1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2016, 2022 Linaro Limited 4 * Copyright (c) 2014, STMicroelectronics International N.V. 5 * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. 6 */ 7 8 #include <assert.h> 9 #include <config.h> 10 #include <kernel/boot.h> 11 #include <kernel/dt.h> 12 #include <kernel/linker.h> 13 #include <kernel/panic.h> 14 #include <kernel/spinlock.h> 15 #include <kernel/tee_l2cc_mutex.h> 16 #include <kernel/tee_misc.h> 17 #include <kernel/tlb_helpers.h> 18 #include <kernel/user_mode_ctx.h> 19 #include <kernel/virtualization.h> 20 #include <libfdt.h> 21 #include <memtag.h> 22 #include <mm/core_memprot.h> 23 #include <mm/core_mmu.h> 24 #include <mm/mobj.h> 25 #include <mm/pgt_cache.h> 26 #include <mm/tee_pager.h> 27 #include <mm/vm.h> 28 #include <platform_config.h> 29 #include <stdalign.h> 30 #include <string.h> 31 #include <trace.h> 32 #include <util.h> 33 34 #ifndef DEBUG_XLAT_TABLE 35 #define DEBUG_XLAT_TABLE 0 36 #endif 37 38 #define SHM_VASPACE_SIZE (1024 * 1024 * 32) 39 40 /* Physical Secure DDR pool */ 41 tee_mm_pool_t tee_mm_sec_ddr; 42 43 /* Virtual memory pool for core mappings */ 44 tee_mm_pool_t core_virt_mem_pool; 45 46 /* Virtual memory pool for shared memory mappings */ 47 tee_mm_pool_t core_virt_shm_pool; 48 49 #ifdef CFG_CORE_PHYS_RELOCATABLE 50 unsigned long core_mmu_tee_load_pa __nex_bss; 51 #else 52 const unsigned long core_mmu_tee_load_pa = TEE_LOAD_ADDR; 53 #endif 54 55 /* 56 * These variables are initialized before .bss is cleared. To avoid 57 * resetting them when .bss is cleared we're storing them in .data instead, 58 * even if they initially are zero. 59 */ 60 61 #ifdef CFG_CORE_RESERVED_SHM 62 /* Default NSec shared memory allocated from NSec world */ 63 unsigned long default_nsec_shm_size __nex_bss; 64 unsigned long default_nsec_shm_paddr __nex_bss; 65 #endif 66 67 static struct tee_mmap_region static_mmap_regions[CFG_MMAP_REGIONS 68 #if defined(CFG_CORE_ASLR) || defined(CFG_CORE_PHYS_RELOCATABLE) 69 + 1 70 #endif 71 + 1] __nex_bss; 72 static struct memory_map static_memory_map __nex_data = { 73 .map = static_mmap_regions, 74 .alloc_count = ARRAY_SIZE(static_mmap_regions), 75 }; 76 77 /* Define the platform's memory layout. */ 78 struct memaccess_area { 79 paddr_t paddr; 80 size_t size; 81 }; 82 83 #define MEMACCESS_AREA(a, s) { .paddr = a, .size = s } 84 85 static struct memaccess_area secure_only[] __nex_data = { 86 #ifdef CFG_CORE_PHYS_RELOCATABLE 87 MEMACCESS_AREA(0, 0), 88 #else 89 #ifdef TRUSTED_SRAM_BASE 90 MEMACCESS_AREA(TRUSTED_SRAM_BASE, TRUSTED_SRAM_SIZE), 91 #endif 92 MEMACCESS_AREA(TRUSTED_DRAM_BASE, TRUSTED_DRAM_SIZE), 93 #endif 94 }; 95 96 static struct memaccess_area nsec_shared[] __nex_data = { 97 #ifdef CFG_CORE_RESERVED_SHM 98 MEMACCESS_AREA(TEE_SHMEM_START, TEE_SHMEM_SIZE), 99 #endif 100 }; 101 102 #if defined(CFG_SECURE_DATA_PATH) 103 static const char *tz_sdp_match = "linaro,secure-heap"; 104 static struct memaccess_area sec_sdp; 105 #ifdef CFG_TEE_SDP_MEM_BASE 106 register_sdp_mem(CFG_TEE_SDP_MEM_BASE, CFG_TEE_SDP_MEM_SIZE); 107 #endif 108 #ifdef TEE_SDP_TEST_MEM_BASE 109 register_sdp_mem(TEE_SDP_TEST_MEM_BASE, TEE_SDP_TEST_MEM_SIZE); 110 #endif 111 #endif 112 113 #ifdef CFG_CORE_RESERVED_SHM 114 register_phys_mem(MEM_AREA_NSEC_SHM, TEE_SHMEM_START, TEE_SHMEM_SIZE); 115 #endif 116 static unsigned int mmu_spinlock; 117 118 static uint32_t mmu_lock(void) 119 { 120 return cpu_spin_lock_xsave(&mmu_spinlock); 121 } 122 123 static void mmu_unlock(uint32_t exceptions) 124 { 125 cpu_spin_unlock_xrestore(&mmu_spinlock, exceptions); 126 } 127 128 static void grow_mem_map(struct memory_map *mem_map) 129 { 130 if (mem_map->count == mem_map->alloc_count) { 131 EMSG("Out of entries (%zu) in mem_map", mem_map->alloc_count); 132 panic(); 133 } 134 mem_map->count++; 135 } 136 137 void core_mmu_get_secure_memory(paddr_t *base, paddr_size_t *size) 138 { 139 /* 140 * The first range is always used to cover OP-TEE core memory, but 141 * depending on configuration it may cover more than that. 142 */ 143 *base = secure_only[0].paddr; 144 *size = secure_only[0].size; 145 } 146 147 void core_mmu_set_secure_memory(paddr_t base, size_t size) 148 { 149 #ifdef CFG_CORE_PHYS_RELOCATABLE 150 static_assert(ARRAY_SIZE(secure_only) == 1); 151 #endif 152 runtime_assert(IS_ENABLED(CFG_CORE_PHYS_RELOCATABLE)); 153 assert(!secure_only[0].size); 154 assert(base && size); 155 156 DMSG("Physical secure memory base %#"PRIxPA" size %#zx", base, size); 157 secure_only[0].paddr = base; 158 secure_only[0].size = size; 159 } 160 161 void core_mmu_get_ta_range(paddr_t *base, size_t *size) 162 { 163 paddr_t b = 0; 164 size_t s = 0; 165 166 static_assert(!(TEE_RAM_VA_SIZE % SMALL_PAGE_SIZE)); 167 #ifdef TA_RAM_START 168 b = TA_RAM_START; 169 s = TA_RAM_SIZE; 170 #else 171 static_assert(ARRAY_SIZE(secure_only) <= 2); 172 if (ARRAY_SIZE(secure_only) == 1) { 173 vaddr_t load_offs = 0; 174 175 assert(core_mmu_tee_load_pa >= secure_only[0].paddr); 176 load_offs = core_mmu_tee_load_pa - secure_only[0].paddr; 177 178 assert(secure_only[0].size > 179 load_offs + TEE_RAM_VA_SIZE + TEE_SDP_TEST_MEM_SIZE); 180 b = secure_only[0].paddr + load_offs + TEE_RAM_VA_SIZE; 181 s = secure_only[0].size - load_offs - TEE_RAM_VA_SIZE - 182 TEE_SDP_TEST_MEM_SIZE; 183 } else { 184 assert(secure_only[1].size > TEE_SDP_TEST_MEM_SIZE); 185 b = secure_only[1].paddr; 186 s = secure_only[1].size - TEE_SDP_TEST_MEM_SIZE; 187 } 188 #endif 189 if (base) 190 *base = b; 191 if (size) 192 *size = s; 193 } 194 195 static struct memory_map *get_memory_map(void) 196 { 197 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 198 struct memory_map *map = virt_get_memory_map(); 199 200 if (map) 201 return map; 202 } 203 204 return &static_memory_map; 205 } 206 207 static bool _pbuf_intersects(struct memaccess_area *a, size_t alen, 208 paddr_t pa, size_t size) 209 { 210 size_t n; 211 212 for (n = 0; n < alen; n++) 213 if (core_is_buffer_intersect(pa, size, a[n].paddr, a[n].size)) 214 return true; 215 return false; 216 } 217 218 #define pbuf_intersects(a, pa, size) \ 219 _pbuf_intersects((a), ARRAY_SIZE(a), (pa), (size)) 220 221 static bool _pbuf_is_inside(struct memaccess_area *a, size_t alen, 222 paddr_t pa, size_t size) 223 { 224 size_t n; 225 226 for (n = 0; n < alen; n++) 227 if (core_is_buffer_inside(pa, size, a[n].paddr, a[n].size)) 228 return true; 229 return false; 230 } 231 232 #define pbuf_is_inside(a, pa, size) \ 233 _pbuf_is_inside((a), ARRAY_SIZE(a), (pa), (size)) 234 235 static bool pa_is_in_map(struct tee_mmap_region *map, paddr_t pa, size_t len) 236 { 237 paddr_t end_pa = 0; 238 239 if (!map) 240 return false; 241 242 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 243 return false; 244 245 return (pa >= map->pa && end_pa <= map->pa + map->size - 1); 246 } 247 248 static bool va_is_in_map(struct tee_mmap_region *map, vaddr_t va) 249 { 250 if (!map) 251 return false; 252 return (va >= map->va && va <= (map->va + map->size - 1)); 253 } 254 255 /* check if target buffer fits in a core default map area */ 256 static bool pbuf_inside_map_area(unsigned long p, size_t l, 257 struct tee_mmap_region *map) 258 { 259 return core_is_buffer_inside(p, l, map->pa, map->size); 260 } 261 262 TEE_Result core_mmu_for_each_map(void *ptr, 263 TEE_Result (*fn)(struct tee_mmap_region *map, 264 void *ptr)) 265 { 266 struct memory_map *mem_map = get_memory_map(); 267 TEE_Result res = TEE_SUCCESS; 268 size_t n = 0; 269 270 for (n = 0; n < mem_map->count; n++) { 271 res = fn(mem_map->map + n, ptr); 272 if (res) 273 return res; 274 } 275 276 return TEE_SUCCESS; 277 } 278 279 static struct tee_mmap_region *find_map_by_type(enum teecore_memtypes type) 280 { 281 struct memory_map *mem_map = get_memory_map(); 282 size_t n = 0; 283 284 for (n = 0; n < mem_map->count; n++) { 285 if (mem_map->map[n].type == type) 286 return mem_map->map + n; 287 } 288 return NULL; 289 } 290 291 static struct tee_mmap_region * 292 find_map_by_type_and_pa(enum teecore_memtypes type, paddr_t pa, size_t len) 293 { 294 struct memory_map *mem_map = get_memory_map(); 295 size_t n = 0; 296 297 for (n = 0; n < mem_map->count; n++) { 298 if (mem_map->map[n].type != type) 299 continue; 300 if (pa_is_in_map(mem_map->map + n, pa, len)) 301 return mem_map->map + n; 302 } 303 return NULL; 304 } 305 306 static struct tee_mmap_region *find_map_by_va(void *va) 307 { 308 struct memory_map *mem_map = get_memory_map(); 309 vaddr_t a = (vaddr_t)va; 310 size_t n = 0; 311 312 for (n = 0; n < mem_map->count; n++) { 313 if (a >= mem_map->map[n].va && 314 a <= (mem_map->map[n].va - 1 + mem_map->map[n].size)) 315 return mem_map->map + n; 316 } 317 318 return NULL; 319 } 320 321 static struct tee_mmap_region *find_map_by_pa(unsigned long pa) 322 { 323 struct memory_map *mem_map = get_memory_map(); 324 size_t n = 0; 325 326 for (n = 0; n < mem_map->count; n++) { 327 /* Skip unmapped regions */ 328 if ((mem_map->map[n].attr & TEE_MATTR_VALID_BLOCK) && 329 pa >= mem_map->map[n].pa && 330 pa <= (mem_map->map[n].pa - 1 + mem_map->map[n].size)) 331 return mem_map->map + n; 332 } 333 334 return NULL; 335 } 336 337 #if defined(CFG_SECURE_DATA_PATH) 338 static bool dtb_get_sdp_region(void) 339 { 340 void *fdt = NULL; 341 int node = 0; 342 int tmp_node = 0; 343 paddr_t tmp_addr = 0; 344 size_t tmp_size = 0; 345 346 if (!IS_ENABLED(CFG_EMBED_DTB)) 347 return false; 348 349 fdt = get_embedded_dt(); 350 if (!fdt) 351 panic("No DTB found"); 352 353 node = fdt_node_offset_by_compatible(fdt, -1, tz_sdp_match); 354 if (node < 0) { 355 DMSG("No %s compatible node found", tz_sdp_match); 356 return false; 357 } 358 tmp_node = node; 359 while (tmp_node >= 0) { 360 tmp_node = fdt_node_offset_by_compatible(fdt, tmp_node, 361 tz_sdp_match); 362 if (tmp_node >= 0) 363 DMSG("Ignore SDP pool node %s, supports only 1 node", 364 fdt_get_name(fdt, tmp_node, NULL)); 365 } 366 367 tmp_addr = fdt_reg_base_address(fdt, node); 368 if (tmp_addr == DT_INFO_INVALID_REG) { 369 EMSG("%s: Unable to get base addr from DT", tz_sdp_match); 370 return false; 371 } 372 373 tmp_size = fdt_reg_size(fdt, node); 374 if (tmp_size == DT_INFO_INVALID_REG_SIZE) { 375 EMSG("%s: Unable to get size of base addr from DT", 376 tz_sdp_match); 377 return false; 378 } 379 380 sec_sdp.paddr = tmp_addr; 381 sec_sdp.size = tmp_size; 382 383 return true; 384 } 385 #endif 386 387 #if defined(CFG_CORE_DYN_SHM) || defined(CFG_SECURE_DATA_PATH) 388 static bool pbuf_is_special_mem(paddr_t pbuf, size_t len, 389 const struct core_mmu_phys_mem *start, 390 const struct core_mmu_phys_mem *end) 391 { 392 const struct core_mmu_phys_mem *mem; 393 394 for (mem = start; mem < end; mem++) { 395 if (core_is_buffer_inside(pbuf, len, mem->addr, mem->size)) 396 return true; 397 } 398 399 return false; 400 } 401 #endif 402 403 #ifdef CFG_CORE_DYN_SHM 404 static void carve_out_phys_mem(struct core_mmu_phys_mem **mem, size_t *nelems, 405 paddr_t pa, size_t size) 406 { 407 struct core_mmu_phys_mem *m = *mem; 408 size_t n = 0; 409 410 while (true) { 411 if (n >= *nelems) { 412 DMSG("No need to carve out %#" PRIxPA " size %#zx", 413 pa, size); 414 return; 415 } 416 if (core_is_buffer_inside(pa, size, m[n].addr, m[n].size)) 417 break; 418 if (!core_is_buffer_outside(pa, size, m[n].addr, m[n].size)) 419 panic(); 420 n++; 421 } 422 423 if (pa == m[n].addr && size == m[n].size) { 424 /* Remove this entry */ 425 (*nelems)--; 426 memmove(m + n, m + n + 1, sizeof(*m) * (*nelems - n)); 427 m = nex_realloc(m, sizeof(*m) * *nelems); 428 if (!m) 429 panic(); 430 *mem = m; 431 } else if (pa == m[n].addr) { 432 m[n].addr += size; 433 m[n].size -= size; 434 } else if ((pa + size) == (m[n].addr + m[n].size)) { 435 m[n].size -= size; 436 } else { 437 /* Need to split the memory entry */ 438 m = nex_realloc(m, sizeof(*m) * (*nelems + 1)); 439 if (!m) 440 panic(); 441 *mem = m; 442 memmove(m + n + 1, m + n, sizeof(*m) * (*nelems - n)); 443 (*nelems)++; 444 m[n].size = pa - m[n].addr; 445 m[n + 1].size -= size + m[n].size; 446 m[n + 1].addr = pa + size; 447 } 448 } 449 450 static void check_phys_mem_is_outside(struct core_mmu_phys_mem *start, 451 size_t nelems, 452 struct tee_mmap_region *map) 453 { 454 size_t n; 455 456 for (n = 0; n < nelems; n++) { 457 if (!core_is_buffer_outside(start[n].addr, start[n].size, 458 map->pa, map->size)) { 459 EMSG("Non-sec mem (%#" PRIxPA ":%#" PRIxPASZ 460 ") overlaps map (type %d %#" PRIxPA ":%#zx)", 461 start[n].addr, start[n].size, 462 map->type, map->pa, map->size); 463 panic(); 464 } 465 } 466 } 467 468 static const struct core_mmu_phys_mem *discovered_nsec_ddr_start __nex_bss; 469 static size_t discovered_nsec_ddr_nelems __nex_bss; 470 471 static int cmp_pmem_by_addr(const void *a, const void *b) 472 { 473 const struct core_mmu_phys_mem *pmem_a = a; 474 const struct core_mmu_phys_mem *pmem_b = b; 475 476 return CMP_TRILEAN(pmem_a->addr, pmem_b->addr); 477 } 478 479 void core_mmu_set_discovered_nsec_ddr(struct core_mmu_phys_mem *start, 480 size_t nelems) 481 { 482 struct core_mmu_phys_mem *m = start; 483 size_t num_elems = nelems; 484 struct memory_map *mem_map = &static_memory_map; 485 const struct core_mmu_phys_mem __maybe_unused *pmem; 486 size_t n = 0; 487 488 assert(!discovered_nsec_ddr_start); 489 assert(m && num_elems); 490 491 qsort(m, num_elems, sizeof(*m), cmp_pmem_by_addr); 492 493 /* 494 * Non-secure shared memory and also secure data 495 * path memory are supposed to reside inside 496 * non-secure memory. Since NSEC_SHM and SDP_MEM 497 * are used for a specific purpose make holes for 498 * those memory in the normal non-secure memory. 499 * 500 * This has to be done since for instance QEMU 501 * isn't aware of which memory range in the 502 * non-secure memory is used for NSEC_SHM. 503 */ 504 505 #ifdef CFG_SECURE_DATA_PATH 506 if (dtb_get_sdp_region()) 507 carve_out_phys_mem(&m, &num_elems, sec_sdp.paddr, sec_sdp.size); 508 509 for (pmem = phys_sdp_mem_begin; pmem < phys_sdp_mem_end; pmem++) 510 carve_out_phys_mem(&m, &num_elems, pmem->addr, pmem->size); 511 #endif 512 513 for (n = 0; n < ARRAY_SIZE(secure_only); n++) 514 carve_out_phys_mem(&m, &num_elems, secure_only[n].paddr, 515 secure_only[n].size); 516 517 for (n = 0; n < mem_map->count; n++) { 518 switch (mem_map->map[n].type) { 519 case MEM_AREA_NSEC_SHM: 520 carve_out_phys_mem(&m, &num_elems, mem_map->map[n].pa, 521 mem_map->map[n].size); 522 break; 523 case MEM_AREA_EXT_DT: 524 case MEM_AREA_MANIFEST_DT: 525 case MEM_AREA_RAM_NSEC: 526 case MEM_AREA_RES_VASPACE: 527 case MEM_AREA_SHM_VASPACE: 528 case MEM_AREA_TS_VASPACE: 529 case MEM_AREA_PAGER_VASPACE: 530 break; 531 default: 532 check_phys_mem_is_outside(m, num_elems, 533 mem_map->map + n); 534 } 535 } 536 537 discovered_nsec_ddr_start = m; 538 discovered_nsec_ddr_nelems = num_elems; 539 540 if (!core_mmu_check_end_pa(m[num_elems - 1].addr, 541 m[num_elems - 1].size)) 542 panic(); 543 } 544 545 static bool get_discovered_nsec_ddr(const struct core_mmu_phys_mem **start, 546 const struct core_mmu_phys_mem **end) 547 { 548 if (!discovered_nsec_ddr_start) 549 return false; 550 551 *start = discovered_nsec_ddr_start; 552 *end = discovered_nsec_ddr_start + discovered_nsec_ddr_nelems; 553 554 return true; 555 } 556 557 static bool pbuf_is_nsec_ddr(paddr_t pbuf, size_t len) 558 { 559 const struct core_mmu_phys_mem *start; 560 const struct core_mmu_phys_mem *end; 561 562 if (!get_discovered_nsec_ddr(&start, &end)) 563 return false; 564 565 return pbuf_is_special_mem(pbuf, len, start, end); 566 } 567 568 bool core_mmu_nsec_ddr_is_defined(void) 569 { 570 const struct core_mmu_phys_mem *start; 571 const struct core_mmu_phys_mem *end; 572 573 if (!get_discovered_nsec_ddr(&start, &end)) 574 return false; 575 576 return start != end; 577 } 578 #else 579 static bool pbuf_is_nsec_ddr(paddr_t pbuf __unused, size_t len __unused) 580 { 581 return false; 582 } 583 #endif /*CFG_CORE_DYN_SHM*/ 584 585 #define MSG_MEM_INSTERSECT(pa1, sz1, pa2, sz2) \ 586 EMSG("[%" PRIxPA " %" PRIx64 "] intersects [%" PRIxPA " %" PRIx64 "]", \ 587 pa1, (uint64_t)pa1 + (sz1), pa2, (uint64_t)pa2 + (sz2)) 588 589 #ifdef CFG_SECURE_DATA_PATH 590 static bool pbuf_is_sdp_mem(paddr_t pbuf, size_t len) 591 { 592 bool is_sdp_mem = false; 593 594 if (sec_sdp.size) 595 is_sdp_mem = core_is_buffer_inside(pbuf, len, sec_sdp.paddr, 596 sec_sdp.size); 597 598 if (!is_sdp_mem) 599 is_sdp_mem = pbuf_is_special_mem(pbuf, len, phys_sdp_mem_begin, 600 phys_sdp_mem_end); 601 602 return is_sdp_mem; 603 } 604 605 static struct mobj *core_sdp_mem_alloc_mobj(paddr_t pa, size_t size) 606 { 607 struct mobj *mobj = mobj_phys_alloc(pa, size, TEE_MATTR_MEM_TYPE_CACHED, 608 CORE_MEM_SDP_MEM); 609 610 if (!mobj) 611 panic("can't create SDP physical memory object"); 612 613 return mobj; 614 } 615 616 struct mobj **core_sdp_mem_create_mobjs(void) 617 { 618 const struct core_mmu_phys_mem *mem = NULL; 619 struct mobj **mobj_base = NULL; 620 struct mobj **mobj = NULL; 621 int cnt = phys_sdp_mem_end - phys_sdp_mem_begin; 622 623 if (sec_sdp.size) 624 cnt++; 625 626 /* SDP mobjs table must end with a NULL entry */ 627 mobj_base = calloc(cnt + 1, sizeof(struct mobj *)); 628 if (!mobj_base) 629 panic("Out of memory"); 630 631 mobj = mobj_base; 632 633 for (mem = phys_sdp_mem_begin; mem < phys_sdp_mem_end; mem++, mobj++) 634 *mobj = core_sdp_mem_alloc_mobj(mem->addr, mem->size); 635 636 if (sec_sdp.size) 637 *mobj = core_sdp_mem_alloc_mobj(sec_sdp.paddr, sec_sdp.size); 638 639 return mobj_base; 640 } 641 642 #else /* CFG_SECURE_DATA_PATH */ 643 static bool pbuf_is_sdp_mem(paddr_t pbuf __unused, size_t len __unused) 644 { 645 return false; 646 } 647 648 #endif /* CFG_SECURE_DATA_PATH */ 649 650 /* Check special memories comply with registered memories */ 651 static void verify_special_mem_areas(struct memory_map *mem_map, 652 const struct core_mmu_phys_mem *start, 653 const struct core_mmu_phys_mem *end, 654 const char *area_name __maybe_unused) 655 { 656 const struct core_mmu_phys_mem *mem = NULL; 657 const struct core_mmu_phys_mem *mem2 = NULL; 658 size_t n = 0; 659 660 if (start == end) { 661 DMSG("No %s memory area defined", area_name); 662 return; 663 } 664 665 for (mem = start; mem < end; mem++) 666 DMSG("%s memory [%" PRIxPA " %" PRIx64 "]", 667 area_name, mem->addr, (uint64_t)mem->addr + mem->size); 668 669 /* Check memories do not intersect each other */ 670 for (mem = start; mem + 1 < end; mem++) { 671 for (mem2 = mem + 1; mem2 < end; mem2++) { 672 if (core_is_buffer_intersect(mem2->addr, mem2->size, 673 mem->addr, mem->size)) { 674 MSG_MEM_INSTERSECT(mem2->addr, mem2->size, 675 mem->addr, mem->size); 676 panic("Special memory intersection"); 677 } 678 } 679 } 680 681 /* 682 * Check memories do not intersect any mapped memory. 