1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2016, 2022 Linaro Limited 4 * Copyright (c) 2014, STMicroelectronics International N.V. 5 * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. 6 */ 7 8 #include <assert.h> 9 #include <config.h> 10 #include <kernel/boot.h> 11 #include <kernel/dt.h> 12 #include <kernel/linker.h> 13 #include <kernel/panic.h> 14 #include <kernel/spinlock.h> 15 #include <kernel/tee_l2cc_mutex.h> 16 #include <kernel/tee_misc.h> 17 #include <kernel/tlb_helpers.h> 18 #include <kernel/user_mode_ctx.h> 19 #include <kernel/virtualization.h> 20 #include <libfdt.h> 21 #include <mm/core_memprot.h> 22 #include <mm/core_mmu.h> 23 #include <mm/mobj.h> 24 #include <mm/pgt_cache.h> 25 #include <mm/tee_pager.h> 26 #include <mm/vm.h> 27 #include <platform_config.h> 28 #include <string.h> 29 #include <trace.h> 30 #include <util.h> 31 32 #ifndef DEBUG_XLAT_TABLE 33 #define DEBUG_XLAT_TABLE 0 34 #endif 35 36 #define SHM_VASPACE_SIZE (1024 * 1024 * 32) 37 38 /* 39 * These variables are initialized before .bss is cleared. To avoid 40 * resetting them when .bss is cleared we're storing them in .data instead, 41 * even if they initially are zero. 42 */ 43 44 #ifdef CFG_CORE_RESERVED_SHM 45 /* Default NSec shared memory allocated from NSec world */ 46 unsigned long default_nsec_shm_size __nex_bss; 47 unsigned long default_nsec_shm_paddr __nex_bss; 48 #endif 49 50 static struct tee_mmap_region static_memory_map[CFG_MMAP_REGIONS 51 #ifdef CFG_CORE_ASLR 52 + 1 53 #endif 54 + 1] __nex_bss; 55 56 /* Define the platform's memory layout. */ 57 struct memaccess_area { 58 paddr_t paddr; 59 size_t size; 60 }; 61 62 #define MEMACCESS_AREA(a, s) { .paddr = a, .size = s } 63 64 static struct memaccess_area secure_only[] __nex_data = { 65 #ifdef TRUSTED_SRAM_BASE 66 MEMACCESS_AREA(TRUSTED_SRAM_BASE, TRUSTED_SRAM_SIZE), 67 #endif 68 MEMACCESS_AREA(TRUSTED_DRAM_BASE, TRUSTED_DRAM_SIZE), 69 }; 70 71 static struct memaccess_area nsec_shared[] __nex_data = { 72 #ifdef CFG_CORE_RESERVED_SHM 73 MEMACCESS_AREA(TEE_SHMEM_START, TEE_SHMEM_SIZE), 74 #endif 75 }; 76 77 #if defined(CFG_SECURE_DATA_PATH) 78 static const char *tz_sdp_match = "linaro,secure-heap"; 79 static struct memaccess_area sec_sdp; 80 #ifdef CFG_TEE_SDP_MEM_BASE 81 register_sdp_mem(CFG_TEE_SDP_MEM_BASE, CFG_TEE_SDP_MEM_SIZE); 82 #endif 83 #ifdef TEE_SDP_TEST_MEM_BASE 84 register_sdp_mem(TEE_SDP_TEST_MEM_BASE, TEE_SDP_TEST_MEM_SIZE); 85 #endif 86 #endif 87 88 #ifdef CFG_CORE_RWDATA_NOEXEC 89 register_phys_mem_ul(MEM_AREA_TEE_RAM_RO, TEE_RAM_START, 90 VCORE_UNPG_RX_PA - TEE_RAM_START); 91 register_phys_mem_ul(MEM_AREA_TEE_RAM_RX, VCORE_UNPG_RX_PA, 92 VCORE_UNPG_RX_SZ_UNSAFE); 93 register_phys_mem_ul(MEM_AREA_TEE_RAM_RO, VCORE_UNPG_RO_PA, 94 VCORE_UNPG_RO_SZ_UNSAFE); 95 96 #ifdef CFG_VIRTUALIZATION 97 register_phys_mem_ul(MEM_AREA_NEX_RAM_RO, VCORE_UNPG_RW_PA, 98 VCORE_UNPG_RW_SZ_UNSAFE); 99 register_phys_mem_ul(MEM_AREA_NEX_RAM_RW, VCORE_NEX_RW_PA, 100 VCORE_NEX_RW_SZ_UNSAFE); 101 #else 102 register_phys_mem_ul(MEM_AREA_TEE_RAM_RW, VCORE_UNPG_RW_PA, 103 VCORE_UNPG_RW_SZ_UNSAFE); 104 #endif 105 106 #ifdef CFG_WITH_PAGER 107 register_phys_mem_ul(MEM_AREA_INIT_RAM_RX, VCORE_INIT_RX_PA, 108 VCORE_INIT_RX_SZ_UNSAFE); 109 register_phys_mem_ul(MEM_AREA_INIT_RAM_RO, VCORE_INIT_RO_PA, 110 VCORE_INIT_RO_SZ_UNSAFE); 111 #endif /*CFG_WITH_PAGER*/ 112 #else /*!CFG_CORE_RWDATA_NOEXEC*/ 113 register_phys_mem(MEM_AREA_TEE_RAM, TEE_RAM_START, TEE_RAM_PH_SIZE); 114 #endif /*!CFG_CORE_RWDATA_NOEXEC*/ 115 116 #ifdef CFG_VIRTUALIZATION 117 register_phys_mem(MEM_AREA_SEC_RAM_OVERALL, TRUSTED_DRAM_BASE, 118 TRUSTED_DRAM_SIZE); 119 #endif 120 121 #if defined(CFG_CORE_SANITIZE_KADDRESS) && defined(CFG_WITH_PAGER) 122 /* Asan ram is part of MEM_AREA_TEE_RAM_RW when pager is disabled */ 123 register_phys_mem_ul(MEM_AREA_TEE_ASAN, ASAN_MAP_PA, ASAN_MAP_SZ); 124 #endif 125 126 #ifndef CFG_VIRTUALIZATION 127 /* Every guest will have own TA RAM if virtualization support is enabled */ 128 register_phys_mem(MEM_AREA_TA_RAM, TA_RAM_START, TA_RAM_SIZE); 129 #endif 130 #ifdef CFG_CORE_RESERVED_SHM 131 register_phys_mem(MEM_AREA_NSEC_SHM, TEE_SHMEM_START, TEE_SHMEM_SIZE); 132 #endif 133 134 static unsigned int mmu_spinlock; 135 136 static uint32_t mmu_lock(void) 137 { 138 return cpu_spin_lock_xsave(&mmu_spinlock); 139 } 140 141 static void mmu_unlock(uint32_t exceptions) 142 { 143 cpu_spin_unlock_xrestore(&mmu_spinlock, exceptions); 144 } 145 146 static struct tee_mmap_region *get_memory_map(void) 147 { 148 if (IS_ENABLED(CFG_VIRTUALIZATION)) { 149 struct tee_mmap_region *map = virt_get_memory_map(); 150 151 if (map) 152 return map; 153 } 154 155 return static_memory_map; 156 } 157 158 static bool _pbuf_intersects(struct memaccess_area *a, size_t alen, 159 paddr_t pa, size_t size) 160 { 161 size_t n; 162 163 for (n = 0; n < alen; n++) 164 if (core_is_buffer_intersect(pa, size, a[n].paddr, a[n].size)) 165 return true; 166 return false; 167 } 168 169 #define pbuf_intersects(a, pa, size) \ 170 _pbuf_intersects((a), ARRAY_SIZE(a), (pa), (size)) 171 172 static bool _pbuf_is_inside(struct memaccess_area *a, size_t alen, 173 paddr_t pa, size_t size) 174 { 175 size_t n; 176 177 for (n = 0; n < alen; n++) 178 if (core_is_buffer_inside(pa, size, a[n].paddr, a[n].size)) 179 return true; 180 return false; 181 } 182 183 #define pbuf_is_inside(a, pa, size) \ 184 _pbuf_is_inside((a), ARRAY_SIZE(a), (pa), (size)) 185 186 static bool pa_is_in_map(struct tee_mmap_region *map, paddr_t pa, size_t len) 187 { 188 paddr_t end_pa = 0; 189 190 if (!map) 191 return false; 192 193 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 194 return false; 195 196 return (pa >= map->pa && end_pa <= map->pa + map->size - 1); 197 } 198 199 static bool va_is_in_map(struct tee_mmap_region *map, vaddr_t va) 200 { 201 if (!map) 202 return false; 203 return (va >= map->va && va <= (map->va + map->size - 1)); 204 } 205 206 /* check if target buffer fits in a core default map area */ 207 static bool pbuf_inside_map_area(unsigned long p, size_t l, 208 struct tee_mmap_region *map) 209 { 210 return core_is_buffer_inside(p, l, map->pa, map->size); 211 } 212 213 static struct tee_mmap_region *find_map_by_type(enum teecore_memtypes type) 214 { 215 struct tee_mmap_region *map; 216 217 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) 218 if (map->type == type) 219 return map; 220 return NULL; 221 } 222 223 static struct tee_mmap_region * 224 find_map_by_type_and_pa(enum teecore_memtypes type, paddr_t pa, size_t len) 225 { 226 struct tee_mmap_region *map; 227 228 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 229 if (map->type != type) 230 continue; 231 if (pa_is_in_map(map, pa, len)) 232 return map; 233 } 234 return NULL; 235 } 236 237 static struct tee_mmap_region *find_map_by_va(void *va) 238 { 239 struct tee_mmap_region *map = get_memory_map(); 240 unsigned long a = (unsigned long)va; 241 242 while (!core_mmap_is_end_of_table(map)) { 243 if (a >= map->va && a <= (map->va - 1 + map->size)) 244 return map; 245 map++; 246 } 247 return NULL; 248 } 249 250 static struct tee_mmap_region *find_map_by_pa(unsigned long pa) 251 { 252 struct tee_mmap_region *map = get_memory_map(); 253 254 while (!core_mmap_is_end_of_table(map)) { 255 if (pa >= map->pa && pa <= (map->pa + map->size - 1)) 256 return map; 257 map++; 258 } 259 return NULL; 260 } 261 262 #if defined(CFG_SECURE_DATA_PATH) 263 static bool dtb_get_sdp_region(void) 264 { 265 void *fdt = NULL; 266 int node = 0; 267 int tmp_node = 0; 268 paddr_t tmp_addr = 0; 269 size_t tmp_size = 0; 270 271 if (!IS_ENABLED(CFG_EMBED_DTB)) 272 return false; 273 274 fdt = get_embedded_dt(); 275 if (!fdt) 276 panic("No DTB found"); 277 278 node = fdt_node_offset_by_compatible(fdt, -1, tz_sdp_match); 279 if (node < 0) { 280 DMSG("No %s compatible node found", tz_sdp_match); 281 return false; 282 } 283 tmp_node = node; 284 while (tmp_node >= 0) { 285 tmp_node = fdt_node_offset_by_compatible(fdt, tmp_node, 286 tz_sdp_match); 287 if (tmp_node >= 0) 288 DMSG("Ignore SDP pool node %s, supports only 1 node", 289 fdt_get_name(fdt, tmp_node, NULL)); 290 } 291 292 tmp_addr = _fdt_reg_base_address(fdt, node); 293 if (tmp_addr == DT_INFO_INVALID_REG) { 294 EMSG("%s: Unable to get base addr from DT", tz_sdp_match); 295 return false; 296 } 297 298 tmp_size = _fdt_reg_size(fdt, node); 299 if (tmp_size == DT_INFO_INVALID_REG_SIZE) { 300 EMSG("%s: Unable to get size of base addr from DT", 301 tz_sdp_match); 302 return false; 303 } 304 305 sec_sdp.paddr = tmp_addr; 306 sec_sdp.size = tmp_size; 307 308 return true; 309 } 310 #endif 311 312 #if