1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2016, 2022 Linaro Limited 4 * Copyright (c) 2014, STMicroelectronics International N.V. 5 * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. 6 */ 7 8 #include <assert.h> 9 #include <config.h> 10 #include <kernel/boot.h> 11 #include <kernel/dt.h> 12 #include <kernel/linker.h> 13 #include <kernel/panic.h> 14 #include <kernel/spinlock.h> 15 #include <kernel/tee_l2cc_mutex.h> 16 #include <kernel/tee_misc.h> 17 #include <kernel/tlb_helpers.h> 18 #include <kernel/user_mode_ctx.h> 19 #include <kernel/virtualization.h> 20 #include <libfdt.h> 21 #include <mm/core_memprot.h> 22 #include <mm/core_mmu.h> 23 #include <mm/mobj.h> 24 #include <mm/pgt_cache.h> 25 #include <mm/tee_pager.h> 26 #include <mm/vm.h> 27 #include <platform_config.h> 28 #include <string.h> 29 #include <trace.h> 30 #include <util.h> 31 32 #ifndef DEBUG_XLAT_TABLE 33 #define DEBUG_XLAT_TABLE 0 34 #endif 35 36 #define SHM_VASPACE_SIZE (1024 * 1024 * 32) 37 38 #ifdef CFG_CORE_PHYS_RELOCATABLE 39 unsigned long core_mmu_tee_load_pa __nex_bss; 40 #else 41 const unsigned long core_mmu_tee_load_pa = TEE_LOAD_ADDR; 42 #endif 43 44 /* 45 * These variables are initialized before .bss is cleared. To avoid 46 * resetting them when .bss is cleared we're storing them in .data instead, 47 * even if they initially are zero. 48 */ 49 50 #ifdef CFG_CORE_RESERVED_SHM 51 /* Default NSec shared memory allocated from NSec world */ 52 unsigned long default_nsec_shm_size __nex_bss; 53 unsigned long default_nsec_shm_paddr __nex_bss; 54 #endif 55 56 static struct tee_mmap_region static_memory_map[CFG_MMAP_REGIONS 57 #ifdef CFG_CORE_ASLR 58 + 1 59 #endif 60 + 1] __nex_bss; 61 62 /* Define the platform's memory layout. */ 63 struct memaccess_area { 64 paddr_t paddr; 65 size_t size; 66 }; 67 68 #define MEMACCESS_AREA(a, s) { .paddr = a, .size = s } 69 70 static struct memaccess_area secure_only[] __nex_data = { 71 #ifdef TRUSTED_SRAM_BASE 72 MEMACCESS_AREA(TRUSTED_SRAM_BASE, TRUSTED_SRAM_SIZE), 73 #endif 74 MEMACCESS_AREA(TRUSTED_DRAM_BASE, TRUSTED_DRAM_SIZE), 75 }; 76 77 static struct memaccess_area nsec_shared[] __nex_data = { 78 #ifdef CFG_CORE_RESERVED_SHM 79 MEMACCESS_AREA(TEE_SHMEM_START, TEE_SHMEM_SIZE), 80 #endif 81 }; 82 83 #if defined(CFG_SECURE_DATA_PATH) 84 static const char *tz_sdp_match = "linaro,secure-heap"; 85 static struct memaccess_area sec_sdp; 86 #ifdef CFG_TEE_SDP_MEM_BASE 87 register_sdp_mem(CFG_TEE_SDP_MEM_BASE, CFG_TEE_SDP_MEM_SIZE); 88 #endif 89 #ifdef TEE_SDP_TEST_MEM_BASE 90 register_sdp_mem(TEE_SDP_TEST_MEM_BASE, TEE_SDP_TEST_MEM_SIZE); 91 #endif 92 #endif 93 94 #ifdef CFG_CORE_RESERVED_SHM 95 register_phys_mem(MEM_AREA_NSEC_SHM, TEE_SHMEM_START, TEE_SHMEM_SIZE); 96 #endif 97 static unsigned int mmu_spinlock; 98 99 static uint32_t mmu_lock(void) 100 { 101 return cpu_spin_lock_xsave(&mmu_spinlock); 102 } 103 104 static void mmu_unlock(uint32_t exceptions) 105 { 106 cpu_spin_unlock_xrestore(&mmu_spinlock, exceptions); 107 } 108 109 void core_mmu_get_secure_memory(paddr_t *base, paddr_size_t *size) 110 { 111 /* 112 * The first range is always used to cover OP-TEE core memory, but 113 * depending on configuration it may cover more than that. 114 */ 115 *base = secure_only[0].paddr; 116 *size = secure_only[0].size; 117 } 118 119 void core_mmu_get_ta_range(paddr_t *base, size_t *size) 120 { 121 paddr_t b = 0; 122 size_t s = 0; 123 124 static_assert(!(TEE_RAM_VA_SIZE % SMALL_PAGE_SIZE)); 125 #ifdef TA_RAM_START 126 b = TA_RAM_START; 127 s = TA_RAM_SIZE; 128 #else 129 static_assert(ARRAY_SIZE(secure_only) <= 2); 130 if (ARRAY_SIZE(secure_only) == 1) { 131 vaddr_t load_offs = 0; 132 133 assert(core_mmu_tee_load_pa >= secure_only[0].paddr); 134 load_offs = core_mmu_tee_load_pa - secure_only[0].paddr; 135 136 assert(secure_only[0].size > 137 load_offs + TEE_RAM_VA_SIZE + TEE_SDP_TEST_MEM_SIZE); 138 b = secure_only[0].paddr + load_offs + TEE_RAM_VA_SIZE; 139 s = secure_only[0].size - load_offs - TEE_RAM_VA_SIZE - 140 TEE_SDP_TEST_MEM_SIZE; 141 } else { 142 assert(secure_only[1].size > TEE_SDP_TEST_MEM_SIZE); 143 b = secure_only[1].paddr; 144 s = secure_only[1].size - TEE_SDP_TEST_MEM_SIZE; 145 } 146 #endif 147 if (base) 148 *base = b; 149 if (size) 150 *size = s; 151 } 152 153 static struct tee_mmap_region *get_memory_map(void) 154 { 155 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 156 struct tee_mmap_region *map = virt_get_memory_map(); 157 158 if (map) 159 return map; 160 } 161 162 return static_memory_map; 163 } 164 165 static bool _pbuf_intersects(struct memaccess_area *a, size_t alen, 166 paddr_t pa, size_t size) 167 { 168 size_t n; 169 170 for (n = 0; n < alen; n++) 171 if (core_is_buffer_intersect(pa, size, a[n].paddr, a[n].size)) 172 return true; 173 return false; 174 } 175 176 #define pbuf_intersects(a, pa, size) \ 177 _pbuf_intersects((a), ARRAY_SIZE(a), (pa), (size)) 178 179 static bool _pbuf_is_inside(struct memaccess_area *a, size_t alen, 180 paddr_t pa, size_t size) 181 { 182 size_t n; 183 184 for (n = 0; n < alen; n++) 185 if (core_is_buffer_inside(pa, size, a[n].paddr, a[n].size)) 186 return true; 187 return false; 188 } 189 190 #define pbuf_is_inside(a, pa, size) \ 191 _pbuf_is_inside((a), ARRAY_SIZE(a), (pa), (size)) 192 193 static bool pa_is_in_map(struct tee_mmap_region *map, paddr_t pa, size_t len) 194 { 195 paddr_t end_pa = 0; 196 197 if (!map) 198 return false; 199 200 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 201 return false; 202 203 return (pa >= map->pa && end_pa <= map->pa + map->size - 1); 204 } 205 206 static bool va_is_in_map(struct tee_mmap_region *map, vaddr_t va) 207 { 208 if (!map) 209 return false; 210 return (va >= map->va && va <= (map->va + map->size - 1)); 211 } 212 213 /* check if target buffer fits in a core default map area */ 214 static bool pbuf_inside_map_area(unsigned long p, size_t l, 215 struct tee_mmap_region *map) 216 { 217 return core_is_buffer_inside(p, l, map->pa, map->size); 218 } 219 220 static struct tee_mmap_region *find_map_by_type(enum teecore_memtypes type) 221 { 222 struct tee_mmap_region *map; 223 224 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) 225 if (map->type == type) 226 return map; 227 return NULL; 228 } 229 230 static struct tee_mmap_region * 231 find_map_by_type_and_pa(enum teecore_memtypes type, paddr_t pa, size_t len) 232 { 233 struct tee_mmap_region *map; 234 235 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 236 if (map->type != type) 237 continue; 238 if (pa_is_in_map(map, pa, len)) 239 return map; 240 } 241 return NULL; 242 } 243 244 static struct tee_mmap_region *find_map_by_va(void *va) 245 { 246 struct tee_mmap_region *map = get_memory_map(); 247 unsigned long a = (unsigned long)va; 248 249 while (!core_mmap_is_end_of_table(map)) { 250 if (a >= map->va && a <= (map->va - 1 + map->size)) 251 return map; 252 map++; 253 } 254 return NULL; 255 } 256 257 static struct tee_mmap_region *find_map_by_pa(unsigned long pa) 258 { 259 struct tee_mmap_region *map = get_memory_map(); 260 261 while (!core_mmap_is_end_of_table(map)) { 262 if (pa >= map->pa && pa <= (map->pa + map->size - 1)) 263 return map; 264 map++; 265 } 266 return NULL; 267 } 268 269 #if defined(CFG_SECURE_DATA_PATH) 270 static bool dtb_get_sdp_region(void) 271 { 272 void *fdt = NULL; 273 int node = 0; 274 int tmp_node = 0; 275 paddr_t tmp_addr = 0; 276 size_t tmp_size = 0; 277 278 if (!IS_ENABLED(CFG_EMBED_DTB)) 279 return false; 280 281 fdt = get_embedded_dt(); 282 if (!fdt) 283 panic("No DTB found"); 284 285 node = fdt_node_offset_by_compatible(fdt, -1, tz_sdp_match); 286 if (node < 0) { 287 DMSG("No %s compatible node found", tz_sdp_match); 288 return false; 289 } 290 tmp_node = node; 291 while (tmp_node >= 0) { 292 tmp_node = fdt_node_offset_by_compatible(fdt, tmp_node, 293 tz_sdp_match); 294 if (tmp_node >= 0) 295 DMSG("Ignore SDP pool node %s, supports only 1 node", 296 fdt_get_name(fdt, tmp_node, NULL)); 297 } 298 299 tmp_addr = fdt_reg_base_address(fdt, node); 300 if (tmp_addr == DT_INFO_INVALID_REG) { 301 EMSG("%s: Unable to get base addr from DT", tz_sdp_match); 302 return false; 303 } 304 305 tmp_size = fdt_reg_size(fdt, node); 306 if (tmp_size == DT_INFO_INVALID_REG_SIZE) { 307 EMSG("%s: Unable to get size of base addr from DT", 308 tz_sdp_match); 309 return false; 310 } 311 312 sec_sdp.paddr = tmp_addr; 313 sec_sdp.size = tmp_size; 314 315 return true; 316 } 317 #endif 318 319 #if defined(CFG_CORE_DYN_SHM) || defined(CFG_SECURE_DATA_PATH) 320 static bool pbuf_is_special_mem(paddr_t pbuf, size_t len, 321 const struct core_mmu_phys_mem *start, 322 const struct core_mmu_phys_mem *end) 323 { 324 const struct core_mmu_phys_mem *mem; 325 326 for (mem = start; mem < end; mem++) { 327 if (core_is_buffer_inside(pbuf, len, mem->addr, mem->size)) 328 return true; 329 } 330 331 return false; 332 } 333 #endif 334 335 #ifdef CFG_CORE_DYN_SHM 336 static void carve_out_phys_mem(struct