1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2016, 2022 Linaro Limited 4 * Copyright (c) 2014, STMicroelectronics International N.V. 5 */ 6 7 #include <assert.h> 8 #include <config.h> 9 #include <kernel/boot.h> 10 #include <kernel/linker.h> 11 #include <kernel/panic.h> 12 #include <kernel/spinlock.h> 13 #include <kernel/tee_l2cc_mutex.h> 14 #include <kernel/tee_misc.h> 15 #include <kernel/tlb_helpers.h> 16 #include <kernel/user_mode_ctx.h> 17 #include <kernel/virtualization.h> 18 #include <mm/core_memprot.h> 19 #include <mm/core_mmu.h> 20 #include <mm/mobj.h> 21 #include <mm/pgt_cache.h> 22 #include <mm/tee_pager.h> 23 #include <mm/vm.h> 24 #include <platform_config.h> 25 #include <string.h> 26 #include <trace.h> 27 #include <util.h> 28 29 #ifndef DEBUG_XLAT_TABLE 30 #define DEBUG_XLAT_TABLE 0 31 #endif 32 33 #define SHM_VASPACE_SIZE (1024 * 1024 * 32) 34 35 /* 36 * These variables are initialized before .bss is cleared. To avoid 37 * resetting them when .bss is cleared we're storing them in .data instead, 38 * even if they initially are zero. 39 */ 40 41 #ifdef CFG_CORE_RESERVED_SHM 42 /* Default NSec shared memory allocated from NSec world */ 43 unsigned long default_nsec_shm_size __nex_bss; 44 unsigned long default_nsec_shm_paddr __nex_bss; 45 #endif 46 47 static struct tee_mmap_region static_memory_map[CFG_MMAP_REGIONS 48 #ifdef CFG_CORE_ASLR 49 + 1 50 #endif 51 + 1] __nex_bss; 52 53 /* Define the platform's memory layout. */ 54 struct memaccess_area { 55 paddr_t paddr; 56 size_t size; 57 }; 58 59 #define MEMACCESS_AREA(a, s) { .paddr = a, .size = s } 60 61 static struct memaccess_area secure_only[] __nex_data = { 62 #ifdef TRUSTED_SRAM_BASE 63 MEMACCESS_AREA(TRUSTED_SRAM_BASE, TRUSTED_SRAM_SIZE), 64 #endif 65 MEMACCESS_AREA(TRUSTED_DRAM_BASE, TRUSTED_DRAM_SIZE), 66 }; 67 68 static struct memaccess_area nsec_shared[] __nex_data = { 69 #ifdef CFG_CORE_RESERVED_SHM 70 MEMACCESS_AREA(TEE_SHMEM_START, TEE_SHMEM_SIZE), 71 #endif 72 }; 73 74 #if defined(CFG_SECURE_DATA_PATH) 75 #ifdef CFG_TEE_SDP_MEM_BASE 76 register_sdp_mem(CFG_TEE_SDP_MEM_BASE, CFG_TEE_SDP_MEM_SIZE); 77 #endif 78 #ifdef TEE_SDP_TEST_MEM_BASE 79 register_sdp_mem(TEE_SDP_TEST_MEM_BASE, TEE_SDP_TEST_MEM_SIZE); 80 #endif 81 #endif 82 83 #ifdef CFG_CORE_RWDATA_NOEXEC 84 register_phys_mem_ul(MEM_AREA_TEE_RAM_RO, TEE_RAM_START, 85 VCORE_UNPG_RX_PA - TEE_RAM_START); 86 register_phys_mem_ul(MEM_AREA_TEE_RAM_RX, VCORE_UNPG_RX_PA, 87 VCORE_UNPG_RX_SZ_UNSAFE); 88 register_phys_mem_ul(MEM_AREA_TEE_RAM_RO, VCORE_UNPG_RO_PA, 89 VCORE_UNPG_RO_SZ_UNSAFE); 90 91 #ifdef CFG_VIRTUALIZATION 92 register_phys_mem_ul(MEM_AREA_NEX_RAM_RO, VCORE_UNPG_RW_PA, 93 VCORE_UNPG_RW_SZ_UNSAFE); 94 register_phys_mem_ul(MEM_AREA_NEX_RAM_RW, VCORE_NEX_RW_PA, 95 VCORE_NEX_RW_SZ_UNSAFE); 96 #else 97 register_phys_mem_ul(MEM_AREA_TEE_RAM_RW, VCORE_UNPG_RW_PA, 98 VCORE_UNPG_RW_SZ_UNSAFE); 99 #endif 100 101 #ifdef CFG_WITH_PAGER 102 register_phys_mem_ul(MEM_AREA_INIT_RAM_RX, VCORE_INIT_RX_PA, 103 VCORE_INIT_RX_SZ_UNSAFE); 104 register_phys_mem_ul(MEM_AREA_INIT_RAM_RO, VCORE_INIT_RO_PA, 105 VCORE_INIT_RO_SZ_UNSAFE); 106 #endif /*CFG_WITH_PAGER*/ 107 #else /*!CFG_CORE_RWDATA_NOEXEC*/ 108 register_phys_mem(MEM_AREA_TEE_RAM, TEE_RAM_START, TEE_RAM_PH_SIZE); 109 #endif /*!CFG_CORE_RWDATA_NOEXEC*/ 110 111 #ifdef CFG_VIRTUALIZATION 112 register_phys_mem(MEM_AREA_SEC_RAM_OVERALL, TRUSTED_DRAM_BASE, 113 TRUSTED_DRAM_SIZE); 114 #endif 115 116 #if defined(CFG_CORE_SANITIZE_KADDRESS) && defined(CFG_WITH_PAGER) 117 /* Asan ram is part of MEM_AREA_TEE_RAM_RW when pager is disabled */ 118 register_phys_mem_ul(MEM_AREA_TEE_ASAN, ASAN_MAP_PA, ASAN_MAP_SZ); 119 #endif 120 121 #ifndef CFG_VIRTUALIZATION 122 /* Every guest will have own TA RAM if virtualization support is enabled */ 123 register_phys_mem(MEM_AREA_TA_RAM, TA_RAM_START, TA_RAM_SIZE); 124 #endif 125 #ifdef CFG_CORE_RESERVED_SHM 126 register_phys_mem(MEM_AREA_NSEC_SHM, TEE_SHMEM_START, TEE_SHMEM_SIZE); 127 #endif 128 129 static unsigned int mmu_spinlock; 130 131 static uint32_t mmu_lock(void) 132 { 133 return cpu_spin_lock_xsave(&mmu_spinlock); 134 } 135 136 static void mmu_unlock(uint32_t exceptions) 137 { 138 cpu_spin_unlock_xrestore(&mmu_spinlock, exceptions); 139 } 140 141 static struct tee_mmap_region *get_memory_map(void) 142 { 143 if (IS_ENABLED(CFG_VIRTUALIZATION)) { 144 struct tee_mmap_region *map = virt_get_memory_map(); 145 146 if (map) 147 return map; 148 } 149 150 return static_memory_map; 151 } 152 153 static bool _pbuf_intersects(struct memaccess_area *a, size_t alen, 154 paddr_t pa, size_t size) 155 { 156 size_t n; 157 158 for (n = 0; n < alen; n++) 159 if (core_is_buffer_intersect(pa, size, a[n].paddr, a[n].size)) 160 return true; 161 return false; 162 } 163 164 #define pbuf_intersects(a, pa, size) \ 165 _pbuf_intersects((a), ARRAY_SIZE(a), (pa), (size)) 166 167 static bool _pbuf_is_inside(struct memaccess_area *a, size_t alen, 168 paddr_t pa, size_t size) 169 { 170 size_t n; 171 172 for (n = 0; n < alen; n++) 173 if (core_is_buffer_inside(pa, size, a[n].paddr, a[n].size)) 174 return true; 175 return false; 176 } 177 178 #define pbuf_is_inside(a, pa, size) \ 179 _pbuf_is_inside((a), ARRAY_SIZE(a), (pa), (size)) 180 181 static bool pa_is_in_map(struct tee_mmap_region *map, paddr_t pa, size_t len) 182 { 183 paddr_t end_pa = 0; 184 185 if (!map) 186 return false; 187 188 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 189 return false; 190 191 return (pa >= map->pa && end_pa <= map->pa + map->size - 1); 192 } 193 194 static bool va_is_in_map(struct tee_mmap_region *map, vaddr_t va) 195 { 196 if (!map) 197 return false; 198 return (va >= map->va && va <= (map->va + map->size - 1)); 199 } 200 201 /* check if target buffer fits in a core default map area */ 202 static bool pbuf_inside_map_area(unsigned long p, size_t l, 203 struct tee_mmap_region *map) 204 { 205 return core_is_buffer_inside(p, l, map->pa, map->size); 206 } 207 208 static struct tee_mmap_region *find_map_by_type(enum teecore_memtypes type) 209 { 210 struct tee_mmap_region *map; 211 212 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) 213 if (map->type == type) 214 return map; 215 return NULL; 216 } 217 218 static struct tee_mmap_region * 219 find_map_by_type_and_pa(enum teecore_memtypes type, paddr_t pa, size_t len) 220 { 221 struct tee_mmap_region *map; 222 223 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 224 if (map->type != type) 225 continue; 226 if (pa_is_in_map(map, pa, len)) 227 return map; 228 } 229 return NULL; 230 } 231 232 static struct tee_mmap_region *find_map_by_va(void *va) 233 { 234 struct tee_mmap_region *map = get_memory_map(); 235 unsigned long a = (unsigned long)va; 236 237 while (!core_mmap_is_end_of_table(map)) { 238 if (a >= map->va && a <= (map->va - 1 + map->size)) 239 return map; 240 map++; 241 } 242 return NULL; 243 } 244 245 static struct tee_mmap_region *find_map_by_pa(unsigned long pa) 246 { 247 struct tee_mmap_region *map = get_memory_map(); 248 249 while (!core_mmap_is_end_of_table(map)) { 250 if (pa >= map->pa && pa <= (map->pa + map->size - 1)) 251 return map; 252 map++; 253 } 254 return NULL; 255 } 256 257 #if defined(CFG_CORE_DYN_SHM) || defined(CFG_SECURE_DATA_PATH) 258 static bool pbuf_is_special_mem(paddr_t pbuf, size_t len, 259 const struct core_mmu_phys_mem *start, 260 const struct core_mmu_phys_mem *end) 261 { 262 const struct core_mmu_phys_mem *mem; 263 264 for (mem = start; mem < end; mem++) { 265 if (core_is_buffer_inside(pbuf, len, mem->addr, mem->size)) 266 return true; 267 } 268 269 return false; 270 } 271 #endif 272 273 #ifdef CFG_CORE_DYN_SHM 274 static void carve_out_phys_mem(struct core_mmu_phys_mem **mem, size_t *nelems, 275 paddr_t pa, size_t size) 276 { 277 struct core_mmu_phys_mem *m = *mem; 278 size_t n = 0; 279 280 while (true) { 281 if (n >= *nelems) { 282 DMSG("No need to carve out %#" PRIxPA " size %#zx", 283 pa, size); 284 return; 285 } 286 if (core_is_buffer_inside(pa, size, m[n].addr, m[n].size)) 287 break; 288 if (!core_is_buffer_outside(pa, size, m[n].addr, m[n].size)) 289 panic(); 290 n++; 291 } 292 293 if (pa == m[n].addr && size == m[n].size) { 294 /* Remove this entry */ 295 (*nelems)--; 296 memmove(m + n, m + n + 1, sizeof(*m) * (*nelems - n)); 297 m = nex_realloc(m, sizeof(*m) * *nelems); 