The codebase was using non-standard headers. It is needed to replace
them by the correct ones so that we can use the new libc headers.
Change-Id: I530f71d9510cb036e69fe79823c8230afe890b9d
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This library can be used in other projects. All comments that talk about
the Trusted Firmware should be talking about the library itself.
Change-Id: I3b98d42f7132be72c1f8a4900acfaa78dbd2daa2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The values defined in this type are used in logical operations, which
goes against MISRA Rule 10.1: "Operands shall not be of an inappropriate
essential type".
Now, `unsigned int` is used instead. This also allows us to move the
dynamic mapping bit from 30 to 31. It was an undefined behaviour in the
past because an enum is signed by default, and bit 31 corresponds to the
sign bit. It is undefined behaviour to modify the sign bit. Now, bit 31
is free to use as it was originally meant to be.
mmap_attr_t is now defined as an `unsigned int` for backwards
compatibility.
Change-Id: I6b31218c14b9c7fdabebe432de7fae6e90a97f34
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
According to the ARMv8 ARM issue C.a:
AP[1] is valid only for stage 1 of a translation regime that can
support two VA ranges. It is RES 1 when stage 1 translations can
support only one VA range.
This means that, even though this bit is ignored, it should be set to 1
in the EL3 and EL2 translation regimes.
For translation regimes consisting on EL0 and a higher regime this bit
selects between control at EL0 or at the higher Exception level. The
regimes that support two VA ranges are EL1&0 and EL2&0 (the later one
is only available since ARMv8.1).
This fix has to be applied to both versions of the translation tables
library.
Change-Id: If19aaf588551bac7aeb6e9a686cf0c2068e7c181
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
MISRA C-2012 Rule 7.3 violation: lowercase l shall not be used as literal suffixes.
This patch resolves this for the ULL() macro by using ULL suffix instead
of the ull suffix.
Change-Id: Ia8183c399e74677e676956e8653e82375d0e0a01
Signed-off-by: David Cunado <david.cunado@arm.com>
A recent commit 030567e6f5 added U()/ULL()
macro to TF constants. This has caused some signed-unsigned comparison
warnings / errors in the TF static analysis.
This patch addresses these issues by migrating impacted variables from
signed ints to unsigned ints and vice verse where applicable.
Change-Id: I4b4c739a3fa64aaf13b69ad1702c66ec79247e53
Signed-off-by: David Cunado <david.cunado@arm.com>
To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.
NOTE: Files that have been imported by FreeBSD have not been modified.
[0]: https://spdx.org/
Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Translation regimes that only support one virtual address space (such as
the ones for EL2 and EL3) can flag memory regions as execute-never by
setting to 1 the XN bit in the Upper Attributes field in the translation
tables descriptors. Translation regimes that support two different
virtual address spaces (such as the one shared by EL1 and EL0) use bits
PXN and UXN instead.
The Trusted Firmware runs at EL3 and EL1, it has to handle translation
tables of both translation regimes, but the previous code handled both
regimes the same way, as if both had only 1 VA range.
When trying to set a descriptor as execute-never it would set the XN
bit correctly in EL3, but it would set the XN bit in EL1 as well. XN is
at the same bit position as UXN, which means that EL0 was being
prevented from executing code at this region, not EL1 as the code
intended. Therefore, the PXN bit was unset to 0 all the time. The result
is that, in AArch64 mode, read-only data sections of BL2 weren't
protected from being executed.
This patch adds support of translation regimes with two virtual address
spaces to both versions of the translation tables library, fixing the
execute-never permissions for translation tables in EL1.
The library currently does not support initializing translation tables
for EL0 software, therefore it does not set/unset the UXN bit. If EL1
software needs to initialize translation tables for EL0 software, it
should use a different library instead.
Change-Id: If27588f9820ff42988851d90dc92801c8ecbe0c9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-1 is not a defined mmap_attr_t type. Instead of using invalid enum
types, we can either choose to define a INVALID type OR handle the
condition specifically.
Since the usage of mmap_region_attr is limited, it is easier to just
handle the error condition specifically and return 0 or -1 depending
on success or fail.
