2017-03-08 14:40:23 +00:00
|
|
|
/*
|
2021-07-08 23:23:04 +01:00
|
|
|
* Copyright (c) 2017-2021, Arm Limited and Contributors. All rights reserved.
|
2017-03-08 14:40:23 +00:00
|
|
|
*
|
2017-05-03 09:38:09 +01:00
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
2017-03-08 14:40:23 +00:00
|
|
|
*/
|
|
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
#ifndef XLAT_TABLES_PRIVATE_H
|
|
|
|
|
#define XLAT_TABLES_PRIVATE_H
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2018-08-02 09:57:29 +01:00
|
|
|
#include <stdbool.h>
|
2018-12-14 00:18:21 +00:00
|
|
|
|
|
|
|
|
#include <platform_def.h>
|
|
|
|
|
|
|
|
|
|
#include <lib/xlat_tables/xlat_tables_defs.h>
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2017-02-27 17:23:54 +00:00
|
|
|
#if PLAT_XLAT_TABLES_DYNAMIC
|
|
|
|
|
/*
|
2018-06-21 14:39:16 +01:00
|
|
|
* Private shifts and masks to access fields of an mmap attribute
|
2017-02-27 17:23:54 +00:00
|
|
|
*/
|
|
|
|
|
/* Dynamic or static */
|
2018-06-21 14:39:16 +01:00
|
|
|
#define MT_DYN_SHIFT U(31)
|
2017-02-27 17:23:54 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Memory mapping private attributes
|
|
|
|
|
*
|
2018-06-21 14:39:16 +01:00
|
|
|
* Private attributes not exposed in the public header.
|
2017-02-27 17:23:54 +00:00
|
|
|
*/
|
2018-06-21 14:39:16 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Regions mapped before the MMU can't be unmapped dynamically (they are
|
|
|
|
|
* static) and regions mapped with MMU enabled can be unmapped. This
|
|
|
|
|
* behaviour can't be overridden.
|
|
|
|
|
*
|
|
|
|
|
* Static regions can overlap each other, dynamic regions can't.
|
|
|
|
|
*/
|
|
|
|
|
#define MT_STATIC (U(0) << MT_DYN_SHIFT)
|
|
|
|
|
#define MT_DYNAMIC (U(1) << MT_DYN_SHIFT)
|
2017-02-27 17:23:54 +00:00
|
|
|
|
2017-04-25 14:09:47 +01:00
|
|
|
#endif /* PLAT_XLAT_TABLES_DYNAMIC */
|
|
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
extern uint64_t mmu_cfg_params[MMU_CFG_PARAM_MAX];
|
|
|
|
|
|
2021-07-08 23:23:04 +01:00
|
|
|
/* Determine the physical address space encoded in the 'attr' parameter. */
|
|
|
|
|
uint32_t xlat_arch_get_pas(uint32_t attr);
|
|
|
|
|
|
2018-07-05 08:11:48 +01:00
|
|
|
/*
|
|
|
|
|
* Return the execute-never mask that will prevent instruction fetch at the
|
|
|
|
|
* given translation regime.
|
|
|
|
|
*/
|
|
|
|
|
uint64_t xlat_arch_regime_get_xn_desc(int xlat_regime);
|
|
|
|
|
|
2017-02-27 17:23:54 +00:00
|
|
|
/*
|
2017-09-25 15:23:22 +01:00
|
|
|
* Invalidate all TLB entries that match the given virtual address. This
|
|
|
|
|
* operation applies to all PEs in the same Inner Shareable domain as the PE
|
|
|
|
|
* that executes this function. This functions must be called for every
|
2018-07-11 09:46:45 +01:00
|
|
|
* translation table entry that is modified. It only affects the specified
|
|
|
|
|
* translation regime.
|
2017-09-25 15:23:22 +01:00
|
|
|
*
|
|
|
|
|
* Note, however, that it is architecturally UNDEFINED to invalidate TLB entries
|
|
|
|
|
* pertaining to a higher exception level, e.g. invalidating EL3 entries from
|
|
|
|
|
* S-EL1.
|
2017-02-27 17:23:54 +00:00
|
|
|
*/
|
2018-07-11 09:46:45 +01:00
|
|
|
void xlat_arch_tlbi_va(uintptr_t va, int xlat_regime);
|
2017-02-27 17:23:54 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This function has to be called at the end of any code that uses the function
|
|
|
|
|
* xlat_arch_tlbi_va().
|
|
|
|
|
*/
|
|
|
|
|
void xlat_arch_tlbi_va_sync(void);
|
|
|
|
|
|
2017-03-08 14:40:23 +00:00
|
|
|
/* Print VA, PA, size and attributes of all regions in the mmap array. */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
void xlat_mmap_print(const mmap_region_t *mmap);
|
2017-03-08 14:40:23 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Print the current state of the translation tables by reading them from
|
|
|
|
|
* memory.
|
|
|
|
|
*/
|
|
|
|
|
void xlat_tables_print(xlat_ctx_t *ctx);
|
|
|
|
|
|
2018-07-03 11:58:49 +01:00
|
|
|
/*
|
|
|
|
|
* Returns a block/page table descriptor for the given level and attributes.