683 * This is called before reserved VA space is loaded in mem_map. 684 */ 685 for (mem = start; mem < end; mem++) { 686 for (n = 0; n < mem_map->count; n++) { 687 if (core_is_buffer_intersect(mem->addr, mem->size, 688 mem_map->map[n].pa, 689 mem_map->map[n].size)) { 690 MSG_MEM_INSTERSECT(mem->addr, mem->size, 691 mem_map->map[n].pa, 692 mem_map->map[n].size); 693 panic("Special memory intersection"); 694 } 695 } 696 } 697 } 698 699 static void merge_mmaps(struct tee_mmap_region *dst, 700 const struct tee_mmap_region *src) 701 { 702 paddr_t end_pa = MAX(dst->pa + dst->size - 1, src->pa + src->size - 1); 703 paddr_t pa = MIN(dst->pa, src->pa); 704 705 DMSG("Merging %#"PRIxPA"..%#"PRIxPA" and %#"PRIxPA"..%#"PRIxPA, 706 dst->pa, dst->pa + dst->size - 1, src->pa, 707 src->pa + src->size - 1); 708 dst->pa = pa; 709 dst->size = end_pa - pa + 1; 710 } 711 712 static bool mmaps_are_mergeable(const struct tee_mmap_region *r1, 713 const struct tee_mmap_region *r2) 714 { 715 if (r1->type != r2->type) 716 return false; 717 718 if (r1->pa == r2->pa) 719 return true; 720 721 if (r1->pa < r2->pa) 722 return r1->pa + r1->size >= r2->pa; 723 else 724 return r2->pa + r2->size >= r1->pa; 725 } 726 727 static void add_phys_mem(struct memory_map *mem_map, 728 const char *mem_name __maybe_unused, 729 enum teecore_memtypes mem_type, 730 paddr_t mem_addr, paddr_size_t mem_size) 731 { 732 size_t n = 0; 733 const struct tee_mmap_region m0 = { 734 .type = mem_type, 735 .pa = mem_addr, 736 .size = mem_size, 737 }; 738 739 if (!mem_size) /* Discard null size entries */ 740 return; 741 742 /* 743 * If some ranges of memory of the same type do overlap 744 * each others they are coalesced into one entry. To help this 745 * added entries are sorted by increasing physical. 746 * 747 * Note that it's valid to have the same physical memory as several 748 * different memory types, for instance the same device memory 749 * mapped as both secure and non-secure. This will probably not 750 * happen often in practice. 751 */ 752 DMSG("%s type %s 0x%08" PRIxPA " size 0x%08" PRIxPASZ, 753 mem_name, teecore_memtype_name(mem_type), mem_addr, mem_size); 754 for (n = 0; n < mem_map->count; n++) { 755 if (mmaps_are_mergeable(mem_map->map + n, &m0)) { 756 merge_mmaps(mem_map->map + n, &m0); 757 /* 758 * The merged result might be mergeable with the 759 * next or previous entry. 760 */ 761 if (n + 1 < mem_map->count && 762 mmaps_are_mergeable(mem_map->map + n, 763 mem_map->map + n + 1)) { 764 merge_mmaps(mem_map->map + n, 765 mem_map->map + n + 1); 766 rem_array_elem(mem_map->map, mem_map->count, 767 sizeof(*mem_map->map), n + 1); 768 mem_map->count--; 769 } 770 if (n > 0 && mmaps_are_mergeable(mem_map->map + n - 1, 771 mem_map->map + n)) { 772 merge_mmaps(mem_map->map + n - 1, 773 mem_map->map + n); 774 rem_array_elem(mem_map->map, mem_map->count, 775 sizeof(*mem_map->map), n); 776 mem_map->count--; 777 } 778 return; 779 } 780 if (mem_type < mem_map->map[n].type || 781 (mem_type == mem_map->map[n].type && 782 mem_addr < mem_map->map[n].pa)) 783 break; /* found the spot where to insert this memory */ 784 } 785 786 grow_mem_map(mem_map); 787 ins_array_elem(mem_map->map, mem_map->count, sizeof(*mem_map->map), 788 n, &m0); 789 } 790 791 static void add_va_space(struct memory_map *mem_map, 792 enum teecore_memtypes type, size_t size) 793 { 794 size_t n = 0; 795 796 DMSG("type %s size 0x%08zx", teecore_memtype_name(type), size); 797 for (n = 0; n < mem_map->count; n++) { 798 if (type < mem_map->map[n].type) 799 break; 800 } 801 802 grow_mem_map(mem_map); 803 ins_array_elem(mem_map->map, mem_map->count, sizeof(*mem_map->map), 804 n, NULL); 805 mem_map->map[n] = (struct tee_mmap_region){ 806 .type = type, 807 .size = size, 808 }; 809 } 810 811 uint32_t core_mmu_type_to_attr(enum teecore_memtypes t) 812 { 813 const uint32_t attr = TEE_MATTR_VALID_BLOCK; 814 const uint32_t tagged = TEE_MATTR_MEM_TYPE_TAGGED << 815 TEE_MATTR_MEM_TYPE_SHIFT; 816 const uint32_t cached = TEE_MATTR_MEM_TYPE_CACHED << 817 TEE_MATTR_MEM_TYPE_SHIFT; 818 const uint32_t noncache = TEE_MATTR_MEM_TYPE_DEV << 819 TEE_MATTR_MEM_TYPE_SHIFT; 820 821 switch (t) { 822 case MEM_AREA_TEE_RAM: 823 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | tagged; 824 case MEM_AREA_TEE_RAM_RX: 825 case MEM_AREA_INIT_RAM_RX: 826 case MEM_AREA_IDENTITY_MAP_RX: 827 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRX | tagged; 828 case MEM_AREA_TEE_RAM_RO: 829 case MEM_AREA_INIT_RAM_RO: 830 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | tagged; 831 case MEM_AREA_TEE_RAM_RW: 832 case MEM_AREA_NEX_RAM_RO: /* This has to be r/w during init runtime */ 833 case MEM_AREA_NEX_RAM_RW: 834 case MEM_AREA_TEE_ASAN: 835 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 836 case MEM_AREA_TEE_COHERENT: 837 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | noncache; 838 case MEM_AREA_TA_RAM: 839 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 840 case MEM_AREA_NSEC_SHM: 841 case MEM_AREA_NEX_NSEC_SHM: 842 return attr | TEE_MATTR_PRW | cached; 843 case MEM_AREA_MANIFEST_DT: 844 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | cached; 845 case MEM_AREA_TRANSFER_LIST: 846 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 847 case MEM_AREA_EXT_DT: 848 /* 849 * If CFG_MAP_EXT_DT_SECURE is enabled map the external device 850 * tree as secure non-cached memory, otherwise, fall back to 851 * non-secure mapping. 852 */ 853 if (IS_ENABLED(CFG_MAP_EXT_DT_SECURE)) 854 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | 855 noncache; 856 fallthrough; 857 case MEM_AREA_IO_NSEC: 858 return attr | TEE_MATTR_PRW | noncache; 859 case MEM_AREA_IO_SEC: 860 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | noncache; 861 case MEM_AREA_RAM_NSEC: 862 return attr | TEE_MATTR_PRW | cached; 863 case MEM_AREA_RAM_SEC: 864 case MEM_AREA_SEC_RAM_OVERALL: 865 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 866 case MEM_AREA_ROM_SEC: 867 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | cached; 868 case MEM_AREA_RES_VASPACE: 869 case MEM_AREA_SHM_VASPACE: 870 return 0; 871 case MEM_AREA_PAGER_VASPACE: 872 return TEE_MATTR_SECURE; 873 default: 874 panic("invalid type"); 875 } 876 } 877 878 static bool __maybe_unused map_is_tee_ram(const struct tee_mmap_region *mm) 879 { 880 switch (mm->type) { 881 case MEM_AREA_TEE_RAM: 882 case MEM_AREA_TEE_RAM_RX: 883 case MEM_AREA_TEE_RAM_RO: 884 case MEM_AREA_TEE_RAM_RW: 885 case MEM_AREA_INIT_RAM_RX: 886 case MEM_AREA_INIT_RAM_RO: 887 case MEM_AREA_NEX_RAM_RW: 888 case MEM_AREA_NEX_RAM_RO: 889 case MEM_AREA_TEE_ASAN: 890 return true; 891 default: 892 return false; 893 } 894 } 895 896 static bool __maybe_unused map_is_secure(const struct tee_mmap_region *mm) 897 { 898 return !!(core_mmu_type_to_attr(mm->type) & TEE_MATTR_SECURE); 899 } 900 901 static bool __maybe_unused map_is_pgdir(const struct tee_mmap_region *mm) 902 { 903 return mm->region_size == CORE_MMU_PGDIR_SIZE; 904 } 905 906 static int cmp_mmap_by_lower_va(const void *a, const void *b) 907 { 908 const struct tee_mmap_region *mm_a = a; 909 const struct tee_mmap_region *mm_b = b; 910 911 return CMP_TRILEAN(mm_a->va, mm_b->va); 912 } 913 914 static void dump_mmap_table(struct memory_map *mem_map) 915 { 916 size_t n = 0; 917 918 for (n = 0; n < mem_map->count; n++) { 919 struct tee_mmap_region *map = mem_map->map + n; 920 vaddr_t __maybe_unused vstart; 921 922 vstart = map->va + ((vaddr_t)map->pa & (map->region_size - 1)); 923 DMSG("type %-12s va 0x%08" PRIxVA "..0x%08" PRIxVA 924 " pa 0x%08" PRIxPA "..0x%08" PRIxPA " size 0x%08zx (%s)", 925 teecore_memtype_name(map->type), vstart, 926 vstart + map->size - 1, map->pa, 927 (paddr_t)(map->pa + map->size - 1), map->size, 928 map->region_size == SMALL_PAGE_SIZE ? "smallpg" : "pgdir"); 929 } 930 } 931 932 #if DEBUG_XLAT_TABLE 933 934 static void dump_xlat_table(vaddr_t va, unsigned int level) 935 { 936 struct core_mmu_table_info tbl_info; 937 unsigned int idx = 0; 938 paddr_t pa; 939 uint32_t attr; 940 941 core_mmu_find_table(NULL, va, level, &tbl_info); 942 va = tbl_info.va_base; 943 for (idx = 0; idx < tbl_info.num_entries; idx++) { 944 core_mmu_get_entry(&tbl_info, idx, &pa, &attr); 945 if (attr || level > CORE_MMU_BASE_TABLE_LEVEL) { 946 const char *security_bit = ""; 947 948 if (core_mmu_entry_have_security_bit(attr)) { 949 if (attr & TEE_MATTR_SECURE) 950 security_bit = "S"; 951 else 952 security_bit = "NS"; 953 } 954 955 if (attr & TEE_MATTR_TABLE) { 956 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 957 " TBL:0x%010" PRIxPA " %s", 958 level * 2, "", level, va, pa, 959 security_bit); 960 dump_xlat_table(va, level + 1); 961 } else if (attr) { 962 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 963 " PA:0x%010" PRIxPA " %s-%s-%s-%s", 964 level * 2, "", level, va, pa, 965 mattr_is_cached(attr) ? "MEM" : 966 "DEV", 967 attr & TEE_MATTR_PW ? "RW" : "RO", 968 attr & TEE_MATTR_PX ? "X " : "XN", 969 security_bit); 970 } else { 971 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 972 " INVALID\n", 973 level * 2, "", level, va); 974 } 975 } 976 va += BIT64(tbl_info.shift); 977 } 978 } 979 980 #else 981 982 static void dump_xlat_table(vaddr_t va __unused, int level __unused) 983 { 984 } 985 986 #endif 987 988 /* 989 * Reserves virtual memory space for pager usage. 990 * 991 * From the start of the first memory used by the link script + 992 * TEE_RAM_VA_SIZE should be covered, either with a direct mapping or empty 993 * mapping for pager usage. This adds translation tables as needed for the 994 * pager to operate. 