Fixes: ARM-Software/tf-issues#473
Fixes: 28fa2e9ee8 ("xlat lib: Use mmap_attr_t type consistently")
Signed-off-by: Nishanth Menon <nm@ti.com>
This patch modifies both versions of the translation table library
to use the mmap_attr_t type consistently wherever it is manipulating
MT_* attributes variables. It used to use mmap_attr_t or plain integer
types interchangeably, which compiles fine because an enumeration type
can be silently converted to an integer, but which is semantically
incorrect.
This patch removes this assumption by using the abstract type
'mmap_attr_t' all the time.
Change-Id: Id1f099025d2cb962b275bb7e39ad2c4dbb4e366c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Many asserts depend on code that is conditionally compiled based on the
DEBUG define. This patch modifies the conditional inclusion of such code
so that it is based on the ENABLE_ASSERTIONS build option.
Change-Id: I6406674788aa7e1ad7c23d86ce94482ad3c382bd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
In AArch64, depending on the granularity of the translation tables,
level 0 and/or level 1 of the translation tables may not support block
descriptors, only table descriptors.
This patch introduces a check to make sure that, even if theoretically
it could be possible to create a block descriptor to map a big memory
region, a new subtable will be created to describe its mapping.
Change-Id: Ieb9c302206bfa33fbaf0cdc6a5a82516d32ae2a7
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Added the definitions `PLAT_PHY_ADDR_SPACE_SIZE` and
`PLAT_VIRT_ADDR_SPACE_SIZE` which specify respectively the physical
and virtual address space size a platform can use.
`ADDR_SPACE_SIZE` is now deprecated. To maintain compatibility, if any
of the previous defines aren't present, the value of `ADDR_SPACE_SIZE`
will be used instead.
For AArch64, register ID_AA64MMFR0_EL1 is checked to calculate the
max PA supported by the hardware and to verify that the previously
mentioned definition is valid. For AArch32, a 40 bit physical
address space is considered.
Added asserts to check for overflows.
Porting guide updated.
Change-Id: Ie8ce1da5967993f0c94dbd4eb9841fc03d5ef8d6
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Each translation table level entry can only map a given virtual
address onto physical addresses of the same granularity. For example,
with the current configuration, a level 2 entry maps blocks of 2 MB,
so the physical address must be aligned to 2 MB. If the address is not
aligned, the MMU will just ignore the lower bits.
This patch adds an assertion to make sure that physical addresses are
always aligned to the correct boundary.
Change-Id: I0ab43df71829d45cdbe323301b3053e08ca99c2c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Instead of hardcoding a level 1 table as the base translation level
table, let the code decide which level is the most appropriate given
the virtual address space size.
As the table granularity is 4 KB, this allows the code to select
level 0, 1 or 2 as base level for AArch64. This way, instead of
limiting the virtual address space width to 39-31 bits, widths of
48-25 bit can be used.
For AArch32, this change allows the code to select level 1 or 2
as the base translation level table and use virtual address space
width of 32-25 bits.
Also removed some unused definitions related to translation tables.
FixesARM-software/tf-issues#362
Change-Id: Ie3bb5d6d1a4730a26700b09827c79f37ca3cdb65
This patch fixes the translation table library for wraparound cases. These
cases are not expected to occur on AArch64 platforms because only the
48 bits of the 64 bit address space are used. But it is a possibility for
AArch32 platforms.
Change-Id: Ie7735f7ba2977019381e1c124800381471381499
This patch reworks type usage in generic code, drivers and ARM platform files
to make it more portable. The major changes done with respect to
type usage are as listed below:
* Use uintptr_t for storing address instead of uint64_t or unsigned long.
* Review usage of unsigned long as it can no longer be assumed to be 64 bit.
* Use u_register_t for register values whose width varies depending on
whether AArch64 or AArch32.
* Use generic C types where-ever possible.
In addition to the above changes, this patch also modifies format specifiers
in print invocations so that they are AArch64/AArch32 agnostic. Only files
related to upcoming feature development have been reworked.
Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
This patch introduces a new header file: include/lib/utils.h.
Its purpose is to provide generic macros and helper functions that
are independent of any BL image, architecture, platform and even
not specific to Trusted Firmware.
For now, it contains only 2 macros: ARRAY_SIZE() and
IS_POWER_OF_TWO(). These were previously defined in bl_common.h and
xlat_tables.c respectively.
bl_common.h includes utils.h to retain compatibility for platforms
that relied on bl_common.h for the ARRAY_SIZE() macro. Upstream
platform ports that use this macro have been updated to include
utils.h.
