1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2016, 2022 Linaro Limited 4 * Copyright (c) 2014, STMicroelectronics International N.V. 5 * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. 6 */ 7 8 #include <assert.h> 9 #include <config.h> 10 #include <kernel/boot.h> 11 #include <kernel/dt.h> 12 #include <kernel/linker.h> 13 #include <kernel/panic.h> 14 #include <kernel/spinlock.h> 15 #include <kernel/tee_l2cc_mutex.h> 16 #include <kernel/tee_misc.h> 17 #include <kernel/tlb_helpers.h> 18 #include <kernel/user_mode_ctx.h> 19 #include <kernel/virtualization.h> 20 #include <libfdt.h> 21 #include <mm/core_memprot.h> 22 #include <mm/core_mmu.h> 23 #include <mm/mobj.h> 24 #include <mm/pgt_cache.h> 25 #include <mm/tee_pager.h> 26 #include <mm/vm.h> 27 #include <platform_config.h> 28 #include <string.h> 29 #include <trace.h> 30 #include <util.h> 31 32 #ifndef DEBUG_XLAT_TABLE 33 #define DEBUG_XLAT_TABLE 0 34 #endif 35 36 #define SHM_VASPACE_SIZE (1024 * 1024 * 32) 37 38 #ifdef CFG_CORE_PHYS_RELOCATABLE 39 unsigned long core_mmu_tee_load_pa __nex_bss; 40 #else 41 const unsigned long core_mmu_tee_load_pa = TEE_LOAD_ADDR; 42 #endif 43 44 /* 45 * These variables are initialized before .bss is cleared. To avoid 46 * resetting them when .bss is cleared we're storing them in .data instead, 47 * even if they initially are zero. 48 */ 49 50 #ifdef CFG_CORE_RESERVED_SHM 51 /* Default NSec shared memory allocated from NSec world */ 52 unsigned long default_nsec_shm_size __nex_bss; 53 unsigned long default_nsec_shm_paddr __nex_bss; 54 #endif 55 56 static struct tee_mmap_region static_memory_map[CFG_MMAP_REGIONS 57 #ifdef CFG_CORE_ASLR 58 + 1 59 #endif 60 + 1] __nex_bss; 61 62 /* Define the platform's memory layout. */ 63 struct memaccess_area { 64 paddr_t paddr; 65 size_t size; 66 }; 67 68 #define MEMACCESS_AREA(a, s) { .paddr = a, .size = s } 69 70 static struct memaccess_area secure_only[] __nex_data = { 71 #ifdef TRUSTED_SRAM_BASE 72 MEMACCESS_AREA(TRUSTED_SRAM_BASE, TRUSTED_SRAM_SIZE), 73 #endif 74 MEMACCESS_AREA(TRUSTED_DRAM_BASE, TRUSTED_DRAM_SIZE), 75 }; 76 77 static struct memaccess_area nsec_shared[] __nex_data = { 78 #ifdef CFG_CORE_RESERVED_SHM 79 MEMACCESS_AREA(TEE_SHMEM_START, TEE_SHMEM_SIZE), 80 #endif 81 }; 82 83 #if defined(CFG_SECURE_DATA_PATH) 84 static const char *tz_sdp_match = "linaro,secure-heap"; 85 static struct memaccess_area sec_sdp; 86 #ifdef CFG_TEE_SDP_MEM_BASE 87 register_sdp_mem(CFG_TEE_SDP_MEM_BASE, CFG_TEE_SDP_MEM_SIZE); 88 #endif 89 #ifdef TEE_SDP_TEST_MEM_BASE 90 register_sdp_mem(TEE_SDP_TEST_MEM_BASE, TEE_SDP_TEST_MEM_SIZE); 91 #endif 92 #endif 93 94 #ifdef CFG_CORE_RESERVED_SHM 95 register_phys_mem(MEM_AREA_NSEC_SHM, TEE_SHMEM_START, TEE_SHMEM_SIZE); 96 #endif 97 static unsigned int mmu_spinlock; 98 99 static uint32_t mmu_lock(void) 100 { 101 return cpu_spin_lock_xsave(&mmu_spinlock); 102 } 103 104 static void mmu_unlock(uint32_t exceptions) 105 { 106 cpu_spin_unlock_xrestore(&mmu_spinlock, exceptions); 107 } 108 109 void core_mmu_get_secure_memory(paddr_t *base, paddr_size_t *size) 110 { 111 /* 112 * The first range is always used to cover OP-TEE core memory, but 113 * depending on configuration it may cover more than that. 114 */ 115 *base = secure_only[0].paddr; 116 *size = secure_only[0].size; 117 } 118 119 void core_mmu_get_ta_range(paddr_t *base, size_t *size) 120 { 121 paddr_t b = 0; 122 size_t s = 0; 123 124 static_assert(!(TEE_RAM_VA_SIZE % SMALL_PAGE_SIZE)); 125 #ifdef TA_RAM_START 126 b = TA_RAM_START; 127 s = TA_RAM_SIZE; 128 #else 129 static_assert(ARRAY_SIZE(secure_only) <= 2); 130 if (ARRAY_SIZE(secure_only) == 1) { 131 vaddr_t load_offs = 0; 132 133 assert(core_mmu_tee_load_pa >= secure_only[0].paddr); 134 load_offs = core_mmu_tee_load_pa - secure_only[0].paddr; 135 136 assert(secure_only[0].size > 137 load_offs + TEE_RAM_VA_SIZE + TEE_SDP_TEST_MEM_SIZE); 138 b = secure_only[0].paddr + load_offs + TEE_RAM_VA_SIZE; 139 s = secure_only[0].size - load_offs - TEE_RAM_VA_SIZE - 140 TEE_SDP_TEST_MEM_SIZE; 141 } else { 142 assert(secure_only[1].size > TEE_SDP_TEST_MEM_SIZE); 143 b = secure_only[1].paddr; 144 s = secure_only[1].size - TEE_SDP_TEST_MEM_SIZE; 145 } 146 #endif 147 if (base) 148 *base = b; 149 if (size) 150 *size = s; 151 } 152 153 static struct tee_mmap_region *get_memory_map(void) 154 { 155 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 156 struct tee_mmap_region *map = virt_get_memory_map(); 157 158 if (map) 159 return map; 160 } 161 162 return static_memory_map; 163 } 164 165 static bool _pbuf_intersects(struct memaccess_area *a, size_t alen, 166 paddr_t pa, size_t size) 167 { 168 size_t n; 169 170 for (n = 0; n < alen; n++) 171 if (core_is_buffer_intersect(pa, size, a[n].paddr, a[n].size)) 172 return true; 173 return false; 174 } 175 176 #define pbuf_intersects(a, pa, size) \ 177 _pbuf_intersects((a), ARRAY_SIZE(a), (pa), (size)) 178 179 static bool _pbuf_is_inside(struct memaccess_area *a, size_t alen, 180 paddr_t pa, size_t size) 181 { 182 size_t n; 183 184 for (n = 0; n < alen; n++) 185 if (core_is_buffer_inside(pa, size, a[n].paddr, a[n].size)) 186 return true; 187 return false; 188 } 189 190 #define pbuf_is_inside(a, pa, size) \ 191 _pbuf_is_inside((a), ARRAY_SIZE(a), (pa), (size)) 192 193 static bool pa_is_in_map(struct tee_mmap_region *map, paddr_t pa, size_t len) 194 { 195 paddr_t end_pa = 0; 196 197 if (!map) 198 return false; 199 200 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 201 return false; 202 203 return (pa >= map->pa && end_pa <= map->pa + map->size - 1); 204 } 205 206 static bool va_is_in_map(struct tee_mmap_region *map, vaddr_t va) 207 { 208 if (!map) 209 return false; 210 return (va >= map->va && va <= (map->va + map->size - 1)); 211 } 212 213 /* check if target buffer fits in a core default map area */ 214 static bool pbuf_inside_map_area(unsigned long p, size_t l, 215 struct tee_mmap_region *map) 216 { 217 return core_is_buffer_inside(p, l, map->pa, map->size); 218 } 219 220 static struct tee_mmap_region *find_map_by_type(enum teecore_memtypes type) 221 { 222 struct tee_mmap_region *map; 223 224 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) 225 if (map->type == type) 226 return map; 227 return NULL; 228 } 229 230 static struct tee_mmap_region * 231 find_map_by_type_and_pa(enum teecore_memtypes type, paddr_t pa, size_t len) 232 { 233 struct tee_mmap_region *map; 234 235 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 236 if (map->type != type) 237 continue; 238 if (pa_is_in_map(map, pa, len)) 239 return map; 240 } 241 return NULL; 242 } 243 244 static struct tee_mmap_region *find_map_by_va(void *va) 245 { 246 struct tee_mmap_region *map = get_memory_map(); 247 unsigned long a = (unsigned long)va; 248 249 while (!core_mmap_is_end_of_table(map)) { 250 if (a >= map->va && a <= (map->va - 1 + map->size)) 251 return map; 252 map++; 253 } 254 return NULL; 255 } 256 257 static struct tee_mmap_region *find_map_by_pa(unsigned long pa) 258 { 259 struct tee_mmap_region *map = get_memory_map(); 260 261 while (!core_mmap_is_end_of_table(map)) { 262 if (pa >= map->pa && pa <= (map->pa + map->size - 1)) 263 return map; 264 map++; 265 } 266 return NULL; 267 } 268 269 #if defined(CFG_SECURE_DATA_PATH) 270 static bool dtb_get_sdp_region(void) 271 { 272 void *fdt = NULL; 273 int node = 0; 274 int tmp_node = 0; 275 paddr_t tmp_addr = 0; 276 size_t tmp_size = 0; 277 278 if (!IS_ENABLED(CFG_EMBED_DTB)) 279 return false; 280 281 fdt = get_embedded_dt(); 282 if (!fdt) 283 panic("No DTB found"); 284 285 node = fdt_node_offset_by_compatible(fdt, -1, tz_sdp_match); 286 if (node < 0) { 287 DMSG("No %s compatible node found", tz_sdp_match); 288 return false; 289 } 290 tmp_node = node; 291 while (tmp_node >= 0) { 292 tmp_node = fdt_node_offset_by_compatible(fdt, tmp_node, 293 tz_sdp_match); 294 if (tmp_node >= 0) 295 DMSG("Ignore SDP pool node %s, supports only 1 node", 296 fdt_get_name(fdt, tmp_node, NULL)); 297 } 298 299 tmp_addr = fdt_reg_base_address(fdt, node); 300 if (tmp_addr == DT_INFO_INVALID_REG) { 301 EMSG("%s: Unable to get base addr from DT", tz_sdp_match); 302 return false; 303 } 304 305 tmp_size = fdt_reg_size(fdt, node); 306 if (tmp_size == DT_INFO_INVALID_REG_SIZE) { 307 EMSG("%s: Unable to get size of base addr from DT", 308 tz_sdp_match); 309 return false; 310 } 311 312 sec_sdp.paddr = tmp_addr; 313 sec_sdp.size = tmp_size; 314 315 return true; 316 } 317 #endif 318 319 #if defined(CFG_CORE_DYN_SHM) || defined(CFG_SECURE_DATA_PATH) 320 static bool pbuf_is_special_mem(paddr_t pbuf, size_t len, 321 const struct core_mmu_phys_mem *start, 322 const struct core_mmu_phys_mem *end) 323 { 324 const struct core_mmu_phys_mem *mem; 325 326 for (mem = start; mem < end; mem++) { 327 if (core_is_buffer_inside(pbuf, len, mem->addr, mem->size)) 328 return true; 329 } 330 331 return false; 332 } 333 #endif 334 335 #ifdef CFG_CORE_DYN_SHM 336 