995 */ 996 static void add_pager_vaspace(struct memory_map *mem_map) 997 { 998 paddr_t begin = 0; 999 paddr_t end = 0; 1000 size_t size = 0; 1001 size_t pos = 0; 1002 size_t n = 0; 1003 1004 1005 for (n = 0; n < mem_map->count; n++) { 1006 if (map_is_tee_ram(mem_map->map + n)) { 1007 if (!begin) 1008 begin = mem_map->map[n].pa; 1009 pos = n + 1; 1010 } 1011 } 1012 1013 end = mem_map->map[pos - 1].pa + mem_map->map[pos - 1].size; 1014 assert(end - begin < TEE_RAM_VA_SIZE); 1015 size = TEE_RAM_VA_SIZE - (end - begin); 1016 1017 grow_mem_map(mem_map); 1018 ins_array_elem(mem_map->map, mem_map->count, sizeof(*mem_map->map), 1019 n, NULL); 1020 mem_map->map[n] = (struct tee_mmap_region){ 1021 .type = MEM_AREA_PAGER_VASPACE, 1022 .size = size, 1023 .region_size = SMALL_PAGE_SIZE, 1024 .attr = core_mmu_type_to_attr(MEM_AREA_PAGER_VASPACE), 1025 }; 1026 } 1027 1028 static void check_sec_nsec_mem_config(void) 1029 { 1030 size_t n = 0; 1031 1032 for (n = 0; n < ARRAY_SIZE(secure_only); n++) { 1033 if (pbuf_intersects(nsec_shared, secure_only[n].paddr, 1034 secure_only[n].size)) 1035 panic("Invalid memory access config: sec/nsec"); 1036 } 1037 } 1038 1039 static void collect_device_mem_ranges(struct memory_map *mem_map) 1040 { 1041 const char *compatible = "arm,ffa-manifest-device-regions"; 1042 void *fdt = get_manifest_dt(); 1043 const char *name = NULL; 1044 uint64_t page_count = 0; 1045 uint64_t base = 0; 1046 int subnode = 0; 1047 int node = 0; 1048 1049 assert(fdt); 1050 1051 node = fdt_node_offset_by_compatible(fdt, 0, compatible); 1052 if (node < 0) 1053 return; 1054 1055 fdt_for_each_subnode(subnode, fdt, node) { 1056 name = fdt_get_name(fdt, subnode, NULL); 1057 if (!name) 1058 continue; 1059 1060 if (dt_getprop_as_number(fdt, subnode, "base-address", 1061 &base)) { 1062 EMSG("Mandatory field is missing: base-address"); 1063 continue; 1064 } 1065 1066 if (base & SMALL_PAGE_MASK) { 1067 EMSG("base-address is not page aligned"); 1068 continue; 1069 } 1070 1071 if (dt_getprop_as_number(fdt, subnode, "pages-count", 1072 &page_count)) { 1073 EMSG("Mandatory field is missing: pages-count"); 1074 continue; 1075 } 1076 1077 add_phys_mem(mem_map, name, MEM_AREA_IO_SEC, 1078 base, base + page_count * SMALL_PAGE_SIZE); 1079 } 1080 } 1081 1082 static void collect_mem_ranges(struct memory_map *mem_map) 1083 { 1084 const struct core_mmu_phys_mem *mem = NULL; 1085 vaddr_t ram_start = secure_only[0].paddr; 1086 1087 #define ADD_PHYS_MEM(_type, _addr, _size) \ 1088 add_phys_mem(mem_map, #_addr, (_type), (_addr), (_size)) 1089 1090 if (IS_ENABLED(CFG_CORE_RWDATA_NOEXEC)) { 1091 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RO, ram_start, 1092 VCORE_UNPG_RX_PA - ram_start); 1093 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RX, VCORE_UNPG_RX_PA, 1094 VCORE_UNPG_RX_SZ); 1095 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RO, VCORE_UNPG_RO_PA, 1096 VCORE_UNPG_RO_SZ); 1097 1098 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 1099 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RO, VCORE_UNPG_RW_PA, 1100 VCORE_UNPG_RW_SZ); 1101 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RW, VCORE_NEX_RW_PA, 1102 VCORE_NEX_RW_SZ); 1103 } else { 1104 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RW, VCORE_UNPG_RW_PA, 1105 VCORE_UNPG_RW_SZ); 1106 } 1107 1108 if (IS_ENABLED(CFG_WITH_PAGER)) { 1109 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RX, VCORE_INIT_RX_PA, 1110 VCORE_INIT_RX_SZ); 1111 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RO, VCORE_INIT_RO_PA, 1112 VCORE_INIT_RO_SZ); 1113 } 1114 } else { 1115 ADD_PHYS_MEM(MEM_AREA_TEE_RAM, TEE_RAM_START, TEE_RAM_PH_SIZE); 1116 } 1117 1118 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 1119 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, TRUSTED_DRAM_BASE, 1120 TRUSTED_DRAM_SIZE); 1121 } else { 1122 /* 1123 * Every guest will have own TA RAM if virtualization 1124 * support is enabled. 1125 */ 1126 paddr_t ta_base = 0; 1127 size_t ta_size = 0; 1128 1129 core_mmu_get_ta_range(&ta_base, &ta_size); 1130 ADD_PHYS_MEM(MEM_AREA_TA_RAM, ta_base, ta_size); 1131 } 1132 1133 if (IS_ENABLED(CFG_CORE_SANITIZE_KADDRESS) && 1134 IS_ENABLED(CFG_WITH_PAGER)) { 1135 /* 1136 * Asan ram is part of MEM_AREA_TEE_RAM_RW when pager is 1137 * disabled. 1138 */ 1139 ADD_PHYS_MEM(MEM_AREA_TEE_ASAN, ASAN_MAP_PA, ASAN_MAP_SZ); 1140 } 1141 1142 #undef ADD_PHYS_MEM 1143 1144 /* Collect device memory info from SP manifest */ 1145 if (IS_ENABLED(CFG_CORE_SEL2_SPMC)) 1146 collect_device_mem_ranges(mem_map); 1147 1148 for (mem = phys_mem_map_begin; mem < phys_mem_map_end; mem++) { 1149 /* Only unmapped virtual range may have a null phys addr */ 1150 assert(mem->addr || !core_mmu_type_to_attr(mem->type)); 1151 1152 add_phys_mem(mem_map, mem->name, mem->type, 1153 mem->addr, mem->size); 1154 } 1155 1156 if (IS_ENABLED(CFG_SECURE_DATA_PATH)) 1157 verify_special_mem_areas(mem_map, phys_sdp_mem_begin, 1158 phys_sdp_mem_end, "SDP"); 1159 1160 add_va_space(mem_map, MEM_AREA_RES_VASPACE, CFG_RESERVED_VASPACE_SIZE); 1161 add_va_space(mem_map, MEM_AREA_SHM_VASPACE, SHM_VASPACE_SIZE); 1162 } 1163 1164 static void assign_mem_granularity(struct memory_map *mem_map) 1165 { 1166 size_t n = 0; 1167 1168 /* 1169 * Assign region sizes, note that MEM_AREA_TEE_RAM always uses 1170 * SMALL_PAGE_SIZE. 1171 */ 1172 for (n = 0; n < mem_map->count; n++) { 1173 paddr_t mask = mem_map->map[n].pa | mem_map->map[n].size; 1174 1175 if (!(mask & CORE_MMU_PGDIR_MASK)) 1176 mem_map->map[n].region_size = CORE_MMU_PGDIR_SIZE; 1177 else if (!(mask & SMALL_PAGE_MASK)) 1178 mem_map->map[n].region_size = SMALL_PAGE_SIZE; 1179 else 1180 panic("Impossible memory alignment"); 1181 1182 if (map_is_tee_ram(mem_map->map + n)) 1183 mem_map->map[n].region_size = SMALL_PAGE_SIZE; 1184 } 1185 } 1186 1187 static bool place_tee_ram_at_top(paddr_t paddr) 1188 { 1189 return paddr > BIT64(core_mmu_get_va_width()) / 2; 1190 } 1191 1192 /* 1193 * MMU arch driver shall override this function if it helps 1194 * optimizing the memory footprint of the address translation tables. 1195 */ 1196 bool __weak core_mmu_prefer_tee_ram_at_top(paddr_t paddr) 1197 { 1198 return place_tee_ram_at_top(paddr); 1199 } 1200 1201 static bool assign_mem_va_dir(vaddr_t tee_ram_va, struct memory_map *mem_map, 1202 bool tee_ram_at_top) 1203 { 1204 struct tee_mmap_region *map = NULL; 1205 vaddr_t va = 0; 1206 bool va_is_secure = true; 1207 size_t n = 0; 1208 1209 /* 1210 * tee_ram_va might equals 0 when CFG_CORE_ASLR=y. 1211 * 0 is by design an invalid va, so return false directly. 1212 */ 1213 if (!tee_ram_va) 1214 return false; 1215 1216 /* Clear eventual previous assignments */ 1217 for (n = 0; n < mem_map->count; n++) 1218 mem_map->map[n].va = 0; 1219 1220 /* 1221 * TEE RAM regions are always aligned with region_size. 1222 * 1223 * Note that MEM_AREA_PAGER_VASPACE also counts as TEE RAM here 1224 * since it handles virtual memory which covers the part of the ELF 1225 * that cannot fit directly into memory. 1226 */ 1227 va = tee_ram_va; 1228 for (n = 0; n < mem_map->count; n++) { 1229 map = mem_map->map + n; 1230 if (map_is_tee_ram(map) || 1231 map->type == MEM_AREA_PAGER_VASPACE) { 1232 assert(!(va & (map->region_size - 1))); 1233 assert(!(map->size & (map->region_size - 1))); 1234 map->va = va; 1235 if (ADD_OVERFLOW(va, map->size, &va)) 1236 return false; 1237 if (va >= BIT64(core_mmu_get_va_width())) 1238 return false; 1239 } 1240 } 1241 1242 if (tee_ram_at_top) { 1243 /* 1244 * Map non-tee ram regions at addresses lower than the tee 1245 * ram region. 1246 */ 1247 va = tee_ram_va; 1248 for (n = 0; n < mem_map->count; n++) { 1249 map = mem_map->map + n; 1250 map->attr = core_mmu_type_to_attr(map->type); 1251 if (map->va) 1252 continue; 1253 1254 if (!IS_ENABLED(CFG_WITH_LPAE) && 1255 va_is_secure != map_is_secure(map)) { 1256 va_is_secure = !va_is_secure; 1257 va = ROUNDDOWN(va, CORE_MMU_PGDIR_SIZE); 1258 } 1259 1260 if (SUB_OVERFLOW(va, map->size, &va)) 1261 return false; 1262 va = ROUNDDOWN(va, map->region_size); 1263 /* 1264 * Make sure that va is aligned with pa for 1265 * efficient pgdir mapping. Basically pa & 1266 * pgdir_mask should be == va & pgdir_mask 1267 */ 1268 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1269 if (SUB_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, &va)) 1270 return false; 1271 va += (map->pa - va) & CORE_MMU_PGDIR_MASK; 1272 } 1273 map->va = va; 1274 } 1275 } else { 1276 /* 1277 * Map non-tee ram regions at addresses higher than the tee 1278 * ram region. 1279 */ 1280 for (n = 0; n < mem_map->count; n++) { 1281 map = mem_map->map + n; 1282 map->attr = core_mmu_type_to_attr(map->type); 1283 if (map->va) 1284 continue; 1285 1286 if (!IS_ENABLED(CFG_WITH_LPAE) && 1287 va_is_secure != map_is_secure(map)) { 1288 va_is_secure = !va_is_secure; 1289 if (ROUNDUP_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, 1290 &va)) 1291 return false; 1292 } 1293 1294 if (ROUNDUP_OVERFLOW(va, map->region_size, &va)) 1295 return false; 1296 /* 1297 * Make sure that va is aligned with pa for 1298 * efficient pgdir mapping. Basically pa & 1299 * pgdir_mask should be == va & pgdir_mask 1300 */ 1301 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1302 vaddr_t offs = (map->pa - va) & 1303 CORE_MMU_PGDIR_MASK; 1304 1305 if (ADD_OVERFLOW(va, offs, &va)) 1306 return false; 1307 } 1308 1309 map->va = va; 1310 if (ADD_OVERFLOW(va, map->size, &va)) 1311 return false; 1312 if (va >= BIT64(core_mmu_get_va_width())) 1313 return false; 1314 } 1315 } 1316 1317 return true; 1318 } 1319 1320 static bool assign_mem_va(vaddr_t tee_ram_va, struct memory_map *mem_map) 1321 { 1322 bool tee_ram_at_top = place_tee_ram_at_top(tee_ram_va); 1323 1324 /* 1325 * Check that we're not overlapping with the user VA range. 