core_mmu_phys_mem **mem, size_t *nelems, 337 paddr_t pa, size_t size) 338 { 339 struct core_mmu_phys_mem *m = *mem; 340 size_t n = 0; 341 342 while (true) { 343 if (n >= *nelems) { 344 DMSG("No need to carve out %#" PRIxPA " size %#zx", 345 pa, size); 346 return; 347 } 348 if (core_is_buffer_inside(pa, size, m[n].addr, m[n].size)) 349 break; 350 if (!core_is_buffer_outside(pa, size, m[n].addr, m[n].size)) 351 panic(); 352 n++; 353 } 354 355 if (pa == m[n].addr && size == m[n].size) { 356 /* Remove this entry */ 357 (*nelems)--; 358 memmove(m + n, m + n + 1, sizeof(*m) * (*nelems - n)); 359 m = nex_realloc(m, sizeof(*m) * *nelems); 360 if (!m) 361 panic(); 362 *mem = m; 363 } else if (pa == m[n].addr) { 364 m[n].addr += size; 365 m[n].size -= size; 366 } else if ((pa + size) == (m[n].addr + m[n].size)) { 367 m[n].size -= size; 368 } else { 369 /* Need to split the memory entry */ 370 m = nex_realloc(m, sizeof(*m) * (*nelems + 1)); 371 if (!m) 372 panic(); 373 *mem = m; 374 memmove(m + n + 1, m + n, sizeof(*m) * (*nelems - n)); 375 (*nelems)++; 376 m[n].size = pa - m[n].addr; 377 m[n + 1].size -= size + m[n].size; 378 m[n + 1].addr = pa + size; 379 } 380 } 381 382 static void check_phys_mem_is_outside(struct core_mmu_phys_mem *start, 383 size_t nelems, 384 struct tee_mmap_region *map) 385 { 386 size_t n; 387 388 for (n = 0; n < nelems; n++) { 389 if (!core_is_buffer_outside(start[n].addr, start[n].size, 390 map->pa, map->size)) { 391 EMSG("Non-sec mem (%#" PRIxPA ":%#" PRIxPASZ 392 ") overlaps map (type %d %#" PRIxPA ":%#zx)", 393 start[n].addr, start[n].size, 394 map->type, map->pa, map->size); 395 panic(); 396 } 397 } 398 } 399 400 static const struct core_mmu_phys_mem *discovered_nsec_ddr_start __nex_bss; 401 static size_t discovered_nsec_ddr_nelems __nex_bss; 402 403 static int cmp_pmem_by_addr(const void *a, const void *b) 404 { 405 const struct core_mmu_phys_mem *pmem_a = a; 406 const struct core_mmu_phys_mem *pmem_b = b; 407 408 return CMP_TRILEAN(pmem_a->addr, pmem_b->addr); 409 } 410 411 void core_mmu_set_discovered_nsec_ddr(struct core_mmu_phys_mem *start, 412 size_t nelems) 413 { 414 struct core_mmu_phys_mem *m = start; 415 size_t num_elems = nelems; 416 struct tee_mmap_region *map = static_memory_map; 417 const struct core_mmu_phys_mem __maybe_unused *pmem; 418 size_t n = 0; 419 420 assert(!discovered_nsec_ddr_start); 421 assert(m && num_elems); 422 423 qsort(m, num_elems, sizeof(*m), cmp_pmem_by_addr); 424 425 /* 426 * Non-secure shared memory and also secure data 427 * path memory are supposed to reside inside 428 * non-secure memory. Since NSEC_SHM and SDP_MEM 429 * are used for a specific purpose make holes for 430 * those memory in the normal non-secure memory. 431 * 432 * This has to be done since for instance QEMU 433 * isn't aware of which memory range in the 434 * non-secure memory is used for NSEC_SHM. 435 */ 436 437 #ifdef CFG_SECURE_DATA_PATH 438 if (dtb_get_sdp_region()) 439 carve_out_phys_mem(&m, &num_elems, sec_sdp.paddr, sec_sdp.size); 440 441 for (pmem = phys_sdp_mem_begin; pmem < phys_sdp_mem_end; pmem++) 442 carve_out_phys_mem(&m, &num_elems, pmem->addr, pmem->size); 443 #endif 444 445 for (n = 0; n < ARRAY_SIZE(secure_only); n++) 446 carve_out_phys_mem(&m, &num_elems, secure_only[n].paddr, 447 secure_only[n].size); 448 449 for (map = static_memory_map; !core_mmap_is_end_of_table(map); map++) { 450 switch (map->type) { 451 case MEM_AREA_NSEC_SHM: 452 carve_out_phys_mem(&m, &num_elems, map->pa, map->size); 453 break; 454 case MEM_AREA_EXT_DT: 455 case MEM_AREA_RES_VASPACE: 456 case MEM_AREA_SHM_VASPACE: 457 case MEM_AREA_TS_VASPACE: 458 case MEM_AREA_PAGER_VASPACE: 459 break; 460 default: 461 check_phys_mem_is_outside(m, num_elems, map); 462 } 463 } 464 465 discovered_nsec_ddr_start = m; 466 discovered_nsec_ddr_nelems = num_elems; 467 468 if (!core_mmu_check_end_pa(m[num_elems - 1].addr, 469 m[num_elems - 1].size)) 470 panic(); 471 } 472 473 static bool get_discovered_nsec_ddr(const struct core_mmu_phys_mem **start, 474 const struct core_mmu_phys_mem **end) 475 { 476 if (!discovered_nsec_ddr_start) 477 return false; 478 479 *start = discovered_nsec_ddr_start; 480 *end = discovered_nsec_ddr_start + discovered_nsec_ddr_nelems; 481 482 return true; 483 } 484 485 static bool pbuf_is_nsec_ddr(paddr_t pbuf, size_t len) 486 { 487 const struct core_mmu_phys_mem *start; 488 const struct core_mmu_phys_mem *end; 489 490 if (!get_discovered_nsec_ddr(&start, &end)) 491 return false; 492 493 return pbuf_is_special_mem(pbuf, len, start, end); 494 } 495 496 bool core_mmu_nsec_ddr_is_defined(void) 497 { 498 const struct core_mmu_phys_mem *start; 499 const struct core_mmu_phys_mem *end; 500 501 if (!get_discovered_nsec_ddr(&start, &end)) 502 return false; 503 504 return start != end; 505 } 506 #else 507 static bool pbuf_is_nsec_ddr(paddr_t pbuf __unused, size_t len __unused) 508 { 509 return false; 510 } 511 #endif /*CFG_CORE_DYN_SHM*/ 512 513 #define MSG_MEM_INSTERSECT(pa1, sz1, pa2, sz2) \ 514 EMSG("[%" PRIxPA " %" PRIx64 "] intersects [%" PRIxPA " %" PRIx64 "]", \ 515 pa1, (uint64_t)pa1 + (sz1), pa2, (uint64_t)pa2 + (sz2)) 516 517 #ifdef CFG_SECURE_DATA_PATH 518 static bool pbuf_is_sdp_mem(paddr_t pbuf, size_t len) 519 { 520 bool is_sdp_mem = false; 521 522 if (sec_sdp.size) 523 is_sdp_mem = core_is_buffer_inside(pbuf, len, sec_sdp.paddr, 524 sec_sdp.size); 525 526 if (!is_sdp_mem) 527 is_sdp_mem = pbuf_is_special_mem(pbuf, len, phys_sdp_mem_begin, 528 phys_sdp_mem_end); 529 530 return is_sdp_mem; 531 } 532 533 static struct mobj *core_sdp_mem_alloc_mobj(paddr_t pa, size_t size) 534 { 535 struct mobj *mobj = mobj_phys_alloc(pa, size, TEE_MATTR_MEM_TYPE_CACHED, 536 CORE_MEM_SDP_MEM); 537 538 if (!mobj) 539 panic("can't create SDP physical memory object"); 540 541 return mobj; 542 } 543 544 struct mobj **core_sdp_mem_create_mobjs(void) 545 { 546 const struct core_mmu_phys_mem *mem = NULL; 547 struct mobj **mobj_base = NULL; 548 struct mobj **mobj = NULL; 549 int cnt = phys_sdp_mem_end - phys_sdp_mem_begin; 550 551 if (sec_sdp.size) 552 cnt++; 553 554 /* SDP mobjs table must end with a NULL entry */ 555 mobj_base = calloc(cnt + 1, sizeof(struct mobj *)); 556 if (!mobj_base) 557 panic("Out of memory"); 558 559 mobj = mobj_base; 560 561 for (mem = phys_sdp_mem_begin; mem < phys_sdp_mem_end; mem++, mobj++) 562 *mobj = core_sdp_mem_alloc_mobj(mem->addr, mem->size); 563 564 if (sec_sdp.size) 565 *mobj = core_sdp_mem_alloc_mobj(sec_sdp.paddr, sec_sdp.size); 566 567 return mobj_base; 568 } 569 570 #else /* CFG_SECURE_DATA_PATH */ 571 static bool pbuf_is_sdp_mem(paddr_t pbuf __unused, size_t len __unused) 572 { 573 return false; 574 } 575 576 #endif /* CFG_SECURE_DATA_PATH */ 577 578 /* Check special memories comply with registered memories */ 579 static void verify_special_mem_areas(struct tee_mmap_region *mem_map, 580 size_t len, 581 const struct core_mmu_phys_mem *start, 582 const struct core_mmu_phys_mem *end, 583 const char *area_name __maybe_unused) 584 { 585 const struct core_mmu_phys_mem *mem; 586 const struct core_mmu_phys_mem *mem2; 587 struct tee_mmap_region *mmap; 588 size_t n; 589 590 if (start == end) { 591 DMSG("No %s memory area defined", area_name); 592 return; 593 } 594 595 for (mem = start; mem < end; mem++) 596 DMSG("%s memory [%" PRIxPA " %" PRIx64 "]", 597 area_name, mem->addr, (uint64_t)mem->addr + mem->size); 598 599 /* Check memories do not intersect each other */ 600 for (mem = start; mem + 1 < end; mem++) { 601 for (mem2 = mem + 1; mem2 < end; mem2++) { 602 if (core_is_buffer_intersect(mem2->addr, mem2->size, 603 mem->addr, mem->size)) { 604 MSG_MEM_INSTERSECT(mem2->addr, mem2->size, 605 mem->addr, mem->size); 606 panic("Special memory intersection"); 607 } 608 } 609 } 610 611 /* 612 * Check memories do not intersect any mapped memory. 613 * This is called before reserved VA space is loaded in mem_map. 614 */ 615 for (mem = start; mem < end; mem++) { 616 for (mmap = mem_map, n = 0; n < len; mmap++, n++) { 617 if (core_is_buffer_intersect(mem->addr, mem->size, 618 mmap->pa, mmap->size)) { 619 MSG_MEM_INSTERSECT(mem->addr, mem->size, 620 mmap->pa, mmap->size); 621 panic("Special memory intersection"); 622 } 623 } 624 } 625 } 626 627 static void add_phys_mem(struct tee_mmap_region *memory_map, size_t num_elems, 628 const char *mem_name __maybe_unused, 629 enum teecore_memtypes mem_type, 630 paddr_t mem_addr, paddr_size_t mem_size, size_t *last) 631 { 632 size_t n = 0; 633 paddr_t pa; 634 paddr_size_t size; 635 636 if (!mem_size) /* Discard null size entries */ 637 return; 638 /* 639 * If some ranges of memory of the same type do overlap 640 * each others they are coalesced into one entry. To help this 641 * added entries are sorted by increasing physical. 642 * 643 * Note that it's valid to have the same physical memory as several 644 * different memory types, for instance the same device memory 645 * mapped as both secure and non-secure. This will probably not 646 * happen often in practice. 