|
2018-07-03 11:58:49 +01:00
|
|
|
uint64_t xlat_desc(const xlat_ctx_t *ctx, uint32_t attr,
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
unsigned long long addr_pa, unsigned int level)
|
2017-03-08 14:40:23 +00:00
|
|
|
{
|
|
|
|
|
uint64_t desc;
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
uint32_t mem_type;
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
/* Make sure that the granularity is fine enough to map this address. */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
assert((addr_pa & XLAT_BLOCK_MASK(level)) == 0U);
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
desc = addr_pa;
|
|
|
|
|
/*
|
|
|
|
|
* There are different translation table descriptors for level 3 and the
|
|
|
|
|
* rest.
|
|
|
|
|
*/
|
|
|
|
|
desc |= (level == XLAT_TABLE_LEVEL_MAX) ? PAGE_DESC : BLOCK_DESC;
|
|
|
|
|
/*
|
2018-07-12 15:54:10 +01:00
|
|
|
* Always set the access flag, as this library assumes access flag
|
|
|
|
|
* faults aren't managed.
|
|
|
|
|
*/
|
|
|
|
|
desc |= LOWER_ATTRS(ACCESS_FLAG);
|
|
|
|
|
/*
|
2017-03-08 14:40:23 +00:00
|
|
|
* Deduce other fields of the descriptor based on the MT_NS and MT_RW
|
|
|
|
|
* memory region attributes.
|
|
|
|
|
*/
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
desc |= ((attr & MT_NS) != 0U) ? LOWER_ATTRS(NS) : 0U;
|
|
|
|
|
desc |= ((attr & MT_RW) != 0U) ? LOWER_ATTRS(AP_RW) : LOWER_ATTRS(AP_RO);
|
2017-10-04 16:52:15 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Do not allow unprivileged access when the mapping is for a privileged
|
|
|
|
|
* EL. For translation regimes that do not have mappings for access for
|
|
|
|
|
* lower exception levels, set AP[2] to AP_NO_ACCESS_UNPRIVILEGED.
|
|
|
|
|
*/
|
|
|
|
|
if (ctx->xlat_regime == EL1_EL0_REGIME) {
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if ((attr & MT_USER) != 0U) {
|
2017-10-04 16:52:15 +01:00
|
|
|
/* EL0 mapping requested, so we give User access */
|
|
|
|
|
desc |= LOWER_ATTRS(AP_ACCESS_UNPRIVILEGED);
|
|
|
|
|
} else {
|
|
|
|
|
/* EL1 mapping requested, no User access granted */
|
|
|
|
|
desc |= LOWER_ATTRS(AP_NO_ACCESS_UNPRIVILEGED);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2018-08-07 19:59:49 +01:00
|
|
|
assert((ctx->xlat_regime == EL2_REGIME) ||
|
|
|
|
|
(ctx->xlat_regime == EL3_REGIME));
|
2018-04-26 12:59:08 +01:00
|
|
|
desc |= LOWER_ATTRS(AP_ONE_VA_RANGE_RES1);
|
2017-10-04 16:52:15 +01:00
|
|
|
}
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Deduce shareability domain and executability of the memory region
|
|
|
|
|
* from the memory type of the attributes (MT_TYPE).
|
|
|
|
|
*
|
|
|
|
|
* Data accesses to device memory and non-cacheable normal memory are
|
|
|
|
|
* coherent for all observers in the system, and correspondingly are
|
|
|
|
|
* always treated as being Outer Shareable. Therefore, for these 2 types
|
|
|
|
|
* of memory, it is not strictly needed to set the shareability field
|
|
|
|
|
* in the translation tables.
|
|
|
|
|
*/
|
|
|
|
|
mem_type = MT_TYPE(attr);
|
|
|
|
|
if (mem_type == MT_DEVICE) {
|
|
|
|
|
desc |= LOWER_ATTRS(ATTR_DEVICE_INDEX | OSH);
|
|
|
|
|
/*
|
|
|
|
|
* Always map device memory as execute-never.
|
|
|
|
|
* This is to avoid the possibility of a speculative instruction
|
|
|
|
|
* fetch, which could be an issue if this memory region
|
|
|
|
|
* corresponds to a read-sensitive peripheral.
|
|
|
|
|
*/
|
2017-10-04 16:52:15 +01:00
|
|
|
desc |= xlat_arch_regime_get_xn_desc(ctx->xlat_regime);
|
Fix execute-never permissions in xlat tables libs
Translation regimes that only support one virtual address space (such as
the ones for EL2 and EL3) can flag memory regions as execute-never by
setting to 1 the XN bit in the Upper Attributes field in the translation
tables descriptors. Translation regimes that support two different
virtual address spaces (such as the one shared by EL1 and EL0) use bits
PXN and UXN instead.
The Trusted Firmware runs at EL3 and EL1, it has to handle translation
tables of both translation regimes, but the previous code handled both
regimes the same way, as if both had only 1 VA range.
When trying to set a descriptor as execute-never it would set the XN
bit correctly in EL3, but it would set the XN bit in EL1 as well. XN is
at the same bit position as UXN, which means that EL0 was being
prevented from executing code at this region, not EL1 as the code
intended. Therefore, the PXN bit was unset to 0 all the time. The result
is that, in AArch64 mode, read-only data sections of BL2 weren't
protected from being executed.
This patch adds support of translation regimes with two virtual address
spaces to both versions of the translation tables library, fixing the
execute-never permissions for translation tables in EL1.
The library currently does not support initializing translation tables
for EL0 software, therefore it does not set/unset the UXN bit. If EL1
software needs to initialize translation tables for EL0 software, it
should use a different library instead.
Change-Id: If27588f9820ff42988851d90dc92801c8ecbe0c9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2017-04-27 13:30:22 +01:00
|
|
|
|
2017-03-08 14:40:23 +00:00
|
|
|
} else { /* Normal memory */
|
|
|
|
|
/*
|
|
|
|
|
* Always map read-write normal memory as execute-never.
|
2018-07-12 15:54:10 +01:00
|
|
|
* This library assumes that it is used by software that does
|
|
|
|
|
* not self-modify its code, therefore R/W memory is reserved
|
|
|
|
|
* for data storage, which must not be executable.
|
|
|
|
|
*
|
2017-03-08 14:40:23 +00:00
|
|
|
* Note that setting the XN bit here is for consistency only.
|
Fix execute-never permissions in xlat tables libs
Translation regimes that only support one virtual address space (such as
the ones for EL2 and EL3) can flag memory regions as execute-never by
setting to 1 the XN bit in the Upper Attributes field in the translation
tables descriptors. Translation regimes that support two different
virtual address spaces (such as the one shared by EL1 and EL0) use bits
PXN and UXN instead.
The Trusted Firmware runs at EL3 and EL1, it has to handle translation
tables of both translation regimes, but the previous code handled both
regimes the same way, as if both had only 1 VA range.
When trying to set a descriptor as execute-never it would set the XN
bit correctly in EL3, but it would set the XN bit in EL1 as well. XN is
at the same bit position as UXN, which means that EL0 was being
prevented from executing code at this region, not EL1 as the code
intended. Therefore, the PXN bit was unset to 0 all the time. The result
is that, in AArch64 mode, read-only data sections of BL2 weren't
protected from being executed.
This patch adds support of translation regimes with two virtual address
spaces to both versions of the translation tables library, fixing the
execute-never permissions for translation tables in EL1.
The library currently does not support initializing translation tables
for EL0 software, therefore it does not set/unset the UXN bit. If EL1
software needs to initialize translation tables for EL0 software, it
should use a different library instead.
Change-Id: If27588f9820ff42988851d90dc92801c8ecbe0c9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2017-04-27 13:30:22 +01:00
|
|
|
* The function that enables the MMU sets the SCTLR_ELx.WXN bit,
|
2017-03-08 14:40:23 +00:00
|
|
|
* which makes any writable memory region to be treated as
|
|
|
|
|
* execute-never, regardless of the value of the XN bit in the
|
|
|
|
|
* translation table.
|
|
|
|
|
*
|
|
|
|
|
* For read-only memory, rely on the MT_EXECUTE/MT_EXECUTE_NEVER
|
2017-10-04 16:52:15 +01:00
|
|
|
* attribute to figure out the value of the XN bit. The actual
|
|
|
|
|
* XN bit(s) to set in the descriptor depends on the context's
|
|
|
|
|
* translation regime and the policy applied in
|
|
|
|
|
* xlat_arch_regime_get_xn_desc().
|
2017-03-08 14:40:23 +00:00
|
|
|
*/
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if (((attr & MT_RW) != 0U) || ((attr & MT_EXECUTE_NEVER) != 0U)) {
|
2017-10-04 16:52:15 +01:00
|
|
|
desc |= xlat_arch_regime_get_xn_desc(ctx->xlat_regime);
|
Fix execute-never permissions in xlat tables libs
Translation regimes that only support one virtual address space (such as
the ones for EL2 and EL3) can flag memory regions as execute-never by
setting to 1 the XN bit in the Upper Attributes field in the translation
tables descriptors. Translation regimes that support two different
virtual address spaces (such as the one shared by EL1 and EL0) use bits
PXN and UXN instead.
The Trusted Firmware runs at EL3 and EL1, it has to handle translation
tables of both translation regimes, but the previous code handled both
regimes the same way, as if both had only 1 VA range.
When trying to set a descriptor as execute-never it would set the XN
bit correctly in EL3, but it would set the XN bit in EL1 as well. XN is
at the same bit position as UXN, which means that EL0 was being
prevented from executing code at this region, not EL1 as the code
intended. Therefore, the PXN bit was unset to 0 all the time. The result
is that, in AArch64 mode, read-only data sections of BL2 weren't
protected from being executed.
This patch adds support of translation regimes with two virtual address
spaces to both versions of the translation tables library, fixing the
execute-never permissions for translation tables in EL1.
The library currently does not support initializing translation tables
for EL0 software, therefore it does not set/unset the UXN bit. If EL1
software needs to initialize translation tables for EL0 software, it
should use a different library instead.
