1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2016-2025 Linaro Limited 4 * Copyright (c) 2014, STMicroelectronics International N.V. 5 * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. 6 */ 7 8 #include <assert.h> 9 #include <config.h> 10 #include <kernel/boot.h> 11 #include <kernel/dt.h> 12 #include <kernel/linker.h> 13 #include <kernel/panic.h> 14 #include <kernel/spinlock.h> 15 #include <kernel/tee_l2cc_mutex.h> 16 #include <kernel/tee_misc.h> 17 #include <kernel/tlb_helpers.h> 18 #include <kernel/user_mode_ctx.h> 19 #include <kernel/virtualization.h> 20 #include <libfdt.h> 21 #include <memtag.h> 22 #include <mm/core_memprot.h> 23 #include <mm/core_mmu.h> 24 #include <mm/mobj.h> 25 #include <mm/pgt_cache.h> 26 #include <mm/phys_mem.h> 27 #include <mm/tee_pager.h> 28 #include <mm/vm.h> 29 #include <platform_config.h> 30 #include <stdalign.h> 31 #include <string.h> 32 #include <trace.h> 33 #include <util.h> 34 35 #ifndef DEBUG_XLAT_TABLE 36 #define DEBUG_XLAT_TABLE 0 37 #endif 38 39 #define SHM_VASPACE_SIZE (1024 * 1024 * 32) 40 41 /* Virtual memory pool for core mappings */ 42 tee_mm_pool_t core_virt_mem_pool; 43 44 /* Virtual memory pool for shared memory mappings */ 45 tee_mm_pool_t core_virt_shm_pool; 46 47 #ifdef CFG_CORE_PHYS_RELOCATABLE 48 unsigned long core_mmu_tee_load_pa __nex_bss; 49 #else 50 const unsigned long core_mmu_tee_load_pa = TEE_LOAD_ADDR; 51 #endif 52 53 /* 54 * These variables are initialized before .bss is cleared. To avoid 55 * resetting them when .bss is cleared we're storing them in .data instead, 56 * even if they initially are zero. 57 */ 58 59 #ifdef CFG_CORE_RESERVED_SHM 60 /* Default NSec shared memory allocated from NSec world */ 61 unsigned long default_nsec_shm_size __nex_bss; 62 unsigned long default_nsec_shm_paddr __nex_bss; 63 #endif 64 65 #ifdef CFG_BOOT_MEM 66 static struct memory_map static_memory_map __nex_bss; 67 #else 68 static struct tee_mmap_region static_mmap_regions[CFG_MMAP_REGIONS 69 #if defined(CFG_CORE_ASLR) || defined(CFG_CORE_PHYS_RELOCATABLE) 70 + 1 71 #endif 72 + 4] __nex_bss; 73 static struct memory_map static_memory_map __nex_data = { 74 .map = static_mmap_regions, 75 .alloc_count = ARRAY_SIZE(static_mmap_regions), 76 }; 77 #endif 78 void (*memory_map_realloc_func)(struct memory_map *mem_map) __nex_bss; 79 80 /* Offset of the first TEE RAM mapping from start of secure RAM */ 81 static size_t tee_ram_initial_offs __nex_bss; 82 83 /* Define the platform's memory layout. */ 84 struct memaccess_area { 85 paddr_t paddr; 86 size_t size; 87 }; 88 89 #define MEMACCESS_AREA(a, s) { .paddr = a, .size = s } 90 91 static struct memaccess_area secure_only[] __nex_data = { 92 #ifdef CFG_CORE_PHYS_RELOCATABLE 93 MEMACCESS_AREA(0, 0), 94 #else 95 #ifdef TRUSTED_SRAM_BASE 96 MEMACCESS_AREA(TRUSTED_SRAM_BASE, TRUSTED_SRAM_SIZE), 97 #endif 98 MEMACCESS_AREA(TRUSTED_DRAM_BASE, TRUSTED_DRAM_SIZE), 99 #endif 100 }; 101 102 static struct memaccess_area nsec_shared[] __nex_data = { 103 #ifdef CFG_CORE_RESERVED_SHM 104 MEMACCESS_AREA(TEE_SHMEM_START, TEE_SHMEM_SIZE), 105 #endif 106 }; 107 108 #if defined(CFG_SECURE_DATA_PATH) 109 static const char *tz_sdp_match = "linaro,secure-heap"; 110 static struct memaccess_area sec_sdp; 111 #ifdef CFG_TEE_SDP_MEM_BASE 112 register_sdp_mem(CFG_TEE_SDP_MEM_BASE, CFG_TEE_SDP_MEM_SIZE); 113 #endif 114 #ifdef TEE_SDP_TEST_MEM_BASE 115 register_sdp_mem(TEE_SDP_TEST_MEM_BASE, TEE_SDP_TEST_MEM_SIZE); 116 #endif 117 #endif 118 119 #ifdef CFG_CORE_RESERVED_SHM 120 register_phys_mem(MEM_AREA_NSEC_SHM, TEE_SHMEM_START, TEE_SHMEM_SIZE); 121 #endif 122 static unsigned int mmu_spinlock; 123 124 static uint32_t mmu_lock(void) 125 { 126 return cpu_spin_lock_xsave(&mmu_spinlock); 127 } 128 129 static void mmu_unlock(uint32_t exceptions) 130 { 131 cpu_spin_unlock_xrestore(&mmu_spinlock, exceptions); 132 } 133 134 static void heap_realloc_memory_map(struct memory_map *mem_map) 135 { 136 struct tee_mmap_region *m = NULL; 137 struct tee_mmap_region *old = mem_map->map; 138 size_t old_sz = sizeof(*old) * mem_map->alloc_count; 139 size_t sz = old_sz + sizeof(*m); 140 141 assert(nex_malloc_buffer_is_within_alloced(old, old_sz)); 142 m = nex_realloc(old, sz); 143 if (!m) 144 panic(); 145 mem_map->map = m; 146 mem_map->alloc_count++; 147 } 148 149 static void boot_mem_realloc_memory_map(struct memory_map *mem_map) 150 { 151 struct tee_mmap_region *m = NULL; 152 struct tee_mmap_region *old = mem_map->map; 153 size_t old_sz = sizeof(*old) * mem_map->alloc_count; 154 size_t sz = old_sz * 2; 155 156 m = boot_mem_alloc_tmp(sz, alignof(*m)); 157 memcpy(m, old, old_sz); 158 mem_map->map = m; 159 mem_map->alloc_count *= 2; 160 } 161 162 static void grow_mem_map(struct memory_map *mem_map) 163 { 164 if (mem_map->count == mem_map->alloc_count) { 165 if (!memory_map_realloc_func) { 166 EMSG("Out of entries (%zu) in mem_map", 167 mem_map->alloc_count); 168 panic(); 169 } 170 memory_map_realloc_func(mem_map); 171 } 172 mem_map->count++; 173 } 174 175 void core_mmu_get_secure_memory(paddr_t *base, paddr_size_t *size) 176 { 177 /* 178 * The first range is always used to cover OP-TEE core memory, but 179 * depending on configuration it may cover more than that. 180 */ 181 *base = secure_only[0].paddr; 182 *size = secure_only[0].size; 183 } 184 185 void core_mmu_set_secure_memory(paddr_t base, size_t size) 186 { 187 #ifdef CFG_CORE_PHYS_RELOCATABLE 188 static_assert(ARRAY_SIZE(secure_only) == 1); 189 #endif 190 runtime_assert(IS_ENABLED(CFG_CORE_PHYS_RELOCATABLE)); 191 assert(!secure_only[0].size); 192 assert(base && size); 193 194 DMSG("Physical secure memory base %#"PRIxPA" size %#zx", base, size); 195 secure_only[0].paddr = base; 196 secure_only[0].size = size; 197 } 198 199 static struct memory_map *get_memory_map(void) 200 { 201 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 202 struct memory_map *map = virt_get_memory_map(); 203 204 if (map) 205 return map; 206 } 207 208 return &static_memory_map; 209 } 210 211 static bool _pbuf_intersects(struct memaccess_area *a, size_t alen, 212 paddr_t pa, size_t size) 213 { 214 size_t n; 215 216 for (n = 0; n < alen; n++) 217 if (core_is_buffer_intersect(pa, size, a[n].paddr, a[n].size)) 218 return true; 219 return false; 220 } 221 222 #define pbuf_intersects(a, pa, size) \ 223 _pbuf_intersects((a), ARRAY_SIZE(a), (pa), (size)) 224 225 static bool _pbuf_is_inside(struct memaccess_area *a, size_t alen, 226 paddr_t pa, size_t size) 227 { 228 size_t n; 229 230 for (n = 0; n < alen; n++) 231 if (core_is_buffer_inside(pa, size, a[n].paddr, a[n].size)) 232 return true; 233 return false; 234 } 235 236 #define pbuf_is_inside(a, pa, size) \ 237 _pbuf_is_inside((a), ARRAY_SIZE(a), (pa), (size)) 238 239 static bool pa_is_in_map(struct tee_mmap_region *map, paddr_t pa, size_t len) 240 { 241 paddr_t end_pa = 0; 242 243 if (!map) 244 return false; 245 246 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 247 return false; 248 249 return (pa >= map->pa && end_pa <= map->pa + map->size - 1); 250 } 251 252 static bool va_is_in_map(struct tee_mmap_region *map, vaddr_t va) 253 { 254 if (!map) 255 return false; 256 return (va >= map->va && va <= (map->va + map->size - 1)); 257 } 258 259 /* check if target buffer fits in a core default map area */ 260 static bool pbuf_inside_map_area(unsigned long p, size_t l, 261 struct tee_mmap_region *map) 262 { 263 return core_is_buffer_inside(p, l, map->pa, map->size); 264 } 265 266 TEE_Result core_mmu_for_each_map(void *ptr, 267 TEE_Result (*fn)(struct tee_mmap_region *map, 268 void *ptr)) 269 { 270 struct memory_map *mem_map = get_memory_map(); 271 TEE_Result res = TEE_SUCCESS; 272 size_t n = 0; 273 274 for (n = 0; n < mem_map->count; n++) { 275 res = fn(mem_map->map + n, ptr); 276 if (res) 277 return res; 278 } 279 280 return TEE_SUCCESS; 281 } 282 283 static struct tee_mmap_region *find_map_by_type(enum teecore_memtypes type) 284 { 285 struct memory_map *mem_map = get_memory_map(); 286 size_t n = 0; 287 288 for (n = 0; n < mem_map->count; n++) { 289 if (mem_map->map[n].type == type) 290 return mem_map->map + n; 291 } 292 return NULL; 293 } 294 295 static struct tee_mmap_region * 296 find_map_by_type_and_pa(enum teecore_memtypes type, paddr_t pa, size_t len) 297 { 298 struct memory_map *mem_map = get_memory_map(); 299 size_t n = 0; 300 301 for (n = 0; n < mem_map->count; n++) { 302 if (mem_map->map[n].type != type) 303 continue; 304 if (pa_is_in_map(mem_map->map + n, pa, len)) 305 return mem_map->map + n; 306 } 307 return NULL; 308 } 309 310 static struct tee_mmap_region *find_map_by_va(void *va) 311 { 312 struct memory_map *mem_map = get_memory_map(); 313 vaddr_t a = (vaddr_t)va; 314 size_t n = 0; 315 316 for (n = 0; n < mem_map->count; n++) { 317 if (a >= mem_map->map[n].va && 318 a <= (mem_map->map[n].va - 1 + mem_map->map[n].size)) 