298 if (!m) 299 panic(); 300 *mem = m; 301 } else if (pa == m[n].addr) { 302 m[n].addr += size; 303 m[n].size -= size; 304 } else if ((pa + size) == (m[n].addr + m[n].size)) { 305 m[n].size -= size; 306 } else { 307 /* Need to split the memory entry */ 308 m = nex_realloc(m, sizeof(*m) * (*nelems + 1)); 309 if (!m) 310 panic(); 311 *mem = m; 312 memmove(m + n + 1, m + n, sizeof(*m) * (*nelems - n)); 313 (*nelems)++; 314 m[n].size = pa - m[n].addr; 315 m[n + 1].size -= size + m[n].size; 316 m[n + 1].addr = pa + size; 317 } 318 } 319 320 static void check_phys_mem_is_outside(struct core_mmu_phys_mem *start, 321 size_t nelems, 322 struct tee_mmap_region *map) 323 { 324 size_t n; 325 326 for (n = 0; n < nelems; n++) { 327 if (!core_is_buffer_outside(start[n].addr, start[n].size, 328 map->pa, map->size)) { 329 EMSG("Non-sec mem (%#" PRIxPA ":%#" PRIxPASZ 330 ") overlaps map (type %d %#" PRIxPA ":%#zx)", 331 start[n].addr, start[n].size, 332 map->type, map->pa, map->size); 333 panic(); 334 } 335 } 336 } 337 338 static const struct core_mmu_phys_mem *discovered_nsec_ddr_start __nex_bss; 339 static size_t discovered_nsec_ddr_nelems __nex_bss; 340 341 static int cmp_pmem_by_addr(const void *a, const void *b) 342 { 343 const struct core_mmu_phys_mem *pmem_a = a; 344 const struct core_mmu_phys_mem *pmem_b = b; 345 346 return CMP_TRILEAN(pmem_a->addr, pmem_b->addr); 347 } 348 349 void core_mmu_set_discovered_nsec_ddr(struct core_mmu_phys_mem *start, 350 size_t nelems) 351 { 352 struct core_mmu_phys_mem *m = start; 353 size_t num_elems = nelems; 354 struct tee_mmap_region *map = static_memory_map; 355 const struct core_mmu_phys_mem __maybe_unused *pmem; 356 357 assert(!discovered_nsec_ddr_start); 358 assert(m && num_elems); 359 360 qsort(m, num_elems, sizeof(*m), cmp_pmem_by_addr); 361 362 /* 363 * Non-secure shared memory and also secure data 364 * path memory are supposed to reside inside 365 * non-secure memory. Since NSEC_SHM and SDP_MEM 366 * are used for a specific purpose make holes for 367 * those memory in the normal non-secure memory. 368 * 369 * This has to be done since for instance QEMU 370 * isn't aware of which memory range in the 371 * non-secure memory is used for NSEC_SHM. 372 */ 373 374 #ifdef CFG_SECURE_DATA_PATH 375 for (pmem = phys_sdp_mem_begin; pmem < phys_sdp_mem_end; pmem++) 376 carve_out_phys_mem(&m, &num_elems, pmem->addr, pmem->size); 377 #endif 378 379 carve_out_phys_mem(&m, &num_elems, TEE_RAM_START, TEE_RAM_PH_SIZE); 380 carve_out_phys_mem(&m, &num_elems, TA_RAM_START, TA_RAM_SIZE); 381 382 for (map = static_memory_map; !core_mmap_is_end_of_table(map); map++) { 383 switch (map->type) { 384 case MEM_AREA_NSEC_SHM: 385 carve_out_phys_mem(&m, &num_elems, map->pa, map->size); 386 break; 387 case MEM_AREA_EXT_DT: 388 case MEM_AREA_RES_VASPACE: 389 case MEM_AREA_SHM_VASPACE: 390 case MEM_AREA_TS_VASPACE: 391 case MEM_AREA_PAGER_VASPACE: 392 break; 393 default: 394 check_phys_mem_is_outside(m, num_elems, map); 395 } 396 } 397 398 discovered_nsec_ddr_start = m; 399 discovered_nsec_ddr_nelems = num_elems; 400 401 if (!core_mmu_check_end_pa(m[num_elems - 1].addr, 402 m[num_elems - 1].size)) 403 panic(); 404 } 405 406 static bool get_discovered_nsec_ddr(const struct core_mmu_phys_mem **start, 407 const struct core_mmu_phys_mem **end) 408 { 409 if (!discovered_nsec_ddr_start) 410 return false; 411 412 *start = discovered_nsec_ddr_start; 413 *end = discovered_nsec_ddr_start + discovered_nsec_ddr_nelems; 414 415 return true; 416 } 417 418 static bool pbuf_is_nsec_ddr(paddr_t pbuf, size_t len) 419 { 420 const struct core_mmu_phys_mem *start; 421 const struct core_mmu_phys_mem *end; 422 423 if (!get_discovered_nsec_ddr(&start, &end)) 424 return false; 425 426 return pbuf_is_special_mem(pbuf, len, start, end); 427 } 428 429 bool core_mmu_nsec_ddr_is_defined(void) 430 { 431 const struct core_mmu_phys_mem *start; 432 const struct core_mmu_phys_mem *end; 433 434 if (!get_discovered_nsec_ddr(&start, &end)) 435 return false; 436 437 return start != end; 438 } 439 #else 440 static bool pbuf_is_nsec_ddr(paddr_t pbuf __unused, size_t len __unused) 441 { 442 return false; 443 } 444 #endif /*CFG_CORE_DYN_SHM*/ 445 446 #define MSG_MEM_INSTERSECT(pa1, sz1, pa2, sz2) \ 447 EMSG("[%" PRIxPA " %" PRIx64 "] intersects [%" PRIxPA " %" PRIx64 "]", \ 448 pa1, (uint64_t)pa1 + (sz1), pa2, (uint64_t)pa2 + (sz2)) 449 450 #ifdef CFG_SECURE_DATA_PATH 451 static bool pbuf_is_sdp_mem(paddr_t pbuf, size_t len) 452 { 453 return pbuf_is_special_mem(pbuf, len, phys_sdp_mem_begin, 454 phys_sdp_mem_end); 455 } 456 457 struct mobj **core_sdp_mem_create_mobjs(void) 458 { 459 const struct core_mmu_phys_mem *mem; 460 struct mobj **mobj_base; 461 struct mobj **mobj; 462 int cnt = phys_sdp_mem_end - phys_sdp_mem_begin; 463 464 /* SDP mobjs table must end with a NULL entry */ 465 mobj_base = calloc(cnt + 1, sizeof(struct mobj *)); 466 if (!mobj_base) 467 panic("Out of memory"); 468 469 for (mem = phys_sdp_mem_begin, mobj = mobj_base; 470 mem < phys_sdp_mem_end; mem++, mobj++) { 471 *mobj = mobj_phys_alloc(mem->addr, mem->size, 472 TEE_MATTR_MEM_TYPE_CACHED, 473 CORE_MEM_SDP_MEM); 474 if (!*mobj) 475 panic("can't create SDP physical memory object"); 476 } 477 return mobj_base; 478 } 479 480 #else /* CFG_SECURE_DATA_PATH */ 481 static bool pbuf_is_sdp_mem(paddr_t pbuf __unused, size_t len __unused) 482 { 483 return false; 484 } 485 486 #endif /* CFG_SECURE_DATA_PATH */ 487 488 /* Check special memories comply with registered memories */ 489 static void verify_special_mem_areas(struct tee_mmap_region *mem_map, 490 size_t len, 491 const struct core_mmu_phys_mem *start, 492 const struct core_mmu_phys_mem *end, 493 const char *area_name __maybe_unused) 494 { 495 const struct core_mmu_phys_mem *mem; 496 const struct core_mmu_phys_mem *mem2; 497 struct tee_mmap_region *mmap; 498 size_t n; 499 500 if (start == end) { 501 DMSG("No %s memory area defined", area_name); 502 return; 503 } 504 505 for (mem = start; mem < end; mem++) 506 DMSG("%s memory [%" PRIxPA " %" PRIx64 "]", 507 area_name, mem->addr, (uint64_t)mem->addr + mem->size); 508 509 /* Check memories do not intersect each other */ 510 for (mem = start; mem + 1 < end; mem++) { 511 for (mem2 = mem + 1; mem2 < end; mem2++) { 512 if (core_is_buffer_intersect(mem2->addr, mem2->size, 513 mem->addr, mem->size)) { 514 MSG_MEM_INSTERSECT(mem2->addr, mem2->size, 515 mem->addr, mem->size); 516 panic("Special memory intersection"); 517 } 518 } 519 } 520 521 /* 522 * Check memories do not intersect any mapped memory. 523 * This is called before reserved VA space is loaded in mem_map. 524 */ 525 for (mem = start; mem < end; mem++) { 526 for (mmap = mem_map, n = 0; n < len; mmap++, n++) { 527 if (core_is_buffer_intersect(mem->addr, mem->size, 528 mmap->pa, mmap->size)) { 529 MSG_MEM_INSTERSECT(mem->addr, mem->size, 530 mmap->pa, mmap->size); 531 panic("Special memory intersection"); 532 } 533 } 534 } 535 } 536 537 static void add_phys_mem(struct tee_mmap_region *memory_map, size_t num_elems, 538 const struct core_mmu_phys_mem *mem, size_t *last) 539 { 540 size_t n = 0; 541 paddr_t pa; 542 paddr_size_t size; 543 544 /* 545 * If some ranges of memory of the same type do overlap 546 * each others they are coalesced into one entry. To help this 547 * added entries are sorted by increasing physical. 548 * 549 * Note that it's valid to have the same physical memory as several 550 * different memory types, for instance the same device memory 551 * mapped as both secure and non-secure. This will probably not 552 * happen often in practice. 