1326 */ 1327 if (IS_ENABLED(CFG_WITH_LPAE)) { 1328 /* 1329 * User VA range is supposed to be defined after these 1330 * mappings have been established. 1331 */ 1332 assert(!core_mmu_user_va_range_is_defined()); 1333 } else { 1334 vaddr_t user_va_base = 0; 1335 size_t user_va_size = 0; 1336 1337 assert(core_mmu_user_va_range_is_defined()); 1338 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 1339 if (tee_ram_va < (user_va_base + user_va_size)) 1340 return false; 1341 } 1342 1343 if (IS_ENABLED(CFG_WITH_PAGER)) { 1344 bool prefered_dir = core_mmu_prefer_tee_ram_at_top(tee_ram_va); 1345 1346 /* Try whole mapping covered by a single base xlat entry */ 1347 if (prefered_dir != tee_ram_at_top && 1348 assign_mem_va_dir(tee_ram_va, mem_map, prefered_dir)) 1349 return true; 1350 } 1351 1352 return assign_mem_va_dir(tee_ram_va, mem_map, tee_ram_at_top); 1353 } 1354 1355 static int cmp_init_mem_map(const void *a, const void *b) 1356 { 1357 const struct tee_mmap_region *mm_a = a; 1358 const struct tee_mmap_region *mm_b = b; 1359 int rc = 0; 1360 1361 rc = CMP_TRILEAN(mm_a->region_size, mm_b->region_size); 1362 if (!rc) 1363 rc = CMP_TRILEAN(mm_a->pa, mm_b->pa); 1364 /* 1365 * 32bit MMU descriptors cannot mix secure and non-secure mapping in 1366 * the same level2 table. Hence sort secure mapping from non-secure 1367 * mapping. 1368 */ 1369 if (!rc && !IS_ENABLED(CFG_WITH_LPAE)) 1370 rc = CMP_TRILEAN(map_is_secure(mm_a), map_is_secure(mm_b)); 1371 1372 return rc; 1373 } 1374 1375 static bool mem_map_add_id_map(struct memory_map *mem_map, 1376 vaddr_t id_map_start, vaddr_t id_map_end) 1377 { 1378 vaddr_t start = ROUNDDOWN(id_map_start, SMALL_PAGE_SIZE); 1379 vaddr_t end = ROUNDUP(id_map_end, SMALL_PAGE_SIZE); 1380 size_t len = end - start; 1381 size_t n = 0; 1382 1383 1384 for (n = 0; n < mem_map->count; n++) 1385 if (core_is_buffer_intersect(mem_map->map[n].va, 1386 mem_map->map[n].size, start, len)) 1387 return false; 1388 1389 grow_mem_map(mem_map); 1390 mem_map->map[mem_map->count - 1] = (struct tee_mmap_region){ 1391 .type = MEM_AREA_IDENTITY_MAP_RX, 1392 /* 1393 * Could use CORE_MMU_PGDIR_SIZE to potentially save a 1394 * translation table, at the increased risk of clashes with 1395 * the rest of the memory map. 1396 */ 1397 .region_size = SMALL_PAGE_SIZE, 1398 .pa = start, 1399 .va = start, 1400 .size = len, 1401 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1402 }; 1403 1404 return true; 1405 } 1406 1407 static struct memory_map *init_mem_map(struct memory_map *mem_map, 1408 unsigned long seed, 1409 unsigned long *ret_offs) 1410 { 1411 /* 1412 * @id_map_start and @id_map_end describes a physical memory range 1413 * that must be mapped Read-Only eXecutable at identical virtual 1414 * addresses. 1415 */ 1416 vaddr_t id_map_start = (vaddr_t)__identity_map_init_start; 1417 vaddr_t id_map_end = (vaddr_t)__identity_map_init_end; 1418 vaddr_t start_addr = secure_only[0].paddr; 1419 unsigned long offs = 0; 1420 1421 collect_mem_ranges(mem_map); 1422 assign_mem_granularity(mem_map); 1423 1424 /* 1425 * To ease mapping and lower use of xlat tables, sort mapping 1426 * description moving small-page regions after the pgdir regions. 1427 */ 1428 qsort(mem_map->map, mem_map->count, sizeof(struct tee_mmap_region), 1429 cmp_init_mem_map); 1430 1431 if (IS_ENABLED(CFG_WITH_PAGER)) 1432 add_pager_vaspace(mem_map); 1433 1434 if (IS_ENABLED(CFG_CORE_ASLR) && seed) { 1435 vaddr_t base_addr = start_addr + seed; 1436 const unsigned int va_width = core_mmu_get_va_width(); 1437 const vaddr_t va_mask = GENMASK_64(va_width - 1, 1438 SMALL_PAGE_SHIFT); 1439 vaddr_t ba = base_addr; 1440 size_t n = 0; 1441 1442 for (n = 0; n < 3; n++) { 1443 if (n) 1444 ba = base_addr ^ BIT64(va_width - n); 1445 ba &= va_mask; 1446 if (assign_mem_va(ba, mem_map) && 1447 mem_map_add_id_map(mem_map, id_map_start, 1448 id_map_end)) { 1449 offs = ba - start_addr; 1450 DMSG("Mapping core at %#"PRIxVA" offs %#lx", 1451 ba, offs); 1452 goto out; 1453 } else { 1454 DMSG("Failed to map core at %#"PRIxVA, ba); 1455 } 1456 } 1457 EMSG("Failed to map core with seed %#lx", seed); 1458 } 1459 1460 if (!assign_mem_va(start_addr, mem_map)) 1461 panic(); 1462 1463 out: 1464 qsort(mem_map->map, mem_map->count, sizeof(struct tee_mmap_region), 1465 cmp_mmap_by_lower_va); 1466 1467 dump_mmap_table(mem_map); 1468 1469 *ret_offs = offs; 1470 return mem_map; 1471 } 1472 1473 static void check_mem_map(struct memory_map *mem_map) 1474 { 1475 struct tee_mmap_region *m = NULL; 1476 size_t n = 0; 1477 1478 for (n = 0; n < mem_map->count; n++) { 1479 m = mem_map->map + n; 1480 switch (m->type) { 1481 case MEM_AREA_TEE_RAM: 1482 case MEM_AREA_TEE_RAM_RX: 1483 case MEM_AREA_TEE_RAM_RO: 1484 case MEM_AREA_TEE_RAM_RW: 1485 case MEM_AREA_INIT_RAM_RX: 1486 case MEM_AREA_INIT_RAM_RO: 1487 case MEM_AREA_NEX_RAM_RW: 1488 case MEM_AREA_NEX_RAM_RO: 1489 case MEM_AREA_IDENTITY_MAP_RX: 1490 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1491 panic("TEE_RAM can't fit in secure_only"); 1492 break; 1493 case MEM_AREA_TA_RAM: 1494 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1495 panic("TA_RAM can't fit in secure_only"); 1496 break; 1497 case MEM_AREA_NSEC_SHM: 1498 if (!pbuf_is_inside(nsec_shared, m->pa, m->size)) 1499 panic("NS_SHM can't fit in nsec_shared"); 1500 break; 1501 case MEM_AREA_SEC_RAM_OVERALL: 1502 case MEM_AREA_TEE_COHERENT: 1503 case MEM_AREA_TEE_ASAN: 1504 case MEM_AREA_IO_SEC: 1505 case MEM_AREA_IO_NSEC: 1506 case MEM_AREA_EXT_DT: 1507 case MEM_AREA_MANIFEST_DT: 1508 case MEM_AREA_TRANSFER_LIST: 1509 case MEM_AREA_RAM_SEC: 1510 case MEM_AREA_RAM_NSEC: 1511 case MEM_AREA_ROM_SEC: 1512 case MEM_AREA_RES_VASPACE: 1513 case MEM_AREA_SHM_VASPACE: 1514 case MEM_AREA_PAGER_VASPACE: 1515 break; 1516 default: 1517 EMSG("Uhandled memtype %d", m->type); 1518 panic(); 1519 } 1520 } 1521 } 1522 1523 /* 1524 * core_init_mmu_map() - init tee core default memory mapping 1525 * 1526 * This routine sets the static default TEE core mapping. If @seed is > 0 1527 * and configured with CFG_CORE_ASLR it will map tee core at a location 1528 * based on the seed and return the offset from the link address. 1529 * 1530 * If an error happened: core_init_mmu_map is expected to panic. 1531 * 1532 * Note: this function is weak just to make it possible to exclude it from 1533 * the unpaged area. 1534 */ 1535 void __weak core_init_mmu_map(unsigned long seed, struct core_mmu_config *cfg) 1536 { 1537 #ifndef CFG_NS_VIRTUALIZATION 1538 vaddr_t start = ROUNDDOWN((vaddr_t)__nozi_start, SMALL_PAGE_SIZE); 1539 #else 1540 vaddr_t start = ROUNDDOWN((vaddr_t)__vcore_nex_rw_start, 1541 SMALL_PAGE_SIZE); 1542 #endif 1543 vaddr_t len = ROUNDUP((vaddr_t)__nozi_end, SMALL_PAGE_SIZE) - start; 1544 struct tee_mmap_region tmp_mmap_region = { }; 1545 struct memory_map mem_map = { }; 1546 unsigned long offs = 0; 1547 1548 if (IS_ENABLED(CFG_CORE_PHYS_RELOCATABLE) && 1549 (core_mmu_tee_load_pa & SMALL_PAGE_MASK)) 1550 panic("OP-TEE load address is not page aligned"); 1551 1552 check_sec_nsec_mem_config(); 1553 1554 mem_map = static_memory_map; 1555 static_memory_map = (struct memory_map){ 1556 .map = &tmp_mmap_region, 1557 .alloc_count = 1, 1558 .count = 1, 1559 }; 1560 /* 1561 * Add a entry covering the translation tables which will be 1562 * involved in some virt_to_phys() and phys_to_virt() conversions. 1563 */ 1564 static_memory_map.map[0] = (struct tee_mmap_region){ 1565 .type = MEM_AREA_TEE_RAM, 1566 .region_size = SMALL_PAGE_SIZE, 1567 .pa = start, 1568 .va = start, 1569 .size = len, 1570 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1571 }; 1572 1573 init_mem_map(&mem_map, seed, &offs); 1574 1575 check_mem_map(&mem_map); 1576 core_init_mmu(&mem_map); 1577 dump_xlat_table(0x0, CORE_MMU_BASE_TABLE_LEVEL); 1578 core_init_mmu_regs(cfg); 1579 cfg->map_offset = offs; 1580 static_memory_map = mem_map; 1581 } 1582 1583 bool core_mmu_mattr_is_ok(uint32_t mattr) 1584 { 1585 /* 1586 * Keep in sync with core_mmu_lpae.c:mattr_to_desc and 1587 * core_mmu_v7.c:mattr_to_texcb 1588 */ 1589 1590 switch ((mattr >> TEE_MATTR_MEM_TYPE_SHIFT) & TEE_MATTR_MEM_TYPE_MASK) { 1591 case TEE_MATTR_MEM_TYPE_DEV: 1592 case TEE_MATTR_MEM_TYPE_STRONGLY_O: 1593 case TEE_MATTR_MEM_TYPE_CACHED: 1594 case TEE_MATTR_MEM_TYPE_TAGGED: 1595 return true; 1596 default: 1597 return false; 1598 } 1599 } 1600 1601 /* 1602 * test attributes of target physical buffer 1603 * 1604 * Flags: pbuf_is(SECURE, NOT_SECURE, RAM, IOMEM, KEYVAULT). 