static void carve_out_phys_mem(struct core_mmu_phys_mem **mem, size_t *nelems, 337 paddr_t pa, size_t size) 338 { 339 struct core_mmu_phys_mem *m = *mem; 340 size_t n = 0; 341 342 while (true) { 343 if (n >= *nelems) { 344 DMSG("No need to carve out %#" PRIxPA " size %#zx", 345 pa, size); 346 return; 347 } 348 if (core_is_buffer_inside(pa, size, m[n].addr, m[n].size)) 349 break; 350 if (!core_is_buffer_outside(pa, size, m[n].addr, m[n].size)) 351 panic(); 352 n++; 353 } 354 355 if (pa == m[n].addr && size == m[n].size) { 356 /* Remove this entry */ 357 (*nelems)--; 358 memmove(m + n, m + n + 1, sizeof(*m) * (*nelems - n)); 359 m = nex_realloc(m, sizeof(*m) * *nelems); 360 if (!m) 361 panic(); 362 *mem = m; 363 } else if (pa == m[n].addr) { 364 m[n].addr += size; 365 m[n].size -= size; 366 } else if ((pa + size) == (m[n].addr + m[n].size)) { 367 m[n].size -= size; 368 } else { 369 /* Need to split the memory entry */ 370 m = nex_realloc(m, sizeof(*m) * (*nelems + 1)); 371 if (!m) 372 panic(); 373 *mem = m; 374 memmove(m + n + 1, m + n, sizeof(*m) * (*nelems - n)); 375 (*nelems)++; 376 m[n].size = pa - m[n].addr; 377 m[n + 1].size -= size + m[n].size; 378 m[n + 1].addr = pa + size; 379 } 380 } 381 382 static void check_phys_mem_is_outside(struct core_mmu_phys_mem *start, 383 size_t nelems, 384 struct tee_mmap_region *map) 385 { 386 size_t n; 387 388 for (n = 0; n < nelems; n++) { 389 if (!core_is_buffer_outside(start[n].addr, start[n].size, 390 map->pa, map->size)) { 391 EMSG("Non-sec mem (%#" PRIxPA ":%#" PRIxPASZ 392 ") overlaps map (type %d %#" PRIxPA ":%#zx)", 393 start[n].addr, start[n].size, 394 map->type, map->pa, map->size); 395 panic(); 396 } 397 } 398 } 399 400 static const struct core_mmu_phys_mem *discovered_nsec_ddr_start __nex_bss; 401 static size_t discovered_nsec_ddr_nelems __nex_bss; 402 403 static int cmp_pmem_by_addr(const void *a, const void *b) 404 { 405 const struct core_mmu_phys_mem *pmem_a = a; 406 const struct core_mmu_phys_mem *pmem_b = b; 407 408 return CMP_TRILEAN(pmem_a->addr, pmem_b->addr); 409 } 410 411 void core_mmu_set_discovered_nsec_ddr(struct core_mmu_phys_mem *start, 412 size_t nelems) 413 { 414 struct core_mmu_phys_mem *m = start; 415 size_t num_elems = nelems; 416 struct tee_mmap_region *map = static_memory_map; 417 const struct core_mmu_phys_mem __maybe_unused *pmem; 418 419 assert(!discovered_nsec_ddr_start); 420 assert(m && num_elems); 421 422 qsort(m, num_elems, sizeof(*m), cmp_pmem_by_addr); 423 424 /* 425 * Non-secure shared memory and also secure data 426 * path memory are supposed to reside inside 427 * non-secure memory. Since NSEC_SHM and SDP_MEM 428 * are used for a specific purpose make holes for 429 * those memory in the normal non-secure memory. 430 * 431 * This has to be done since for instance QEMU 432 * isn't aware of which memory range in the 433 * non-secure memory is used for NSEC_SHM. 434 */ 435 436 #ifdef CFG_SECURE_DATA_PATH 437 if (dtb_get_sdp_region()) 438 carve_out_phys_mem(&m, &num_elems, sec_sdp.paddr, sec_sdp.size); 439 440 for (pmem = phys_sdp_mem_begin; pmem < phys_sdp_mem_end; pmem++) 441 carve_out_phys_mem(&m, &num_elems, pmem->addr, pmem->size); 442 #endif 443 444 carve_out_phys_mem(&m, &num_elems, TEE_RAM_START, TEE_RAM_PH_SIZE); 445 carve_out_phys_mem(&m, &num_elems, TA_RAM_START, TA_RAM_SIZE); 446 447 for (map = static_memory_map; !core_mmap_is_end_of_table(map); map++) { 448 switch (map->type) { 449 case MEM_AREA_NSEC_SHM: 450 carve_out_phys_mem(&m, &num_elems, map->pa, map->size); 451 break; 452 case MEM_AREA_EXT_DT: 453 case MEM_AREA_RES_VASPACE: 454 case MEM_AREA_SHM_VASPACE: 455 case MEM_AREA_TS_VASPACE: 456 case MEM_AREA_PAGER_VASPACE: 457 break; 458 default: 459 check_phys_mem_is_outside(m, num_elems, map); 460 } 461 } 462 463 discovered_nsec_ddr_start = m; 464 discovered_nsec_ddr_nelems = num_elems; 465 466 if (!core_mmu_check_end_pa(m[num_elems - 1].addr, 467 m[num_elems - 1].size)) 468 panic(); 469 } 470 471 static bool get_discovered_nsec_ddr(const struct core_mmu_phys_mem **start, 472 const struct core_mmu_phys_mem **end) 473 { 474 if (!discovered_nsec_ddr_start) 475 return false; 476 477 *start = discovered_nsec_ddr_start; 478 *end = discovered_nsec_ddr_start + discovered_nsec_ddr_nelems; 479 480 return true; 481 } 482 483 static bool pbuf_is_nsec_ddr(paddr_t pbuf, size_t len) 484 { 485 const struct core_mmu_phys_mem *start; 486 const struct core_mmu_phys_mem *end; 487 488 if (!get_discovered_nsec_ddr(&start, &end)) 489 return false; 490 491 return pbuf_is_special_mem(pbuf, len, start, end); 492 } 493 494 bool core_mmu_nsec_ddr_is_defined(void) 495 { 496 const struct core_mmu_phys_mem *start; 497 const struct core_mmu_phys_mem *end; 498 499 if (!get_discovered_nsec_ddr(&start, &end)) 500 return false; 501 502 return start != end; 503 } 504 #else 505 static bool pbuf_is_nsec_ddr(paddr_t pbuf __unused, size_t len __unused) 506 { 507 return false; 508 } 509 #endif /*CFG_CORE_DYN_SHM*/ 510 511 #define MSG_MEM_INSTERSECT(pa1, sz1, pa2, sz2) \ 512 EMSG("[%" PRIxPA " %" PRIx64 "] intersects [%" PRIxPA " %" PRIx64 "]", \ 513 pa1, (uint64_t)pa1 + (sz1), pa2, (uint64_t)pa2 + (sz2)) 514 515 #ifdef CFG_SECURE_DATA_PATH 516 static bool pbuf_is_sdp_mem(paddr_t pbuf, size_t len) 517 { 518 bool is_sdp_mem = false; 519 520 if (sec_sdp.size) 521 is_sdp_mem = core_is_buffer_inside(pbuf, len, sec_sdp.paddr, 522 sec_sdp.size); 523 524 if (!is_sdp_mem) 525 is_sdp_mem = pbuf_is_special_mem(pbuf, len, phys_sdp_mem_begin, 526 phys_sdp_mem_end); 527 528 return is_sdp_mem; 529 } 530 531 static struct mobj *core_sdp_mem_alloc_mobj(paddr_t pa, size_t size) 532 { 533 struct mobj *mobj = mobj_phys_alloc(pa, size, TEE_MATTR_MEM_TYPE_CACHED, 534 CORE_MEM_SDP_MEM); 535 536 if (!mobj) 537 panic("can't create SDP physical memory object"); 538 539 return mobj; 540 } 541 542 struct mobj **core_sdp_mem_create_mobjs(void) 543 { 544 const struct core_mmu_phys_mem *mem = NULL; 545 struct mobj **mobj_base = NULL; 546 struct mobj **mobj = NULL; 547 int cnt = phys_sdp_mem_end - phys_sdp_mem_begin; 548 549 if (sec_sdp.size) 550 cnt++; 551 552 /* SDP mobjs table must end with a NULL entry */ 553 mobj_base = calloc(cnt + 1, sizeof(struct mobj *)); 554 if (!mobj_base) 555 panic("Out of memory"); 556 557 mobj = mobj_base; 558 559 for (mem = phys_sdp_mem_begin; mem < phys_sdp_mem_end; mem++, mobj++) 560 *mobj = core_sdp_mem_alloc_mobj(mem->addr, mem->size); 561 562 if (sec_sdp.size) 563 *mobj = core_sdp_mem_alloc_mobj(sec_sdp.paddr, sec_sdp.size); 564 565 return mobj_base; 566 } 567 568 #else /* CFG_SECURE_DATA_PATH */ 569 static bool pbuf_is_sdp_mem(paddr_t pbuf __unused, size_t len __unused) 570 { 571 return false; 572 } 573 574 #endif /* CFG_SECURE_DATA_PATH */ 575 576 /* Check special memories comply with registered memories */ 577 static void verify_special_mem_areas(struct tee_mmap_region *mem_map, 578 size_t len, 579 const struct core_mmu_phys_mem *start, 580 const struct core_mmu_phys_mem *end, 581 const char *area_name __maybe_unused) 582 { 583 const struct core_mmu_phys_mem *mem; 584 const struct core_mmu_phys_mem *mem2; 585 struct tee_mmap_region *mmap; 586 size_t n; 587 588 if (start == end) { 589 DMSG("No %s memory area defined", area_name); 590 return; 591 } 592 593 for (mem = start; mem < end; mem++) 594 DMSG("%s memory [%" PRIxPA " %" PRIx64 "]", 595 area_name, mem->addr, (uint64_t)mem->addr + mem->size); 596 597 /* Check memories do not intersect each other */ 598 for (mem = start; mem + 1 < end; mem++) { 599 for (mem2 = mem + 1; mem2 < end; mem2++) { 600 if (core_is_buffer_intersect(mem2->addr, mem2->size, 601 mem->addr, mem->size)) { 602 MSG_MEM_INSTERSECT(mem2->addr, mem2->size, 603 mem->addr, mem->size); 604 panic("Special memory intersection"); 605 } 606 } 607 } 608 609 /* 610 * Check memories do not intersect any mapped memory. 611 * This is called before reserved VA space is loaded in mem_map. 612 */ 613 for (mem = start; mem < end; mem++) { 614 for (mmap = mem_map, n = 0; n < len; mmap++, n++) { 615 if (core_is_buffer_intersect(mem->addr, mem->size, 616 mmap->pa, mmap->size)) { 617 MSG_MEM_INSTERSECT(mem->addr, mem->size, 618 mmap->pa, mmap->size); 619 panic("Special memory intersection"); 620 } 621 } 622 } 623 } 624 625 static void add_phys_mem(struct tee_mmap_region *memory_map, size_t num_elems, 626 const char *mem_name __maybe_unused, 627 enum teecore_memtypes mem_type, 628 paddr_t mem_addr, paddr_size_t mem_size, size_t *last) 629 { 630 size_t n = 0; 631 paddr_t pa; 632 paddr_size_t size; 633 634 if (!mem_size) /* Discard null size entries */ 635 return; 636 /* 637 * If some ranges of memory of the same type do overlap 638 * each others they are coalesced into one entry. To help this 639 * added entries are sorted by increasing physical. 