riscv: plat-virt: switch to dynamic shared memory

Enable dynamic shared memory for QEMU virt machine.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@an

riscv: plat-virt: switch to dynamic shared memory

Enable dynamic shared memory for QEMU virt machine.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: Add a reserved-memory node for static shared memory

To prevent Linux from using static shared memory, include the
dedicated reserved-memory node in the device tree.

Signed-off-by: Alvi

core: riscv: Add a reserved-memory node for static shared memory

To prevent Linux from using static shared memory, include the
dedicated reserved-memory node in the device tree.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: Fix store 32-bit thread_core_local flags

The thread_core_local flags is a 32-bit variable. Thus, we must
explicitly use "sw" instruction, which means store 32-bit value into
specific me

core: riscv: Fix store 32-bit thread_core_local flags

The thread_core_local flags is a 32-bit variable. Thus, we must
explicitly use "sw" instruction, which means store 32-bit value into
specific memory address, to operate the thread_core_local flags.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

riscv: plat-virt: Enable CFG_HWRNG_PTA

Enable CFG_HWRNG_PTA with the implementation of the RISC-V
Zkr driver which provides the hardware entropy source.

Signed-off-by: Alvin Chang <alvinga@andestec

riscv: plat-virt: Enable CFG_HWRNG_PTA

Enable CFG_HWRNG_PTA with the implementation of the RISC-V
Zkr driver which provides the hardware entropy source.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Add seed CSR detection helper

Any attempted access to unimplemented or restricted CSRs will
raise an illegal instruction, so we can set up a temporary
trap handler to validate if the us

core: riscv: Add seed CSR detection helper

Any attempted access to unimplemented or restricted CSRs will
raise an illegal instruction, so we can set up a temporary
trap handler to validate if the use of CSRs is allowed in
the privileged mode where OP-TEE OS is running. Add a helper
for this specific purpose.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Prepare SATP for each hart

To support multiple harts environment, we have allocated root page table
for each hart. Further more, we need to prepare value of CSR SATP, which
holds the ph

core: riscv: Prepare SATP for each hart

To support multiple harts environment, we have allocated root page table
for each hart. Further more, we need to prepare value of CSR SATP, which
holds the physical page number (PPN) of the root page table, for each
hart.

This commit enlarges the "struct core_mmu_config" for RISC-V
architecture to hold the value of CSR SATP for all the harts. In early
boot stage, each hart should initialize its CSR SATP from "struct
core_mmu_config".

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Allocate root page table for each hart

To support multiple hart environment, each hart must have its dedicated
root page table. This commit enlarges the root page table. Also, when
the

core: riscv: Allocate root page table for each hart

To support multiple hart environment, each hart must have its dedicated
root page table. This commit enlarges the root page table. Also, when
the primary hart initializes the page table, we also copy the contents
of its root page table to the secondary harts' root page tables.
Therefore, all the harts have initial page tables at the boot time.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: replace REGISTER_TIME_SOURCE()

Remove REGISTER_TIME_SOURCE() and implement tee_time_get_sys_time() and
tee_time_get_sys_time_protection_level() directly in the file where
REGISTER_TIME_SOURCE(

core: replace REGISTER_TIME_SOURCE()

Remove REGISTER_TIME_SOURCE() and implement tee_time_get_sys_time() and
tee_time_get_sys_time_protection_level() directly in the file where
REGISTER_TIME_SOURCE() was used previously.

By avoiding indirect calls the linker can optimize the dependency tree
properly and we can remove the DECLARE_KEEP_PAGER() directive needed for
arm_cntpct_time_source.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: Apply SM-based boot flow for secondary harts

When the system adopts M-mode secure monitor based solution, the
secondary harts need to hand over the control back to the secure
monitor af

core: riscv: Apply SM-based boot flow for secondary harts

When the system adopts M-mode secure monitor based solution, the
secondary harts need to hand over the control back to the secure
monitor after the initial boot sequence. Add related code for this
purpose.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Do not restrict primary hart to hart ID 0 only

The ID of primary hart should not be restricted to zero. Thus,
determining primary hart and secondart harts by zero hart ID is not
feasibl

core: riscv: Do not restrict primary hart to hart ID 0 only

The ID of primary hart should not be restricted to zero. Thus,
determining primary hart and secondart harts by zero hart ID is not
feasible.