1605 * 1606 */ 1607 bool core_pbuf_is(uint32_t attr, paddr_t pbuf, size_t len) 1608 { 1609 paddr_t ta_base = 0; 1610 size_t ta_size = 0; 1611 struct tee_mmap_region *map; 1612 1613 /* Empty buffers complies with anything */ 1614 if (len == 0) 1615 return true; 1616 1617 switch (attr) { 1618 case CORE_MEM_SEC: 1619 return pbuf_is_inside(secure_only, pbuf, len); 1620 case CORE_MEM_NON_SEC: 1621 return pbuf_is_inside(nsec_shared, pbuf, len) || 1622 pbuf_is_nsec_ddr(pbuf, len); 1623 case CORE_MEM_TEE_RAM: 1624 return core_is_buffer_inside(pbuf, len, TEE_RAM_START, 1625 TEE_RAM_PH_SIZE); 1626 case CORE_MEM_TA_RAM: 1627 core_mmu_get_ta_range(&ta_base, &ta_size); 1628 return core_is_buffer_inside(pbuf, len, ta_base, ta_size); 1629 #ifdef CFG_CORE_RESERVED_SHM 1630 case CORE_MEM_NSEC_SHM: 1631 return core_is_buffer_inside(pbuf, len, TEE_SHMEM_START, 1632 TEE_SHMEM_SIZE); 1633 #endif 1634 case CORE_MEM_SDP_MEM: 1635 return pbuf_is_sdp_mem(pbuf, len); 1636 case CORE_MEM_CACHED: 1637 map = find_map_by_pa(pbuf); 1638 if (!map || !pbuf_inside_map_area(pbuf, len, map)) 1639 return false; 1640 return mattr_is_cached(map->attr); 1641 default: 1642 return false; 1643 } 1644 } 1645 1646 /* test attributes of target virtual buffer (in core mapping) */ 1647 bool core_vbuf_is(uint32_t attr, const void *vbuf, size_t len) 1648 { 1649 paddr_t p; 1650 1651 /* Empty buffers complies with anything */ 1652 if (len == 0) 1653 return true; 1654 1655 p = virt_to_phys((void *)vbuf); 1656 if (!p) 1657 return false; 1658 1659 return core_pbuf_is(attr, p, len); 1660 } 1661 1662 /* core_va2pa - teecore exported service */ 1663 static int __maybe_unused core_va2pa_helper(void *va, paddr_t *pa) 1664 { 1665 struct tee_mmap_region *map; 1666 1667 map = find_map_by_va(va); 1668 if (!va_is_in_map(map, (vaddr_t)va)) 1669 return -1; 1670 1671 /* 1672 * We can calculate PA for static map. Virtual address ranges 1673 * reserved to core dynamic mapping return a 'match' (return 0;) 1674 * together with an invalid null physical address. 1675 */ 1676 if (map->pa) 1677 *pa = map->pa + (vaddr_t)va - map->va; 1678 else 1679 *pa = 0; 1680 1681 return 0; 1682 } 1683 1684 static void *map_pa2va(struct tee_mmap_region *map, paddr_t pa, size_t len) 1685 { 1686 if (!pa_is_in_map(map, pa, len)) 1687 return NULL; 1688 1689 return (void *)(vaddr_t)(map->va + pa - map->pa); 1690 } 1691 1692 /* 1693 * teecore gets some memory area definitions 1694 */ 1695 void core_mmu_get_mem_by_type(enum teecore_memtypes type, vaddr_t *s, 1696 vaddr_t *e) 1697 { 1698 struct tee_mmap_region *map = find_map_by_type(type); 1699 1700 if (map) { 1701 *s = map->va; 1702 *e = map->va + map->size; 1703 } else { 1704 *s = 0; 1705 *e = 0; 1706 } 1707 } 1708 1709 enum teecore_memtypes core_mmu_get_type_by_pa(paddr_t pa) 1710 { 1711 struct tee_mmap_region *map = find_map_by_pa(pa); 1712 1713 if (!map) 1714 return MEM_AREA_MAXTYPE; 1715 return map->type; 1716 } 1717 1718 void core_mmu_set_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1719 paddr_t pa, uint32_t attr) 1720 { 1721 assert(idx < tbl_info->num_entries); 1722 core_mmu_set_entry_primitive(tbl_info->table, tbl_info->level, 1723 idx, pa, attr); 1724 } 1725 1726 void core_mmu_get_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1727 paddr_t *pa, uint32_t *attr) 1728 { 1729 assert(idx < tbl_info->num_entries); 1730 core_mmu_get_entry_primitive(tbl_info->table, tbl_info->level, 1731 idx, pa, attr); 1732 } 1733 1734 static void clear_region(struct core_mmu_table_info *tbl_info, 1735 struct tee_mmap_region *region) 1736 { 1737 unsigned int end = 0; 1738 unsigned int idx = 0; 1739 1740 /* va, len and pa should be block aligned */ 1741 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1742 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1743 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1744 1745 idx = core_mmu_va2idx(tbl_info, region->va); 1746 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1747 1748 while (idx < end) { 1749 core_mmu_set_entry(tbl_info, idx, 0, 0); 1750 idx++; 1751 } 1752 } 1753 1754 static void set_region(struct core_mmu_table_info *tbl_info, 1755 struct tee_mmap_region *region) 1756 { 1757 unsigned int end; 1758 unsigned int idx; 1759 paddr_t pa; 1760 1761 /* va, len and pa should be block aligned */ 1762 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1763 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1764 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1765 1766 idx = core_mmu_va2idx(tbl_info, region->va); 1767 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1768 pa = region->pa; 1769 1770 while (idx < end) { 1771 core_mmu_set_entry(tbl_info, idx, pa, region->attr); 1772 idx++; 1773 pa += BIT64(tbl_info->shift); 1774 } 1775 } 1776 1777 static void set_pg_region(struct core_mmu_table_info *dir_info, 1778 struct vm_region *region, struct pgt **pgt, 1779 struct core_mmu_table_info *pg_info) 1780 { 1781 struct tee_mmap_region r = { 1782 .va = region->va, 1783 .size = region->size, 1784 .attr = region->attr, 1785 }; 1786 vaddr_t end = r.va + r.size; 1787 uint32_t pgt_attr = (r.attr & TEE_MATTR_SECURE) | TEE_MATTR_TABLE; 1788 1789 while (r.va < end) { 1790 if (!pg_info->table || 1791 r.va >= (pg_info->va_base + CORE_MMU_PGDIR_SIZE)) { 1792 /* 1793 * We're assigning a new translation table. 1794 */ 1795 unsigned int idx; 1796 1797 /* Virtual addresses must grow */ 1798 assert(r.va > pg_info->va_base); 1799 1800 idx = core_mmu_va2idx(dir_info, r.va); 1801 pg_info->va_base = core_mmu_idx2va(dir_info, idx); 1802 1803 /* 1804 * Advance pgt to va_base, note that we may need to 1805 * skip multiple page tables if there are large 1806 * holes in the vm map. 1807 */ 1808 while ((*pgt)->vabase < pg_info->va_base) { 1809 *pgt = SLIST_NEXT(*pgt, link); 1810 /* We should have allocated enough */ 1811 assert(*pgt); 1812 } 1813 assert((*pgt)->vabase == pg_info->va_base); 1814 pg_info->table = (*pgt)->tbl; 1815 1816 core_mmu_set_entry(dir_info, idx, 1817 virt_to_phys(pg_info->table), 1818 pgt_attr); 1819 } 1820 1821 r.size = MIN(CORE_MMU_PGDIR_SIZE - (r.va - pg_info->va_base), 1822 end - r.va); 1823 1824 if (!(*pgt)->populated && !mobj_is_paged(region->mobj)) { 1825 size_t granule = BIT(pg_info->shift); 1826 size_t offset = r.va - region->va + region->offset; 1827 1828 r.size = MIN(r.size, 1829 mobj_get_phys_granule(region->mobj)); 1830 r.size = ROUNDUP(r.size, SMALL_PAGE_SIZE); 1831 1832 if (mobj_get_pa(region->mobj, offset, granule, 1833 &r.pa) != TEE_SUCCESS) 1834 panic("Failed to get PA of unpaged mobj"); 1835 set_region(pg_info, &r); 1836 } 1837 r.va += r.size; 1838 } 1839 } 1840 1841 static bool can_map_at_level(paddr_t paddr, vaddr_t vaddr, 1842 size_t size_left, paddr_t block_size, 1843 struct tee_mmap_region *mm __maybe_unused) 1844 { 1845 /* VA and PA are aligned to block size at current level */ 1846 if ((vaddr | paddr) & (block_size - 1)) 1847 return false; 1848 1849 /* Remainder fits into block at current level */ 1850 if (size_left < block_size) 1851 return false; 1852 1853 #ifdef CFG_WITH_PAGER 1854 /* 1855 * If pager is enabled, we need to map TEE RAM and the whole pager 1856 * regions with small pages only 1857 */ 1858 if ((map_is_tee_ram(mm) || mm->type == MEM_AREA_PAGER_VASPACE) && 1859 block_size != SMALL_PAGE_SIZE) 1860 return false; 1861 #endif 1862 1863 return true; 1864 } 1865 1866 void core_mmu_map_region(struct mmu_partition *prtn, struct tee_mmap_region *mm) 1867 { 1868 struct core_mmu_table_info tbl_info; 1869 unsigned int idx; 1870 vaddr_t vaddr = mm->va; 1871 paddr_t paddr = mm->pa; 1872 ssize_t size_left = mm->size; 1873 unsigned int level; 1874 bool table_found; 1875 uint32_t old_attr; 1876 1877 assert(!((vaddr | paddr) & SMALL_PAGE_MASK)); 1878 1879 while (size_left > 0) { 1880 level = CORE_MMU_BASE_TABLE_LEVEL; 1881 1882 while (true) { 1883 paddr_t block_size = 0; 1884 1885 assert(core_mmu_level_in_range(level)); 1886 1887 table_found = core_mmu_find_table(prtn, vaddr, level, 1888 &tbl_info); 1889 if (!table_found) 1890 panic("can't find table for mapping"); 1891 1892 block_size = BIT64(tbl_info.shift); 1893 1894 idx = core_mmu_va2idx(&tbl_info, vaddr); 1895 if (!can_map_at_level(paddr, vaddr, size_left, 1896 block_size, mm)) { 1897 bool secure = mm->attr & TEE_MATTR_SECURE; 1898 1899 /* 1900 * This part of the region can't be mapped at 1901 * this level. Need to go deeper. 1902 */ 1903 if (!core_mmu_entry_to_finer_grained(&tbl_info, 1904 idx, 1905 secure)) 1906 panic("Can't divide MMU entry"); 1907 level = tbl_info.next_level; 1908 continue; 1909 } 1910 1911 /* We can map part of the region at current level */ 1912 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1913 if (old_attr) 1914 panic("Page is already mapped"); 1915 1916 core_mmu_set_entry(&tbl_info, idx, paddr, mm->attr); 1917 paddr += block_size; 1918 vaddr += block_size; 1919 size_left -= block_size; 1920 1921 break; 1922 } 1923 } 1924 } 1925 1926 TEE_Result core_mmu_map_pages(vaddr_t vstart, paddr_t *pages, size_t num_pages, 1927 enum teecore_memtypes memtype) 1928 { 1929 TEE_Result ret; 1930 struct core_mmu_table_info tbl_info; 1931 struct tee_mmap_region *mm; 1932 unsigned int idx; 1933 uint32_t old_attr; 1934 uint32_t exceptions; 1935 vaddr_t vaddr = vstart; 1936 size_t i; 1937 bool secure; 1938 1939 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1940 1941 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1942 1943 if (vaddr & SMALL_PAGE_MASK) 1944 return TEE_ERROR_BAD_PARAMETERS; 1945 1946 exceptions = mmu_lock(); 1947 1948 mm = find_map_by_va((void *)vaddr); 1949 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1950 panic("VA does not belong to any known mm region"); 1951 1952 if (!core_mmu_is_dynamic_vaspace(mm)) 1953 panic("Trying to map into static region"); 1954 1955 for (i = 0; i < num_pages; i++) { 1956 if (pages[i] & SMALL_PAGE_MASK) { 1957 ret = TEE_ERROR_BAD_PARAMETERS; 1958 goto err; 1959 } 1960 1961 while (true) { 1962 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1963 &tbl_info)) 1964 panic("Can't find pagetable for vaddr "); 1965 1966 idx = core_mmu_va2idx(&tbl_info, vaddr); 1967 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1968 break; 1969 1970 /* This is supertable. Need to divide it. */ 1971 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1972 secure)) 1973 panic("Failed to spread pgdir on small tables"); 1974 } 1975 1976 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1977 if (old_attr) 1978 panic("Page is already mapped"); 1979 1980 core_mmu_set_entry(&tbl_info, idx, pages[i], 1981 core_mmu_type_to_attr(memtype)); 1982 vaddr += SMALL_PAGE_SIZE; 1983 } 1984 1985 /* 1986 * Make sure all the changes to translation tables are visible 1987 * before returning. TLB doesn't need to be invalidated as we are 1988 * guaranteed that there's no valid mapping in this range. 