Change-Id: If27588f9820ff42988851d90dc92801c8ecbe0c9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2017-04-27 13:30:22 +01:00
|
|
|
}
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
if (mem_type == MT_MEMORY) {
|
|
|
|
|
desc |= LOWER_ATTRS(ATTR_IWBWA_OWBWA_NTR_INDEX | ISH);
|
2019-05-24 12:17:09 +01:00
|
|
|
|
|
|
|
|
/* Check if Branch Target Identification is enabled */
|
|
|
|
|
#if ENABLE_BTI
|
|
|
|
|
/* Set GP bit for block and page code entries
|
|
|
|
|
* if BTI mechanism is implemented.
|
|
|
|
|
*/
|
|
|
|
|
if (is_armv8_5_bti_present() &&
|
|
|
|
|
((attr & (MT_TYPE_MASK | MT_RW |
|
|
|
|
|
MT_EXECUTE_NEVER)) == MT_CODE)) {
|
|
|
|
|
desc |= GP;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2017-03-08 14:40:23 +00:00
|
|
|
} else {
|
|
|
|
|
assert(mem_type == MT_NON_CACHEABLE);
|
|
|
|
|
desc |= LOWER_ATTRS(ATTR_NON_CACHEABLE_INDEX | OSH);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return desc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Enumeration of actions that can be made when mapping table entries depending
|
|
|
|
|
* on the previous value in that entry and information about the region being
|
|
|
|
|
* mapped.
|
|
|
|
|
*/
|
|
|
|
|
typedef enum {
|
|
|
|
|
|
|
|
|
|
/* Do nothing */
|
|
|
|
|
ACTION_NONE,
|
|
|
|
|
|
|
|
|
|
/* Write a block (or page, if in level 3) entry. */
|
|
|
|
|
ACTION_WRITE_BLOCK_ENTRY,
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create a new table and write a table entry pointing to it. Recurse
|
|
|
|
|
* into it for further processing.
|
|
|
|
|
*/
|
|
|
|
|
ACTION_CREATE_NEW_TABLE,
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* There is a table descriptor in this entry, read it and recurse into
|
|
|
|
|
* that table for further processing.
|
|
|
|
|
*/
|
|
|
|
|
ACTION_RECURSE_INTO_TABLE,
|
|
|
|
|
|
|
|
|
|
} action_t;
|
|
|
|
|
|
2019-02-22 10:23:57 +00:00
|
|
|
/*
|
|
|
|
|
* Function that returns the first VA of the table affected by the specified
|
|
|
|
|
* mmap region.
|
|
|
|
|
*/
|
|
|
|
|
static uintptr_t xlat_tables_find_start_va(mmap_region_t *mm,
|
|
|
|
|
const uintptr_t table_base_va,
|
|
|
|
|
const unsigned int level)
|
|
|
|
|
{
|
|
|
|
|
uintptr_t table_idx_va;
|
|
|
|
|
|
|
|
|
|
if (mm->base_va > table_base_va) {
|
|
|
|
|
/* Find the first index of the table affected by the region. */
|
|
|
|
|
table_idx_va = mm->base_va & ~XLAT_BLOCK_MASK(level);
|
|
|
|
|
} else {
|
|
|
|
|
/* Start from the beginning of the table. */
|
|
|
|
|
table_idx_va = table_base_va;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return table_idx_va;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Function that returns table index for the given VA and level arguments.
|
|
|
|
|
*/
|
|
|
|
|
static inline unsigned int xlat_tables_va_to_index(const uintptr_t table_base_va,
|
|
|
|
|
const uintptr_t va,
|
|
|
|
|
const unsigned int level)
|
|
|
|
|
{
|
|
|
|
|
return (unsigned int)((va - table_base_va) >> XLAT_ADDR_SHIFT(level));
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-27 17:23:54 +00:00
|
|
|
#if PLAT_XLAT_TABLES_DYNAMIC
|
|
|
|
|
|
2019-02-22 10:15:57 +00:00
|
|
|
/*
|
|
|
|
|
* From the given arguments, it decides which action to take when unmapping the
|
|
|
|
|
* specified region.
|
|
|
|
|
*/
|
|
|
|
|
static action_t xlat_tables_unmap_region_action(const mmap_region_t *mm,
|
|
|
|
|
const uintptr_t table_idx_va, const uintptr_t table_idx_end_va,
|
|
|
|
|
const unsigned int level, const uint64_t desc_type)
|
|
|
|
|
{
|
|
|
|
|
action_t action;
|
|
|
|
|
uintptr_t region_end_va = mm->base_va + mm->size - 1U;
|
|
|
|
|
|
|
|
|
|
if ((mm->base_va <= table_idx_va) &&
|
|
|
|
|
(region_end_va >= table_idx_end_va)) {
|
|
|
|
|
/* Region covers all block */
|
|
|
|
|
|
|
|
|
|
if (level == 3U) {
|
|
|
|
|
/*
|
|
|
|
|
* Last level, only page descriptors allowed,
|
|
|
|
|
* erase it.
|
|
|
|
|
*/
|
|
|
|
|
assert(desc_type == PAGE_DESC);
|
|
|
|
|
|
|
|
|
|
action = ACTION_WRITE_BLOCK_ENTRY;
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* Other levels can have table descriptors. If
|
|
|
|
|
* so, recurse into it and erase descriptors
|
|
|
|
|
* inside it as needed. If there is a block
|
|
|
|
|
* descriptor, just erase it. If an invalid
|
|
|
|
|
* descriptor is found, this table isn't
|
|
|
|
|
* actually mapped, which shouldn't happen.
|
|
|
|
|
*/
|
|
|
|
|
if (desc_type == TABLE_DESC) {
|
|
|
|
|
action = ACTION_RECURSE_INTO_TABLE;
|
|
|
|
|
} else {
|
|
|
|
|
assert(desc_type == BLOCK_DESC);
|
|
|
|
|
action = ACTION_WRITE_BLOCK_ENTRY;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} else if ((mm->base_va <= table_idx_end_va) ||
|
|
|
|
|
(region_end_va >= table_idx_va)) {
|
|
|
|
|
/*
|
|
|
|
|
* Region partially covers block.
|
|
|
|
|
*
|
|
|
|
|
* It can't happen in level 3.
|
|
|
|
|
*
|
|
|
|
|
* There must be a table descriptor here, if not there
|
|
|
|
|
* was a problem when mapping the region.
|
|
|
|
|
*/
|
|
|
|
|
assert(level < 3U);
|
|
|
|
|
assert(desc_type == TABLE_DESC);
|
|
|
|
|
|
|
|
|
|
action = ACTION_RECURSE_INTO_TABLE;
|
|
|
|
|
} else {
|
|
|
|
|
/* The region doesn't cover the block at all */
|
|
|
|
|
action = ACTION_NONE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return action;
|
|
|
|
|
}
|
2017-02-27 17:23:54 +00:00
|
|
|
/*
|
2019-03-19 14:12:09 +00:00
|
|
|
* Recursive function that writes to the translation tables and unmaps the
|
2017-02-27 17:23:54 +00:00
|
|
|
* specified region.
|
|
|
|
|
*/
|
|
|
|
|
static void xlat_tables_unmap_region(xlat_ctx_t *ctx, mmap_region_t *mm,
|
|
|
|
|
const uintptr_t table_base_va,
|
|
|
|
|
uint64_t *const table_base,
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
const unsigned int table_entries,
|
2017-06-07 17:57:42 +01:00
|
|
|
const unsigned int level)
|
2017-02-27 17:23:54 +00:00
|
|
|
{
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
assert((level >= ctx->base_level) && (level <= XLAT_TABLE_LEVEL_MAX));
|
2017-02-27 17:23:54 +00:00
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
uint64_t *subtable;
|
|
|
|
|
uint64_t desc;
|
|
|
|
|
|
2017-02-27 17:23:54 +00:00
|
|
|
uintptr_t table_idx_va;
|
2019-03-19 14:12:09 +00:00
|
|
|
uintptr_t table_idx_end_va; /* End VA of this entry */
|
2017-02-27 17:23:54 +00:00
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
uintptr_t region_end_va = mm->base_va + mm->size - 1U;
|
2017-02-27 17:23:54 +00:00
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
unsigned int table_idx;
|
|
|
|
|
|
2019-02-22 10:23:57 +00:00
|
|
|
table_idx_va = xlat_tables_find_start_va(mm, table_base_va, level);
|
|
|
|
|
table_idx = xlat_tables_va_to_index(table_base_va, table_idx_va, level);
|
2017-02-27 17:23:54 +00:00
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
while (table_idx < table_entries) {
|
2019-02-22 10:36:20 +00:00
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
table_idx_end_va = table_idx_va + XLAT_BLOCK_SIZE(level) - 1U;
|
2017-02-27 17:23:54 +00:00
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
desc = table_base[table_idx];
|
|
|
|
|
uint64_t desc_type = desc & DESC_MASK;
|
2019-02-22 10:36:20 +00:00
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
action_t action = xlat_tables_unmap_region_action(mm,
|
|
|
|
|
table_idx_va, table_idx_end_va, level,
|
|
|
|
|
desc_type);
|
2019-02-22 10:36:20 +00:00
|
|
|
|
|
|
|
|
if (action == ACTION_WRITE_BLOCK_ENTRY) {
|
2019-03-19 14:12:09 +00:00
|
|
|
|
|
|
|
|
table_base[table_idx] = INVALID_DESC;
|
2018-07-11 09:46:45 +01:00
|
|
|
xlat_arch_tlbi_va(table_idx_va, ctx->xlat_regime);
|
2017-02-27 17:23:54 +00:00
|
|
|
|
|
|
|
|
} else if (action == ACTION_RECURSE_INTO_TABLE) {
|
|
|
|
|
|
|
|
|
|
subtable = (uint64_t *)(uintptr_t)(desc & TABLE_ADDR_MASK);
|
|
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
/* Recurse to write into subtable */
|
|
|
|
|
xlat_tables_unmap_region(ctx, mm, table_idx_va,
|
|
|
|
|
subtable, XLAT_TABLE_ENTRIES,
|
|
|
|
|
level + 1U);
|
|
|
|
|
#if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
|
|
|
|
|
xlat_clean_dcache_range((uintptr_t)subtable,
|
|
|
|
|
XLAT_TABLE_ENTRIES * sizeof(uint64_t));
|
|
|
|
|
#endif
|
|
|
|
|
/*
|
|
|
|
|
* If the subtable is now empty, remove its reference.
|
|
|
|
|
*/
|
|
|
|
|
if (xlat_table_is_empty(ctx, subtable)) {
|
|
|
|
|
table_base[table_idx] = INVALID_DESC;
|
|
|
|
|
xlat_arch_tlbi_va(table_idx_va,
|
|
|
|
|
ctx->xlat_regime);
|
|
|
|
|
}
|
2017-02-27 17:23:54 +00:00
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
assert(action == ACTION_NONE);
|
2019-02-22 10:36:20 +00:00
|
|
|
}
|
2019-03-19 14:12:09 +00:00
|
|
|
|
|
|
|
|
table_idx++;
|
|
|
|
|
table_idx_va += XLAT_BLOCK_SIZE(level);
|
|
|
|
|
|
|
|
|
|
/* If reached the end of the region, exit */
|
|
|
|
|
if (region_end_va <= table_idx_va)
|
|
|
|
|
break;
|
2017-02-27 17:23:54 +00:00
|
|
|
}
|
2019-03-19 14:12:09 +00:00
|
|
|
|
|
|
|
|
if (level > ctx->base_level)
|
|
|
|
|
xlat_table_dec_regions_count(ctx, table_base);
|
2017-02-27 17:23:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif /* PLAT_XLAT_TABLES_DYNAMIC */
|
|
|
|
|
|
2017-03-08 14:40:23 +00:00
|
|
|
/*
|
|
|
|
|
* From the given arguments, it decides which action to take when mapping the
|
|
|
|
|
* specified region.