319 return mem_map->map + n; 320 } 321 322 return NULL; 323 } 324 325 static struct tee_mmap_region *find_map_by_pa(unsigned long pa) 326 { 327 struct memory_map *mem_map = get_memory_map(); 328 size_t n = 0; 329 330 for (n = 0; n < mem_map->count; n++) { 331 /* Skip unmapped regions */ 332 if ((mem_map->map[n].attr & TEE_MATTR_VALID_BLOCK) && 333 pa >= mem_map->map[n].pa && 334 pa <= (mem_map->map[n].pa - 1 + mem_map->map[n].size)) 335 return mem_map->map + n; 336 } 337 338 return NULL; 339 } 340 341 #if defined(CFG_SECURE_DATA_PATH) 342 static bool dtb_get_sdp_region(void) 343 { 344 void *fdt = NULL; 345 int node = 0; 346 int tmp_node = 0; 347 paddr_t tmp_addr = 0; 348 size_t tmp_size = 0; 349 350 if (!IS_ENABLED(CFG_EMBED_DTB)) 351 return false; 352 353 fdt = get_embedded_dt(); 354 if (!fdt) 355 panic("No DTB found"); 356 357 node = fdt_node_offset_by_compatible(fdt, -1, tz_sdp_match); 358 if (node < 0) { 359 DMSG("No %s compatible node found", tz_sdp_match); 360 return false; 361 } 362 tmp_node = node; 363 while (tmp_node >= 0) { 364 tmp_node = fdt_node_offset_by_compatible(fdt, tmp_node, 365 tz_sdp_match); 366 if (tmp_node >= 0) 367 DMSG("Ignore SDP pool node %s, supports only 1 node", 368 fdt_get_name(fdt, tmp_node, NULL)); 369 } 370 371 if (fdt_reg_info(fdt, node, &tmp_addr, &tmp_size)) { 372 EMSG("%s: Unable to get base addr or size from DT", 373 tz_sdp_match); 374 return false; 375 } 376 377 sec_sdp.paddr = tmp_addr; 378 sec_sdp.size = tmp_size; 379 380 return true; 381 } 382 #endif 383 384 #if defined(CFG_CORE_DYN_SHM) || defined(CFG_SECURE_DATA_PATH) 385 static bool pbuf_is_special_mem(paddr_t pbuf, size_t len, 386 const struct core_mmu_phys_mem *start, 387 const struct core_mmu_phys_mem *end) 388 { 389 const struct core_mmu_phys_mem *mem; 390 391 for (mem = start; mem < end; mem++) { 392 if (core_is_buffer_inside(pbuf, len, mem->addr, mem->size)) 393 return true; 394 } 395 396 return false; 397 } 398 #endif 399 400 #ifdef CFG_CORE_DYN_SHM 401 static void carve_out_phys_mem(struct core_mmu_phys_mem **mem, size_t *nelems, 402 paddr_t pa, size_t size) 403 { 404 struct core_mmu_phys_mem *m = *mem; 405 size_t n = 0; 406 407 while (n < *nelems) { 408 if (!core_is_buffer_intersect(pa, size, m[n].addr, m[n].size)) { 409 n++; 410 continue; 411 } 412 413 if (core_is_buffer_inside(m[n].addr, m[n].size, pa, size)) { 414 /* m[n] is completely covered by pa:size */ 415 rem_array_elem(m, *nelems, sizeof(*m), n); 416 (*nelems)--; 417 m = nex_realloc(m, sizeof(*m) * *nelems); 418 if (!m) 419 panic(); 420 *mem = m; 421 continue; 422 } 423 424 if (pa > m[n].addr && 425 pa + size - 1 < m[n].addr + m[n].size - 1) { 426 /* 427 * pa:size is strictly inside m[n] range so split 428 * m[n] entry. 429 */ 430 m = nex_realloc(m, sizeof(*m) * (*nelems + 1)); 431 if (!m) 432 panic(); 433 *mem = m; 434 (*nelems)++; 435 ins_array_elem(m, *nelems, sizeof(*m), n + 1, NULL); 436 m[n + 1].addr = pa + size; 437 m[n + 1].size = m[n].addr + m[n].size - pa - size; 438 m[n].size = pa - m[n].addr; 439 n++; 440 } else if (pa <= m[n].addr) { 441 /* 442 * pa:size is overlapping (possibly partially) at the 443 * beginning of m[n]. 444 */ 445 m[n].size = m[n].addr + m[n].size - pa - size; 446 m[n].addr = pa + size; 447 } else { 448 /* 449 * pa:size is overlapping (possibly partially) at 450 * the end of m[n]. 451 */ 452 m[n].size = pa - m[n].addr; 453 } 454 n++; 455 } 456 } 457 458 static void check_phys_mem_is_outside(struct core_mmu_phys_mem *start, 459 size_t nelems, 460 struct tee_mmap_region *map) 461 { 462 size_t n; 463 464 for (n = 0; n < nelems; n++) { 465 if (!core_is_buffer_outside(start[n].addr, start[n].size, 466 map->pa, map->size)) { 467 EMSG("Non-sec mem (%#" PRIxPA ":%#" PRIxPASZ 468 ") overlaps map (type %d %#" PRIxPA ":%#zx)", 469 start[n].addr, start[n].size, 470 map->type, map->pa, map->size); 471 panic(); 472 } 473 } 474 } 475 476 static const struct core_mmu_phys_mem *discovered_nsec_ddr_start __nex_bss; 477 static size_t discovered_nsec_ddr_nelems __nex_bss; 478 479 static int cmp_pmem_by_addr(const void *a, const void *b) 480 { 481 const struct core_mmu_phys_mem *pmem_a = a; 482 const struct core_mmu_phys_mem *pmem_b = b; 483 484 return CMP_TRILEAN(pmem_a->addr, pmem_b->addr); 485 } 486 487 void core_mmu_set_discovered_nsec_ddr(struct core_mmu_phys_mem *start, 488 size_t nelems) 489 { 490 struct core_mmu_phys_mem *m = start; 491 size_t num_elems = nelems; 492 struct memory_map *mem_map = &static_memory_map; 493 const struct core_mmu_phys_mem __maybe_unused *pmem; 494 size_t n = 0; 495 496 assert(!discovered_nsec_ddr_start); 497 assert(m && num_elems); 498 499 qsort(m, num_elems, sizeof(*m), cmp_pmem_by_addr); 500 501 /* 502 * Non-secure shared memory and also secure data 503 * path memory are supposed to reside inside 504 * non-secure memory. Since NSEC_SHM and SDP_MEM 505 * are used for a specific purpose make holes for 506 * those memory in the normal non-secure memory. 507 * 508 * This has to be done since for instance QEMU 509 * isn't aware of which memory range in the 510 * non-secure memory is used for NSEC_SHM. 511 */ 512 513 #ifdef CFG_SECURE_DATA_PATH 514 if (dtb_get_sdp_region()) 515 carve_out_phys_mem(&m, &num_elems, sec_sdp.paddr, sec_sdp.size); 516 517 for (pmem = phys_sdp_mem_begin; pmem < phys_sdp_mem_end; pmem++) 518 carve_out_phys_mem(&m, &num_elems, pmem->addr, pmem->size); 519 #endif 520 521 for (n = 0; n < ARRAY_SIZE(secure_only); n++) 522 carve_out_phys_mem(&m, &num_elems, secure_only[n].paddr, 523 secure_only[n].size); 524 525 for (n = 0; n < mem_map->count; n++) { 526 switch (mem_map->map[n].type) { 527 case MEM_AREA_NSEC_SHM: 528 carve_out_phys_mem(&m, &num_elems, mem_map->map[n].pa, 529 mem_map->map[n].size); 530 break; 531 case MEM_AREA_EXT_DT: 532 case MEM_AREA_MANIFEST_DT: 533 case MEM_AREA_RAM_NSEC: 534 case MEM_AREA_RES_VASPACE: 535 case MEM_AREA_SHM_VASPACE: 536 case MEM_AREA_TS_VASPACE: 537 case MEM_AREA_PAGER_VASPACE: 538 break; 539 default: 540 check_phys_mem_is_outside(m, num_elems, 541 mem_map->map + n); 542 } 543 } 544 545 discovered_nsec_ddr_start = m; 546 discovered_nsec_ddr_nelems = num_elems; 547 548 DMSG("Non-secure RAM:"); 549 for (n = 0; n < num_elems; n++) 550 DMSG("%zu: pa %#"PRIxPA"..%#"PRIxPA" sz %#"PRIxPASZ, 551 n, m[n].addr, m[n].addr + m[n].size - 1, m[n].size); 552 553 if (!core_mmu_check_end_pa(m[num_elems - 1].addr, 554 m[num_elems - 1].size)) 555 panic(); 556 } 557 558 static bool get_discovered_nsec_ddr(const struct core_mmu_phys_mem **start, 559 const struct core_mmu_phys_mem **end) 560 { 561 if (!discovered_nsec_ddr_start) 562 return false; 563 564 *start = discovered_nsec_ddr_start; 565 *end = discovered_nsec_ddr_start + discovered_nsec_ddr_nelems; 566 567 return true; 568 } 569 570 static bool pbuf_is_nsec_ddr(paddr_t pbuf, size_t len) 571 { 572 const struct core_mmu_phys_mem *start; 573 const struct core_mmu_phys_mem *end; 574 575 if (!get_discovered_nsec_ddr(&start, &end)) 576 return false; 577 578 return pbuf_is_special_mem(pbuf, len, start, end); 579 } 580 581 bool core_mmu_nsec_ddr_is_defined(void) 582 { 583 const struct core_mmu_phys_mem *start; 584 const struct core_mmu_phys_mem *end; 585 586 if (!get_discovered_nsec_ddr(&start, &end)) 587 return false; 588 589 return start != end; 590 } 591 #else 592 static bool pbuf_is_nsec_ddr(paddr_t pbuf __unused, size_t len __unused) 593 { 594 return false; 595 } 596 #endif /*CFG_CORE_DYN_SHM*/ 597 598 #define MSG_MEM_INSTERSECT(pa1, sz1, pa2, sz2) \ 599 EMSG("[%" PRIxPA " %" PRIx64 "] intersects [%" PRIxPA " %" PRIx64 "]", \ 600 pa1, (uint64_t)pa1 + (sz1), pa2, (uint64_t)pa2 + (sz2)) 601 602 #ifdef CFG_SECURE_DATA_PATH 603 static bool pbuf_is_sdp_mem(paddr_t pbuf, size_t len) 604 { 605 bool is_sdp_mem = false; 606 607 if (sec_sdp.size) 608 is_sdp_mem = core_is_buffer_inside(pbuf, len, sec_sdp.paddr, 609 sec_sdp.size); 610 611 if (!is_sdp_mem) 612 is_sdp_mem = pbuf_is_special_mem(pbuf, len, phys_sdp_mem_begin, 613 phys_sdp_mem_end); 614 615 return is_sdp_mem; 616 } 617 618 static struct mobj *core_sdp_mem_alloc_mobj(paddr_t pa, size_t size) 619 { 620 struct mobj *mobj = mobj_phys_alloc(pa, size, TEE_MATTR_MEM_TYPE_CACHED, 621 CORE_MEM_SDP_MEM); 622 623 if (!mobj) 624 panic("can't create SDP physical memory object"); 625 626 return mobj; 627 } 628 629 struct mobj **core_sdp_mem_create_mobjs(void) 630 { 631 const struct core_mmu_phys_mem *mem = NULL; 632 struct mobj **mobj_base = NULL; 633 struct mobj **mobj = NULL; 634 int cnt = phys_sdp_mem_end - phys_sdp_mem_begin; 635 636 if (sec_sdp.size) 637 cnt++; 638 639 /* SDP mobjs table must end with a NULL entry */ 640 mobj_base = calloc(cnt + 1, sizeof(struct mobj *)); 641 if (!mobj_base) 642 panic("Out of memory"); 643 644 mobj = mobj_base; 645 646 for (mem = phys_sdp_mem_begin; mem < phys_sdp_mem_end; mem++, mobj++) 647 *mobj = core_sdp_mem_alloc_mobj(mem->addr, mem->size); 648 649 if (sec_sdp.size) 650 *mobj = core_sdp_mem_alloc_mobj(sec_sdp.paddr, sec_sdp.size); 651 652 return mobj_base; 653 } 654 655 #else /* CFG_SECURE_DATA_PATH */ 656 static bool pbuf_is_sdp_mem(paddr_t pbuf __unused, size_t len __unused) 657 { 658 return false; 659 } 660 661 #endif /* CFG_SECURE_DATA_PATH */ 662 663 /* Check special memories comply with registered memories */ 664 static void verify_special_mem_areas(struct memory_map *mem_map, 665 const struct core_mmu_phys_mem *start, 666 const struct core_mmu_phys_mem *end, 667 const char *area_name __maybe_unused) 668 { 669 const struct core_mmu_phys_mem *mem = NULL; 670 const struct core_mmu_phys_mem *mem2 = NULL; 671 size_t n = 0; 672 673 if (start == end) { 674 DMSG("No %s memory area defined", area_name); 675 return; 676 } 677 678 for (mem = start; mem < end; mem++) 679 DMSG("%s memory [%" PRIxPA " %" PRIx64 "]", 680 area_name, mem->addr, (uint64_t)mem->addr + mem->size); 681 682 /* Check memories do not intersect each other */ 683 for (mem = start; mem + 1 < end; mem++) { 684 for (mem2 = mem + 1; mem2 < end; mem2++) { 685 if (core_is_buffer_intersect(mem2->addr, mem2->size, 686 mem->addr, mem->size)) { 687 MSG_MEM_INSTERSECT(mem2->addr, mem2->size, 688 mem->addr, mem->size); 689 panic("Special memory intersection"); 690 } 691 } 692 } 693 694 /* 695 * Check memories do not intersect any mapped memory. 696 * This is called before reserved VA space is loaded in mem_map. 697 */ 698 for (mem = start; mem < end; mem++) { 699 for (n = 0; n < mem_map->count; n++) { 700 #ifdef TEE_SDP_TEST_MEM_BASE 701 /* 702 * Ignore MEM_AREA_SEC_RAM_OVERALL since it covers 703 * TEE_SDP_TEST_MEM too. 704 */ 705 if (mem->addr == TEE_SDP_TEST_MEM_BASE && 706 mem->size == TEE_SDP_TEST_MEM_SIZE && 707 mem_map->map[n].type == MEM_AREA_SEC_RAM_OVERALL) 708 continue; 709 #endif 710 if (core_is_buffer_intersect(mem->addr, mem->size, 711 mem_map->map[n].pa, 712 mem_map->map[n].size)) { 713 MSG_MEM_INSTERSECT(mem->addr, mem->size, 714 mem_map->map[n].pa, 715 mem_map->map[n].size); 716 panic("Special memory intersection"); 717 } 718 } 719 } 720 } 721 722 static void merge_mmaps(struct tee_mmap_region *dst, 723 const struct tee_mmap_region *src) 724 { 725 paddr_t end_pa = MAX(dst->pa + dst->size - 1, src->pa + src->size - 1); 726 paddr_t pa = MIN(dst->pa, src->pa); 727 728 DMSG("Merging %#"PRIxPA"..%#"PRIxPA" and %#"PRIxPA"..%#"PRIxPA, 729 dst->pa, dst->pa + dst->size - 1, src->pa, 730 src->pa + src->size - 1); 731 dst->pa = pa; 732 dst->size = end_pa - pa + 1; 733 } 734 735 static bool mmaps_are_mergeable(const struct tee_mmap_region *r1, 736 const struct tee_mmap_region *r2) 737 { 738 if (r1->type != r2->type) 739 return false; 740 741 if (r1->pa == r2->pa) 742 return true; 743 744 if (r1->pa < r2->pa) 745 return r1->pa + r1->size >= r2->pa; 746 else 747 return r2->pa + r2->size >= r1->pa; 748 } 749 750 static void add_phys_mem(struct memory_map *mem_map, 751 const char *mem_name __maybe_unused, 752 enum teecore_memtypes mem_type, 753 paddr_t mem_addr, paddr_size_t mem_size) 754 { 755 size_t n = 0; 756 const struct tee_mmap_region m0 = { 757 .type = mem_type, 758 .pa = mem_addr, 759 .size = mem_size, 760 }; 761 762 if (!mem_size) /* Discard null size entries */ 763 return; 764 765 /* 766 * If some ranges of memory of the same type do overlap 767 * each others they are coalesced into one entry. To help this 768 * added entries are sorted by increasing physical. 769 * 770 * Note that it's valid to have the same physical memory as several 771 * different memory types, for instance the same device memory 772 * mapped as both secure and non-secure. This will probably not 773 * happen often in practice. 774 */ 775 DMSG("%s type %s 0x%08" PRIxPA " size 0x%08" PRIxPASZ, 776 mem_name, teecore_memtype_name(mem_type), mem_addr, mem_size); 777 for (n = 0; n < mem_map->count; n++) { 778 if (mmaps_are_mergeable(mem_map->map + n, &m0)) { 779 merge_mmaps(mem_map->map + n, &m0); 780 /* 781 * The merged result might be mergeable with the 782 * next or previous entry. 783 */ 784 if (n + 1 < mem_map->count && 785 mmaps_are_mergeable(mem_map->map + n, 786 mem_map->map + n + 1)) { 787 merge_mmaps(mem_map->map + n, 788 mem_map->map + n + 1); 789 rem_array_elem(mem_map->map, mem_map->count, 790 sizeof(*mem_map->map), n + 1); 791 mem_map->count--; 792 } 793 if (n > 0 && mmaps_are_mergeable(mem_map->map + n - 1, 794 mem_map->map + n)) { 795 merge_mmaps(mem_map->map + n - 1, 796 mem_map->map + n); 797 rem_array_elem(mem_map->map, mem_map->count, 798 sizeof(*mem_map->map), n); 799 mem_map->count--; 800 } 801 return; 802 } 803 if (mem_type < mem_map->map[n].type || 804 (mem_type == mem_map->map[n].type && 805 mem_addr < mem_map->map[n].pa)) 806 break; /* found the spot where to insert this memory */ 807 } 808 809 grow_mem_map(mem_map); 810 ins_array_elem(mem_map->map, mem_map->count, sizeof(*mem_map->map), 811 n, &m0); 812 } 813 814 static void add_va_space(struct memory_map *mem_map, 815 enum teecore_memtypes type, size_t size) 816 { 817 size_t n = 0; 818 819 DMSG("type %s size 0x%08zx", teecore_memtype_name(type), size); 820 for (n = 0; n < mem_map->count; n++) { 821 if (type < mem_map->map[n].type) 822 break; 823 } 824 825 grow_mem_map(mem_map); 826 ins_array_elem(mem_map->map, mem_map->count, sizeof(*mem_map->map), 827 n, NULL); 828 mem_map->map[n] = (struct tee_mmap_region){ 829 .type = type, 830 .size = size, 831 }; 832 } 833 834 uint32_t core_mmu_type_to_attr(enum teecore_memtypes t) 835 { 836 const uint32_t attr = TEE_MATTR_VALID_BLOCK; 837 const uint32_t tagged = TEE_MATTR_MEM_TYPE_TAGGED << 838 TEE_MATTR_MEM_TYPE_SHIFT; 839 const uint32_t cached = TEE_MATTR_MEM_TYPE_CACHED << 840 TEE_MATTR_MEM_TYPE_SHIFT; 841 const uint32_t noncache = TEE_MATTR_MEM_TYPE_DEV << 842 TEE_MATTR_MEM_TYPE_SHIFT; 843 844 switch (t) { 845 case MEM_AREA_TEE_RAM: 846 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | tagged; 847 case MEM_AREA_TEE_RAM_RX: 848 case MEM_AREA_INIT_RAM_RX: 849 case MEM_AREA_IDENTITY_MAP_RX: 850 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRX | tagged; 851 case MEM_AREA_TEE_RAM_RO: 852 case MEM_AREA_INIT_RAM_RO: 853 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | tagged; 854 case MEM_AREA_TEE_RAM_RW: 855 case MEM_AREA_NEX_RAM_RO: /* This has to be r/w during init runtime */ 856 case MEM_AREA_NEX_RAM_RW: 857 case MEM_AREA_TEE_ASAN: 858 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 859 case MEM_AREA_TEE_COHERENT: 860 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | noncache; 861 case MEM_AREA_NSEC_SHM: 862 case MEM_AREA_NEX_NSEC_SHM: 863 return attr | TEE_MATTR_PRW | cached; 864 case MEM_AREA_MANIFEST_DT: 865 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | cached; 866 case MEM_AREA_TRANSFER_LIST: 867 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 868 case MEM_AREA_EXT_DT: 869 /* 870 * If CFG_MAP_EXT_DT_SECURE is enabled map the external device 871 * tree as secure non-cached memory, otherwise, fall back to 872 * non-secure mapping. 873 */ 874 if (IS_ENABLED(CFG_MAP_EXT_DT_SECURE)) 875 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | 876 noncache; 877 fallthrough; 878 case MEM_AREA_IO_NSEC: 879 return attr | TEE_MATTR_PRW | noncache; 880 case MEM_AREA_IO_SEC: 881 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | noncache; 882 case MEM_AREA_RAM_NSEC: 883 return attr | TEE_MATTR_PRW | cached; 884 case MEM_AREA_RAM_SEC: 885 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 886 case MEM_AREA_SEC_RAM_OVERALL: 887 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 888 case MEM_AREA_ROM_SEC: 889 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | cached; 890 case MEM_AREA_RES_VASPACE: 891 case MEM_AREA_SHM_VASPACE: 892 return 0; 893 case MEM_AREA_PAGER_VASPACE: 894 return TEE_MATTR_SECURE; 895 default: 896 panic("invalid type"); 897 } 898 } 899 900 static bool __maybe_unused map_is_tee_ram(const struct tee_mmap_region *mm) 901 { 902 switch (mm->type) { 903 case MEM_AREA_TEE_RAM: 904 case MEM_AREA_TEE_RAM_RX: 905 case MEM_AREA_TEE_RAM_RO: 906 case MEM_AREA_TEE_RAM_RW: 907 case MEM_AREA_INIT_RAM_RX: 908 case MEM_AREA_INIT_RAM_RO: 909 case MEM_AREA_NEX_RAM_RW: 910 case MEM_AREA_NEX_RAM_RO: 911 case MEM_AREA_TEE_ASAN: 912 return true; 913 default: 914 return false; 915 } 916 } 917 918 static bool __maybe_unused map_is_secure(const struct tee_mmap_region *mm) 919 { 920 return !!