1989 */ 1990 core_mmu_table_write_barrier(); 1991 mmu_unlock(exceptions); 1992 1993 return TEE_SUCCESS; 1994 err: 1995 mmu_unlock(exceptions); 1996 1997 if (i) 1998 core_mmu_unmap_pages(vstart, i); 1999 2000 return ret; 2001 } 2002 2003 TEE_Result core_mmu_map_contiguous_pages(vaddr_t vstart, paddr_t pstart, 2004 size_t num_pages, 2005 enum teecore_memtypes memtype) 2006 { 2007 struct core_mmu_table_info tbl_info = { }; 2008 struct tee_mmap_region *mm = NULL; 2009 unsigned int idx = 0; 2010 uint32_t old_attr = 0; 2011 uint32_t exceptions = 0; 2012 vaddr_t vaddr = vstart; 2013 paddr_t paddr = pstart; 2014 size_t i = 0; 2015 bool secure = false; 2016 2017 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 2018 2019 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 2020 2021 if ((vaddr | paddr) & SMALL_PAGE_MASK) 2022 return TEE_ERROR_BAD_PARAMETERS; 2023 2024 exceptions = mmu_lock(); 2025 2026 mm = find_map_by_va((void *)vaddr); 2027 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 2028 panic("VA does not belong to any known mm region"); 2029 2030 if (!core_mmu_is_dynamic_vaspace(mm)) 2031 panic("Trying to map into static region"); 2032 2033 for (i = 0; i < num_pages; i++) { 2034 while (true) { 2035 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 2036 &tbl_info)) 2037 panic("Can't find pagetable for vaddr "); 2038 2039 idx = core_mmu_va2idx(&tbl_info, vaddr); 2040 if (tbl_info.shift == SMALL_PAGE_SHIFT) 2041 break; 2042 2043 /* This is supertable. Need to divide it. */ 2044 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 2045 secure)) 2046 panic("Failed to spread pgdir on small tables"); 2047 } 2048 2049 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 2050 if (old_attr) 2051 panic("Page is already mapped"); 2052 2053 core_mmu_set_entry(&tbl_info, idx, paddr, 2054 core_mmu_type_to_attr(memtype)); 2055 paddr += SMALL_PAGE_SIZE; 2056 vaddr += SMALL_PAGE_SIZE; 2057 } 2058 2059 /* 2060 * Make sure all the changes to translation tables are visible 2061 * before returning. TLB doesn't need to be invalidated as we are 2062 * guaranteed that there's no valid mapping in this range. 2063 */ 2064 core_mmu_table_write_barrier(); 2065 mmu_unlock(exceptions); 2066 2067 return TEE_SUCCESS; 2068 } 2069 2070 void core_mmu_unmap_pages(vaddr_t vstart, size_t num_pages) 2071 { 2072 struct core_mmu_table_info tbl_info; 2073 struct tee_mmap_region *mm; 2074 size_t i; 2075 unsigned int idx; 2076 uint32_t exceptions; 2077 2078 exceptions = mmu_lock(); 2079 2080 mm = find_map_by_va((void *)vstart); 2081 if (!mm || !va_is_in_map(mm, vstart + num_pages * SMALL_PAGE_SIZE - 1)) 2082 panic("VA does not belong to any known mm region"); 2083 2084 if (!core_mmu_is_dynamic_vaspace(mm)) 2085 panic("Trying to unmap static region"); 2086 2087 for (i = 0; i < num_pages; i++, vstart += SMALL_PAGE_SIZE) { 2088 if (!core_mmu_find_table(NULL, vstart, UINT_MAX, &tbl_info)) 2089 panic("Can't find pagetable"); 2090 2091 if (tbl_info.shift != SMALL_PAGE_SHIFT) 2092 panic("Invalid pagetable level"); 2093 2094 idx = core_mmu_va2idx(&tbl_info, vstart); 2095 core_mmu_set_entry(&tbl_info, idx, 0, 0); 2096 } 2097 tlbi_all(); 2098 2099 mmu_unlock(exceptions); 2100 } 2101 2102 void core_mmu_populate_user_map(struct core_mmu_table_info *dir_info, 2103 struct user_mode_ctx *uctx) 2104 { 2105 struct core_mmu_table_info pg_info = { }; 2106 struct pgt_cache *pgt_cache = &uctx->pgt_cache; 2107 struct pgt *pgt = NULL; 2108 struct pgt *p = NULL; 2109 struct vm_region *r = NULL; 2110 2111 if (TAILQ_EMPTY(&uctx->vm_info.regions)) 2112 return; /* Nothing to map */ 2113 2114 /* 2115 * Allocate all page tables in advance. 2116 */ 2117 pgt_get_all(uctx); 2118 pgt = SLIST_FIRST(pgt_cache); 2119 2120 core_mmu_set_info_table(&pg_info, dir_info->next_level, 0, NULL); 2121 2122 TAILQ_FOREACH(r, &uctx->vm_info.regions, link) 2123 set_pg_region(dir_info, r, &pgt, &pg_info); 2124 /* Record that the translation tables now are populated. */ 2125 SLIST_FOREACH(p, pgt_cache, link) { 2126 p->populated = true; 2127 if (p == pgt) 2128 break; 2129 } 2130 assert(p == pgt); 2131 } 2132 2133 TEE_Result core_mmu_remove_mapping(enum teecore_memtypes type, void *addr, 2134 size_t len) 2135 { 2136 struct core_mmu_table_info tbl_info = { }; 2137 struct tee_mmap_region *res_map = NULL; 2138 struct tee_mmap_region *map = NULL; 2139 paddr_t pa = virt_to_phys(addr); 2140 size_t granule = 0; 2141 ptrdiff_t i = 0; 2142 paddr_t p = 0; 2143 size_t l = 0; 2144 2145 map = find_map_by_type_and_pa(type, pa, len); 2146 if (!map) 2147 return TEE_ERROR_GENERIC; 2148 2149 res_map = find_map_by_type(MEM_AREA_RES_VASPACE); 2150 if (!res_map) 2151 return TEE_ERROR_GENERIC; 2152 if (!core_mmu_find_table(NULL, res_map->va, UINT_MAX, &tbl_info)) 2153 return TEE_ERROR_GENERIC; 2154 granule = BIT(tbl_info.shift); 2155 2156 if (map < static_memory_map.map || 2157 map >= static_memory_map.map + static_memory_map.count) 2158 return TEE_ERROR_GENERIC; 2159 i = map - static_memory_map.map; 2160 2161 /* Check that we have a full match */ 2162 p = ROUNDDOWN(pa, granule); 2163 l = ROUNDUP(len + pa - p, granule); 2164 if (map->pa != p || map->size != l) 2165 return TEE_ERROR_GENERIC; 2166 2167 clear_region(&tbl_info, map); 2168 tlbi_all(); 2169 2170 /* If possible remove the va range from res_map */ 2171 if (res_map->va - map->size == map->va) { 2172 res_map->va -= map->size; 2173 res_map->size += map->size; 2174 } 2175 2176 /* Remove the entry. */ 2177 rem_array_elem(static_memory_map.map, static_memory_map.count, 2178 sizeof(*static_memory_map.map), i); 2179 static_memory_map.count--; 2180 2181 return TEE_SUCCESS; 2182 } 2183 2184 struct tee_mmap_region * 2185 core_mmu_find_mapping_exclusive(enum teecore_memtypes type, size_t len) 2186 { 2187 struct memory_map *mem_map = get_memory_map(); 2188 struct tee_mmap_region *map_found = NULL; 2189 size_t n = 0; 2190 2191 if (!len) 2192 return NULL; 2193 2194 for (n = 0; n < mem_map->count; n++) { 2195 if (mem_map->map[n].type != type) 2196 continue; 2197 2198 if (map_found) 2199 return NULL; 2200 2201 map_found = mem_map->map + n; 2202 } 2203 2204 if (!map_found || map_found->size < len) 2205 return NULL; 2206 2207 return map_found; 2208 } 2209 2210 void *core_mmu_add_mapping(enum teecore_memtypes type, paddr_t addr, size_t len) 2211 { 2212 struct memory_map *mem_map = &static_memory_map; 2213 struct core_mmu_table_info tbl_info = { }; 2214 struct tee_mmap_region *map = NULL; 2215 size_t granule = 0; 2216 paddr_t p = 0; 2217 size_t l = 0; 2218 2219 if (!len) 2220 return NULL; 2221 2222 if (!core_mmu_check_end_pa(addr, len)) 2223 return NULL; 2224 2225 /* Check if the memory is already mapped */ 2226 map = find_map_by_type_and_pa(type, addr, len); 2227 if (map && pbuf_inside_map_area(addr, len, map)) 2228 return (void *)(vaddr_t)(map->va + addr - map->pa); 2229 2230 /* Find the reserved va space used for late mappings */ 2231 map = find_map_by_type(MEM_AREA_RES_VASPACE); 2232 if (!map) 2233 return NULL; 2234 2235 if (!core_mmu_find_table(NULL, map->va, UINT_MAX, &tbl_info)) 2236 return NULL; 2237 2238 granule = BIT64(tbl_info.shift); 2239 p = ROUNDDOWN(addr, granule); 2240 l = ROUNDUP(len + addr - p, granule); 2241 2242 /* Ban overflowing virtual addresses */ 2243 if (map->size < l) 2244 return NULL; 2245 2246 /* 2247 * Something is wrong, we can't fit the va range into the selected 2248 * table. The reserved va range is possibly missaligned with 2249 * granule. 