1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2016, 2022 Linaro Limited 4 * Copyright (c) 2014, STMicroelectronics International N.V. 5 * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. 6 */ 7 8 #include <assert.h> 9 #include <config.h> 10 #include <kernel/boot.h> 11 #include <kernel/dt.h> 12 #include <kernel/linker.h> 13 #include <kernel/panic.h> 14 #include <kernel/spinlock.h> 15 #include <kernel/tee_l2cc_mutex.h> 16 #include <kernel/tee_misc.h> 17 #include <kernel/tlb_helpers.h> 18 #include <kernel/user_mode_ctx.h> 19 #include <kernel/virtualization.h> 20 #include <libfdt.h> 21 #include <mm/core_memprot.h> 22 #include <mm/core_mmu.h> 23 #include <mm/mobj.h> 24 #include <mm/pgt_cache.h> 25 #include <mm/tee_pager.h> 26 #include <mm/vm.h> 27 #include <platform_config.h> 28 #include <string.h> 29 #include <trace.h> 30 #include <util.h> 31 32 #ifndef DEBUG_XLAT_TABLE 33 #define DEBUG_XLAT_TABLE 0 34 #endif 35 36 #define SHM_VASPACE_SIZE (1024 * 1024 * 32) 37 38 #ifdef CFG_CORE_PHYS_RELOCATABLE 39 unsigned long core_mmu_tee_load_pa __nex_bss; 40 #else 41 const unsigned long core_mmu_tee_load_pa = TEE_LOAD_ADDR; 42 #endif 43 44 /* 45 * These variables are initialized before .bss is cleared. To avoid 46 * resetting them when .bss is cleared we're storing them in .data instead, 47 * even if they initially are zero. 48 */ 49 50 #ifdef CFG_CORE_RESERVED_SHM 51 /* Default NSec shared memory allocated from NSec world */ 52 unsigned long default_nsec_shm_size __nex_bss; 53 unsigned long default_nsec_shm_paddr __nex_bss; 54 #endif 55 56 static struct tee_mmap_region static_memory_map[CFG_MMAP_REGIONS 57 #ifdef CFG_CORE_ASLR 58 + 1 59 #endif 60 + 1] __nex_bss; 61 62 /* Define the platform's memory layout. */ 63 struct memaccess_area { 64 paddr_t paddr; 65 size_t size; 66 }; 67 68 #define MEMACCESS_AREA(a, s) { .paddr = a, .size = s } 69 70 static struct memaccess_area secure_only[] __nex_data = { 71 #ifdef TRUSTED_SRAM_BASE 72 MEMACCESS_AREA(TRUSTED_SRAM_BASE, TRUSTED_SRAM_SIZE), 73 #endif 74 MEMACCESS_AREA(TRUSTED_DRAM_BASE, TRUSTED_DRAM_SIZE), 75 }; 76 77 static struct memaccess_area nsec_shared[] __nex_data = { 78 #ifdef CFG_CORE_RESERVED_SHM 79 MEMACCESS_AREA(TEE_SHMEM_START, TEE_SHMEM_SIZE), 80 #endif 81 }; 82 83 #if defined(CFG_SECURE_DATA_PATH) 84 static const char *tz_sdp_match = "linaro,secure-heap"; 85 static struct memaccess_area sec_sdp; 86 #ifdef CFG_TEE_SDP_MEM_BASE 87 register_sdp_mem(CFG_TEE_SDP_MEM_BASE, CFG_TEE_SDP_MEM_SIZE); 88 #endif 89 #ifdef TEE_SDP_TEST_MEM_BASE 90 register_sdp_mem(TEE_SDP_TEST_MEM_BASE, TEE_SDP_TEST_MEM_SIZE); 91 #endif 92 #endif 93 94 #ifdef CFG_CORE_RESERVED_SHM 95 register_phys_mem(MEM_AREA_NSEC_SHM, TEE_SHMEM_START, TEE_SHMEM_SIZE); 96 #endif 97 static unsigned int mmu_spinlock; 98 99 static uint32_t mmu_lock(void) 100 { 101 return cpu_spin_lock_xsave(&mmu_spinlock); 102 } 103 104 static void mmu_unlock(uint32_t exceptions) 105 { 106 cpu_spin_unlock_xrestore(&mmu_spinlock, exceptions); 107 } 108 109 void core_mmu_get_secure_memory(paddr_t *base, paddr_size_t *size) 110 { 111 /* 112 * The first range is always used to cover OP-TEE core memory, but 113 * depending on configuration it may cover more than that. 114 */ 115 *base = secure_only[0].paddr; 116 *size = secure_only[0].size; 117 } 118 119 static struct tee_mmap_region *get_memory_map(void) 120 { 121 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 122 struct tee_mmap_region *map = virt_get_memory_map(); 123 124 if (map) 125 return map; 126 } 127 128 return static_memory_map; 129 } 130 131 static bool _pbuf_intersects(struct memaccess_area *a, size_t alen, 132 paddr_t pa, size_t size) 133 { 134 size_t n; 135 136 for (n = 0; n < alen; n++) 137 if (core_is_buffer_intersect(pa, size, a[n].paddr, a[n].size)) 138 return true; 139 return false; 140 } 141 142 #define pbuf_intersects(a, pa, size) \ 143 _pbuf_intersects((a), ARRAY_SIZE(a), (pa), (size)) 144 145 static bool _pbuf_is_inside(struct memaccess_area *a, size_t alen, 146 paddr_t pa, size_t size) 147 { 148 size_t n; 149 150 for (n = 0; n < alen; n++) 151 if (core_is_buffer_inside(pa, size, a[n].paddr, a[n].size)) 152 return true; 153 return false; 154 } 155 156 #define pbuf_is_inside(a, pa, size) \ 157 _pbuf_is_inside((a), ARRAY_SIZE(a), (pa), (size)) 158 159 static bool pa_is_in_map(struct tee_mmap_region *map, paddr_t pa, size_t len) 160 { 161 paddr_t end_pa = 0; 162 163 if (!map) 164 return false; 165 166 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 167 return false; 168 169 return (pa >= map->pa && end_pa <= map->pa + map->size - 1); 170 } 171 172 static bool va_is_in_map(struct tee_mmap_region *map, vaddr_t va) 173 { 174 if (!map) 175 return false; 176 return (va >= map->va && va <= (map->va + map->size - 1)); 177 } 178 179 /* check if target buffer fits in a core default map area */ 180 static bool pbuf_inside_map_area(unsigned long p, size_t l, 181 struct tee_mmap_region *map) 182 { 183 return core_is_buffer_inside(p, l, map->pa, map->size); 184 } 185 186 static struct tee_mmap_region *find_map_by_type(enum teecore_memtypes type) 187 { 188 struct tee_mmap_region *map; 189 190 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) 191 if (map->type == type) 192 return map; 193 return NULL; 194 } 195 196 static struct tee_mmap_region * 197 find_map_by_type_and_pa(enum teecore_memtypes type, paddr_t pa, size_t len) 198 { 199 struct tee_mmap_region *map; 200 201 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 202 if (map->type != type) 203 continue; 204 if (pa_is_in_map(map, pa, len)) 205 return map; 206 } 207 return NULL; 208 } 209 210 static struct tee_mmap_region *find_map_by_va(void *va) 211 { 212 struct tee_mmap_region *map = get_memory_map(); 213 unsigned long a = (unsigned long)va; 214 215 while (!core_mmap_is_end_of_table(map)) { 216 if (a >= map->va && a <= (map->va - 1 + map->size)) 217 return map; 218 map++; 219 } 220 return NULL; 221 } 222 223 static struct tee_mmap_region *find_map_by_pa(unsigned long pa) 224 { 225 struct tee_mmap_region *map = get_memory_map(); 226 227 while (!core_mmap_is_end_of_table(map)) { 228 if (pa >= map->pa && pa <= (map->pa + map->size - 1)) 229 return map; 230 map++; 231 } 232 return NULL; 233 } 234 235 #if defined(CFG_SECURE_DATA_PATH) 236 static bool dtb_get_sdp_region(void) 237 { 238 void *fdt = NULL; 239 int node = 0; 240 int tmp_node = 0; 241 paddr_t tmp_addr = 0; 242 size_t tmp_size = 0; 243 244 if (!IS_ENABLED(CFG_EMBED_DTB)) 245 return false; 246 247 fdt = get_embedded_dt(); 248 if (!fdt) 249 panic("No DTB found"); 250 251 node = fdt_node_offset_by_compatible(fdt, -1, tz_sdp_match); 252 if (node < 0) { 253 DMSG("No %s compatible node found", tz_sdp_match); 254 return false; 255 } 256 tmp_node = node; 257 while (tmp_node >= 0) { 258 tmp_node = fdt_node_offset_by_compatible(fdt, tmp_node, 259 tz_sdp_match); 260 if (tmp_node >= 0) 261 DMSG("Ignore SDP pool node %s, supports only 1 node", 262 fdt_get_name(fdt, tmp_node, NULL)); 263 } 264 265 tmp_addr = fdt_reg_base_address(fdt, node); 266 if (tmp_addr == DT_INFO_INVALID_REG) { 267 EMSG("%s: Unable to get base addr from DT", tz_sdp_match); 268 return false; 269 } 270 271 tmp_size = fdt_reg_size(fdt, node); 272 if (tmp_size == DT_INFO_INVALID_REG_SIZE) { 273 EMSG("%s: Unable to get size of base addr from DT", 274 tz_sdp_match); 275 return false; 276 } 277 278 sec_sdp.paddr = tmp_addr; 279 sec_sdp.size = tmp_size; 280 281 return true; 282 } 283 #endif 284 285 #if defined(CFG_CORE_DYN_SHM) || defined(CFG_SECURE_DATA_PATH) 286 static bool pbuf_is_special_mem(paddr_t pbuf, size_t len, 287 const struct core_mmu_phys_mem *start, 288 const struct core_mmu_phys_mem *end) 289 { 290 const struct core_mmu_phys_mem *mem; 291 292 for (mem = start; mem < end; mem++) { 293 if (core_is_buffer_inside(pbuf, len, mem->addr, mem->size)) 294 return true; 295 } 296 297 return false; 298 } 299 #endif 300 301 #ifdef CFG_CORE_DYN_SHM 302 static void carve_out_phys_mem(struct core_mmu_phys_mem **mem, size_t *nelems, 303 paddr_t pa, size_t size) 304 { 305 struct core_mmu_phys_mem *m = *mem; 306 size_t n = 0; 307 308 while (true) { 309 if (n >= *nelems) { 310 DMSG("No need to carve out %#" PRIxPA " size %#zx", 311 pa, size); 312 return; 313 } 314 if (core_is_buffer_inside(pa, size, m[n].addr, m[n].size)) 315 break; 316 if (!core_is_buffer_outside(pa, size, m[n].addr, m[n].size)) 317 panic(); 318 n++; 319 } 320 321 if (pa == m[n].addr && size == m[n].size) { 322 /* Remove this entry */ 323 (*nelems)--; 324 memmove(m + n, m + n + 1, sizeof(*m) * (*nelems - n)); 325 m = nex_realloc(m, sizeof(*m) * *nelems); 326 if (!m) 327 panic(); 328 *mem = m; 329 } else if (pa == m[n].addr) { 330 m[n].addr += size; 331 m[n].size -= size; 332 } else if ((pa + size) == (m[n].addr + m[n].size)) { 333 m[n].size -= size; 334 } else { 335 /* Need to split the memory entry */ 336 m = nex_realloc(m, sizeof(*m) * (*nelems + 1)); 337 if (!m) 338 panic(); 339 *mem = m; 340 memmove(m + n + 1, m + n, sizeof(*m) * (*nelems - n)); 341 (*nelems)++; 342 m[n].size = pa - m[n].addr; 343 m[n + 1].size -= size + m[n].size; 344 m[n + 1].addr = pa + size; 345 } 346 } 347 348 static void check_phys_mem_is_outside(struct core_mmu_phys_mem *start, 349 size_t nelems, 350 struct tee_mmap_region *map) 351 { 352 size_t n; 353 354 for (n = 0; n < nelems; n++) { 355 if (!core_is_buffer_outside(start[n].addr, start[n].size, 356 map->pa, map->size)) { 357 EMSG("Non-sec mem (%#" PRIxPA ":%#" PRIxPASZ 358 ") overlaps map (type %d %#" PRIxPA ":%#zx)", 359 start[n].addr, start[n].size, 360 map->type, map->pa, map->size); 361 panic(); 362 } 363 } 364 } 365 366 static const struct core_mmu_phys_mem *discovered_nsec_ddr_start __nex_bss; 367 static size_t discovered_nsec_ddr_nelems __nex_bss; 368 369 static int cmp_pmem_by_addr(const void *a, const void *b) 370 { 371 const struct core_mmu_phys_mem *pmem_a = a; 372 const struct core_mmu_phys_mem *pmem_b = b; 373 374 return CMP_TRILEAN(pmem_a->addr, pmem_b->addr); 375 } 376 377 void core_mmu_set_discovered_nsec_ddr(struct core_mmu_phys_mem *start, 378 size_t nelems) 379 { 380 struct core_mmu_phys_mem *m = start; 381 size_t num_elems = nelems; 382 struct tee_mmap_region *map = static_memory_map; 383 const struct core_mmu_phys_mem __maybe_unused *pmem; 384 385 assert(!discovered_nsec_ddr_start); 386 assert(m && num_elems); 387 388 qsort(m, num_elems, sizeof(*m), cmp_pmem_by_addr); 389 390 /* 391 * Non-secure shared memory and also secure data 392 * path memory are supposed to reside inside 393 * non-secure memory. Since NSEC_SHM and SDP_MEM 394 * are used for a specific purpose make holes for 395 * those memory in the normal non-secure memory. 396 * 397 * This has to be done since for instance QEMU 398 * isn't aware of which memory range in the 399 * non-secure memory is used for NSEC_SHM. 400 */ 401 402 #ifdef CFG_SECURE_DATA_PATH 403 if (dtb_get_sdp_region()) 404 carve_out_phys_mem(&m, &num_elems, sec_sdp.paddr, sec_sdp.size); 405 406 for (pmem = phys_sdp_mem_begin; pmem < phys_sdp_mem_end; pmem++) 407 carve_out_phys_mem(&m, &num_elems, pmem->addr, pmem->size); 408 #endif 409 410 carve_out_phys_mem(&m, &num_elems, TEE_RAM_START, TEE_RAM_PH_SIZE); 411 carve_out_phys_mem(&m, &num_elems, TA_RAM_START, TA_RAM_SIZE); 412 413 for (map = static_memory_map; !core_mmap_is_end_of_table(map); map++) { 414 switch (map->type) { 415 case MEM_AREA_NSEC_SHM: 416 carve_out_phys_mem(&m, &num_elems, map->pa, map->size); 417 break; 418 case MEM_AREA_EXT_DT: 419 case MEM_AREA_RES_VASPACE: 420 case MEM_AREA_SHM_VASPACE: 421 case MEM_AREA_TS_VASPACE: 422 case MEM_AREA_PAGER_VASPACE: 423 break; 424 default: 425 check_phys_mem_is_outside(m, num_elems, map); 426 } 427 } 428 429 discovered_nsec_ddr_start = m; 430 discovered_nsec_ddr_nelems = num_elems; 431 432 if (!core_mmu_check_end_pa(m[num_elems - 1].addr, 433 m[num_elems - 1].size)) 434 panic(); 435 } 436 437 static bool get_discovered_nsec_ddr(const struct core_mmu_phys_mem **start, 438 const struct core_mmu_phys_mem **end) 439 { 440 if (!discovered_nsec_ddr_start) 441 return false; 442 443 *start = discovered_nsec_ddr_start; 444 *end = discovered_nsec_ddr_start + discovered_nsec_ddr_nelems; 445 446 return true; 447 } 448 449 static bool pbuf_is_nsec_ddr(paddr_t pbuf, size_t len) 450 { 451 const struct core_mmu_phys_mem *start; 452 const struct core_mmu_phys_mem *end; 453 454 if (!get_discovered_nsec_ddr(&start, &end)) 455 return false; 456 457 return pbuf_is_special_mem(pbuf, len, start, end); 458 } 459 460 bool core_mmu_nsec_ddr_is_defined(void) 461 { 462 const struct core_mmu_phys_mem *start; 463 const struct core_mmu_phys_mem *end; 464 465 if (!get_discovered_nsec_ddr(&start, &end)) 466 return false; 467 468 return start != end; 469 } 470 #else 471 static bool pbuf_is_nsec_ddr(paddr_t pbuf __unused, size_t len __unused) 472 { 473 return false; 474 } 475 #endif /*CFG_CORE_DYN_SHM*/ 476 477 #define MSG_MEM_INSTERSECT(pa1, sz1, pa2, sz2) \ 478 EMSG("[%" PRIxPA " %" PRIx64 "] intersects [%" PRIxPA " %" PRIx64 "]", \ 479 pa1, (uint64_t)pa1 + (sz1), pa2, (uint64_t)pa2 + (sz2)) 480 481 #ifdef CFG_SECURE_DATA_PATH 482 static bool pbuf_is_sdp_mem(paddr_t pbuf, size_t len) 483 { 484 bool is_sdp_mem = false; 485 486 if (sec_sdp.size) 487 is_sdp_mem = core_is_buffer_inside(pbuf, len, sec_sdp.paddr, 488 sec_sdp.size); 489 490 if (!is_sdp_mem) 491 is_sdp_mem = pbuf_is_special_mem(pbuf, len, phys_sdp_mem_begin, 492 phys_sdp_mem_end); 493 494 return is_sdp_mem; 495 } 496 497 static struct mobj *core_sdp_mem_alloc_mobj(paddr_t pa, size_t size) 498 { 499 struct mobj *mobj = mobj_phys_alloc(pa, size, TEE_MATTR_MEM_TYPE_CACHED, 500 CORE_MEM_SDP_MEM); 501 502 if (!mobj) 503 panic("can't create SDP physical memory object"); 504 505 return mobj; 506 } 507 508 struct mobj **core_sdp_mem_create_mobjs(void) 509 { 510 const struct core_mmu_phys_mem *mem = NULL; 511 struct mobj **mobj_base = NULL; 512 struct mobj **mobj = NULL; 513 int cnt = phys_sdp_mem_end - phys_sdp_mem_begin; 514 515 if (sec_sdp.size) 516 cnt++; 517 518 /* SDP mobjs table must end with a NULL entry */ 519 mobj_base = calloc(cnt + 1, sizeof(struct mobj *)); 520 if (!mobj_base) 521 panic("Out of memory"); 522 523 mobj = mobj_base; 524 525 for (mem = phys_sdp_mem_begin; mem < phys_sdp_mem_end; mem++, mobj++) 526 *mobj = core_sdp_mem_alloc_mobj(mem->addr, mem->size); 527 528 if (sec_sdp.size) 529 *mobj = core_sdp_mem_alloc_mobj(sec_sdp.paddr, sec_sdp.size); 530 531 return mobj_base; 532 } 533 534 #else /* CFG_SECURE_DATA_PATH */ 535 static bool pbuf_is_sdp_mem(paddr_t pbuf __unused, size_t len __unused) 536 { 537 return false; 538 } 539 540 #endif /* CFG_SECURE_DATA_PATH */ 541 542 /* Check special memories comply with registered memories */ 543 static void verify_special_mem_areas(struct tee_mmap_region *mem_map, 544 size_t len, 545 const struct core_mmu_phys_mem *start, 546 const struct core_mmu_phys_mem *end, 547 const char *area_name __maybe_unused) 548 { 549 const struct core_mmu_phys_mem *mem; 550 const struct core_mmu_phys_mem *mem2; 551 struct tee_mmap_region *mmap; 552 size_t n; 553 554 if (start == end) { 555 DMSG("No %s memory area defined", area_name); 556 return; 557 } 558 559 for (mem = start; mem < end; mem++) 560 DMSG("%s memory [%" PRIxPA " %" PRIx64 "]", 561 area_name, mem->addr, (uint64_t)mem->addr + mem->size); 562 563 /* Check memories do not intersect each other */ 564 for (mem = start; mem + 1 < end; mem++) { 565 for (mem2 = mem + 1; mem2 < end; mem2++) { 566 if (core_is_buffer_intersect(mem2->addr, mem2->size, 567 mem->addr, mem->size)) { 568 MSG_MEM_INSTERSECT(mem2->addr, mem2->size, 569 mem->addr, mem->size); 570 panic("Special memory intersection"); 571 } 572 } 573 } 574 575 /* 576 * Check memories do not intersect any mapped memory. 577 * This is called before reserved VA space is loaded in mem_map. 578 */ 579 for (mem = start; mem < end; mem++) { 580 for (mmap = mem_map, n = 0; n < len; mmap++, n++) { 581 if (core_is_buffer_intersect(mem->addr, mem->size, 582 mmap->pa, mmap->size)) { 583 MSG_MEM_INSTERSECT(mem->addr, mem->size, 584 mmap->pa, mmap->size); 585 panic("Special memory intersection"); 586 } 587 } 588 } 589 } 590 591 static void add_phys_mem(struct tee_mmap_region *memory_map, size_t num_elems, 592 const char *mem_name __maybe_unused, 593 enum teecore_memtypes mem_type, 594 paddr_t mem_addr, paddr_size_t mem_size, size_t *last) 595 { 596 size_t n = 0; 597 paddr_t pa; 598 paddr_size_t size; 599 600 if (!mem_size) /* Discard null size entries */ 601 return; 602 /* 603 * If some ranges of memory of the same type do overlap 604 * each others they are coalesced into one entry. To help this 605 * added entries are sorted by increasing physical. 606 * 607 * Note that it's valid to have the same physical memory as several 608 * different memory types, for instance the same device memory 609 * mapped as both secure and non-secure. This will probably not 610 * happen often in practice. 