|
|
|
|
|
*/
|
|
|
|
|
static action_t xlat_tables_map_region_action(const mmap_region_t *mm,
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
unsigned int desc_type, unsigned long long dest_pa,
|
|
|
|
|
uintptr_t table_entry_base_va, unsigned int level)
|
2017-03-08 14:40:23 +00:00
|
|
|
{
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
uintptr_t mm_end_va = mm->base_va + mm->size - 1U;
|
2017-03-08 14:40:23 +00:00
|
|
|
uintptr_t table_entry_end_va =
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
table_entry_base_va + XLAT_BLOCK_SIZE(level) - 1U;
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The descriptor types allowed depend on the current table level.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
if ((mm->base_va <= table_entry_base_va) &&
|
|
|
|
|
(mm_end_va >= table_entry_end_va)) {
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Table entry is covered by region
|
|
|
|
|
* --------------------------------
|
|
|
|
|
*
|
|
|
|
|
* This means that this table entry can describe the whole
|
|
|
|
|
* translation with this granularity in principle.
|
|
|
|
|
*/
|
|
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if (level == 3U) {
|
2017-03-08 14:40:23 +00:00
|
|
|
/*
|
|
|
|
|
* Last level, only page descriptors are allowed.
|
|
|
|
|
*/
|
|
|
|
|
if (desc_type == PAGE_DESC) {
|
|
|
|
|
/*
|
|
|
|
|
* There's another region mapped here, don't
|
|
|
|
|
* overwrite.
|
|
|
|
|
*/
|
|
|
|
|
return ACTION_NONE;
|
|
|
|
|
} else {
|
|
|
|
|
assert(desc_type == INVALID_DESC);
|
|
|
|
|
return ACTION_WRITE_BLOCK_ENTRY;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Other levels. Table descriptors are allowed. Block
|
|
|
|
|
* descriptors too, but they have some limitations.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
if (desc_type == TABLE_DESC) {
|
|
|
|
|
/* There's already a table, recurse into it. */
|
|
|
|
|
return ACTION_RECURSE_INTO_TABLE;
|
|
|
|
|
|
|
|
|
|
} else if (desc_type == INVALID_DESC) {
|
|
|
|
|
/*
|
|
|
|
|
* There's nothing mapped here, create a new
|
|
|
|
|
* entry.
|
|
|
|
|
*
|
|
|
|
|
* Check if the destination granularity allows
|
|
|
|
|
* us to use a block descriptor or we need a
|
|
|
|
|
* finer table for it.
|
|
|
|
|
*
|
|
|
|
|
* Also, check if the current level allows block
|
|
|
|
|
* descriptors. If not, create a table instead.
|
|
|
|
|
*/
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if (((dest_pa & XLAT_BLOCK_MASK(level)) != 0U)
|
|
|
|
|
|| (level < MIN_LVL_BLOCK_DESC) ||
|
2017-09-28 21:58:12 +01:00
|
|
|
(mm->granularity < XLAT_BLOCK_SIZE(level)))
|
2017-03-08 14:40:23 +00:00
|
|
|
return ACTION_CREATE_NEW_TABLE;
|
|
|
|
|
else
|
|
|
|
|
return ACTION_WRITE_BLOCK_ENTRY;
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* There's another region mapped here, don't
|
|
|
|
|
* overwrite.
|
|
|
|
|
*/
|
|
|
|
|
assert(desc_type == BLOCK_DESC);
|
|
|
|
|
|
|
|
|
|
return ACTION_NONE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} else if ((mm->base_va <= table_entry_end_va) ||
|
|
|
|
|
(mm_end_va >= table_entry_base_va)) {
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Region partially covers table entry
|
|
|
|
|
* -----------------------------------
|
|
|
|
|
*
|
|
|
|
|
* This means that this table entry can't describe the whole
|
|
|
|
|
* translation, a finer table is needed.
|
|
|
|
|
|
|
|
|
|
* There cannot be partial block overlaps in level 3. If that
|
|
|
|
|
* happens, some of the preliminary checks when adding the
|
|
|
|
|
* mmap region failed to detect that PA and VA must at least be
|
|
|
|
|
* aligned to PAGE_SIZE.
|
|
|
|
|
*/
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
assert(level < 3U);
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
if (desc_type == INVALID_DESC) {
|
|
|
|
|
/*
|
|
|
|
|
* The block is not fully covered by the region. Create
|
|
|
|
|
* a new table, recurse into it and try to map the
|
|
|
|
|
* region with finer granularity.
|
|
|
|
|
*/
|
|
|
|
|
return ACTION_CREATE_NEW_TABLE;
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
assert(desc_type == TABLE_DESC);
|
|
|
|
|
/*
|
|
|
|
|
* The block is not fully covered by the region, but
|
|
|
|
|
* there is already a table here. Recurse into it and
|
|
|
|
|
* try to map with finer granularity.
|
|
|
|
|
*
|
|
|
|
|
* PAGE_DESC for level 3 has the same value as
|
|
|
|
|
* TABLE_DESC, but this code can't run on a level 3
|
|
|
|
|
* table because there can't be overlaps in level 3.
|
|
|
|
|
*/
|
|
|
|
|
return ACTION_RECURSE_INTO_TABLE;
|
|
|
|
|
}
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
} else {
|
2017-03-08 14:40:23 +00:00
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
/*
|
|
|
|
|
* This table entry is outside of the region specified in the
|
|
|
|
|
* arguments, don't write anything to it.
|
|
|
|
|
*/
|
|
|
|
|
return ACTION_NONE;
|
|
|
|
|
}
|
2017-03-08 14:40:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2019-03-19 14:12:09 +00:00
|
|
|
* Recursive function that writes to the translation tables and maps the
|
2017-02-27 17:23:54 +00:00
|
|
|
* specified region. On success, it returns the VA of the last byte that was
|
2018-07-03 11:58:49 +01:00
|
|
|
* successfully mapped. On error, it returns the VA of the next entry that
|
2017-02-27 17:23:54 +00:00
|
|
|
* should have been mapped.
|
2017-03-08 14:40:23 +00:00
|
|
|
*/
|
2017-02-27 17:23:54 +00:00
|
|
|
static uintptr_t xlat_tables_map_region(xlat_ctx_t *ctx, mmap_region_t *mm,
|
2019-03-19 14:12:09 +00:00
|
|
|
uintptr_t table_base_va,
|
2017-03-08 14:40:23 +00:00
|
|
|
uint64_t *const table_base,
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
unsigned int table_entries,
|
|
|
|
|
unsigned int level)
|
2017-03-08 14:40:23 +00:00
|
|
|
{
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
assert((level >= ctx->base_level) && (level <= XLAT_TABLE_LEVEL_MAX));
|
2017-03-08 14:40:23 +00:00
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
uintptr_t mm_end_va = mm->base_va + mm->size - 1U;
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
uintptr_t table_idx_va;
|
2019-03-19 14:12:09 +00:00
|
|
|
unsigned long long table_idx_pa;
|
|
|
|
|
|
|
|
|
|
uint64_t *subtable;
|
|
|
|
|
uint64_t desc;
|
|
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
unsigned int table_idx;
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2019-02-22 10:23:57 +00:00
|
|
|
table_idx_va = xlat_tables_find_start_va(mm, table_base_va, level);
|
|
|
|
|
table_idx = xlat_tables_va_to_index(table_base_va, table_idx_va, level);
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
#if PLAT_XLAT_TABLES_DYNAMIC
|
|
|
|
|
if (level > ctx->base_level)
|
|
|
|
|
xlat_table_inc_regions_count(ctx, table_base);
|
2017-02-27 17:23:54 +00:00
|
|
|
#endif
|
|
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
while (table_idx < table_entries) {
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
desc = table_base[table_idx];
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
table_idx_pa = mm->base_pa + table_idx_va - mm->base_va;
|
|
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
action_t action = xlat_tables_map_region_action(mm,
|
|
|
|
|
(uint32_t)(desc & DESC_MASK), table_idx_pa,
|
|
|
|
|
table_idx_va, level);
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2019-02-22 10:31:40 +00:00
|
|
|
if (action == ACTION_WRITE_BLOCK_ENTRY) {
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
table_base[table_idx] =
|
|
|
|
|
xlat_desc(ctx, (uint32_t)mm->attr, table_idx_pa,
|
|
|
|
|
level);
|
|
|
|
|
|
|
|
|
|
} else if (action == ACTION_CREATE_NEW_TABLE) {
|
|
|
|
|
uintptr_t end_va;
|
2019-02-22 10:31:40 +00:00
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
subtable = xlat_table_get_empty(ctx);
|
2017-02-27 17:23:54 +00:00
|
|
|
if (subtable == NULL) {
|
2019-03-19 14:12:09 +00:00
|
|
|
/* Not enough free tables to map this region */
|
2017-02-27 17:23:54 +00:00
|
|
|
return table_idx_va;
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-08 14:40:23 +00:00
|
|
|
/* Point to new subtable from this one. */
|
2019-03-19 14:12:09 +00:00
|
|
|
table_base[table_idx] = TABLE_DESC | (unsigned long)subtable;
|
2017-02-27 17:23:54 +00:00
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
/* Recurse to write into subtable */
|
|
|
|
|
end_va = xlat_tables_map_region(ctx, mm, table_idx_va,
|
|
|
|
|
subtable, XLAT_TABLE_ENTRIES,
|
|
|
|
|
level + 1U);
|
|
|
|
|
#if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
|
|
|
|
|
xlat_clean_dcache_range((uintptr_t)subtable,
|
|
|
|
|
XLAT_TABLE_ENTRIES * sizeof(uint64_t));
|
xlat v2: Flush xlat tables after being modified
During cold boot, the initial translation tables are created with data
caches disabled, so all modifications go to memory directly. After the
MMU is enabled and data cache is enabled, any modification to the tables
goes to data cache, and eventually may get flushed to memory.
If CPU0 modifies the tables while CPU1 is off, CPU0 will have the
modified tables in its data cache. When CPU1 is powered on, the MMU is
enabled, then it enables coherency, and then it enables the data cache.
Until this is done, CPU1 isn't in coherency, and the translation tables
it sees can be outdated if CPU0 still has some modified entries in its
data cache.