553 */ 554 DMSG("%s type %s 0x%08" PRIxPA " size 0x%08" PRIxPASZ, 555 mem->name, teecore_memtype_name(mem->type), mem->addr, mem->size); 556 while (true) { 557 if (n >= (num_elems - 1)) { 558 EMSG("Out of entries (%zu) in memory_map", num_elems); 559 panic(); 560 } 561 if (n == *last) 562 break; 563 pa = memory_map[n].pa; 564 size = memory_map[n].size; 565 if (mem->type == memory_map[n].type && 566 ((pa <= (mem->addr + (mem->size - 1))) && 567 (mem->addr <= (pa + (size - 1))))) { 568 DMSG("Physical mem map overlaps 0x%" PRIxPA, mem->addr); 569 memory_map[n].pa = MIN(pa, mem->addr); 570 memory_map[n].size = MAX(size, mem->size) + 571 (pa - memory_map[n].pa); 572 return; 573 } 574 if (mem->type < memory_map[n].type || 575 (mem->type == memory_map[n].type && mem->addr < pa)) 576 break; /* found the spot where to insert this memory */ 577 n++; 578 } 579 580 memmove(memory_map + n + 1, memory_map + n, 581 sizeof(struct tee_mmap_region) * (*last - n)); 582 (*last)++; 583 memset(memory_map + n, 0, sizeof(memory_map[0])); 584 memory_map[n].type = mem->type; 585 memory_map[n].pa = mem->addr; 586 memory_map[n].size = mem->size; 587 } 588 589 static void add_va_space(struct tee_mmap_region *memory_map, size_t num_elems, 590 enum teecore_memtypes type, size_t size, size_t *last) 591 { 592 size_t n = 0; 593 594 DMSG("type %s size 0x%08zx", teecore_memtype_name(type), size); 595 while (true) { 596 if (n >= (num_elems - 1)) { 597 EMSG("Out of entries (%zu) in memory_map", num_elems); 598 panic(); 599 } 600 if (n == *last) 601 break; 602 if (type < memory_map[n].type) 603 break; 604 n++; 605 } 606 607 memmove(memory_map + n + 1, memory_map + n, 608 sizeof(struct tee_mmap_region) * (*last - n)); 609 (*last)++; 610 memset(memory_map + n, 0, sizeof(memory_map[0])); 611 memory_map[n].type = type; 612 memory_map[n].size = size; 613 } 614 615 uint32_t core_mmu_type_to_attr(enum teecore_memtypes t) 616 { 617 const uint32_t attr = TEE_MATTR_VALID_BLOCK; 618 const uint32_t cached = TEE_MATTR_MEM_TYPE_CACHED << 619 TEE_MATTR_MEM_TYPE_SHIFT; 620 const uint32_t noncache = TEE_MATTR_MEM_TYPE_DEV << 621 TEE_MATTR_MEM_TYPE_SHIFT; 622 623 switch (t) { 624 case MEM_AREA_TEE_RAM: 625 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | cached; 626 case MEM_AREA_TEE_RAM_RX: 627 case MEM_AREA_INIT_RAM_RX: 628 case MEM_AREA_IDENTITY_MAP_RX: 629 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRX | cached; 630 case MEM_AREA_TEE_RAM_RO: 631 case MEM_AREA_INIT_RAM_RO: 632 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | cached; 633 case MEM_AREA_TEE_RAM_RW: 634 case MEM_AREA_NEX_RAM_RO: /* This has to be r/w during init runtime */ 635 case MEM_AREA_NEX_RAM_RW: 636 case MEM_AREA_TEE_ASAN: 637 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 638 case MEM_AREA_TEE_COHERENT: 639 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | noncache; 640 case MEM_AREA_TA_RAM: 641 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 642 case MEM_AREA_NSEC_SHM: 643 return attr | TEE_MATTR_PRW | cached; 644 case MEM_AREA_EXT_DT: 645 case MEM_AREA_IO_NSEC: 646 return attr | TEE_MATTR_PRW | noncache; 647 case MEM_AREA_IO_SEC: 648 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | noncache; 649 case MEM_AREA_RAM_NSEC: 650 return attr | TEE_MATTR_PRW | cached; 651 case MEM_AREA_RAM_SEC: 652 case MEM_AREA_SEC_RAM_OVERALL: 653 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 654 case MEM_AREA_RES_VASPACE: 655 case MEM_AREA_SHM_VASPACE: 656 return 0; 657 case MEM_AREA_PAGER_VASPACE: 658 return TEE_MATTR_SECURE; 659 default: 660 panic("invalid type"); 661 } 662 } 663 664 static bool __maybe_unused map_is_tee_ram(const struct tee_mmap_region *mm) 665 { 666 switch (mm->type) { 667 case MEM_AREA_TEE_RAM: 668 case MEM_AREA_TEE_RAM_RX: 669 case MEM_AREA_TEE_RAM_RO: 670 case MEM_AREA_TEE_RAM_RW: 671 case MEM_AREA_INIT_RAM_RX: 672 case MEM_AREA_INIT_RAM_RO: 673 case MEM_AREA_NEX_RAM_RW: 674 case MEM_AREA_NEX_RAM_RO: 675 case MEM_AREA_TEE_ASAN: 676 return true; 677 default: 678 return false; 679 } 680 } 681 682 static bool __maybe_unused map_is_secure(const struct tee_mmap_region *mm) 683 { 684 return !!(core_mmu_type_to_attr(mm->type) & TEE_MATTR_SECURE); 685 } 686 687 static bool __maybe_unused map_is_pgdir(const struct tee_mmap_region *mm) 688 { 689 return mm->region_size == CORE_MMU_PGDIR_SIZE; 690 } 691 692 static int cmp_mmap_by_lower_va(const void *a, const void *b) 693 { 694 const struct tee_mmap_region *mm_a = a; 695 const struct tee_mmap_region *mm_b = b; 696 697 return CMP_TRILEAN(mm_a->va, mm_b->va); 698 } 699 700 static void dump_mmap_table(struct tee_mmap_region *memory_map) 701 { 702 struct tee_mmap_region *map; 703 704 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 705 vaddr_t __maybe_unused vstart; 706 707 vstart = map->va + ((vaddr_t)map->pa & (map->region_size - 1)); 708 DMSG("type %-12s va 0x%08" PRIxVA "..0x%08" PRIxVA 709 " pa 0x%08" PRIxPA "..0x%08" PRIxPA " size 0x%08zx (%s)", 710 teecore_memtype_name(map->type), vstart, 711 vstart + map->size - 1, map->pa, 712 (paddr_t)(map->pa + map->size - 1), map->size, 713 map->region_size == SMALL_PAGE_SIZE ? "smallpg" : "pgdir"); 714 } 715 } 716 717 #if DEBUG_XLAT_TABLE 718 719 static void dump_xlat_table(vaddr_t va, unsigned int level) 720 { 721 struct core_mmu_table_info tbl_info; 722 unsigned int idx = 0; 723 paddr_t pa; 724 uint32_t attr; 725 726 core_mmu_find_table(NULL, va, level, &tbl_info); 727 va = tbl_info.va_base; 728 for (idx = 0; idx < tbl_info.num_entries; idx++) { 729 core_mmu_get_entry(&tbl_info, idx, &pa, &attr); 730 if (attr || level > CORE_MMU_BASE_TABLE_LEVEL) { 731 const char *security_bit = ""; 732 733 if (core_mmu_entry_have_security_bit(attr)) { 734 if (attr & TEE_MATTR_SECURE) 735 security_bit = "S"; 736 else 737 security_bit = "NS"; 738 } 739 740 if (attr & TEE_MATTR_TABLE) { 741 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 742 " TBL:0x%010" PRIxPA " %s", 743 level * 2, "", level, va, pa, 744 security_bit); 745 dump_xlat_table(va, level + 1); 746 } else if (attr) { 747 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 748 " PA:0x%010" PRIxPA " %s-%s-%s-%s", 749 level * 2, "", level, va, pa, 750 mattr_is_cached(attr) ? "MEM" : 751 "DEV", 752 attr & TEE_MATTR_PW ? "RW" : "RO", 753 attr & TEE_MATTR_PX ? "X " : "XN", 754 security_bit); 755 } else { 756 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 757 " INVALID\n", 758 level * 2, "", level, va); 759 } 760 } 761 va += BIT64(tbl_info.shift); 762 } 763 } 764 765 #else 766 767 static void dump_xlat_table(vaddr_t va __unused, int level __unused) 768 { 769 } 770 771 #endif 772 773 /* 774 * Reserves virtual memory space for pager usage. 775 * 776 * From the start of the first memory used by the link script + 777 * TEE_RAM_VA_SIZE should be covered, either with a direct mapping or empty 778 * mapping for pager usage. This adds translation tables as needed for the 779 * pager to operate. 780 */ 781 static void add_pager_vaspace(struct tee_mmap_region *mmap, size_t num_elems, 782 size_t *last) 783 { 784 paddr_t begin = 0; 785 paddr_t end = 0; 786 size_t size = 0; 787 size_t pos = 0; 788 size_t n = 0; 789 790 if (*last >= (num_elems - 1)) { 791 EMSG("Out of entries (%zu) in memory map", num_elems); 792 panic(); 793 } 794 795 for (n = 0; !core_mmap_is_end_of_table(mmap + n); n++) { 796 if (map_is_tee_ram(mmap + n)) { 797 if (!begin) 798 begin = mmap[n].pa; 799 pos = n + 1; 800 } 801 } 802 803 end = mmap[pos - 1].pa + mmap[pos - 1].size; 804 size = TEE_RAM_VA_SIZE - (end - begin); 805 if (!size) 806 return; 807 808 assert(pos <= *last); 809 memmove(mmap + pos + 1, mmap + pos, 810 sizeof(struct tee_mmap_region) * (*last - pos)); 811 (*last)++; 812 memset(mmap + pos, 0, sizeof(mmap[0])); 813 mmap[pos].type = MEM_AREA_PAGER_VASPACE; 814 mmap[pos].va = 0; 815 mmap[pos].size = size; 816 mmap[pos].region_size = SMALL_PAGE_SIZE; 817 mmap[pos].attr = core_mmu_type_to_attr(MEM_AREA_PAGER_VASPACE); 818 } 819 820 static void check_sec_nsec_mem_config(void) 821 { 822 size_t n = 0; 823 824 for (n = 0; n < ARRAY_SIZE(secure_only); n++) { 825 if (pbuf_intersects(nsec_shared, secure_only[n].paddr, 826 secure_only[n].size)) 827 panic("Invalid memory access config: sec/nsec"); 828 } 829 } 830 831 static size_t collect_mem_ranges(struct tee_mmap_region *memory_map, 832 size_t num_elems) 833 { 834 const struct core_mmu_phys_mem *mem = NULL; 835 size_t last = 0; 836 837 for (mem = phys_mem_map_begin; mem < phys_mem_map_end; mem++) { 838 struct core_mmu_phys_mem m = *mem; 839 840 /* Discard null size entries */ 841 if (!m.size) 842 continue; 843 844 /* Only unmapped virtual range may have a null phys addr */ 845 assert(m.addr || !core_mmu_type_to_attr(m.type)); 846 847 add_phys_mem(memory_map, num_elems, &m, &last); 848 } 849 850 if (IS_ENABLED(CFG_SECURE_DATA_PATH)) 851 verify_special_mem_areas(memory_map, num_elems, 852 phys_sdp_mem_begin, 853 phys_sdp_mem_end, "SDP"); 854 855 add_va_space(memory_map, num_elems, MEM_AREA_RES_VASPACE, 856 CFG_RESERVED_VASPACE_SIZE, &last); 857 858 add_va_space(memory_map, num_elems, MEM_AREA_SHM_VASPACE, 859 SHM_VASPACE_SIZE, &last); 860 861 memory_map[last].type = MEM_AREA_END; 862 863 return last; 864 } 865 866 static void assign_mem_granularity(struct tee_mmap_region *memory_map) 867 { 868 struct tee_mmap_region *map = NULL; 869 870 /* 871 * Assign region sizes, note that MEM_AREA_TEE_RAM always uses 872 * SMALL_PAGE_SIZE. 873 */ 874 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 875 paddr_t mask = map->pa | map->size; 876 877 if (!