640 * 641 * Note that it's valid to have the same physical memory as several 642 * different memory types, for instance the same device memory 643 * mapped as both secure and non-secure. This will probably not 644 * happen often in practice. 645 */ 646 DMSG("%s type %s 0x%08" PRIxPA " size 0x%08" PRIxPASZ, 647 mem_name, teecore_memtype_name(mem_type), mem_addr, mem_size); 648 while (true) { 649 if (n >= (num_elems - 1)) { 650 EMSG("Out of entries (%zu) in memory_map", num_elems); 651 panic(); 652 } 653 if (n == *last) 654 break; 655 pa = memory_map[n].pa; 656 size = memory_map[n].size; 657 if (mem_type == memory_map[n].type && 658 ((pa <= (mem_addr + (mem_size - 1))) && 659 (mem_addr <= (pa + (size - 1))))) { 660 DMSG("Physical mem map overlaps 0x%" PRIxPA, mem_addr); 661 memory_map[n].pa = MIN(pa, mem_addr); 662 memory_map[n].size = MAX(size, mem_size) + 663 (pa - memory_map[n].pa); 664 return; 665 } 666 if (mem_type < memory_map[n].type || 667 (mem_type == memory_map[n].type && mem_addr < pa)) 668 break; /* found the spot where to insert this memory */ 669 n++; 670 } 671 672 memmove(memory_map + n + 1, memory_map + n, 673 sizeof(struct tee_mmap_region) * (*last - n)); 674 (*last)++; 675 memset(memory_map + n, 0, sizeof(memory_map[0])); 676 memory_map[n].type = mem_type; 677 memory_map[n].pa = mem_addr; 678 memory_map[n].size = mem_size; 679 } 680 681 static void add_va_space(struct tee_mmap_region *memory_map, size_t num_elems, 682 enum teecore_memtypes type, size_t size, size_t *last) 683 { 684 size_t n = 0; 685 686 DMSG("type %s size 0x%08zx", teecore_memtype_name(type), size); 687 while (true) { 688 if (n >= (num_elems - 1)) { 689 EMSG("Out of entries (%zu) in memory_map", num_elems); 690 panic(); 691 } 692 if (n == *last) 693 break; 694 if (type < memory_map[n].type) 695 break; 696 n++; 697 } 698 699 memmove(memory_map + n + 1, memory_map + n, 700 sizeof(struct tee_mmap_region) * (*last - n)); 701 (*last)++; 702 memset(memory_map + n, 0, sizeof(memory_map[0])); 703 memory_map[n].type = type; 704 memory_map[n].size = size; 705 } 706 707 uint32_t core_mmu_type_to_attr(enum teecore_memtypes t) 708 { 709 const uint32_t attr = TEE_MATTR_VALID_BLOCK; 710 const uint32_t tagged = TEE_MATTR_MEM_TYPE_TAGGED << 711 TEE_MATTR_MEM_TYPE_SHIFT; 712 const uint32_t cached = TEE_MATTR_MEM_TYPE_CACHED << 713 TEE_MATTR_MEM_TYPE_SHIFT; 714 const uint32_t noncache = TEE_MATTR_MEM_TYPE_DEV << 715 TEE_MATTR_MEM_TYPE_SHIFT; 716 717 switch (t) { 718 case MEM_AREA_TEE_RAM: 719 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | tagged; 720 case MEM_AREA_TEE_RAM_RX: 721 case MEM_AREA_INIT_RAM_RX: 722 case MEM_AREA_IDENTITY_MAP_RX: 723 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRX | tagged; 724 case MEM_AREA_TEE_RAM_RO: 725 case MEM_AREA_INIT_RAM_RO: 726 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | tagged; 727 case MEM_AREA_TEE_RAM_RW: 728 case MEM_AREA_NEX_RAM_RO: /* This has to be r/w during init runtime */ 729 case MEM_AREA_NEX_RAM_RW: 730 case MEM_AREA_TEE_ASAN: 731 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 732 case MEM_AREA_TEE_COHERENT: 733 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | noncache; 734 case MEM_AREA_TA_RAM: 735 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 736 case MEM_AREA_NSEC_SHM: 737 return attr | TEE_MATTR_PRW | cached; 738 case MEM_AREA_EXT_DT: 739 /* 740 * If CFG_MAP_EXT_DT_SECURE is enabled map the external device 741 * tree as secure non-cached memory, otherwise, fall back to 742 * non-secure mapping. 743 */ 744 if (IS_ENABLED(CFG_MAP_EXT_DT_SECURE)) 745 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | 746 noncache; 747 fallthrough; 748 case MEM_AREA_IO_NSEC: 749 return attr | TEE_MATTR_PRW | noncache; 750 case MEM_AREA_IO_SEC: 751 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | noncache; 752 case MEM_AREA_RAM_NSEC: 753 return attr | TEE_MATTR_PRW | cached; 754 case MEM_AREA_RAM_SEC: 755 case MEM_AREA_SEC_RAM_OVERALL: 756 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 757 case MEM_AREA_RES_VASPACE: 758 case MEM_AREA_SHM_VASPACE: 759 return 0; 760 case MEM_AREA_PAGER_VASPACE: 761 return TEE_MATTR_SECURE; 762 default: 763 panic("invalid type"); 764 } 765 } 766 767 static bool __maybe_unused map_is_tee_ram(const struct tee_mmap_region *mm) 768 { 769 switch (mm->type) { 770 case MEM_AREA_TEE_RAM: 771 case MEM_AREA_TEE_RAM_RX: 772 case MEM_AREA_TEE_RAM_RO: 773 case MEM_AREA_TEE_RAM_RW: 774 case MEM_AREA_INIT_RAM_RX: 775 case MEM_AREA_INIT_RAM_RO: 776 case MEM_AREA_NEX_RAM_RW: 777 case MEM_AREA_NEX_RAM_RO: 778 case MEM_AREA_TEE_ASAN: 779 return true; 780 default: 781 return false; 782 } 783 } 784 785 static bool __maybe_unused map_is_secure(const struct tee_mmap_region *mm) 786 { 787 return !!(core_mmu_type_to_attr(mm->type) & TEE_MATTR_SECURE); 788 } 789 790 static bool __maybe_unused map_is_pgdir(const struct tee_mmap_region *mm) 791 { 792 return mm->region_size == CORE_MMU_PGDIR_SIZE; 793 } 794 795 static int cmp_mmap_by_lower_va(const void *a, const void *b) 796 { 797 const struct tee_mmap_region *mm_a = a; 798 const struct tee_mmap_region *mm_b = b; 799 800 return CMP_TRILEAN(mm_a->va, mm_b->va); 801 } 802 803 static void dump_mmap_table(struct tee_mmap_region *memory_map) 804 { 805 struct tee_mmap_region *map; 806 807 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 808 vaddr_t __maybe_unused vstart; 809 810 vstart = map->va + ((vaddr_t)map->pa & (map->region_size - 1)); 811 DMSG("type %-12s va 0x%08" PRIxVA "..0x%08" PRIxVA 812 " pa 0x%08" PRIxPA "..0x%08" PRIxPA " size 0x%08zx (%s)", 813 teecore_memtype_name(map->type), vstart, 814 vstart + map->size - 1, map->pa, 815 (paddr_t)(map->pa + map->size - 1), map->size, 816 map->region_size == SMALL_PAGE_SIZE ? "smallpg" : "pgdir"); 817 } 818 } 819 820 #if DEBUG_XLAT_TABLE 821 822 static void dump_xlat_table(vaddr_t va, unsigned int level) 823 { 824 struct core_mmu_table_info tbl_info; 825 unsigned int idx = 0; 826 paddr_t pa; 827 uint32_t attr; 828 829 core_mmu_find_table(NULL, va, level, &tbl_info); 830 va = tbl_info.va_base; 831 for (idx = 0; idx < tbl_info.num_entries; idx++) { 832 core_mmu_get_entry(&tbl_info, idx, &pa, &attr); 833 if (attr || level > CORE_MMU_BASE_TABLE_LEVEL) { 834 const char *security_bit = ""; 835 836 if (core_mmu_entry_have_security_bit(attr)) { 837 if (attr & TEE_MATTR_SECURE) 838 security_bit = "S"; 839 else 840 security_bit = "NS"; 841 } 842 843 if (attr & TEE_MATTR_TABLE) { 844 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 845 " TBL:0x%010" PRIxPA " %s", 846 level * 2, "", level, va, pa, 847 security_bit); 848 dump_xlat_table(va, level + 1); 849 } else if (attr) { 850 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 851 " PA:0x%010" PRIxPA " %s-%s-%s-%s", 852 level * 2, "", level, va, pa, 853 mattr_is_cached(attr) ? "MEM" : 854 "DEV", 855 attr & TEE_MATTR_PW ? "RW" : "RO", 856 attr & TEE_MATTR_PX ? "X " : "XN", 857 security_bit); 858 } else { 859 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 860 " INVALID\n", 861 level * 2, "", level, va); 862 } 863 } 864 va += BIT64(tbl_info.shift); 865 } 866 } 867 868 #else 869 870 static void dump_xlat_table(vaddr_t va __unused, int level __unused) 871 { 872 } 873 874 #endif 875 876 /* 877 * Reserves virtual memory space for pager usage. 878 * 879 * From the start of the first memory used by the link script + 880 * TEE_RAM_VA_SIZE should be covered, either with a direct mapping or empty 881 * mapping for pager usage. This adds translation tables as needed for the 882 * pager to operate. 883 */ 884 static void add_pager_vaspace(struct tee_mmap_region *mmap, size_t num_elems, 885 size_t *last) 886 { 887 paddr_t begin = 0; 888 paddr_t end = 0; 889 size_t size = 0; 890 size_t pos = 0; 891 size_t n = 0; 892 893 if (*last >= (num_elems - 1)) { 894 EMSG("Out of entries (%zu) in memory map", num_elems); 895 panic(); 896 } 897 898 for (n = 0; !core_mmap_is_end_of_table(mmap + n); n++) { 899 if (map_is_tee_ram(mmap + n)) { 900 if (!begin) 901 begin = mmap[n].pa; 902 pos = n + 1; 903 } 904 } 905 906 end = mmap[pos - 1].pa + mmap[pos - 1].size; 907 size = TEE_RAM_VA_SIZE - (end - begin); 908 if (!size) 909 return; 910 911 assert(pos <= *last); 912 memmove(mmap + pos + 1, mmap + pos, 913 sizeof(struct tee_mmap_region) * (*last - pos)); 914 (*last)++; 915 memset(mmap + pos, 0, sizeof(mmap[0])); 916 mmap[pos].type = MEM_AREA_PAGER_VASPACE; 917 mmap[pos].va = 0; 918 mmap[pos].size = size; 919 mmap[pos].region_size = SMALL_PAGE_SIZE; 920 mmap[pos].attr = core_mmu_type_to_attr(MEM_AREA_PAGER_VASPACE); 921 } 922 923 static void check_sec_nsec_mem_config(void) 924 { 925 size_t n = 0; 926 927 for (n = 0; n < ARRAY_SIZE(secure_only); n++) { 928 if (pbuf_intersects(nsec_shared, secure_only[n].paddr, 929 secure_only[n].size)) 930 panic("Invalid memory access config: sec/nsec"); 931 } 932 } 933 934 static size_t collect_mem_ranges(struct tee_mmap_region *memory_map, 935 size_t num_elems) 936 { 937 const struct core_mmu_phys_mem *mem = NULL; 938 