611 */ 612 DMSG("%s type %s 0x%08" PRIxPA " size 0x%08" PRIxPASZ, 613 mem_name, teecore_memtype_name(mem_type), mem_addr, mem_size); 614 while (true) { 615 if (n >= (num_elems - 1)) { 616 EMSG("Out of entries (%zu) in memory_map", num_elems); 617 panic(); 618 } 619 if (n == *last) 620 break; 621 pa = memory_map[n].pa; 622 size = memory_map[n].size; 623 if (mem_type == memory_map[n].type && 624 ((pa <= (mem_addr + (mem_size - 1))) && 625 (mem_addr <= (pa + (size - 1))))) { 626 DMSG("Physical mem map overlaps 0x%" PRIxPA, mem_addr); 627 memory_map[n].pa = MIN(pa, mem_addr); 628 memory_map[n].size = MAX(size, mem_size) + 629 (pa - memory_map[n].pa); 630 return; 631 } 632 if (mem_type < memory_map[n].type || 633 (mem_type == memory_map[n].type && mem_addr < pa)) 634 break; /* found the spot where to insert this memory */ 635 n++; 636 } 637 638 memmove(memory_map + n + 1, memory_map + n, 639 sizeof(struct tee_mmap_region) * (*last - n)); 640 (*last)++; 641 memset(memory_map + n, 0, sizeof(memory_map[0])); 642 memory_map[n].type = mem_type; 643 memory_map[n].pa = mem_addr; 644 memory_map[n].size = mem_size; 645 } 646 647 static void add_va_space(struct tee_mmap_region *memory_map, size_t num_elems, 648 enum teecore_memtypes type, size_t size, size_t *last) 649 { 650 size_t n = 0; 651 652 DMSG("type %s size 0x%08zx", teecore_memtype_name(type), size); 653 while (true) { 654 if (n >= (num_elems - 1)) { 655 EMSG("Out of entries (%zu) in memory_map", num_elems); 656 panic(); 657 } 658 if (n == *last) 659 break; 660 if (type < memory_map[n].type) 661 break; 662 n++; 663 } 664 665 memmove(memory_map + n + 1, memory_map + n, 666 sizeof(struct tee_mmap_region) * (*last - n)); 667 (*last)++; 668 memset(memory_map + n, 0, sizeof(memory_map[0])); 669 memory_map[n].type = type; 670 memory_map[n].size = size; 671 } 672 673 uint32_t core_mmu_type_to_attr(enum teecore_memtypes t) 674 { 675 const uint32_t attr = TEE_MATTR_VALID_BLOCK; 676 const uint32_t tagged = TEE_MATTR_MEM_TYPE_TAGGED << 677 TEE_MATTR_MEM_TYPE_SHIFT; 678 const uint32_t cached = TEE_MATTR_MEM_TYPE_CACHED << 679 TEE_MATTR_MEM_TYPE_SHIFT; 680 const uint32_t noncache = TEE_MATTR_MEM_TYPE_DEV << 681 TEE_MATTR_MEM_TYPE_SHIFT; 682 683 switch (t) { 684 case MEM_AREA_TEE_RAM: 685 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | tagged; 686 case MEM_AREA_TEE_RAM_RX: 687 case MEM_AREA_INIT_RAM_RX: 688 case MEM_AREA_IDENTITY_MAP_RX: 689 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRX | tagged; 690 case MEM_AREA_TEE_RAM_RO: 691 case MEM_AREA_INIT_RAM_RO: 692 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | tagged; 693 case MEM_AREA_TEE_RAM_RW: 694 case MEM_AREA_NEX_RAM_RO: /* This has to be r/w during init runtime */ 695 case MEM_AREA_NEX_RAM_RW: 696 case MEM_AREA_TEE_ASAN: 697 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 698 case MEM_AREA_TEE_COHERENT: 699 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | noncache; 700 case MEM_AREA_TA_RAM: 701 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 702 case MEM_AREA_NSEC_SHM: 703 return attr | TEE_MATTR_PRW | cached; 704 case MEM_AREA_EXT_DT: 705 /* 706 * If CFG_MAP_EXT_DT_SECURE is enabled map the external device 707 * tree as secure non-cached memory, otherwise, fall back to 708 * non-secure mapping. 709 */ 710 if (IS_ENABLED(CFG_MAP_EXT_DT_SECURE)) 711 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | 712 noncache; 713 fallthrough; 714 case MEM_AREA_IO_NSEC: 715 return attr | TEE_MATTR_PRW | noncache; 716 case MEM_AREA_IO_SEC: 717 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | noncache; 718 case MEM_AREA_RAM_NSEC: 719 return attr | TEE_MATTR_PRW | cached; 720 case MEM_AREA_RAM_SEC: 721 case MEM_AREA_SEC_RAM_OVERALL: 722 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 723 case MEM_AREA_RES_VASPACE: 724 case MEM_AREA_SHM_VASPACE: 725 return 0; 726 case MEM_AREA_PAGER_VASPACE: 727 return TEE_MATTR_SECURE; 728 default: 729 panic("invalid type"); 730 } 731 } 732 733 static bool __maybe_unused map_is_tee_ram(const struct tee_mmap_region *mm) 734 { 735 switch (mm->type) { 736 case MEM_AREA_TEE_RAM: 737 case MEM_AREA_TEE_RAM_RX: 738 case MEM_AREA_TEE_RAM_RO: 739 case MEM_AREA_TEE_RAM_RW: 740 case MEM_AREA_INIT_RAM_RX: 741 case MEM_AREA_INIT_RAM_RO: 742 case MEM_AREA_NEX_RAM_RW: 743 case MEM_AREA_NEX_RAM_RO: 744 case MEM_AREA_TEE_ASAN: 745 return true; 746 default: 747 return false; 748 } 749 } 750 751 static bool __maybe_unused map_is_secure(const struct tee_mmap_region *mm) 752 { 753 return !!(core_mmu_type_to_attr(mm->type) & TEE_MATTR_SECURE); 754 } 755 756 static bool __maybe_unused map_is_pgdir(const struct tee_mmap_region *mm) 757 { 758 return mm->region_size == CORE_MMU_PGDIR_SIZE; 759 } 760 761 static int cmp_mmap_by_lower_va(const void *a, const void *b) 762 { 763 const struct tee_mmap_region *mm_a = a; 764 const struct tee_mmap_region *mm_b = b; 765 766 return CMP_TRILEAN(mm_a->va, mm_b->va); 767 } 768 769 static void dump_mmap_table(struct tee_mmap_region *memory_map) 770 { 771 struct tee_mmap_region *map; 772 773 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 774 vaddr_t __maybe_unused vstart; 775 776 vstart = map->va + ((vaddr_t)map->pa & (map->region_size - 1)); 777 DMSG("type %-12s va 0x%08" PRIxVA "..0x%08" PRIxVA 778 " pa 0x%08" PRIxPA "..0x%08" PRIxPA " size 0x%08zx (%s)", 779 teecore_memtype_name(map->type), vstart, 780 vstart + map->size - 1, map->pa, 781 (paddr_t)(map->pa + map->size - 1), map->size, 782 map->region_size == SMALL_PAGE_SIZE ? "smallpg" : "pgdir"); 783 } 784 } 785 786 #if DEBUG_XLAT_TABLE 787 788 static void dump_xlat_table(vaddr_t va, unsigned int level) 789 { 790 struct core_mmu_table_info tbl_info; 791 unsigned int idx = 0; 792 paddr_t pa; 793 uint32_t attr; 794 795 core_mmu_find_table(NULL, va, level, &tbl_info); 796 va = tbl_info.va_base; 797 for (idx = 0; idx < tbl_info.num_entries; idx++) { 798 core_mmu_get_entry(&tbl_info, idx, &pa, &attr); 799 if (attr || level > CORE_MMU_BASE_TABLE_LEVEL) { 800 const char *security_bit = ""; 801 802 if (core_mmu_entry_have_security_bit(attr)) { 803 if (attr & TEE_MATTR_SECURE) 804 security_bit = "S"; 805 else 806 security_bit = "NS"; 807 } 808 809 if (attr & TEE_MATTR_TABLE) { 810 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 811 " TBL:0x%010" PRIxPA " %s", 812 level * 2, "", level, va, pa, 813 security_bit); 814 dump_xlat_table(va, level + 1); 815 } else if (attr) { 816 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 817 " PA:0x%010" PRIxPA " %s-%s-%s-%s", 818 level * 2, "", level, va, pa, 819 mattr_is_cached(attr) ? "MEM" : 820 "DEV", 821 attr & TEE_MATTR_PW ? "RW" : "RO", 822 attr & TEE_MATTR_PX ? "X " : "XN", 823 security_bit); 824 } else { 825 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 826 " INVALID\n", 827 level * 2, "", level, va); 828 } 829 } 830 va += BIT64(tbl_info.shift); 831 } 832 } 833 834 #else 835 836 static void dump_xlat_table(vaddr_t va __unused, int level __unused) 837 { 838 } 839 840 #endif 841 842 /* 843 * Reserves virtual memory space for pager usage. 844 * 845 * From the start of the first memory used by the link script + 846 * TEE_RAM_VA_SIZE should be covered, either with a direct mapping or empty 847 * mapping for pager usage. This adds translation tables as needed for the 848 * pager to operate. 849 */ 850 static void add_pager_vaspace(struct tee_mmap_region *mmap, size_t num_elems, 851 size_t *last) 852 { 853 paddr_t begin = 0; 854 paddr_t end = 0; 855 size_t size = 0; 856 size_t pos = 0; 857 size_t n = 0; 858 859 if (*last >= (num_elems - 1)) { 860 EMSG("Out of entries (%zu) in memory map", num_elems); 861 panic(); 862 } 863 864 for (n = 0; !core_mmap_is_end_of_table(mmap + n); n++) { 865 if (map_is_tee_ram(mmap + n)) { 866 if (!begin) 867 begin = mmap[n].pa; 868 pos = n + 1; 869 } 870 } 871 872 end = mmap[pos - 1].pa + mmap[pos - 1].size; 873 size = TEE_RAM_VA_SIZE - (end - begin); 874 if (!size) 875 return; 876 877 assert(pos <= *last); 878 memmove(mmap + pos + 1, mmap + pos, 879 sizeof(struct tee_mmap_region) * (*last - pos)); 880 (*last)++; 881 memset(mmap + pos, 0, sizeof(mmap[0])); 882 mmap[pos].type = MEM_AREA_PAGER_VASPACE; 883 mmap[pos].va = 0; 884 mmap[pos].size = size; 885 mmap[pos].region_size = SMALL_PAGE_SIZE; 886 mmap[pos].attr = core_mmu_type_to_attr(MEM_AREA_PAGER_VASPACE); 887 } 888 889 static void check_sec_nsec_mem_config(void) 890 { 891 size_t n = 0; 892 893 for (n = 0; n < ARRAY_SIZE(secure_only); n++) { 894 if (pbuf_intersects(nsec_shared, secure_only[n].paddr, 895 secure_only[n].size)) 896 panic("Invalid memory access config: sec/nsec"); 897 } 898 } 899 900 static size_t collect_mem_ranges(struct tee_mmap_region *memory_map, 901 size_t num_elems) 902 { 903 const struct core_mmu_phys_mem *mem = NULL; 904 size_t last = 0; 905 906 907 #define ADD_PHYS_MEM(_type, _addr, _size) \ 908 add_phys_mem(memory_map, num_elems, #_addr, (_type), \ 909 (_addr), (_size), &last) 910 911 if (IS_ENABLED(CFG_CORE_RWDATA_NOEXEC)) { 912 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RO, TEE_RAM_START, 913 VCORE_UNPG_RX_PA - TEE_RAM_START); 914 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RX, VCORE_UNPG_RX_PA, 915 VCORE_UNPG_RX_SZ); 916 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RO, VCORE_UNPG_RO_PA, 917 VCORE_UNPG_RO_SZ); 918 919 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 920 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RO, VCORE_UNPG_RW_PA, 921 VCORE_UNPG_RW_SZ); 922 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RW, VCORE_NEX_RW_PA, 923 VCORE_NEX_RW_SZ); 924 } else { 925 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RW, VCORE_UNPG_RW_PA, 926 VCORE_UNPG_RW_SZ); 927 } 928 929 if (IS_ENABLED(CFG_WITH_PAGER)) { 930 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RX, VCORE_INIT_RX_PA, 931 VCORE_INIT_RX_SZ); 932 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RO, VCORE_INIT_RO_PA, 933 VCORE_INIT_RO_SZ); 934 } 935 } else { 936 ADD_PHYS_MEM(MEM_AREA_TEE_RAM, TEE_RAM_START, TEE_RAM_PH_SIZE); 937 } 938 939 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 940 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, TRUSTED_DRAM_BASE, 941 TRUSTED_DRAM_SIZE); 942 } else { 943 /* 944 * Every guest will have own TA RAM if virtualization 945 * support is enabled. 