|
|
|
|
|
*/
|
|
|
|
|
uint64_t xlat_desc(const xlat_ctx_t *ctx, uint32_t attr,
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
unsigned long long addr_pa, unsigned int level);
|
2018-07-03 11:58:49 +01:00
|
|
|
|
2017-03-08 14:40:23 +00:00
|
|
|
/*
|
|
|
|
|
* Architecture-specific initialization code.
|
|
|
|
|
*/
|
|
|
|
|
|
Fix execute-never permissions in xlat tables libs
Translation regimes that only support one virtual address space (such as
the ones for EL2 and EL3) can flag memory regions as execute-never by
setting to 1 the XN bit in the Upper Attributes field in the translation
tables descriptors. Translation regimes that support two different
virtual address spaces (such as the one shared by EL1 and EL0) use bits
PXN and UXN instead.
The Trusted Firmware runs at EL3 and EL1, it has to handle translation
tables of both translation regimes, but the previous code handled both
regimes the same way, as if both had only 1 VA range.
When trying to set a descriptor as execute-never it would set the XN
bit correctly in EL3, but it would set the XN bit in EL1 as well. XN is
at the same bit position as UXN, which means that EL0 was being
prevented from executing code at this region, not EL1 as the code
intended. Therefore, the PXN bit was unset to 0 all the time. The result
is that, in AArch64 mode, read-only data sections of BL2 weren't
protected from being executed.
This patch adds support of translation regimes with two virtual address
spaces to both versions of the translation tables library, fixing the
execute-never permissions for translation tables in EL1.
The library currently does not support initializing translation tables
for EL0 software, therefore it does not set/unset the UXN bit. If EL1
software needs to initialize translation tables for EL0 software, it
should use a different library instead.
Change-Id: If27588f9820ff42988851d90dc92801c8ecbe0c9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2017-04-27 13:30:22 +01:00
|
|
|
/* Returns the current Exception Level. The returned EL must be 1 or higher. */
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
unsigned int xlat_arch_current_el(void);
|
Fix execute-never permissions in xlat tables libs
Translation regimes that only support one virtual address space (such as
the ones for EL2 and EL3) can flag memory regions as execute-never by
setting to 1 the XN bit in the Upper Attributes field in the translation
tables descriptors. Translation regimes that support two different
virtual address spaces (such as the one shared by EL1 and EL0) use bits
PXN and UXN instead.
The Trusted Firmware runs at EL3 and EL1, it has to handle translation
tables of both translation regimes, but the previous code handled both
regimes the same way, as if both had only 1 VA range.
When trying to set a descriptor as execute-never it would set the XN
bit correctly in EL3, but it would set the XN bit in EL1 as well. XN is
at the same bit position as UXN, which means that EL0 was being
prevented from executing code at this region, not EL1 as the code
intended. Therefore, the PXN bit was unset to 0 all the time. The result
is that, in AArch64 mode, read-only data sections of BL2 weren't
protected from being executed.
This patch adds support of translation regimes with two virtual address
spaces to both versions of the translation tables library, fixing the
execute-never permissions for translation tables in EL1.
The library currently does not support initializing translation tables
for EL0 software, therefore it does not set/unset the UXN bit. If EL1
software needs to initialize translation tables for EL0 software, it
should use a different library instead.
Change-Id: If27588f9820ff42988851d90dc92801c8ecbe0c9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2017-04-27 13:30:22 +01:00
|
|
|
|
2017-05-31 13:31:48 +01:00
|
|
|
/*
|
|
|
|
|
* Return the maximum physical address supported by the hardware.
|
|
|
|
|
* This value depends on the execution state (AArch32/AArch64).
|
|
|
|
|
*/
|
|
|
|
|
unsigned long long xlat_arch_get_max_supported_pa(void);
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2017-10-04 16:52:15 +01:00
|
|
|
/*
|
2018-08-02 09:57:29 +01:00
|
|
|
* Returns true if the MMU of the translation regime managed by the given
|
|
|
|
|
* xlat_ctx_t is enabled, false otherwise.
|
2017-10-04 16:52:15 +01:00
|
|
|
*/
|
2018-08-02 09:57:29 +01:00
|
|
|
bool is_mmu_enabled_ctx(const xlat_ctx_t *ctx);
|
2017-03-08 14:40:23 +00:00
|
|
|
|
2019-01-25 11:36:01 +00:00
|
|
|
/*
|
|
|
|
|
* Returns minimum virtual address space size supported by the architecture
|
|
|
|
|
*/
|
|
|
|
|
uintptr_t xlat_get_min_virt_addr_space_size(void);
|
|
|
|
|
|
xlat: Fix MISRA defects
Fix defects of MISRA C-2012 rules 8.13, 10.1, 10.3, 10.4, 10.8, 11.6,
14.4, 15.7, 17.8, 20.10, 20.12, 21.1 and Directive 4.9.
Change-Id: I7ff61e71733908596dbafe2e99d99b4fce9765bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-07-24 10:20:53 +01:00
|
|
|
#endif /* XLAT_TABLES_PRIVATE_H */
|