We refer to RISC-V linux kernel [1] to fix this issue, by adding a
"hart_lottery" variable. The first hart who enters OP-TEE will win the
lottery, atomically increment this variable, and be the primary hart.
Other harts enter OP-TEE later won't win the lottery, so they execute
the secondary boot sequence.

[1]:
https://github.com/torvalds/linux/blob/v6.7/arch/riscv/kernel/head.S#L244

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Change the condition of communication with untrusted domain

Use CFG_RISCV_WITH_M_MODE_SM to determine if OP-TEE uses M-mode secure
monitor based solution to communicate with the untruse

core: riscv: Change the condition of communication with untrusted domain

Use CFG_RISCV_WITH_M_MODE_SM to determine if OP-TEE uses M-mode secure
monitor based solution to communicate with the untrusetd domain.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

riscv: plat-virt: Set CFG_RISCV_WITH_M_MODE_SM as 'y'

In RISC-V QEMU virtual platform, OP-TEE OS uses M-mode secure monitor
based solution to communicate with the untrusted domain. Therefore, set
CF

riscv: plat-virt: Set CFG_RISCV_WITH_M_MODE_SM as 'y'

In RISC-V QEMU virtual platform, OP-TEE OS uses M-mode secure monitor
based solution to communicate with the untrusted domain. Therefore, set
CFG_RISCV_WITH_M_MODE_SM to 'y' in its configuration file.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Add CFG_RISCV_WITH_M_MODE_SM and dependency checking

OP-TEE may communicate with the untrusted domain by different solutions,
such as M-mode secure monitor based solution, or direct mes

core: riscv: Add CFG_RISCV_WITH_M_MODE_SM and dependency checking

OP-TEE may communicate with the untrusted domain by different solutions,
such as M-mode secure monitor based solution, or direct messaging based
solution. This commit adds CFG_RISCV_WITH_M_MODE_SM to indicate that
OP-TEE uses M-mode secure monitor based solution for the communication.

The CFG_RISCV_WITH_M_MODE_SM should depend on CFG_RISCV_S_MODE and
CFG_RISCV_SBI, since we are using "ecall" to trap into M-mode secure
monitor.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Apply mask/unmask exceptions when operating page table

Add missing thread_{mask/unmask}_exceptions() when we operate the page
table. This is referenced from ARM architecture.

Signed-of

core: riscv: Apply mask/unmask exceptions when operating page table

Add missing thread_{mask/unmask}_exceptions() when we operate the page
table. This is referenced from ARM architecture.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Apply STATUS helper for RPC resume

Since RPC resume is a kind of exception return, we invoke
xstatus_for_xret() to prepare the CSR STATUS for exception return. But
the actual value of S

core: riscv: Apply STATUS helper for RPC resume

Since RPC resume is a kind of exception return, we invoke
xstatus_for_xret() to prepare the CSR STATUS for exception return. But
the actual value of STATUS when calling thread_rpc() is still saved in
stack. This is to unify the behavior between RPC suspend and resume.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Apply exception return to handle_user_mode_panic()

Now thread_exit_user_mode() executes exception return to kernel mode.
Invoke xstatus_for_xret() helper function to prepare CSR STATUS

core: riscv: Apply exception return to handle_user_mode_panic()

Now thread_exit_user_mode() executes exception return to kernel mode.
Invoke xstatus_for_xret() helper function to prepare CSR STATUS for
exception return.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Refine thread trap handler

In order to support SMP, we made change on CSR SCRATCH from kernel stack
pointer to be kernel TP(thread_core_local). So that we can get TP from
SCRATCH easily

core: riscv: Refine thread trap handler

In order to support SMP, we made change on CSR SCRATCH from kernel stack
pointer to be kernel TP(thread_core_local). So that we can get TP from
SCRATCH easily in trap handler when the thread is in user mode. We also
save/restore CSR IE, kernel GP and SP so that we can handle task
migration to another hart.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Refine thread enter/exit user mode

Now when thread is in user mode, the kernel TP is saved into CSR SCRATCH
instead of into kernel stack. The IE is also considered since it
contains mas

core: riscv: Refine thread enter/exit user mode

Now when thread is in user mode, the kernel TP is saved into CSR SCRATCH
instead of into kernel stack. The IE is also considered since it
contains masks of different exceptions.