(mask & CORE_MMU_PGDIR_MASK)) 878 map->region_size = CORE_MMU_PGDIR_SIZE; 879 else if (!(mask & SMALL_PAGE_MASK)) 880 map->region_size = SMALL_PAGE_SIZE; 881 else 882 panic("Impossible memory alignment"); 883 884 if (map_is_tee_ram(map)) 885 map->region_size = SMALL_PAGE_SIZE; 886 } 887 } 888 889 static bool place_tee_ram_at_top(paddr_t paddr) 890 { 891 return paddr > BIT64(core_mmu_get_va_width()) / 2; 892 } 893 894 /* 895 * MMU arch driver shall override this function if it helps 896 * optimizing the memory footprint of the address translation tables. 897 */ 898 bool __weak core_mmu_prefer_tee_ram_at_top(paddr_t paddr) 899 { 900 return place_tee_ram_at_top(paddr); 901 } 902 903 static bool assign_mem_va_dir(vaddr_t tee_ram_va, 904 struct tee_mmap_region *memory_map, 905 bool tee_ram_at_top) 906 { 907 struct tee_mmap_region *map = NULL; 908 vaddr_t va = 0; 909 bool va_is_secure = true; 910 911 /* Clear eventual previous assignments */ 912 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 913 map->va = 0; 914 915 /* 916 * TEE RAM regions are always aligned with region_size. 917 * 918 * Note that MEM_AREA_PAGER_VASPACE also counts as TEE RAM here 919 * since it handles virtual memory which covers the part of the ELF 920 * that cannot fit directly into memory. 921 */ 922 va = tee_ram_va; 923 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 924 if (map_is_tee_ram(map) || 925 map->type == MEM_AREA_PAGER_VASPACE) { 926 assert(!(va & (map->region_size - 1))); 927 assert(!(map->size & (map->region_size - 1))); 928 map->va = va; 929 if (ADD_OVERFLOW(va, map->size, &va)) 930 return false; 931 if (va >= BIT64(core_mmu_get_va_width())) 932 return false; 933 } 934 } 935 936 if (tee_ram_at_top) { 937 /* 938 * Map non-tee ram regions at addresses lower than the tee 939 * ram region. 940 */ 941 va = tee_ram_va; 942 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 943 map->attr = core_mmu_type_to_attr(map->type); 944 if (map->va) 945 continue; 946 947 if (!IS_ENABLED(CFG_WITH_LPAE) && 948 va_is_secure != map_is_secure(map)) { 949 va_is_secure = !va_is_secure; 950 va = ROUNDDOWN(va, CORE_MMU_PGDIR_SIZE); 951 } 952 953 if (SUB_OVERFLOW(va, map->size, &va)) 954 return false; 955 va = ROUNDDOWN(va, map->region_size); 956 /* 957 * Make sure that va is aligned with pa for 958 * efficient pgdir mapping. Basically pa & 959 * pgdir_mask should be == va & pgdir_mask 960 */ 961 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 962 if (SUB_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, &va)) 963 return false; 964 va += (map->pa - va) & CORE_MMU_PGDIR_MASK; 965 } 966 map->va = va; 967 } 968 } else { 969 /* 970 * Map non-tee ram regions at addresses higher than the tee 971 * ram region. 972 */ 973 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 974 map->attr = core_mmu_type_to_attr(map->type); 975 if (map->va) 976 continue; 977 978 if (!IS_ENABLED(CFG_WITH_LPAE) && 979 va_is_secure != map_is_secure(map)) { 980 va_is_secure = !va_is_secure; 981 if (ROUNDUP_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, 982 &va)) 983 return false; 984 } 985 986 if (ROUNDUP_OVERFLOW(va, map->region_size, &va)) 987 return false; 988 /* 989 * Make sure that va is aligned with pa for 990 * efficient pgdir mapping. Basically pa & 991 * pgdir_mask should be == va & pgdir_mask 992 */ 993 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 994 vaddr_t offs = (map->pa - va) & 995 CORE_MMU_PGDIR_MASK; 996 997 if (ADD_OVERFLOW(va, offs, &va)) 998 return false; 999 } 1000 1001 map->va = va; 1002 if (ADD_OVERFLOW(va, map->size, &va)) 1003 return false; 1004 if (va >= BIT64(core_mmu_get_va_width())) 1005 return false; 1006 } 1007 } 1008 1009 return true; 1010 } 1011 1012 static bool assign_mem_va(vaddr_t tee_ram_va, 1013 struct tee_mmap_region *memory_map) 1014 { 1015 bool tee_ram_at_top = place_tee_ram_at_top(tee_ram_va); 1016 1017 /* 1018 * Check that we're not overlapping with the user VA range. 1019 */ 1020 if (IS_ENABLED(CFG_WITH_LPAE)) { 1021 /* 1022 * User VA range is supposed to be defined after these 1023 * mappings have been established. 1024 */ 1025 assert(!core_mmu_user_va_range_is_defined()); 1026 } else { 1027 vaddr_t user_va_base = 0; 1028 size_t user_va_size = 0; 1029 1030 assert(core_mmu_user_va_range_is_defined()); 1031 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 1032 if (tee_ram_va < (user_va_base + user_va_size)) 1033 return false; 1034 } 1035 1036 if (IS_ENABLED(CFG_WITH_PAGER)) { 1037 bool prefered_dir = core_mmu_prefer_tee_ram_at_top(tee_ram_va); 1038 1039 /* Try whole mapping covered by a single base xlat entry */ 1040 if (prefered_dir != tee_ram_at_top && 1041 assign_mem_va_dir(tee_ram_va, memory_map, prefered_dir)) 1042 return true; 1043 } 1044 1045 return assign_mem_va_dir(tee_ram_va, memory_map, tee_ram_at_top); 1046 } 1047 1048 static int cmp_init_mem_map(const void *a, const void *b) 1049 { 1050 const struct tee_mmap_region *mm_a = a; 1051 const struct tee_mmap_region *mm_b = b; 1052 int rc = 0; 1053 1054 rc = CMP_TRILEAN(mm_a->region_size, mm_b->region_size); 1055 if (!rc) 1056 rc = CMP_TRILEAN(mm_a->pa, mm_b->pa); 1057 /* 1058 * 32bit MMU descriptors cannot mix secure and non-secure mapping in 1059 * the same level2 table. Hence sort secure mapping from non-secure 1060 * mapping. 1061 */ 1062 if (!rc && !IS_ENABLED(CFG_WITH_LPAE)) 1063 rc = CMP_TRILEAN(map_is_secure(mm_a), map_is_secure(mm_b)); 1064 1065 return rc; 1066 } 1067 1068 static bool mem_map_add_id_map(struct tee_mmap_region *memory_map, 1069 size_t num_elems, size_t *last, 1070 vaddr_t id_map_start, vaddr_t id_map_end) 1071 { 1072 struct tee_mmap_region *map = NULL; 1073 vaddr_t start = ROUNDDOWN(id_map_start, SMALL_PAGE_SIZE); 1074 vaddr_t end = ROUNDUP(id_map_end, SMALL_PAGE_SIZE); 1075 size_t len = end - start; 1076 1077 if (*last >= num_elems - 1) { 1078 EMSG("Out of entries (%zu) in memory map", num_elems); 1079 panic(); 1080 } 1081 1082 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 1083 if (core_is_buffer_intersect(map->va, map->size, start, len)) 1084 return false; 1085 1086 *map = (struct tee_mmap_region){ 1087 .type = MEM_AREA_IDENTITY_MAP_RX, 1088 /* 1089 * Could use CORE_MMU_PGDIR_SIZE to potentially save a 1090 * translation table, at the increased risk of clashes with 1091 * the rest of the memory map. 1092 */ 1093 .region_size = SMALL_PAGE_SIZE, 1094 .pa = start, 1095 .va = start, 1096 .size = len, 1097 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1098 }; 1099 1100 (*last)++; 1101 1102 return true; 1103 } 1104 1105 static unsigned long init_mem_map(struct tee_mmap_region *memory_map, 1106 size_t num_elems, unsigned long seed) 1107 { 1108 /* 1109 * @id_map_start and @id_map_end describes a physical memory range 1110 * that must be mapped Read-Only eXecutable at identical virtual 1111 * addresses. 1112 */ 1113 vaddr_t id_map_start = (vaddr_t)__identity_map_init_start; 1114 vaddr_t id_map_end = (vaddr_t)__identity_map_init_end; 1115 unsigned long offs = 0; 1116 size_t last = 0; 1117 1118 last = collect_mem_ranges(memory_map, num_elems); 1119 assign_mem_granularity(memory_map); 1120 1121 /* 1122 * To ease mapping and lower use of xlat tables, sort mapping 1123 * description moving small-page regions after the pgdir regions. 