Change-Id: I960450f54134f25d1710bfbdc4184f12c049a9a9
This patch introduces the MT_EXECUTE/MT_EXECUTE_NEVER memory mapping
attributes in the translation table library to specify the
access permissions for instruction execution of a memory region.
These new attributes should be used only for normal, read-only
memory regions. For other types of memory, the translation table
library still enforces the following rules, regardless of the
MT_EXECUTE/MT_EXECUTE_NEVER attribute:
- Device memory is always marked as execute-never.
- Read-write normal memory is always marked as execute-never.
Change-Id: I8bd27800a8c1d8ac1559910caf4a4840cf25b8b0
This patch clarifies the mmap_desc() function by adding some comments
and reorganising its code. No functional change has been introduced.
Change-Id: I873493be17b4e60a89c1dc087dd908b425065401
This patch fixes the computation of the bitmask used to isolate
the level 1 field of a virtual address. The whole computation needs
to work on 64-bit values to produce the correct bitmask value.
XLAT_TABLE_ENTRIES_MASK being a C constant, it is a 32-bit value
so it needs to be extended to a 64-bit value before it takes part
in any other computation.
This patch fixes this bug by casting XLAT_TABLE_ENTRIES_MASK as
an unsigned long long.
Note that this bug doesn't manifest itself in practice because
address spaces larger than 39 bits are not yet supported in the
Trusted Firmware.
Change-Id: I955fd263ecb691ca94b29b9c9f576008ce1d87ee
The only case in which regions can now overlap is if they are
identity mapped or they have the same virtual to physical address
offset (identity mapping is just a particular case of the latter).
They must overlap completely (i.e. one of them must be completely
inside the other one) and not cover the same area.
This allow future enhancements to the xlat_tables library without
having to support unnecessarily complex edge cases.
Outer regions are now sorted by mmap_add_region() before inner
regions with the same base virtual address for consistency: all
regions contained inside another one must be placed after the outer
one in the list.
If an inner region has the same attributes as the outer ones it will
be merged when creating the tables with init_xlation_table(). This
cannot be done as regions are added because there may be cases where
adding a region makes previously mergeable regions no longer
mergeable.
If the attributes of an inner region are different than the outer
region, new pages will be generated regardless of how "restrictive"
they are. For example, RO memory is more restrictive than RW. The
old implementation would give priority to RO if there is an overlap,
the new one doesn't.
NOTE: THIS IS THEORETICALLY A COMPATABILITY BREAK FOR PLATFORMS THAT
USE THE XLAT_TABLES LIBRARY IN AN UNEXPECTED WAY. PLEASE RAISE A
TF-ISSUE IF YOUR PLATFORM IS AFFECTED.
Change-Id: I75fba5cf6db627c2ead70da3feb3cc648c4fe2af
The AArch32 long descriptor format and the AArch64 descriptor format
correspond to each other which allows possible sharing of xlat_tables
library code between AArch64 and AArch32. This patch refactors the
xlat_tables library code to seperate the common functionality from
architecture specific code. Prior to this patch, all of the xlat_tables
library code were in `lib/aarch64/xlat_tables.c` file. The refactored code
is now in `lib/xlat_tables/` directory. The AArch64 specific programming
for xlat_tables is in `lib/xlat_tables/aarch64/xlat_tables.c` and the rest
of the code common to AArch64 and AArch32 is in
`lib/xlat_tables/xlat_tables_common.c`. Also the data types used in
xlat_tables library APIs are reworked to make it compatible between AArch64
and AArch32.
The `lib/aarch64/xlat_tables.c` file now includes the new xlat_tables
library files to retain compatibility for existing platform ports.
The macros related to xlat_tables library are also moved from
`include/lib/aarch64/arch.h` to the header `include/lib/xlat_tables.h`.
NOTE: THE `lib/aarch64/xlat_tables.c` FILE IS DEPRECATED AND PLATFORM PORTS
ARE EXPECTED TO INCLUDE THE NEW XLAT_TABLES LIBRARY FILES IN THEIR MAKEFILES.
Change-Id: I3d17217d24aaf3a05a4685d642a31d4d56255a0f
Antonio Nino Diaz
David Cunado
dp-arm
Nishanth Menon
Sandrine Bailleux
Soby Mathew