(core_mmu_type_to_attr(mm->type) & TEE_MATTR_SECURE); 921 } 922 923 static bool __maybe_unused map_is_pgdir(const struct tee_mmap_region *mm) 924 { 925 return mm->region_size == CORE_MMU_PGDIR_SIZE; 926 } 927 928 static int cmp_mmap_by_lower_va(const void *a, const void *b) 929 { 930 const struct tee_mmap_region *mm_a = a; 931 const struct tee_mmap_region *mm_b = b; 932 933 return CMP_TRILEAN(mm_a->va, mm_b->va); 934 } 935 936 static void dump_mmap_table(struct memory_map *mem_map) 937 { 938 size_t n = 0; 939 940 for (n = 0; n < mem_map->count; n++) { 941 struct tee_mmap_region *map __maybe_unused = mem_map->map + n; 942 943 DMSG("type %-12s va 0x%08" PRIxVA "..0x%08" PRIxVA 944 " pa 0x%08" PRIxPA "..0x%08" PRIxPA " size 0x%08zx (%s)", 945 teecore_memtype_name(map->type), map->va, 946 map->va + map->size - 1, map->pa, 947 (paddr_t)(map->pa + map->size - 1), map->size, 948 map->region_size == SMALL_PAGE_SIZE ? "smallpg" : "pgdir"); 949 } 950 } 951 952 #if DEBUG_XLAT_TABLE 953 954 static void dump_xlat_table(vaddr_t va, unsigned int level) 955 { 956 struct core_mmu_table_info tbl_info; 957 unsigned int idx = 0; 958 paddr_t pa; 959 uint32_t attr; 960 961 core_mmu_find_table(NULL, va, level, &tbl_info); 962 va = tbl_info.va_base; 963 for (idx = 0; idx < tbl_info.num_entries; idx++) { 964 core_mmu_get_entry(&tbl_info, idx, &pa, &attr); 965 if (attr || level > CORE_MMU_BASE_TABLE_LEVEL) { 966 const char *security_bit = ""; 967 968 if (core_mmu_entry_have_security_bit(attr)) { 969 if (attr & TEE_MATTR_SECURE) 970 security_bit = "S"; 971 else 972 security_bit = "NS"; 973 } 974 975 if (attr & TEE_MATTR_TABLE) { 976 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 977 " TBL:0x%010" PRIxPA " %s", 978 level * 2, "", level, va, pa, 979 security_bit); 980 dump_xlat_table(va, level + 1); 981 } else if (attr) { 982 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 983 " PA:0x%010" PRIxPA " %s-%s-%s-%s", 984 level * 2, "", level, va, pa, 985 mattr_is_cached(attr) ? "MEM" : 986 "DEV", 987 attr & TEE_MATTR_PW ? "RW" : "RO", 988 attr & TEE_MATTR_PX ? "X " : "XN", 989 security_bit); 990 } else { 991 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 992 " INVALID\n", 993 level * 2, "", level, va); 994 } 995 } 996 va += BIT64(tbl_info.shift); 997 } 998 } 999 1000 #else 1001 1002 static void dump_xlat_table(vaddr_t va __unused, int level __unused) 1003 { 1004 } 1005 1006 #endif 1007 1008 /* 1009 * Reserves virtual memory space for pager usage. 1010 * 1011 * From the start of the first memory used by the link script + 1012 * TEE_RAM_VA_SIZE should be covered, either with a direct mapping or empty 1013 * mapping for pager usage. This adds translation tables as needed for the 1014 * pager to operate. 1015 */ 1016 static void add_pager_vaspace(struct memory_map *mem_map) 1017 { 1018 paddr_t begin = 0; 1019 paddr_t end = 0; 1020 size_t size = 0; 1021 size_t pos = 0; 1022 size_t n = 0; 1023 1024 1025 for (n = 0; n < mem_map->count; n++) { 1026 if (map_is_tee_ram(mem_map->map + n)) { 1027 if (!begin) 1028 begin = mem_map->map[n].pa; 1029 pos = n + 1; 1030 } 1031 } 1032 1033 end = mem_map->map[pos - 1].pa + mem_map->map[pos - 1].size; 1034 assert(end - begin < TEE_RAM_VA_SIZE); 1035 size = TEE_RAM_VA_SIZE - (end - begin); 1036 1037 grow_mem_map(mem_map); 1038 ins_array_elem(mem_map->map, mem_map->count, sizeof(*mem_map->map), 1039 n, NULL); 1040 mem_map->map[n] = (struct tee_mmap_region){ 1041 .type = MEM_AREA_PAGER_VASPACE, 1042 .size = size, 1043 .region_size = SMALL_PAGE_SIZE, 1044 .attr = core_mmu_type_to_attr(MEM_AREA_PAGER_VASPACE), 1045 }; 1046 } 1047 1048 static void check_sec_nsec_mem_config(void) 1049 { 1050 size_t n = 0; 1051 1052 for (n = 0; n < ARRAY_SIZE(secure_only); n++) { 1053 if (pbuf_intersects(nsec_shared, secure_only[n].paddr, 1054 secure_only[n].size)) 1055 panic("Invalid memory access config: sec/nsec"); 1056 } 1057 } 1058 1059 static void collect_device_mem_ranges(struct memory_map *mem_map) 1060 { 1061 const char *compatible = "arm,ffa-manifest-device-regions"; 1062 void *fdt = get_manifest_dt(); 1063 const char *name = NULL; 1064 uint64_t page_count = 0; 1065 uint64_t base = 0; 1066 int subnode = 0; 1067 int node = 0; 1068 1069 assert(fdt); 1070 1071 node = fdt_node_offset_by_compatible(fdt, 0, compatible); 1072 if (node < 0) 1073 return; 1074 1075 fdt_for_each_subnode(subnode, fdt, node) { 1076 name = fdt_get_name(fdt, subnode, NULL); 1077 if (!name) 1078 continue; 1079 1080 if (dt_getprop_as_number(fdt, subnode, "base-address", 1081 &base)) { 1082 EMSG("Mandatory field is missing: base-address"); 1083 continue; 1084 } 1085 1086 if (base & SMALL_PAGE_MASK) { 1087 EMSG("base-address is not page aligned"); 1088 continue; 1089 } 1090 1091 if (dt_getprop_as_number(fdt, subnode, "pages-count", 1092 &page_count)) { 1093 EMSG("Mandatory field is missing: pages-count"); 1094 continue; 1095 } 1096 1097 add_phys_mem(mem_map, name, MEM_AREA_IO_SEC, 1098 base, page_count * SMALL_PAGE_SIZE); 1099 } 1100 } 1101 1102 static void collect_mem_ranges(struct memory_map *mem_map) 1103 { 1104 const struct core_mmu_phys_mem *mem = NULL; 1105 vaddr_t ram_start = secure_only[0].paddr; 1106 size_t n = 0; 1107 1108 #define ADD_PHYS_MEM(_type, _addr, _size) \ 1109 add_phys_mem(mem_map, #_addr, (_type), (_addr), (_size)) 1110 1111 if (IS_ENABLED(CFG_CORE_RWDATA_NOEXEC)) { 1112 paddr_t next_pa = 0; 1113 1114 /* 1115 * Read-only and read-execute physical memory areas must 1116 * not be mapped by MEM_AREA_SEC_RAM_OVERALL, but all the 1117 * read/write should. 1118 */ 1119 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, ram_start, 1120 VCORE_UNPG_RX_PA - ram_start); 1121 assert(VCORE_UNPG_RX_PA >= ram_start); 1122 tee_ram_initial_offs = VCORE_UNPG_RX_PA - ram_start; 1123 DMSG("tee_ram_initial_offs %#zx", tee_ram_initial_offs); 1124 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RX, VCORE_UNPG_RX_PA, 1125 VCORE_UNPG_RX_SZ); 1126 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RO, VCORE_UNPG_RO_PA, 1127 VCORE_UNPG_RO_SZ); 1128 1129 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 1130 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RO, VCORE_UNPG_RW_PA, 1131 VCORE_UNPG_RW_SZ); 1132 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, VCORE_UNPG_RW_PA, 1133 VCORE_UNPG_RW_SZ); 1134 1135 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RW, VCORE_NEX_RW_PA, 1136 VCORE_NEX_RW_SZ); 1137 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, VCORE_NEX_RW_PA, 1138 VCORE_NEX_RW_SZ); 1139 1140 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RW, VCORE_FREE_PA, 1141 VCORE_FREE_SZ); 1142 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, VCORE_FREE_PA, 1143 VCORE_FREE_SZ); 1144 next_pa = VCORE_FREE_PA + VCORE_FREE_SZ; 1145 } else { 1146 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RW, VCORE_UNPG_RW_PA, 1147 VCORE_UNPG_RW_SZ); 1148 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, VCORE_UNPG_RW_PA, 1149 VCORE_UNPG_RW_SZ); 1150 1151 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RW, VCORE_FREE_PA, 1152 VCORE_FREE_SZ); 1153 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, VCORE_FREE_PA, 1154 VCORE_FREE_SZ); 1155 next_pa = VCORE_FREE_PA + VCORE_FREE_SZ; 1156 } 1157 1158 if (IS_ENABLED(CFG_WITH_PAGER)) { 1159 paddr_t pa = 0; 1160 size_t sz = 0; 1161 1162 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RX, VCORE_INIT_RX_PA, 1163 VCORE_INIT_RX_SZ); 1164 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RO, VCORE_INIT_RO_PA, 1165 VCORE_INIT_RO_SZ); 1166 /* 1167 * Core init mapping shall cover up to end of the 1168 * physical RAM. This is required since the hash 1169 * table is appended to the binary data after the 1170 * firmware build sequence. 1171 */ 1172 pa = VCORE_INIT_RO_PA + VCORE_INIT_RO_SZ; 1173 sz = TEE_RAM_START + TEE_RAM_PH_SIZE - pa; 1174 ADD_PHYS_MEM(MEM_AREA_TEE_RAM, pa, sz); 1175 } else { 1176 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, next_pa, 1177 secure_only[0].paddr + 1178 secure_only[0].size - next_pa); 1179 } 1180 } else { 1181 ADD_PHYS_MEM(MEM_AREA_TEE_RAM, TEE_RAM_START, TEE_RAM_PH_SIZE); 1182 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, secure_only[n].paddr, 1183 secure_only[0].size); 1184 } 1185 1186 for (n = 1; n < ARRAY_SIZE(secure_only); n++) 1187 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, secure_only[n].paddr, 1188 secure_only[n].size); 1189 1190 if (IS_ENABLED(CFG_CORE_SANITIZE_KADDRESS) && 1191 IS_ENABLED(CFG_WITH_PAGER)) { 1192 /* 1193 * Asan ram is part of MEM_AREA_TEE_RAM_RW when pager is 1194 * disabled. 