defined(CFG_CORE_DYN_SHM) || defined(CFG_SECURE_DATA_PATH) 313 static bool pbuf_is_special_mem(paddr_t pbuf, size_t len, 314 const struct core_mmu_phys_mem *start, 315 const struct core_mmu_phys_mem *end) 316 { 317 const struct core_mmu_phys_mem *mem; 318 319 for (mem = start; mem < end; mem++) { 320 if (core_is_buffer_inside(pbuf, len, mem->addr, mem->size)) 321 return true; 322 } 323 324 return false; 325 } 326 #endif 327 328 #ifdef CFG_CORE_DYN_SHM 329 static void carve_out_phys_mem(struct core_mmu_phys_mem **mem, size_t *nelems, 330 paddr_t pa, size_t size) 331 { 332 struct core_mmu_phys_mem *m = *mem; 333 size_t n = 0; 334 335 while (true) { 336 if (n >= *nelems) { 337 DMSG("No need to carve out %#" PRIxPA " size %#zx", 338 pa, size); 339 return; 340 } 341 if (core_is_buffer_inside(pa, size, m[n].addr, m[n].size)) 342 break; 343 if (!core_is_buffer_outside(pa, size, m[n].addr, m[n].size)) 344 panic(); 345 n++; 346 } 347 348 if (pa == m[n].addr && size == m[n].size) { 349 /* Remove this entry */ 350 (*nelems)--; 351 memmove(m + n, m + n + 1, sizeof(*m) * (*nelems - n)); 352 m = nex_realloc(m, sizeof(*m) * *nelems); 353 if (!m) 354 panic(); 355 *mem = m; 356 } else if (pa == m[n].addr) { 357 m[n].addr += size; 358 m[n].size -= size; 359 } else if ((pa + size) == (m[n].addr + m[n].size)) { 360 m[n].size -= size; 361 } else { 362 /* Need to split the memory entry */ 363 m = nex_realloc(m, sizeof(*m) * (*nelems + 1)); 364 if (!m) 365 panic(); 366 *mem = m; 367 memmove(m + n + 1, m + n, sizeof(*m) * (*nelems - n)); 368 (*nelems)++; 369 m[n].size = pa - m[n].addr; 370 m[n + 1].size -= size + m[n].size; 371 m[n + 1].addr = pa + size; 372 } 373 } 374 375 static void check_phys_mem_is_outside(struct core_mmu_phys_mem *start, 376 size_t nelems, 377 struct tee_mmap_region *map) 378 { 379 size_t n; 380 381 for (n = 0; n < nelems; n++) { 382 if (!core_is_buffer_outside(start[n].addr, start[n].size, 383 map->pa, map->size)) { 384 EMSG("Non-sec mem (%#" PRIxPA ":%#" PRIxPASZ 385 ") overlaps map (type %d %#" PRIxPA ":%#zx)", 386 start[n].addr, start[n].size, 387 map->type, map->pa, map->size); 388 panic(); 389 } 390 } 391 } 392 393 static const struct core_mmu_phys_mem *discovered_nsec_ddr_start __nex_bss; 394 static size_t discovered_nsec_ddr_nelems __nex_bss; 395 396 static int cmp_pmem_by_addr(const void *a, const void *b) 397 { 398 const struct core_mmu_phys_mem *pmem_a = a; 399 const struct core_mmu_phys_mem *pmem_b = b; 400 401 return CMP_TRILEAN(pmem_a->addr, pmem_b->addr); 402 } 403 404 void core_mmu_set_discovered_nsec_ddr(struct core_mmu_phys_mem *start, 405 size_t nelems) 406 { 407 struct core_mmu_phys_mem *m = start; 408 size_t num_elems = nelems; 409 struct tee_mmap_region *map = static_memory_map; 410 const struct core_mmu_phys_mem __maybe_unused *pmem; 411 412 assert(!discovered_nsec_ddr_start); 413 assert(m && num_elems); 414 415 qsort(m, num_elems, sizeof(*m), cmp_pmem_by_addr); 416 417 /* 418 * Non-secure shared memory and also secure data 419 * path memory are supposed to reside inside 420 * non-secure memory. Since NSEC_SHM and SDP_MEM 421 * are used for a specific purpose make holes for 422 * those memory in the normal non-secure memory. 423 * 424 * This has to be done since for instance QEMU 425 * isn't aware of which memory range in the 426 * non-secure memory is used for NSEC_SHM. 427 */ 428 429 #ifdef CFG_SECURE_DATA_PATH 430 if (dtb_get_sdp_region()) 431 carve_out_phys_mem(&m, &num_elems, sec_sdp.paddr, sec_sdp.size); 432 433 for (pmem = phys_sdp_mem_begin; pmem < phys_sdp_mem_end; pmem++) 434 carve_out_phys_mem(&m, &num_elems, pmem->addr, pmem->size); 435 #endif 436 437 carve_out_phys_mem(&m, &num_elems, TEE_RAM_START, TEE_RAM_PH_SIZE); 438 carve_out_phys_mem(&m, &num_elems, TA_RAM_START, TA_RAM_SIZE); 439 440 for (map = static_memory_map; !core_mmap_is_end_of_table(map); map++) { 441 switch (map->type) { 442 case MEM_AREA_NSEC_SHM: 443 carve_out_phys_mem(&m, &num_elems, map->pa, map->size); 444 break; 445 case MEM_AREA_EXT_DT: 446 case MEM_AREA_RES_VASPACE: 447 case MEM_AREA_SHM_VASPACE: 448 case MEM_AREA_TS_VASPACE: 449 case MEM_AREA_PAGER_VASPACE: 450 break; 451 default: 452 check_phys_mem_is_outside(m, num_elems, map); 453 } 454 } 455 456 discovered_nsec_ddr_start = m; 457 discovered_nsec_ddr_nelems = num_elems; 458 459 if (!core_mmu_check_end_pa(m[num_elems - 1].addr, 460 m[num_elems - 1].size)) 461 panic(); 462 } 463 464 static bool get_discovered_nsec_ddr(const struct core_mmu_phys_mem **start, 465 const struct core_mmu_phys_mem **end) 466 { 467 if (!discovered_nsec_ddr_start) 468 return false; 469 470 *start = discovered_nsec_ddr_start; 471 *end = discovered_nsec_ddr_start + discovered_nsec_ddr_nelems; 472 473 return true; 474 } 475 476 static bool pbuf_is_nsec_ddr(paddr_t pbuf, size_t len) 477 { 478 const struct core_mmu_phys_mem *start; 479 const struct core_mmu_phys_mem *end; 480 481 if (!get_discovered_nsec_ddr(&start, &end)) 482 return false; 483 484 return pbuf_is_special_mem(pbuf, len, start, end); 485 } 486 487 bool core_mmu_nsec_ddr_is_defined(void) 488 { 489 const struct core_mmu_phys_mem *start; 490 const struct core_mmu_phys_mem *end; 491 492 if (!get_discovered_nsec_ddr(&start, &end)) 493 return false; 494 495 return start != end; 496 } 497 #else 498 static bool pbuf_is_nsec_ddr(paddr_t pbuf __unused, size_t len __unused) 499 { 500 return false; 501 } 502 #endif /*CFG_CORE_DYN_SHM*/ 503 504 #define MSG_MEM_INSTERSECT(pa1, sz1, pa2, sz2) \ 505 EMSG("[%" PRIxPA " %" PRIx64 "] intersects [%" PRIxPA " %" PRIx64 "]", \ 506 pa1, (uint64_t)pa1 + (sz1), pa2, (uint64_t)pa2 + (sz2)) 507 508 #ifdef CFG_SECURE_DATA_PATH 509 static bool pbuf_is_sdp_mem(paddr_t pbuf, size_t len) 510 { 511 bool is_sdp_mem = false; 512 513 if (sec_sdp.size) 514 is_sdp_mem = core_is_buffer_inside(pbuf, len, sec_sdp.paddr, 515 sec_sdp.size); 516 517 if (!is_sdp_mem) 518 is_sdp_mem = pbuf_is_special_mem(pbuf, len, phys_sdp_mem_begin, 519 phys_sdp_mem_end); 520 521 return is_sdp_mem; 522 } 523 524 static struct mobj *core_sdp_mem_alloc_mobj(paddr_t pa, size_t size) 525 { 526 struct mobj *mobj = mobj_phys_alloc(pa, size, TEE_MATTR_MEM_TYPE_CACHED, 527 CORE_MEM_SDP_MEM); 528 529 if (!mobj) 530 panic("can't create SDP physical memory object"); 531 532 return mobj; 533 } 534 535 struct mobj **core_sdp_mem_create_mobjs(void) 536 { 537 const struct core_mmu_phys_mem *mem = NULL; 538 struct mobj **mobj_base = NULL; 539 struct mobj **mobj = NULL; 540 int cnt = phys_sdp_mem_end - phys_sdp_mem_begin; 541 542 if (sec_sdp.size) 543 cnt++; 544 545 /* SDP mobjs table must end with a NULL entry */ 546 mobj_base = calloc(cnt + 1, sizeof(struct mobj *)); 547 if (!mobj_base) 548 panic("Out of memory"); 549 550 mobj = mobj_base; 551 552 for (mem = phys_sdp_mem_begin; mem < phys_sdp_mem_end; mem++, mobj++) 553 *mobj = core_sdp_mem_alloc_mobj(mem->addr, mem->size); 554 555 if (sec_sdp.size) 556 *mobj = core_sdp_mem_alloc_mobj(sec_sdp.paddr, sec_sdp.size); 557 558 return mobj_base; 559 } 560 561 #else /* CFG_SECURE_DATA_PATH */ 562 static bool pbuf_is_sdp_mem(paddr_t pbuf __unused, size_t len __unused) 563 { 564 return false; 565 } 566 567 #endif /* CFG_SECURE_DATA_PATH */ 568 569 /* Check special memories comply with registered memories */ 570 static void verify_special_mem_areas(struct tee_mmap_region *mem_map, 571 size_t len, 572 const struct core_mmu_phys_mem *start, 573 const struct core_mmu_phys_mem *end, 574 const char *area_name __maybe_unused) 575 { 576 const struct core_mmu_phys_mem *mem; 577 const struct core_mmu_phys_mem *mem2; 578 struct tee_mmap_region *mmap; 579 size_t n; 580 581 if (start == end) { 582 DMSG("No %s memory area defined", area_name); 583 return; 584 } 585 586 for (mem = start; mem < end; mem++) 587 DMSG("%s memory [%" PRIxPA " %" PRIx64 "]", 588 area_name, mem->addr, (uint64_t)mem->addr + mem->size); 589 590 /* Check memories do not intersect each other */ 591 for (mem = start; mem + 1 < end; mem++) { 592 for (mem2 = mem + 1; mem2 < end; mem2++) { 593 if (core_is_buffer_intersect(mem2->addr, mem2->size, 594 mem->addr, mem->size)) { 595 MSG_MEM_INSTERSECT(mem2->addr, mem2->size, 596 mem->addr, mem->size); 597 panic("Special memory intersection"); 598 } 599 } 600 } 601 602 /* 603 * Check memories do not intersect any mapped memory. 