Apply exception return to thread_exit_user_mode() to let hart correctly
back to kernel mode from exception.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Apply exception return to resume thread

In current implementation, the thread is resumed by function return. It
is not suitable for all scenarios, especially when the thread should be
r

core: riscv: Apply exception return to resume thread

In current implementation, the thread is resumed by function return. It
is not suitable for all scenarios, especially when the thread should be
resumed to user mode. The kernel mode can not return to user mode by
pure function return.

This commit applies exception return to resume the thread. The EPC and
IE are added into thread context. The xstatus_for_xret() helper function
is added to prepare the value of CSR STATUS for exception return.
Currently we only consider PIE(previous interrupt-enable) and
PP(previous privilege mode) for exception return.

We clear thread context when the context is reinitialized, enable native
interrupt, and setup kernel GP/TP. The thread_resume() now takes care of
restoring CSR EPC, STATUS, IE, SCRATCH and all general-purpose
registers. Finally it executes exception return to target privilege mode
encoded in CSR STATUS. The registers GP and TP are also restored since
user mode may use them.

This commit also modify the usage of CSR SCRATCH. In current
implementation the SCRATCH is used to save kernel stack pointer when the
thread is in user mode. The value of TP, which stores thread_core_local
structure, is saved into kernel stack before entering user mode. The
trap handler can then get TP(thread_core_local) from kernel stack. This
is not suitable for SMP system, since the thread might be resumed to
another core, and that core gets wrong TP from kernel stack. Fix it by
directly storing TP into CSR SCRATCH.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: kernel: factorize delay and timeout implementation

Factorize RISC-V and Arm architectures implementation of delay and
timeout API functions into generic core kernel source directory.

Architec

core: kernel: factorize delay and timeout implementation

Factorize RISC-V and Arm architectures implementation of delay and
timeout API functions into generic core kernel source directory.

Architecture or platform only need to implement timer tick count
read function delay_cnt_read() and timer tick frequency (in Hertz)
delay_cnt_freq() which is related to CFG_CORE_HAS_GENERIC_TIMER support.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: force enable of CFG_CORE_HAS_GENERIC_TIMER

Ensure CFG_CORE_HAS_GENERIC_TIMER is enabled for RISC-V architecture
since the current implementation provides the necessary routines
in delay

core: riscv: force enable of CFG_CORE_HAS_GENERIC_TIMER

Ensure CFG_CORE_HAS_GENERIC_TIMER is enabled for RISC-V architecture
since the current implementation provides the necessary routines
in delay_arch.h outside any configuration switch directive. This change
clarifies riscv based platforms configuration that previously depended
on CFG_CORE_HAS_GENERIC_TIMER default enabling from mk/config.mk.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

riscv: sbi_console: prefer SBI v2.0 DBCN ecall over legacy sbi_console_putchar()

As the legacy sbi_console_putchar() may be deprecated in the future,
it is recommended to use sbi_dbcn_write_byte() p

riscv: sbi_console: prefer SBI v2.0 DBCN ecall over legacy sbi_console_putchar()

As the legacy sbi_console_putchar() may be deprecated in the future,
it is recommended to use sbi_dbcn_write_byte() provided by SBI v2.0
DBCN extension [1]. However, if the DBCN extension is not supported,
sbi_console_putchar() can still be used as the last resort.

Link: https://github.com/riscv-non-isa/riscv-sbi-doc/blob/v2.0/src/ext-debug-console.adoc#function-console-write-byte-fid-2 [1]
Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

riscv: sbi_console: remove unused sbi_console_flush()

sbi_console_flush() won't be implemented, remove the empty function.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Al

riscv: sbi_console: remove unused sbi_console_flush()

sbi_console_flush() won't be implemented, remove the empty function.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

riscv: sbi_console: remove global spinlock

sbi_console_putc() has been protected by puts_lock, so
remove the superfluous spinlock.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewe

riscv: sbi_console: remove global spinlock

sbi_console_putc() has been protected by puts_lock, so
remove the superfluous spinlock.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

riscv: sbi_console: remove unneeded #ifdef CFG_RISCV_SBI_CONSOLE

sbi_console.c has been assigned conditionally based on
CFG_RISCV_SBI_CONSOLE in sub.mk. Remove the #ifdef preprocessor
directive.

Si

riscv: sbi_console: remove unneeded #ifdef CFG_RISCV_SBI_CONSOLE

sbi_console.c has been assigned conditionally based on
CFG_RISCV_SBI_CONSOLE in sub.mk. Remove the #ifdef preprocessor
directive.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...