1195 */ 1196 ADD_PHYS_MEM(MEM_AREA_TEE_ASAN, ASAN_MAP_PA, ASAN_MAP_SZ); 1197 } 1198 1199 #undef ADD_PHYS_MEM 1200 1201 /* Collect device memory info from SP manifest */ 1202 if (IS_ENABLED(CFG_CORE_SEL2_SPMC)) 1203 collect_device_mem_ranges(mem_map); 1204 1205 for (mem = phys_mem_map_begin; mem < phys_mem_map_end; mem++) { 1206 /* Only unmapped virtual range may have a null phys addr */ 1207 assert(mem->addr || !core_mmu_type_to_attr(mem->type)); 1208 1209 add_phys_mem(mem_map, mem->name, mem->type, 1210 mem->addr, mem->size); 1211 } 1212 1213 if (IS_ENABLED(CFG_SECURE_DATA_PATH)) 1214 verify_special_mem_areas(mem_map, phys_sdp_mem_begin, 1215 phys_sdp_mem_end, "SDP"); 1216 1217 add_va_space(mem_map, MEM_AREA_RES_VASPACE, CFG_RESERVED_VASPACE_SIZE); 1218 add_va_space(mem_map, MEM_AREA_SHM_VASPACE, SHM_VASPACE_SIZE); 1219 } 1220 1221 static void assign_mem_granularity(struct memory_map *mem_map) 1222 { 1223 size_t n = 0; 1224 1225 /* 1226 * Assign region sizes, note that MEM_AREA_TEE_RAM always uses 1227 * SMALL_PAGE_SIZE. 1228 */ 1229 for (n = 0; n < mem_map->count; n++) { 1230 paddr_t mask = mem_map->map[n].pa | mem_map->map[n].size; 1231 1232 if (mask & SMALL_PAGE_MASK) 1233 panic("Impossible memory alignment"); 1234 1235 if (map_is_tee_ram(mem_map->map + n)) 1236 mem_map->map[n].region_size = SMALL_PAGE_SIZE; 1237 else 1238 mem_map->map[n].region_size = CORE_MMU_PGDIR_SIZE; 1239 } 1240 } 1241 1242 static bool place_tee_ram_at_top(paddr_t paddr) 1243 { 1244 return paddr > BIT64(core_mmu_get_va_width()) / 2; 1245 } 1246 1247 /* 1248 * MMU arch driver shall override this function if it helps 1249 * optimizing the memory footprint of the address translation tables. 1250 */ 1251 bool __weak core_mmu_prefer_tee_ram_at_top(paddr_t paddr) 1252 { 1253 return place_tee_ram_at_top(paddr); 1254 } 1255 1256 static bool assign_mem_va_dir(vaddr_t tee_ram_va, struct memory_map *mem_map, 1257 bool tee_ram_at_top) 1258 { 1259 struct tee_mmap_region *map = NULL; 1260 vaddr_t va = 0; 1261 bool va_is_secure = true; 1262 size_t n = 0; 1263 1264 /* 1265 * tee_ram_va might equals 0 when CFG_CORE_ASLR=y. 1266 * 0 is by design an invalid va, so return false directly. 1267 */ 1268 if (!tee_ram_va) 1269 return false; 1270 1271 /* Clear eventual previous assignments */ 1272 for (n = 0; n < mem_map->count; n++) 1273 mem_map->map[n].va = 0; 1274 1275 /* 1276 * TEE RAM regions are always aligned with region_size. 1277 * 1278 * Note that MEM_AREA_PAGER_VASPACE also counts as TEE RAM here 1279 * since it handles virtual memory which covers the part of the ELF 1280 * that cannot fit directly into memory. 1281 */ 1282 va = tee_ram_va + tee_ram_initial_offs; 1283 for (n = 0; n < mem_map->count; n++) { 1284 map = mem_map->map + n; 1285 if (map_is_tee_ram(map) || 1286 map->type == MEM_AREA_PAGER_VASPACE) { 1287 assert(!(va & (map->region_size - 1))); 1288 assert(!(map->size & (map->region_size - 1))); 1289 map->va = va; 1290 if (ADD_OVERFLOW(va, map->size, &va)) 1291 return false; 1292 if (va >= BIT64(core_mmu_get_va_width())) 1293 return false; 1294 } 1295 } 1296 1297 if (tee_ram_at_top) { 1298 /* 1299 * Map non-tee ram regions at addresses lower than the tee 1300 * ram region. 1301 */ 1302 va = tee_ram_va; 1303 for (n = 0; n < mem_map->count; n++) { 1304 map = mem_map->map + n; 1305 map->attr = core_mmu_type_to_attr(map->type); 1306 if (map->va) 1307 continue; 1308 1309 if (!IS_ENABLED(CFG_WITH_LPAE) && 1310 va_is_secure != map_is_secure(map)) { 1311 va_is_secure = !va_is_secure; 1312 va = ROUNDDOWN(va, CORE_MMU_PGDIR_SIZE); 1313 } 1314 1315 if (SUB_OVERFLOW(va, map->size, &va)) 1316 return false; 1317 va = ROUNDDOWN2(va, map->region_size); 1318 /* 1319 * Make sure that va is aligned with pa for 1320 * efficient pgdir mapping. Basically pa & 1321 * pgdir_mask should be == va & pgdir_mask 1322 */ 1323 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1324 if (SUB_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, &va)) 1325 return false; 1326 va += (map->pa - va) & CORE_MMU_PGDIR_MASK; 1327 } 1328 map->va = va; 1329 } 1330 } else { 1331 /* 1332 * Map non-tee ram regions at addresses higher than the tee 1333 * ram region. 1334 */ 1335 for (n = 0; n < mem_map->count; n++) { 1336 map = mem_map->map + n; 1337 map->attr = core_mmu_type_to_attr(map->type); 1338 if (map->va) 1339 continue; 1340 1341 if (!IS_ENABLED(CFG_WITH_LPAE) && 1342 va_is_secure != map_is_secure(map)) { 1343 va_is_secure = !va_is_secure; 1344 if (ROUNDUP_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, 1345 &va)) 1346 return false; 1347 } 1348 1349 if (ROUNDUP2_OVERFLOW(va, map->region_size, &va)) 1350 return false; 1351 /* 1352 * Make sure that va is aligned with pa for 1353 * efficient pgdir mapping. Basically pa & 1354 * pgdir_mask should be == va & pgdir_mask 1355 */ 1356 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1357 vaddr_t offs = (map->pa - va) & 1358 CORE_MMU_PGDIR_MASK; 1359 1360 if (ADD_OVERFLOW(va, offs, &va)) 1361 return false; 1362 } 1363 1364 map->va = va; 1365 if (ADD_OVERFLOW(va, map->size, &va)) 1366 return false; 1367 if (va >= BIT64(core_mmu_get_va_width())) 1368 return false; 1369 } 1370 } 1371 1372 return true; 1373 } 1374 1375 static bool assign_mem_va(vaddr_t tee_ram_va, struct memory_map *mem_map) 1376 { 1377 bool tee_ram_at_top = place_tee_ram_at_top(tee_ram_va); 1378 1379 /* 1380 * Check that we're not overlapping with the user VA range. 1381 */ 1382 if (IS_ENABLED(CFG_WITH_LPAE)) { 1383 /* 1384 * User VA range is supposed to be defined after these 1385 * mappings have been established. 1386 */ 1387 assert(!core_mmu_user_va_range_is_defined()); 1388 } else { 1389 vaddr_t user_va_base = 0; 1390 size_t user_va_size = 0; 1391 1392 assert(core_mmu_user_va_range_is_defined()); 1393 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 1394 if (tee_ram_va < (user_va_base + user_va_size)) 1395 return false; 1396 } 1397 1398 if (IS_ENABLED(CFG_WITH_PAGER)) { 1399 bool prefered_dir = core_mmu_prefer_tee_ram_at_top(tee_ram_va); 1400 1401 /* Try whole mapping covered by a single base xlat entry */ 1402 if (prefered_dir != tee_ram_at_top && 1403 assign_mem_va_dir(tee_ram_va, mem_map, prefered_dir)) 1404 return true; 1405 } 1406 1407 return assign_mem_va_dir(tee_ram_va, mem_map, tee_ram_at_top); 1408 } 1409 1410 static int cmp_init_mem_map(const void *a, const void *b) 1411 { 1412 const struct tee_mmap_region *mm_a = a; 1413 const struct tee_mmap_region *mm_b = b; 1414 int rc = 0; 1415 1416 rc = CMP_TRILEAN(mm_a->region_size, mm_b->region_size); 1417 if (!rc) 1418 rc = CMP_TRILEAN(mm_a->pa, mm_b->pa); 1419 /* 1420 * 32bit MMU descriptors cannot mix secure and non-secure mapping in 1421 * the same level2 table. Hence sort secure mapping from non-secure 1422 * mapping. 1423 */ 1424 if (!rc && !IS_ENABLED(CFG_WITH_LPAE)) 1425 rc = CMP_TRILEAN(map_is_secure(mm_a), map_is_secure(mm_b)); 1426 1427 return rc; 1428 } 1429 1430 static bool mem_map_add_id_map(struct memory_map *mem_map, 1431 vaddr_t id_map_start, vaddr_t id_map_end) 1432 { 1433 vaddr_t start = ROUNDDOWN(id_map_start, SMALL_PAGE_SIZE); 1434 vaddr_t end = ROUNDUP(id_map_end, SMALL_PAGE_SIZE); 1435 size_t len = end - start; 1436 size_t n = 0; 1437 1438 1439 for (n = 0; n < mem_map->count; n++) 1440 if (core_is_buffer_intersect(mem_map->map[n].va, 1441 mem_map->map[n].size, start, len)) 1442 return false; 1443 1444 grow_mem_map(mem_map); 1445 mem_map->map[mem_map->count - 1] = (struct tee_mmap_region){ 1446 .type = MEM_AREA_IDENTITY_MAP_RX, 1447 /* 1448 * Could use CORE_MMU_PGDIR_SIZE to potentially save a 1449 * translation table, at the increased risk of clashes with 1450 * the rest of the memory map. 1451 */ 1452 .region_size = SMALL_PAGE_SIZE, 1453 .pa = start, 1454 .va = start, 1455 .size = len, 1456 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1457 }; 1458 1459 return true; 1460 } 1461 1462 static struct memory_map *init_mem_map(struct memory_map *mem_map, 1463 unsigned long seed, 1464 unsigned long *ret_offs) 1465 { 1466 /* 1467 * @id_map_start and @id_map_end describes a physical memory range 1468 * that must be mapped Read-Only eXecutable at identical virtual 1469 * addresses. 1470 */ 1471 vaddr_t id_map_start = (vaddr_t)__identity_map_init_start; 1472 vaddr_t id_map_end = (vaddr_t)__identity_map_init_end; 1473 vaddr_t start_addr = secure_only[0].paddr; 1474 unsigned long offs = 0; 1475 1476 collect_mem_ranges(mem_map); 1477 assign_mem_granularity(mem_map); 1478 1479 /* 1480 * To ease mapping and lower use of xlat tables, sort mapping 1481 * description moving small-page regions after the pgdir regions. 