size_t last = 0; 939 940 941 #define ADD_PHYS_MEM(_type, _addr, _size) \ 942 add_phys_mem(memory_map, num_elems, #_addr, (_type), \ 943 (_addr), (_size), &last) 944 945 if (IS_ENABLED(CFG_CORE_RWDATA_NOEXEC)) { 946 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RO, TEE_RAM_START, 947 VCORE_UNPG_RX_PA - TEE_RAM_START); 948 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RX, VCORE_UNPG_RX_PA, 949 VCORE_UNPG_RX_SZ); 950 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RO, VCORE_UNPG_RO_PA, 951 VCORE_UNPG_RO_SZ); 952 953 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 954 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RO, VCORE_UNPG_RW_PA, 955 VCORE_UNPG_RW_SZ); 956 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RW, VCORE_NEX_RW_PA, 957 VCORE_NEX_RW_SZ); 958 } else { 959 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RW, VCORE_UNPG_RW_PA, 960 VCORE_UNPG_RW_SZ); 961 } 962 963 if (IS_ENABLED(CFG_WITH_PAGER)) { 964 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RX, VCORE_INIT_RX_PA, 965 VCORE_INIT_RX_SZ); 966 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RO, VCORE_INIT_RO_PA, 967 VCORE_INIT_RO_SZ); 968 } 969 } else { 970 ADD_PHYS_MEM(MEM_AREA_TEE_RAM, TEE_RAM_START, TEE_RAM_PH_SIZE); 971 } 972 973 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 974 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, TRUSTED_DRAM_BASE, 975 TRUSTED_DRAM_SIZE); 976 } else { 977 /* 978 * Every guest will have own TA RAM if virtualization 979 * support is enabled. 980 */ 981 ADD_PHYS_MEM(MEM_AREA_TA_RAM, TA_RAM_START, TA_RAM_SIZE); 982 } 983 984 if (IS_ENABLED(CFG_CORE_SANITIZE_KADDRESS) && 985 IS_ENABLED(CFG_WITH_PAGER)) { 986 /* 987 * Asan ram is part of MEM_AREA_TEE_RAM_RW when pager is 988 * disabled. 989 */ 990 ADD_PHYS_MEM(MEM_AREA_TEE_ASAN, ASAN_MAP_PA, ASAN_MAP_SZ); 991 } 992 993 #undef ADD_PHYS_MEM 994 995 for (mem = phys_mem_map_begin; mem < phys_mem_map_end; mem++) { 996 /* Only unmapped virtual range may have a null phys addr */ 997 assert(mem->addr || !core_mmu_type_to_attr(mem->type)); 998 999 add_phys_mem(memory_map, num_elems, mem->name, mem->type, 1000 mem->addr, mem->size, &last); 1001 } 1002 1003 if (IS_ENABLED(CFG_SECURE_DATA_PATH)) 1004 verify_special_mem_areas(memory_map, num_elems, 1005 phys_sdp_mem_begin, 1006 phys_sdp_mem_end, "SDP"); 1007 1008 add_va_space(memory_map, num_elems, MEM_AREA_RES_VASPACE, 1009 CFG_RESERVED_VASPACE_SIZE, &last); 1010 1011 add_va_space(memory_map, num_elems, MEM_AREA_SHM_VASPACE, 1012 SHM_VASPACE_SIZE, &last); 1013 1014 memory_map[last].type = MEM_AREA_END; 1015 1016 return last; 1017 } 1018 1019 static void assign_mem_granularity(struct tee_mmap_region *memory_map) 1020 { 1021 struct tee_mmap_region *map = NULL; 1022 1023 /* 1024 * Assign region sizes, note that MEM_AREA_TEE_RAM always uses 1025 * SMALL_PAGE_SIZE. 1026 */ 1027 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1028 paddr_t mask = map->pa | map->size; 1029 1030 if (!(mask & CORE_MMU_PGDIR_MASK)) 1031 map->region_size = CORE_MMU_PGDIR_SIZE; 1032 else if (!(mask & SMALL_PAGE_MASK)) 1033 map->region_size = SMALL_PAGE_SIZE; 1034 else 1035 panic("Impossible memory alignment"); 1036 1037 if (map_is_tee_ram(map)) 1038 map->region_size = SMALL_PAGE_SIZE; 1039 } 1040 } 1041 1042 static bool place_tee_ram_at_top(paddr_t paddr) 1043 { 1044 return paddr > BIT64(core_mmu_get_va_width()) / 2; 1045 } 1046 1047 /* 1048 * MMU arch driver shall override this function if it helps 1049 * optimizing the memory footprint of the address translation tables. 1050 */ 1051 bool __weak core_mmu_prefer_tee_ram_at_top(paddr_t paddr) 1052 { 1053 return place_tee_ram_at_top(paddr); 1054 } 1055 1056 static bool assign_mem_va_dir(vaddr_t tee_ram_va, 1057 struct tee_mmap_region *memory_map, 1058 bool tee_ram_at_top) 1059 { 1060 struct tee_mmap_region *map = NULL; 1061 vaddr_t va = 0; 1062 bool va_is_secure = true; 1063 1064 /* 1065 * tee_ram_va might equals 0 when CFG_CORE_ASLR=y. 1066 * 0 is by design an invalid va, so return false directly. 1067 */ 1068 if (!tee_ram_va) 1069 return false; 1070 1071 /* Clear eventual previous assignments */ 1072 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 1073 map->va = 0; 1074 1075 /* 1076 * TEE RAM regions are always aligned with region_size. 1077 * 1078 * Note that MEM_AREA_PAGER_VASPACE also counts as TEE RAM here 1079 * since it handles virtual memory which covers the part of the ELF 1080 * that cannot fit directly into memory. 1081 */ 1082 va = tee_ram_va; 1083 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1084 if (map_is_tee_ram(map) || 1085 map->type == MEM_AREA_PAGER_VASPACE) { 1086 assert(!(va & (map->region_size - 1))); 1087 assert(!(map->size & (map->region_size - 1))); 1088 map->va = va; 1089 if (ADD_OVERFLOW(va, map->size, &va)) 1090 return false; 1091 if (va >= BIT64(core_mmu_get_va_width())) 1092 return false; 1093 } 1094 } 1095 1096 if (tee_ram_at_top) { 1097 /* 1098 * Map non-tee ram regions at addresses lower than the tee 1099 * ram region. 1100 */ 1101 va = tee_ram_va; 1102 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1103 map->attr = core_mmu_type_to_attr(map->type); 1104 if (map->va) 1105 continue; 1106 1107 if (!IS_ENABLED(CFG_WITH_LPAE) && 1108 va_is_secure != map_is_secure(map)) { 1109 va_is_secure = !va_is_secure; 1110 va = ROUNDDOWN(va, CORE_MMU_PGDIR_SIZE); 1111 } 1112 1113 if (SUB_OVERFLOW(va, map->size, &va)) 1114 return false; 1115 va = ROUNDDOWN(va, map->region_size); 1116 /* 1117 * Make sure that va is aligned with pa for 1118 * efficient pgdir mapping. Basically pa & 1119 * pgdir_mask should be == va & pgdir_mask 1120 */ 1121 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1122 if (SUB_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, &va)) 1123 return false; 1124 va += (map->pa - va) & CORE_MMU_PGDIR_MASK; 1125 } 1126 map->va = va; 1127 } 1128 } else { 1129 /* 1130 * Map non-tee ram regions at addresses higher than the tee 1131 * ram region. 1132 */ 1133 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1134 map->attr = core_mmu_type_to_attr(map->type); 1135 if (map->va) 1136 continue; 1137 1138 if (!IS_ENABLED(CFG_WITH_LPAE) && 1139 va_is_secure != map_is_secure(map)) { 1140 va_is_secure = !va_is_secure; 1141 if (ROUNDUP_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, 1142 &va)) 1143 return false; 1144 } 1145 1146 if (ROUNDUP_OVERFLOW(va, map->region_size, &va)) 1147 return false; 1148 /* 1149 * Make sure that va is aligned with pa for 1150 * efficient pgdir mapping. Basically pa & 1151 * pgdir_mask should be == va & pgdir_mask 1152 */ 1153 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1154 vaddr_t offs = (map->pa - va) & 1155 CORE_MMU_PGDIR_MASK; 1156 1157 if (ADD_OVERFLOW(va, offs, &va)) 1158 return false; 1159 } 1160 1161 map->va = va; 1162 if (ADD_OVERFLOW(va, map->size, &va)) 1163 return false; 1164 if (va >= BIT64(core_mmu_get_va_width())) 1165 return false; 1166 } 1167 } 1168 1169 return true; 1170 } 1171 1172 static bool assign_mem_va(vaddr_t tee_ram_va, 1173 struct tee_mmap_region *memory_map) 1174 { 1175 bool tee_ram_at_top = place_tee_ram_at_top(tee_ram_va); 1176 1177 /* 1178 * Check that we're not overlapping with the user VA range. 1179 */ 1180 if (IS_ENABLED(CFG_WITH_LPAE)) { 1181 /* 1182 * User VA range is supposed to be defined after these 1183 * mappings have been established. 1184 */ 1185 assert(!core_mmu_user_va_range_is_defined()); 1186 } else { 1187 vaddr_t user_va_base = 0; 1188 size_t user_va_size = 0; 1189 1190 assert(core_mmu_user_va_range_is_defined()); 1191 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 1192 if (tee_ram_va < (user_va_base + user_va_size)) 1193 return false; 1194 } 1195 1196 if (IS_ENABLED(CFG_WITH_PAGER)) { 1197 bool prefered_dir = core_mmu_prefer_tee_ram_at_top(tee_ram_va); 1198 1199 /* Try whole mapping covered by a single base xlat entry */ 1200 if (prefered_dir != tee_ram_at_top && 1201 assign_mem_va_dir(tee_ram_va, memory_map, prefered_dir)) 1202 return true; 1203 } 1204 1205 return assign_mem_va_dir(tee_ram_va, memory_map, tee_ram_at_top); 1206 } 1207 1208 static int cmp_init_mem_map(const void *a, const void *b) 1209 { 1210 const struct tee_mmap_region *mm_a = a; 1211 const struct tee_mmap_region *mm_b = b; 1212 int rc = 0; 1213 1214 rc = CMP_TRILEAN(mm_a->region_size, mm_b->region_size); 1215 if (!rc) 1216 rc = CMP_TRILEAN(mm_a->pa, mm_b->pa); 1217 /* 1218 * 32bit MMU descriptors cannot mix secure and non-secure mapping in 1219 * the same level2 table. Hence sort secure mapping from non-secure 1220 * mapping. 