647 */ 648 DMSG("%s type %s 0x%08" PRIxPA " size 0x%08" PRIxPASZ, 649 mem_name, teecore_memtype_name(mem_type), mem_addr, mem_size); 650 while (true) { 651 if (n >= (num_elems - 1)) { 652 EMSG("Out of entries (%zu) in memory_map", num_elems); 653 panic(); 654 } 655 if (n == *last) 656 break; 657 pa = memory_map[n].pa; 658 size = memory_map[n].size; 659 if (mem_type == memory_map[n].type && 660 ((pa <= (mem_addr + (mem_size - 1))) && 661 (mem_addr <= (pa + (size - 1))))) { 662 DMSG("Physical mem map overlaps 0x%" PRIxPA, mem_addr); 663 memory_map[n].pa = MIN(pa, mem_addr); 664 memory_map[n].size = MAX(size, mem_size) + 665 (pa - memory_map[n].pa); 666 return; 667 } 668 if (mem_type < memory_map[n].type || 669 (mem_type == memory_map[n].type && mem_addr < pa)) 670 break; /* found the spot where to insert this memory */ 671 n++; 672 } 673 674 memmove(memory_map + n + 1, memory_map + n, 675 sizeof(struct tee_mmap_region) * (*last - n)); 676 (*last)++; 677 memset(memory_map + n, 0, sizeof(memory_map[0])); 678 memory_map[n].type = mem_type; 679 memory_map[n].pa = mem_addr; 680 memory_map[n].size = mem_size; 681 } 682 683 static void add_va_space(struct tee_mmap_region *memory_map, size_t num_elems, 684 enum teecore_memtypes type, size_t size, size_t *last) 685 { 686 size_t n = 0; 687 688 DMSG("type %s size 0x%08zx", teecore_memtype_name(type), size); 689 while (true) { 690 if (n >= (num_elems - 1)) { 691 EMSG("Out of entries (%zu) in memory_map", num_elems); 692 panic(); 693 } 694 if (n == *last) 695 break; 696 if (type < memory_map[n].type) 697 break; 698 n++; 699 } 700 701 memmove(memory_map + n + 1, memory_map + n, 702 sizeof(struct tee_mmap_region) * (*last - n)); 703 (*last)++; 704 memset(memory_map + n, 0, sizeof(memory_map[0])); 705 memory_map[n].type = type; 706 memory_map[n].size = size; 707 } 708 709 uint32_t core_mmu_type_to_attr(enum teecore_memtypes t) 710 { 711 const uint32_t attr = TEE_MATTR_VALID_BLOCK; 712 const uint32_t tagged = TEE_MATTR_MEM_TYPE_TAGGED << 713 TEE_MATTR_MEM_TYPE_SHIFT; 714 const uint32_t cached = TEE_MATTR_MEM_TYPE_CACHED << 715 TEE_MATTR_MEM_TYPE_SHIFT; 716 const uint32_t noncache = TEE_MATTR_MEM_TYPE_DEV << 717 TEE_MATTR_MEM_TYPE_SHIFT; 718 719 switch (t) { 720 case MEM_AREA_TEE_RAM: 721 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | tagged; 722 case MEM_AREA_TEE_RAM_RX: 723 case MEM_AREA_INIT_RAM_RX: 724 case MEM_AREA_IDENTITY_MAP_RX: 725 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRX | tagged; 726 case MEM_AREA_TEE_RAM_RO: 727 case MEM_AREA_INIT_RAM_RO: 728 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | tagged; 729 case MEM_AREA_TEE_RAM_RW: 730 case MEM_AREA_NEX_RAM_RO: /* This has to be r/w during init runtime */ 731 case MEM_AREA_NEX_RAM_RW: 732 case MEM_AREA_TEE_ASAN: 733 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 734 case MEM_AREA_TEE_COHERENT: 735 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | noncache; 736 case MEM_AREA_TA_RAM: 737 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 738 case MEM_AREA_NSEC_SHM: 739 return attr | TEE_MATTR_PRW | cached; 740 case MEM_AREA_EXT_DT: 741 /* 742 * If CFG_MAP_EXT_DT_SECURE is enabled map the external device 743 * tree as secure non-cached memory, otherwise, fall back to 744 * non-secure mapping. 745 */ 746 if (IS_ENABLED(CFG_MAP_EXT_DT_SECURE)) 747 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | 748 noncache; 749 fallthrough; 750 case MEM_AREA_IO_NSEC: 751 return attr | TEE_MATTR_PRW | noncache; 752 case MEM_AREA_IO_SEC: 753 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | noncache; 754 case MEM_AREA_RAM_NSEC: 755 return attr | TEE_MATTR_PRW | cached; 756 case MEM_AREA_RAM_SEC: 757 case MEM_AREA_SEC_RAM_OVERALL: 758 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 759 case MEM_AREA_RES_VASPACE: 760 case MEM_AREA_SHM_VASPACE: 761 return 0; 762 case MEM_AREA_PAGER_VASPACE: 763 return TEE_MATTR_SECURE; 764 default: 765 panic("invalid type"); 766 } 767 } 768 769 static bool __maybe_unused map_is_tee_ram(const struct tee_mmap_region *mm) 770 { 771 switch (mm->type) { 772 case MEM_AREA_TEE_RAM: 773 case MEM_AREA_TEE_RAM_RX: 774 case MEM_AREA_TEE_RAM_RO: 775 case MEM_AREA_TEE_RAM_RW: 776 case MEM_AREA_INIT_RAM_RX: 777 case MEM_AREA_INIT_RAM_RO: 778 case MEM_AREA_NEX_RAM_RW: 779 case MEM_AREA_NEX_RAM_RO: 780 case MEM_AREA_TEE_ASAN: 781 return true; 782 default: 783 return false; 784 } 785 } 786 787 static bool __maybe_unused map_is_secure(const struct tee_mmap_region *mm) 788 { 789 return !!(core_mmu_type_to_attr(mm->type) & TEE_MATTR_SECURE); 790 } 791 792 static bool __maybe_unused map_is_pgdir(const struct tee_mmap_region *mm) 793 { 794 return mm->region_size == CORE_MMU_PGDIR_SIZE; 795 } 796 797 static int cmp_mmap_by_lower_va(const void *a, const void *b) 798 { 799 const struct tee_mmap_region *mm_a = a; 800 const struct tee_mmap_region *mm_b = b; 801 802 return CMP_TRILEAN(mm_a->va, mm_b->va); 803 } 804 805 static void dump_mmap_table(struct tee_mmap_region *memory_map) 806 { 807 struct tee_mmap_region *map; 808 809 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 810 vaddr_t __maybe_unused vstart; 811 812 vstart = map->va + ((vaddr_t)map->pa & (map->region_size - 1)); 813 DMSG("type %-12s va 0x%08" PRIxVA "..0x%08" PRIxVA 814 " pa 0x%08" PRIxPA "..0x%08" PRIxPA " size 0x%08zx (%s)", 815 teecore_memtype_name(map->type), vstart, 816 vstart + map->size - 1, map->pa, 817 (paddr_t)(map->pa + map->size - 1), map->size, 818 map->region_size == SMALL_PAGE_SIZE ? "smallpg" : "pgdir"); 819 } 820 } 821 822 #if DEBUG_XLAT_TABLE 823 824 static void dump_xlat_table(vaddr_t va, unsigned int level) 825 { 826 struct core_mmu_table_info tbl_info; 827 unsigned int idx = 0; 828 paddr_t pa; 829 uint32_t attr; 830 831 core_mmu_find_table(NULL, va, level, &tbl_info); 832 va = tbl_info.va_base; 833 for (idx = 0; idx < tbl_info.num_entries; idx++) { 834 core_mmu_get_entry(&tbl_info, idx, &pa, &attr); 835 if (attr || level > CORE_MMU_BASE_TABLE_LEVEL) { 836 const char *security_bit = ""; 837 838 if (core_mmu_entry_have_security_bit(attr)) { 839 if (attr & TEE_MATTR_SECURE) 840 security_bit = "S"; 841 else 842 security_bit = "NS"; 843 } 844 845 if (attr & TEE_MATTR_TABLE) { 846 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 847 " TBL:0x%010" PRIxPA " %s", 848 level * 2, "", level, va, pa, 849 security_bit); 850 dump_xlat_table(va, level + 1); 851 } else if (attr) { 852 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 853 " PA:0x%010" PRIxPA " %s-%s-%s-%s", 854 level * 2, "", level, va, pa, 855 mattr_is_cached(attr) ? "MEM" : 856 "DEV", 857 attr & TEE_MATTR_PW ? "RW" : "RO", 858 attr & TEE_MATTR_PX ? "X " : "XN", 859 security_bit); 860 } else { 861 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 862 " INVALID\n", 863 level * 2, "", level, va); 864 } 865 } 866 va += BIT64(tbl_info.shift); 867 } 868 } 869 870 #else 871 872 static void dump_xlat_table(vaddr_t va __unused, int level __unused) 873 { 874 } 875 876 #endif 877 878 /* 879 * Reserves virtual memory space for pager usage. 880 * 881 * From the start of the first memory used by the link script + 882 * TEE_RAM_VA_SIZE should be covered, either with a direct mapping or empty 883 * mapping for pager usage. This adds translation tables as needed for the 884 * pager to operate. 885 */ 886 static void add_pager_vaspace(struct tee_mmap_region *mmap, size_t num_elems, 887 size_t *last) 888 { 889 paddr_t begin = 0; 890 paddr_t end = 0; 891 size_t size = 0; 892 size_t pos = 0; 893 size_t n = 0; 894 895 if (*last >= (num_elems - 1)) { 896 EMSG("Out of entries (%zu) in memory map", num_elems); 897 panic(); 898 } 899 900 for (n = 0; !core_mmap_is_end_of_table(mmap + n); n++) { 901 if (map_is_tee_ram(mmap + n)) { 902 if (!begin) 903 begin = mmap[n].pa; 904 pos = n + 1; 905 } 906 } 907 908 end = mmap[pos - 1].pa + mmap[pos - 1].size; 909 assert(end - begin < TEE_RAM_VA_SIZE); 910 size = TEE_RAM_VA_SIZE - (end - begin); 911 912 assert(pos <= *last); 913 memmove(mmap + pos + 1, mmap + pos, 914 sizeof(struct tee_mmap_region) * (*last - pos)); 915 (*last)++; 916 memset(mmap + pos, 0, sizeof(mmap[0])); 917 mmap[pos].type = MEM_AREA_PAGER_VASPACE; 918 mmap[pos].va = 0; 919 mmap[pos].size = size; 920 mmap[pos].region_size = SMALL_PAGE_SIZE; 921 mmap[pos].attr = core_mmu_type_to_attr(MEM_AREA_PAGER_VASPACE); 922 } 923 924 static void check_sec_nsec_mem_config(void) 925 { 926 size_t n = 0; 927 928 for (n = 0; n < ARRAY_SIZE(secure_only); n++) { 929 if (pbuf_intersects(nsec_shared, secure_only[n].paddr, 930 secure_only[n].size)) 931 panic("Invalid memory access config: sec/nsec"); 932 } 933 } 934 935 static size_t collect_mem_ranges(struct tee_mmap_region *memory_map, 936 size_t num_elems) 937 { 938 const struct core_mmu_phys_mem *mem = NULL; 939 vaddr_t ram_start = secure_only[0].paddr; 940 size_t last = 0; 941 942 943 #define