946 */ 947 ADD_PHYS_MEM(MEM_AREA_TA_RAM, TA_RAM_START, TA_RAM_SIZE); 948 } 949 950 if (IS_ENABLED(CFG_CORE_SANITIZE_KADDRESS) && 951 IS_ENABLED(CFG_WITH_PAGER)) { 952 /* 953 * Asan ram is part of MEM_AREA_TEE_RAM_RW when pager is 954 * disabled. 955 */ 956 ADD_PHYS_MEM(MEM_AREA_TEE_ASAN, ASAN_MAP_PA, ASAN_MAP_SZ); 957 } 958 959 #undef ADD_PHYS_MEM 960 961 for (mem = phys_mem_map_begin; mem < phys_mem_map_end; mem++) { 962 /* Only unmapped virtual range may have a null phys addr */ 963 assert(mem->addr || !core_mmu_type_to_attr(mem->type)); 964 965 add_phys_mem(memory_map, num_elems, mem->name, mem->type, 966 mem->addr, mem->size, &last); 967 } 968 969 if (IS_ENABLED(CFG_SECURE_DATA_PATH)) 970 verify_special_mem_areas(memory_map, num_elems, 971 phys_sdp_mem_begin, 972 phys_sdp_mem_end, "SDP"); 973 974 add_va_space(memory_map, num_elems, MEM_AREA_RES_VASPACE, 975 CFG_RESERVED_VASPACE_SIZE, &last); 976 977 add_va_space(memory_map, num_elems, MEM_AREA_SHM_VASPACE, 978 SHM_VASPACE_SIZE, &last); 979 980 memory_map[last].type = MEM_AREA_END; 981 982 return last; 983 } 984 985 static void assign_mem_granularity(struct tee_mmap_region *memory_map) 986 { 987 struct tee_mmap_region *map = NULL; 988 989 /* 990 * Assign region sizes, note that MEM_AREA_TEE_RAM always uses 991 * SMALL_PAGE_SIZE. 992 */ 993 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 994 paddr_t mask = map->pa | map->size; 995 996 if (!(mask & CORE_MMU_PGDIR_MASK)) 997 map->region_size = CORE_MMU_PGDIR_SIZE; 998 else if (!(mask & SMALL_PAGE_MASK)) 999 map->region_size = SMALL_PAGE_SIZE; 1000 else 1001 panic("Impossible memory alignment"); 1002 1003 if (map_is_tee_ram(map)) 1004 map->region_size = SMALL_PAGE_SIZE; 1005 } 1006 } 1007 1008 static bool place_tee_ram_at_top(paddr_t paddr) 1009 { 1010 return paddr > BIT64(core_mmu_get_va_width()) / 2; 1011 } 1012 1013 /* 1014 * MMU arch driver shall override this function if it helps 1015 * optimizing the memory footprint of the address translation tables. 1016 */ 1017 bool __weak core_mmu_prefer_tee_ram_at_top(paddr_t paddr) 1018 { 1019 return place_tee_ram_at_top(paddr); 1020 } 1021 1022 static bool assign_mem_va_dir(vaddr_t tee_ram_va, 1023 struct tee_mmap_region *memory_map, 1024 bool tee_ram_at_top) 1025 { 1026 struct tee_mmap_region *map = NULL; 1027 vaddr_t va = 0; 1028 bool va_is_secure = true; 1029 1030 /* 1031 * tee_ram_va might equals 0 when CFG_CORE_ASLR=y. 1032 * 0 is by design an invalid va, so return false directly. 1033 */ 1034 if (!tee_ram_va) 1035 return false; 1036 1037 /* Clear eventual previous assignments */ 1038 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 1039 map->va = 0; 1040 1041 /* 1042 * TEE RAM regions are always aligned with region_size. 1043 * 1044 * Note that MEM_AREA_PAGER_VASPACE also counts as TEE RAM here 1045 * since it handles virtual memory which covers the part of the ELF 1046 * that cannot fit directly into memory. 1047 */ 1048 va = tee_ram_va; 1049 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1050 if (map_is_tee_ram(map) || 1051 map->type == MEM_AREA_PAGER_VASPACE) { 1052 assert(!(va & (map->region_size - 1))); 1053 assert(!(map->size & (map->region_size - 1))); 1054 map->va = va; 1055 if (ADD_OVERFLOW(va, map->size, &va)) 1056 return false; 1057 if (va >= BIT64(core_mmu_get_va_width())) 1058 return false; 1059 } 1060 } 1061 1062 if (tee_ram_at_top) { 1063 /* 1064 * Map non-tee ram regions at addresses lower than the tee 1065 * ram region. 1066 */ 1067 va = tee_ram_va; 1068 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1069 map->attr = core_mmu_type_to_attr(map->type); 1070 if (map->va) 1071 continue; 1072 1073 if (!IS_ENABLED(CFG_WITH_LPAE) && 1074 va_is_secure != map_is_secure(map)) { 1075 va_is_secure = !va_is_secure; 1076 va = ROUNDDOWN(va, CORE_MMU_PGDIR_SIZE); 1077 } 1078 1079 if (SUB_OVERFLOW(va, map->size, &va)) 1080 return false; 1081 va = ROUNDDOWN(va, map->region_size); 1082 /* 1083 * Make sure that va is aligned with pa for 1084 * efficient pgdir mapping. Basically pa & 1085 * pgdir_mask should be == va & pgdir_mask 1086 */ 1087 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1088 if (SUB_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, &va)) 1089 return false; 1090 va += (map->pa - va) & CORE_MMU_PGDIR_MASK; 1091 } 1092 map->va = va; 1093 } 1094 } else { 1095 /* 1096 * Map non-tee ram regions at addresses higher than the tee 1097 * ram region. 1098 */ 1099 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1100 map->attr = core_mmu_type_to_attr(map->type); 1101 if (map->va) 1102 continue; 1103 1104 if (!IS_ENABLED(CFG_WITH_LPAE) && 1105 va_is_secure != map_is_secure(map)) { 1106 va_is_secure = !va_is_secure; 1107 if (ROUNDUP_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, 1108 &va)) 1109 return false; 1110 } 1111 1112 if (ROUNDUP_OVERFLOW(va, map->region_size, &va)) 1113 return false; 1114 /* 1115 * Make sure that va is aligned with pa for 1116 * efficient pgdir mapping. Basically pa & 1117 * pgdir_mask should be == va & pgdir_mask 1118 */ 1119 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1120 vaddr_t offs = (map->pa - va) & 1121 CORE_MMU_PGDIR_MASK; 1122 1123 if (ADD_OVERFLOW(va, offs, &va)) 1124 return false; 1125 } 1126 1127 map->va = va; 1128 if (ADD_OVERFLOW(va, map->size, &va)) 1129 return false; 1130 if (va >= BIT64(core_mmu_get_va_width())) 1131 return false; 1132 } 1133 } 1134 1135 return true; 1136 } 1137 1138 static bool assign_mem_va(vaddr_t tee_ram_va, 1139 struct tee_mmap_region *memory_map) 1140 { 1141 bool tee_ram_at_top = place_tee_ram_at_top(tee_ram_va); 1142 1143 /* 1144 * Check that we're not overlapping with the user VA range. 1145 */ 1146 if (IS_ENABLED(CFG_WITH_LPAE)) { 1147 /* 1148 * User VA range is supposed to be defined after these 1149 * mappings have been established. 1150 */ 1151 assert(!core_mmu_user_va_range_is_defined()); 1152 } else { 1153 vaddr_t user_va_base = 0; 1154 size_t user_va_size = 0; 1155 1156 assert(core_mmu_user_va_range_is_defined()); 1157 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 1158 if (tee_ram_va < (user_va_base + user_va_size)) 1159 return false; 1160 } 1161 1162 if (IS_ENABLED(CFG_WITH_PAGER)) { 1163 bool prefered_dir = core_mmu_prefer_tee_ram_at_top(tee_ram_va); 1164 1165 /* Try whole mapping covered by a single base xlat entry */ 1166 if (prefered_dir != tee_ram_at_top && 1167 assign_mem_va_dir(tee_ram_va, memory_map, prefered_dir)) 1168 return true; 1169 } 1170 1171 return assign_mem_va_dir(tee_ram_va, memory_map, tee_ram_at_top); 1172 } 1173 1174 static int cmp_init_mem_map(const void *a, const void *b) 1175 { 1176 const struct tee_mmap_region *mm_a = a; 1177 const struct tee_mmap_region *mm_b = b; 1178 int rc = 0; 1179 1180 rc = CMP_TRILEAN(mm_a->region_size, mm_b->region_size); 1181 if (!rc) 1182 rc = CMP_TRILEAN(mm_a->pa, mm_b->pa); 1183 /* 1184 * 32bit MMU descriptors cannot mix secure and non-secure mapping in 1185 * the same level2 table. Hence sort secure mapping from non-secure 1186 * mapping. 1187 */ 1188 if (!rc && !IS_ENABLED(CFG_WITH_LPAE)) 1189 rc = CMP_TRILEAN(map_is_secure(mm_a), map_is_secure(mm_b)); 1190 1191 return rc; 1192 } 1193 1194 static bool mem_map_add_id_map(struct tee_mmap_region *memory_map, 1195 size_t num_elems, size_t *last, 1196 vaddr_t id_map_start, vaddr_t id_map_end) 1197 { 1198 struct tee_mmap_region *map = NULL; 1199 vaddr_t start = ROUNDDOWN(id_map_start, SMALL_PAGE_SIZE); 1200 vaddr_t end = ROUNDUP(id_map_end, SMALL_PAGE_SIZE); 1201 size_t len = end - start; 1202 1203 if (*last >= num_elems - 1) { 1204 EMSG("Out of entries (%zu) in memory map", num_elems); 1205 panic(); 1206 } 1207 1208 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 1209 if (core_is_buffer_intersect(map->va, map->size, start, len)) 1210 return false; 1211 1212 *map = (struct tee_mmap_region){ 1213 .type = MEM_AREA_IDENTITY_MAP_RX, 1214 /* 1215 * Could use CORE_MMU_PGDIR_SIZE to potentially save a 1216 * translation table, at the increased risk of clashes with 1217 * the rest of the memory map. 1218 */ 1219 .region_size = SMALL_PAGE_SIZE, 1220 .pa = start, 1221 .va = start, 1222 .size = len, 1223 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1224 }; 1225 1226 (*last)++; 1227 1228 return true; 1229 } 1230 1231 static unsigned long init_mem_map(struct tee_mmap_region *memory_map, 1232 size_t num_elems, unsigned long seed) 1233 { 1234 /* 1235 * @id_map_start and @id_map_end describes a physical memory range 1236 * that must be mapped Read-Only eXecutable at identical virtual 1237 * addresses. 