1221 */ 1222 if (!rc && !IS_ENABLED(CFG_WITH_LPAE)) 1223 rc = CMP_TRILEAN(map_is_secure(mm_a), map_is_secure(mm_b)); 1224 1225 return rc; 1226 } 1227 1228 static bool mem_map_add_id_map(struct tee_mmap_region *memory_map, 1229 size_t num_elems, size_t *last, 1230 vaddr_t id_map_start, vaddr_t id_map_end) 1231 { 1232 struct tee_mmap_region *map = NULL; 1233 vaddr_t start = ROUNDDOWN(id_map_start, SMALL_PAGE_SIZE); 1234 vaddr_t end = ROUNDUP(id_map_end, SMALL_PAGE_SIZE); 1235 size_t len = end - start; 1236 1237 if (*last >= num_elems - 1) { 1238 EMSG("Out of entries (%zu) in memory map", num_elems); 1239 panic(); 1240 } 1241 1242 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 1243 if (core_is_buffer_intersect(map->va, map->size, start, len)) 1244 return false; 1245 1246 *map = (struct tee_mmap_region){ 1247 .type = MEM_AREA_IDENTITY_MAP_RX, 1248 /* 1249 * Could use CORE_MMU_PGDIR_SIZE to potentially save a 1250 * translation table, at the increased risk of clashes with 1251 * the rest of the memory map. 1252 */ 1253 .region_size = SMALL_PAGE_SIZE, 1254 .pa = start, 1255 .va = start, 1256 .size = len, 1257 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1258 }; 1259 1260 (*last)++; 1261 1262 return true; 1263 } 1264 1265 static unsigned long init_mem_map(struct tee_mmap_region *memory_map, 1266 size_t num_elems, unsigned long seed) 1267 { 1268 /* 1269 * @id_map_start and @id_map_end describes a physical memory range 1270 * that must be mapped Read-Only eXecutable at identical virtual 1271 * addresses. 1272 */ 1273 vaddr_t id_map_start = (vaddr_t)__identity_map_init_start; 1274 vaddr_t id_map_end = (vaddr_t)__identity_map_init_end; 1275 unsigned long offs = 0; 1276 size_t last = 0; 1277 1278 last = collect_mem_ranges(memory_map, num_elems); 1279 assign_mem_granularity(memory_map); 1280 1281 /* 1282 * To ease mapping and lower use of xlat tables, sort mapping 1283 * description moving small-page regions after the pgdir regions. 1284 */ 1285 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1286 cmp_init_mem_map); 1287 1288 add_pager_vaspace(memory_map, num_elems, &last); 1289 if (IS_ENABLED(CFG_CORE_ASLR) && seed) { 1290 vaddr_t base_addr = TEE_RAM_START + seed; 1291 const unsigned int va_width = core_mmu_get_va_width(); 1292 const vaddr_t va_mask = GENMASK_64(va_width - 1, 1293 SMALL_PAGE_SHIFT); 1294 vaddr_t ba = base_addr; 1295 size_t n = 0; 1296 1297 for (n = 0; n < 3; n++) { 1298 if (n) 1299 ba = base_addr ^ BIT64(va_width - n); 1300 ba &= va_mask; 1301 if (assign_mem_va(ba, memory_map) && 1302 mem_map_add_id_map(memory_map, num_elems, &last, 1303 id_map_start, id_map_end)) { 1304 offs = ba - TEE_RAM_START; 1305 DMSG("Mapping core at %#"PRIxVA" offs %#lx", 1306 ba, offs); 1307 goto out; 1308 } else { 1309 DMSG("Failed to map core at %#"PRIxVA, ba); 1310 } 1311 } 1312 EMSG("Failed to map core with seed %#lx", seed); 1313 } 1314 1315 if (!assign_mem_va(TEE_RAM_START, memory_map)) 1316 panic(); 1317 1318 out: 1319 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1320 cmp_mmap_by_lower_va); 1321 1322 dump_mmap_table(memory_map); 1323 1324 return offs; 1325 } 1326 1327 static void check_mem_map(struct tee_mmap_region *map) 1328 { 1329 struct tee_mmap_region *m = NULL; 1330 1331 for (m = map; !core_mmap_is_end_of_table(m); m++) { 1332 switch (m->type) { 1333 case MEM_AREA_TEE_RAM: 1334 case MEM_AREA_TEE_RAM_RX: 1335 case MEM_AREA_TEE_RAM_RO: 1336 case MEM_AREA_TEE_RAM_RW: 1337 case MEM_AREA_INIT_RAM_RX: 1338 case MEM_AREA_INIT_RAM_RO: 1339 case MEM_AREA_NEX_RAM_RW: 1340 case MEM_AREA_NEX_RAM_RO: 1341 case MEM_AREA_IDENTITY_MAP_RX: 1342 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1343 panic("TEE_RAM can't fit in secure_only"); 1344 break; 1345 case MEM_AREA_TA_RAM: 1346 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1347 panic("TA_RAM can't fit in secure_only"); 1348 break; 1349 case MEM_AREA_NSEC_SHM: 1350 if (!pbuf_is_inside(nsec_shared, m->pa, m->size)) 1351 panic("NS_SHM can't fit in nsec_shared"); 1352 break; 1353 case MEM_AREA_SEC_RAM_OVERALL: 1354 case MEM_AREA_TEE_COHERENT: 1355 case MEM_AREA_TEE_ASAN: 1356 case MEM_AREA_IO_SEC: 1357 case MEM_AREA_IO_NSEC: 1358 case MEM_AREA_EXT_DT: 1359 case MEM_AREA_RAM_SEC: 1360 case MEM_AREA_RAM_NSEC: 1361 case MEM_AREA_RES_VASPACE: 1362 case MEM_AREA_SHM_VASPACE: 1363 case MEM_AREA_PAGER_VASPACE: 1364 break; 1365 default: 1366 EMSG("Uhandled memtype %d", m->type); 1367 panic(); 1368 } 1369 } 1370 } 1371 1372 static struct tee_mmap_region *get_tmp_mmap(void) 1373 { 1374 struct tee_mmap_region *tmp_mmap = (void *)__heap1_start; 1375 1376 #ifdef CFG_WITH_PAGER 1377 if (__heap1_end - __heap1_start < (ptrdiff_t)sizeof(static_memory_map)) 1378 tmp_mmap = (void *)__heap2_start; 1379 #endif 1380 1381 memset(tmp_mmap, 0, sizeof(static_memory_map)); 1382 1383 return tmp_mmap; 1384 } 1385 1386 /* 1387 * core_init_mmu_map() - init tee core default memory mapping 1388 * 1389 * This routine sets the static default TEE core mapping. If @seed is > 0 1390 * and configured with CFG_CORE_ASLR it will map tee core at a location 1391 * based on the seed and return the offset from the link address. 1392 * 1393 * If an error happened: core_init_mmu_map is expected to panic. 1394 * 1395 * Note: this function is weak just to make it possible to exclude it from 1396 * the unpaged area. 1397 */ 1398 void __weak core_init_mmu_map(unsigned long seed, struct core_mmu_config *cfg) 1399 { 1400 #ifndef CFG_NS_VIRTUALIZATION 1401 vaddr_t start = ROUNDDOWN((vaddr_t)__nozi_start, SMALL_PAGE_SIZE); 1402 #else 1403 vaddr_t start = ROUNDDOWN((vaddr_t)__vcore_nex_rw_start, 1404 SMALL_PAGE_SIZE); 1405 #endif 1406 vaddr_t len = ROUNDUP((vaddr_t)__nozi_end, SMALL_PAGE_SIZE) - start; 1407 struct tee_mmap_region *tmp_mmap = get_tmp_mmap(); 1408 unsigned long offs = 0; 1409 1410 check_sec_nsec_mem_config(); 1411 1412 /* 1413 * Add a entry covering the translation tables which will be 1414 * involved in some virt_to_phys() and phys_to_virt() conversions. 1415 */ 1416 static_memory_map[0] = (struct tee_mmap_region){ 1417 .type = MEM_AREA_TEE_RAM, 1418 .region_size = SMALL_PAGE_SIZE, 1419 .pa = start, 1420 .va = start, 1421 .size = len, 1422 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1423 }; 1424 1425 COMPILE_TIME_ASSERT(CFG_MMAP_REGIONS >= 13); 1426 offs = init_mem_map(tmp_mmap, ARRAY_SIZE(static_memory_map), seed); 1427 1428 check_mem_map(tmp_mmap); 1429 core_init_mmu(tmp_mmap); 1430 dump_xlat_table(0x0, CORE_MMU_BASE_TABLE_LEVEL); 1431 core_init_mmu_regs(cfg); 1432 cfg->map_offset = offs; 1433 memcpy(static_memory_map, tmp_mmap, sizeof(static_memory_map)); 1434 } 1435 1436 bool core_mmu_mattr_is_ok(uint32_t mattr) 1437 { 1438 /* 1439 * Keep in sync with core_mmu_lpae.c:mattr_to_desc and 1440 * core_mmu_v7.c:mattr_to_texcb 1441 */ 1442 1443 switch ((mattr >> TEE_MATTR_MEM_TYPE_SHIFT) & TEE_MATTR_MEM_TYPE_MASK) { 1444 case TEE_MATTR_MEM_TYPE_DEV: 1445 case TEE_MATTR_MEM_TYPE_STRONGLY_O: 1446 case TEE_MATTR_MEM_TYPE_CACHED: 1447 case TEE_MATTR_MEM_TYPE_TAGGED: 1448 return true; 1449 default: 1450 return false; 1451 } 1452 } 1453 1454 /* 1455 * test attributes of target physical buffer 1456 * 1457 * Flags: pbuf_is(SECURE, NOT_SECURE, RAM, IOMEM, KEYVAULT). 1458 * 1459 */ 1460 bool core_pbuf_is(uint32_t attr, paddr_t pbuf, size_t len) 1461 { 1462 struct tee_mmap_region *map; 1463 1464 /* Empty buffers complies with anything */ 1465 if (len == 0) 1466 return true; 1467 1468 switch (attr) { 1469 case CORE_MEM_SEC: 1470 return pbuf_is_inside(secure_only, pbuf, len); 1471 case CORE_MEM_NON_SEC: 1472 return pbuf_is_inside(nsec_shared, pbuf, len) || 1473 pbuf_is_nsec_ddr(pbuf, len); 1474 case CORE_MEM_TEE_RAM: 1475 return core_is_buffer_inside(pbuf, len, TEE_RAM_START, 1476 TEE_RAM_PH_SIZE); 1477 case CORE_MEM_TA_RAM: 1478 return core_is_buffer_inside(pbuf, len, TA_RAM_START, 1479 TA_RAM_SIZE); 1480 #ifdef CFG_CORE_RESERVED_SHM 1481 case CORE_MEM_NSEC_SHM: 1482 return core_is_buffer_inside(pbuf, len, TEE_SHMEM_START, 1483 TEE_SHMEM_SIZE); 1484 #endif 1485 case CORE_MEM_SDP_MEM: 1486 return pbuf_is_sdp_mem(pbuf, len); 1487 case CORE_MEM_CACHED: 1488 map = find_map_by_pa(pbuf); 1489 if (!map || !pbuf_inside_map_area(pbuf, len, map)) 1490 return false; 1491 return mattr_is_cached(map->attr); 1492 default: 1493 return false; 1494 } 1495 } 1496 1497 /* test attributes of target virtual buffer (in core mapping) */ 1498 bool core_vbuf_is(uint32_t attr, const void *vbuf, size_t len) 1499 { 1500 paddr_t p; 1501 1502 /* Empty buffers complies with anything */ 1503 if (len == 0) 1504 return true; 1505 1506 p = virt_to_phys((void *)vbuf); 1507 if (!p) 1508 return false; 1509 1510 return core_pbuf_is(attr, p, len); 1511 } 1512 1513 /* core_va2pa - teecore exported service */ 1514 static int __maybe_unused core_va2pa_helper(void *va, paddr_t *pa) 1515 { 1516 struct tee_mmap_region *map; 1517 1518 map = find_map_by_va(va); 1519 if (!va_is_in_map(map, (vaddr_t)va)) 1520 return -1; 1521 1522 /* 1523 * We can calculate PA for static map. Virtual address ranges 1524 * reserved to core dynamic mapping return a 'match' (return 0;) 1525 * together with an invalid null physical address. 