ADD_PHYS_MEM(_type, _addr, _size) \ 944 add_phys_mem(memory_map, num_elems, #_addr, (_type), \ 945 (_addr), (_size), &last) 946 947 if (IS_ENABLED(CFG_CORE_RWDATA_NOEXEC)) { 948 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RO, ram_start, 949 VCORE_UNPG_RX_PA - ram_start); 950 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RX, VCORE_UNPG_RX_PA, 951 VCORE_UNPG_RX_SZ); 952 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RO, VCORE_UNPG_RO_PA, 953 VCORE_UNPG_RO_SZ); 954 955 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 956 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RO, VCORE_UNPG_RW_PA, 957 VCORE_UNPG_RW_SZ); 958 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RW, VCORE_NEX_RW_PA, 959 VCORE_NEX_RW_SZ); 960 } else { 961 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RW, VCORE_UNPG_RW_PA, 962 VCORE_UNPG_RW_SZ); 963 } 964 965 if (IS_ENABLED(CFG_WITH_PAGER)) { 966 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RX, VCORE_INIT_RX_PA, 967 VCORE_INIT_RX_SZ); 968 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RO, VCORE_INIT_RO_PA, 969 VCORE_INIT_RO_SZ); 970 } 971 } else { 972 ADD_PHYS_MEM(MEM_AREA_TEE_RAM, TEE_RAM_START, TEE_RAM_PH_SIZE); 973 } 974 975 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 976 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, TRUSTED_DRAM_BASE, 977 TRUSTED_DRAM_SIZE); 978 } else { 979 /* 980 * Every guest will have own TA RAM if virtualization 981 * support is enabled. 982 */ 983 paddr_t ta_base = 0; 984 size_t ta_size = 0; 985 986 core_mmu_get_ta_range(&ta_base, &ta_size); 987 ADD_PHYS_MEM(MEM_AREA_TA_RAM, ta_base, ta_size); 988 } 989 990 if (IS_ENABLED(CFG_CORE_SANITIZE_KADDRESS) && 991 IS_ENABLED(CFG_WITH_PAGER)) { 992 /* 993 * Asan ram is part of MEM_AREA_TEE_RAM_RW when pager is 994 * disabled. 995 */ 996 ADD_PHYS_MEM(MEM_AREA_TEE_ASAN, ASAN_MAP_PA, ASAN_MAP_SZ); 997 } 998 999 #undef ADD_PHYS_MEM 1000 1001 for (mem = phys_mem_map_begin; mem < phys_mem_map_end; mem++) { 1002 /* Only unmapped virtual range may have a null phys addr */ 1003 assert(mem->addr || !core_mmu_type_to_attr(mem->type)); 1004 1005 add_phys_mem(memory_map, num_elems, mem->name, mem->type, 1006 mem->addr, mem->size, &last); 1007 } 1008 1009 if (IS_ENABLED(CFG_SECURE_DATA_PATH)) 1010 verify_special_mem_areas(memory_map, num_elems, 1011 phys_sdp_mem_begin, 1012 phys_sdp_mem_end, "SDP"); 1013 1014 add_va_space(memory_map, num_elems, MEM_AREA_RES_VASPACE, 1015 CFG_RESERVED_VASPACE_SIZE, &last); 1016 1017 add_va_space(memory_map, num_elems, MEM_AREA_SHM_VASPACE, 1018 SHM_VASPACE_SIZE, &last); 1019 1020 memory_map[last].type = MEM_AREA_END; 1021 1022 return last; 1023 } 1024 1025 static void assign_mem_granularity(struct tee_mmap_region *memory_map) 1026 { 1027 struct tee_mmap_region *map = NULL; 1028 1029 /* 1030 * Assign region sizes, note that MEM_AREA_TEE_RAM always uses 1031 * SMALL_PAGE_SIZE. 1032 */ 1033 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1034 paddr_t mask = map->pa | map->size; 1035 1036 if (!(mask & CORE_MMU_PGDIR_MASK)) 1037 map->region_size = CORE_MMU_PGDIR_SIZE; 1038 else if (!(mask & SMALL_PAGE_MASK)) 1039 map->region_size = SMALL_PAGE_SIZE; 1040 else 1041 panic("Impossible memory alignment"); 1042 1043 if (map_is_tee_ram(map)) 1044 map->region_size = SMALL_PAGE_SIZE; 1045 } 1046 } 1047 1048 static bool place_tee_ram_at_top(paddr_t paddr) 1049 { 1050 return paddr > BIT64(core_mmu_get_va_width()) / 2; 1051 } 1052 1053 /* 1054 * MMU arch driver shall override this function if it helps 1055 * optimizing the memory footprint of the address translation tables. 1056 */ 1057 bool __weak core_mmu_prefer_tee_ram_at_top(paddr_t paddr) 1058 { 1059 return place_tee_ram_at_top(paddr); 1060 } 1061 1062 static bool assign_mem_va_dir(vaddr_t tee_ram_va, 1063 struct tee_mmap_region *memory_map, 1064 bool tee_ram_at_top) 1065 { 1066 struct tee_mmap_region *map = NULL; 1067 vaddr_t va = 0; 1068 bool va_is_secure = true; 1069 1070 /* 1071 * tee_ram_va might equals 0 when CFG_CORE_ASLR=y. 1072 * 0 is by design an invalid va, so return false directly. 1073 */ 1074 if (!tee_ram_va) 1075 return false; 1076 1077 /* Clear eventual previous assignments */ 1078 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 1079 map->va = 0; 1080 1081 /* 1082 * TEE RAM regions are always aligned with region_size. 1083 * 1084 * Note that MEM_AREA_PAGER_VASPACE also counts as TEE RAM here 1085 * since it handles virtual memory which covers the part of the ELF 1086 * that cannot fit directly into memory. 1087 */ 1088 va = tee_ram_va; 1089 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1090 if (map_is_tee_ram(map) || 1091 map->type == MEM_AREA_PAGER_VASPACE) { 1092 assert(!(va & (map->region_size - 1))); 1093 assert(!(map->size & (map->region_size - 1))); 1094 map->va = va; 1095 if (ADD_OVERFLOW(va, map->size, &va)) 1096 return false; 1097 if (va >= BIT64(core_mmu_get_va_width())) 1098 return false; 1099 } 1100 } 1101 1102 if (tee_ram_at_top) { 1103 /* 1104 * Map non-tee ram regions at addresses lower than the tee 1105 * ram region. 1106 */ 1107 va = tee_ram_va; 1108 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1109 map->attr = core_mmu_type_to_attr(map->type); 1110 if (map->va) 1111 continue; 1112 1113 if (!IS_ENABLED(CFG_WITH_LPAE) && 1114 va_is_secure != map_is_secure(map)) { 1115 va_is_secure = !va_is_secure; 1116 va = ROUNDDOWN(va, CORE_MMU_PGDIR_SIZE); 1117 } 1118 1119 if (SUB_OVERFLOW(va, map->size, &va)) 1120 return false; 1121 va = ROUNDDOWN(va, map->region_size); 1122 /* 1123 * Make sure that va is aligned with pa for 1124 * efficient pgdir mapping. Basically pa & 1125 * pgdir_mask should be == va & pgdir_mask 1126 */ 1127 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1128 if (SUB_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, &va)) 1129 return false; 1130 va += (map->pa - va) & CORE_MMU_PGDIR_MASK; 1131 } 1132 map->va = va; 1133 } 1134 } else { 1135 /* 1136 * Map non-tee ram regions at addresses higher than the tee 1137 * ram region. 1138 */ 1139 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1140 map->attr = core_mmu_type_to_attr(map->type); 1141 if (map->va) 1142 continue; 1143 1144 if (!IS_ENABLED(CFG_WITH_LPAE) && 1145 va_is_secure != map_is_secure(map)) { 1146 va_is_secure = !va_is_secure; 1147 if (ROUNDUP_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, 1148 &va)) 1149 return false; 1150 } 1151 1152 if (ROUNDUP_OVERFLOW(va, map->region_size, &va)) 1153 return false; 1154 /* 1155 * Make sure that va is aligned with pa for 1156 * efficient pgdir mapping. Basically pa & 1157 * pgdir_mask should be == va & pgdir_mask 1158 */ 1159 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1160 vaddr_t offs = (map->pa - va) & 1161 CORE_MMU_PGDIR_MASK; 1162 1163 if (ADD_OVERFLOW(va, offs, &va)) 1164 return false; 1165 } 1166 1167 map->va = va; 1168 if (ADD_OVERFLOW(va, map->size, &va)) 1169 return false; 1170 if (va >= BIT64(core_mmu_get_va_width())) 1171 return false; 1172 } 1173 } 1174 1175 return true; 1176 } 1177 1178 static bool assign_mem_va(vaddr_t tee_ram_va, 1179 struct tee_mmap_region *memory_map) 1180 { 1181 bool tee_ram_at_top = place_tee_ram_at_top(tee_ram_va); 1182 1183 /* 1184 * Check that we're not overlapping with the user VA range. 1185 */ 1186 if (IS_ENABLED(CFG_WITH_LPAE)) { 1187 /* 1188 * User VA range is supposed to be defined after these 1189 * mappings have been established. 1190 */ 1191 assert(!core_mmu_user_va_range_is_defined()); 1192 } else { 1193 vaddr_t user_va_base = 0; 1194 size_t user_va_size = 0; 1195 1196 assert(core_mmu_user_va_range_is_defined()); 1197 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 1198 if (tee_ram_va < (user_va_base + user_va_size)) 1199 return false; 1200 } 1201 1202 if (IS_ENABLED(CFG_WITH_PAGER)) { 1203 bool prefered_dir = core_mmu_prefer_tee_ram_at_top(tee_ram_va); 1204 1205 /* Try whole mapping covered by a single base xlat entry */ 1206 if (prefered_dir != tee_ram_at_top && 1207 assign_mem_va_dir(tee_ram_va, memory_map, prefered_dir)) 1208 return true; 1209 } 1210 1211 return assign_mem_va_dir(tee_ram_va, memory_map, tee_ram_at_top); 1212 } 1213 1214 static int cmp_init_mem_map(const void *a, const void *b) 1215 { 1216 const struct tee_mmap_region *mm_a = a; 1217 const struct tee_mmap_region *mm_b = b; 1218 int rc = 0; 1219 1220 rc = CMP_TRILEAN(mm_a->region_size, mm_b->region_size); 1221 if (!rc) 1222 rc = CMP_TRILEAN(mm_a->pa, mm_b->pa); 1223 /* 1224 * 32bit MMU descriptors cannot mix secure and non-secure mapping in 1225 * the same level2 table. Hence sort secure mapping from non-secure 1226 * mapping. 