This can be a problem in some cases. For example, the warm boot code
uses only the tables mapped during cold boot, which don't normally
change. However, if they are modified (and a RO page is made RW, or a XN
page is made executable) the CPU will see the old attributes and crash
when it tries to access it.
This doesn't happen in systems with HW_ASSISTED_COHERENCY or
WARMBOOT_ENABLE_DCACHE_EARLY. In these systems, the data cache is
enabled at the same time as the MMU. As soon as this happens, the CPU is
in coherency.
There was an attempt of a fix in psci_helpers.S, but it didn't solve the
problem. That code has been deleted. The code was introduced in commit
<264410306381> ("Invalidate TLB entries during warm boot").
Now, during a map or unmap operation, the memory associated to each
modified table is flushed. Traversing a table will also flush it's
memory, as there is no way to tell in the current implementation if the
table that has been traversed has also been modified.
Change-Id: I4b520bca27502f1018878061bc5fb82af740bb92
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-08-07 12:47:12 +01:00
|
|
|
#endif
|
2019-03-19 14:12:09 +00:00
|
|
|
if (end_va !=
|
|
|
|
|
(table_idx_va + XLAT_BLOCK_SIZE(level) - 1U))
|
|
|
|
|
return end_va;
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
} else if (action == ACTION_RECURSE_INTO_TABLE) {
|
2019-03-19 14:12:09 +00:00
|
|
|
uintptr_t end_va;
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2019-03-19 14:12:09 +00:00
|
|
|
subtable = (uint64_t *)(uintptr_t)(desc & TABLE_ADDR_MASK);
|
|
|
|
|
/* Recurse to write into subtable */
|
|
|
|
|
end_va = xlat_tables_map_region(ctx, mm, table_idx_va,
|
|
|
|
|
subtable, XLAT_TABLE_ENTRIES,
|
|
|
|
|
level + 1U);
|
|
|
|
|
#if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
|
|
|
|
|
xlat_clean_dcache_range((uintptr_t)subtable,
|
|
|
|
|
XLAT_TABLE_ENTRIES * sizeof(uint64_t));
|
2019-02-22 10:31:40 +00:00
|
|
|
#endif
|
2019-03-19 14:12:09 +00:00
|
|
|
if (end_va !=
|
|
|
|
|
(table_idx_va + XLAT_BLOCK_SIZE(level) - 1U))
|
|
|
|
|
return end_va;
|
|
|
|
|
|
2019-02-22 10:31:40 +00:00
|
|
|
} else {
|
2019-03-19 14:12:09 +00:00
|
|
|
|
2019-02-22 10:31:40 +00:00
|
|
|
assert(action == ACTION_NONE);
|
2019-03-19 14:12:09 +00:00
|
|
|
|
2017-03-08 14:40:23 +00:00
|
|
|
}
|
2019-03-19 14:12:09 +00:00
|
|
|
|
|
|
|
|
table_idx++;
|
|
|
|
|
table_idx_va += XLAT_BLOCK_SIZE(level);
|
|
|
|
|
|
|
|
|
|
/* If reached the end of the region, exit */
|
|
|
|
|
if (mm_end_va <= table_idx_va)
|
|
|
|
|
break;
|
2017-03-08 14:40:23 +00:00
|
|
|
}
|
2017-02-27 17:23:54 +00:00
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
return table_idx_va - 1U;
|
2017-03-08 14:40:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Function that verifies that a region can be mapped.
|
|
|
|
|
* Returns:
|
|
|
|
|
* 0: Success, the mapping is allowed.
|
|
|
|
|
* EINVAL: Invalid values were used as arguments.
|
|
|
|
|
* ERANGE: The memory limits were surpassed.
|
|
|
|
|
* ENOMEM: There is not enough memory in the mmap array.
|
|
|
|
|
* EPERM: Region overlaps another one in an invalid way.
|
|
|
|
|
*/
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
static int mmap_add_region_check(const xlat_ctx_t *ctx, const mmap_region_t *mm)
|
2017-03-08 14:40:23 +00:00
|
|
|
{
|
2017-09-21 08:42:21 +01:00
|
|
|
unsigned long long base_pa = mm->base_pa;
|
|
|
|
|
uintptr_t base_va = mm->base_va;
|
|
|
|
|
size_t size = mm->size;
|
2017-09-28 21:58:12 +01:00
|
|
|
size_t granularity = mm->granularity;
|
2017-09-21 08:42:21 +01:00
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
unsigned long long end_pa = base_pa + size - 1U;
|
|
|
|
|
uintptr_t end_va = base_va + size - 1U;
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
if (!IS_PAGE_ALIGNED(base_pa) || !IS_PAGE_ALIGNED(base_va) ||
|
|
|
|
|
!IS_PAGE_ALIGNED(size))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if ((granularity != XLAT_BLOCK_SIZE(1U)) &&
|
|
|
|
|
(granularity != XLAT_BLOCK_SIZE(2U)) &&
|
|
|
|
|
(granularity != XLAT_BLOCK_SIZE(3U))) {
|
2017-09-28 21:58:12 +01:00
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-08 14:40:23 +00:00
|
|
|
/* Check for overflows */
|
|
|
|
|
if ((base_pa > end_pa) || (base_va > end_va))
|
|
|
|
|
return -ERANGE;
|
|
|
|
|
|
|
|
|
|
if ((base_va + (uintptr_t)size - (uintptr_t)1) > ctx->va_max_address)
|
|
|
|
|
return -ERANGE;
|
|
|
|
|
|
|
|
|
|
if ((base_pa + (unsigned long long)size - 1ULL) > ctx->pa_max_address)
|
|
|
|
|
return -ERANGE;
|
|
|
|
|
|
2017-09-21 08:42:21 +01:00
|
|
|
/* Check that there is space in the ctx->mmap array */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if (ctx->mmap[ctx->mmap_num - 1].size != 0U)
|
2017-03-08 14:40:23 +00:00
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
/* Check for PAs and VAs overlaps with all other regions */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
for (const mmap_region_t *mm_cursor = ctx->mmap;
|
|
|
|
|
mm_cursor->size != 0U; ++mm_cursor) {
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2017-09-21 08:42:21 +01:00
|
|
|
uintptr_t mm_cursor_end_va = mm_cursor->base_va
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
+ mm_cursor->size - 1U;
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check if one of the regions is completely inside the other
|
|
|
|
|
* one.
|
|
|
|
|
*/
|
2018-08-02 09:57:29 +01:00
|
|
|
bool fully_overlapped_va =
|
|
|
|
|
((base_va >= mm_cursor->base_va) &&
|
2017-09-21 08:42:21 +01:00
|
|
|
(end_va <= mm_cursor_end_va)) ||
|
2018-08-02 09:57:29 +01:00
|
|
|
((mm_cursor->base_va >= base_va) &&
|
|
|
|
|
(mm_cursor_end_va <= end_va));
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Full VA overlaps are only allowed if both regions are
|
|
|
|
|
* identity mapped (zero offset) or have the same VA to PA
|
|
|
|
|
* offset. Also, make sure that it's not the exact same area.
|
2017-02-27 17:23:54 +00:00
|
|
|
* This can only be done with static regions.
|
2017-03-08 14:40:23 +00:00
|
|
|
*/
|
2018-08-02 09:57:29 +01:00
|
|
|
if (fully_overlapped_va) {
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2017-02-27 17:23:54 +00:00
|
|
|
#if PLAT_XLAT_TABLES_DYNAMIC
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if (((mm->attr & MT_DYNAMIC) != 0U) ||
|
|
|
|
|
((mm_cursor->attr & MT_DYNAMIC) != 0U))
|
2017-02-27 17:23:54 +00:00
|
|
|
return -EPERM;
|
|
|
|
|
#endif /* PLAT_XLAT_TABLES_DYNAMIC */
|
2017-09-21 08:42:21 +01:00
|
|
|
if ((mm_cursor->base_va - mm_cursor->base_pa) !=
|
|
|
|
|
(base_va - base_pa))
|
2017-03-08 14:40:23 +00:00
|
|
|
return -EPERM;
|
|
|
|
|
|
2017-09-21 08:42:21 +01:00
|
|
|
if ((base_va == mm_cursor->base_va) &&
|
|
|
|
|
(size == mm_cursor->size))
|
2017-03-08 14:40:23 +00:00
|
|
|
return -EPERM;
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* If the regions do not have fully overlapping VAs,
|
|
|
|
|
* then they must have fully separated VAs and PAs.
|
|
|
|
|
* Partial overlaps are not allowed
|
|
|
|
|
*/
|
|
|
|
|
|
2017-09-21 08:42:21 +01:00
|
|
|
unsigned long long mm_cursor_end_pa =
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
mm_cursor->base_pa + mm_cursor->size - 1U;
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2018-08-02 09:57:29 +01:00
|
|
|
bool separated_pa = (end_pa < mm_cursor->base_pa) ||
|
|
|
|
|
(base_pa > mm_cursor_end_pa);
|
|
|
|
|
bool separated_va = (end_va < mm_cursor->base_va) ||
|
|
|
|
|
(base_va > mm_cursor_end_va);
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2018-08-02 09:57:29 +01:00
|
|
|
if (!separated_va || !separated_pa)
|
2017-03-08 14:40:23 +00:00
|
|
|
return -EPERM;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
xlat lib v2: Expose *_ctx() APIs
In a previous patch, the xlat_ctx_t type has been made public.
This patch now makes the *_ctx() APIs public.
Each API now has a *_ctx() variant. Most of them were already implemented
and this patch just makes them public. However, some of them were missing
so this patch introduces them.
Now that all these APIs are public, there's no good reason for splitting
them accross 2 files (xlat_tables_internal.c and xlat_tables_common.c).
Therefore, this patch moves all code into xlat_tables_internal.c and
removes xlat_tables_common.c. It removes it from the library's makefile
as well.
This last change introduces a compatibility break for platform ports
that specifically include the xlat_tables_common.c file instead of
including the library's Makefile. The UniPhier platform makefile has
been updated to now omit this file from the list of source files.
The prototype of mmap_add_region_ctx() has been slightly changed. The
mmap_region_t passed in argument needs to be constant because it gets
called from map_add(), which receives a constant region. The former
implementation of mmap_add() used to cast the const qualifier away,
which is not a good practice.
Also remove init_xlation_table(), which was a sub-function of
init_xlat_tables(). Now there's just init_xlat_tables() (and
init_xlat_tables_ctx()). Both names were too similar, which was
confusing. Besides, now that all the code is in a single file,
it's no longer needed to have 2 functions for that.