1526 */ 1527 if (map->pa) 1528 *pa = map->pa + (vaddr_t)va - map->va; 1529 else 1530 *pa = 0; 1531 1532 return 0; 1533 } 1534 1535 static void *map_pa2va(struct tee_mmap_region *map, paddr_t pa, size_t len) 1536 { 1537 if (!pa_is_in_map(map, pa, len)) 1538 return NULL; 1539 1540 return (void *)(vaddr_t)(map->va + pa - map->pa); 1541 } 1542 1543 /* 1544 * teecore gets some memory area definitions 1545 */ 1546 void core_mmu_get_mem_by_type(unsigned int type, vaddr_t *s, vaddr_t *e) 1547 { 1548 struct tee_mmap_region *map = find_map_by_type(type); 1549 1550 if (map) { 1551 *s = map->va; 1552 *e = map->va + map->size; 1553 } else { 1554 *s = 0; 1555 *e = 0; 1556 } 1557 } 1558 1559 enum teecore_memtypes core_mmu_get_type_by_pa(paddr_t pa) 1560 { 1561 struct tee_mmap_region *map = find_map_by_pa(pa); 1562 1563 if (!map) 1564 return MEM_AREA_MAXTYPE; 1565 return map->type; 1566 } 1567 1568 void core_mmu_set_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1569 paddr_t pa, uint32_t attr) 1570 { 1571 assert(idx < tbl_info->num_entries); 1572 core_mmu_set_entry_primitive(tbl_info->table, tbl_info->level, 1573 idx, pa, attr); 1574 } 1575 1576 void core_mmu_get_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1577 paddr_t *pa, uint32_t *attr) 1578 { 1579 assert(idx < tbl_info->num_entries); 1580 core_mmu_get_entry_primitive(tbl_info->table, tbl_info->level, 1581 idx, pa, attr); 1582 } 1583 1584 static void clear_region(struct core_mmu_table_info *tbl_info, 1585 struct tee_mmap_region *region) 1586 { 1587 unsigned int end = 0; 1588 unsigned int idx = 0; 1589 1590 /* va, len and pa should be block aligned */ 1591 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1592 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1593 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1594 1595 idx = core_mmu_va2idx(tbl_info, region->va); 1596 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1597 1598 while (idx < end) { 1599 core_mmu_set_entry(tbl_info, idx, 0, 0); 1600 idx++; 1601 } 1602 } 1603 1604 static void set_region(struct core_mmu_table_info *tbl_info, 1605 struct tee_mmap_region *region) 1606 { 1607 unsigned int end; 1608 unsigned int idx; 1609 paddr_t pa; 1610 1611 /* va, len and pa should be block aligned */ 1612 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1613 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1614 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1615 1616 idx = core_mmu_va2idx(tbl_info, region->va); 1617 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1618 pa = region->pa; 1619 1620 while (idx < end) { 1621 core_mmu_set_entry(tbl_info, idx, pa, region->attr); 1622 idx++; 1623 pa += BIT64(tbl_info->shift); 1624 } 1625 } 1626 1627 static void set_pg_region(struct core_mmu_table_info *dir_info, 1628 struct vm_region *region, struct pgt **pgt, 1629 struct core_mmu_table_info *pg_info) 1630 { 1631 struct tee_mmap_region r = { 1632 .va = region->va, 1633 .size = region->size, 1634 .attr = region->attr, 1635 }; 1636 vaddr_t end = r.va + r.size; 1637 uint32_t pgt_attr = (r.attr & TEE_MATTR_SECURE) | TEE_MATTR_TABLE; 1638 1639 while (r.va < end) { 1640 if (!pg_info->table || 1641 r.va >= (pg_info->va_base + CORE_MMU_PGDIR_SIZE)) { 1642 /* 1643 * We're assigning a new translation table. 1644 */ 1645 unsigned int idx; 1646 1647 /* Virtual addresses must grow */ 1648 assert(r.va > pg_info->va_base); 1649 1650 idx = core_mmu_va2idx(dir_info, r.va); 1651 pg_info->va_base = core_mmu_idx2va(dir_info, idx); 1652 1653 /* 1654 * Advance pgt to va_base, note that we may need to 1655 * skip multiple page tables if there are large 1656 * holes in the vm map. 1657 */ 1658 while ((*pgt)->vabase < pg_info->va_base) { 1659 *pgt = SLIST_NEXT(*pgt, link); 1660 /* We should have allocated enough */ 1661 assert(*pgt); 1662 } 1663 assert((*pgt)->vabase == pg_info->va_base); 1664 pg_info->table = (*pgt)->tbl; 1665 1666 core_mmu_set_entry(dir_info, idx, 1667 virt_to_phys(pg_info->table), 1668 pgt_attr); 1669 } 1670 1671 r.size = MIN(CORE_MMU_PGDIR_SIZE - (r.va - pg_info->va_base), 1672 end - r.va); 1673 1674 if (!(*pgt)->populated && !mobj_is_paged(region->mobj)) { 1675 size_t granule = BIT(pg_info->shift); 1676 size_t offset = r.va - region->va + region->offset; 1677 1678 r.size = MIN(r.size, 1679 mobj_get_phys_granule(region->mobj)); 1680 r.size = ROUNDUP(r.size, SMALL_PAGE_SIZE); 1681 1682 if (mobj_get_pa(region->mobj, offset, granule, 1683 &r.pa) != TEE_SUCCESS) 1684 panic("Failed to get PA of unpaged mobj"); 1685 set_region(pg_info, &r); 1686 } 1687 r.va += r.size; 1688 } 1689 } 1690 1691 static bool can_map_at_level(paddr_t paddr, vaddr_t vaddr, 1692 size_t size_left, paddr_t block_size, 1693 struct tee_mmap_region *mm __maybe_unused) 1694 { 1695 /* VA and PA are aligned to block size at current level */ 1696 if ((vaddr | paddr) & (block_size - 1)) 1697 return false; 1698 1699 /* Remainder fits into block at current level */ 1700 if (size_left < block_size) 1701 return false; 1702 1703 #ifdef CFG_WITH_PAGER 1704 /* 1705 * If pager is enabled, we need to map tee ram 1706 * regions with small pages only 1707 */ 1708 if (map_is_tee_ram(mm) && block_size != SMALL_PAGE_SIZE) 1709 return false; 1710 #endif 1711 1712 return true; 1713 } 1714 1715 void core_mmu_map_region(struct mmu_partition *prtn, struct tee_mmap_region *mm) 1716 { 1717 struct core_mmu_table_info tbl_info; 1718 unsigned int idx; 1719 vaddr_t vaddr = mm->va; 1720 paddr_t paddr = mm->pa; 1721 ssize_t size_left = mm->size; 1722 unsigned int level; 1723 bool table_found; 1724 uint32_t old_attr; 1725 1726 assert(!((vaddr | paddr) & SMALL_PAGE_MASK)); 1727 1728 while (size_left > 0) { 1729 level = CORE_MMU_BASE_TABLE_LEVEL; 1730 1731 while (true) { 1732 paddr_t block_size = 0; 1733 1734 assert(level <= CORE_MMU_PGDIR_LEVEL); 1735 1736 table_found = core_mmu_find_table(prtn, vaddr, level, 1737 &tbl_info); 1738 if (!table_found) 1739 panic("can't find table for mapping"); 1740 1741 block_size = BIT64(tbl_info.shift); 1742 1743 idx = core_mmu_va2idx(&tbl_info, vaddr); 1744 if (!can_map_at_level(paddr, vaddr, size_left, 1745 block_size, mm)) { 1746 bool secure = mm->attr & TEE_MATTR_SECURE; 1747 1748 /* 1749 * This part of the region can't be mapped at 1750 * this level. Need to go deeper. 1751 */ 1752 if (!core_mmu_entry_to_finer_grained(&tbl_info, 1753 idx, 1754 secure)) 1755 panic("Can't divide MMU entry"); 1756 level++; 1757 continue; 1758 } 1759 1760 /* We can map part of the region at current level */ 1761 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1762 if (old_attr) 1763 panic("Page is already mapped"); 1764 1765 core_mmu_set_entry(&tbl_info, idx, paddr, mm->attr); 1766 paddr += block_size; 1767 vaddr += block_size; 1768 size_left -= block_size; 1769 1770 break; 1771 } 1772 } 1773 } 1774 1775 TEE_Result core_mmu_map_pages(vaddr_t vstart, paddr_t *pages, size_t num_pages, 1776 enum teecore_memtypes memtype) 1777 { 1778 TEE_Result ret; 1779 struct core_mmu_table_info tbl_info; 1780 struct tee_mmap_region *mm; 1781 unsigned int idx; 1782 uint32_t old_attr; 1783 uint32_t exceptions; 1784 vaddr_t vaddr = vstart; 1785 size_t i; 1786 bool secure; 1787 1788 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1789 1790 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1791 1792 if (vaddr & SMALL_PAGE_MASK) 1793 return TEE_ERROR_BAD_PARAMETERS; 1794 1795 exceptions = mmu_lock(); 1796 1797 mm = find_map_by_va((void *)vaddr); 1798 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1799 panic("VA does not belong to any known mm region"); 1800 1801 if (!core_mmu_is_dynamic_vaspace(mm)) 1802 panic("Trying to map into static region"); 1803 1804 for (i = 0; i < num_pages; i++) { 1805 if (pages[i] & SMALL_PAGE_MASK) { 1806 ret = TEE_ERROR_BAD_PARAMETERS; 1807 goto err; 1808 } 1809 1810 while (true) { 1811 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1812 &tbl_info)) 1813 panic("Can't find pagetable for vaddr "); 1814 1815 idx = core_mmu_va2idx(&tbl_info, vaddr); 1816 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1817 break; 1818 1819 /* This is supertable. Need to divide it. */ 1820 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1821 secure)) 1822 panic("Failed to spread pgdir on small tables"); 1823 } 1824 1825 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1826 if (old_attr) 1827 panic("Page is already mapped"); 1828 1829 core_mmu_set_entry(&tbl_info, idx, pages[i], 1830 core_mmu_type_to_attr(memtype)); 1831 vaddr += SMALL_PAGE_SIZE; 1832 } 1833 1834 /* 1835 * Make sure all the changes to translation tables are visible 1836 * before returning. TLB doesn't need to be invalidated as we are 1837 * guaranteed that there's no valid mapping in this range. 