604 * This is called before reserved VA space is loaded in mem_map. 605 */ 606 for (mem = start; mem < end; mem++) { 607 for (mmap = mem_map, n = 0; n < len; mmap++, n++) { 608 if (core_is_buffer_intersect(mem->addr, mem->size, 609 mmap->pa, mmap->size)) { 610 MSG_MEM_INSTERSECT(mem->addr, mem->size, 611 mmap->pa, mmap->size); 612 panic("Special memory intersection"); 613 } 614 } 615 } 616 } 617 618 static void add_phys_mem(struct tee_mmap_region *memory_map, size_t num_elems, 619 const struct core_mmu_phys_mem *mem, size_t *last) 620 { 621 size_t n = 0; 622 paddr_t pa; 623 paddr_size_t size; 624 625 /* 626 * If some ranges of memory of the same type do overlap 627 * each others they are coalesced into one entry. To help this 628 * added entries are sorted by increasing physical. 629 * 630 * Note that it's valid to have the same physical memory as several 631 * different memory types, for instance the same device memory 632 * mapped as both secure and non-secure. This will probably not 633 * happen often in practice. 634 */ 635 DMSG("%s type %s 0x%08" PRIxPA " size 0x%08" PRIxPASZ, 636 mem->name, teecore_memtype_name(mem->type), mem->addr, mem->size); 637 while (true) { 638 if (n >= (num_elems - 1)) { 639 EMSG("Out of entries (%zu) in memory_map", num_elems); 640 panic(); 641 } 642 if (n == *last) 643 break; 644 pa = memory_map[n].pa; 645 size = memory_map[n].size; 646 if (mem->type == memory_map[n].type && 647 ((pa <= (mem->addr + (mem->size - 1))) && 648 (mem->addr <= (pa + (size - 1))))) { 649 DMSG("Physical mem map overlaps 0x%" PRIxPA, mem->addr); 650 memory_map[n].pa = MIN(pa, mem->addr); 651 memory_map[n].size = MAX(size, mem->size) + 652 (pa - memory_map[n].pa); 653 return; 654 } 655 if (mem->type < memory_map[n].type || 656 (mem->type == memory_map[n].type && mem->addr < pa)) 657 break; /* found the spot where to insert this memory */ 658 n++; 659 } 660 661 memmove(memory_map + n + 1, memory_map + n, 662 sizeof(struct tee_mmap_region) * (*last - n)); 663 (*last)++; 664 memset(memory_map + n, 0, sizeof(memory_map[0])); 665 memory_map[n].type = mem->type; 666 memory_map[n].pa = mem->addr; 667 memory_map[n].size = mem->size; 668 } 669 670 static void add_va_space(struct tee_mmap_region *memory_map, size_t num_elems, 671 enum teecore_memtypes type, size_t size, size_t *last) 672 { 673 size_t n = 0; 674 675 DMSG("type %s size 0x%08zx", teecore_memtype_name(type), size); 676 while (true) { 677 if (n >= (num_elems - 1)) { 678 EMSG("Out of entries (%zu) in memory_map", num_elems); 679 panic(); 680 } 681 if (n == *last) 682 break; 683 if (type < memory_map[n].type) 684 break; 685 n++; 686 } 687 688 memmove(memory_map + n + 1, memory_map + n, 689 sizeof(struct tee_mmap_region) * (*last - n)); 690 (*last)++; 691 memset(memory_map + n, 0, sizeof(memory_map[0])); 692 memory_map[n].type = type; 693 memory_map[n].size = size; 694 } 695 696 uint32_t core_mmu_type_to_attr(enum teecore_memtypes t) 697 { 698 const uint32_t attr = TEE_MATTR_VALID_BLOCK; 699 const uint32_t tagged = TEE_MATTR_MEM_TYPE_TAGGED << 700 TEE_MATTR_MEM_TYPE_SHIFT; 701 const uint32_t cached = TEE_MATTR_MEM_TYPE_CACHED << 702 TEE_MATTR_MEM_TYPE_SHIFT; 703 const uint32_t noncache = TEE_MATTR_MEM_TYPE_DEV << 704 TEE_MATTR_MEM_TYPE_SHIFT; 705 706 switch (t) { 707 case MEM_AREA_TEE_RAM: 708 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | tagged; 709 case MEM_AREA_TEE_RAM_RX: 710 case MEM_AREA_INIT_RAM_RX: 711 case MEM_AREA_IDENTITY_MAP_RX: 712 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRX | tagged; 713 case MEM_AREA_TEE_RAM_RO: 714 case MEM_AREA_INIT_RAM_RO: 715 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | tagged; 716 case MEM_AREA_TEE_RAM_RW: 717 case MEM_AREA_NEX_RAM_RO: /* This has to be r/w during init runtime */ 718 case MEM_AREA_NEX_RAM_RW: 719 case MEM_AREA_TEE_ASAN: 720 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 721 case MEM_AREA_TEE_COHERENT: 722 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | noncache; 723 case MEM_AREA_TA_RAM: 724 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 725 case MEM_AREA_NSEC_SHM: 726 return attr | TEE_MATTR_PRW | cached; 727 case MEM_AREA_EXT_DT: 728 /* 729 * If CFG_MAP_EXT_DT_SECURE is enabled map the external device 730 * tree as secure non-cached memory, otherwise, fall back to 731 * non-secure mapping. 732 */ 733 if (IS_ENABLED(CFG_MAP_EXT_DT_SECURE)) 734 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | 735 noncache; 736 fallthrough; 737 case MEM_AREA_IO_NSEC: 738 return attr | TEE_MATTR_PRW | noncache; 739 case MEM_AREA_IO_SEC: 740 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | noncache; 741 case MEM_AREA_RAM_NSEC: 742 return attr | TEE_MATTR_PRW | cached; 743 case MEM_AREA_RAM_SEC: 744 case MEM_AREA_SEC_RAM_OVERALL: 745 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 746 case MEM_AREA_RES_VASPACE: 747 case MEM_AREA_SHM_VASPACE: 748 return 0; 749 case MEM_AREA_PAGER_VASPACE: 750 return TEE_MATTR_SECURE; 751 default: 752 panic("invalid type"); 753 } 754 } 755 756 static bool __maybe_unused map_is_tee_ram(const struct tee_mmap_region *mm) 757 { 758 switch (mm->type) { 759 case MEM_AREA_TEE_RAM: 760 case MEM_AREA_TEE_RAM_RX: 761 case MEM_AREA_TEE_RAM_RO: 762 case MEM_AREA_TEE_RAM_RW: 763 case MEM_AREA_INIT_RAM_RX: 764 case MEM_AREA_INIT_RAM_RO: 765 case MEM_AREA_NEX_RAM_RW: 766 case MEM_AREA_NEX_RAM_RO: 767 case MEM_AREA_TEE_ASAN: 768 return true; 769 default: 770 return false; 771 } 772 } 773 774 static bool __maybe_unused map_is_secure(const struct tee_mmap_region *mm) 775 { 776 return !!(core_mmu_type_to_attr(mm->type) & TEE_MATTR_SECURE); 777 } 778 779 static bool __maybe_unused map_is_pgdir(const struct tee_mmap_region *mm) 780 { 781 return mm->region_size == CORE_MMU_PGDIR_SIZE; 782 } 783 784 static int cmp_mmap_by_lower_va(const void *a, const void *b) 785 { 786 const struct tee_mmap_region *mm_a = a; 787 const struct tee_mmap_region *mm_b = b; 788 789 return CMP_TRILEAN(mm_a->va, mm_b->va); 790 } 791 792 static void dump_mmap_table(struct tee_mmap_region *memory_map) 793 { 794 struct tee_mmap_region *map; 795 796 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 797 vaddr_t __maybe_unused vstart; 798 799 vstart = map->va + ((vaddr_t)map->pa & (map->region_size - 1)); 800 DMSG("type %-12s va 0x%08" PRIxVA "..0x%08" PRIxVA 801 " pa 0x%08" PRIxPA "..0x%08" PRIxPA " size 0x%08zx (%s)", 802 teecore_memtype_name(map->type), vstart, 803 vstart + map->size - 1, map->pa, 804 (paddr_t)(map->pa + map->size - 1), map->size, 805 map->region_size == SMALL_PAGE_SIZE ? "smallpg" : "pgdir"); 806 } 807 } 808 809 #if DEBUG_XLAT_TABLE 810 811 static void dump_xlat_table(vaddr_t va, unsigned int level) 812 { 813 struct core_mmu_table_info tbl_info; 814 unsigned int idx = 0; 815 paddr_t pa; 816 uint32_t attr; 817 818 core_mmu_find_table(NULL, va, level, &tbl_info); 819 va = tbl_info.va_base; 820 for (idx = 0; idx < tbl_info.num_entries; idx++) { 821 core_mmu_get_entry(&tbl_info, idx, &pa, &attr); 822 if (attr || level > CORE_MMU_BASE_TABLE_LEVEL) { 823 const char *security_bit = ""; 824 825 if (core_mmu_entry_have_security_bit(attr)) { 826 if (attr & TEE_MATTR_SECURE) 827 security_bit = "S"; 828 else 829 security_bit = "NS"; 830 } 831 832 if (attr & TEE_MATTR_TABLE) { 833 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 834 " TBL:0x%010" PRIxPA " %s", 835 level * 2, "", level, va, pa, 836 security_bit); 837 dump_xlat_table(va, level + 1); 838 } else if (attr) { 839 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 840 " PA:0x%010" PRIxPA " %s-%s-%s-%s", 841 level * 2, "", level, va, pa, 842 mattr_is_cached(attr) ? "MEM" : 843 "DEV", 844 attr & TEE_MATTR_PW ? "RW" : "RO", 845 attr & TEE_MATTR_PX ? "X " : "XN", 846 security_bit); 847 } else { 848 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 849 " INVALID\n", 850 level * 2, "", level, va); 851 } 852 } 853 va += BIT64(tbl_info.shift); 854 } 855 } 856 857 #else 858 859 static void dump_xlat_table(vaddr_t va __unused, int level __unused) 860 { 861 } 862 863 #endif 864 865 /* 866 * Reserves virtual memory space for pager usage. 867 * 868 * From the start of the first memory used by the link script + 869 * TEE_RAM_VA_SIZE should be covered, either with a direct mapping or empty 870 * mapping for pager usage. This adds translation tables as needed for the 871 * pager to operate. 