2250 */ 2251 if (core_mmu_va2idx(&tbl_info, map->va + len) >= tbl_info.num_entries) 2252 return NULL; 2253 2254 if (static_memory_map.count >= static_memory_map.alloc_count) 2255 return NULL; 2256 2257 mem_map->map[mem_map->count] = (struct tee_mmap_region){ 2258 .va = map->va, 2259 .size = l, 2260 .type = type, 2261 .region_size = granule, 2262 .attr = core_mmu_type_to_attr(type), 2263 .pa = p, 2264 }; 2265 map->va += l; 2266 map->size -= l; 2267 map = mem_map->map + mem_map->count; 2268 mem_map->count++; 2269 2270 set_region(&tbl_info, map); 2271 2272 /* Make sure the new entry is visible before continuing. */ 2273 core_mmu_table_write_barrier(); 2274 2275 return (void *)(vaddr_t)(map->va + addr - map->pa); 2276 } 2277 2278 #ifdef CFG_WITH_PAGER 2279 static vaddr_t get_linear_map_end_va(void) 2280 { 2281 /* this is synced with the generic linker file kern.ld.S */ 2282 return (vaddr_t)__heap2_end; 2283 } 2284 2285 static paddr_t get_linear_map_end_pa(void) 2286 { 2287 return get_linear_map_end_va() - boot_mmu_config.map_offset; 2288 } 2289 #endif 2290 2291 #if defined(CFG_TEE_CORE_DEBUG) 2292 static void check_pa_matches_va(void *va, paddr_t pa) 2293 { 2294 TEE_Result res = TEE_ERROR_GENERIC; 2295 vaddr_t v = (vaddr_t)va; 2296 paddr_t p = 0; 2297 struct core_mmu_table_info ti __maybe_unused = { }; 2298 2299 if (core_mmu_user_va_range_is_defined()) { 2300 vaddr_t user_va_base = 0; 2301 size_t user_va_size = 0; 2302 2303 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 2304 if (v >= user_va_base && 2305 v <= (user_va_base - 1 + user_va_size)) { 2306 if (!core_mmu_user_mapping_is_active()) { 2307 if (pa) 2308 panic("issue in linear address space"); 2309 return; 2310 } 2311 2312 res = vm_va2pa(to_user_mode_ctx(thread_get_tsd()->ctx), 2313 va, &p); 2314 if (res == TEE_ERROR_NOT_SUPPORTED) 2315 return; 2316 if (res == TEE_SUCCESS && pa != p) 2317 panic("bad pa"); 2318 if (res != TEE_SUCCESS && pa) 2319 panic("false pa"); 2320 return; 2321 } 2322 } 2323 #ifdef CFG_WITH_PAGER 2324 if (is_unpaged(va)) { 2325 if (v - boot_mmu_config.map_offset != pa) 2326 panic("issue in linear address space"); 2327 return; 2328 } 2329 2330 if (tee_pager_get_table_info(v, &ti)) { 2331 uint32_t a; 2332 2333 /* 2334 * Lookups in the page table managed by the pager is 2335 * dangerous for addresses in the paged area as those pages 2336 * changes all the time. But some ranges are safe, 2337 * rw-locked areas when the page is populated for instance. 2338 */ 2339 core_mmu_get_entry(&ti, core_mmu_va2idx(&ti, v), &p, &a); 2340 if (a & TEE_MATTR_VALID_BLOCK) { 2341 paddr_t mask = BIT64(ti.shift) - 1; 2342 2343 p |= v & mask; 2344 if (pa != p) 2345 panic(); 2346 } else { 2347 if (pa) 2348 panic(); 2349 } 2350 return; 2351 } 2352 #endif 2353 2354 if (!core_va2pa_helper(va, &p)) { 2355 /* Verfiy only the static mapping (case non null phys addr) */ 2356 if (p && pa != p) { 2357 DMSG("va %p maps 0x%" PRIxPA ", expect 0x%" PRIxPA, 2358 va, p, pa); 2359 panic(); 2360 } 2361 } else { 2362 if (pa) { 2363 DMSG("va %p unmapped, expect 0x%" PRIxPA, va, pa); 2364 panic(); 2365 } 2366 } 2367 } 2368 #else 2369 static void check_pa_matches_va(void *va __unused, paddr_t pa __unused) 2370 { 2371 } 2372 #endif 2373 2374 paddr_t virt_to_phys(void *va) 2375 { 2376 paddr_t pa = 0; 2377 2378 if (!arch_va2pa_helper(va, &pa)) 2379 pa = 0; 2380 check_pa_matches_va(memtag_strip_tag(va), pa); 2381 return pa; 2382 } 2383 2384 #if defined(CFG_TEE_CORE_DEBUG) 2385 static void check_va_matches_pa(paddr_t pa, void *va) 2386 { 2387 paddr_t p = 0; 2388 2389 if (!va) 2390 return; 2391 2392 p = virt_to_phys(va); 2393 if (p != pa) { 2394 DMSG("va %p maps 0x%" PRIxPA " expect 0x%" PRIxPA, va, p, pa); 2395 panic(); 2396 } 2397 } 2398 #else 2399 static void check_va_matches_pa(paddr_t pa __unused, void *va __unused) 2400 { 2401 } 2402 #endif 2403 2404 static void *phys_to_virt_ts_vaspace(paddr_t pa, size_t len) 2405 { 2406 if (!core_mmu_user_mapping_is_active()) 2407 return NULL; 2408 2409 return vm_pa2va(to_user_mode_ctx(thread_get_tsd()->ctx), pa, len); 2410 } 2411 2412 #ifdef CFG_WITH_PAGER 2413 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2414 { 2415 paddr_t end_pa = 0; 2416 2417 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 2418 return NULL; 2419 2420 if (pa >= TEE_LOAD_ADDR && pa < get_linear_map_end_pa()) { 2421 if (end_pa > get_linear_map_end_pa()) 2422 return NULL; 2423 return (void *)(vaddr_t)(pa + boot_mmu_config.map_offset); 2424 } 2425 2426 return tee_pager_phys_to_virt(pa, len); 2427 } 2428 #else 2429 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2430 { 2431 struct tee_mmap_region *mmap = NULL; 2432 2433 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM, pa, len); 2434 if (!mmap) 2435 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RW, pa, len); 2436 if (!mmap) 2437 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RO, pa, len); 2438 if (!mmap) 2439 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RW, pa, len); 2440 if (!mmap) 2441 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RO, pa, len); 2442 if (!mmap) 2443 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RX, pa, len); 2444 /* 2445 * Note that MEM_AREA_INIT_RAM_RO and MEM_AREA_INIT_RAM_RX are only 2446 * used with pager and not needed here. 2447 */ 2448 return map_pa2va(mmap, pa, len); 2449 } 2450 #endif 2451 2452 void *phys_to_virt(paddr_t pa, enum teecore_memtypes m, size_t len) 2453 { 2454 void *va = NULL; 2455 2456 switch (m) { 2457 case MEM_AREA_TS_VASPACE: 2458 va = phys_to_virt_ts_vaspace(pa, len); 2459 break; 2460 case MEM_AREA_TEE_RAM: 2461 case MEM_AREA_TEE_RAM_RX: 2462 case MEM_AREA_TEE_RAM_RO: 2463 case MEM_AREA_TEE_RAM_RW: 2464 case MEM_AREA_NEX_RAM_RO: 2465 case MEM_AREA_NEX_RAM_RW: 2466 va = phys_to_virt_tee_ram(pa, len); 2467 break; 2468 case MEM_AREA_SHM_VASPACE: 2469 /* Find VA from PA in dynamic SHM is not yet supported */ 2470 va = NULL; 2471 break; 2472 default: 2473 va = map_pa2va(find_map_by_type_and_pa(m, pa, len), pa, len); 2474 } 2475 if (m != MEM_AREA_SEC_RAM_OVERALL) 2476 check_va_matches_pa(pa, va); 2477 return va; 2478 } 2479 2480 void *phys_to_virt_io(paddr_t pa, size_t len) 2481 { 2482 struct tee_mmap_region *map = NULL; 2483 void *va = NULL; 2484 2485 map = find_map_by_type_and_pa(MEM_AREA_IO_SEC, pa, len); 2486 if (!map) 2487 map = find_map_by_type_and_pa(MEM_AREA_IO_NSEC, pa, len); 2488 if (!map) 2489 return NULL; 2490 va = map_pa2va(map, pa, len); 2491 check_va_matches_pa(pa, va); 2492 return va; 2493 } 2494 2495 vaddr_t core_mmu_get_va(paddr_t pa, enum teecore_memtypes type, size_t len) 2496 { 2497 if (cpu_mmu_enabled()) 2498 return (vaddr_t)phys_to_virt(pa, type, len); 2499 2500 return (vaddr_t)pa; 2501 } 2502 2503 #ifdef CFG_WITH_PAGER 2504 bool is_unpaged(const void *va) 2505 { 2506 vaddr_t v = (vaddr_t)va; 2507 2508 return v >= VCORE_START_VA && v < get_linear_map_end_va(); 2509 } 2510 #endif 2511 2512 #ifdef CFG_NS_VIRTUALIZATION 2513 bool is_nexus(const void *va) 2514 { 2515 vaddr_t v = (vaddr_t)va; 2516 2517 return v >= VCORE_START_VA && v < VCORE_NEX_RW_PA + VCORE_NEX_RW_SZ; 2518 } 2519 #endif 2520 2521 void core_mmu_init_virtualization(void) 2522 { 2523 paddr_t b1 = 0; 2524 paddr_size_t s1 = 0; 2525 2526 static_assert(ARRAY_SIZE(secure_only) <= 2); 2527 if (ARRAY_SIZE(secure_only) == 2) { 2528 b1 = secure_only[1].paddr; 2529 s1 = secure_only[1].size; 2530 } 2531 virt_init_memory(&static_memory_map, secure_only[0].paddr, 2532 secure_only[0].size, b1, s1); 2533 } 2534 2535 vaddr_t io_pa_or_va(struct io_pa_va *p, size_t len) 2536 { 2537 assert(p->pa); 2538 if (cpu_mmu_enabled()) { 2539 if (!p->va) 2540 p->va = (vaddr_t)phys_to_virt_io(p->pa, len); 2541 assert(p->va); 2542 return p->va; 2543 } 2544 return p->pa; 2545 } 2546 2547 vaddr_t io_pa_or_va_secure(struct io_pa_va *p, size_t len) 2548 { 2549 assert(p->pa); 2550 if (cpu_mmu_enabled()) { 2551 if (!p->va) 2552 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_SEC, 2553 len); 2554 assert(p->va); 2555 return p->va; 2556 } 2557 return p->pa; 2558 } 2559 2560 vaddr_t io_pa_or_va_nsec(struct io_pa_va *p, size_t len) 2561 { 2562 assert(p->pa); 2563 if (cpu_mmu_enabled()) { 2564 if (!p->va) 2565 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_NSEC, 2566 len); 2567 assert(p->va); 2568 return p->va; 2569 } 2570 return p->pa; 2571 } 2572 2573 #ifdef CFG_CORE_RESERVED_SHM 2574 static TEE_Result teecore_init_pub_ram(void) 2575 { 2576 vaddr_t s = 0; 2577 vaddr_t e = 0; 2578 2579 /* get virtual addr/size of NSec shared mem allocated from teecore */ 2580 core_mmu_get_mem_by_type(MEM_AREA_NSEC_SHM, &s, &e); 2581 2582 if (s >= e || s & SMALL_PAGE_MASK || e & SMALL_PAGE_MASK) 2583 panic("invalid PUB RAM"); 2584 2585 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2586 if (!tee_vbuf_is_non_sec(s, e - s)) 2587 panic("PUB RAM is not non-secure"); 2588 2589 #ifdef CFG_PL310 2590 /* Allocate statically the l2cc mutex */ 2591 tee_l2cc_store_mutex_boot_pa(virt_to_phys((void *)s)); 2592 s += sizeof(uint32_t); /* size of a pl310 mutex */ 2593 s = ROUNDUP(s, SMALL_PAGE_SIZE); /* keep required alignment */ 2594 #endif 2595 2596 default_nsec_shm_paddr = virt_to_phys((void *)s); 2597 default_nsec_shm_size = e - s; 2598 2599 return TEE_SUCCESS; 2600 } 2601 early_init(teecore_init_pub_ram); 2602 #endif /*CFG_CORE_RESERVED_SHM*/ 2603 2604 void core_mmu_init_ta_ram(void) 2605 { 2606 vaddr_t s = 0; 2607 vaddr_t e = 0; 2608 paddr_t ps = 0; 2609 size_t size = 0; 2610 2611 /* 2612 * Get virtual addr/size of RAM where TA are loaded/executedNSec 2613 * shared mem allocated from teecore. 2614 */ 2615 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) 2616 virt_get_ta_ram(&s, &e); 2617 else 2618 core_mmu_get_mem_by_type(MEM_AREA_TA_RAM, &s, &e); 2619 2620 ps = virt_to_phys((void *)s); 2621 size = e - s; 2622 2623 if (!ps || (ps & CORE_MMU_USER_CODE_MASK) || 2624 !size || (size & CORE_MMU_USER_CODE_MASK)) 2625 panic("invalid TA RAM"); 2626 2627 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2628 if (!tee_pbuf_is_sec(ps, size)) 2629 panic("TA RAM is not secure"); 2630 2631 if (!tee_mm_is_empty(&tee_mm_sec_ddr)) 2632 panic("TA RAM pool is not empty"); 2633 2634 /* remove previous config and init TA ddr memory pool */ 2635 tee_mm_final(&tee_mm_sec_ddr); 2636 tee_mm_init(&tee_mm_sec_ddr, ps, size, CORE_MMU_USER_CODE_SHIFT, 2637 TEE_MM_POOL_NO_FLAGS); 2638 } 2639