Change-Id: I4ed88c68e44561c3902fbebb89cb197279c5293b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-18 13:26:36 +01:00
|
|
|
void mmap_add_region_ctx(xlat_ctx_t *ctx, const mmap_region_t *mm)
|
2017-03-08 14:40:23 +00:00
|
|
|
{
|
2018-05-25 09:12:48 +01:00
|
|
|
mmap_region_t *mm_cursor = ctx->mmap, *mm_destination;
|
2018-04-03 18:44:41 +01:00
|
|
|
const mmap_region_t *mm_end = ctx->mmap + ctx->mmap_num;
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
const mmap_region_t *mm_last;
|
|
|
|
|
unsigned long long end_pa = mm->base_pa + mm->size - 1U;
|
|
|
|
|
uintptr_t end_va = mm->base_va + mm->size - 1U;
|
2017-03-08 14:40:23 +00:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
/* Ignore empty regions */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if (mm->size == 0U)
|
2017-03-08 14:40:23 +00:00
|
|
|
return;
|
|
|
|
|
|
2017-02-27 17:23:54 +00:00
|
|
|
/* Static regions must be added before initializing the xlat tables. */
|
2018-08-02 09:57:29 +01:00
|
|
|
assert(!ctx->initialized);
|
2017-02-27 17:23:54 +00:00
|
|
|
|
2017-09-21 08:42:21 +01:00
|
|
|
ret = mmap_add_region_check(ctx, mm);
|
2017-03-08 14:40:23 +00:00
|
|
|
if (ret != 0) {
|
|
|
|
|
ERROR("mmap_add_region_check() failed. error %d\n", ret);
|
2018-08-02 09:57:29 +01:00
|
|
|
assert(false);
|
2017-03-08 14:40:23 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Find correct place in mmap to insert new region.
|
|
|
|
|
*
|
|
|
|
|
* 1 - Lower region VA end first.
|
|
|
|
|
* 2 - Smaller region size first.
|
|
|
|
|
*
|
|
|
|
|
* VA 0 0xFF
|
|
|
|
|
*
|
|
|
|
|
* 1st |------|
|
|
|
|
|
* 2nd |------------|
|
|
|
|
|
* 3rd |------|
|
|
|
|
|
* 4th |---|
|
|
|
|
|
* 5th |---|
|
|
|
|
|
* 6th |----------|
|
|
|
|
|
* 7th |-------------------------------------|
|
|
|
|
|
*
|
|
|
|
|
* This is required for overlapping regions only. It simplifies adding
|
|
|
|
|
* regions with the loop in xlat_tables_init_internal because the outer
|
|
|
|
|
* ones won't overwrite block or page descriptors of regions added
|
|
|
|
|
* previously.
|
2017-02-27 17:23:54 +00:00
|
|
|
*
|
|
|
|
|
* Overlapping is only allowed for static regions.
|
2017-03-08 14:40:23 +00:00
|
|
|
*/
|
|
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
while (((mm_cursor->base_va + mm_cursor->size - 1U) < end_va)
|
|
|
|
|
&& (mm_cursor->size != 0U)) {
|
2017-03-08 14:40:23 +00:00
|
|
|
++mm_cursor;
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
}
|
2017-03-08 14:40:23 +00:00
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
while (((mm_cursor->base_va + mm_cursor->size - 1U) == end_va) &&
|
|
|
|
|
(mm_cursor->size != 0U) && (mm_cursor->size < mm->size)) {
|
2017-03-08 14:40:23 +00:00
|
|
|
++mm_cursor;
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
}
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2018-04-03 18:44:41 +01:00
|
|
|
/*
|
|
|
|
|
* Find the last entry marker in the mmap
|
|
|
|
|
*/
|
|
|
|
|
mm_last = ctx->mmap;
|
|
|
|
|
while ((mm_last->size != 0U) && (mm_last < mm_end)) {
|
|
|
|
|
++mm_last;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check if we have enough space in the memory mapping table.
|
|
|
|
|
* This shouldn't happen as we have checked in mmap_add_region_check
|
|
|
|
|
* that there is free space.
|
|
|
|
|
*/
|
|
|
|
|
assert(mm_last->size == 0U);
|
xlat v2: Split MMU setup and enable
At present, the function provided by the translation library to enable
MMU constructs appropriate values for translation library, and programs
them to the right registers. The construction of initial values,
however, is only required once as both the primary and secondaries
program the same values.
Additionally, the MMU-enabling function is written in C, which means
there's an active stack at the time of enabling MMU. On some systems,
like Arm DynamIQ, having active stack while enabling MMU during warm
boot might lead to coherency problems.
This patch addresses both the above problems by:
- Splitting the MMU-enabling function into two: one that sets up
values to be programmed into the registers, and another one that
takes the pre-computed values and writes to the appropriate
registers. With this, the primary effectively calls both functions
to have the MMU enabled, but secondaries only need to call the
latter.
- Rewriting the function that enables MMU in assembly so that it
doesn't use stack.
This patch fixes a bunch of MISRA issues on the way.
Change-Id: I0faca97263a970ffe765f0e731a1417e43fbfc45
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
2018-04-27 15:06:57 +01:00
|
|
|
|
2017-03-08 14:40:23 +00:00
|
|
|
/* Make room for new region by moving other regions up by one place */
|
2018-05-25 09:12:48 +01:00
|
|
|
mm_destination = mm_cursor + 1;
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
(void)memmove(mm_destination, mm_cursor,
|
2017-03-08 14:40:23 +00:00
|
|
|
(uintptr_t)mm_last - (uintptr_t)mm_cursor);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check we haven't lost the empty sentinel from the end of the array.
|
|
|
|
|
* This shouldn't happen as we have checked in mmap_add_region_check
|
|
|
|
|
* that there is free space.
|
|
|
|
|
*/
|
2018-04-03 18:44:41 +01:00
|
|
|
assert(mm_end->size == 0U);
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2017-09-12 10:31:49 +01:00
|
|
|
*mm_cursor = *mm;
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
if (end_pa > ctx->max_pa)
|
|
|
|
|
ctx->max_pa = end_pa;
|
|
|
|
|
if (end_va > ctx->max_va)
|
|
|
|
|
ctx->max_va = end_va;
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-20 16:03:11 +00:00
|
|
|
/*
|
|
|
|
|
* Determine the table level closest to the initial lookup level that
|
|
|
|
|
* can describe this translation. Then, align base VA to the next block
|
|
|
|
|
* at the determined level.
|
|
|
|
|
*/
|
|
|
|
|
static void mmap_alloc_va_align_ctx(xlat_ctx_t *ctx, mmap_region_t *mm)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* By or'ing the size and base PA the alignment will be the one
|
|
|
|
|
* corresponding to the smallest boundary of the two of them.
|
|
|
|
|
*
|
|
|
|
|
* There are three different cases. For example (for 4 KiB page size):
|
|
|
|
|
*
|
|
|
|
|
* +--------------+------------------++--------------+
|
|
|
|
|
* | PA alignment | Size multiple of || VA alignment |
|
|
|
|
|
* +--------------+------------------++--------------+
|
|
|
|
|
* | 2 MiB | 2 MiB || 2 MiB | (1)
|
|
|
|
|
* | 2 MiB | 4 KiB || 4 KiB | (2)
|
|
|
|
|
* | 4 KiB | 2 MiB || 4 KiB | (3)
|
|
|
|
|
* +--------------+------------------++--------------+
|
|
|
|
|
*
|
|
|
|
|
* - In (1), it is possible to take advantage of the alignment of the PA
|
|
|
|
|
* and the size of the region to use a level 2 translation table
|
|
|
|
|
* instead of a level 3 one.
|
|
|
|
|
*
|
|
|
|
|
* - In (2), the size is smaller than a block entry of level 2, so it is
|
|
|
|
|
* needed to use a level 3 table to describe the region or the library
|
|
|
|
|
* will map more memory than the desired one.
|
|
|
|
|
*
|
|
|
|
|
* - In (3), even though the region has the size of one level 2 block
|
|
|
|
|
* entry, it isn't possible to describe the translation with a level 2
|
|
|
|
|
* block entry because of the alignment of the base PA.
|
|
|
|
|
*
|
|
|
|
|
* Only bits 47:21 of a level 2 block descriptor are used by the MMU,
|
|
|
|
|
* bits 20:0 of the resulting address are 0 in this case. Because of
|
|
|
|
|
* this, the PA generated as result of this translation is aligned to
|
|
|
|
|
* 2 MiB. The PA that was requested to be mapped is aligned to 4 KiB,
|
|
|
|
|
* though, which means that the resulting translation is incorrect.
|
|
|
|
|
* The only way to prevent this is by using a finer granularity.
|
|
|
|
|
*/
|
|
|
|
|
unsigned long long align_check;
|
|
|
|
|
|
|
|
|
|
align_check = mm->base_pa | (unsigned long long)mm->size;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Assume it is always aligned to level 3. There's no need to check that
|
|
|
|
|
* level because its block size is PAGE_SIZE. The checks to verify that
|
|
|
|
|
* the addresses and size are aligned to PAGE_SIZE are inside
|
|
|
|
|
* mmap_add_region.
|
|
|
|
|
*/
|
|
|
|
|
for (unsigned int level = ctx->base_level; level <= 2U; ++level) {
|
|
|
|
|
|
|
|
|
|
if ((align_check & XLAT_BLOCK_MASK(level)) != 0U)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
mm->base_va = round_up(mm->base_va, XLAT_BLOCK_SIZE(level));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void mmap_add_region_alloc_va_ctx(xlat_ctx_t *ctx, mmap_region_t *mm)
|
|
|
|
|
{
|
|
|
|
|
mm->base_va = ctx->max_va + 1UL;
|
|
|
|
|
|
|
|
|
|
assert(mm->size > 0U);
|
|
|
|
|
|
|
|
|
|
mmap_alloc_va_align_ctx(ctx, mm);
|
|
|
|
|
|
|
|
|
|
/* Detect overflows. More checks are done in mmap_add_region_check(). */
|
|
|
|
|
assert(mm->base_va > ctx->max_va);
|
|
|
|
|
|
|
|
|
|
mmap_add_region_ctx(ctx, mm);
|
|
|
|
|
}
|
|
|
|
|
|
xlat lib v2: Expose *_ctx() APIs
In a previous patch, the xlat_ctx_t type has been made public.
This patch now makes the *_ctx() APIs public.
Each API now has a *_ctx() variant. Most of them were already implemented
and this patch just makes them public. However, some of them were missing
so this patch introduces them.
Now that all these APIs are public, there's no good reason for splitting
them accross 2 files (xlat_tables_internal.c and xlat_tables_common.c).
Therefore, this patch moves all code into xlat_tables_internal.c and
removes xlat_tables_common.c. It removes it from the library's makefile
as well.
This last change introduces a compatibility break for platform ports
that specifically include the xlat_tables_common.c file instead of
including the library's Makefile. The UniPhier platform makefile has
been updated to now omit this file from the list of source files.