1482 */ 1483 qsort(mem_map->map, mem_map->count, sizeof(struct tee_mmap_region), 1484 cmp_init_mem_map); 1485 1486 if (IS_ENABLED(CFG_WITH_PAGER)) 1487 add_pager_vaspace(mem_map); 1488 1489 if (IS_ENABLED(CFG_CORE_ASLR) && seed) { 1490 vaddr_t base_addr = start_addr + seed; 1491 const unsigned int va_width = core_mmu_get_va_width(); 1492 const vaddr_t va_mask = GENMASK_64(va_width - 1, 1493 SMALL_PAGE_SHIFT); 1494 vaddr_t ba = base_addr; 1495 size_t n = 0; 1496 1497 for (n = 0; n < 3; n++) { 1498 if (n) 1499 ba = base_addr ^ BIT64(va_width - n); 1500 ba &= va_mask; 1501 if (assign_mem_va(ba, mem_map) && 1502 mem_map_add_id_map(mem_map, id_map_start, 1503 id_map_end)) { 1504 offs = ba - start_addr; 1505 DMSG("Mapping core at %#"PRIxVA" offs %#lx", 1506 ba, offs); 1507 goto out; 1508 } else { 1509 DMSG("Failed to map core at %#"PRIxVA, ba); 1510 } 1511 } 1512 EMSG("Failed to map core with seed %#lx", seed); 1513 } 1514 1515 if (!assign_mem_va(start_addr, mem_map)) 1516 panic(); 1517 1518 out: 1519 qsort(mem_map->map, mem_map->count, sizeof(struct tee_mmap_region), 1520 cmp_mmap_by_lower_va); 1521 1522 dump_mmap_table(mem_map); 1523 1524 *ret_offs = offs; 1525 return mem_map; 1526 } 1527 1528 static void check_mem_map(struct memory_map *mem_map) 1529 { 1530 struct tee_mmap_region *m = NULL; 1531 size_t n = 0; 1532 1533 for (n = 0; n < mem_map->count; n++) { 1534 m = mem_map->map + n; 1535 switch (m->type) { 1536 case MEM_AREA_TEE_RAM: 1537 case MEM_AREA_TEE_RAM_RX: 1538 case MEM_AREA_TEE_RAM_RO: 1539 case MEM_AREA_TEE_RAM_RW: 1540 case MEM_AREA_INIT_RAM_RX: 1541 case MEM_AREA_INIT_RAM_RO: 1542 case MEM_AREA_NEX_RAM_RW: 1543 case MEM_AREA_NEX_RAM_RO: 1544 case MEM_AREA_IDENTITY_MAP_RX: 1545 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1546 panic("TEE_RAM can't fit in secure_only"); 1547 break; 1548 case MEM_AREA_SEC_RAM_OVERALL: 1549 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1550 panic("SEC_RAM_OVERALL can't fit in secure_only"); 1551 break; 1552 case MEM_AREA_NSEC_SHM: 1553 if (!pbuf_is_inside(nsec_shared, m->pa, m->size)) 1554 panic("NS_SHM can't fit in nsec_shared"); 1555 break; 1556 case MEM_AREA_TEE_COHERENT: 1557 case MEM_AREA_TEE_ASAN: 1558 case MEM_AREA_IO_SEC: 1559 case MEM_AREA_IO_NSEC: 1560 case MEM_AREA_EXT_DT: 1561 case MEM_AREA_MANIFEST_DT: 1562 case MEM_AREA_TRANSFER_LIST: 1563 case MEM_AREA_RAM_SEC: 1564 case MEM_AREA_RAM_NSEC: 1565 case MEM_AREA_ROM_SEC: 1566 case MEM_AREA_RES_VASPACE: 1567 case MEM_AREA_SHM_VASPACE: 1568 case MEM_AREA_PAGER_VASPACE: 1569 break; 1570 default: 1571 EMSG("Uhandled memtype %d", m->type); 1572 panic(); 1573 } 1574 } 1575 } 1576 1577 /* 1578 * core_init_mmu_map() - init tee core default memory mapping 1579 * 1580 * This routine sets the static default TEE core mapping. If @seed is > 0 1581 * and configured with CFG_CORE_ASLR it will map tee core at a location 1582 * based on the seed and return the offset from the link address. 1583 * 1584 * If an error happened: core_init_mmu_map is expected to panic. 1585 * 1586 * Note: this function is weak just to make it possible to exclude it from 1587 * the unpaged area. 1588 */ 1589 void __weak core_init_mmu_map(unsigned long seed, struct core_mmu_config *cfg) 1590 { 1591 #ifndef CFG_NS_VIRTUALIZATION 1592 vaddr_t start = ROUNDDOWN((vaddr_t)__nozi_start, SMALL_PAGE_SIZE); 1593 #else 1594 vaddr_t start = ROUNDDOWN((vaddr_t)__vcore_nex_rw_start, 1595 SMALL_PAGE_SIZE); 1596 #endif 1597 #ifdef CFG_DYN_CONFIG 1598 vaddr_t len = ROUNDUP(VCORE_FREE_END_PA, SMALL_PAGE_SIZE) - start; 1599 #else 1600 vaddr_t len = ROUNDUP((vaddr_t)__nozi_end, SMALL_PAGE_SIZE) - start; 1601 #endif 1602 struct tee_mmap_region tmp_mmap_region = { }; 1603 struct memory_map mem_map = { }; 1604 unsigned long offs = 0; 1605 1606 if (IS_ENABLED(CFG_CORE_PHYS_RELOCATABLE) && 1607 (core_mmu_tee_load_pa & SMALL_PAGE_MASK)) 1608 panic("OP-TEE load address is not page aligned"); 1609 1610 check_sec_nsec_mem_config(); 1611 1612 if (IS_ENABLED(CFG_BOOT_MEM)) { 1613 mem_map.alloc_count = CFG_MMAP_REGIONS; 1614 mem_map.map = boot_mem_alloc_tmp(mem_map.alloc_count * 1615 sizeof(*mem_map.map), 1616 alignof(*mem_map.map)); 1617 memory_map_realloc_func = boot_mem_realloc_memory_map; 1618 } else { 1619 mem_map = static_memory_map; 1620 } 1621 1622 static_memory_map = (struct memory_map){ 1623 .map = &tmp_mmap_region, 1624 .alloc_count = 1, 1625 .count = 1, 1626 }; 1627 /* 1628 * Add a entry covering the translation tables which will be 1629 * involved in some virt_to_phys() and phys_to_virt() conversions. 1630 */ 1631 static_memory_map.map[0] = (struct tee_mmap_region){ 1632 .type = MEM_AREA_TEE_RAM, 1633 .region_size = SMALL_PAGE_SIZE, 1634 .pa = start, 1635 .va = start, 1636 .size = len, 1637 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1638 }; 1639 1640 init_mem_map(&mem_map, seed, &offs); 1641 1642 check_mem_map(&mem_map); 1643 core_init_mmu(&mem_map); 1644 dump_xlat_table(0x0, CORE_MMU_BASE_TABLE_LEVEL); 1645 core_init_mmu_regs(cfg); 1646 cfg->map_offset = offs; 1647 static_memory_map = mem_map; 1648 boot_mem_add_reloc(&static_memory_map.map); 1649 } 1650 1651 void core_mmu_save_mem_map(void) 1652 { 1653 if (IS_ENABLED(CFG_BOOT_MEM)) { 1654 size_t alloc_count = static_memory_map.count + 5; 1655 size_t elem_sz = sizeof(*static_memory_map.map); 1656 void *p = NULL; 1657 1658 p = nex_calloc(alloc_count, elem_sz); 1659 if (!p) 1660 panic(); 1661 memcpy(p, static_memory_map.map, 1662 static_memory_map.count * elem_sz); 1663 static_memory_map.map = p; 1664 static_memory_map.alloc_count = alloc_count; 1665 memory_map_realloc_func = heap_realloc_memory_map; 1666 } 1667 } 1668 1669 bool core_mmu_mattr_is_ok(uint32_t mattr) 1670 { 1671 /* 1672 * Keep in sync with core_mmu_lpae.c:mattr_to_desc and 1673 * core_mmu_v7.c:mattr_to_texcb 1674 */ 1675 1676 switch ((mattr >> TEE_MATTR_MEM_TYPE_SHIFT) & TEE_MATTR_MEM_TYPE_MASK) { 1677 case TEE_MATTR_MEM_TYPE_DEV: 1678 case TEE_MATTR_MEM_TYPE_STRONGLY_O: 1679 case TEE_MATTR_MEM_TYPE_CACHED: 1680 case TEE_MATTR_MEM_TYPE_TAGGED: 1681 return true; 1682 default: 1683 return false; 1684 } 1685 } 1686 1687 /* 1688 * test attributes of target physical buffer 1689 * 1690 * Flags: pbuf_is(SECURE, NOT_SECURE, RAM, IOMEM, KEYVAULT). 1691 * 1692 */ 1693 bool core_pbuf_is(uint32_t attr, paddr_t pbuf, size_t len) 1694 { 1695 struct tee_mmap_region *map; 1696 1697 /* Empty buffers complies with anything */ 1698 if (len == 0) 1699 return true; 1700 1701 switch (attr) { 1702 case CORE_MEM_SEC: 1703 return pbuf_is_inside(secure_only, pbuf, len); 1704 case CORE_MEM_NON_SEC: 1705 return pbuf_is_inside(nsec_shared, pbuf, len) || 1706 pbuf_is_nsec_ddr(pbuf, len); 1707 case CORE_MEM_TEE_RAM: 1708 return core_is_buffer_inside(pbuf, len, TEE_RAM_START, 1709 TEE_RAM_PH_SIZE); 1710 #ifdef CFG_CORE_RESERVED_SHM 1711 case CORE_MEM_NSEC_SHM: 1712 return core_is_buffer_inside(pbuf, len, TEE_SHMEM_START, 1713 TEE_SHMEM_SIZE); 1714 #endif 1715 case CORE_MEM_SDP_MEM: 1716 return pbuf_is_sdp_mem(pbuf, len); 1717 case CORE_MEM_CACHED: 1718 map = find_map_by_pa(pbuf); 1719 if (!map || !pbuf_inside_map_area(pbuf, len, map)) 1720 return false; 1721 return mattr_is_cached(map->attr); 1722 default: 1723 return false; 1724 } 1725 } 1726 1727 /* test attributes of target virtual buffer (in core mapping) */ 1728 bool core_vbuf_is(uint32_t attr, const void *vbuf, size_t len) 1729 { 1730 paddr_t p; 1731 1732 /* Empty buffers complies with anything */ 1733 if (len == 0) 1734 return true; 1735 1736 p = virt_to_phys((void *)vbuf); 1737 if (!p) 1738 return false; 1739 1740 return core_pbuf_is(attr, p, len); 1741 } 1742 1743 /* core_va2pa - teecore exported service */ 1744 static int __maybe_unused core_va2pa_helper(void *va, paddr_t *pa) 1745 { 1746 struct tee_mmap_region *map; 1747 1748 map = find_map_by_va(va); 1749 if (!va_is_in_map(map, (vaddr_t)va)) 1750 return -1; 1751 1752 /* 1753 * We can calculate PA for static map. Virtual address ranges 1754 * reserved to core dynamic mapping return a 'match' (return 0;) 1755 * together with an invalid null physical address. 1756 */ 1757 if (map->pa) 1758 *pa = map->pa + (vaddr_t)va - map->va; 1759 else 1760 *pa = 0; 1761 1762 return 0; 1763 } 1764 1765 static void *map_pa2va(struct tee_mmap_region *map, paddr_t pa, size_t len) 1766 { 1767 if (!pa_is_in_map(map, pa, len)) 1768 return NULL; 1769 1770 return (void *)(vaddr_t)(map->va + pa - map->pa); 1771 } 1772 1773 /* 1774 * teecore gets some memory area definitions 1775 */ 1776 void core_mmu_get_mem_by_type(enum teecore_memtypes type, vaddr_t *s, 1777 vaddr_t *e) 1778 { 1779 struct tee_mmap_region *map = find_map_by_type(type); 1780 1781 if (map) { 1782 *s = map->va; 1783 *e = map->va + map->size; 1784 } else { 1785 *s = 0; 1786 *e = 0; 1787 } 1788 } 1789 1790 enum teecore_memtypes core_mmu_get_type_by_pa(paddr_t pa) 1791 { 1792 struct tee_mmap_region *map = find_map_by_pa(pa); 1793 1794 if (!map) 1795 return MEM_AREA_MAXTYPE; 1796 return map->type; 1797 } 1798 1799 void core_mmu_set_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1800 paddr_t pa, uint32_t attr) 1801 { 1802 assert(idx < tbl_info->num_entries); 1803 core_mmu_set_entry_primitive(tbl_info->table, tbl_info->level, 1804 idx, pa, attr); 1805 } 1806 1807 void core_mmu_get_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1808 paddr_t *pa, uint32_t *attr) 1809 { 1810 assert(idx < tbl_info->num_entries); 1811 core_mmu_get_entry_primitive(tbl_info->table, tbl_info->level, 1812 idx, pa, attr); 1813 } 1814 1815 static void clear_region(struct core_mmu_table_info *tbl_info, 1816 struct tee_mmap_region *region) 1817 { 1818 unsigned int end = 0; 1819 unsigned int idx = 0; 1820 1821 /* va, len