1838 */ 1839 core_mmu_table_write_barrier(); 1840 mmu_unlock(exceptions); 1841 1842 return TEE_SUCCESS; 1843 err: 1844 mmu_unlock(exceptions); 1845 1846 if (i) 1847 core_mmu_unmap_pages(vstart, i); 1848 1849 return ret; 1850 } 1851 1852 TEE_Result core_mmu_map_contiguous_pages(vaddr_t vstart, paddr_t pstart, 1853 size_t num_pages, 1854 enum teecore_memtypes memtype) 1855 { 1856 struct core_mmu_table_info tbl_info = { }; 1857 struct tee_mmap_region *mm = NULL; 1858 unsigned int idx = 0; 1859 uint32_t old_attr = 0; 1860 uint32_t exceptions = 0; 1861 vaddr_t vaddr = vstart; 1862 paddr_t paddr = pstart; 1863 size_t i = 0; 1864 bool secure = false; 1865 1866 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1867 1868 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1869 1870 if ((vaddr | paddr) & SMALL_PAGE_MASK) 1871 return TEE_ERROR_BAD_PARAMETERS; 1872 1873 exceptions = mmu_lock(); 1874 1875 mm = find_map_by_va((void *)vaddr); 1876 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1877 panic("VA does not belong to any known mm region"); 1878 1879 if (!core_mmu_is_dynamic_vaspace(mm)) 1880 panic("Trying to map into static region"); 1881 1882 for (i = 0; i < num_pages; i++) { 1883 while (true) { 1884 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1885 &tbl_info)) 1886 panic("Can't find pagetable for vaddr "); 1887 1888 idx = core_mmu_va2idx(&tbl_info, vaddr); 1889 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1890 break; 1891 1892 /* This is supertable. Need to divide it. */ 1893 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1894 secure)) 1895 panic("Failed to spread pgdir on small tables"); 1896 } 1897 1898 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1899 if (old_attr) 1900 panic("Page is already mapped"); 1901 1902 core_mmu_set_entry(&tbl_info, idx, paddr, 1903 core_mmu_type_to_attr(memtype)); 1904 paddr += SMALL_PAGE_SIZE; 1905 vaddr += SMALL_PAGE_SIZE; 1906 } 1907 1908 /* 1909 * Make sure all the changes to translation tables are visible 1910 * before returning. TLB doesn't need to be invalidated as we are 1911 * guaranteed that there's no valid mapping in this range. 1912 */ 1913 core_mmu_table_write_barrier(); 1914 mmu_unlock(exceptions); 1915 1916 return TEE_SUCCESS; 1917 } 1918 1919 void core_mmu_unmap_pages(vaddr_t vstart, size_t num_pages) 1920 { 1921 struct core_mmu_table_info tbl_info; 1922 struct tee_mmap_region *mm; 1923 size_t i; 1924 unsigned int idx; 1925 uint32_t exceptions; 1926 1927 exceptions = mmu_lock(); 1928 1929 mm = find_map_by_va((void *)vstart); 1930 if (!mm || !va_is_in_map(mm, vstart + num_pages * SMALL_PAGE_SIZE - 1)) 1931 panic("VA does not belong to any known mm region"); 1932 1933 if (!core_mmu_is_dynamic_vaspace(mm)) 1934 panic("Trying to unmap static region"); 1935 1936 for (i = 0; i < num_pages; i++, vstart += SMALL_PAGE_SIZE) { 1937 if (!core_mmu_find_table(NULL, vstart, UINT_MAX, &tbl_info)) 1938 panic("Can't find pagetable"); 1939 1940 if (tbl_info.shift != SMALL_PAGE_SHIFT) 1941 panic("Invalid pagetable level"); 1942 1943 idx = core_mmu_va2idx(&tbl_info, vstart); 1944 core_mmu_set_entry(&tbl_info, idx, 0, 0); 1945 } 1946 tlbi_all(); 1947 1948 mmu_unlock(exceptions); 1949 } 1950 1951 void core_mmu_populate_user_map(struct core_mmu_table_info *dir_info, 1952 struct user_mode_ctx *uctx) 1953 { 1954 struct core_mmu_table_info pg_info = { }; 1955 struct pgt_cache *pgt_cache = &uctx->pgt_cache; 1956 struct pgt *pgt = NULL; 1957 struct pgt *p = NULL; 1958 struct vm_region *r = NULL; 1959 1960 if (TAILQ_EMPTY(&uctx->vm_info.regions)) 1961 return; /* Nothing to map */ 1962 1963 /* 1964 * Allocate all page tables in advance. 1965 */ 1966 pgt_get_all(uctx); 1967 pgt = SLIST_FIRST(pgt_cache); 1968 1969 core_mmu_set_info_table(&pg_info, dir_info->level + 1, 0, NULL); 1970 1971 TAILQ_FOREACH(r, &uctx->vm_info.regions, link) 1972 set_pg_region(dir_info, r, &pgt, &pg_info); 1973 /* Record that the translation tables now are populated. */ 1974 SLIST_FOREACH(p, pgt_cache, link) { 1975 p->populated = true; 1976 if (p == pgt) 1977 break; 1978 } 1979 assert(p == pgt); 1980 } 1981 1982 TEE_Result core_mmu_remove_mapping(enum teecore_memtypes type, void *addr, 1983 size_t len) 1984 { 1985 struct core_mmu_table_info tbl_info = { }; 1986 struct tee_mmap_region *res_map = NULL; 1987 struct tee_mmap_region *map = NULL; 1988 paddr_t pa = virt_to_phys(addr); 1989 size_t granule = 0; 1990 ptrdiff_t i = 0; 1991 paddr_t p = 0; 1992 size_t l = 0; 1993 1994 map = find_map_by_type_and_pa(type, pa, len); 1995 if (!map) 1996 return TEE_ERROR_GENERIC; 1997 1998 res_map = find_map_by_type(MEM_AREA_RES_VASPACE); 1999 if (!res_map) 2000 return TEE_ERROR_GENERIC; 2001 if (!core_mmu_find_table(NULL, res_map->va, UINT_MAX, &tbl_info)) 2002 return TEE_ERROR_GENERIC; 2003 granule = BIT(tbl_info.shift); 2004 2005 if (map < static_memory_map || 2006 map >= static_memory_map + ARRAY_SIZE(static_memory_map)) 2007 return TEE_ERROR_GENERIC; 2008 i = map - static_memory_map; 2009 2010 /* Check that we have a full match */ 2011 p = ROUNDDOWN(pa, granule); 2012 l = ROUNDUP(len + pa - p, granule); 2013 if (map->pa != p || map->size != l) 2014 return TEE_ERROR_GENERIC; 2015 2016 clear_region(&tbl_info, map); 2017 tlbi_all(); 2018 2019 /* If possible remove the va range from res_map */ 2020 if (res_map->va - map->size == map->va) { 2021 res_map->va -= map->size; 2022 res_map->size += map->size; 2023 } 2024 2025 /* Remove the entry. */ 2026 memmove(map, map + 1, 2027 (ARRAY_SIZE(static_memory_map) - i - 1) * sizeof(*map)); 2028 2029 /* Clear the last new entry in case it was used */ 2030 memset(static_memory_map + ARRAY_SIZE(static_memory_map) - 1, 2031 0, sizeof(*map)); 2032 2033 return TEE_SUCCESS; 2034 } 2035 2036 struct tee_mmap_region * 2037 core_mmu_find_mapping_exclusive(enum teecore_memtypes type, size_t len) 2038 { 2039 struct tee_mmap_region *map = NULL; 2040 struct tee_mmap_region *map_found = NULL; 2041 2042 if (!len) 2043 return NULL; 2044 2045 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 2046 if (map->type != type) 2047 continue; 2048 2049 if (map_found) 2050 return NULL; 2051 2052 map_found = map; 2053 } 2054 2055 if (!map_found || map_found->size < len) 2056 return NULL; 2057 2058 return map_found; 2059 } 2060 2061 void *core_mmu_add_mapping(enum teecore_memtypes type, paddr_t addr, size_t len) 2062 { 2063 struct core_mmu_table_info tbl_info; 2064 struct tee_mmap_region *map; 2065 size_t n; 2066 size_t granule; 2067 paddr_t p; 2068 size_t l; 2069 2070 if (!len) 2071 return NULL; 2072 2073 if (!core_mmu_check_end_pa(addr, len)) 2074 return NULL; 2075 2076 /* Check if the memory is already mapped */ 2077 map = find_map_by_type_and_pa(type, addr, len); 2078 if (map && pbuf_inside_map_area(addr, len, map)) 2079 return (void *)(vaddr_t)(map->va + addr - map->pa); 2080 2081 /* Find the reserved va space used for late mappings */ 2082 map = find_map_by_type(MEM_AREA_RES_VASPACE); 2083 if (!map) 2084 return NULL; 2085 2086 if (!core_mmu_find_table(NULL, map->va, UINT_MAX, &tbl_info)) 2087 return NULL; 2088 2089 granule = BIT64(tbl_info.shift); 2090 p = ROUNDDOWN(addr, granule); 2091 l = ROUNDUP(len + addr - p, granule); 2092 2093 /* Ban overflowing virtual addresses */ 2094 if (map->size < l) 2095 return NULL; 2096 2097 /* 2098 * Something is wrong, we can't fit the va range into the selected 2099 * table. The reserved va range is possibly missaligned with 2100 * granule. 2101 */ 2102 if (core_mmu_va2idx(&tbl_info, map->va + len) >= tbl_info.num_entries) 2103 return NULL; 2104 2105 /* Find end of the memory map */ 2106 n = 0; 2107 while (!core_mmap_is_end_of_table(static_memory_map + n)) 2108 n++; 2109 2110 if (n < (ARRAY_SIZE(static_memory_map) - 1)) { 2111 /* There's room for another entry */ 2112 static_memory_map[n].va = map->va; 2113 static_memory_map[n].size = l; 2114 static_memory_map[n + 1].type = MEM_AREA_END; 2115 map->va += l; 2116 map->size -= l; 2117 map = static_memory_map + n; 2118 } else { 2119 /* 2120 * There isn't room for another entry, steal the reserved 2121 * entry as it's not useful for anything else any longer. 