1238 */ 1239 vaddr_t id_map_start = (vaddr_t)__identity_map_init_start; 1240 vaddr_t id_map_end = (vaddr_t)__identity_map_init_end; 1241 unsigned long offs = 0; 1242 size_t last = 0; 1243 1244 last = collect_mem_ranges(memory_map, num_elems); 1245 assign_mem_granularity(memory_map); 1246 1247 /* 1248 * To ease mapping and lower use of xlat tables, sort mapping 1249 * description moving small-page regions after the pgdir regions. 1250 */ 1251 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1252 cmp_init_mem_map); 1253 1254 add_pager_vaspace(memory_map, num_elems, &last); 1255 if (IS_ENABLED(CFG_CORE_ASLR) && seed) { 1256 vaddr_t base_addr = TEE_RAM_START + seed; 1257 const unsigned int va_width = core_mmu_get_va_width(); 1258 const vaddr_t va_mask = GENMASK_64(va_width - 1, 1259 SMALL_PAGE_SHIFT); 1260 vaddr_t ba = base_addr; 1261 size_t n = 0; 1262 1263 for (n = 0; n < 3; n++) { 1264 if (n) 1265 ba = base_addr ^ BIT64(va_width - n); 1266 ba &= va_mask; 1267 if (assign_mem_va(ba, memory_map) && 1268 mem_map_add_id_map(memory_map, num_elems, &last, 1269 id_map_start, id_map_end)) { 1270 offs = ba - TEE_RAM_START; 1271 DMSG("Mapping core at %#"PRIxVA" offs %#lx", 1272 ba, offs); 1273 goto out; 1274 } else { 1275 DMSG("Failed to map core at %#"PRIxVA, ba); 1276 } 1277 } 1278 EMSG("Failed to map core with seed %#lx", seed); 1279 } 1280 1281 if (!assign_mem_va(TEE_RAM_START, memory_map)) 1282 panic(); 1283 1284 out: 1285 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1286 cmp_mmap_by_lower_va); 1287 1288 dump_mmap_table(memory_map); 1289 1290 return offs; 1291 } 1292 1293 static void check_mem_map(struct tee_mmap_region *map) 1294 { 1295 struct tee_mmap_region *m = NULL; 1296 1297 for (m = map; !core_mmap_is_end_of_table(m); m++) { 1298 switch (m->type) { 1299 case MEM_AREA_TEE_RAM: 1300 case MEM_AREA_TEE_RAM_RX: 1301 case MEM_AREA_TEE_RAM_RO: 1302 case MEM_AREA_TEE_RAM_RW: 1303 case MEM_AREA_INIT_RAM_RX: 1304 case MEM_AREA_INIT_RAM_RO: 1305 case MEM_AREA_NEX_RAM_RW: 1306 case MEM_AREA_NEX_RAM_RO: 1307 case MEM_AREA_IDENTITY_MAP_RX: 1308 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1309 panic("TEE_RAM can't fit in secure_only"); 1310 break; 1311 case MEM_AREA_TA_RAM: 1312 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1313 panic("TA_RAM can't fit in secure_only"); 1314 break; 1315 case MEM_AREA_NSEC_SHM: 1316 if (!pbuf_is_inside(nsec_shared, m->pa, m->size)) 1317 panic("NS_SHM can't fit in nsec_shared"); 1318 break; 1319 case MEM_AREA_SEC_RAM_OVERALL: 1320 case MEM_AREA_TEE_COHERENT: 1321 case MEM_AREA_TEE_ASAN: 1322 case MEM_AREA_IO_SEC: 1323 case MEM_AREA_IO_NSEC: 1324 case MEM_AREA_EXT_DT: 1325 case MEM_AREA_RAM_SEC: 1326 case MEM_AREA_RAM_NSEC: 1327 case MEM_AREA_RES_VASPACE: 1328 case MEM_AREA_SHM_VASPACE: 1329 case MEM_AREA_PAGER_VASPACE: 1330 break; 1331 default: 1332 EMSG("Uhandled memtype %d", m->type); 1333 panic(); 1334 } 1335 } 1336 } 1337 1338 static struct tee_mmap_region *get_tmp_mmap(void) 1339 { 1340 struct tee_mmap_region *tmp_mmap = (void *)__heap1_start; 1341 1342 #ifdef CFG_WITH_PAGER 1343 if (__heap1_end - __heap1_start < (ptrdiff_t)sizeof(static_memory_map)) 1344 tmp_mmap = (void *)__heap2_start; 1345 #endif 1346 1347 memset(tmp_mmap, 0, sizeof(static_memory_map)); 1348 1349 return tmp_mmap; 1350 } 1351 1352 /* 1353 * core_init_mmu_map() - init tee core default memory mapping 1354 * 1355 * This routine sets the static default TEE core mapping. If @seed is > 0 1356 * and configured with CFG_CORE_ASLR it will map tee core at a location 1357 * based on the seed and return the offset from the link address. 1358 * 1359 * If an error happened: core_init_mmu_map is expected to panic. 1360 * 1361 * Note: this function is weak just to make it possible to exclude it from 1362 * the unpaged area. 1363 */ 1364 void __weak core_init_mmu_map(unsigned long seed, struct core_mmu_config *cfg) 1365 { 1366 #ifndef CFG_NS_VIRTUALIZATION 1367 vaddr_t start = ROUNDDOWN((vaddr_t)__nozi_start, SMALL_PAGE_SIZE); 1368 #else 1369 vaddr_t start = ROUNDDOWN((vaddr_t)__vcore_nex_rw_start, 1370 SMALL_PAGE_SIZE); 1371 #endif 1372 vaddr_t len = ROUNDUP((vaddr_t)__nozi_end, SMALL_PAGE_SIZE) - start; 1373 struct tee_mmap_region *tmp_mmap = get_tmp_mmap(); 1374 unsigned long offs = 0; 1375 1376 check_sec_nsec_mem_config(); 1377 1378 /* 1379 * Add a entry covering the translation tables which will be 1380 * involved in some virt_to_phys() and phys_to_virt() conversions. 1381 */ 1382 static_memory_map[0] = (struct tee_mmap_region){ 1383 .type = MEM_AREA_TEE_RAM, 1384 .region_size = SMALL_PAGE_SIZE, 1385 .pa = start, 1386 .va = start, 1387 .size = len, 1388 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1389 }; 1390 1391 COMPILE_TIME_ASSERT(CFG_MMAP_REGIONS >= 13); 1392 offs = init_mem_map(tmp_mmap, ARRAY_SIZE(static_memory_map), seed); 1393 1394 check_mem_map(tmp_mmap); 1395 core_init_mmu(tmp_mmap); 1396 dump_xlat_table(0x0, CORE_MMU_BASE_TABLE_LEVEL); 1397 core_init_mmu_regs(cfg); 1398 cfg->map_offset = offs; 1399 memcpy(static_memory_map, tmp_mmap, sizeof(static_memory_map)); 1400 } 1401 1402 bool core_mmu_mattr_is_ok(uint32_t mattr) 1403 { 1404 /* 1405 * Keep in sync with core_mmu_lpae.c:mattr_to_desc and 1406 * core_mmu_v7.c:mattr_to_texcb 1407 */ 1408 1409 switch ((mattr >> TEE_MATTR_MEM_TYPE_SHIFT) & TEE_MATTR_MEM_TYPE_MASK) { 1410 case TEE_MATTR_MEM_TYPE_DEV: 1411 case TEE_MATTR_MEM_TYPE_STRONGLY_O: 1412 case TEE_MATTR_MEM_TYPE_CACHED: 1413 case TEE_MATTR_MEM_TYPE_TAGGED: 1414 return true; 1415 default: 1416 return false; 1417 } 1418 } 1419 1420 /* 1421 * test attributes of target physical buffer 1422 * 1423 * Flags: pbuf_is(SECURE, NOT_SECURE, RAM, IOMEM, KEYVAULT). 1424 * 1425 */ 1426 bool core_pbuf_is(uint32_t attr, paddr_t pbuf, size_t len) 1427 { 1428 struct tee_mmap_region *map; 1429 1430 /* Empty buffers complies with anything */ 1431 if (len == 0) 1432 return true; 1433 1434 switch (attr) { 1435 case CORE_MEM_SEC: 1436 return pbuf_is_inside(secure_only, pbuf, len); 1437 case CORE_MEM_NON_SEC: 1438 return pbuf_is_inside(nsec_shared, pbuf, len) || 1439 pbuf_is_nsec_ddr(pbuf, len); 1440 case CORE_MEM_TEE_RAM: 1441 return core_is_buffer_inside(pbuf, len, TEE_RAM_START, 1442 TEE_RAM_PH_SIZE); 1443 case CORE_MEM_TA_RAM: 1444 return core_is_buffer_inside(pbuf, len, TA_RAM_START, 1445 TA_RAM_SIZE); 1446 #ifdef CFG_CORE_RESERVED_SHM 1447 case CORE_MEM_NSEC_SHM: 1448 return core_is_buffer_inside(pbuf, len, TEE_SHMEM_START, 1449 TEE_SHMEM_SIZE); 1450 #endif 1451 case CORE_MEM_SDP_MEM: 1452 return pbuf_is_sdp_mem(pbuf, len); 1453 case CORE_MEM_CACHED: 1454 map = find_map_by_pa(pbuf); 1455 if (!map || !pbuf_inside_map_area(pbuf, len, map)) 1456 return false; 1457 return mattr_is_cached(map->attr); 1458 default: 1459 return false; 1460 } 1461 } 1462 1463 /* test attributes of target virtual buffer (in core mapping) */ 1464 bool core_vbuf_is(uint32_t attr, const void *vbuf, size_t len) 1465 { 1466 paddr_t p; 1467 1468 /* Empty buffers complies with anything */ 1469 if (len == 0) 1470 return true; 1471 1472 p = virt_to_phys((void *)vbuf); 1473 if (!p) 1474 return false; 1475 1476 return core_pbuf_is(attr, p, len); 1477 } 1478 1479 /* core_va2pa - teecore exported service */ 1480 static int __maybe_unused core_va2pa_helper(void *va, paddr_t *pa) 1481 { 1482 struct tee_mmap_region *map; 1483 1484 map = find_map_by_va(va); 1485 if (!va_is_in_map(map, (vaddr_t)va)) 1486 return -1; 1487 1488 /* 1489 * We can calculate PA for static map. Virtual address ranges 1490 * reserved to core dynamic mapping return a 'match' (return 0;) 1491 * together with an invalid null physical address. 