and pa should be block aligned */ 1822 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1823 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1824 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1825 1826 idx = core_mmu_va2idx(tbl_info, region->va); 1827 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1828 1829 while (idx < end) { 1830 core_mmu_set_entry(tbl_info, idx, 0, 0); 1831 idx++; 1832 } 1833 } 1834 1835 static void set_region(struct core_mmu_table_info *tbl_info, 1836 struct tee_mmap_region *region) 1837 { 1838 unsigned int end; 1839 unsigned int idx; 1840 paddr_t pa; 1841 1842 /* va, len and pa should be block aligned */ 1843 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1844 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1845 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1846 1847 idx = core_mmu_va2idx(tbl_info, region->va); 1848 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1849 pa = region->pa; 1850 1851 while (idx < end) { 1852 core_mmu_set_entry(tbl_info, idx, pa, region->attr); 1853 idx++; 1854 pa += BIT64(tbl_info->shift); 1855 } 1856 } 1857 1858 static void set_pg_region(struct core_mmu_table_info *dir_info, 1859 struct vm_region *region, struct pgt **pgt, 1860 struct core_mmu_table_info *pg_info) 1861 { 1862 struct tee_mmap_region r = { 1863 .va = region->va, 1864 .size = region->size, 1865 .attr = region->attr, 1866 }; 1867 vaddr_t end = r.va + r.size; 1868 uint32_t pgt_attr = (r.attr & TEE_MATTR_SECURE) | TEE_MATTR_TABLE; 1869 1870 while (r.va < end) { 1871 if (!pg_info->table || 1872 r.va >= (pg_info->va_base + CORE_MMU_PGDIR_SIZE)) { 1873 /* 1874 * We're assigning a new translation table. 1875 */ 1876 unsigned int idx; 1877 1878 /* Virtual addresses must grow */ 1879 assert(r.va > pg_info->va_base); 1880 1881 idx = core_mmu_va2idx(dir_info, r.va); 1882 pg_info->va_base = core_mmu_idx2va(dir_info, idx); 1883 1884 /* 1885 * Advance pgt to va_base, note that we may need to 1886 * skip multiple page tables if there are large 1887 * holes in the vm map. 1888 */ 1889 while ((*pgt)->vabase < pg_info->va_base) { 1890 *pgt = SLIST_NEXT(*pgt, link); 1891 /* We should have allocated enough */ 1892 assert(*pgt); 1893 } 1894 assert((*pgt)->vabase == pg_info->va_base); 1895 pg_info->table = (*pgt)->tbl; 1896 1897 core_mmu_set_entry(dir_info, idx, 1898 virt_to_phys(pg_info->table), 1899 pgt_attr); 1900 } 1901 1902 r.size = MIN(CORE_MMU_PGDIR_SIZE - (r.va - pg_info->va_base), 1903 end - r.va); 1904 1905 if (!(*pgt)->populated && !mobj_is_paged(region->mobj)) { 1906 size_t granule = BIT(pg_info->shift); 1907 size_t offset = r.va - region->va + region->offset; 1908 1909 r.size = MIN(r.size, 1910 mobj_get_phys_granule(region->mobj)); 1911 r.size = ROUNDUP(r.size, SMALL_PAGE_SIZE); 1912 1913 if (mobj_get_pa(region->mobj, offset, granule, 1914 &r.pa) != TEE_SUCCESS) 1915 panic("Failed to get PA of unpaged mobj"); 1916 set_region(pg_info, &r); 1917 } 1918 r.va += r.size; 1919 } 1920 } 1921 1922 static bool can_map_at_level(paddr_t paddr, vaddr_t vaddr, 1923 size_t size_left, paddr_t block_size, 1924 struct tee_mmap_region *mm) 1925 { 1926 /* VA and PA are aligned to block size at current level */ 1927 if ((vaddr | paddr) & (block_size - 1)) 1928 return false; 1929 1930 /* Remainder fits into block at current level */ 1931 if (size_left < block_size) 1932 return false; 1933 1934 /* 1935 * The required block size of the region is compatible with the 1936 * block size of the current level. 1937 */ 1938 if (mm->region_size < block_size) 1939 return false; 1940 1941 #ifdef CFG_WITH_PAGER 1942 /* 1943 * If pager is enabled, we need to map TEE RAM and the whole pager 1944 * regions with small pages only 1945 */ 1946 if ((map_is_tee_ram(mm) || mm->type == MEM_AREA_PAGER_VASPACE) && 1947 block_size != SMALL_PAGE_SIZE) 1948 return false; 1949 #endif 1950 1951 return true; 1952 } 1953 1954 void core_mmu_map_region(struct mmu_partition *prtn, struct tee_mmap_region *mm) 1955 { 1956 struct core_mmu_table_info tbl_info; 1957 unsigned int idx; 1958 vaddr_t vaddr = mm->va; 1959 paddr_t paddr = mm->pa; 1960 ssize_t size_left = mm->size; 1961 unsigned int level; 1962 bool table_found; 1963 uint32_t old_attr; 1964 1965 assert(!((vaddr | paddr) & SMALL_PAGE_MASK)); 1966 1967 while (size_left > 0) { 1968 level = CORE_MMU_BASE_TABLE_LEVEL; 1969 1970 while (true) { 1971 paddr_t block_size = 0; 1972 1973 assert(core_mmu_level_in_range(level)); 1974 1975 table_found = core_mmu_find_table(prtn, vaddr, level, 1976 &tbl_info); 1977 if (!table_found) 1978 panic("can't find table for mapping"); 1979 1980 block_size = BIT64(tbl_info.shift); 1981 1982 idx = core_mmu_va2idx(&tbl_info, vaddr); 1983 if (!can_map_at_level(paddr, vaddr, size_left, 1984 block_size, mm)) { 1985 bool secure = mm->attr & TEE_MATTR_SECURE; 1986 1987 /* 1988 * This part of the region can't be mapped at 1989 * this level. Need to go deeper. 1990 */ 1991 if (!core_mmu_entry_to_finer_grained(&tbl_info, 1992 idx, 1993 secure)) 1994 panic("Can't divide MMU entry"); 1995 level = tbl_info.next_level; 1996 continue; 1997 } 1998 1999 /* We can map part of the region at current level */ 2000 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 2001 if (old_attr) 2002 panic("Page is already mapped"); 2003 2004 core_mmu_set_entry(&tbl_info, idx, paddr, mm->attr); 2005 paddr += block_size; 2006 vaddr += block_size; 2007 size_left -= block_size; 2008 2009 break; 2010 } 2011 } 2012 } 2013 2014 TEE_Result core_mmu_map_pages(vaddr_t vstart, paddr_t *pages, size_t num_pages, 2015 enum teecore_memtypes memtype) 2016 { 2017 TEE_Result ret; 2018 struct core_mmu_table_info tbl_info; 2019 struct tee_mmap_region *mm; 2020 unsigned int idx; 2021 uint32_t old_attr; 2022 uint32_t exceptions; 2023 vaddr_t vaddr = vstart; 2024 size_t i; 2025 bool secure; 2026 2027 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 2028 2029 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 2030 2031 if (vaddr & SMALL_PAGE_MASK) 2032 return TEE_ERROR_BAD_PARAMETERS; 2033 2034 exceptions = mmu_lock(); 2035 2036 mm = find_map_by_va((void *)vaddr); 2037 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 2038 panic("VA does not belong to any known mm region"); 2039 2040 if (!core_mmu_is_dynamic_vaspace(mm)) 2041 panic("Trying to map into static region"); 2042 2043 for (i = 0; i < num_pages; i++) { 2044 if (pages[i] & SMALL_PAGE_MASK) { 2045 ret = TEE_ERROR_BAD_PARAMETERS; 2046 goto err; 2047 } 2048 2049 while (true) { 2050 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 2051 &tbl_info)) 2052 panic("Can't find pagetable for vaddr "); 2053 2054 idx = core_mmu_va2idx(&tbl_info, vaddr); 2055 if (tbl_info.shift == SMALL_PAGE_SHIFT) 2056 break; 2057 2058 /* This is supertable. Need to divide it. */ 2059 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 2060 secure)) 2061 panic("Failed to spread pgdir on small tables"); 2062 } 2063 2064 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 2065 if (old_attr) 2066 panic("Page is already mapped"); 2067 2068 core_mmu_set_entry(&tbl_info, idx, pages[i], 2069 core_mmu_type_to_attr(memtype)); 2070 vaddr += SMALL_PAGE_SIZE; 2071 } 2072 2073 /* 2074 * Make sure all the changes to translation tables are visible 2075 * before returning. TLB doesn't need to be invalidated as we are 2076 * guaranteed that there's no valid mapping in this range. 2077 */ 2078 core_mmu_table_write_barrier(); 2079 mmu_unlock(exceptions); 2080 2081 return TEE_SUCCESS; 2082 err: 2083 mmu_unlock(exceptions); 2084 2085 if (i) 2086 core_mmu_unmap_pages(vstart, i); 2087 2088 return ret; 2089 } 2090 2091 TEE_Result core_mmu_map_contiguous_pages(vaddr_t vstart, paddr_t pstart, 2092 size_t num_pages, 2093 enum teecore_memtypes memtype) 2094 { 2095 struct core_mmu_table_info tbl_info = { }; 2096 struct tee_mmap_region *mm = NULL; 2097 unsigned int idx = 0; 2098 uint32_t old_attr = 0; 2099 uint32_t exceptions = 0; 2100 vaddr_t vaddr = vstart; 2101 paddr_t paddr = pstart; 2102 size_t i = 0; 2103 bool secure = false; 2104 2105 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 2106 2107 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 2108 2109 if ((vaddr | paddr) & SMALL_PAGE_MASK) 2110 return TEE_ERROR_BAD_PARAMETERS; 2111 2112 exceptions = mmu_lock(); 2113 2114 mm = find_map_by_va((void *)vaddr); 2115 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 2116 panic("VA does not belong to any known mm region"); 2117 2118 if (!core_mmu_is_dynamic_vaspace(mm)) 2119 panic("Trying to map into static region"); 2120 2121 for (i = 0; i < num_pages; i++) { 2122 while (true) { 2123 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 2124 &tbl_info)) 2125 panic("Can't find pagetable for vaddr "); 2126 2127 idx = core_mmu_va2idx(&tbl_info, vaddr); 2128 if (tbl_info.shift == SMALL_PAGE_SHIFT) 2129 break; 2130 2131 /* This is supertable. Need to divide it. */ 2132 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 2133 secure)) 2134 panic("Failed to spread pgdir on small tables"); 2135 } 2136 2137 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 2138 if (old_attr) 2139 panic("Page is already mapped"); 2140 2141 core_mmu_set_entry(&tbl_info, idx, paddr, 2142 core_mmu_type_to_attr(memtype)); 2143 paddr += SMALL_PAGE_SIZE; 2144 vaddr += SMALL_PAGE_SIZE; 2145 } 2146 2147 /* 2148 * Make sure all the changes to translation tables are visible 2149 * before returning. TLB doesn't need to be invalidated as we are 2150 * guaranteed that there's no valid mapping in this range. 