1124 */ 1125 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1126 cmp_init_mem_map); 1127 1128 add_pager_vaspace(memory_map, num_elems, &last); 1129 if (IS_ENABLED(CFG_CORE_ASLR) && seed) { 1130 vaddr_t base_addr = TEE_RAM_START + seed; 1131 const unsigned int va_width = core_mmu_get_va_width(); 1132 const vaddr_t va_mask = GENMASK_64(va_width - 1, 1133 SMALL_PAGE_SHIFT); 1134 vaddr_t ba = base_addr; 1135 size_t n = 0; 1136 1137 for (n = 0; n < 3; n++) { 1138 if (n) 1139 ba = base_addr ^ BIT64(va_width - n); 1140 ba &= va_mask; 1141 if (assign_mem_va(ba, memory_map) && 1142 mem_map_add_id_map(memory_map, num_elems, &last, 1143 id_map_start, id_map_end)) { 1144 offs = ba - TEE_RAM_START; 1145 DMSG("Mapping core at %#"PRIxVA" offs %#lx", 1146 ba, offs); 1147 goto out; 1148 } else { 1149 DMSG("Failed to map core at %#"PRIxVA, ba); 1150 } 1151 } 1152 EMSG("Failed to map core with seed %#lx", seed); 1153 } 1154 1155 if (!assign_mem_va(TEE_RAM_START, memory_map)) 1156 panic(); 1157 1158 out: 1159 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1160 cmp_mmap_by_lower_va); 1161 1162 dump_mmap_table(memory_map); 1163 1164 return offs; 1165 } 1166 1167 static void check_mem_map(struct tee_mmap_region *map) 1168 { 1169 struct tee_mmap_region *m = NULL; 1170 1171 for (m = map; !core_mmap_is_end_of_table(m); m++) { 1172 switch (m->type) { 1173 case MEM_AREA_TEE_RAM: 1174 case MEM_AREA_TEE_RAM_RX: 1175 case MEM_AREA_TEE_RAM_RO: 1176 case MEM_AREA_TEE_RAM_RW: 1177 case MEM_AREA_INIT_RAM_RX: 1178 case MEM_AREA_INIT_RAM_RO: 1179 case MEM_AREA_NEX_RAM_RW: 1180 case MEM_AREA_NEX_RAM_RO: 1181 case MEM_AREA_IDENTITY_MAP_RX: 1182 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1183 panic("TEE_RAM can't fit in secure_only"); 1184 break; 1185 case MEM_AREA_TA_RAM: 1186 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1187 panic("TA_RAM can't fit in secure_only"); 1188 break; 1189 case MEM_AREA_NSEC_SHM: 1190 if (!pbuf_is_inside(nsec_shared, m->pa, m->size)) 1191 panic("NS_SHM can't fit in nsec_shared"); 1192 break; 1193 case MEM_AREA_SEC_RAM_OVERALL: 1194 case MEM_AREA_TEE_COHERENT: 1195 case MEM_AREA_TEE_ASAN: 1196 case MEM_AREA_IO_SEC: 1197 case MEM_AREA_IO_NSEC: 1198 case MEM_AREA_EXT_DT: 1199 case MEM_AREA_RAM_SEC: 1200 case MEM_AREA_RAM_NSEC: 1201 case MEM_AREA_RES_VASPACE: 1202 case MEM_AREA_SHM_VASPACE: 1203 case MEM_AREA_PAGER_VASPACE: 1204 break; 1205 default: 1206 EMSG("Uhandled memtype %d", m->type); 1207 panic(); 1208 } 1209 } 1210 } 1211 1212 static struct tee_mmap_region *get_tmp_mmap(void) 1213 { 1214 struct tee_mmap_region *tmp_mmap = (void *)__heap1_start; 1215 1216 #ifdef CFG_WITH_PAGER 1217 if (__heap1_end - __heap1_start < (ptrdiff_t)sizeof(static_memory_map)) 1218 tmp_mmap = (void *)__heap2_start; 1219 #endif 1220 1221 memset(tmp_mmap, 0, sizeof(static_memory_map)); 1222 1223 return tmp_mmap; 1224 } 1225 1226 /* 1227 * core_init_mmu_map() - init tee core default memory mapping 1228 * 1229 * This routine sets the static default TEE core mapping. If @seed is > 0 1230 * and configured with CFG_CORE_ASLR it will map tee core at a location 1231 * based on the seed and return the offset from the link address. 1232 * 1233 * If an error happened: core_init_mmu_map is expected to panic. 1234 * 1235 * Note: this function is weak just to make it possible to exclude it from 1236 * the unpaged area. 1237 */ 1238 void __weak core_init_mmu_map(unsigned long seed, struct core_mmu_config *cfg) 1239 { 1240 #ifndef CFG_VIRTUALIZATION 1241 vaddr_t start = ROUNDDOWN((vaddr_t)__nozi_start, SMALL_PAGE_SIZE); 1242 #else 1243 vaddr_t start = ROUNDDOWN((vaddr_t)__vcore_nex_rw_start, 1244 SMALL_PAGE_SIZE); 1245 #endif 1246 vaddr_t len = ROUNDUP((vaddr_t)__nozi_end, SMALL_PAGE_SIZE) - start; 1247 struct tee_mmap_region *tmp_mmap = get_tmp_mmap(); 1248 unsigned long offs = 0; 1249 1250 check_sec_nsec_mem_config(); 1251 1252 /* 1253 * Add a entry covering the translation tables which will be 1254 * involved in some virt_to_phys() and phys_to_virt() conversions. 1255 */ 1256 static_memory_map[0] = (struct tee_mmap_region){ 1257 .type = MEM_AREA_TEE_RAM, 1258 .region_size = SMALL_PAGE_SIZE, 1259 .pa = start, 1260 .va = start, 1261 .size = len, 1262 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1263 }; 1264 1265 COMPILE_TIME_ASSERT(CFG_MMAP_REGIONS >= 13); 1266 offs = init_mem_map(tmp_mmap, ARRAY_SIZE(static_memory_map), seed); 1267 1268 check_mem_map(tmp_mmap); 1269 core_init_mmu(tmp_mmap); 1270 dump_xlat_table(0x0, CORE_MMU_BASE_TABLE_LEVEL); 1271 core_init_mmu_regs(cfg); 1272 cfg->load_offset = offs; 1273 memcpy(static_memory_map, tmp_mmap, sizeof(static_memory_map)); 1274 } 1275 1276 bool core_mmu_mattr_is_ok(uint32_t mattr) 1277 { 1278 /* 1279 * Keep in sync with core_mmu_lpae.c:mattr_to_desc and 1280 * core_mmu_v7.c:mattr_to_texcb 1281 */ 1282 1283 switch ((mattr >> TEE_MATTR_MEM_TYPE_SHIFT) & TEE_MATTR_MEM_TYPE_MASK) { 1284 case TEE_MATTR_MEM_TYPE_DEV: 1285 case TEE_MATTR_MEM_TYPE_STRONGLY_O: 1286 case TEE_MATTR_MEM_TYPE_CACHED: 1287 return true; 1288 default: 1289 return false; 1290 } 1291 } 1292 1293 /* 1294 * test attributes of target physical buffer 1295 * 1296 * Flags: pbuf_is(SECURE, NOT_SECURE, RAM, IOMEM, KEYVAULT). 1297 * 1298 */ 1299 bool core_pbuf_is(uint32_t attr, paddr_t pbuf, size_t len) 1300 { 1301 struct tee_mmap_region *map; 1302 1303 /* Empty buffers complies with anything */ 1304 if (len == 0) 1305 return true; 1306 1307 switch (attr) { 1308 case CORE_MEM_SEC: 1309 return pbuf_is_inside(secure_only, pbuf, len); 1310 case CORE_MEM_NON_SEC: 1311 return pbuf_is_inside(nsec_shared, pbuf, len) || 1312 pbuf_is_nsec_ddr(pbuf, len); 1313 case CORE_MEM_TEE_RAM: 1314 return core_is_buffer_inside(pbuf, len, TEE_RAM_START, 1315 TEE_RAM_PH_SIZE); 1316 case CORE_MEM_TA_RAM: 1317 return core_is_buffer_inside(pbuf, len, TA_RAM_START, 1318 TA_RAM_SIZE); 1319 #ifdef CFG_CORE_RESERVED_SHM 1320 case CORE_MEM_NSEC_SHM: 1321 return core_is_buffer_inside(pbuf, len, TEE_SHMEM_START, 1322 TEE_SHMEM_SIZE); 1323 #endif 1324 case CORE_MEM_SDP_MEM: 1325 return pbuf_is_sdp_mem(pbuf, len); 1326 case CORE_MEM_CACHED: 1327 map = find_map_by_pa(pbuf); 1328 if (!map || !pbuf_inside_map_area(pbuf, len, map)) 1329 return false; 1330 return mattr_is_cached(map->attr); 1331 default: 1332 return false; 1333 } 1334 } 1335 1336 /* test attributes of target virtual buffer (in core mapping) */ 1337 bool core_vbuf_is(uint32_t attr, const void *vbuf, size_t len) 1338 { 1339 paddr_t p; 1340 1341 /* Empty buffers complies with anything */ 1342 if (len == 0) 1343 return true; 1344 1345 p = virt_to_phys((void *)vbuf); 1346 if (!p) 1347 return false; 1348 1349 return core_pbuf_is(attr, p, len); 1350 } 1351 1352 /* core_va2pa - teecore exported service */ 1353 static int __maybe_unused core_va2pa_helper(void *va, paddr_t *pa) 1354 { 1355 struct tee_mmap_region *map; 1356 1357 map = find_map_by_va(va); 1358 if (!va_is_in_map(map, (vaddr_t)va)) 1359 return -1; 1360 1361 /* 1362 * We can calculate PA for static map. Virtual address ranges 1363 * reserved to core dynamic mapping return a 'match' (return 0;) 1364 * together with an invalid null physical address. 1365 */ 1366 if (map->pa) 1367 *pa = map->pa + (vaddr_t)va - map->va; 1368 else 1369 *pa = 0; 1370 1371 return 0; 1372 } 1373 1374 static void *map_pa2va(struct tee_mmap_region *map, paddr_t pa, size_t len) 1375 { 1376 if (!pa_is_in_map(map, pa, len)) 1377 return NULL; 1378 1379 return (void *)(vaddr_t)(map->va + pa - map->pa); 1380 } 1381 1382 /* 1383 * teecore gets some memory area definitions 1384 */ 1385 void core_mmu_get_mem_by_type(unsigned int type, vaddr_t *s, vaddr_t *e) 1386 { 1387 struct tee_mmap_region *map = find_map_by_type(type); 1388 1389 if (map) { 1390 *s = map->va; 1391 *e = map->va + map->size; 1392 } else { 1393 *s = 0; 1394 *e = 0; 1395 } 1396 } 1397 1398 enum teecore_memtypes core_mmu_get_type_by_pa(paddr_t pa) 1399 { 1400 struct tee_mmap_region *map = find_map_by_pa(pa); 1401 1402 if (!map) 1403 return MEM_AREA_MAXTYPE; 1404 return map->type; 1405 } 1406 1407 void core_mmu_set_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1408 paddr_t pa, uint32_t attr) 1409 { 1410 assert(idx < tbl_info->num_entries); 1411 core_mmu_set_entry_primitive(tbl_info->table, tbl_info->level, 1412 idx, pa, attr); 1413 } 1414 1415 void core_mmu_get_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1416 paddr_t *pa, uint32_t *attr) 1417 { 1418 assert(idx < tbl_info->num_entries); 1419 core_mmu_get_entry_primitive(tbl_info->table, tbl_info->level, 1420 idx, pa, attr); 1421 } 1422 1423 static void clear_region(struct core_mmu_table_info *tbl_info, 1424 struct tee_mmap_region *region) 1425 { 1426 unsigned int end = 0; 1427 unsigned int idx = 0; 1428 1429 /* va, len