1492 */ 1493 if (map->pa) 1494 *pa = map->pa + (vaddr_t)va - map->va; 1495 else 1496 *pa = 0; 1497 1498 return 0; 1499 } 1500 1501 static void *map_pa2va(struct tee_mmap_region *map, paddr_t pa, size_t len) 1502 { 1503 if (!pa_is_in_map(map, pa, len)) 1504 return NULL; 1505 1506 return (void *)(vaddr_t)(map->va + pa - map->pa); 1507 } 1508 1509 /* 1510 * teecore gets some memory area definitions 1511 */ 1512 void core_mmu_get_mem_by_type(unsigned int type, vaddr_t *s, vaddr_t *e) 1513 { 1514 struct tee_mmap_region *map = find_map_by_type(type); 1515 1516 if (map) { 1517 *s = map->va; 1518 *e = map->va + map->size; 1519 } else { 1520 *s = 0; 1521 *e = 0; 1522 } 1523 } 1524 1525 enum teecore_memtypes core_mmu_get_type_by_pa(paddr_t pa) 1526 { 1527 struct tee_mmap_region *map = find_map_by_pa(pa); 1528 1529 if (!map) 1530 return MEM_AREA_MAXTYPE; 1531 return map->type; 1532 } 1533 1534 void core_mmu_set_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1535 paddr_t pa, uint32_t attr) 1536 { 1537 assert(idx < tbl_info->num_entries); 1538 core_mmu_set_entry_primitive(tbl_info->table, tbl_info->level, 1539 idx, pa, attr); 1540 } 1541 1542 void core_mmu_get_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1543 paddr_t *pa, uint32_t *attr) 1544 { 1545 assert(idx < tbl_info->num_entries); 1546 core_mmu_get_entry_primitive(tbl_info->table, tbl_info->level, 1547 idx, pa, attr); 1548 } 1549 1550 static void clear_region(struct core_mmu_table_info *tbl_info, 1551 struct tee_mmap_region *region) 1552 { 1553 unsigned int end = 0; 1554 unsigned int idx = 0; 1555 1556 /* va, len and pa should be block aligned */ 1557 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1558 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1559 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1560 1561 idx = core_mmu_va2idx(tbl_info, region->va); 1562 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1563 1564 while (idx < end) { 1565 core_mmu_set_entry(tbl_info, idx, 0, 0); 1566 idx++; 1567 } 1568 } 1569 1570 static void set_region(struct core_mmu_table_info *tbl_info, 1571 struct tee_mmap_region *region) 1572 { 1573 unsigned int end; 1574 unsigned int idx; 1575 paddr_t pa; 1576 1577 /* va, len and pa should be block aligned */ 1578 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1579 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1580 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1581 1582 idx = core_mmu_va2idx(tbl_info, region->va); 1583 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1584 pa = region->pa; 1585 1586 while (idx < end) { 1587 core_mmu_set_entry(tbl_info, idx, pa, region->attr); 1588 idx++; 1589 pa += BIT64(tbl_info->shift); 1590 } 1591 } 1592 1593 static void set_pg_region(struct core_mmu_table_info *dir_info, 1594 struct vm_region *region, struct pgt **pgt, 1595 struct core_mmu_table_info *pg_info) 1596 { 1597 struct tee_mmap_region r = { 1598 .va = region->va, 1599 .size = region->size, 1600 .attr = region->attr, 1601 }; 1602 vaddr_t end = r.va + r.size; 1603 uint32_t pgt_attr = (r.attr & TEE_MATTR_SECURE) | TEE_MATTR_TABLE; 1604 1605 while (r.va < end) { 1606 if (!pg_info->table || 1607 r.va >= (pg_info->va_base + CORE_MMU_PGDIR_SIZE)) { 1608 /* 1609 * We're assigning a new translation table. 1610 */ 1611 unsigned int idx; 1612 1613 /* Virtual addresses must grow */ 1614 assert(r.va > pg_info->va_base); 1615 1616 idx = core_mmu_va2idx(dir_info, r.va); 1617 pg_info->va_base = core_mmu_idx2va(dir_info, idx); 1618 1619 /* 1620 * Advance pgt to va_base, note that we may need to 1621 * skip multiple page tables if there are large 1622 * holes in the vm map. 1623 */ 1624 while ((*pgt)->vabase < pg_info->va_base) { 1625 *pgt = SLIST_NEXT(*pgt, link); 1626 /* We should have allocated enough */ 1627 assert(*pgt); 1628 } 1629 assert((*pgt)->vabase == pg_info->va_base); 1630 pg_info->table = (*pgt)->tbl; 1631 1632 core_mmu_set_entry(dir_info, idx, 1633 virt_to_phys(pg_info->table), 1634 pgt_attr); 1635 } 1636 1637 r.size = MIN(CORE_MMU_PGDIR_SIZE - (r.va - pg_info->va_base), 1638 end - r.va); 1639 1640 if (!(*pgt)->populated && !mobj_is_paged(region->mobj)) { 1641 size_t granule = BIT(pg_info->shift); 1642 size_t offset = r.va - region->va + region->offset; 1643 1644 r.size = MIN(r.size, 1645 mobj_get_phys_granule(region->mobj)); 1646 r.size = ROUNDUP(r.size, SMALL_PAGE_SIZE); 1647 1648 if (mobj_get_pa(region->mobj, offset, granule, 1649 &r.pa) != TEE_SUCCESS) 1650 panic("Failed to get PA of unpaged mobj"); 1651 set_region(pg_info, &r); 1652 } 1653 r.va += r.size; 1654 } 1655 } 1656 1657 static bool can_map_at_level(paddr_t paddr, vaddr_t vaddr, 1658 size_t size_left, paddr_t block_size, 1659 struct tee_mmap_region *mm __maybe_unused) 1660 { 1661 /* VA and PA are aligned to block size at current level */ 1662 if ((vaddr | paddr) & (block_size - 1)) 1663 return false; 1664 1665 /* Remainder fits into block at current level */ 1666 if (size_left < block_size) 1667 return false; 1668 1669 #ifdef CFG_WITH_PAGER 1670 /* 1671 * If pager is enabled, we need to map tee ram 1672 * regions with small pages only 1673 */ 1674 if (map_is_tee_ram(mm) && block_size != SMALL_PAGE_SIZE) 1675 return false; 1676 #endif 1677 1678 return true; 1679 } 1680 1681 void core_mmu_map_region(struct mmu_partition *prtn, struct tee_mmap_region *mm) 1682 { 1683 struct core_mmu_table_info tbl_info; 1684 unsigned int idx; 1685 vaddr_t vaddr = mm->va; 1686 paddr_t paddr = mm->pa; 1687 ssize_t size_left = mm->size; 1688 unsigned int level; 1689 bool table_found; 1690 uint32_t old_attr; 1691 1692 assert(!((vaddr | paddr) & SMALL_PAGE_MASK)); 1693 1694 while (size_left > 0) { 1695 level = CORE_MMU_BASE_TABLE_LEVEL; 1696 1697 while (true) { 1698 paddr_t block_size = 0; 1699 1700 assert(level <= CORE_MMU_PGDIR_LEVEL); 1701 1702 table_found = core_mmu_find_table(prtn, vaddr, level, 1703 &tbl_info); 1704 if (!table_found) 1705 panic("can't find table for mapping"); 1706 1707 block_size = BIT64(tbl_info.shift); 1708 1709 idx = core_mmu_va2idx(&tbl_info, vaddr); 1710 if (!can_map_at_level(paddr, vaddr, size_left, 1711 block_size, mm)) { 1712 bool secure = mm->attr & TEE_MATTR_SECURE; 1713 1714 /* 1715 * This part of the region can't be mapped at 1716 * this level. Need to go deeper. 1717 */ 1718 if (!core_mmu_entry_to_finer_grained(&tbl_info, 1719 idx, 1720 secure)) 1721 panic("Can't divide MMU entry"); 1722 level++; 1723 continue; 1724 } 1725 1726 /* We can map part of the region at current level */ 1727 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1728 if (old_attr) 1729 panic("Page is already mapped"); 1730 1731 core_mmu_set_entry(&tbl_info, idx, paddr, mm->attr); 1732 paddr += block_size; 1733 vaddr += block_size; 1734 size_left -= block_size; 1735 1736 break; 1737 } 1738 } 1739 } 1740 1741 TEE_Result core_mmu_map_pages(vaddr_t vstart, paddr_t *pages, size_t num_pages, 1742 enum teecore_memtypes memtype) 1743 { 1744 TEE_Result ret; 1745 struct core_mmu_table_info tbl_info; 1746 struct tee_mmap_region *mm; 1747 unsigned int idx; 1748 uint32_t old_attr; 1749 uint32_t exceptions; 1750 vaddr_t vaddr = vstart; 1751 size_t i; 1752 bool secure; 1753 1754 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1755 1756 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1757 1758 if (vaddr & SMALL_PAGE_MASK) 1759 return TEE_ERROR_BAD_PARAMETERS; 1760 1761 exceptions = mmu_lock(); 1762 1763 mm = find_map_by_va((void *)vaddr); 1764 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1765 panic("VA does not belong to any known mm region"); 1766 1767 if (!core_mmu_is_dynamic_vaspace(mm)) 1768 panic("Trying to map into static region"); 1769 1770 for (i = 0; i < num_pages; i++) { 1771 if (pages[i] & SMALL_PAGE_MASK) { 1772 ret = TEE_ERROR_BAD_PARAMETERS; 1773 goto err; 1774 } 1775 1776 while (true) { 1777 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1778 &tbl_info)) 1779 panic("Can't find pagetable for vaddr "); 1780 1781 idx = core_mmu_va2idx(&tbl_info, vaddr); 1782 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1783 break; 1784 1785 /* This is supertable. Need to divide it. */ 1786 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1787 secure)) 1788 panic("Failed to spread pgdir on small tables"); 1789 } 1790 1791 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1792 if (old_attr) 1793 panic("Page is already mapped"); 1794 1795 core_mmu_set_entry(&tbl_info, idx, pages[i], 1796 core_mmu_type_to_attr(memtype)); 1797 vaddr += SMALL_PAGE_SIZE; 1798 } 1799 1800 /* 1801 * Make sure all the changes to translation tables are visible 1802 * before returning. TLB doesn't need to be invalidated as we are 1803 * guaranteed that there's no valid mapping in this range. 