872 */ 873 static void add_pager_vaspace(struct tee_mmap_region *mmap, size_t num_elems, 874 size_t *last) 875 { 876 paddr_t begin = 0; 877 paddr_t end = 0; 878 size_t size = 0; 879 size_t pos = 0; 880 size_t n = 0; 881 882 if (*last >= (num_elems - 1)) { 883 EMSG("Out of entries (%zu) in memory map", num_elems); 884 panic(); 885 } 886 887 for (n = 0; !core_mmap_is_end_of_table(mmap + n); n++) { 888 if (map_is_tee_ram(mmap + n)) { 889 if (!begin) 890 begin = mmap[n].pa; 891 pos = n + 1; 892 } 893 } 894 895 end = mmap[pos - 1].pa + mmap[pos - 1].size; 896 size = TEE_RAM_VA_SIZE - (end - begin); 897 if (!size) 898 return; 899 900 assert(pos <= *last); 901 memmove(mmap + pos + 1, mmap + pos, 902 sizeof(struct tee_mmap_region) * (*last - pos)); 903 (*last)++; 904 memset(mmap + pos, 0, sizeof(mmap[0])); 905 mmap[pos].type = MEM_AREA_PAGER_VASPACE; 906 mmap[pos].va = 0; 907 mmap[pos].size = size; 908 mmap[pos].region_size = SMALL_PAGE_SIZE; 909 mmap[pos].attr = core_mmu_type_to_attr(MEM_AREA_PAGER_VASPACE); 910 } 911 912 static void check_sec_nsec_mem_config(void) 913 { 914 size_t n = 0; 915 916 for (n = 0; n < ARRAY_SIZE(secure_only); n++) { 917 if (pbuf_intersects(nsec_shared, secure_only[n].paddr, 918 secure_only[n].size)) 919 panic("Invalid memory access config: sec/nsec"); 920 } 921 } 922 923 static size_t collect_mem_ranges(struct tee_mmap_region *memory_map, 924 size_t num_elems) 925 { 926 const struct core_mmu_phys_mem *mem = NULL; 927 size_t last = 0; 928 929 for (mem = phys_mem_map_begin; mem < phys_mem_map_end; mem++) { 930 struct core_mmu_phys_mem m = *mem; 931 932 /* Discard null size entries */ 933 if (!m.size) 934 continue; 935 936 /* Only unmapped virtual range may have a null phys addr */ 937 assert(m.addr || !core_mmu_type_to_attr(m.type)); 938 939 add_phys_mem(memory_map, num_elems, &m, &last); 940 } 941 942 if (IS_ENABLED(CFG_SECURE_DATA_PATH)) 943 verify_special_mem_areas(memory_map, num_elems, 944 phys_sdp_mem_begin, 945 phys_sdp_mem_end, "SDP"); 946 947 add_va_space(memory_map, num_elems, MEM_AREA_RES_VASPACE, 948 CFG_RESERVED_VASPACE_SIZE, &last); 949 950 add_va_space(memory_map, num_elems, MEM_AREA_SHM_VASPACE, 951 SHM_VASPACE_SIZE, &last); 952 953 memory_map[last].type = MEM_AREA_END; 954 955 return last; 956 } 957 958 static void assign_mem_granularity(struct tee_mmap_region *memory_map) 959 { 960 struct tee_mmap_region *map = NULL; 961 962 /* 963 * Assign region sizes, note that MEM_AREA_TEE_RAM always uses 964 * SMALL_PAGE_SIZE. 965 */ 966 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 967 paddr_t mask = map->pa | map->size; 968 969 if (!(mask & CORE_MMU_PGDIR_MASK)) 970 map->region_size = CORE_MMU_PGDIR_SIZE; 971 else if (!(mask & SMALL_PAGE_MASK)) 972 map->region_size = SMALL_PAGE_SIZE; 973 else 974 panic("Impossible memory alignment"); 975 976 if (map_is_tee_ram(map)) 977 map->region_size = SMALL_PAGE_SIZE; 978 } 979 } 980 981 static bool place_tee_ram_at_top(paddr_t paddr) 982 { 983 return paddr > BIT64(core_mmu_get_va_width()) / 2; 984 } 985 986 /* 987 * MMU arch driver shall override this function if it helps 988 * optimizing the memory footprint of the address translation tables. 989 */ 990 bool __weak core_mmu_prefer_tee_ram_at_top(paddr_t paddr) 991 { 992 return place_tee_ram_at_top(paddr); 993 } 994 995 static bool assign_mem_va_dir(vaddr_t tee_ram_va, 996 struct tee_mmap_region *memory_map, 997 bool tee_ram_at_top) 998 { 999 struct tee_mmap_region *map = NULL; 1000 vaddr_t va = 0; 1001 bool va_is_secure = true; 1002 1003 /* 1004 * tee_ram_va might equals 0 when CFG_CORE_ASLR=y. 1005 * 0 is by design an invalid va, so return false directly. 1006 */ 1007 if (!tee_ram_va) 1008 return false; 1009 1010 /* Clear eventual previous assignments */ 1011 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 1012 map->va = 0; 1013 1014 /* 1015 * TEE RAM regions are always aligned with region_size. 1016 * 1017 * Note that MEM_AREA_PAGER_VASPACE also counts as TEE RAM here 1018 * since it handles virtual memory which covers the part of the ELF 1019 * that cannot fit directly into memory. 1020 */ 1021 va = tee_ram_va; 1022 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1023 if (map_is_tee_ram(map) || 1024 map->type == MEM_AREA_PAGER_VASPACE) { 1025 assert(!(va & (map->region_size - 1))); 1026 assert(!(map->size & (map->region_size - 1))); 1027 map->va = va; 1028 if (ADD_OVERFLOW(va, map->size, &va)) 1029 return false; 1030 if (va >= BIT64(core_mmu_get_va_width())) 1031 return false; 1032 } 1033 } 1034 1035 if (tee_ram_at_top) { 1036 /* 1037 * Map non-tee ram regions at addresses lower than the tee 1038 * ram region. 1039 */ 1040 va = tee_ram_va; 1041 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1042 map->attr = core_mmu_type_to_attr(map->type); 1043 if (map->va) 1044 continue; 1045 1046 if (!IS_ENABLED(CFG_WITH_LPAE) && 1047 va_is_secure != map_is_secure(map)) { 1048 va_is_secure = !va_is_secure; 1049 va = ROUNDDOWN(va, CORE_MMU_PGDIR_SIZE); 1050 } 1051 1052 if (SUB_OVERFLOW(va, map->size, &va)) 1053 return false; 1054 va = ROUNDDOWN(va, map->region_size); 1055 /* 1056 * Make sure that va is aligned with pa for 1057 * efficient pgdir mapping. Basically pa & 1058 * pgdir_mask should be == va & pgdir_mask 1059 */ 1060 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1061 if (SUB_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, &va)) 1062 return false; 1063 va += (map->pa - va) & CORE_MMU_PGDIR_MASK; 1064 } 1065 map->va = va; 1066 } 1067 } else { 1068 /* 1069 * Map non-tee ram regions at addresses higher than the tee 1070 * ram region. 1071 */ 1072 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1073 map->attr = core_mmu_type_to_attr(map->type); 1074 if (map->va) 1075 continue; 1076 1077 if (!IS_ENABLED(CFG_WITH_LPAE) && 1078 va_is_secure != map_is_secure(map)) { 1079 va_is_secure = !va_is_secure; 1080 if (ROUNDUP_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, 1081 &va)) 1082 return false; 1083 } 1084 1085 if (ROUNDUP_OVERFLOW(va, map->region_size, &va)) 1086 return false; 1087 /* 1088 * Make sure that va is aligned with pa for 1089 * efficient pgdir mapping. Basically pa & 1090 * pgdir_mask should be == va & pgdir_mask 1091 */ 1092 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1093 vaddr_t offs = (map->pa - va) & 1094 CORE_MMU_PGDIR_MASK; 1095 1096 if (ADD_OVERFLOW(va, offs, &va)) 1097 return false; 1098 } 1099 1100 map->va = va; 1101 if (ADD_OVERFLOW(va, map->size, &va)) 1102 return false; 1103 if (va >= BIT64(core_mmu_get_va_width())) 1104 return false; 1105 } 1106 } 1107 1108 return true; 1109 } 1110 1111 static bool assign_mem_va(vaddr_t tee_ram_va, 1112 struct tee_mmap_region *memory_map) 1113 { 1114 bool tee_ram_at_top = place_tee_ram_at_top(tee_ram_va); 1115 1116 /* 1117 * Check that we're not overlapping with the user VA range. 1118 */ 1119 if (IS_ENABLED(CFG_WITH_LPAE)) { 1120 /* 1121 * User VA range is supposed to be defined after these 1122 * mappings have been established. 1123 */ 1124 assert(!core_mmu_user_va_range_is_defined()); 1125 } else { 1126 vaddr_t user_va_base = 0; 1127 size_t user_va_size = 0; 1128 1129 assert(core_mmu_user_va_range_is_defined()); 1130 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 1131 if (tee_ram_va < (user_va_base + user_va_size)) 1132 return false; 1133 } 1134 1135 if (IS_ENABLED(CFG_WITH_PAGER)) { 1136 bool prefered_dir = core_mmu_prefer_tee_ram_at_top(tee_ram_va); 1137 1138 /* Try whole mapping covered by a single base xlat entry */ 1139 if (prefered_dir != tee_ram_at_top && 1140 assign_mem_va_dir(tee_ram_va, memory_map, prefered_dir)) 1141 return true; 1142 } 1143 1144 return assign_mem_va_dir(tee_ram_va, memory_map, tee_ram_at_top); 1145 } 1146 1147 static int cmp_init_mem_map(const void *a, const void *b) 1148 { 1149 const struct tee_mmap_region *mm_a = a; 1150 const struct tee_mmap_region *mm_b = b; 1151 int rc = 0; 1152 1153 rc = CMP_TRILEAN(mm_a->region_size, mm_b->region_size); 1154 if (!rc) 1155 rc = CMP_TRILEAN(mm_a->pa, mm_b->pa); 1156 /* 1157 * 32bit MMU descriptors cannot mix secure and non-secure mapping in 1158 * the same level2 table. Hence sort secure mapping from non-secure 1159 * mapping. 1160 */ 1161 if (!rc && !IS_ENABLED(CFG_WITH_LPAE)) 1162 rc = CMP_TRILEAN(map_is_secure(mm_a), map_is_secure(mm_b)); 1163 1164 return rc; 1165 } 1166 1167 static bool mem_map_add_id_map(struct tee_mmap_region *memory_map, 1168 size_t num_elems, size_t *last, 1169 vaddr_t id_map_start, vaddr_t id_map_end) 1170 { 1171 struct tee_mmap_region *map = NULL; 1172 vaddr_t start = ROUNDDOWN(id_map_start, SMALL_PAGE_SIZE); 1173 vaddr_t end = ROUNDUP(id_map_end, SMALL_PAGE_SIZE); 1174 size_t len = end - start; 1175 1176 if (*last >= num_elems - 1) { 1177 EMSG("Out of entries (%zu) in memory map", num_elems); 1178 panic(); 1179 } 1180 1181 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 1182 if (core_is_buffer_intersect(map->va, map->size, start, len)) 1183 return false; 1184 1185 *map = (struct tee_mmap_region){ 1186 .type = MEM_AREA_IDENTITY_MAP_RX, 1187 /* 1188 * Could use CORE_MMU_PGDIR_SIZE to potentially save a 1189 * translation table, at the increased risk of clashes with 1190 * the rest of the memory map. 1191 */ 1192 .region_size = SMALL_PAGE_SIZE, 1193 .pa = start, 1194 .va = start, 1195 .size = len, 1196 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1197 }; 1198 1199 (*last)++; 1200 1201 return true; 1202 } 1203 1204 static unsigned long init_mem_map(struct tee_mmap_region *memory_map, 1205 size_t num_elems, unsigned long seed) 1206 { 1207 /* 1208 * @id_map_start and @id_map_end describes a physical memory range 1209 * that must be mapped Read-Only eXecutable at identical virtual 1210 * addresses. 