and pa should be block aligned */ 1430 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1431 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1432 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1433 1434 idx = core_mmu_va2idx(tbl_info, region->va); 1435 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1436 1437 while (idx < end) { 1438 core_mmu_set_entry(tbl_info, idx, 0, 0); 1439 idx++; 1440 } 1441 } 1442 1443 static void set_region(struct core_mmu_table_info *tbl_info, 1444 struct tee_mmap_region *region) 1445 { 1446 unsigned int end; 1447 unsigned int idx; 1448 paddr_t pa; 1449 1450 /* va, len and pa should be block aligned */ 1451 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1452 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1453 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1454 1455 idx = core_mmu_va2idx(tbl_info, region->va); 1456 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1457 pa = region->pa; 1458 1459 while (idx < end) { 1460 core_mmu_set_entry(tbl_info, idx, pa, region->attr); 1461 idx++; 1462 pa += BIT64(tbl_info->shift); 1463 } 1464 } 1465 1466 static void set_pg_region(struct core_mmu_table_info *dir_info, 1467 struct vm_region *region, struct pgt **pgt, 1468 struct core_mmu_table_info *pg_info) 1469 { 1470 struct tee_mmap_region r = { 1471 .va = region->va, 1472 .size = region->size, 1473 .attr = region->attr, 1474 }; 1475 vaddr_t end = r.va + r.size; 1476 uint32_t pgt_attr = (r.attr & TEE_MATTR_SECURE) | TEE_MATTR_TABLE; 1477 1478 while (r.va < end) { 1479 if (!pg_info->table || 1480 r.va >= (pg_info->va_base + CORE_MMU_PGDIR_SIZE)) { 1481 /* 1482 * We're assigning a new translation table. 1483 */ 1484 unsigned int idx; 1485 1486 /* Virtual addresses must grow */ 1487 assert(r.va > pg_info->va_base); 1488 1489 idx = core_mmu_va2idx(dir_info, r.va); 1490 pg_info->va_base = core_mmu_idx2va(dir_info, idx); 1491 1492 #ifdef CFG_PAGED_USER_TA 1493 /* 1494 * Advance pgt to va_base, note that we may need to 1495 * skip multiple page tables if there are large 1496 * holes in the vm map. 1497 */ 1498 while ((*pgt)->vabase < pg_info->va_base) { 1499 *pgt = SLIST_NEXT(*pgt, link); 1500 /* We should have allocated enough */ 1501 assert(*pgt); 1502 } 1503 assert((*pgt)->vabase == pg_info->va_base); 1504 pg_info->table = (*pgt)->tbl; 1505 #else 1506 assert(*pgt); /* We should have allocated enough */ 1507 pg_info->table = (*pgt)->tbl; 1508 *pgt = SLIST_NEXT(*pgt, link); 1509 #endif 1510 1511 core_mmu_set_entry(dir_info, idx, 1512 virt_to_phys(pg_info->table), 1513 pgt_attr); 1514 } 1515 1516 r.size = MIN(CORE_MMU_PGDIR_SIZE - (r.va - pg_info->va_base), 1517 end - r.va); 1518 1519 if (!mobj_is_paged(region->mobj)) { 1520 size_t granule = BIT(pg_info->shift); 1521 size_t offset = r.va - region->va + region->offset; 1522 1523 r.size = MIN(r.size, 1524 mobj_get_phys_granule(region->mobj)); 1525 r.size = ROUNDUP(r.size, SMALL_PAGE_SIZE); 1526 1527 if (mobj_get_pa(region->mobj, offset, granule, 1528 &r.pa) != TEE_SUCCESS) 1529 panic("Failed to get PA of unpaged mobj"); 1530 set_region(pg_info, &r); 1531 } 1532 r.va += r.size; 1533 } 1534 } 1535 1536 static bool can_map_at_level(paddr_t paddr, vaddr_t vaddr, 1537 size_t size_left, paddr_t block_size, 1538 struct tee_mmap_region *mm __maybe_unused) 1539 { 1540 /* VA and PA are aligned to block size at current level */ 1541 if ((vaddr | paddr) & (block_size - 1)) 1542 return false; 1543 1544 /* Remainder fits into block at current level */ 1545 if (size_left < block_size) 1546 return false; 1547 1548 #ifdef CFG_WITH_PAGER 1549 /* 1550 * If pager is enabled, we need to map tee ram 1551 * regions with small pages only 1552 */ 1553 if (map_is_tee_ram(mm) && block_size != SMALL_PAGE_SIZE) 1554 return false; 1555 #endif 1556 1557 return true; 1558 } 1559 1560 void core_mmu_map_region(struct mmu_partition *prtn, struct tee_mmap_region *mm) 1561 { 1562 struct core_mmu_table_info tbl_info; 1563 unsigned int idx; 1564 vaddr_t vaddr = mm->va; 1565 paddr_t paddr = mm->pa; 1566 ssize_t size_left = mm->size; 1567 unsigned int level; 1568 bool table_found; 1569 uint32_t old_attr; 1570 1571 assert(!((vaddr | paddr) & SMALL_PAGE_MASK)); 1572 1573 while (size_left > 0) { 1574 level = CORE_MMU_BASE_TABLE_LEVEL; 1575 1576 while (true) { 1577 paddr_t block_size = 0; 1578 1579 assert(level <= CORE_MMU_PGDIR_LEVEL); 1580 1581 table_found = core_mmu_find_table(prtn, vaddr, level, 1582 &tbl_info); 1583 if (!table_found) 1584 panic("can't find table for mapping"); 1585 1586 block_size = BIT64(tbl_info.shift); 1587 1588 idx = core_mmu_va2idx(&tbl_info, vaddr); 1589 if (!can_map_at_level(paddr, vaddr, size_left, 1590 block_size, mm)) { 1591 bool secure = mm->attr & TEE_MATTR_SECURE; 1592 1593 /* 1594 * This part of the region can't be mapped at 1595 * this level. Need to go deeper. 1596 */ 1597 if (!core_mmu_entry_to_finer_grained(&tbl_info, 1598 idx, 1599 secure)) 1600 panic("Can't divide MMU entry"); 1601 level++; 1602 continue; 1603 } 1604 1605 /* We can map part of the region at current level */ 1606 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1607 if (old_attr) 1608 panic("Page is already mapped"); 1609 1610 core_mmu_set_entry(&tbl_info, idx, paddr, mm->attr); 1611 paddr += block_size; 1612 vaddr += block_size; 1613 size_left -= block_size; 1614 1615 break; 1616 } 1617 } 1618 } 1619 1620 TEE_Result core_mmu_map_pages(vaddr_t vstart, paddr_t *pages, size_t num_pages, 1621 enum teecore_memtypes memtype) 1622 { 1623 TEE_Result ret; 1624 struct core_mmu_table_info tbl_info; 1625 struct tee_mmap_region *mm; 1626 unsigned int idx; 1627 uint32_t old_attr; 1628 uint32_t exceptions; 1629 vaddr_t vaddr = vstart; 1630 size_t i; 1631 bool secure; 1632 1633 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1634 1635 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1636 1637 if (vaddr & SMALL_PAGE_MASK) 1638 return TEE_ERROR_BAD_PARAMETERS; 1639 1640 exceptions = mmu_lock(); 1641 1642 mm = find_map_by_va((void *)vaddr); 1643 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1644 panic("VA does not belong to any known mm region"); 1645 1646 if (!core_mmu_is_dynamic_vaspace(mm)) 1647 panic("Trying to map into static region"); 1648 1649 for (i = 0; i < num_pages; i++) { 1650 if (pages[i] & SMALL_PAGE_MASK) { 1651 ret = TEE_ERROR_BAD_PARAMETERS; 1652 goto err; 1653 } 1654 1655 while (true) { 1656 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1657 &tbl_info)) 1658 panic("Can't find pagetable for vaddr "); 1659 1660 idx = core_mmu_va2idx(&tbl_info, vaddr); 1661 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1662 break; 1663 1664 /* This is supertable. Need to divide it. */ 1665 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1666 secure)) 1667 panic("Failed to spread pgdir on small tables"); 1668 } 1669 1670 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1671 if (old_attr) 1672 panic("Page is already mapped"); 1673 1674 core_mmu_set_entry(&tbl_info, idx, pages[i], 1675 core_mmu_type_to_attr(memtype)); 1676 vaddr += SMALL_PAGE_SIZE; 1677 } 1678 1679 /* 1680 * Make sure all the changes to translation tables are visible 1681 * before returning. TLB doesn't need to be invalidated as we are 1682 * guaranteed that there's no valid mapping in this range. 