2122 */ 2123 map->size = l; 2124 } 2125 map->type = type; 2126 map->region_size = granule; 2127 map->attr = core_mmu_type_to_attr(type); 2128 map->pa = p; 2129 2130 set_region(&tbl_info, map); 2131 2132 /* Make sure the new entry is visible before continuing. */ 2133 core_mmu_table_write_barrier(); 2134 2135 return (void *)(vaddr_t)(map->va + addr - map->pa); 2136 } 2137 2138 #ifdef CFG_WITH_PAGER 2139 static vaddr_t get_linear_map_end_va(void) 2140 { 2141 /* this is synced with the generic linker file kern.ld.S */ 2142 return (vaddr_t)__heap2_end; 2143 } 2144 2145 static paddr_t get_linear_map_end_pa(void) 2146 { 2147 return get_linear_map_end_va() - boot_mmu_config.map_offset; 2148 } 2149 #endif 2150 2151 #if defined(CFG_TEE_CORE_DEBUG) 2152 static void check_pa_matches_va(void *va, paddr_t pa) 2153 { 2154 TEE_Result res = TEE_ERROR_GENERIC; 2155 vaddr_t v = (vaddr_t)va; 2156 paddr_t p = 0; 2157 struct core_mmu_table_info ti __maybe_unused = { }; 2158 2159 if (core_mmu_user_va_range_is_defined()) { 2160 vaddr_t user_va_base = 0; 2161 size_t user_va_size = 0; 2162 2163 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 2164 if (v >= user_va_base && 2165 v <= (user_va_base - 1 + user_va_size)) { 2166 if (!core_mmu_user_mapping_is_active()) { 2167 if (pa) 2168 panic("issue in linear address space"); 2169 return; 2170 } 2171 2172 res = vm_va2pa(to_user_mode_ctx(thread_get_tsd()->ctx), 2173 va, &p); 2174 if (res == TEE_ERROR_NOT_SUPPORTED) 2175 return; 2176 if (res == TEE_SUCCESS && pa != p) 2177 panic("bad pa"); 2178 if (res != TEE_SUCCESS && pa) 2179 panic("false pa"); 2180 return; 2181 } 2182 } 2183 #ifdef CFG_WITH_PAGER 2184 if (is_unpaged(va)) { 2185 if (v - boot_mmu_config.map_offset != pa) 2186 panic("issue in linear address space"); 2187 return; 2188 } 2189 2190 if (tee_pager_get_table_info(v, &ti)) { 2191 uint32_t a; 2192 2193 /* 2194 * Lookups in the page table managed by the pager is 2195 * dangerous for addresses in the paged area as those pages 2196 * changes all the time. But some ranges are safe, 2197 * rw-locked areas when the page is populated for instance. 2198 */ 2199 core_mmu_get_entry(&ti, core_mmu_va2idx(&ti, v), &p, &a); 2200 if (a & TEE_MATTR_VALID_BLOCK) { 2201 paddr_t mask = BIT64(ti.shift) - 1; 2202 2203 p |= v & mask; 2204 if (pa != p) 2205 panic(); 2206 } else { 2207 if (pa) 2208 panic(); 2209 } 2210 return; 2211 } 2212 #endif 2213 2214 if (!core_va2pa_helper(va, &p)) { 2215 /* Verfiy only the static mapping (case non null phys addr) */ 2216 if (p && pa != p) { 2217 DMSG("va %p maps 0x%" PRIxPA ", expect 0x%" PRIxPA, 2218 va, p, pa); 2219 panic(); 2220 } 2221 } else { 2222 if (pa) { 2223 DMSG("va %p unmapped, expect 0x%" PRIxPA, va, pa); 2224 panic(); 2225 } 2226 } 2227 } 2228 #else 2229 static void check_pa_matches_va(void *va __unused, paddr_t pa __unused) 2230 { 2231 } 2232 #endif 2233 2234 paddr_t virt_to_phys(void *va) 2235 { 2236 paddr_t pa = 0; 2237 2238 if (!arch_va2pa_helper(va, &pa)) 2239 pa = 0; 2240 check_pa_matches_va(va, pa); 2241 return pa; 2242 } 2243 2244 #if defined(CFG_TEE_CORE_DEBUG) 2245 static void check_va_matches_pa(paddr_t pa, void *va) 2246 { 2247 paddr_t p = 0; 2248 2249 if (!va) 2250 return; 2251 2252 p = virt_to_phys(va); 2253 if (p != pa) { 2254 DMSG("va %p maps 0x%" PRIxPA " expect 0x%" PRIxPA, va, p, pa); 2255 panic(); 2256 } 2257 } 2258 #else 2259 static void check_va_matches_pa(paddr_t pa __unused, void *va __unused) 2260 { 2261 } 2262 #endif 2263 2264 static void *phys_to_virt_ts_vaspace(paddr_t pa, size_t len) 2265 { 2266 if (!core_mmu_user_mapping_is_active()) 2267 return NULL; 2268 2269 return vm_pa2va(to_user_mode_ctx(thread_get_tsd()->ctx), pa, len); 2270 } 2271 2272 #ifdef CFG_WITH_PAGER 2273 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2274 { 2275 paddr_t end_pa = 0; 2276 2277 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 2278 return NULL; 2279 2280 if (pa >= TEE_LOAD_ADDR && pa < get_linear_map_end_pa()) { 2281 if (end_pa > get_linear_map_end_pa()) 2282 return NULL; 2283 return (void *)(vaddr_t)(pa + boot_mmu_config.map_offset); 2284 } 2285 2286 return tee_pager_phys_to_virt(pa, len); 2287 } 2288 #else 2289 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2290 { 2291 struct tee_mmap_region *mmap = NULL; 2292 2293 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM, pa, len); 2294 if (!mmap) 2295 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RW, pa, len); 2296 if (!mmap) 2297 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RO, pa, len); 2298 if (!mmap) 2299 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RW, pa, len); 2300 if (!mmap) 2301 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RO, pa, len); 2302 if (!mmap) 2303 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RX, pa, len); 2304 /* 2305 * Note that MEM_AREA_INIT_RAM_RO and MEM_AREA_INIT_RAM_RX are only 2306 * used with pager and not needed here. 2307 */ 2308 return map_pa2va(mmap, pa, len); 2309 } 2310 #endif 2311 2312 void *phys_to_virt(paddr_t pa, enum teecore_memtypes m, size_t len) 2313 { 2314 void *va = NULL; 2315 2316 switch (m) { 2317 case MEM_AREA_TS_VASPACE: 2318 va = phys_to_virt_ts_vaspace(pa, len); 2319 break; 2320 case MEM_AREA_TEE_RAM: 2321 case MEM_AREA_TEE_RAM_RX: 2322 case MEM_AREA_TEE_RAM_RO: 2323 case MEM_AREA_TEE_RAM_RW: 2324 case MEM_AREA_NEX_RAM_RO: 2325 case MEM_AREA_NEX_RAM_RW: 2326 va = phys_to_virt_tee_ram(pa, len); 2327 break; 2328 case MEM_AREA_SHM_VASPACE: 2329 /* Find VA from PA in dynamic SHM is not yet supported */ 2330 va = NULL; 2331 break; 2332 default: 2333 va = map_pa2va(find_map_by_type_and_pa(m, pa, len), pa, len); 2334 } 2335 if (m != MEM_AREA_SEC_RAM_OVERALL) 2336 check_va_matches_pa(pa, va); 2337 return va; 2338 } 2339 2340 void *phys_to_virt_io(paddr_t pa, size_t len) 2341 { 2342 struct tee_mmap_region *map = NULL; 2343 void *va = NULL; 2344 2345 map = find_map_by_type_and_pa(MEM_AREA_IO_SEC, pa, len); 2346 if (!map) 2347 map = find_map_by_type_and_pa(MEM_AREA_IO_NSEC, pa, len); 2348 if (!map) 2349 return NULL; 2350 va = map_pa2va(map, pa, len); 2351 check_va_matches_pa(pa, va); 2352 return va; 2353 } 2354 2355 vaddr_t core_mmu_get_va(paddr_t pa, enum teecore_memtypes type, size_t len) 2356 { 2357 if (cpu_mmu_enabled()) 2358 return (vaddr_t)phys_to_virt(pa, type, len); 2359 2360 return (vaddr_t)pa; 2361 } 2362 2363 #ifdef CFG_WITH_PAGER 2364 bool is_unpaged(void *va) 2365 { 2366 vaddr_t v = (vaddr_t)va; 2367 2368 return v >= VCORE_START_VA && v < get_linear_map_end_va(); 2369 } 2370 #else 2371 bool is_unpaged(void *va __unused) 2372 { 2373 return true; 2374 } 2375 #endif 2376 2377 void core_mmu_init_virtualization(void) 2378 { 2379 paddr_t b1 = 0; 2380 paddr_size_t s1 = 0; 2381 2382 static_assert(ARRAY_SIZE(secure_only) <= 2); 2383 if (ARRAY_SIZE(secure_only) == 2) { 2384 b1 = secure_only[1].paddr; 2385 s1 = secure_only[1].size; 2386 } 2387 virt_init_memory(static_memory_map, secure_only[0].paddr, 2388 secure_only[0].size, b1, s1); 2389 } 2390 2391 vaddr_t io_pa_or_va(struct io_pa_va *p, size_t len) 2392 { 2393 assert(p->pa); 2394 if (cpu_mmu_enabled()) { 2395 if (!p->va) 2396 p->va = (vaddr_t)phys_to_virt_io(p->pa, len); 2397 assert(p->va); 2398 return p->va; 2399 } 2400 return p->pa; 2401 } 2402 2403 vaddr_t io_pa_or_va_secure(struct io_pa_va *p, size_t len) 2404 { 2405 assert(p->pa); 2406 if (cpu_mmu_enabled()) { 2407 if (!p->va) 2408 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_SEC, 2409 len); 2410 assert(p->va); 2411 return p->va; 2412 } 2413 return p->pa; 2414 } 2415 2416 vaddr_t io_pa_or_va_nsec(struct io_pa_va *p, size_t len) 2417 { 2418 assert(p->pa); 2419 if (cpu_mmu_enabled()) { 2420 if (!p->va) 2421 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_NSEC, 2422 len); 2423 assert(p->va); 2424 return p->va; 2425 } 2426 return p->pa; 2427 } 2428 2429 #ifdef CFG_CORE_RESERVED_SHM 2430 static TEE_Result teecore_init_pub_ram(void) 2431 { 2432 vaddr_t s = 0; 2433 vaddr_t e = 0; 2434 2435 /* get virtual addr/size of NSec shared mem allocated from teecore */ 2436 core_mmu_get_mem_by_type(MEM_AREA_NSEC_SHM, &s, &e); 2437 2438 if (s >= e || s & SMALL_PAGE_MASK || e & SMALL_PAGE_MASK) 2439 panic("invalid PUB RAM"); 2440 2441 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2442 if (!tee_vbuf_is_non_sec(s, e - s)) 2443 panic("PUB RAM is not non-secure"); 2444 2445 #ifdef CFG_PL310 2446 /* Allocate statically the l2cc mutex */ 2447 tee_l2cc_store_mutex_boot_pa(virt_to_phys((void *)s)); 2448 s += sizeof(uint32_t); /* size of a pl310 mutex */ 2449 s = ROUNDUP(s, SMALL_PAGE_SIZE); /* keep required alignment */ 2450 #endif 2451 2452 default_nsec_shm_paddr = virt_to_phys((void *)s); 2453 default_nsec_shm_size = e - s; 2454 2455 return TEE_SUCCESS; 2456 } 2457 early_init(teecore_init_pub_ram); 2458 #endif /*CFG_CORE_RESERVED_SHM*/ 2459 2460 void core_mmu_init_ta_ram(void) 2461 { 2462 vaddr_t s = 0; 2463 vaddr_t e = 0; 2464 paddr_t ps = 0; 2465 size_t size = 0; 2466 2467 /* 2468 * Get virtual addr/size of RAM where TA are loaded/executedNSec 2469 * shared mem allocated from teecore. 2470 */ 2471 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) 2472 virt_get_ta_ram(&s, &e); 2473 else 2474 core_mmu_get_mem_by_type(MEM_AREA_TA_RAM, &s, &e); 2475 2476 ps = virt_to_phys((void *)s); 2477 size = e - s; 2478 2479 if (!ps || (ps & CORE_MMU_USER_CODE_MASK) || 2480 !size || (size & CORE_MMU_USER_CODE_MASK)) 2481 panic("invalid TA RAM"); 2482 2483 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2484 if (!tee_pbuf_is_sec(ps, size)) 2485 panic("TA RAM is not secure"); 2486 2487 if (!tee_mm_is_empty(&tee_mm_sec_ddr)) 2488 panic("TA RAM pool is not empty"); 2489 2490 /* remove previous config and init TA ddr memory pool */ 2491 tee_mm_final(&tee_mm_sec_ddr); 2492 tee_mm_init(&tee_mm_sec_ddr, ps, size, CORE_MMU_USER_CODE_SHIFT, 2493 TEE_MM_POOL_NO_FLAGS); 2494 } 2495