1211 */ 1212 vaddr_t id_map_start = (vaddr_t)__identity_map_init_start; 1213 vaddr_t id_map_end = (vaddr_t)__identity_map_init_end; 1214 unsigned long offs = 0; 1215 size_t last = 0; 1216 1217 last = collect_mem_ranges(memory_map, num_elems); 1218 assign_mem_granularity(memory_map); 1219 1220 /* 1221 * To ease mapping and lower use of xlat tables, sort mapping 1222 * description moving small-page regions after the pgdir regions. 1223 */ 1224 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1225 cmp_init_mem_map); 1226 1227 add_pager_vaspace(memory_map, num_elems, &last); 1228 if (IS_ENABLED(CFG_CORE_ASLR) && seed) { 1229 vaddr_t base_addr = TEE_RAM_START + seed; 1230 const unsigned int va_width = core_mmu_get_va_width(); 1231 const vaddr_t va_mask = GENMASK_64(va_width - 1, 1232 SMALL_PAGE_SHIFT); 1233 vaddr_t ba = base_addr; 1234 size_t n = 0; 1235 1236 for (n = 0; n < 3; n++) { 1237 if (n) 1238 ba = base_addr ^ BIT64(va_width - n); 1239 ba &= va_mask; 1240 if (assign_mem_va(ba, memory_map) && 1241 mem_map_add_id_map(memory_map, num_elems, &last, 1242 id_map_start, id_map_end)) { 1243 offs = ba - TEE_RAM_START; 1244 DMSG("Mapping core at %#"PRIxVA" offs %#lx", 1245 ba, offs); 1246 goto out; 1247 } else { 1248 DMSG("Failed to map core at %#"PRIxVA, ba); 1249 } 1250 } 1251 EMSG("Failed to map core with seed %#lx", seed); 1252 } 1253 1254 if (!assign_mem_va(TEE_RAM_START, memory_map)) 1255 panic(); 1256 1257 out: 1258 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1259 cmp_mmap_by_lower_va); 1260 1261 dump_mmap_table(memory_map); 1262 1263 return offs; 1264 } 1265 1266 static void check_mem_map(struct tee_mmap_region *map) 1267 { 1268 struct tee_mmap_region *m = NULL; 1269 1270 for (m = map; !core_mmap_is_end_of_table(m); m++) { 1271 switch (m->type) { 1272 case MEM_AREA_TEE_RAM: 1273 case MEM_AREA_TEE_RAM_RX: 1274 case MEM_AREA_TEE_RAM_RO: 1275 case MEM_AREA_TEE_RAM_RW: 1276 case MEM_AREA_INIT_RAM_RX: 1277 case MEM_AREA_INIT_RAM_RO: 1278 case MEM_AREA_NEX_RAM_RW: 1279 case MEM_AREA_NEX_RAM_RO: 1280 case MEM_AREA_IDENTITY_MAP_RX: 1281 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1282 panic("TEE_RAM can't fit in secure_only"); 1283 break; 1284 case MEM_AREA_TA_RAM: 1285 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1286 panic("TA_RAM can't fit in secure_only"); 1287 break; 1288 case MEM_AREA_NSEC_SHM: 1289 if (!pbuf_is_inside(nsec_shared, m->pa, m->size)) 1290 panic("NS_SHM can't fit in nsec_shared"); 1291 break; 1292 case MEM_AREA_SEC_RAM_OVERALL: 1293 case MEM_AREA_TEE_COHERENT: 1294 case MEM_AREA_TEE_ASAN: 1295 case MEM_AREA_IO_SEC: 1296 case MEM_AREA_IO_NSEC: 1297 case MEM_AREA_EXT_DT: 1298 case MEM_AREA_RAM_SEC: 1299 case MEM_AREA_RAM_NSEC: 1300 case MEM_AREA_RES_VASPACE: 1301 case MEM_AREA_SHM_VASPACE: 1302 case MEM_AREA_PAGER_VASPACE: 1303 break; 1304 default: 1305 EMSG("Uhandled memtype %d", m->type); 1306 panic(); 1307 } 1308 } 1309 } 1310 1311 static struct tee_mmap_region *get_tmp_mmap(void) 1312 { 1313 struct tee_mmap_region *tmp_mmap = (void *)__heap1_start; 1314 1315 #ifdef CFG_WITH_PAGER 1316 if (__heap1_end - __heap1_start < (ptrdiff_t)sizeof(static_memory_map)) 1317 tmp_mmap = (void *)__heap2_start; 1318 #endif 1319 1320 memset(tmp_mmap, 0, sizeof(static_memory_map)); 1321 1322 return tmp_mmap; 1323 } 1324 1325 /* 1326 * core_init_mmu_map() - init tee core default memory mapping 1327 * 1328 * This routine sets the static default TEE core mapping. If @seed is > 0 1329 * and configured with CFG_CORE_ASLR it will map tee core at a location 1330 * based on the seed and return the offset from the link address. 1331 * 1332 * If an error happened: core_init_mmu_map is expected to panic. 1333 * 1334 * Note: this function is weak just to make it possible to exclude it from 1335 * the unpaged area. 1336 */ 1337 void __weak core_init_mmu_map(unsigned long seed, struct core_mmu_config *cfg) 1338 { 1339 #ifndef CFG_VIRTUALIZATION 1340 vaddr_t start = ROUNDDOWN((vaddr_t)__nozi_start, SMALL_PAGE_SIZE); 1341 #else 1342 vaddr_t start = ROUNDDOWN((vaddr_t)__vcore_nex_rw_start, 1343 SMALL_PAGE_SIZE); 1344 #endif 1345 vaddr_t len = ROUNDUP((vaddr_t)__nozi_end, SMALL_PAGE_SIZE) - start; 1346 struct tee_mmap_region *tmp_mmap = get_tmp_mmap(); 1347 unsigned long offs = 0; 1348 1349 check_sec_nsec_mem_config(); 1350 1351 /* 1352 * Add a entry covering the translation tables which will be 1353 * involved in some virt_to_phys() and phys_to_virt() conversions. 1354 */ 1355 static_memory_map[0] = (struct tee_mmap_region){ 1356 .type = MEM_AREA_TEE_RAM, 1357 .region_size = SMALL_PAGE_SIZE, 1358 .pa = start, 1359 .va = start, 1360 .size = len, 1361 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1362 }; 1363 1364 COMPILE_TIME_ASSERT(CFG_MMAP_REGIONS >= 13); 1365 offs = init_mem_map(tmp_mmap, ARRAY_SIZE(static_memory_map), seed); 1366 1367 check_mem_map(tmp_mmap); 1368 core_init_mmu(tmp_mmap); 1369 dump_xlat_table(0x0, CORE_MMU_BASE_TABLE_LEVEL); 1370 core_init_mmu_regs(cfg); 1371 cfg->load_offset = offs; 1372 memcpy(static_memory_map, tmp_mmap, sizeof(static_memory_map)); 1373 } 1374 1375 bool core_mmu_mattr_is_ok(uint32_t mattr) 1376 { 1377 /* 1378 * Keep in sync with core_mmu_lpae.c:mattr_to_desc and 1379 * core_mmu_v7.c:mattr_to_texcb 1380 */ 1381 1382 switch ((mattr >> TEE_MATTR_MEM_TYPE_SHIFT) & TEE_MATTR_MEM_TYPE_MASK) { 1383 case TEE_MATTR_MEM_TYPE_DEV: 1384 case TEE_MATTR_MEM_TYPE_STRONGLY_O: 1385 case TEE_MATTR_MEM_TYPE_CACHED: 1386 case TEE_MATTR_MEM_TYPE_TAGGED: 1387 return true; 1388 default: 1389 return false; 1390 } 1391 } 1392 1393 /* 1394 * test attributes of target physical buffer 1395 * 1396 * Flags: pbuf_is(SECURE, NOT_SECURE, RAM, IOMEM, KEYVAULT). 1397 * 1398 */ 1399 bool core_pbuf_is(uint32_t attr, paddr_t pbuf, size_t len) 1400 { 1401 struct tee_mmap_region *map; 1402 1403 /* Empty buffers complies with anything */ 1404 if (len == 0) 1405 return true; 1406 1407 switch (attr) { 1408 case CORE_MEM_SEC: 1409 return pbuf_is_inside(secure_only, pbuf, len); 1410 case CORE_MEM_NON_SEC: 1411 return pbuf_is_inside(nsec_shared, pbuf, len) || 1412 pbuf_is_nsec_ddr(pbuf, len); 1413 case CORE_MEM_TEE_RAM: 1414 return core_is_buffer_inside(pbuf, len, TEE_RAM_START, 1415 TEE_RAM_PH_SIZE); 1416 case CORE_MEM_TA_RAM: 1417 return core_is_buffer_inside(pbuf, len, TA_RAM_START, 1418 TA_RAM_SIZE); 1419 #ifdef CFG_CORE_RESERVED_SHM 1420 case CORE_MEM_NSEC_SHM: 1421 return core_is_buffer_inside(pbuf, len, TEE_SHMEM_START, 1422 TEE_SHMEM_SIZE); 1423 #endif 1424 case CORE_MEM_SDP_MEM: 1425 return pbuf_is_sdp_mem(pbuf, len); 1426 case CORE_MEM_CACHED: 1427 map = find_map_by_pa(pbuf); 1428 if (!map || !pbuf_inside_map_area(pbuf, len, map)) 1429 return false; 1430 return mattr_is_cached(map->attr); 1431 default: 1432 return false; 1433 } 1434 } 1435 1436 /* test attributes of target virtual buffer (in core mapping) */ 1437 bool core_vbuf_is(uint32_t attr, const void *vbuf, size_t len) 1438 { 1439 paddr_t p; 1440 1441 /* Empty buffers complies with anything */ 1442 if (len == 0) 1443 return true; 1444 1445 p = virt_to_phys((void *)vbuf); 1446 if (!p) 1447 return false; 1448 1449 return core_pbuf_is(attr, p, len); 1450 } 1451 1452 /* core_va2pa - teecore exported service */ 1453 static int __maybe_unused core_va2pa_helper(void *va, paddr_t *pa) 1454 { 1455 struct tee_mmap_region *map; 1456 1457 map = find_map_by_va(va); 1458 if (!va_is_in_map(map, (vaddr_t)va)) 1459 return -1; 1460 1461 /* 1462 * We can calculate PA for static map. Virtual address ranges 1463 * reserved to core dynamic mapping return a 'match' (return 0;) 1464 * together with an invalid null physical address. 