1683 */ 1684 core_mmu_table_write_barrier(); 1685 mmu_unlock(exceptions); 1686 1687 return TEE_SUCCESS; 1688 err: 1689 mmu_unlock(exceptions); 1690 1691 if (i) 1692 core_mmu_unmap_pages(vstart, i); 1693 1694 return ret; 1695 } 1696 1697 TEE_Result core_mmu_map_contiguous_pages(vaddr_t vstart, paddr_t pstart, 1698 size_t num_pages, 1699 enum teecore_memtypes memtype) 1700 { 1701 struct core_mmu_table_info tbl_info = { }; 1702 struct tee_mmap_region *mm = NULL; 1703 unsigned int idx = 0; 1704 uint32_t old_attr = 0; 1705 uint32_t exceptions = 0; 1706 vaddr_t vaddr = vstart; 1707 paddr_t paddr = pstart; 1708 size_t i = 0; 1709 bool secure = false; 1710 1711 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1712 1713 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1714 1715 if ((vaddr | paddr) & SMALL_PAGE_MASK) 1716 return TEE_ERROR_BAD_PARAMETERS; 1717 1718 exceptions = mmu_lock(); 1719 1720 mm = find_map_by_va((void *)vaddr); 1721 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1722 panic("VA does not belong to any known mm region"); 1723 1724 if (!core_mmu_is_dynamic_vaspace(mm)) 1725 panic("Trying to map into static region"); 1726 1727 for (i = 0; i < num_pages; i++) { 1728 while (true) { 1729 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1730 &tbl_info)) 1731 panic("Can't find pagetable for vaddr "); 1732 1733 idx = core_mmu_va2idx(&tbl_info, vaddr); 1734 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1735 break; 1736 1737 /* This is supertable. Need to divide it. */ 1738 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1739 secure)) 1740 panic("Failed to spread pgdir on small tables"); 1741 } 1742 1743 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1744 if (old_attr) 1745 panic("Page is already mapped"); 1746 1747 core_mmu_set_entry(&tbl_info, idx, paddr, 1748 core_mmu_type_to_attr(memtype)); 1749 paddr += SMALL_PAGE_SIZE; 1750 vaddr += SMALL_PAGE_SIZE; 1751 } 1752 1753 /* 1754 * Make sure all the changes to translation tables are visible 1755 * before returning. TLB doesn't need to be invalidated as we are 1756 * guaranteed that there's no valid mapping in this range. 1757 */ 1758 core_mmu_table_write_barrier(); 1759 mmu_unlock(exceptions); 1760 1761 return TEE_SUCCESS; 1762 } 1763 1764 void core_mmu_unmap_pages(vaddr_t vstart, size_t num_pages) 1765 { 1766 struct core_mmu_table_info tbl_info; 1767 struct tee_mmap_region *mm; 1768 size_t i; 1769 unsigned int idx; 1770 uint32_t exceptions; 1771 1772 exceptions = mmu_lock(); 1773 1774 mm = find_map_by_va((void *)vstart); 1775 if (!mm || !va_is_in_map(mm, vstart + num_pages * SMALL_PAGE_SIZE - 1)) 1776 panic("VA does not belong to any known mm region"); 1777 1778 if (!core_mmu_is_dynamic_vaspace(mm)) 1779 panic("Trying to unmap static region"); 1780 1781 for (i = 0; i < num_pages; i++, vstart += SMALL_PAGE_SIZE) { 1782 if (!core_mmu_find_table(NULL, vstart, UINT_MAX, &tbl_info)) 1783 panic("Can't find pagetable"); 1784 1785 if (tbl_info.shift != SMALL_PAGE_SHIFT) 1786 panic("Invalid pagetable level"); 1787 1788 idx = core_mmu_va2idx(&tbl_info, vstart); 1789 core_mmu_set_entry(&tbl_info, idx, 0, 0); 1790 } 1791 tlbi_all(); 1792 1793 mmu_unlock(exceptions); 1794 } 1795 1796 void core_mmu_populate_user_map(struct core_mmu_table_info *dir_info, 1797 struct user_mode_ctx *uctx) 1798 { 1799 struct core_mmu_table_info pg_info = { }; 1800 struct pgt_cache *pgt_cache = &thread_get_tsd()->pgt_cache; 1801 struct pgt *pgt = NULL; 1802 struct vm_region *r = NULL; 1803 struct vm_region *r_last = NULL; 1804 1805 /* Find the first and last valid entry */ 1806 r = TAILQ_FIRST(&uctx->vm_info.regions); 1807 if (!r) 1808 return; /* Nothing to map */ 1809 r_last = TAILQ_LAST(&uctx->vm_info.regions, vm_region_head); 1810 1811 /* 1812 * Allocate all page tables in advance. 1813 */ 1814 pgt_alloc(pgt_cache, uctx->ts_ctx, r->va, 1815 r_last->va + r_last->size - 1); 1816 pgt = SLIST_FIRST(pgt_cache); 1817 1818 core_mmu_set_info_table(&pg_info, dir_info->level + 1, 0, NULL); 1819 1820 TAILQ_FOREACH(r, &uctx->vm_info.regions, link) 1821 set_pg_region(dir_info, r, &pgt, &pg_info); 1822 } 1823 1824 TEE_Result core_mmu_remove_mapping(enum teecore_memtypes type, void *addr, 1825 size_t len) 1826 { 1827 struct core_mmu_table_info tbl_info = { }; 1828 struct tee_mmap_region *res_map = NULL; 1829 struct tee_mmap_region *map = NULL; 1830 paddr_t pa = virt_to_phys(addr); 1831 size_t granule = 0; 1832 ptrdiff_t i = 0; 1833 paddr_t p = 0; 1834 size_t l = 0; 1835 1836 map = find_map_by_type_and_pa(type, pa, len); 1837 if (!map) 1838 return TEE_ERROR_GENERIC; 1839 1840 res_map = find_map_by_type(MEM_AREA_RES_VASPACE); 1841 if (!res_map) 1842 return TEE_ERROR_GENERIC; 1843 if (!core_mmu_find_table(NULL, res_map->va, UINT_MAX, &tbl_info)) 1844 return TEE_ERROR_GENERIC; 1845 granule = BIT(tbl_info.shift); 1846 1847 if (map < static_memory_map || 1848 map >= static_memory_map + ARRAY_SIZE(static_memory_map)) 1849 return TEE_ERROR_GENERIC; 1850 i = map - static_memory_map; 1851 1852 /* Check that we have a full match */ 1853 p = ROUNDDOWN(pa, granule); 1854 l = ROUNDUP(len + pa - p, granule); 1855 if (map->pa != p || map->size != l) 1856 return TEE_ERROR_GENERIC; 1857 1858 clear_region(&tbl_info, map); 1859 tlbi_all(); 1860 1861 /* If possible remove the va range from res_map */ 1862 if (res_map->va - map->size == map->va) { 1863 res_map->va -= map->size; 1864 res_map->size += map->size; 1865 } 1866 1867 /* Remove the entry. */ 1868 memmove(map, map + 1, 1869 (ARRAY_SIZE(static_memory_map) - i - 1) * sizeof(*map)); 1870 1871 /* Clear the last new entry in case it was used */ 1872 memset(static_memory_map + ARRAY_SIZE(static_memory_map) - 1, 1873 0, sizeof(*map)); 1874 1875 return TEE_SUCCESS; 1876 } 1877 1878 struct tee_mmap_region * 1879 core_mmu_find_mapping_exclusive(enum teecore_memtypes type, size_t len) 1880 { 1881 struct tee_mmap_region *map = NULL; 1882 struct tee_mmap_region *map_found = NULL; 1883 1884 if (!len) 1885 return NULL; 1886 1887 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 1888 if (map->type != type) 1889 continue; 1890 1891 if (map_found) 1892 return NULL; 1893 1894 map_found = map; 1895 } 1896 1897 if (!map_found || map_found->size < len) 1898 return NULL; 1899 1900 return map_found; 1901 } 1902 1903 void *core_mmu_add_mapping(enum teecore_memtypes type, paddr_t addr, size_t len) 1904 { 1905 struct core_mmu_table_info tbl_info; 1906 struct tee_mmap_region *map; 1907 size_t n; 1908 size_t granule; 1909 paddr_t p; 1910 size_t l; 1911 1912 if (!len) 1913 return NULL; 1914 1915 if (!core_mmu_check_end_pa(addr, len)) 1916 return NULL; 1917 1918 /* Check if the memory is already mapped */ 1919 map = find_map_by_type_and_pa(type, addr, len); 1920 if (map && pbuf_inside_map_area(addr, len, map)) 1921 return (void *)(vaddr_t)(map->va + addr - map->pa); 1922 1923 /* Find the reserved va space used for late mappings */ 1924 map = find_map_by_type(MEM_AREA_RES_VASPACE); 1925 if (!map) 1926 return NULL; 1927 1928 if (!core_mmu_find_table(NULL, map->va, UINT_MAX, &tbl_info)) 1929 return NULL; 1930 1931 granule = BIT64(tbl_info.shift); 1932 p = ROUNDDOWN(addr, granule); 1933 l = ROUNDUP(len + addr - p, granule); 1934 1935 /* Ban overflowing virtual addresses */ 1936 if (map->size < l) 1937 return NULL; 1938 1939 /* 1940 * Something is wrong, we can't fit the va range into the selected 1941 * table. The reserved va range is possibly missaligned with 1942 * granule. 1943 */ 1944 if (core_mmu_va2idx(&tbl_info, map->va + len) >= tbl_info.num_entries) 1945 return NULL; 1946 1947 /* Find end of the memory map */ 1948 n = 0; 1949 while (!core_mmap_is_end_of_table(static_memory_map + n)) 1950 n++; 1951 1952 if (n < (ARRAY_SIZE(static_memory_map) - 1)) { 1953 /* There's room for another entry */ 1954 static_memory_map[n].va = map->va; 1955 static_memory_map[n].size = l; 1956 static_memory_map[n + 1].type = MEM_AREA_END; 1957 map->va += l; 1958 map->size -= l; 1959 map = static_memory_map + n; 1960 } else { 1961 /* 1962 * There isn't room for another entry, steal the reserved 1963 * entry as it's not useful for anything else any longer. 1964 */ 1965 map->size = l; 1966 } 1967 map->type = type; 1968 map->region_size = granule; 1969 map->attr = core_mmu_type_to_attr(type); 1970 map->pa = p; 1971 1972 set_region(&tbl_info, map); 1973 1974 /* Make sure the new entry is visible before continuing. */ 1975 core_mmu_table_write_barrier(); 1976 1977 return (void *)(vaddr_t)(map->va + addr - map->pa); 1978 } 1979 1980 #ifdef CFG_WITH_PAGER 1981 static vaddr_t get_linear_map_end(void) 1982 { 1983 /* this is synced with the generic linker file kern.ld.S */ 1984 return (vaddr_t)__heap2_end; 1985 } 1986 #endif 1987 1988 #if defined(CFG_TEE_CORE_DEBUG) 1989 static void check_pa_matches_va(void *va, paddr_t pa) 1990 { 1991 TEE_Result res = TEE_ERROR_GENERIC; 1992 vaddr_t v = (vaddr_t)va; 1993 paddr_t p = 0; 1994 struct core_mmu_table_info ti __maybe_unused = { }; 1995 1996 if (core_mmu_user_va_range_is_defined()) { 1997 vaddr_t user_va_base = 0; 1998 size_t user_va_size = 0; 1999 2000 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 2001 if (v >= user_va_base && 2002 v <= (user_va_base - 1 + user_va_size)) { 2003 if (!core_mmu_user_mapping_is_active()) { 2004 if (pa) 2005 panic("issue in linear address space"); 2006 return; 2007 } 2008 2009 res = vm_va2pa(to_user_mode_ctx(thread_get_tsd()->ctx), 2010 va, &p); 2011 if (res == TEE_ERROR_NOT_SUPPORTED) 2012 return; 2013 if (res == TEE_SUCCESS && pa != p) 2014 panic("bad pa"); 2015 if (res != TEE_SUCCESS && pa) 2016 panic("false pa"); 2017 return; 2018 } 2019 } 2020 #ifdef CFG_WITH_PAGER 2021 if (is_unpaged(va)) { 2022 if (v - boot_mmu_config.load_offset != pa) 2023 panic("issue in linear address space"); 2024 return; 2025 } 2026 2027 if (tee_pager_get_table_info(v, &ti)) { 2028 uint32_t a; 2029 2030 /* 2031 * Lookups in the page table managed by the pager is 2032 * dangerous for addresses in the paged area as those pages 2033 * changes all the time. But some ranges are safe, 2034 * rw-locked areas when the page is populated for instance. 