1227 */ 1228 if (!rc && !IS_ENABLED(CFG_WITH_LPAE)) 1229 rc = CMP_TRILEAN(map_is_secure(mm_a), map_is_secure(mm_b)); 1230 1231 return rc; 1232 } 1233 1234 static bool mem_map_add_id_map(struct tee_mmap_region *memory_map, 1235 size_t num_elems, size_t *last, 1236 vaddr_t id_map_start, vaddr_t id_map_end) 1237 { 1238 struct tee_mmap_region *map = NULL; 1239 vaddr_t start = ROUNDDOWN(id_map_start, SMALL_PAGE_SIZE); 1240 vaddr_t end = ROUNDUP(id_map_end, SMALL_PAGE_SIZE); 1241 size_t len = end - start; 1242 1243 if (*last >= num_elems - 1) { 1244 EMSG("Out of entries (%zu) in memory map", num_elems); 1245 panic(); 1246 } 1247 1248 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 1249 if (core_is_buffer_intersect(map->va, map->size, start, len)) 1250 return false; 1251 1252 *map = (struct tee_mmap_region){ 1253 .type = MEM_AREA_IDENTITY_MAP_RX, 1254 /* 1255 * Could use CORE_MMU_PGDIR_SIZE to potentially save a 1256 * translation table, at the increased risk of clashes with 1257 * the rest of the memory map. 1258 */ 1259 .region_size = SMALL_PAGE_SIZE, 1260 .pa = start, 1261 .va = start, 1262 .size = len, 1263 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1264 }; 1265 1266 (*last)++; 1267 1268 return true; 1269 } 1270 1271 static unsigned long init_mem_map(struct tee_mmap_region *memory_map, 1272 size_t num_elems, unsigned long seed) 1273 { 1274 /* 1275 * @id_map_start and @id_map_end describes a physical memory range 1276 * that must be mapped Read-Only eXecutable at identical virtual 1277 * addresses. 1278 */ 1279 vaddr_t id_map_start = (vaddr_t)__identity_map_init_start; 1280 vaddr_t id_map_end = (vaddr_t)__identity_map_init_end; 1281 vaddr_t start_addr = secure_only[0].paddr; 1282 unsigned long offs = 0; 1283 size_t last = 0; 1284 1285 last = collect_mem_ranges(memory_map, num_elems); 1286 assign_mem_granularity(memory_map); 1287 1288 /* 1289 * To ease mapping and lower use of xlat tables, sort mapping 1290 * description moving small-page regions after the pgdir regions. 1291 */ 1292 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1293 cmp_init_mem_map); 1294 1295 if (IS_ENABLED(CFG_WITH_PAGER)) 1296 add_pager_vaspace(memory_map, num_elems, &last); 1297 1298 if (IS_ENABLED(CFG_CORE_ASLR) && seed) { 1299 vaddr_t base_addr = start_addr + seed; 1300 const unsigned int va_width = core_mmu_get_va_width(); 1301 const vaddr_t va_mask = GENMASK_64(va_width - 1, 1302 SMALL_PAGE_SHIFT); 1303 vaddr_t ba = base_addr; 1304 size_t n = 0; 1305 1306 for (n = 0; n < 3; n++) { 1307 if (n) 1308 ba = base_addr ^ BIT64(va_width - n); 1309 ba &= va_mask; 1310 if (assign_mem_va(ba, memory_map) && 1311 mem_map_add_id_map(memory_map, num_elems, &last, 1312 id_map_start, id_map_end)) { 1313 offs = ba - start_addr; 1314 DMSG("Mapping core at %#"PRIxVA" offs %#lx", 1315 ba, offs); 1316 goto out; 1317 } else { 1318 DMSG("Failed to map core at %#"PRIxVA, ba); 1319 } 1320 } 1321 EMSG("Failed to map core with seed %#lx", seed); 1322 } 1323 1324 if (!assign_mem_va(start_addr, memory_map)) 1325 panic(); 1326 1327 out: 1328 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1329 cmp_mmap_by_lower_va); 1330 1331 dump_mmap_table(memory_map); 1332 1333 return offs; 1334 } 1335 1336 static void check_mem_map(struct tee_mmap_region *map) 1337 { 1338 struct tee_mmap_region *m = NULL; 1339 1340 for (m = map; !core_mmap_is_end_of_table(m); m++) { 1341 switch (m->type) { 1342 case MEM_AREA_TEE_RAM: 1343 case MEM_AREA_TEE_RAM_RX: 1344 case MEM_AREA_TEE_RAM_RO: 1345 case MEM_AREA_TEE_RAM_RW: 1346 case MEM_AREA_INIT_RAM_RX: 1347 case MEM_AREA_INIT_RAM_RO: 1348 case MEM_AREA_NEX_RAM_RW: 1349 case MEM_AREA_NEX_RAM_RO: 1350 case MEM_AREA_IDENTITY_MAP_RX: 1351 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1352 panic("TEE_RAM can't fit in secure_only"); 1353 break; 1354 case MEM_AREA_TA_RAM: 1355 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1356 panic("TA_RAM can't fit in secure_only"); 1357 break; 1358 case MEM_AREA_NSEC_SHM: 1359 if (!pbuf_is_inside(nsec_shared, m->pa, m->size)) 1360 panic("NS_SHM can't fit in nsec_shared"); 1361 break; 1362 case MEM_AREA_SEC_RAM_OVERALL: 1363 case MEM_AREA_TEE_COHERENT: 1364 case MEM_AREA_TEE_ASAN: 1365 case MEM_AREA_IO_SEC: 1366 case MEM_AREA_IO_NSEC: 1367 case MEM_AREA_EXT_DT: 1368 case MEM_AREA_RAM_SEC: 1369 case MEM_AREA_RAM_NSEC: 1370 case MEM_AREA_RES_VASPACE: 1371 case MEM_AREA_SHM_VASPACE: 1372 case MEM_AREA_PAGER_VASPACE: 1373 break; 1374 default: 1375 EMSG("Uhandled memtype %d", m->type); 1376 panic(); 1377 } 1378 } 1379 } 1380 1381 static struct tee_mmap_region *get_tmp_mmap(void) 1382 { 1383 struct tee_mmap_region *tmp_mmap = (void *)__heap1_start; 1384 1385 #ifdef CFG_WITH_PAGER 1386 if (__heap1_end - __heap1_start < (ptrdiff_t)sizeof(static_memory_map)) 1387 tmp_mmap = (void *)__heap2_start; 1388 #endif 1389 1390 memset(tmp_mmap, 0, sizeof(static_memory_map)); 1391 1392 return tmp_mmap; 1393 } 1394 1395 /* 1396 * core_init_mmu_map() - init tee core default memory mapping 1397 * 1398 * This routine sets the static default TEE core mapping. If @seed is > 0 1399 * and configured with CFG_CORE_ASLR it will map tee core at a location 1400 * based on the seed and return the offset from the link address. 1401 * 1402 * If an error happened: core_init_mmu_map is expected to panic. 1403 * 1404 * Note: this function is weak just to make it possible to exclude it from 1405 * the unpaged area. 1406 */ 1407 void __weak core_init_mmu_map(unsigned long seed, struct core_mmu_config *cfg) 1408 { 1409 #ifndef CFG_NS_VIRTUALIZATION 1410 vaddr_t start = ROUNDDOWN((vaddr_t)__nozi_start, SMALL_PAGE_SIZE); 1411 #else 1412 vaddr_t start = ROUNDDOWN((vaddr_t)__vcore_nex_rw_start, 1413 SMALL_PAGE_SIZE); 1414 #endif 1415 vaddr_t len = ROUNDUP((vaddr_t)__nozi_end, SMALL_PAGE_SIZE) - start; 1416 struct tee_mmap_region *tmp_mmap = get_tmp_mmap(); 1417 unsigned long offs = 0; 1418 1419 check_sec_nsec_mem_config(); 1420 1421 /* 1422 * Add a entry covering the translation tables which will be 1423 * involved in some virt_to_phys() and phys_to_virt() conversions. 1424 */ 1425 static_memory_map[0] = (struct tee_mmap_region){ 1426 .type = MEM_AREA_TEE_RAM, 1427 .region_size = SMALL_PAGE_SIZE, 1428 .pa = start, 1429 .va = start, 1430 .size = len, 1431 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1432 }; 1433 1434 COMPILE_TIME_ASSERT(CFG_MMAP_REGIONS >= 13); 1435 offs = init_mem_map(tmp_mmap, ARRAY_SIZE(static_memory_map), seed); 1436 1437 check_mem_map(tmp_mmap); 1438 core_init_mmu(tmp_mmap); 1439 dump_xlat_table(0x0, CORE_MMU_BASE_TABLE_LEVEL); 1440 core_init_mmu_regs(cfg); 1441 cfg->map_offset = offs; 1442 memcpy(static_memory_map, tmp_mmap, sizeof(static_memory_map)); 1443 } 1444 1445 bool core_mmu_mattr_is_ok(uint32_t mattr) 1446 { 1447 /* 1448 * Keep in sync with core_mmu_lpae.c:mattr_to_desc and 1449 * core_mmu_v7.c:mattr_to_texcb 1450 */ 1451 1452 switch ((mattr >> TEE_MATTR_MEM_TYPE_SHIFT) & TEE_MATTR_MEM_TYPE_MASK) { 1453 case TEE_MATTR_MEM_TYPE_DEV: 1454 case TEE_MATTR_MEM_TYPE_STRONGLY_O: 1455 case TEE_MATTR_MEM_TYPE_CACHED: 1456 case TEE_MATTR_MEM_TYPE_TAGGED: 1457 return true; 1458 default: 1459 return false; 1460 } 1461 } 1462 1463 /* 1464 * test attributes of target physical buffer 1465 * 1466 * Flags: pbuf_is(SECURE, NOT_SECURE, RAM, IOMEM, KEYVAULT). 1467 * 1468 */ 1469 bool core_pbuf_is(uint32_t attr, paddr_t pbuf, size_t len) 1470 { 1471 paddr_t ta_base = 0; 1472 size_t ta_size = 0; 1473 struct tee_mmap_region *map; 1474 1475 /* Empty buffers complies with anything */ 1476 if (len == 0) 1477 return true; 1478 1479 switch (attr) { 1480 case CORE_MEM_SEC: 1481 return pbuf_is_inside(secure_only, pbuf, len); 1482 case CORE_MEM_NON_SEC: 1483 return pbuf_is_inside(nsec_shared, pbuf, len) || 1484 pbuf_is_nsec_ddr(pbuf, len); 1485 case CORE_MEM_TEE_RAM: 1486 return core_is_buffer_inside(pbuf, len, TEE_RAM_START, 1487 TEE_RAM_PH_SIZE); 1488 case CORE_MEM_TA_RAM: 1489 core_mmu_get_ta_range(&ta_base, &ta_size); 1490 return core_is_buffer_inside(pbuf, len, ta_base, ta_size); 1491 #ifdef CFG_CORE_RESERVED_SHM 1492 case CORE_MEM_NSEC_SHM: 1493 return core_is_buffer_inside(pbuf, len, TEE_SHMEM_START, 1494 TEE_SHMEM_SIZE); 1495 #endif 1496 case CORE_MEM_SDP_MEM: 1497 return pbuf_is_sdp_mem(pbuf, len); 1498 case CORE_MEM_CACHED: 1499 map = find_map_by_pa(pbuf); 1500 if (!map || !pbuf_inside_map_area(pbuf, len, map)) 1501 return false; 1502 return mattr_is_cached(map->attr); 1503 default: 1504 return false; 1505 } 1506 } 1507 1508 /* test attributes of target virtual buffer (in core mapping) */ 1509 bool core_vbuf_is(uint32_t attr, const void *vbuf, size_t len) 1510 { 1511 paddr_t p; 1512 1513 /* Empty buffers complies with anything */ 1514 if (len == 0) 1515 return true; 1516 1517 p = virt_to_phys((void *)vbuf); 1518 if (!p) 1519 return false; 1520 1521 return core_pbuf_is(attr, p, len); 1522 } 1523 1524 /* core_va2pa - teecore exported service */ 1525 static int __maybe_unused core_va2pa_helper(void *va, paddr_t *pa) 1526 { 1527 struct tee_mmap_region *map; 1528 1529 map = find_map_by_va(va); 1530 if (!va_is_in_map(map, (vaddr_t)va)) 1531 return -1; 1532 1533 /* 1534 * We can calculate PA for static map. Virtual address ranges 1535 * reserved to core dynamic mapping return a 'match' (return 0;) 1536 * together with an invalid null physical address. 