1465 */ 1466 if (map->pa) 1467 *pa = map->pa + (vaddr_t)va - map->va; 1468 else 1469 *pa = 0; 1470 1471 return 0; 1472 } 1473 1474 static void *map_pa2va(struct tee_mmap_region *map, paddr_t pa, size_t len) 1475 { 1476 if (!pa_is_in_map(map, pa, len)) 1477 return NULL; 1478 1479 return (void *)(vaddr_t)(map->va + pa - map->pa); 1480 } 1481 1482 /* 1483 * teecore gets some memory area definitions 1484 */ 1485 void core_mmu_get_mem_by_type(unsigned int type, vaddr_t *s, vaddr_t *e) 1486 { 1487 struct tee_mmap_region *map = find_map_by_type(type); 1488 1489 if (map) { 1490 *s = map->va; 1491 *e = map->va + map->size; 1492 } else { 1493 *s = 0; 1494 *e = 0; 1495 } 1496 } 1497 1498 enum teecore_memtypes core_mmu_get_type_by_pa(paddr_t pa) 1499 { 1500 struct tee_mmap_region *map = find_map_by_pa(pa); 1501 1502 if (!map) 1503 return MEM_AREA_MAXTYPE; 1504 return map->type; 1505 } 1506 1507 void core_mmu_set_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1508 paddr_t pa, uint32_t attr) 1509 { 1510 assert(idx < tbl_info->num_entries); 1511 core_mmu_set_entry_primitive(tbl_info->table, tbl_info->level, 1512 idx, pa, attr); 1513 } 1514 1515 void core_mmu_get_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1516 paddr_t *pa, uint32_t *attr) 1517 { 1518 assert(idx < tbl_info->num_entries); 1519 core_mmu_get_entry_primitive(tbl_info->table, tbl_info->level, 1520 idx, pa, attr); 1521 } 1522 1523 static void clear_region(struct core_mmu_table_info *tbl_info, 1524 struct tee_mmap_region *region) 1525 { 1526 unsigned int end = 0; 1527 unsigned int idx = 0; 1528 1529 /* va, len and pa should be block aligned */ 1530 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1531 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1532 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1533 1534 idx = core_mmu_va2idx(tbl_info, region->va); 1535 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1536 1537 while (idx < end) { 1538 core_mmu_set_entry(tbl_info, idx, 0, 0); 1539 idx++; 1540 } 1541 } 1542 1543 static void set_region(struct core_mmu_table_info *tbl_info, 1544 struct tee_mmap_region *region) 1545 { 1546 unsigned int end; 1547 unsigned int idx; 1548 paddr_t pa; 1549 1550 /* va, len and pa should be block aligned */ 1551 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1552 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1553 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1554 1555 idx = core_mmu_va2idx(tbl_info, region->va); 1556 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1557 pa = region->pa; 1558 1559 while (idx < end) { 1560 core_mmu_set_entry(tbl_info, idx, pa, region->attr); 1561 idx++; 1562 pa += BIT64(tbl_info->shift); 1563 } 1564 } 1565 1566 static void set_pg_region(struct core_mmu_table_info *dir_info, 1567 struct vm_region *region, struct pgt **pgt, 1568 struct core_mmu_table_info *pg_info) 1569 { 1570 struct tee_mmap_region r = { 1571 .va = region->va, 1572 .size = region->size, 1573 .attr = region->attr, 1574 }; 1575 vaddr_t end = r.va + r.size; 1576 uint32_t pgt_attr = (r.attr & TEE_MATTR_SECURE) | TEE_MATTR_TABLE; 1577 1578 while (r.va < end) { 1579 if (!pg_info->table || 1580 r.va >= (pg_info->va_base + CORE_MMU_PGDIR_SIZE)) { 1581 /* 1582 * We're assigning a new translation table. 1583 */ 1584 unsigned int idx; 1585 1586 /* Virtual addresses must grow */ 1587 assert(r.va > pg_info->va_base); 1588 1589 idx = core_mmu_va2idx(dir_info, r.va); 1590 pg_info->va_base = core_mmu_idx2va(dir_info, idx); 1591 1592 /* 1593 * Advance pgt to va_base, note that we may need to 1594 * skip multiple page tables if there are large 1595 * holes in the vm map. 1596 */ 1597 while ((*pgt)->vabase < pg_info->va_base) { 1598 *pgt = SLIST_NEXT(*pgt, link); 1599 /* We should have allocated enough */ 1600 assert(*pgt); 1601 } 1602 assert((*pgt)->vabase == pg_info->va_base); 1603 pg_info->table = (*pgt)->tbl; 1604 1605 core_mmu_set_entry(dir_info, idx, 1606 virt_to_phys(pg_info->table), 1607 pgt_attr); 1608 } 1609 1610 r.size = MIN(CORE_MMU_PGDIR_SIZE - (r.va - pg_info->va_base), 1611 end - r.va); 1612 1613 if (!mobj_is_paged(region->mobj)) { 1614 size_t granule = BIT(pg_info->shift); 1615 size_t offset = r.va - region->va + region->offset; 1616 1617 r.size = MIN(r.size, 1618 mobj_get_phys_granule(region->mobj)); 1619 r.size = ROUNDUP(r.size, SMALL_PAGE_SIZE); 1620 1621 if (mobj_get_pa(region->mobj, offset, granule, 1622 &r.pa) != TEE_SUCCESS) 1623 panic("Failed to get PA of unpaged mobj"); 1624 set_region(pg_info, &r); 1625 } 1626 r.va += r.size; 1627 } 1628 } 1629 1630 static bool can_map_at_level(paddr_t paddr, vaddr_t vaddr, 1631 size_t size_left, paddr_t block_size, 1632 struct tee_mmap_region *mm __maybe_unused) 1633 { 1634 /* VA and PA are aligned to block size at current level */ 1635 if ((vaddr | paddr) & (block_size - 1)) 1636 return false; 1637 1638 /* Remainder fits into block at current level */ 1639 if (size_left < block_size) 1640 return false; 1641 1642 #ifdef CFG_WITH_PAGER 1643 /* 1644 * If pager is enabled, we need to map tee ram 1645 * regions with small pages only 1646 */ 1647 if (map_is_tee_ram(mm) && block_size != SMALL_PAGE_SIZE) 1648 return false; 1649 #endif 1650 1651 return true; 1652 } 1653 1654 void core_mmu_map_region(struct mmu_partition *prtn, struct tee_mmap_region *mm) 1655 { 1656 struct core_mmu_table_info tbl_info; 1657 unsigned int idx; 1658 vaddr_t vaddr = mm->va; 1659 paddr_t paddr = mm->pa; 1660 ssize_t size_left = mm->size; 1661 unsigned int level; 1662 bool table_found; 1663 uint32_t old_attr; 1664 1665 assert(!((vaddr | paddr) & SMALL_PAGE_MASK)); 1666 1667 while (size_left > 0) { 1668 level = CORE_MMU_BASE_TABLE_LEVEL; 1669 1670 while (true) { 1671 paddr_t block_size = 0; 1672 1673 assert(level <= CORE_MMU_PGDIR_LEVEL); 1674 1675 table_found = core_mmu_find_table(prtn, vaddr, level, 1676 &tbl_info); 1677 if (!table_found) 1678 panic("can't find table for mapping"); 1679 1680 block_size = BIT64(tbl_info.shift); 1681 1682 idx = core_mmu_va2idx(&tbl_info, vaddr); 1683 if (!can_map_at_level(paddr, vaddr, size_left, 1684 block_size, mm)) { 1685 bool secure = mm->attr & TEE_MATTR_SECURE; 1686 1687 /* 1688 * This part of the region can't be mapped at 1689 * this level. Need to go deeper. 1690 */ 1691 if (!core_mmu_entry_to_finer_grained(&tbl_info, 1692 idx, 1693 secure)) 1694 panic("Can't divide MMU entry"); 1695 level++; 1696 continue; 1697 } 1698 1699 /* We can map part of the region at current level */ 1700 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1701 if (old_attr) 1702 panic("Page is already mapped"); 1703 1704 core_mmu_set_entry(&tbl_info, idx, paddr, mm->attr); 1705 paddr += block_size; 1706 vaddr += block_size; 1707 size_left -= block_size; 1708 1709 break; 1710 } 1711 } 1712 } 1713 1714 TEE_Result core_mmu_map_pages(vaddr_t vstart, paddr_t *pages, size_t num_pages, 1715 enum teecore_memtypes memtype) 1716 { 1717 TEE_Result ret; 1718 struct core_mmu_table_info tbl_info; 1719 struct tee_mmap_region *mm; 1720 unsigned int idx; 1721 uint32_t old_attr; 1722 uint32_t exceptions; 1723 vaddr_t vaddr = vstart; 1724 size_t i; 1725 bool secure; 1726 1727 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1728 1729 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1730 1731 if (vaddr & SMALL_PAGE_MASK) 1732 return TEE_ERROR_BAD_PARAMETERS; 1733 1734 exceptions = mmu_lock(); 1735 1736 mm = find_map_by_va((void *)vaddr); 1737 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1738 panic("VA does not belong to any known mm region"); 1739 1740 if (!core_mmu_is_dynamic_vaspace(mm)) 1741 panic("Trying to map into static region"); 1742 1743 for (i = 0; i < num_pages; i++) { 1744 if (pages[i] & SMALL_PAGE_MASK) { 1745 ret = TEE_ERROR_BAD_PARAMETERS; 1746 goto err; 1747 } 1748 1749 while (true) { 1750 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1751 &tbl_info)) 1752 panic("Can't find pagetable for vaddr "); 1753 1754 idx = core_mmu_va2idx(&tbl_info, vaddr); 1755 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1756 break; 1757 1758 /* This is supertable. Need to divide it. */ 1759 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1760 secure)) 1761 panic("Failed to spread pgdir on small tables"); 1762 } 1763 1764 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1765 if (old_attr) 1766 panic("Page is already mapped"); 1767 1768 core_mmu_set_entry(&tbl_info, idx, pages[i], 1769 core_mmu_type_to_attr(memtype)); 1770 vaddr += SMALL_PAGE_SIZE; 1771 } 1772 1773 /* 1774 * Make sure all the changes to translation tables are visible 1775 * before returning. TLB doesn't need to be invalidated as we are 1776 * guaranteed that there's no valid mapping in this range. 