2035 */ 2036 core_mmu_get_entry(&ti, core_mmu_va2idx(&ti, v), &p, &a); 2037 if (a & TEE_MATTR_VALID_BLOCK) { 2038 paddr_t mask = BIT64(ti.shift) - 1; 2039 2040 p |= v & mask; 2041 if (pa != p) 2042 panic(); 2043 } else { 2044 if (pa) 2045 panic(); 2046 } 2047 return; 2048 } 2049 #endif 2050 2051 if (!core_va2pa_helper(va, &p)) { 2052 /* Verfiy only the static mapping (case non null phys addr) */ 2053 if (p && pa != p) { 2054 DMSG("va %p maps 0x%" PRIxPA ", expect 0x%" PRIxPA, 2055 va, p, pa); 2056 panic(); 2057 } 2058 } else { 2059 if (pa) { 2060 DMSG("va %p unmapped, expect 0x%" PRIxPA, va, pa); 2061 panic(); 2062 } 2063 } 2064 } 2065 #else 2066 static void check_pa_matches_va(void *va __unused, paddr_t pa __unused) 2067 { 2068 } 2069 #endif 2070 2071 paddr_t virt_to_phys(void *va) 2072 { 2073 paddr_t pa = 0; 2074 2075 if (!arch_va2pa_helper(va, &pa)) 2076 pa = 0; 2077 check_pa_matches_va(va, pa); 2078 return pa; 2079 } 2080 2081 #if defined(CFG_TEE_CORE_DEBUG) 2082 static void check_va_matches_pa(paddr_t pa, void *va) 2083 { 2084 paddr_t p = 0; 2085 2086 if (!va) 2087 return; 2088 2089 p = virt_to_phys(va); 2090 if (p != pa) { 2091 DMSG("va %p maps 0x%" PRIxPA " expect 0x%" PRIxPA, va, p, pa); 2092 panic(); 2093 } 2094 } 2095 #else 2096 static void check_va_matches_pa(paddr_t pa __unused, void *va __unused) 2097 { 2098 } 2099 #endif 2100 2101 static void *phys_to_virt_ts_vaspace(paddr_t pa, size_t len) 2102 { 2103 if (!core_mmu_user_mapping_is_active()) 2104 return NULL; 2105 2106 return vm_pa2va(to_user_mode_ctx(thread_get_tsd()->ctx), pa, len); 2107 } 2108 2109 #ifdef CFG_WITH_PAGER 2110 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2111 { 2112 paddr_t end_pa = 0; 2113 2114 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 2115 return NULL; 2116 2117 if (pa >= TEE_LOAD_ADDR && pa < get_linear_map_end()) { 2118 if (end_pa > get_linear_map_end()) 2119 return NULL; 2120 return (void *)(vaddr_t)(pa + boot_mmu_config.load_offset); 2121 } 2122 2123 return tee_pager_phys_to_virt(pa, len); 2124 } 2125 #else 2126 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2127 { 2128 struct tee_mmap_region *mmap = NULL; 2129 2130 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM, pa, len); 2131 if (!mmap) 2132 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RW, pa, len); 2133 if (!mmap) 2134 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RO, pa, len); 2135 if (!mmap) 2136 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RW, pa, len); 2137 if (!mmap) 2138 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RO, pa, len); 2139 if (!mmap) 2140 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RX, pa, len); 2141 /* 2142 * Note that MEM_AREA_INIT_RAM_RO and MEM_AREA_INIT_RAM_RX are only 2143 * used with pager and not needed here. 2144 */ 2145 return map_pa2va(mmap, pa, len); 2146 } 2147 #endif 2148 2149 void *phys_to_virt(paddr_t pa, enum teecore_memtypes m, size_t len) 2150 { 2151 void *va = NULL; 2152 2153 switch (m) { 2154 case MEM_AREA_TS_VASPACE: 2155 va = phys_to_virt_ts_vaspace(pa, len); 2156 break; 2157 case MEM_AREA_TEE_RAM: 2158 case MEM_AREA_TEE_RAM_RX: 2159 case MEM_AREA_TEE_RAM_RO: 2160 case MEM_AREA_TEE_RAM_RW: 2161 case MEM_AREA_NEX_RAM_RO: 2162 case MEM_AREA_NEX_RAM_RW: 2163 va = phys_to_virt_tee_ram(pa, len); 2164 break; 2165 case MEM_AREA_SHM_VASPACE: 2166 /* Find VA from PA in dynamic SHM is not yet supported */ 2167 va = NULL; 2168 break; 2169 default: 2170 va = map_pa2va(find_map_by_type_and_pa(m, pa, len), pa, len); 2171 } 2172 if (m != MEM_AREA_SEC_RAM_OVERALL) 2173 check_va_matches_pa(pa, va); 2174 return va; 2175 } 2176 2177 void *phys_to_virt_io(paddr_t pa, size_t len) 2178 { 2179 struct tee_mmap_region *map = NULL; 2180 void *va = NULL; 2181 2182 map = find_map_by_type_and_pa(MEM_AREA_IO_SEC, pa, len); 2183 if (!map) 2184 map = find_map_by_type_and_pa(MEM_AREA_IO_NSEC, pa, len); 2185 if (!map) 2186 return NULL; 2187 va = map_pa2va(map, pa, len); 2188 check_va_matches_pa(pa, va); 2189 return va; 2190 } 2191 2192 vaddr_t core_mmu_get_va(paddr_t pa, enum teecore_memtypes type, size_t len) 2193 { 2194 if (cpu_mmu_enabled()) 2195 return (vaddr_t)phys_to_virt(pa, type, len); 2196 2197 return (vaddr_t)pa; 2198 } 2199 2200 #ifdef CFG_WITH_PAGER 2201 bool is_unpaged(void *va) 2202 { 2203 vaddr_t v = (vaddr_t)va; 2204 2205 return v >= VCORE_START_VA && v < get_linear_map_end(); 2206 } 2207 #else 2208 bool is_unpaged(void *va __unused) 2209 { 2210 return true; 2211 } 2212 #endif 2213 2214 void core_mmu_init_virtualization(void) 2215 { 2216 virt_init_memory(static_memory_map); 2217 } 2218 2219 vaddr_t io_pa_or_va(struct io_pa_va *p, size_t len) 2220 { 2221 assert(p->pa); 2222 if (cpu_mmu_enabled()) { 2223 if (!p->va) 2224 p->va = (vaddr_t)phys_to_virt_io(p->pa, len); 2225 assert(p->va); 2226 return p->va; 2227 } 2228 return p->pa; 2229 } 2230 2231 vaddr_t io_pa_or_va_secure(struct io_pa_va *p, size_t len) 2232 { 2233 assert(p->pa); 2234 if (cpu_mmu_enabled()) { 2235 if (!p->va) 2236 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_SEC, 2237 len); 2238 assert(p->va); 2239 return p->va; 2240 } 2241 return p->pa; 2242 } 2243 2244 vaddr_t io_pa_or_va_nsec(struct io_pa_va *p, size_t len) 2245 { 2246 assert(p->pa); 2247 if (cpu_mmu_enabled()) { 2248 if (!p->va) 2249 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_NSEC, 2250 len); 2251 assert(p->va); 2252 return p->va; 2253 } 2254 return p->pa; 2255 } 2256 2257 #ifdef CFG_CORE_RESERVED_SHM 2258 static TEE_Result teecore_init_pub_ram(void) 2259 { 2260 vaddr_t s = 0; 2261 vaddr_t e = 0; 2262 2263 /* get virtual addr/size of NSec shared mem allocated from teecore */ 2264 core_mmu_get_mem_by_type(MEM_AREA_NSEC_SHM, &s, &e); 2265 2266 if (s >= e || s & SMALL_PAGE_MASK || e & SMALL_PAGE_MASK) 2267 panic("invalid PUB RAM"); 2268 2269 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2270 if (!tee_vbuf_is_non_sec(s, e - s)) 2271 panic("PUB RAM is not non-secure"); 2272 2273 #ifdef CFG_PL310 2274 /* Allocate statically the l2cc mutex */ 2275 tee_l2cc_store_mutex_boot_pa(virt_to_phys((void *)s)); 2276 s += sizeof(uint32_t); /* size of a pl310 mutex */ 2277 s = ROUNDUP(s, SMALL_PAGE_SIZE); /* keep required alignment */ 2278 #endif 2279 2280 default_nsec_shm_paddr = virt_to_phys((void *)s); 2281 default_nsec_shm_size = e - s; 2282 2283 return TEE_SUCCESS; 2284 } 2285 early_init(teecore_init_pub_ram); 2286 #endif /*CFG_CORE_RESERVED_SHM*/ 2287 2288 void core_mmu_init_ta_ram(void) 2289 { 2290 vaddr_t s = 0; 2291 vaddr_t e = 0; 2292 paddr_t ps = 0; 2293 size_t size = 0; 2294 2295 /* 2296 * Get virtual addr/size of RAM where TA are loaded/executedNSec 2297 * shared mem allocated from teecore. 2298 */ 2299 if (IS_ENABLED(CFG_VIRTUALIZATION)) 2300 virt_get_ta_ram(&s, &e); 2301 else 2302 core_mmu_get_mem_by_type(MEM_AREA_TA_RAM, &s, &e); 2303 2304 ps = virt_to_phys((void *)s); 2305 size = e - s; 2306 2307 if (!ps || (ps & CORE_MMU_USER_CODE_MASK) || 2308 !size || (size & CORE_MMU_USER_CODE_MASK)) 2309 panic("invalid TA RAM"); 2310 2311 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2312 if (!tee_pbuf_is_sec(ps, size)) 2313 panic("TA RAM is not secure"); 2314 2315 if (!tee_mm_is_empty(&tee_mm_sec_ddr)) 2316 panic("TA RAM pool is not empty"); 2317 2318 /* remove previous config and init TA ddr memory pool */ 2319 tee_mm_final(&tee_mm_sec_ddr); 2320 tee_mm_init(&tee_mm_sec_ddr, ps, size, CORE_MMU_USER_CODE_SHIFT, 2321 TEE_MM_POOL_NO_FLAGS); 2322 } 2323