1537 */ 1538 if (map->pa) 1539 *pa = map->pa + (vaddr_t)va - map->va; 1540 else 1541 *pa = 0; 1542 1543 return 0; 1544 } 1545 1546 static void *map_pa2va(struct tee_mmap_region *map, paddr_t pa, size_t len) 1547 { 1548 if (!pa_is_in_map(map, pa, len)) 1549 return NULL; 1550 1551 return (void *)(vaddr_t)(map->va + pa - map->pa); 1552 } 1553 1554 /* 1555 * teecore gets some memory area definitions 1556 */ 1557 void core_mmu_get_mem_by_type(unsigned int type, vaddr_t *s, vaddr_t *e) 1558 { 1559 struct tee_mmap_region *map = find_map_by_type(type); 1560 1561 if (map) { 1562 *s = map->va; 1563 *e = map->va + map->size; 1564 } else { 1565 *s = 0; 1566 *e = 0; 1567 } 1568 } 1569 1570 enum teecore_memtypes core_mmu_get_type_by_pa(paddr_t pa) 1571 { 1572 struct tee_mmap_region *map = find_map_by_pa(pa); 1573 1574 if (!map) 1575 return MEM_AREA_MAXTYPE; 1576 return map->type; 1577 } 1578 1579 void core_mmu_set_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1580 paddr_t pa, uint32_t attr) 1581 { 1582 assert(idx < tbl_info->num_entries); 1583 core_mmu_set_entry_primitive(tbl_info->table, tbl_info->level, 1584 idx, pa, attr); 1585 } 1586 1587 void core_mmu_get_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1588 paddr_t *pa, uint32_t *attr) 1589 { 1590 assert(idx < tbl_info->num_entries); 1591 core_mmu_get_entry_primitive(tbl_info->table, tbl_info->level, 1592 idx, pa, attr); 1593 } 1594 1595 static void clear_region(struct core_mmu_table_info *tbl_info, 1596 struct tee_mmap_region *region) 1597 { 1598 unsigned int end = 0; 1599 unsigned int idx = 0; 1600 1601 /* va, len and pa should be block aligned */ 1602 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1603 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1604 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1605 1606 idx = core_mmu_va2idx(tbl_info, region->va); 1607 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1608 1609 while (idx < end) { 1610 core_mmu_set_entry(tbl_info, idx, 0, 0); 1611 idx++; 1612 } 1613 } 1614 1615 static void set_region(struct core_mmu_table_info *tbl_info, 1616 struct tee_mmap_region *region) 1617 { 1618 unsigned int end; 1619 unsigned int idx; 1620 paddr_t pa; 1621 1622 /* va, len and pa should be block aligned */ 1623 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1624 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1625 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1626 1627 idx = core_mmu_va2idx(tbl_info, region->va); 1628 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1629 pa = region->pa; 1630 1631 while (idx < end) { 1632 core_mmu_set_entry(tbl_info, idx, pa, region->attr); 1633 idx++; 1634 pa += BIT64(tbl_info->shift); 1635 } 1636 } 1637 1638 static void set_pg_region(struct core_mmu_table_info *dir_info, 1639 struct vm_region *region, struct pgt **pgt, 1640 struct core_mmu_table_info *pg_info) 1641 { 1642 struct tee_mmap_region r = { 1643 .va = region->va, 1644 .size = region->size, 1645 .attr = region->attr, 1646 }; 1647 vaddr_t end = r.va + r.size; 1648 uint32_t pgt_attr = (r.attr & TEE_MATTR_SECURE) | TEE_MATTR_TABLE; 1649 1650 while (r.va < end) { 1651 if (!pg_info->table || 1652 r.va >= (pg_info->va_base + CORE_MMU_PGDIR_SIZE)) { 1653 /* 1654 * We're assigning a new translation table. 1655 */ 1656 unsigned int idx; 1657 1658 /* Virtual addresses must grow */ 1659 assert(r.va > pg_info->va_base); 1660 1661 idx = core_mmu_va2idx(dir_info, r.va); 1662 pg_info->va_base = core_mmu_idx2va(dir_info, idx); 1663 1664 /* 1665 * Advance pgt to va_base, note that we may need to 1666 * skip multiple page tables if there are large 1667 * holes in the vm map. 1668 */ 1669 while ((*pgt)->vabase < pg_info->va_base) { 1670 *pgt = SLIST_NEXT(*pgt, link); 1671 /* We should have allocated enough */ 1672 assert(*pgt); 1673 } 1674 assert((*pgt)->vabase == pg_info->va_base); 1675 pg_info->table = (*pgt)->tbl; 1676 1677 core_mmu_set_entry(dir_info, idx, 1678 virt_to_phys(pg_info->table), 1679 pgt_attr); 1680 } 1681 1682 r.size = MIN(CORE_MMU_PGDIR_SIZE - (r.va - pg_info->va_base), 1683 end - r.va); 1684 1685 if (!(*pgt)->populated && !mobj_is_paged(region->mobj)) { 1686 size_t granule = BIT(pg_info->shift); 1687 size_t offset = r.va - region->va + region->offset; 1688 1689 r.size = MIN(r.size, 1690 mobj_get_phys_granule(region->mobj)); 1691 r.size = ROUNDUP(r.size, SMALL_PAGE_SIZE); 1692 1693 if (mobj_get_pa(region->mobj, offset, granule, 1694 &r.pa) != TEE_SUCCESS) 1695 panic("Failed to get PA of unpaged mobj"); 1696 set_region(pg_info, &r); 1697 } 1698 r.va += r.size; 1699 } 1700 } 1701 1702 static bool can_map_at_level(paddr_t paddr, vaddr_t vaddr, 1703 size_t size_left, paddr_t block_size, 1704 struct tee_mmap_region *mm __maybe_unused) 1705 { 1706 /* VA and PA are aligned to block size at current level */ 1707 if ((vaddr | paddr) & (block_size - 1)) 1708 return false; 1709 1710 /* Remainder fits into block at current level */ 1711 if (size_left < block_size) 1712 return false; 1713 1714 #ifdef CFG_WITH_PAGER 1715 /* 1716 * If pager is enabled, we need to map tee ram 1717 * regions with small pages only 1718 */ 1719 if (map_is_tee_ram(mm) && block_size != SMALL_PAGE_SIZE) 1720 return false; 1721 #endif 1722 1723 return true; 1724 } 1725 1726 void core_mmu_map_region(struct mmu_partition *prtn, struct tee_mmap_region *mm) 1727 { 1728 struct core_mmu_table_info tbl_info; 1729 unsigned int idx; 1730 vaddr_t vaddr = mm->va; 1731 paddr_t paddr = mm->pa; 1732 ssize_t size_left = mm->size; 1733 unsigned int level; 1734 bool table_found; 1735 uint32_t old_attr; 1736 1737 assert(!((vaddr | paddr) & SMALL_PAGE_MASK)); 1738 1739 while (size_left > 0) { 1740 level = CORE_MMU_BASE_TABLE_LEVEL; 1741 1742 while (true) { 1743 paddr_t block_size = 0; 1744 1745 assert(level <= CORE_MMU_PGDIR_LEVEL); 1746 1747 table_found = core_mmu_find_table(prtn, vaddr, level, 1748 &tbl_info); 1749 if (!table_found) 1750 panic("can't find table for mapping"); 1751 1752 block_size = BIT64(tbl_info.shift); 1753 1754 idx = core_mmu_va2idx(&tbl_info, vaddr); 1755 if (!can_map_at_level(paddr, vaddr, size_left, 1756 block_size, mm)) { 1757 bool secure = mm->attr & TEE_MATTR_SECURE; 1758 1759 /* 1760 * This part of the region can't be mapped at 1761 * this level. Need to go deeper. 1762 */ 1763 if (!core_mmu_entry_to_finer_grained(&tbl_info, 1764 idx, 1765 secure)) 1766 panic("Can't divide MMU entry"); 1767 level++; 1768 continue; 1769 } 1770 1771 /* We can map part of the region at current level */ 1772 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1773 if (old_attr) 1774 panic("Page is already mapped"); 1775 1776 core_mmu_set_entry(&tbl_info, idx, paddr, mm->attr); 1777 paddr += block_size; 1778 vaddr += block_size; 1779 size_left -= block_size; 1780 1781 break; 1782 } 1783 } 1784 } 1785 1786 TEE_Result core_mmu_map_pages(vaddr_t vstart, paddr_t *pages, size_t num_pages, 1787 enum teecore_memtypes memtype) 1788 { 1789 TEE_Result ret; 1790 struct core_mmu_table_info tbl_info; 1791 struct tee_mmap_region *mm; 1792 unsigned int idx; 1793 uint32_t old_attr; 1794 uint32_t exceptions; 1795 vaddr_t vaddr = vstart; 1796 size_t i; 1797 bool secure; 1798 1799 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1800 1801 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1802 1803 if (vaddr & SMALL_PAGE_MASK) 1804 return TEE_ERROR_BAD_PARAMETERS; 1805 1806 exceptions = mmu_lock(); 1807 1808 mm = find_map_by_va((void *)vaddr); 1809 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1810 panic("VA does not belong to any known mm region"); 1811 1812 if (!core_mmu_is_dynamic_vaspace(mm)) 1813 panic("Trying to map into static region"); 1814 1815 for (i = 0; i < num_pages; i++) { 1816 if (pages[i] & SMALL_PAGE_MASK) { 1817 ret = TEE_ERROR_BAD_PARAMETERS; 1818 goto err; 1819 } 1820 1821 while (true) { 1822 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1823 &tbl_info)) 1824 panic("Can't find pagetable for vaddr "); 1825 1826 idx = core_mmu_va2idx(&tbl_info, vaddr); 1827 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1828 break; 1829 1830 /* This is supertable. Need to divide it. */ 1831 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1832 secure)) 1833 panic("Failed to spread pgdir on small tables"); 1834 } 1835 1836 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1837 if (old_attr) 1838 panic("Page is already mapped"); 1839 1840 core_mmu_set_entry(&tbl_info, idx, pages[i], 1841 core_mmu_type_to_attr(memtype)); 1842 vaddr += SMALL_PAGE_SIZE; 1843 } 1844 1845 /* 1846 * Make sure all the changes to translation tables are visible 1847 * before returning. TLB doesn't need to be invalidated as we are 1848 * guaranteed that there's no valid mapping in this range. 