The prototype of mmap_add_region_ctx() has been slightly changed. The
mmap_region_t passed in argument needs to be constant because it gets
called from map_add(), which receives a constant region. The former
implementation of mmap_add() used to cast the const qualifier away,
which is not a good practice.
Also remove init_xlation_table(), which was a sub-function of
init_xlat_tables(). Now there's just init_xlat_tables() (and
init_xlat_tables_ctx()). Both names were too similar, which was
confusing. Besides, now that all the code is in a single file,
it's no longer needed to have 2 functions for that.
Change-Id: I4ed88c68e44561c3902fbebb89cb197279c5293b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-18 13:26:36 +01:00
|
|
|
void mmap_add_ctx(xlat_ctx_t *ctx, const mmap_region_t *mm)
|
|
|
|
|
{
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
const mmap_region_t *mm_cursor = mm;
|
|
|
|
|
|
2018-10-08 16:11:11 +01:00
|
|
|
while (mm_cursor->granularity != 0U) {
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
mmap_add_region_ctx(ctx, mm_cursor);
|
|
|
|
|
mm_cursor++;
|
xlat lib v2: Expose *_ctx() APIs
In a previous patch, the xlat_ctx_t type has been made public.
This patch now makes the *_ctx() APIs public.
Each API now has a *_ctx() variant. Most of them were already implemented
and this patch just makes them public. However, some of them were missing
so this patch introduces them.
Now that all these APIs are public, there's no good reason for splitting
them accross 2 files (xlat_tables_internal.c and xlat_tables_common.c).
Therefore, this patch moves all code into xlat_tables_internal.c and
removes xlat_tables_common.c. It removes it from the library's makefile
as well.
This last change introduces a compatibility break for platform ports
that specifically include the xlat_tables_common.c file instead of
including the library's Makefile. The UniPhier platform makefile has
been updated to now omit this file from the list of source files.
The prototype of mmap_add_region_ctx() has been slightly changed. The
mmap_region_t passed in argument needs to be constant because it gets
called from map_add(), which receives a constant region. The former
implementation of mmap_add() used to cast the const qualifier away,
which is not a good practice.
Also remove init_xlation_table(), which was a sub-function of
init_xlat_tables(). Now there's just init_xlat_tables() (and
init_xlat_tables_ctx()). Both names were too similar, which was
confusing. Besides, now that all the code is in a single file,
it's no longer needed to have 2 functions for that.
Change-Id: I4ed88c68e44561c3902fbebb89cb197279c5293b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-18 13:26:36 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-27 17:23:54 +00:00
|
|
|
#if PLAT_XLAT_TABLES_DYNAMIC
|
|
|
|
|
|
|
|
|
|
int mmap_add_dynamic_region_ctx(xlat_ctx_t *ctx, mmap_region_t *mm)
|
|
|
|
|
{
|
|
|
|
|
mmap_region_t *mm_cursor = ctx->mmap;
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
const mmap_region_t *mm_last = mm_cursor + ctx->mmap_num;
|
|
|
|
|
unsigned long long end_pa = mm->base_pa + mm->size - 1U;
|
|
|
|
|
uintptr_t end_va = mm->base_va + mm->size - 1U;
|
2017-02-27 17:23:54 +00:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
/* Nothing to do */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if (mm->size == 0U)
|
2017-02-27 17:23:54 +00:00
|
|
|
return 0;
|
|
|
|
|
|
2017-09-21 08:42:21 +01:00
|
|
|
/* Now this region is a dynamic one */
|
|
|
|
|
mm->attr |= MT_DYNAMIC;
|
|
|
|
|
|
|
|
|
|
ret = mmap_add_region_check(ctx, mm);
|
2017-02-27 17:23:54 +00:00
|
|
|
if (ret != 0)
|
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Find the adequate entry in the mmap array in the same way done for
|
|
|
|
|
* static regions in mmap_add_region_ctx().
|
|
|
|
|
*/
|
|
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
while (((mm_cursor->base_va + mm_cursor->size - 1U) < end_va)
|
|
|
|
|
&& (mm_cursor->size != 0U)) {
|
2017-02-27 17:23:54 +00:00
|
|
|
++mm_cursor;
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
}
|
2017-02-27 17:23:54 +00:00
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
while (((mm_cursor->base_va + mm_cursor->size - 1U) == end_va) &&
|
|
|
|
|
(mm_cursor->size != 0U) && (mm_cursor->size < mm->size)) {
|
2017-02-27 17:23:54 +00:00
|
|
|
++mm_cursor;
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
}
|
2017-02-27 17:23:54 +00:00
|
|
|
|
|
|
|
|
/* Make room for new region by moving other regions up by one place */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
(void)memmove(mm_cursor + 1U, mm_cursor,
|
2017-09-21 08:42:21 +01:00
|
|
|
(uintptr_t)mm_last - (uintptr_t)mm_cursor);
|
2017-02-27 17:23:54 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check we haven't lost the empty sentinal from the end of the array.
|
|
|
|
|
* This shouldn't happen as we have checked in mmap_add_region_check
|
|
|
|
|
* that there is free space.
|
|
|
|
|
*/
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
assert(mm_last->size == 0U);
|
2017-02-27 17:23:54 +00:00
|
|
|
|
2017-09-12 10:31:49 +01:00
|
|
|
*mm_cursor = *mm;
|
2017-02-27 17:23:54 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Update the translation tables if the xlat tables are initialized. If
|
|
|
|
|
* not, this region will be mapped when they are initialized.
|
|
|
|
|
*/
|
2018-08-02 09:57:29 +01:00
|
|
|
if (ctx->initialized) {
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
end_va = xlat_tables_map_region(ctx, mm_cursor,
|
|
|
|
|
0U, ctx->base_table, ctx->base_table_entries,
|
2017-09-21 08:42:21 +01:00
|
|
|
ctx->base_level);
|
xlat v2: Flush xlat tables after being modified
During cold boot, the initial translation tables are created with data
caches disabled, so all modifications go to memory directly. After the
MMU is enabled and data cache is enabled, any modification to the tables
goes to data cache, and eventually may get flushed to memory.
If CPU0 modifies the tables while CPU1 is off, CPU0 will have the
modified tables in its data cache. When CPU1 is powered on, the MMU is
enabled, then it enables coherency, and then it enables the data cache.
Until this is done, CPU1 isn't in coherency, and the translation tables
it sees can be outdated if CPU0 still has some modified entries in its
data cache.
This can be a problem in some cases. For example, the warm boot code
uses only the tables mapped during cold boot, which don't normally
change. However, if they are modified (and a RO page is made RW, or a XN
page is made executable) the CPU will see the old attributes and crash
when it tries to access it.
This doesn't happen in systems with HW_ASSISTED_COHERENCY or
WARMBOOT_ENABLE_DCACHE_EARLY. In these systems, the data cache is
enabled at the same time as the MMU. As soon as this happens, the CPU is
in coherency.
There was an attempt of a fix in psci_helpers.S, but it didn't solve the
problem. That code has been deleted. The code was introduced in commit
<264410306381> ("Invalidate TLB entries during warm boot").
Now, during a map or unmap operation, the memory associated to each
modified table is flushed. Traversing a table will also flush it's
memory, as there is no way to tell in the current implementation if the
table that has been traversed has also been modified.
Change-Id: I4b520bca27502f1018878061bc5fb82af740bb92
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-08-07 12:47:12 +01:00
|
|
|
#if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
|
|
|
|
|
xlat_clean_dcache_range((uintptr_t)ctx->base_table,
|
|
|
|
|
ctx->base_table_entries * sizeof(uint64_t));
|
|
|
|
|
#endif
|
2017-02-27 17:23:54 +00:00
|
|
|
/* Failed to map, remove mmap entry, unmap and return error. */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if (end_va != (mm_cursor->base_va + mm_cursor->size - 1U)) {
|
|
|
|
|
(void)memmove(mm_cursor, mm_cursor + 1U,
|
2017-09-21 08:42:21 +01:00
|
|
|
(uintptr_t)mm_last - (uintptr_t)mm_cursor);
|
2017-02-27 17:23:54 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check if the mapping function actually managed to map
|
|
|
|
|
* anything. If not, just return now.
|
|
|
|
|
*/
|
2018-01-05 11:30:36 +00:00
|
|
|
if (mm->base_va >= end_va)
|
2017-02-27 17:23:54 +00:00
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
/*
|
2017-09-21 08:42:21 +01:00
|
|
|
* Something went wrong after mapping some table
|
|
|
|
|
* entries, undo every change done up to this point.
|
2017-02-27 17:23:54 +00:00
|
|
|
*/
|
|
|
|
|
mmap_region_t unmap_mm = {
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
.base_pa = 0U,
|
2017-02-27 17:23:54 +00:00
|
|
|
.base_va = mm->base_va,
|
|
|
|
|
.size = end_va - mm->base_va,
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
.attr = 0U
|
2017-02-27 17:23:54 +00:00
|
|
|
};
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
xlat_tables_unmap_region(ctx, &unmap_mm, 0U,
|
|
|
|
|
ctx->base_table, ctx->base_table_entries,
|
|
|
|
|
ctx->base_level);
|
xlat v2: Flush xlat tables after being modified
During cold boot, the initial translation tables are created with data
caches disabled, so all modifications go to memory directly. After the
MMU is enabled and data cache is enabled, any modification to the tables
goes to data cache, and eventually may get flushed to memory.
If CPU0 modifies the tables while CPU1 is off, CPU0 will have the
modified tables in its data cache. When CPU1 is powered on, the MMU is
enabled, then it enables coherency, and then it enables the data cache.
Until this is done, CPU1 isn't in coherency, and the translation tables
it sees can be outdated if CPU0 still has some modified entries in its
data cache.
This can be a problem in some cases. For example, the warm boot code
uses only the tables mapped during cold boot, which don't normally
change. However, if they are modified (and a RO page is made RW, or a XN
page is made executable) the CPU will see the old attributes and crash
when it tries to access it.
This doesn't happen in systems with HW_ASSISTED_COHERENCY or
WARMBOOT_ENABLE_DCACHE_EARLY. In these systems, the data cache is
enabled at the same time as the MMU. As soon as this happens, the CPU is
in coherency.
There was an attempt of a fix in psci_helpers.S, but it didn't solve the
problem. That code has been deleted. The code was introduced in commit
<264410306381> ("Invalidate TLB entries during warm boot").
Now, during a map or unmap operation, the memory associated to each
modified table is flushed. Traversing a table will also flush it's
memory, as there is no way to tell in the current implementation if the
table that has been traversed has also been modified.