1804 */ 1805 core_mmu_table_write_barrier(); 1806 mmu_unlock(exceptions); 1807 1808 return TEE_SUCCESS; 1809 err: 1810 mmu_unlock(exceptions); 1811 1812 if (i) 1813 core_mmu_unmap_pages(vstart, i); 1814 1815 return ret; 1816 } 1817 1818 TEE_Result core_mmu_map_contiguous_pages(vaddr_t vstart, paddr_t pstart, 1819 size_t num_pages, 1820 enum teecore_memtypes memtype) 1821 { 1822 struct core_mmu_table_info tbl_info = { }; 1823 struct tee_mmap_region *mm = NULL; 1824 unsigned int idx = 0; 1825 uint32_t old_attr = 0; 1826 uint32_t exceptions = 0; 1827 vaddr_t vaddr = vstart; 1828 paddr_t paddr = pstart; 1829 size_t i = 0; 1830 bool secure = false; 1831 1832 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1833 1834 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1835 1836 if ((vaddr | paddr) & SMALL_PAGE_MASK) 1837 return TEE_ERROR_BAD_PARAMETERS; 1838 1839 exceptions = mmu_lock(); 1840 1841 mm = find_map_by_va((void *)vaddr); 1842 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1843 panic("VA does not belong to any known mm region"); 1844 1845 if (!core_mmu_is_dynamic_vaspace(mm)) 1846 panic("Trying to map into static region"); 1847 1848 for (i = 0; i < num_pages; i++) { 1849 while (true) { 1850 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1851 &tbl_info)) 1852 panic("Can't find pagetable for vaddr "); 1853 1854 idx = core_mmu_va2idx(&tbl_info, vaddr); 1855 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1856 break; 1857 1858 /* This is supertable. Need to divide it. */ 1859 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1860 secure)) 1861 panic("Failed to spread pgdir on small tables"); 1862 } 1863 1864 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1865 if (old_attr) 1866 panic("Page is already mapped"); 1867 1868 core_mmu_set_entry(&tbl_info, idx, paddr, 1869 core_mmu_type_to_attr(memtype)); 1870 paddr += SMALL_PAGE_SIZE; 1871 vaddr += SMALL_PAGE_SIZE; 1872 } 1873 1874 /* 1875 * Make sure all the changes to translation tables are visible 1876 * before returning. TLB doesn't need to be invalidated as we are 1877 * guaranteed that there's no valid mapping in this range. 1878 */ 1879 core_mmu_table_write_barrier(); 1880 mmu_unlock(exceptions); 1881 1882 return TEE_SUCCESS; 1883 } 1884 1885 void core_mmu_unmap_pages(vaddr_t vstart, size_t num_pages) 1886 { 1887 struct core_mmu_table_info tbl_info; 1888 struct tee_mmap_region *mm; 1889 size_t i; 1890 unsigned int idx; 1891 uint32_t exceptions; 1892 1893 exceptions = mmu_lock(); 1894 1895 mm = find_map_by_va((void *)vstart); 1896 if (!mm || !va_is_in_map(mm, vstart + num_pages * SMALL_PAGE_SIZE - 1)) 1897 panic("VA does not belong to any known mm region"); 1898 1899 if (!core_mmu_is_dynamic_vaspace(mm)) 1900 panic("Trying to unmap static region"); 1901 1902 for (i = 0; i < num_pages; i++, vstart += SMALL_PAGE_SIZE) { 1903 if (!core_mmu_find_table(NULL, vstart, UINT_MAX, &tbl_info)) 1904 panic("Can't find pagetable"); 1905 1906 if (tbl_info.shift != SMALL_PAGE_SHIFT) 1907 panic("Invalid pagetable level"); 1908 1909 idx = core_mmu_va2idx(&tbl_info, vstart); 1910 core_mmu_set_entry(&tbl_info, idx, 0, 0); 1911 } 1912 tlbi_all(); 1913 1914 mmu_unlock(exceptions); 1915 } 1916 1917 void core_mmu_populate_user_map(struct core_mmu_table_info *dir_info, 1918 struct user_mode_ctx *uctx) 1919 { 1920 struct core_mmu_table_info pg_info = { }; 1921 struct pgt_cache *pgt_cache = &uctx->pgt_cache; 1922 struct pgt *pgt = NULL; 1923 struct pgt *p = NULL; 1924 struct vm_region *r = NULL; 1925 1926 if (TAILQ_EMPTY(&uctx->vm_info.regions)) 1927 return; /* Nothing to map */ 1928 1929 /* 1930 * Allocate all page tables in advance. 1931 */ 1932 pgt_get_all(uctx); 1933 pgt = SLIST_FIRST(pgt_cache); 1934 1935 core_mmu_set_info_table(&pg_info, dir_info->level + 1, 0, NULL); 1936 1937 TAILQ_FOREACH(r, &uctx->vm_info.regions, link) 1938 set_pg_region(dir_info, r, &pgt, &pg_info); 1939 /* Record that the translation tables now are populated. */ 1940 SLIST_FOREACH(p, pgt_cache, link) { 1941 p->populated = true; 1942 if (p == pgt) 1943 break; 1944 } 1945 assert(p == pgt); 1946 } 1947 1948 TEE_Result core_mmu_remove_mapping(enum teecore_memtypes type, void *addr, 1949 size_t len) 1950 { 1951 struct core_mmu_table_info tbl_info = { }; 1952 struct tee_mmap_region *res_map = NULL; 1953 struct tee_mmap_region *map = NULL; 1954 paddr_t pa = virt_to_phys(addr); 1955 size_t granule = 0; 1956 ptrdiff_t i = 0; 1957 paddr_t p = 0; 1958 size_t l = 0; 1959 1960 map = find_map_by_type_and_pa(type, pa, len); 1961 if (!map) 1962 return TEE_ERROR_GENERIC; 1963 1964 res_map = find_map_by_type(MEM_AREA_RES_VASPACE); 1965 if (!res_map) 1966 return TEE_ERROR_GENERIC; 1967 if (!core_mmu_find_table(NULL, res_map->va, UINT_MAX, &tbl_info)) 1968 return TEE_ERROR_GENERIC; 1969 granule = BIT(tbl_info.shift); 1970 1971 if (map < static_memory_map || 1972 map >= static_memory_map + ARRAY_SIZE(static_memory_map)) 1973 return TEE_ERROR_GENERIC; 1974 i = map - static_memory_map; 1975 1976 /* Check that we have a full match */ 1977 p = ROUNDDOWN(pa, granule); 1978 l = ROUNDUP(len + pa - p, granule); 1979 if (map->pa != p || map->size != l) 1980 return TEE_ERROR_GENERIC; 1981 1982 clear_region(&tbl_info, map); 1983 tlbi_all(); 1984 1985 /* If possible remove the va range from res_map */ 1986 if (res_map->va - map->size == map->va) { 1987 res_map->va -= map->size; 1988 res_map->size += map->size; 1989 } 1990 1991 /* Remove the entry. */ 1992 memmove(map, map + 1, 1993 (ARRAY_SIZE(static_memory_map) - i - 1) * sizeof(*map)); 1994 1995 /* Clear the last new entry in case it was used */ 1996 memset(static_memory_map + ARRAY_SIZE(static_memory_map) - 1, 1997 0, sizeof(*map)); 1998 1999 return TEE_SUCCESS; 2000 } 2001 2002 struct tee_mmap_region * 2003 core_mmu_find_mapping_exclusive(enum teecore_memtypes type, size_t len) 2004 { 2005 struct tee_mmap_region *map = NULL; 2006 struct tee_mmap_region *map_found = NULL; 2007 2008 if (!len) 2009 return NULL; 2010 2011 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 2012 if (map->type != type) 2013 continue; 2014 2015 if (map_found) 2016 return NULL; 2017 2018 map_found = map; 2019 } 2020 2021 if (!map_found || map_found->size < len) 2022 return NULL; 2023 2024 return map_found; 2025 } 2026 2027 void *core_mmu_add_mapping(enum teecore_memtypes type, paddr_t addr, size_t len) 2028 { 2029 struct core_mmu_table_info tbl_info; 2030 struct tee_mmap_region *map; 2031 size_t n; 2032 size_t granule; 2033 paddr_t p; 2034 size_t l; 2035 2036 if (!len) 2037 return NULL; 2038 2039 if (!core_mmu_check_end_pa(addr, len)) 2040 return NULL; 2041 2042 /* Check if the memory is already mapped */ 2043 map = find_map_by_type_and_pa(type, addr, len); 2044 if (map && pbuf_inside_map_area(addr, len, map)) 2045 return (void *)(vaddr_t)(map->va + addr - map->pa); 2046 2047 /* Find the reserved va space used for late mappings */ 2048 map = find_map_by_type(MEM_AREA_RES_VASPACE); 2049 if (!map) 2050 return NULL; 2051 2052 if (!core_mmu_find_table(NULL, map->va, UINT_MAX, &tbl_info)) 2053 return NULL; 2054 2055 granule = BIT64(tbl_info.shift); 2056 p = ROUNDDOWN(addr, granule); 2057 l = ROUNDUP(len + addr - p, granule); 2058 2059 /* Ban overflowing virtual addresses */ 2060 if (map->size < l) 2061 return NULL; 2062 2063 /* 2064 * Something is wrong, we can't fit the va range into the selected 2065 * table. The reserved va range is possibly missaligned with 2066 * granule. 2067 */ 2068 if (core_mmu_va2idx(&tbl_info, map->va + len) >= tbl_info.num_entries) 2069 return NULL; 2070 2071 /* Find end of the memory map */ 2072 n = 0; 2073 while (!core_mmap_is_end_of_table(static_memory_map + n)) 2074 n++; 2075 2076 if (n < (ARRAY_SIZE(static_memory_map) - 1)) { 2077 /* There's room for another entry */ 2078 static_memory_map[n].va = map->va; 2079 static_memory_map[n].size = l; 2080 static_memory_map[n + 1].type = MEM_AREA_END; 2081 map->va += l; 2082 map->size -= l; 2083 map = static_memory_map + n; 2084 } else { 2085 /* 2086 * There isn't room for another entry, steal the reserved 2087 * entry as it's not useful for anything else any longer. 2088 */ 2089 map->size = l; 2090 } 2091 map->type = type; 2092 map->region_size = granule; 2093 map->attr = core_mmu_type_to_attr(type); 2094 map->pa = p; 2095 2096 set_region(&tbl_info, map); 2097 2098 /* Make sure the new entry is visible before continuing. */ 2099 core_mmu_table_write_barrier(); 2100 2101 return (void *)(vaddr_t)(map->va + addr - map->pa); 2102 } 2103 2104 #ifdef CFG_WITH_PAGER 2105 static vaddr_t get_linear_map_end_va(void) 2106 { 2107 /* this is synced with the generic linker file kern.ld.S */ 2108 return (vaddr_t)__heap2_end; 2109 } 2110 2111 static paddr_t get_linear_map_end_pa(void) 2112 { 2113 return get_linear_map_end_va() - boot_mmu_config.map_offset; 2114 } 2115 #endif 2116 2117 #if defined(CFG_TEE_CORE_DEBUG) 2118 static void check_pa_matches_va(void *va, paddr_t pa) 2119 { 2120 TEE_Result res = TEE_ERROR_GENERIC; 2121 vaddr_t v = (vaddr_t)va; 2122 paddr_t p = 0; 2123 struct core_mmu_table_info ti __maybe_unused = { }; 2124 2125 if (core_mmu_user_va_range_is_defined()) { 2126 vaddr_t user_va_base = 0; 2127 size_t user_va_size = 0; 2128 2129 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 2130 if (v >= user_va_base && 2131 v <= (user_va_base - 1 + user_va_size)) { 2132 if (!core_mmu_user_mapping_is_active()) { 2133 if (pa) 2134 panic("issue in linear address space"); 2135 return; 2136 } 2137 2138 res = vm_va2pa(to_user_mode_ctx(thread_get_tsd()->ctx), 2139 va, &p); 2140 if (res == TEE_ERROR_NOT_SUPPORTED) 2141 return; 2142 if (res == TEE_SUCCESS && pa != p) 2143 panic("bad pa"); 2144 if (res != TEE_SUCCESS && pa) 2145 panic("false pa"); 2146 return; 2147 } 2148 } 2149 #ifdef CFG_WITH_PAGER 2150 if (is_unpaged(va)) { 2151 if (v - boot_mmu_config.map_offset != pa) 2152 panic("issue in linear address space"); 2153 return; 2154 } 2155 2156 if (tee_pager_get_table_info(v, &ti)) { 2157 uint32_t a; 2158 2159 /* 2160 * Lookups in the page table managed by the pager is 2161 * dangerous for addresses in the paged area as those pages 2162 * changes all the time. But some ranges are safe, 2163 * rw-locked areas when the page is populated for instance. 