1849 */ 1850 core_mmu_table_write_barrier(); 1851 mmu_unlock(exceptions); 1852 1853 return TEE_SUCCESS; 1854 err: 1855 mmu_unlock(exceptions); 1856 1857 if (i) 1858 core_mmu_unmap_pages(vstart, i); 1859 1860 return ret; 1861 } 1862 1863 TEE_Result core_mmu_map_contiguous_pages(vaddr_t vstart, paddr_t pstart, 1864 size_t num_pages, 1865 enum teecore_memtypes memtype) 1866 { 1867 struct core_mmu_table_info tbl_info = { }; 1868 struct tee_mmap_region *mm = NULL; 1869 unsigned int idx = 0; 1870 uint32_t old_attr = 0; 1871 uint32_t exceptions = 0; 1872 vaddr_t vaddr = vstart; 1873 paddr_t paddr = pstart; 1874 size_t i = 0; 1875 bool secure = false; 1876 1877 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1878 1879 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1880 1881 if ((vaddr | paddr) & SMALL_PAGE_MASK) 1882 return TEE_ERROR_BAD_PARAMETERS; 1883 1884 exceptions = mmu_lock(); 1885 1886 mm = find_map_by_va((void *)vaddr); 1887 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1888 panic("VA does not belong to any known mm region"); 1889 1890 if (!core_mmu_is_dynamic_vaspace(mm)) 1891 panic("Trying to map into static region"); 1892 1893 for (i = 0; i < num_pages; i++) { 1894 while (true) { 1895 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1896 &tbl_info)) 1897 panic("Can't find pagetable for vaddr "); 1898 1899 idx = core_mmu_va2idx(&tbl_info, vaddr); 1900 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1901 break; 1902 1903 /* This is supertable. Need to divide it. */ 1904 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1905 secure)) 1906 panic("Failed to spread pgdir on small tables"); 1907 } 1908 1909 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1910 if (old_attr) 1911 panic("Page is already mapped"); 1912 1913 core_mmu_set_entry(&tbl_info, idx, paddr, 1914 core_mmu_type_to_attr(memtype)); 1915 paddr += SMALL_PAGE_SIZE; 1916 vaddr += SMALL_PAGE_SIZE; 1917 } 1918 1919 /* 1920 * Make sure all the changes to translation tables are visible 1921 * before returning. TLB doesn't need to be invalidated as we are 1922 * guaranteed that there's no valid mapping in this range. 1923 */ 1924 core_mmu_table_write_barrier(); 1925 mmu_unlock(exceptions); 1926 1927 return TEE_SUCCESS; 1928 } 1929 1930 void core_mmu_unmap_pages(vaddr_t vstart, size_t num_pages) 1931 { 1932 struct core_mmu_table_info tbl_info; 1933 struct tee_mmap_region *mm; 1934 size_t i; 1935 unsigned int idx; 1936 uint32_t exceptions; 1937 1938 exceptions = mmu_lock(); 1939 1940 mm = find_map_by_va((void *)vstart); 1941 if (!mm || !va_is_in_map(mm, vstart + num_pages * SMALL_PAGE_SIZE - 1)) 1942 panic("VA does not belong to any known mm region"); 1943 1944 if (!core_mmu_is_dynamic_vaspace(mm)) 1945 panic("Trying to unmap static region"); 1946 1947 for (i = 0; i < num_pages; i++, vstart += SMALL_PAGE_SIZE) { 1948 if (!core_mmu_find_table(NULL, vstart, UINT_MAX, &tbl_info)) 1949 panic("Can't find pagetable"); 1950 1951 if (tbl_info.shift != SMALL_PAGE_SHIFT) 1952 panic("Invalid pagetable level"); 1953 1954 idx = core_mmu_va2idx(&tbl_info, vstart); 1955 core_mmu_set_entry(&tbl_info, idx, 0, 0); 1956 } 1957 tlbi_all(); 1958 1959 mmu_unlock(exceptions); 1960 } 1961 1962 void core_mmu_populate_user_map(struct core_mmu_table_info *dir_info, 1963 struct user_mode_ctx *uctx) 1964 { 1965 struct core_mmu_table_info pg_info = { }; 1966 struct pgt_cache *pgt_cache = &uctx->pgt_cache; 1967 struct pgt *pgt = NULL; 1968 struct pgt *p = NULL; 1969 struct vm_region *r = NULL; 1970 1971 if (TAILQ_EMPTY(&uctx->vm_info.regions)) 1972 return; /* Nothing to map */ 1973 1974 /* 1975 * Allocate all page tables in advance. 1976 */ 1977 pgt_get_all(uctx); 1978 pgt = SLIST_FIRST(pgt_cache); 1979 1980 core_mmu_set_info_table(&pg_info, dir_info->level + 1, 0, NULL); 1981 1982 TAILQ_FOREACH(r, &uctx->vm_info.regions, link) 1983 set_pg_region(dir_info, r, &pgt, &pg_info); 1984 /* Record that the translation tables now are populated. */ 1985 SLIST_FOREACH(p, pgt_cache, link) { 1986 p->populated = true; 1987 if (p == pgt) 1988 break; 1989 } 1990 assert(p == pgt); 1991 } 1992 1993 TEE_Result core_mmu_remove_mapping(enum teecore_memtypes type, void *addr, 1994 size_t len) 1995 { 1996 struct core_mmu_table_info tbl_info = { }; 1997 struct tee_mmap_region *res_map = NULL; 1998 struct tee_mmap_region *map = NULL; 1999 paddr_t pa = virt_to_phys(addr); 2000 size_t granule = 0; 2001 ptrdiff_t i = 0; 2002 paddr_t p = 0; 2003 size_t l = 0; 2004 2005 map = find_map_by_type_and_pa(type, pa, len); 2006 if (!map) 2007 return TEE_ERROR_GENERIC; 2008 2009 res_map = find_map_by_type(MEM_AREA_RES_VASPACE); 2010 if (!res_map) 2011 return TEE_ERROR_GENERIC; 2012 if (!core_mmu_find_table(NULL, res_map->va, UINT_MAX, &tbl_info)) 2013 return TEE_ERROR_GENERIC; 2014 granule = BIT(tbl_info.shift); 2015 2016 if (map < static_memory_map || 2017 map >= static_memory_map + ARRAY_SIZE(static_memory_map)) 2018 return TEE_ERROR_GENERIC; 2019 i = map - static_memory_map; 2020 2021 /* Check that we have a full match */ 2022 p = ROUNDDOWN(pa, granule); 2023 l = ROUNDUP(len + pa - p, granule); 2024 if (map->pa != p || map->size != l) 2025 return TEE_ERROR_GENERIC; 2026 2027 clear_region(&tbl_info, map); 2028 tlbi_all(); 2029 2030 /* If possible remove the va range from res_map */ 2031 if (res_map->va - map->size == map->va) { 2032 res_map->va -= map->size; 2033 res_map->size += map->size; 2034 } 2035 2036 /* Remove the entry. */ 2037 memmove(map, map + 1, 2038 (ARRAY_SIZE(static_memory_map) - i - 1) * sizeof(*map)); 2039 2040 /* Clear the last new entry in case it was used */ 2041 memset(static_memory_map + ARRAY_SIZE(static_memory_map) - 1, 2042 0, sizeof(*map)); 2043 2044 return TEE_SUCCESS; 2045 } 2046 2047 struct tee_mmap_region * 2048 core_mmu_find_mapping_exclusive(enum teecore_memtypes type, size_t len) 2049 { 2050 struct tee_mmap_region *map = NULL; 2051 struct tee_mmap_region *map_found = NULL; 2052 2053 if (!len) 2054 return NULL; 2055 2056 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 2057 if (map->type != type) 2058 continue; 2059 2060 if (map_found) 2061 return NULL; 2062 2063 map_found = map; 2064 } 2065 2066 if (!map_found || map_found->size < len) 2067 return NULL; 2068 2069 return map_found; 2070 } 2071 2072 void *core_mmu_add_mapping(enum teecore_memtypes type, paddr_t addr, size_t len) 2073 { 2074 struct core_mmu_table_info tbl_info; 2075 struct tee_mmap_region *map; 2076 size_t n; 2077 size_t granule; 2078 paddr_t p; 2079 size_t l; 2080 2081 if (!len) 2082 return NULL; 2083 2084 if (!core_mmu_check_end_pa(addr, len)) 2085 return NULL; 2086 2087 /* Check if the memory is already mapped */ 2088 map = find_map_by_type_and_pa(type, addr, len); 2089 if (map && pbuf_inside_map_area(addr, len, map)) 2090 return (void *)(vaddr_t)(map->va + addr - map->pa); 2091 2092 /* Find the reserved va space used for late mappings */ 2093 map = find_map_by_type(MEM_AREA_RES_VASPACE); 2094 if (!map) 2095 return NULL; 2096 2097 if (!core_mmu_find_table(NULL, map->va, UINT_MAX, &tbl_info)) 2098 return NULL; 2099 2100 granule = BIT64(tbl_info.shift); 2101 p = ROUNDDOWN(addr, granule); 2102 l = ROUNDUP(len + addr - p, granule); 2103 2104 /* Ban overflowing virtual addresses */ 2105 if (map->size < l) 2106 return NULL; 2107 2108 /* 2109 * Something is wrong, we can't fit the va range into the selected 2110 * table. The reserved va range is possibly missaligned with 2111 * granule. 2112 */ 2113 if (core_mmu_va2idx(&tbl_info, map->va + len) >= tbl_info.num_entries) 2114 return NULL; 2115 2116 /* Find end of the memory map */ 2117 n = 0; 2118 while (!core_mmap_is_end_of_table(static_memory_map + n)) 2119 n++; 2120 2121 if (n < (ARRAY_SIZE(static_memory_map) - 1)) { 2122 /* There's room for another entry */ 2123 static_memory_map[n].va = map->va; 2124 static_memory_map[n].size = l; 2125 static_memory_map[n + 1].type = MEM_AREA_END; 2126 map->va += l; 2127 map->size -= l; 2128 map = static_memory_map + n; 2129 } else { 2130 /* 2131 * There isn't room for another entry, steal the reserved 2132 * entry as it's not useful for anything else any longer. 