1777 */ 1778 core_mmu_table_write_barrier(); 1779 mmu_unlock(exceptions); 1780 1781 return TEE_SUCCESS; 1782 err: 1783 mmu_unlock(exceptions); 1784 1785 if (i) 1786 core_mmu_unmap_pages(vstart, i); 1787 1788 return ret; 1789 } 1790 1791 TEE_Result core_mmu_map_contiguous_pages(vaddr_t vstart, paddr_t pstart, 1792 size_t num_pages, 1793 enum teecore_memtypes memtype) 1794 { 1795 struct core_mmu_table_info tbl_info = { }; 1796 struct tee_mmap_region *mm = NULL; 1797 unsigned int idx = 0; 1798 uint32_t old_attr = 0; 1799 uint32_t exceptions = 0; 1800 vaddr_t vaddr = vstart; 1801 paddr_t paddr = pstart; 1802 size_t i = 0; 1803 bool secure = false; 1804 1805 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1806 1807 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1808 1809 if ((vaddr | paddr) & SMALL_PAGE_MASK) 1810 return TEE_ERROR_BAD_PARAMETERS; 1811 1812 exceptions = mmu_lock(); 1813 1814 mm = find_map_by_va((void *)vaddr); 1815 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1816 panic("VA does not belong to any known mm region"); 1817 1818 if (!core_mmu_is_dynamic_vaspace(mm)) 1819 panic("Trying to map into static region"); 1820 1821 for (i = 0; i < num_pages; i++) { 1822 while (true) { 1823 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1824 &tbl_info)) 1825 panic("Can't find pagetable for vaddr "); 1826 1827 idx = core_mmu_va2idx(&tbl_info, vaddr); 1828 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1829 break; 1830 1831 /* This is supertable. Need to divide it. */ 1832 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1833 secure)) 1834 panic("Failed to spread pgdir on small tables"); 1835 } 1836 1837 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1838 if (old_attr) 1839 panic("Page is already mapped"); 1840 1841 core_mmu_set_entry(&tbl_info, idx, paddr, 1842 core_mmu_type_to_attr(memtype)); 1843 paddr += SMALL_PAGE_SIZE; 1844 vaddr += SMALL_PAGE_SIZE; 1845 } 1846 1847 /* 1848 * Make sure all the changes to translation tables are visible 1849 * before returning. TLB doesn't need to be invalidated as we are 1850 * guaranteed that there's no valid mapping in this range. 1851 */ 1852 core_mmu_table_write_barrier(); 1853 mmu_unlock(exceptions); 1854 1855 return TEE_SUCCESS; 1856 } 1857 1858 void core_mmu_unmap_pages(vaddr_t vstart, size_t num_pages) 1859 { 1860 struct core_mmu_table_info tbl_info; 1861 struct tee_mmap_region *mm; 1862 size_t i; 1863 unsigned int idx; 1864 uint32_t exceptions; 1865 1866 exceptions = mmu_lock(); 1867 1868 mm = find_map_by_va((void *)vstart); 1869 if (!mm || !va_is_in_map(mm, vstart + num_pages * SMALL_PAGE_SIZE - 1)) 1870 panic("VA does not belong to any known mm region"); 1871 1872 if (!core_mmu_is_dynamic_vaspace(mm)) 1873 panic("Trying to unmap static region"); 1874 1875 for (i = 0; i < num_pages; i++, vstart += SMALL_PAGE_SIZE) { 1876 if (!core_mmu_find_table(NULL, vstart, UINT_MAX, &tbl_info)) 1877 panic("Can't find pagetable"); 1878 1879 if (tbl_info.shift != SMALL_PAGE_SHIFT) 1880 panic("Invalid pagetable level"); 1881 1882 idx = core_mmu_va2idx(&tbl_info, vstart); 1883 core_mmu_set_entry(&tbl_info, idx, 0, 0); 1884 } 1885 tlbi_all(); 1886 1887 mmu_unlock(exceptions); 1888 } 1889 1890 void core_mmu_populate_user_map(struct core_mmu_table_info *dir_info, 1891 struct user_mode_ctx *uctx) 1892 { 1893 struct core_mmu_table_info pg_info = { }; 1894 struct pgt_cache *pgt_cache = &thread_get_tsd()->pgt_cache; 1895 struct pgt *pgt = NULL; 1896 struct vm_region *r = NULL; 1897 1898 if (TAILQ_EMPTY(&uctx->vm_info.regions)) 1899 return; /* Nothing to map */ 1900 1901 /* 1902 * Allocate all page tables in advance. 1903 */ 1904 pgt_alloc(pgt_cache, uctx->ts_ctx, &uctx->vm_info); 1905 pgt = SLIST_FIRST(pgt_cache); 1906 1907 core_mmu_set_info_table(&pg_info, dir_info->level + 1, 0, NULL); 1908 1909 TAILQ_FOREACH(r, &uctx->vm_info.regions, link) 1910 set_pg_region(dir_info, r, &pgt, &pg_info); 1911 } 1912 1913 TEE_Result core_mmu_remove_mapping(enum teecore_memtypes type, void *addr, 1914 size_t len) 1915 { 1916 struct core_mmu_table_info tbl_info = { }; 1917 struct tee_mmap_region *res_map = NULL; 1918 struct tee_mmap_region *map = NULL; 1919 paddr_t pa = virt_to_phys(addr); 1920 size_t granule = 0; 1921 ptrdiff_t i = 0; 1922 paddr_t p = 0; 1923 size_t l = 0; 1924 1925 map = find_map_by_type_and_pa(type, pa, len); 1926 if (!map) 1927 return TEE_ERROR_GENERIC; 1928 1929 res_map = find_map_by_type(MEM_AREA_RES_VASPACE); 1930 if (!res_map) 1931 return TEE_ERROR_GENERIC; 1932 if (!core_mmu_find_table(NULL, res_map->va, UINT_MAX, &tbl_info)) 1933 return TEE_ERROR_GENERIC; 1934 granule = BIT(tbl_info.shift); 1935 1936 if (map < static_memory_map || 1937 map >= static_memory_map + ARRAY_SIZE(static_memory_map)) 1938 return TEE_ERROR_GENERIC; 1939 i = map - static_memory_map; 1940 1941 /* Check that we have a full match */ 1942 p = ROUNDDOWN(pa, granule); 1943 l = ROUNDUP(len + pa - p, granule); 1944 if (map->pa != p || map->size != l) 1945 return TEE_ERROR_GENERIC; 1946 1947 clear_region(&tbl_info, map); 1948 tlbi_all(); 1949 1950 /* If possible remove the va range from res_map */ 1951 if (res_map->va - map->size == map->va) { 1952 res_map->va -= map->size; 1953 res_map->size += map->size; 1954 } 1955 1956 /* Remove the entry. */ 1957 memmove(map, map + 1, 1958 (ARRAY_SIZE(static_memory_map) - i - 1) * sizeof(*map)); 1959 1960 /* Clear the last new entry in case it was used */ 1961 memset(static_memory_map + ARRAY_SIZE(static_memory_map) - 1, 1962 0, sizeof(*map)); 1963 1964 return TEE_SUCCESS; 1965 } 1966 1967 struct tee_mmap_region * 1968 core_mmu_find_mapping_exclusive(enum teecore_memtypes type, size_t len) 1969 { 1970 struct tee_mmap_region *map = NULL; 1971 struct tee_mmap_region *map_found = NULL; 1972 1973 if (!len) 1974 return NULL; 1975 1976 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 1977 if (map->type != type) 1978 continue; 1979 1980 if (map_found) 1981 return NULL; 1982 1983 map_found = map; 1984 } 1985 1986 if (!map_found || map_found->size < len) 1987 return NULL; 1988 1989 return map_found; 1990 } 1991 1992 void *core_mmu_add_mapping(enum teecore_memtypes type, paddr_t addr, size_t len) 1993 { 1994 struct core_mmu_table_info tbl_info; 1995 struct tee_mmap_region *map; 1996 size_t n; 1997 size_t granule; 1998 paddr_t p; 1999 size_t l; 2000 2001 if (!len) 2002 return NULL; 2003 2004 if (!core_mmu_check_end_pa(addr, len)) 2005 return NULL; 2006 2007 /* Check if the memory is already mapped */ 2008 map = find_map_by_type_and_pa(type, addr, len); 2009 if (map && pbuf_inside_map_area(addr, len, map)) 2010 return (void *)(vaddr_t)(map->va + addr - map->pa); 2011 2012 /* Find the reserved va space used for late mappings */ 2013 map = find_map_by_type(MEM_AREA_RES_VASPACE); 2014 if (!map) 2015 return NULL; 2016 2017 if (!core_mmu_find_table(NULL, map->va, UINT_MAX, &tbl_info)) 2018 return NULL; 2019 2020 granule = BIT64(tbl_info.shift); 2021 p = ROUNDDOWN(addr, granule); 2022 l = ROUNDUP(len + addr - p, granule); 2023 2024 /* Ban overflowing virtual addresses */ 2025 if (map->size < l) 2026 return NULL; 2027 2028 /* 2029 * Something is wrong, we can't fit the va range into the selected 2030 * table. The reserved va range is possibly missaligned with 2031 * granule. 2032 */ 2033 if (core_mmu_va2idx(&tbl_info, map->va + len) >= tbl_info.num_entries) 2034 return NULL; 2035 2036 /* Find end of the memory map */ 2037 n = 0; 2038 while (!core_mmap_is_end_of_table(static_memory_map + n)) 2039 n++; 2040 2041 if (n < (ARRAY_SIZE(static_memory_map) - 1)) { 2042 /* There's room for another entry */ 2043 static_memory_map[n].va = map->va; 2044 static_memory_map[n].size = l; 2045 static_memory_map[n + 1].type = MEM_AREA_END; 2046 map->va += l; 2047 map->size -= l; 2048 map = static_memory_map + n; 2049 } else { 2050 /* 2051 * There isn't room for another entry, steal the reserved 2052 * entry as it's not useful for anything else any longer. 