Change-Id: I4b520bca27502f1018878061bc5fb82af740bb92
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-08-07 12:47:12 +01:00
|
|
|
#if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
|
|
|
|
|
xlat_clean_dcache_range((uintptr_t)ctx->base_table,
|
|
|
|
|
ctx->base_table_entries * sizeof(uint64_t));
|
|
|
|
|
#endif
|
2017-02-27 17:23:54 +00:00
|
|
|
return -ENOMEM;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Make sure that all entries are written to the memory. There
|
|
|
|
|
* is no need to invalidate entries when mapping dynamic regions
|
|
|
|
|
* because new table/block/page descriptors only replace old
|
|
|
|
|
* invalid descriptors, that aren't TLB cached.
|
|
|
|
|
*/
|
|
|
|
|
dsbishst();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (end_pa > ctx->max_pa)
|
|
|
|
|
ctx->max_pa = end_pa;
|
|
|
|
|
if (end_va > ctx->max_va)
|
|
|
|
|
ctx->max_va = end_va;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-20 16:03:11 +00:00
|
|
|
int mmap_add_dynamic_region_alloc_va_ctx(xlat_ctx_t *ctx, mmap_region_t *mm)
|
|
|
|
|
{
|
|
|
|
|
mm->base_va = ctx->max_va + 1UL;
|
|
|
|
|
|
|
|
|
|
if (mm->size == 0U)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
mmap_alloc_va_align_ctx(ctx, mm);
|
|
|
|
|
|
|
|
|
|
/* Detect overflows. More checks are done in mmap_add_region_check(). */
|
|
|
|
|
if (mm->base_va < ctx->max_va) {
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return mmap_add_dynamic_region_ctx(ctx, mm);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-27 17:23:54 +00:00
|
|
|
/*
|
|
|
|
|
* Removes the region with given base Virtual Address and size from the given
|
|
|
|
|
* context.
|
|
|
|
|
*
|
|
|
|
|
* Returns:
|
|
|
|
|
* 0: Success.
|
|
|
|
|
* EINVAL: Invalid values were used as arguments (region not found).
|
|
|
|
|
* EPERM: Tried to remove a static region.
|
|
|
|
|
*/
|
|
|
|
|
int mmap_remove_dynamic_region_ctx(xlat_ctx_t *ctx, uintptr_t base_va,
|
|
|
|
|
size_t size)
|
|
|
|
|
{
|
|
|
|
|
mmap_region_t *mm = ctx->mmap;
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
const mmap_region_t *mm_last = mm + ctx->mmap_num;
|
2017-02-27 17:23:54 +00:00
|
|
|
int update_max_va_needed = 0;
|
|
|
|
|
int update_max_pa_needed = 0;
|
|
|
|
|
|
|
|
|
|
/* Check sanity of mmap array. */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
assert(mm[ctx->mmap_num].size == 0U);
|
2017-02-27 17:23:54 +00:00
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
while (mm->size != 0U) {
|
2017-02-27 17:23:54 +00:00
|
|
|
if ((mm->base_va == base_va) && (mm->size == size))
|
|
|
|
|
break;
|
|
|
|
|
++mm;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check that the region was found */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if (mm->size == 0U)
|
2017-02-27 17:23:54 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
/* If the region is static it can't be removed */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if ((mm->attr & MT_DYNAMIC) == 0U)
|
2017-02-27 17:23:54 +00:00
|
|
|
return -EPERM;
|
|
|
|
|
|
|
|
|
|
/* Check if this region is using the top VAs or PAs. */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if ((mm->base_va + mm->size - 1U) == ctx->max_va)
|
2017-02-27 17:23:54 +00:00
|
|
|
update_max_va_needed = 1;
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if ((mm->base_pa + mm->size - 1U) == ctx->max_pa)
|
2017-02-27 17:23:54 +00:00
|
|
|
update_max_pa_needed = 1;
|
|
|
|
|
|
|
|
|
|
/* Update the translation tables if needed */
|
2018-08-02 09:57:29 +01:00
|
|
|
if (ctx->initialized) {
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
xlat_tables_unmap_region(ctx, mm, 0U, ctx->base_table,
|
2017-02-27 17:23:54 +00:00
|
|
|
ctx->base_table_entries,
|
|
|
|
|
ctx->base_level);
|
xlat v2: Flush xlat tables after being modified
During cold boot, the initial translation tables are created with data
caches disabled, so all modifications go to memory directly. After the
MMU is enabled and data cache is enabled, any modification to the tables
goes to data cache, and eventually may get flushed to memory.
If CPU0 modifies the tables while CPU1 is off, CPU0 will have the
modified tables in its data cache. When CPU1 is powered on, the MMU is
enabled, then it enables coherency, and then it enables the data cache.
Until this is done, CPU1 isn't in coherency, and the translation tables
it sees can be outdated if CPU0 still has some modified entries in its
data cache.
This can be a problem in some cases. For example, the warm boot code
uses only the tables mapped during cold boot, which don't normally
change. However, if they are modified (and a RO page is made RW, or a XN
page is made executable) the CPU will see the old attributes and crash
when it tries to access it.
This doesn't happen in systems with HW_ASSISTED_COHERENCY or
WARMBOOT_ENABLE_DCACHE_EARLY. In these systems, the data cache is
enabled at the same time as the MMU. As soon as this happens, the CPU is
in coherency.
There was an attempt of a fix in psci_helpers.S, but it didn't solve the
problem. That code has been deleted. The code was introduced in commit
<264410306381> ("Invalidate TLB entries during warm boot").
Now, during a map or unmap operation, the memory associated to each
modified table is flushed. Traversing a table will also flush it's
memory, as there is no way to tell in the current implementation if the
table that has been traversed has also been modified.
Change-Id: I4b520bca27502f1018878061bc5fb82af740bb92
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-08-07 12:47:12 +01:00
|
|
|
#if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
|
|
|
|
|
xlat_clean_dcache_range((uintptr_t)ctx->base_table,
|
|
|
|
|
ctx->base_table_entries * sizeof(uint64_t));
|
|
|
|
|
#endif
|
2017-02-27 17:23:54 +00:00
|
|
|
xlat_arch_tlbi_va_sync();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Remove this region by moving the rest down by one place. */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
(void)memmove(mm, mm + 1U, (uintptr_t)mm_last - (uintptr_t)mm);
|
2017-02-27 17:23:54 +00:00
|
|
|
|
|
|
|
|
/* Check if we need to update the max VAs and PAs */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if (update_max_va_needed == 1) {
|
|
|
|
|
ctx->max_va = 0U;
|
2017-02-27 17:23:54 +00:00
|
|
|
mm = ctx->mmap;
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
while (mm->size != 0U) {
|
|
|
|
|
if ((mm->base_va + mm->size - 1U) > ctx->max_va)
|
|
|
|
|
ctx->max_va = mm->base_va + mm->size - 1U;
|
2017-02-27 17:23:54 +00:00
|
|
|
++mm;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if (update_max_pa_needed == 1) {
|
|
|
|
|
ctx->max_pa = 0U;
|
2017-02-27 17:23:54 +00:00
|
|
|
mm = ctx->mmap;
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
while (mm->size != 0U) {
|
|
|
|
|
if ((mm->base_pa + mm->size - 1U) > ctx->max_pa)
|
|
|
|
|
ctx->max_pa = mm->base_pa + mm->size - 1U;
|
2017-02-27 17:23:54 +00:00
|
|
|
++mm;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-30 11:36:47 +00:00
|
|
|
void xlat_setup_dynamic_ctx(xlat_ctx_t *ctx, unsigned long long pa_max,
|
|
|
|
|
uintptr_t va_max, struct mmap_region *mmap,
|
|
|
|
|
unsigned int mmap_num, uint64_t **tables,
|
|
|
|
|
unsigned int tables_num, uint64_t *base_table,
|
|
|
|
|
int xlat_regime, int *mapped_regions)
|
|
|
|
|
{
|
|
|
|
|
ctx->xlat_regime = xlat_regime;
|
|
|
|
|
|
|
|
|
|
ctx->pa_max_address = pa_max;
|
|
|
|
|
ctx->va_max_address = va_max;
|
|
|
|
|
|
|
|
|
|
ctx->mmap = mmap;
|
|
|
|
|
ctx->mmap_num = mmap_num;
|
|
|
|
|
memset(ctx->mmap, 0, sizeof(struct mmap_region) * mmap_num);
|
|
|
|
|
|
|
|
|
|
ctx->tables = (void *) tables;
|
|
|
|
|
ctx->tables_num = tables_num;
|
|
|
|
|
|
|
|
|
|
uintptr_t va_space_size = va_max + 1;
|
|
|
|
|
ctx->base_level = GET_XLAT_TABLE_LEVEL_BASE(va_space_size);
|
|
|
|
|
ctx->base_table = base_table;
|
|
|
|
|
ctx->base_table_entries = GET_NUM_BASE_LEVEL_ENTRIES(va_space_size);
|
|
|
|
|
|
|
|
|
|
ctx->tables_mapped_regions = mapped_regions;
|
|
|
|
|
|
|
|
|
|
ctx->max_pa = 0;
|
|
|
|
|
ctx->max_va = 0;
|
|
|
|
|
ctx->initialized = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-27 17:23:54 +00:00
|
|
|
#endif /* PLAT_XLAT_TABLES_DYNAMIC */
|
|
|
|
|
|
2018-08-30 16:48:56 +01:00
|
|
|
void __init init_xlat_tables_ctx(xlat_ctx_t *ctx)
|
2017-03-08 14:40:23 +00:00
|
|
|
{
|
2017-10-04 16:52:15 +01:00
|
|
|
assert(ctx != NULL);
|
2018-08-02 09:57:29 +01:00
|
|
|
assert(!ctx->initialized);
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
assert((ctx->xlat_regime == EL3_REGIME) ||
|
2018-08-07 19:59:49 +01:00
|
|
|
(ctx->xlat_regime == EL2_REGIME) ||
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
(ctx->xlat_regime == EL1_EL0_REGIME));
|
2018-08-02 09:57:29 +01:00
|
|
|
assert(!is_mmu_enabled_ctx(ctx));
|
xlat lib v2: Expose *_ctx() APIs
In a previous patch, the xlat_ctx_t type has been made public.
This patch now makes the *_ctx() APIs public.
Each API now has a *_ctx() variant. Most of them were already implemented
and this patch just makes them public. However, some of them were missing
so this patch introduces them.
Now that all these APIs are public, there's no good reason for splitting
them accross 2 files (xlat_tables_internal.c and xlat_tables_common.c).
Therefore, this patch moves all code into xlat_tables_internal.c and
removes xlat_tables_common.c. It removes it from the library's makefile
as well.
This last change introduces a compatibility break for platform ports
that specifically include the xlat_tables_common.c file instead of
including the library's Makefile. The UniPhier platform makefile has
been updated to now omit this file from the list of source files.
The prototype of mmap_add_region_ctx() has been slightly changed. The
mmap_region_t passed in argument needs to be constant because it gets
called from map_add(), which receives a constant region. The former
implementation of mmap_add() used to cast the const qualifier away,
which is not a good practice.