2133 */ 2134 map->size = l; 2135 } 2136 map->type = type; 2137 map->region_size = granule; 2138 map->attr = core_mmu_type_to_attr(type); 2139 map->pa = p; 2140 2141 set_region(&tbl_info, map); 2142 2143 /* Make sure the new entry is visible before continuing. */ 2144 core_mmu_table_write_barrier(); 2145 2146 return (void *)(vaddr_t)(map->va + addr - map->pa); 2147 } 2148 2149 #ifdef CFG_WITH_PAGER 2150 static vaddr_t get_linear_map_end_va(void) 2151 { 2152 /* this is synced with the generic linker file kern.ld.S */ 2153 return (vaddr_t)__heap2_end; 2154 } 2155 2156 static paddr_t get_linear_map_end_pa(void) 2157 { 2158 return get_linear_map_end_va() - boot_mmu_config.map_offset; 2159 } 2160 #endif 2161 2162 #if defined(CFG_TEE_CORE_DEBUG) 2163 static void check_pa_matches_va(void *va, paddr_t pa) 2164 { 2165 TEE_Result res = TEE_ERROR_GENERIC; 2166 vaddr_t v = (vaddr_t)va; 2167 paddr_t p = 0; 2168 struct core_mmu_table_info ti __maybe_unused = { }; 2169 2170 if (core_mmu_user_va_range_is_defined()) { 2171 vaddr_t user_va_base = 0; 2172 size_t user_va_size = 0; 2173 2174 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 2175 if (v >= user_va_base && 2176 v <= (user_va_base - 1 + user_va_size)) { 2177 if (!core_mmu_user_mapping_is_active()) { 2178 if (pa) 2179 panic("issue in linear address space"); 2180 return; 2181 } 2182 2183 res = vm_va2pa(to_user_mode_ctx(thread_get_tsd()->ctx), 2184 va, &p); 2185 if (res == TEE_ERROR_NOT_SUPPORTED) 2186 return; 2187 if (res == TEE_SUCCESS && pa != p) 2188 panic("bad pa"); 2189 if (res != TEE_SUCCESS && pa) 2190 panic("false pa"); 2191 return; 2192 } 2193 } 2194 #ifdef CFG_WITH_PAGER 2195 if (is_unpaged(va)) { 2196 if (v - boot_mmu_config.map_offset != pa) 2197 panic("issue in linear address space"); 2198 return; 2199 } 2200 2201 if (tee_pager_get_table_info(v, &ti)) { 2202 uint32_t a; 2203 2204 /* 2205 * Lookups in the page table managed by the pager is 2206 * dangerous for addresses in the paged area as those pages 2207 * changes all the time. But some ranges are safe, 2208 * rw-locked areas when the page is populated for instance. 2209 */ 2210 core_mmu_get_entry(&ti, core_mmu_va2idx(&ti, v), &p, &a); 2211 if (a & TEE_MATTR_VALID_BLOCK) { 2212 paddr_t mask = BIT64(ti.shift) - 1; 2213 2214 p |= v & mask; 2215 if (pa != p) 2216 panic(); 2217 } else { 2218 if (pa) 2219 panic(); 2220 } 2221 return; 2222 } 2223 #endif 2224 2225 if (!core_va2pa_helper(va, &p)) { 2226 /* Verfiy only the static mapping (case non null phys addr) */ 2227 if (p && pa != p) { 2228 DMSG("va %p maps 0x%" PRIxPA ", expect 0x%" PRIxPA, 2229 va, p, pa); 2230 panic(); 2231 } 2232 } else { 2233 if (pa) { 2234 DMSG("va %p unmapped, expect 0x%" PRIxPA, va, pa); 2235 panic(); 2236 } 2237 } 2238 } 2239 #else 2240 static void check_pa_matches_va(void *va __unused, paddr_t pa __unused) 2241 { 2242 } 2243 #endif 2244 2245 paddr_t virt_to_phys(void *va) 2246 { 2247 paddr_t pa = 0; 2248 2249 if (!arch_va2pa_helper(va, &pa)) 2250 pa = 0; 2251 check_pa_matches_va(va, pa); 2252 return pa; 2253 } 2254 2255 #if defined(CFG_TEE_CORE_DEBUG) 2256 static void check_va_matches_pa(paddr_t pa, void *va) 2257 { 2258 paddr_t p = 0; 2259 2260 if (!va) 2261 return; 2262 2263 p = virt_to_phys(va); 2264 if (p != pa) { 2265 DMSG("va %p maps 0x%" PRIxPA " expect 0x%" PRIxPA, va, p, pa); 2266 panic(); 2267 } 2268 } 2269 #else 2270 static void check_va_matches_pa(paddr_t pa __unused, void *va __unused) 2271 { 2272 } 2273 #endif 2274 2275 static void *phys_to_virt_ts_vaspace(paddr_t pa, size_t len) 2276 { 2277 if (!core_mmu_user_mapping_is_active()) 2278 return NULL; 2279 2280 return vm_pa2va(to_user_mode_ctx(thread_get_tsd()->ctx), pa, len); 2281 } 2282 2283 #ifdef CFG_WITH_PAGER 2284 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2285 { 2286 paddr_t end_pa = 0; 2287 2288 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 2289 return NULL; 2290 2291 if (pa >= TEE_LOAD_ADDR && pa < get_linear_map_end_pa()) { 2292 if (end_pa > get_linear_map_end_pa()) 2293 return NULL; 2294 return (void *)(vaddr_t)(pa + boot_mmu_config.map_offset); 2295 } 2296 2297 return tee_pager_phys_to_virt(pa, len); 2298 } 2299 #else 2300 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2301 { 2302 struct tee_mmap_region *mmap = NULL; 2303 2304 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM, pa, len); 2305 if (!mmap) 2306 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RW, pa, len); 2307 if (!mmap) 2308 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RO, pa, len); 2309 if (!mmap) 2310 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RW, pa, len); 2311 if (!mmap) 2312 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RO, pa, len); 2313 if (!mmap) 2314 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RX, pa, len); 2315 /* 2316 * Note that MEM_AREA_INIT_RAM_RO and MEM_AREA_INIT_RAM_RX are only 2317 * used with pager and not needed here. 2318 */ 2319 return map_pa2va(mmap, pa, len); 2320 } 2321 #endif 2322 2323 void *phys_to_virt(paddr_t pa, enum teecore_memtypes m, size_t len) 2324 { 2325 void *va = NULL; 2326 2327 switch (m) { 2328 case MEM_AREA_TS_VASPACE: 2329 va = phys_to_virt_ts_vaspace(pa, len); 2330 break; 2331 case MEM_AREA_TEE_RAM: 2332 case MEM_AREA_TEE_RAM_RX: 2333 case MEM_AREA_TEE_RAM_RO: 2334 case MEM_AREA_TEE_RAM_RW: 2335 case MEM_AREA_NEX_RAM_RO: 2336 case MEM_AREA_NEX_RAM_RW: 2337 va = phys_to_virt_tee_ram(pa, len); 2338 break; 2339 case MEM_AREA_SHM_VASPACE: 2340 /* Find VA from PA in dynamic SHM is not yet supported */ 2341 va = NULL; 2342 break; 2343 default: 2344 va = map_pa2va(find_map_by_type_and_pa(m, pa, len), pa, len); 2345 } 2346 if (m != MEM_AREA_SEC_RAM_OVERALL) 2347 check_va_matches_pa(pa, va); 2348 return va; 2349 } 2350 2351 void *phys_to_virt_io(paddr_t pa, size_t len) 2352 { 2353 struct tee_mmap_region *map = NULL; 2354 void *va = NULL; 2355 2356 map = find_map_by_type_and_pa(MEM_AREA_IO_SEC, pa, len); 2357 if (!map) 2358 map = find_map_by_type_and_pa(MEM_AREA_IO_NSEC, pa, len); 2359 if (!map) 2360 return NULL; 2361 va = map_pa2va(map, pa, len); 2362 check_va_matches_pa(pa, va); 2363 return va; 2364 } 2365 2366 vaddr_t core_mmu_get_va(paddr_t pa, enum teecore_memtypes type, size_t len) 2367 { 2368 if (cpu_mmu_enabled()) 2369 return (vaddr_t)phys_to_virt(pa, type, len); 2370 2371 return (vaddr_t)pa; 2372 } 2373 2374 #ifdef CFG_WITH_PAGER 2375 bool is_unpaged(void *va) 2376 { 2377 vaddr_t v = (vaddr_t)va; 2378 2379 return v >= VCORE_START_VA && v < get_linear_map_end_va(); 2380 } 2381 #else 2382 bool is_unpaged(void *va __unused) 2383 { 2384 return true; 2385 } 2386 #endif 2387 2388 void core_mmu_init_virtualization(void) 2389 { 2390 paddr_t b1 = 0; 2391 paddr_size_t s1 = 0; 2392 2393 static_assert(ARRAY_SIZE(secure_only) <= 2); 2394 if (ARRAY_SIZE(secure_only) == 2) { 2395 b1 = secure_only[1].paddr; 2396 s1 = secure_only[1].size; 2397 } 2398 virt_init_memory(static_memory_map, secure_only[0].paddr, 2399 secure_only[0].size, b1, s1); 2400 } 2401 2402 vaddr_t io_pa_or_va(struct io_pa_va *p, size_t len) 2403 { 2404 assert(p->pa); 2405 if (cpu_mmu_enabled()) { 2406 if (!p->va) 2407 p->va = (vaddr_t)phys_to_virt_io(p->pa, len); 2408 assert(p->va); 2409 return p->va; 2410 } 2411 return p->pa; 2412 } 2413 2414 vaddr_t io_pa_or_va_secure(struct io_pa_va *p, size_t len) 2415 { 2416 assert(p->pa); 2417 if (cpu_mmu_enabled()) { 2418 if (!p->va) 2419 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_SEC, 2420 len); 2421 assert(p->va); 2422 return p->va; 2423 } 2424 return p->pa; 2425 } 2426 2427 vaddr_t io_pa_or_va_nsec(struct io_pa_va *p, size_t len) 2428 { 2429 assert(p->pa); 2430 if (cpu_mmu_enabled()) { 2431 if (!p->va) 2432 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_NSEC, 2433 len); 2434 assert(p->va); 2435 return p->va; 2436 } 2437 return p->pa; 2438 } 2439 2440 #ifdef CFG_CORE_RESERVED_SHM 2441 static TEE_Result teecore_init_pub_ram(void) 2442 { 2443 vaddr_t s = 0; 2444 vaddr_t e = 0; 2445 2446 /* get virtual addr/size of NSec shared mem allocated from teecore */ 2447 core_mmu_get_mem_by_type(MEM_AREA_NSEC_SHM, &s, &e); 2448 2449 if (s >= e || s & SMALL_PAGE_MASK || e & SMALL_PAGE_MASK) 2450 panic("invalid PUB RAM"); 2451 2452 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2453 if (!tee_vbuf_is_non_sec(s, e - s)) 2454 panic("PUB RAM is not non-secure"); 2455 2456 #ifdef CFG_PL310 2457 /* Allocate statically the l2cc mutex */ 2458 tee_l2cc_store_mutex_boot_pa(virt_to_phys((void *)s)); 2459 s += sizeof(uint32_t); /* size of a pl310 mutex */ 2460 s = ROUNDUP(s, SMALL_PAGE_SIZE); /* keep required alignment */ 2461 #endif 2462 2463 default_nsec_shm_paddr = virt_to_phys((void *)s); 2464 default_nsec_shm_size = e - s; 2465 2466 return TEE_SUCCESS; 2467 } 2468 early_init(teecore_init_pub_ram); 2469 #endif /*CFG_CORE_RESERVED_SHM*/ 2470 2471 void core_mmu_init_ta_ram(void) 2472 { 2473 vaddr_t s = 0; 2474 vaddr_t e = 0; 2475 paddr_t ps = 0; 2476 size_t size = 0; 2477 2478 /* 2479 * Get virtual addr/size of RAM where TA are loaded/executedNSec 2480 * shared mem allocated from teecore. 2481 */ 2482 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) 2483 virt_get_ta_ram(&s, &e); 2484 else 2485 core_mmu_get_mem_by_type(MEM_AREA_TA_RAM, &s, &e); 2486 2487 ps = virt_to_phys((void *)s); 2488 size = e - s; 2489 2490 if (!ps || (ps & CORE_MMU_USER_CODE_MASK) || 2491 !size || (size & CORE_MMU_USER_CODE_MASK)) 2492 panic("invalid TA RAM"); 2493 2494 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2495 if (!tee_pbuf_is_sec(ps, size)) 2496 panic("TA RAM is not secure"); 2497 2498 if (!tee_mm_is_empty(&tee_mm_sec_ddr)) 2499 panic("TA RAM pool is not empty"); 2500 2501 /* remove previous config and init TA ddr memory pool */ 2502 tee_mm_final(&tee_mm_sec_ddr); 2503 tee_mm_init(&tee_mm_sec_ddr, ps, size, CORE_MMU_USER_CODE_SHIFT, 2504 TEE_MM_POOL_NO_FLAGS); 2505 } 2506