2164 */ 2165 core_mmu_get_entry(&ti, core_mmu_va2idx(&ti, v), &p, &a); 2166 if (a & TEE_MATTR_VALID_BLOCK) { 2167 paddr_t mask = BIT64(ti.shift) - 1; 2168 2169 p |= v & mask; 2170 if (pa != p) 2171 panic(); 2172 } else { 2173 if (pa) 2174 panic(); 2175 } 2176 return; 2177 } 2178 #endif 2179 2180 if (!core_va2pa_helper(va, &p)) { 2181 /* Verfiy only the static mapping (case non null phys addr) */ 2182 if (p && pa != p) { 2183 DMSG("va %p maps 0x%" PRIxPA ", expect 0x%" PRIxPA, 2184 va, p, pa); 2185 panic(); 2186 } 2187 } else { 2188 if (pa) { 2189 DMSG("va %p unmapped, expect 0x%" PRIxPA, va, pa); 2190 panic(); 2191 } 2192 } 2193 } 2194 #else 2195 static void check_pa_matches_va(void *va __unused, paddr_t pa __unused) 2196 { 2197 } 2198 #endif 2199 2200 paddr_t virt_to_phys(void *va) 2201 { 2202 paddr_t pa = 0; 2203 2204 if (!arch_va2pa_helper(va, &pa)) 2205 pa = 0; 2206 check_pa_matches_va(va, pa); 2207 return pa; 2208 } 2209 2210 #if defined(CFG_TEE_CORE_DEBUG) 2211 static void check_va_matches_pa(paddr_t pa, void *va) 2212 { 2213 paddr_t p = 0; 2214 2215 if (!va) 2216 return; 2217 2218 p = virt_to_phys(va); 2219 if (p != pa) { 2220 DMSG("va %p maps 0x%" PRIxPA " expect 0x%" PRIxPA, va, p, pa); 2221 panic(); 2222 } 2223 } 2224 #else 2225 static void check_va_matches_pa(paddr_t pa __unused, void *va __unused) 2226 { 2227 } 2228 #endif 2229 2230 static void *phys_to_virt_ts_vaspace(paddr_t pa, size_t len) 2231 { 2232 if (!core_mmu_user_mapping_is_active()) 2233 return NULL; 2234 2235 return vm_pa2va(to_user_mode_ctx(thread_get_tsd()->ctx), pa, len); 2236 } 2237 2238 #ifdef CFG_WITH_PAGER 2239 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2240 { 2241 paddr_t end_pa = 0; 2242 2243 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 2244 return NULL; 2245 2246 if (pa >= TEE_LOAD_ADDR && pa < get_linear_map_end_pa()) { 2247 if (end_pa > get_linear_map_end_pa()) 2248 return NULL; 2249 return (void *)(vaddr_t)(pa + boot_mmu_config.map_offset); 2250 } 2251 2252 return tee_pager_phys_to_virt(pa, len); 2253 } 2254 #else 2255 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2256 { 2257 struct tee_mmap_region *mmap = NULL; 2258 2259 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM, pa, len); 2260 if (!mmap) 2261 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RW, pa, len); 2262 if (!mmap) 2263 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RO, pa, len); 2264 if (!mmap) 2265 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RW, pa, len); 2266 if (!mmap) 2267 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RO, pa, len); 2268 if (!mmap) 2269 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RX, pa, len); 2270 /* 2271 * Note that MEM_AREA_INIT_RAM_RO and MEM_AREA_INIT_RAM_RX are only 2272 * used with pager and not needed here. 2273 */ 2274 return map_pa2va(mmap, pa, len); 2275 } 2276 #endif 2277 2278 void *phys_to_virt(paddr_t pa, enum teecore_memtypes m, size_t len) 2279 { 2280 void *va = NULL; 2281 2282 switch (m) { 2283 case MEM_AREA_TS_VASPACE: 2284 va = phys_to_virt_ts_vaspace(pa, len); 2285 break; 2286 case MEM_AREA_TEE_RAM: 2287 case MEM_AREA_TEE_RAM_RX: 2288 case MEM_AREA_TEE_RAM_RO: 2289 case MEM_AREA_TEE_RAM_RW: 2290 case MEM_AREA_NEX_RAM_RO: 2291 case MEM_AREA_NEX_RAM_RW: 2292 va = phys_to_virt_tee_ram(pa, len); 2293 break; 2294 case MEM_AREA_SHM_VASPACE: 2295 /* Find VA from PA in dynamic SHM is not yet supported */ 2296 va = NULL; 2297 break; 2298 default: 2299 va = map_pa2va(find_map_by_type_and_pa(m, pa, len), pa, len); 2300 } 2301 if (m != MEM_AREA_SEC_RAM_OVERALL) 2302 check_va_matches_pa(pa, va); 2303 return va; 2304 } 2305 2306 void *phys_to_virt_io(paddr_t pa, size_t len) 2307 { 2308 struct tee_mmap_region *map = NULL; 2309 void *va = NULL; 2310 2311 map = find_map_by_type_and_pa(MEM_AREA_IO_SEC, pa, len); 2312 if (!map) 2313 map = find_map_by_type_and_pa(MEM_AREA_IO_NSEC, pa, len); 2314 if (!map) 2315 return NULL; 2316 va = map_pa2va(map, pa, len); 2317 check_va_matches_pa(pa, va); 2318 return va; 2319 } 2320 2321 vaddr_t core_mmu_get_va(paddr_t pa, enum teecore_memtypes type, size_t len) 2322 { 2323 if (cpu_mmu_enabled()) 2324 return (vaddr_t)phys_to_virt(pa, type, len); 2325 2326 return (vaddr_t)pa; 2327 } 2328 2329 #ifdef CFG_WITH_PAGER 2330 bool is_unpaged(void *va) 2331 { 2332 vaddr_t v = (vaddr_t)va; 2333 2334 return v >= VCORE_START_VA && v < get_linear_map_end_va(); 2335 } 2336 #else 2337 bool is_unpaged(void *va __unused) 2338 { 2339 return true; 2340 } 2341 #endif 2342 2343 void core_mmu_init_virtualization(void) 2344 { 2345 paddr_t b1 = 0; 2346 paddr_size_t s1 = 0; 2347 2348 static_assert(ARRAY_SIZE(secure_only) <= 2); 2349 if (ARRAY_SIZE(secure_only) == 2) { 2350 b1 = secure_only[1].paddr; 2351 s1 = secure_only[1].size; 2352 } 2353 virt_init_memory(static_memory_map, secure_only[0].paddr, 2354 secure_only[0].size, b1, s1); 2355 } 2356 2357 vaddr_t io_pa_or_va(struct io_pa_va *p, size_t len) 2358 { 2359 assert(p->pa); 2360 if (cpu_mmu_enabled()) { 2361 if (!p->va) 2362 p->va = (vaddr_t)phys_to_virt_io(p->pa, len); 2363 assert(p->va); 2364 return p->va; 2365 } 2366 return p->pa; 2367 } 2368 2369 vaddr_t io_pa_or_va_secure(struct io_pa_va *p, size_t len) 2370 { 2371 assert(p->pa); 2372 if (cpu_mmu_enabled()) { 2373 if (!p->va) 2374 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_SEC, 2375 len); 2376 assert(p->va); 2377 return p->va; 2378 } 2379 return p->pa; 2380 } 2381 2382 vaddr_t io_pa_or_va_nsec(struct io_pa_va *p, size_t len) 2383 { 2384 assert(p->pa); 2385 if (cpu_mmu_enabled()) { 2386 if (!p->va) 2387 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_NSEC, 2388 len); 2389 assert(p->va); 2390 return p->va; 2391 } 2392 return p->pa; 2393 } 2394 2395 #ifdef CFG_CORE_RESERVED_SHM 2396 static TEE_Result teecore_init_pub_ram(void) 2397 { 2398 vaddr_t s = 0; 2399 vaddr_t e = 0; 2400 2401 /* get virtual addr/size of NSec shared mem allocated from teecore */ 2402 core_mmu_get_mem_by_type(MEM_AREA_NSEC_SHM, &s, &e); 2403 2404 if (s >= e || s & SMALL_PAGE_MASK || e & SMALL_PAGE_MASK) 2405 panic("invalid PUB RAM"); 2406 2407 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2408 if (!tee_vbuf_is_non_sec(s, e - s)) 2409 panic("PUB RAM is not non-secure"); 2410 2411 #ifdef CFG_PL310 2412 /* Allocate statically the l2cc mutex */ 2413 tee_l2cc_store_mutex_boot_pa(virt_to_phys((void *)s)); 2414 s += sizeof(uint32_t); /* size of a pl310 mutex */ 2415 s = ROUNDUP(s, SMALL_PAGE_SIZE); /* keep required alignment */ 2416 #endif 2417 2418 default_nsec_shm_paddr = virt_to_phys((void *)s); 2419 default_nsec_shm_size = e - s; 2420 2421 return TEE_SUCCESS; 2422 } 2423 early_init(teecore_init_pub_ram); 2424 #endif /*CFG_CORE_RESERVED_SHM*/ 2425 2426 void core_mmu_init_ta_ram(void) 2427 { 2428 vaddr_t s = 0; 2429 vaddr_t e = 0; 2430 paddr_t ps = 0; 2431 size_t size = 0; 2432 2433 /* 2434 * Get virtual addr/size of RAM where TA are loaded/executedNSec 2435 * shared mem allocated from teecore. 2436 */ 2437 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) 2438 virt_get_ta_ram(&s, &e); 2439 else 2440 core_mmu_get_mem_by_type(MEM_AREA_TA_RAM, &s, &e); 2441 2442 ps = virt_to_phys((void *)s); 2443 size = e - s; 2444 2445 if (!ps || (ps & CORE_MMU_USER_CODE_MASK) || 2446 !size || (size & CORE_MMU_USER_CODE_MASK)) 2447 panic("invalid TA RAM"); 2448 2449 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2450 if (!tee_pbuf_is_sec(ps, size)) 2451 panic("TA RAM is not secure"); 2452 2453 if (!tee_mm_is_empty(&tee_mm_sec_ddr)) 2454 panic("TA RAM pool is not empty"); 2455 2456 /* remove previous config and init TA ddr memory pool */ 2457 tee_mm_final(&tee_mm_sec_ddr); 2458 tee_mm_init(&tee_mm_sec_ddr, ps, size, CORE_MMU_USER_CODE_SHIFT, 2459 TEE_MM_POOL_NO_FLAGS); 2460 } 2461