Also remove init_xlation_table(), which was a sub-function of
init_xlat_tables(). Now there's just init_xlat_tables() (and
init_xlat_tables_ctx()). Both names were too similar, which was
confusing. Besides, now that all the code is in a single file,
it's no longer needed to have 2 functions for that.
Change-Id: I4ed88c68e44561c3902fbebb89cb197279c5293b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-18 13:26:36 +01:00
|
|
|
|
2017-10-04 16:52:15 +01:00
|
|
|
mmap_region_t *mm = ctx->mmap;
|
xlat lib v2: Expose *_ctx() APIs
In a previous patch, the xlat_ctx_t type has been made public.
This patch now makes the *_ctx() APIs public.
Each API now has a *_ctx() variant. Most of them were already implemented
and this patch just makes them public. However, some of them were missing
so this patch introduces them.
Now that all these APIs are public, there's no good reason for splitting
them accross 2 files (xlat_tables_internal.c and xlat_tables_common.c).
Therefore, this patch moves all code into xlat_tables_internal.c and
removes xlat_tables_common.c. It removes it from the library's makefile
as well.
This last change introduces a compatibility break for platform ports
that specifically include the xlat_tables_common.c file instead of
including the library's Makefile. The UniPhier platform makefile has
been updated to now omit this file from the list of source files.
The prototype of mmap_add_region_ctx() has been slightly changed. The
mmap_region_t passed in argument needs to be constant because it gets
called from map_add(), which receives a constant region. The former
implementation of mmap_add() used to cast the const qualifier away,
which is not a good practice.
Also remove init_xlation_table(), which was a sub-function of
init_xlat_tables(). Now there's just init_xlat_tables() (and
init_xlat_tables_ctx()). Both names were too similar, which was
confusing. Besides, now that all the code is in a single file,
it's no longer needed to have 2 functions for that.
Change-Id: I4ed88c68e44561c3902fbebb89cb197279c5293b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-18 13:26:36 +01:00
|
|
|
|
2019-01-25 11:36:01 +00:00
|
|
|
assert(ctx->va_max_address >=
|
|
|
|
|
(xlat_get_min_virt_addr_space_size() - 1U));
|
|
|
|
|
assert(ctx->va_max_address <= (MAX_VIRT_ADDR_SPACE_SIZE - 1U));
|
|
|
|
|
assert(IS_POWER_OF_TWO(ctx->va_max_address + 1U));
|
|
|
|
|
|
2018-07-03 11:58:49 +01:00
|
|
|
xlat_mmap_print(mm);
|
xlat lib v2: Expose *_ctx() APIs
In a previous patch, the xlat_ctx_t type has been made public.
This patch now makes the *_ctx() APIs public.
Each API now has a *_ctx() variant. Most of them were already implemented
and this patch just makes them public. However, some of them were missing
so this patch introduces them.
Now that all these APIs are public, there's no good reason for splitting
them accross 2 files (xlat_tables_internal.c and xlat_tables_common.c).
Therefore, this patch moves all code into xlat_tables_internal.c and
removes xlat_tables_common.c. It removes it from the library's makefile
as well.
This last change introduces a compatibility break for platform ports
that specifically include the xlat_tables_common.c file instead of
including the library's Makefile. The UniPhier platform makefile has
been updated to now omit this file from the list of source files.
The prototype of mmap_add_region_ctx() has been slightly changed. The
mmap_region_t passed in argument needs to be constant because it gets
called from map_add(), which receives a constant region. The former
implementation of mmap_add() used to cast the const qualifier away,
which is not a good practice.
Also remove init_xlation_table(), which was a sub-function of
init_xlat_tables(). Now there's just init_xlat_tables() (and
init_xlat_tables_ctx()). Both names were too similar, which was
confusing. Besides, now that all the code is in a single file,
it's no longer needed to have 2 functions for that.
Change-Id: I4ed88c68e44561c3902fbebb89cb197279c5293b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-18 13:26:36 +01:00
|
|
|
|
2017-03-08 14:40:23 +00:00
|
|
|
/* All tables must be zeroed before mapping any region. */
|
|
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
for (unsigned int i = 0U; i < ctx->base_table_entries; i++)
|
2017-03-08 14:40:23 +00:00
|
|
|
ctx->base_table[i] = INVALID_DESC;
|
|
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
for (int j = 0; j < ctx->tables_num; j++) {
|
2017-02-27 17:23:54 +00:00
|
|
|
#if PLAT_XLAT_TABLES_DYNAMIC
|
|
|
|
|
ctx->tables_mapped_regions[j] = 0;
|
|
|
|
|
#endif
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
for (unsigned int i = 0U; i < XLAT_TABLE_ENTRIES; i++)
|
2017-03-08 14:40:23 +00:00
|
|
|
ctx->tables[j][i] = INVALID_DESC;
|
|
|
|
|
}
|
|
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
while (mm->size != 0U) {
|
|
|
|
|
uintptr_t end_va = xlat_tables_map_region(ctx, mm, 0U,
|
|
|
|
|
ctx->base_table, ctx->base_table_entries,
|
|
|
|
|
ctx->base_level);
|
xlat v2: Flush xlat tables after being modified
During cold boot, the initial translation tables are created with data
caches disabled, so all modifications go to memory directly. After the
MMU is enabled and data cache is enabled, any modification to the tables
goes to data cache, and eventually may get flushed to memory.
If CPU0 modifies the tables while CPU1 is off, CPU0 will have the
modified tables in its data cache. When CPU1 is powered on, the MMU is
enabled, then it enables coherency, and then it enables the data cache.
Until this is done, CPU1 isn't in coherency, and the translation tables
it sees can be outdated if CPU0 still has some modified entries in its
data cache.
This can be a problem in some cases. For example, the warm boot code
uses only the tables mapped during cold boot, which don't normally
change. However, if they are modified (and a RO page is made RW, or a XN
page is made executable) the CPU will see the old attributes and crash
when it tries to access it.
This doesn't happen in systems with HW_ASSISTED_COHERENCY or
WARMBOOT_ENABLE_DCACHE_EARLY. In these systems, the data cache is
enabled at the same time as the MMU. As soon as this happens, the CPU is
in coherency.
There was an attempt of a fix in psci_helpers.S, but it didn't solve the
problem. That code has been deleted. The code was introduced in commit
<264410306381> ("Invalidate TLB entries during warm boot").
Now, during a map or unmap operation, the memory associated to each
modified table is flushed. Traversing a table will also flush it's
memory, as there is no way to tell in the current implementation if the
table that has been traversed has also been modified.
Change-Id: I4b520bca27502f1018878061bc5fb82af740bb92
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-08-07 12:47:12 +01:00
|
|
|
#if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
|
|
|
|
|
xlat_clean_dcache_range((uintptr_t)ctx->base_table,
|
|
|
|
|
ctx->base_table_entries * sizeof(uint64_t));
|
|
|
|
|
#endif
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
if (end_va != (mm->base_va + mm->size - 1U)) {
|
2017-02-27 17:23:54 +00:00
|
|
|
ERROR("Not enough memory to map region:\n"
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
" VA:0x%lx PA:0x%llx size:0x%zx attr:0x%x\n",
|
|
|
|
|
mm->base_va, mm->base_pa, mm->size, mm->attr);
|
2017-02-27 17:23:54 +00:00
|
|
|
panic();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mm++;
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-11 15:11:10 +01:00
|
|
|
assert(ctx->pa_max_address <= xlat_arch_get_max_supported_pa());
|
xlat lib v2: Expose *_ctx() APIs
In a previous patch, the xlat_ctx_t type has been made public.
This patch now makes the *_ctx() APIs public.
Each API now has a *_ctx() variant. Most of them were already implemented
and this patch just makes them public. However, some of them were missing
so this patch introduces them.
Now that all these APIs are public, there's no good reason for splitting
them accross 2 files (xlat_tables_internal.c and xlat_tables_common.c).
Therefore, this patch moves all code into xlat_tables_internal.c and
removes xlat_tables_common.c. It removes it from the library's makefile
as well.
This last change introduces a compatibility break for platform ports
that specifically include the xlat_tables_common.c file instead of
including the library's Makefile. The UniPhier platform makefile has
been updated to now omit this file from the list of source files.
The prototype of mmap_add_region_ctx() has been slightly changed. The
mmap_region_t passed in argument needs to be constant because it gets
called from map_add(), which receives a constant region. The former
implementation of mmap_add() used to cast the const qualifier away,
which is not a good practice.
Also remove init_xlation_table(), which was a sub-function of
init_xlat_tables(). Now there's just init_xlat_tables() (and
init_xlat_tables_ctx()). Both names were too similar, which was
confusing. Besides, now that all the code is in a single file,
it's no longer needed to have 2 functions for that.
Change-Id: I4ed88c68e44561c3902fbebb89cb197279c5293b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-18 13:26:36 +01:00
|
|
|
assert(ctx->max_va <= ctx->va_max_address);
|
|
|
|
|
assert(ctx->max_pa <= ctx->pa_max_address);
|
|
|
|
|
|
2018-08-02 09:57:29 +01:00
|
|
|
ctx->initialized = true;
|
2017-05-31 13:31:48 +01:00
|
|
|
|
|
|
|
|
xlat_tables_print(ctx);
|
xlat lib v2: Expose *_ctx() APIs
In a previous patch, the xlat_ctx_t type has been made public.
This patch now makes the *_ctx() APIs public.
Each API now has a *_ctx() variant. Most of them were already implemented
and this patch just makes them public. However, some of them were missing
so this patch introduces them.
Now that all these APIs are public, there's no good reason for splitting
them accross 2 files (xlat_tables_internal.c and xlat_tables_common.c).
Therefore, this patch moves all code into xlat_tables_internal.c and
removes xlat_tables_common.c. It removes it from the library's makefile
as well.
This last change introduces a compatibility break for platform ports
that specifically include the xlat_tables_common.c file instead of
including the library's Makefile. The UniPhier platform makefile has
been updated to now omit this file from the list of source files.
The prototype of mmap_add_region_ctx() has been slightly changed. The
mmap_region_t passed in argument needs to be constant because it gets
called from map_add(), which receives a constant region. The former
implementation of mmap_add() used to cast the const qualifier away,
which is not a good practice.
Also remove init_xlation_table(), which was a sub-function of
init_xlat_tables(). Now there's just init_xlat_tables() (and
init_xlat_tables_ctx()). Both names were too similar, which was
confusing. Besides, now that all the code is in a single file,
it's no longer needed to have 2 functions for that.
Change-Id: I4ed88c68e44561c3902fbebb89cb197279c5293b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2017-07-18 13:26:36 +01:00
|
|
|
}
|