2053 */ 2054 map->size = l; 2055 } 2056 map->type = type; 2057 map->region_size = granule; 2058 map->attr = core_mmu_type_to_attr(type); 2059 map->pa = p; 2060 2061 set_region(&tbl_info, map); 2062 2063 /* Make sure the new entry is visible before continuing. */ 2064 core_mmu_table_write_barrier(); 2065 2066 return (void *)(vaddr_t)(map->va + addr - map->pa); 2067 } 2068 2069 #ifdef CFG_WITH_PAGER 2070 static vaddr_t get_linear_map_end_va(void) 2071 { 2072 /* this is synced with the generic linker file kern.ld.S */ 2073 return (vaddr_t)__heap2_end; 2074 } 2075 2076 static paddr_t get_linear_map_end_pa(void) 2077 { 2078 return get_linear_map_end_va() - VCORE_START_VA + TEE_LOAD_ADDR; 2079 } 2080 #endif 2081 2082 #if defined(CFG_TEE_CORE_DEBUG) 2083 static void check_pa_matches_va(void *va, paddr_t pa) 2084 { 2085 TEE_Result res = TEE_ERROR_GENERIC; 2086 vaddr_t v = (vaddr_t)va; 2087 paddr_t p = 0; 2088 struct core_mmu_table_info ti __maybe_unused = { }; 2089 2090 if (core_mmu_user_va_range_is_defined()) { 2091 vaddr_t user_va_base = 0; 2092 size_t user_va_size = 0; 2093 2094 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 2095 if (v >= user_va_base && 2096 v <= (user_va_base - 1 + user_va_size)) { 2097 if (!core_mmu_user_mapping_is_active()) { 2098 if (pa) 2099 panic("issue in linear address space"); 2100 return; 2101 } 2102 2103 res = vm_va2pa(to_user_mode_ctx(thread_get_tsd()->ctx), 2104 va, &p); 2105 if (res == TEE_ERROR_NOT_SUPPORTED) 2106 return; 2107 if (res == TEE_SUCCESS && pa != p) 2108 panic("bad pa"); 2109 if (res != TEE_SUCCESS && pa) 2110 panic("false pa"); 2111 return; 2112 } 2113 } 2114 #ifdef CFG_WITH_PAGER 2115 if (is_unpaged(va)) { 2116 if (v - boot_mmu_config.load_offset != pa) 2117 panic("issue in linear address space"); 2118 return; 2119 } 2120 2121 if (tee_pager_get_table_info(v, &ti)) { 2122 uint32_t a; 2123 2124 /* 2125 * Lookups in the page table managed by the pager is 2126 * dangerous for addresses in the paged area as those pages 2127 * changes all the time. But some ranges are safe, 2128 * rw-locked areas when the page is populated for instance. 2129 */ 2130 core_mmu_get_entry(&ti, core_mmu_va2idx(&ti, v), &p, &a); 2131 if (a & TEE_MATTR_VALID_BLOCK) { 2132 paddr_t mask = BIT64(ti.shift) - 1; 2133 2134 p |= v & mask; 2135 if (pa != p) 2136 panic(); 2137 } else { 2138 if (pa) 2139 panic(); 2140 } 2141 return; 2142 } 2143 #endif 2144 2145 if (!core_va2pa_helper(va, &p)) { 2146 /* Verfiy only the static mapping (case non null phys addr) */ 2147 if (p && pa != p) { 2148 DMSG("va %p maps 0x%" PRIxPA ", expect 0x%" PRIxPA, 2149 va, p, pa); 2150 panic(); 2151 } 2152 } else { 2153 if (pa) { 2154 DMSG("va %p unmapped, expect 0x%" PRIxPA, va, pa); 2155 panic(); 2156 } 2157 } 2158 } 2159 #else 2160 static void check_pa_matches_va(void *va __unused, paddr_t pa __unused) 2161 { 2162 } 2163 #endif 2164 2165 paddr_t virt_to_phys(void *va) 2166 { 2167 paddr_t pa = 0; 2168 2169 if (!arch_va2pa_helper(va, &pa)) 2170 pa = 0; 2171 check_pa_matches_va(va, pa); 2172 return pa; 2173 } 2174 2175 #if defined(CFG_TEE_CORE_DEBUG) 2176 static void check_va_matches_pa(paddr_t pa, void *va) 2177 { 2178 paddr_t p = 0; 2179 2180 if (!va) 2181 return; 2182 2183 p = virt_to_phys(va); 2184 if (p != pa) { 2185 DMSG("va %p maps 0x%" PRIxPA " expect 0x%" PRIxPA, va, p, pa); 2186 panic(); 2187 } 2188 } 2189 #else 2190 static void check_va_matches_pa(paddr_t pa __unused, void *va __unused) 2191 { 2192 } 2193 #endif 2194 2195 static void *phys_to_virt_ts_vaspace(paddr_t pa, size_t len) 2196 { 2197 if (!core_mmu_user_mapping_is_active()) 2198 return NULL; 2199 2200 return vm_pa2va(to_user_mode_ctx(thread_get_tsd()->ctx), pa, len); 2201 } 2202 2203 #ifdef CFG_WITH_PAGER 2204 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2205 { 2206 paddr_t end_pa = 0; 2207 2208 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 2209 return NULL; 2210 2211 if (pa >= TEE_LOAD_ADDR && pa < get_linear_map_end_pa()) { 2212 if (end_pa > get_linear_map_end_pa()) 2213 return NULL; 2214 return (void *)(vaddr_t)(pa + boot_mmu_config.load_offset); 2215 } 2216 2217 return tee_pager_phys_to_virt(pa, len); 2218 } 2219 #else 2220 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2221 { 2222 struct tee_mmap_region *mmap = NULL; 2223 2224 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM, pa, len); 2225 if (!mmap) 2226 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RW, pa, len); 2227 if (!mmap) 2228 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RO, pa, len); 2229 if (!mmap) 2230 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RW, pa, len); 2231 if (!mmap) 2232 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RO, pa, len); 2233 if (!mmap) 2234 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RX, pa, len); 2235 /* 2236 * Note that MEM_AREA_INIT_RAM_RO and MEM_AREA_INIT_RAM_RX are only 2237 * used with pager and not needed here. 2238 */ 2239 return map_pa2va(mmap, pa, len); 2240 } 2241 #endif 2242 2243 void *phys_to_virt(paddr_t pa, enum teecore_memtypes m, size_t len) 2244 { 2245 void *va = NULL; 2246 2247 switch (m) { 2248 case MEM_AREA_TS_VASPACE: 2249 va = phys_to_virt_ts_vaspace(pa, len); 2250 break; 2251 case MEM_AREA_TEE_RAM: 2252 case MEM_AREA_TEE_RAM_RX: 2253 case MEM_AREA_TEE_RAM_RO: 2254 case MEM_AREA_TEE_RAM_RW: 2255 case MEM_AREA_NEX_RAM_RO: 2256 case MEM_AREA_NEX_RAM_RW: 2257 va = phys_to_virt_tee_ram(pa, len); 2258 break; 2259 case MEM_AREA_SHM_VASPACE: 2260 /* Find VA from PA in dynamic SHM is not yet supported */ 2261 va = NULL; 2262 break; 2263 default: 2264 va = map_pa2va(find_map_by_type_and_pa(m, pa, len), pa, len); 2265 } 2266 if (m != MEM_AREA_SEC_RAM_OVERALL) 2267 check_va_matches_pa(pa, va); 2268 return va; 2269 } 2270 2271 void *phys_to_virt_io(paddr_t pa, size_t len) 2272 { 2273 struct tee_mmap_region *map = NULL; 2274 void *va = NULL; 2275 2276 map = find_map_by_type_and_pa(MEM_AREA_IO_SEC, pa, len); 2277 if (!map) 2278 map = find_map_by_type_and_pa(MEM_AREA_IO_NSEC, pa, len); 2279 if (!map) 2280 return NULL; 2281 va = map_pa2va(map, pa, len); 2282 check_va_matches_pa(pa, va); 2283 return va; 2284 } 2285 2286 vaddr_t core_mmu_get_va(paddr_t pa, enum teecore_memtypes type, size_t len) 2287 { 2288 if (cpu_mmu_enabled()) 2289 return (vaddr_t)phys_to_virt(pa, type, len); 2290 2291 return (vaddr_t)pa; 2292 } 2293 2294 #ifdef CFG_WITH_PAGER 2295 bool is_unpaged(void *va) 2296 { 2297 vaddr_t v = (vaddr_t)va; 2298 2299 return v >= VCORE_START_VA && v < get_linear_map_end_va(); 2300 } 2301 #else 2302 bool is_unpaged(void *va __unused) 2303 { 2304 return true; 2305 } 2306 #endif 2307 2308 void core_mmu_init_virtualization(void) 2309 { 2310 virt_init_memory(static_memory_map); 2311 } 2312 2313 vaddr_t io_pa_or_va(struct io_pa_va *p, size_t len) 2314 { 2315 assert(p->pa); 2316 if (cpu_mmu_enabled()) { 2317 if (!p->va) 2318 p->va = (vaddr_t)phys_to_virt_io(p->pa, len); 2319 assert(p->va); 2320 return p->va; 2321 } 2322 return p->pa; 2323 } 2324 2325 vaddr_t io_pa_or_va_secure(struct io_pa_va *p, size_t len) 2326 { 2327 assert(p->pa); 2328 if (cpu_mmu_enabled()) { 2329 if (!p->va) 2330 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_SEC, 2331 len); 2332 assert(p->va); 2333 return p->va; 2334 } 2335 return p->pa; 2336 } 2337 2338 vaddr_t io_pa_or_va_nsec(struct io_pa_va *p, size_t len) 2339 { 2340 assert(p->pa); 2341 if (cpu_mmu_enabled()) { 2342 if (!p->va) 2343 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_NSEC, 2344 len); 2345 assert(p->va); 2346 return p->va; 2347 } 2348 return p->pa; 2349 } 2350 2351 #ifdef CFG_CORE_RESERVED_SHM 2352 static TEE_Result teecore_init_pub_ram(void) 2353 { 2354 vaddr_t s = 0; 2355 vaddr_t e = 0; 2356 2357 /* get virtual addr/size of NSec shared mem allocated from teecore */ 2358 core_mmu_get_mem_by_type(MEM_AREA_NSEC_SHM, &s, &e); 2359 2360 if (s >= e || s & SMALL_PAGE_MASK || e & SMALL_PAGE_MASK) 2361 panic("invalid PUB RAM"); 2362 2363 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2364 if (!tee_vbuf_is_non_sec(s, e - s)) 2365 panic("PUB RAM is not non-secure"); 2366 2367 #ifdef CFG_PL310 2368 /* Allocate statically the l2cc mutex */ 2369 tee_l2cc_store_mutex_boot_pa(virt_to_phys((void *)s)); 2370 s += sizeof(uint32_t); /* size of a pl310 mutex */ 2371 s = ROUNDUP(s, SMALL_PAGE_SIZE); /* keep required alignment */ 2372 #endif 2373 2374 default_nsec_shm_paddr = virt_to_phys((void *)s); 2375 default_nsec_shm_size = e - s; 2376 2377 return TEE_SUCCESS; 2378 } 2379 early_init(teecore_init_pub_ram); 2380 #endif /*CFG_CORE_RESERVED_SHM*/ 2381 2382 void core_mmu_init_ta_ram(void) 2383 { 2384 vaddr_t s = 0; 2385 vaddr_t e = 0; 2386 paddr_t ps = 0; 2387 size_t size = 0; 2388 2389 /* 2390 * Get virtual addr/size of RAM where TA are loaded/executedNSec 2391 * shared mem allocated from teecore. 2392 */ 2393 if (IS_ENABLED(CFG_VIRTUALIZATION)) 2394 virt_get_ta_ram(&s, &e); 2395 else 2396 core_mmu_get_mem_by_type(MEM_AREA_TA_RAM, &s, &e); 2397 2398 ps = virt_to_phys((void *)s); 2399 size = e - s; 2400 2401 if (!ps || (ps & CORE_MMU_USER_CODE_MASK) || 2402 !size || (size & CORE_MMU_USER_CODE_MASK)) 2403 panic("invalid TA RAM"); 2404 2405 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2406 if (!tee_pbuf_is_sec(ps, size)) 2407 panic("TA RAM is not secure"); 2408 2409 if (!tee_mm_is_empty(&tee_mm_sec_ddr)) 2410 panic("TA RAM pool is not empty"); 2411 2412 /* remove previous config and init TA ddr memory pool */ 2413 tee_mm_final(&tee_mm_sec_ddr); 2414 tee_mm_init(&tee_mm_sec_ddr, ps, size, CORE_MMU_USER_CODE_SHIFT, 2415 TEE_MM_POOL_NO_FLAGS); 2416 } 2417