2151 */ 2152 core_mmu_table_write_barrier(); 2153 mmu_unlock(exceptions); 2154 2155 return TEE_SUCCESS; 2156 } 2157 2158 static bool mem_range_is_in_vcore_free(vaddr_t vstart, size_t num_pages) 2159 { 2160 return core_is_buffer_inside(vstart, num_pages * SMALL_PAGE_SIZE, 2161 VCORE_FREE_PA, VCORE_FREE_SZ); 2162 } 2163 2164 static void maybe_remove_from_mem_map(vaddr_t vstart, size_t num_pages) 2165 { 2166 struct memory_map *mem_map = NULL; 2167 struct tee_mmap_region *mm = NULL; 2168 size_t idx = 0; 2169 vaddr_t va = 0; 2170 2171 mm = find_map_by_va((void *)vstart); 2172 if (!mm || !va_is_in_map(mm, vstart + num_pages * SMALL_PAGE_SIZE - 1)) 2173 panic("VA does not belong to any known mm region"); 2174 2175 if (core_mmu_is_dynamic_vaspace(mm)) 2176 return; 2177 2178 if (!mem_range_is_in_vcore_free(vstart, num_pages)) 2179 panic("Trying to unmap static region"); 2180 2181 /* 2182 * We're going to remove a memory from the VCORE_FREE memory range. 2183 * Depending where the range is we may need to remove the matching 2184 * mm, peal of a bit from the start or end of the mm, or split it 2185 * into two with a whole in the middle. 2186 */ 2187 2188 va = ROUNDDOWN(vstart, SMALL_PAGE_SIZE); 2189 assert(mm->region_size == SMALL_PAGE_SIZE); 2190 2191 if (va == mm->va && mm->size == num_pages * SMALL_PAGE_SIZE) { 2192 mem_map = get_memory_map(); 2193 idx = mm - mem_map->map; 2194 assert(idx < mem_map->count); 2195 2196 rem_array_elem(mem_map->map, mem_map->count, 2197 sizeof(*mem_map->map), idx); 2198 mem_map->count--; 2199 } else if (va == mm->va) { 2200 mm->va += num_pages * SMALL_PAGE_SIZE; 2201 mm->pa += num_pages * SMALL_PAGE_SIZE; 2202 mm->size -= num_pages * SMALL_PAGE_SIZE; 2203 } else if (va + num_pages * SMALL_PAGE_SIZE == mm->va + mm->size) { 2204 mm->size -= num_pages * SMALL_PAGE_SIZE; 2205 } else { 2206 struct tee_mmap_region m = *mm; 2207 2208 mem_map = get_memory_map(); 2209 idx = mm - mem_map->map; 2210 assert(idx < mem_map->count); 2211 2212 mm->size = va - mm->va; 2213 m.va += mm->size + num_pages * SMALL_PAGE_SIZE; 2214 m.pa += mm->size + num_pages * SMALL_PAGE_SIZE; 2215 m.size -= mm->size + num_pages * SMALL_PAGE_SIZE; 2216 grow_mem_map(mem_map); 2217 ins_array_elem(mem_map->map, mem_map->count, 2218 sizeof(*mem_map->map), idx + 1, &m); 2219 } 2220 } 2221 2222 void core_mmu_unmap_pages(vaddr_t vstart, size_t num_pages) 2223 { 2224 struct core_mmu_table_info tbl_info; 2225 size_t i; 2226 unsigned int idx; 2227 uint32_t exceptions; 2228 2229 exceptions = mmu_lock(); 2230 2231 maybe_remove_from_mem_map(vstart, num_pages); 2232 2233 for (i = 0; i < num_pages; i++, vstart += SMALL_PAGE_SIZE) { 2234 if (!core_mmu_find_table(NULL, vstart, UINT_MAX, &tbl_info)) 2235 panic("Can't find pagetable"); 2236 2237 if (tbl_info.shift != SMALL_PAGE_SHIFT) 2238 panic("Invalid pagetable level"); 2239 2240 idx = core_mmu_va2idx(&tbl_info, vstart); 2241 core_mmu_set_entry(&tbl_info, idx, 0, 0); 2242 } 2243 tlbi_all(); 2244 2245 mmu_unlock(exceptions); 2246 } 2247 2248 void core_mmu_populate_user_map(struct core_mmu_table_info *dir_info, 2249 struct user_mode_ctx *uctx) 2250 { 2251 struct core_mmu_table_info pg_info = { }; 2252 struct pgt_cache *pgt_cache = &uctx->pgt_cache; 2253 struct pgt *pgt = NULL; 2254 struct pgt *p = NULL; 2255 struct vm_region *r = NULL; 2256 2257 if (TAILQ_EMPTY(&uctx->vm_info.regions)) 2258 return; /* Nothing to map */ 2259 2260 /* 2261 * Allocate all page tables in advance. 2262 */ 2263 pgt_get_all(uctx); 2264 pgt = SLIST_FIRST(pgt_cache); 2265 2266 core_mmu_set_info_table(&pg_info, dir_info->next_level, 0, NULL); 2267 2268 TAILQ_FOREACH(r, &uctx->vm_info.regions, link) 2269 set_pg_region(dir_info, r, &pgt, &pg_info); 2270 /* Record that the translation tables now are populated. */ 2271 SLIST_FOREACH(p, pgt_cache, link) { 2272 p->populated = true; 2273 if (p == pgt) 2274 break; 2275 } 2276 assert(p == pgt); 2277 } 2278 2279 TEE_Result core_mmu_remove_mapping(enum teecore_memtypes type, void *addr, 2280 size_t len) 2281 { 2282 struct core_mmu_table_info tbl_info = { }; 2283 struct tee_mmap_region *res_map = NULL; 2284 struct tee_mmap_region *map = NULL; 2285 paddr_t pa = virt_to_phys(addr); 2286 size_t granule = 0; 2287 ptrdiff_t i = 0; 2288 paddr_t p = 0; 2289 size_t l = 0; 2290 2291 map = find_map_by_type_and_pa(type, pa, len); 2292 if (!map) 2293 return TEE_ERROR_GENERIC; 2294 2295 res_map = find_map_by_type(MEM_AREA_RES_VASPACE); 2296 if (!res_map) 2297 return TEE_ERROR_GENERIC; 2298 if (!core_mmu_find_table(NULL, res_map->va, UINT_MAX, &tbl_info)) 2299 return TEE_ERROR_GENERIC; 2300 granule = BIT(tbl_info.shift); 2301 2302 if (map < static_memory_map.map || 2303 map >= static_memory_map.map + static_memory_map.count) 2304 return TEE_ERROR_GENERIC; 2305 i = map - static_memory_map.map; 2306 2307 /* Check that we have a full match */ 2308 p = ROUNDDOWN2(pa, granule); 2309 l = ROUNDUP2(len + pa - p, granule); 2310 if (map->pa != p || map->size != l) 2311 return TEE_ERROR_GENERIC; 2312 2313 clear_region(&tbl_info, map); 2314 tlbi_all(); 2315 2316 /* If possible remove the va range from res_map */ 2317 if (res_map->va - map->size == map->va) { 2318 res_map->va -= map->size; 2319 res_map->size += map->size; 2320 } 2321 2322 /* Remove the entry. */ 2323 rem_array_elem(static_memory_map.map, static_memory_map.count, 2324 sizeof(*static_memory_map.map), i); 2325 static_memory_map.count--; 2326 2327 return TEE_SUCCESS; 2328 } 2329 2330 struct tee_mmap_region * 2331 core_mmu_find_mapping_exclusive(enum teecore_memtypes type, size_t len) 2332 { 2333 struct memory_map *mem_map = get_memory_map(); 2334 struct tee_mmap_region *map_found = NULL; 2335 size_t n = 0; 2336 2337 if (!len) 2338 return NULL; 2339 2340 for (n = 0; n < mem_map->count; n++) { 2341 if (mem_map->map[n].type != type) 2342 continue; 2343 2344 if (map_found) 2345 return NULL; 2346 2347 map_found = mem_map->map + n; 2348 } 2349 2350 if (!map_found || map_found->size < len) 2351 return NULL; 2352 2353 return map_found; 2354 } 2355 2356 void *core_mmu_add_mapping(enum teecore_memtypes type, paddr_t addr, size_t len) 2357 { 2358 struct memory_map *mem_map = &static_memory_map; 2359 struct core_mmu_table_info tbl_info = { }; 2360 struct tee_mmap_region *map = NULL; 2361 size_t granule = 0; 2362 paddr_t p = 0; 2363 size_t l = 0; 2364 2365 if (!len) 2366 return NULL; 2367 2368 if (!core_mmu_check_end_pa(addr, len)) 2369 return NULL; 2370 2371 /* Check if the memory is already mapped */ 2372 map = find_map_by_type_and_pa(type, addr, len); 2373 if (map && pbuf_inside_map_area(addr, len, map)) 2374 return (void *)(vaddr_t)(map->va + addr - map->pa); 2375 2376 /* Find the reserved va space used for late mappings */ 2377 map = find_map_by_type(MEM_AREA_RES_VASPACE); 2378 if (!map) 2379 return NULL; 2380 2381 if (!core_mmu_find_table(NULL, map->va, UINT_MAX, &tbl_info)) 2382 return NULL; 2383 2384 granule = BIT64(tbl_info.shift); 2385 p = ROUNDDOWN2(addr, granule); 2386 l = ROUNDUP2(len + addr - p, granule); 2387 2388 /* Ban overflowing virtual addresses */ 2389 if (map->size < l) 2390 return NULL; 2391 2392 /* 2393 * Something is wrong, we can't fit the va range into the selected 2394 * table. The reserved va range is possibly missaligned with 2395 * granule. 2396 */ 2397 if (core_mmu_va2idx(&tbl_info, map->va + len) >= tbl_info.num_entries) 2398 return NULL; 2399 2400 if (static_memory_map.count >= static_memory_map.alloc_count) 2401 return NULL; 2402 2403 mem_map->map[mem_map->count] = (struct tee_mmap_region){ 2404 .va = map->va, 2405 .size = l, 2406 .type = type, 2407 .region_size = granule, 2408 .attr = core_mmu_type_to_attr(type), 2409 .pa = p, 2410 }; 2411 map->va += l; 2412 map->size -= l; 2413 map = mem_map->map + mem_map->count; 2414 mem_map->count++; 2415 2416 set_region(&tbl_info, map); 2417 2418 /* Make sure the new entry is visible before continuing. */ 2419 core_mmu_table_write_barrier(); 2420 2421 return (void *)(vaddr_t)(map->va + addr - map->pa); 2422 } 2423 2424 #ifdef CFG_WITH_PAGER 2425 static vaddr_t get_linear_map_end_va(void) 2426 { 2427 /* this is synced with the generic linker file kern.ld.S */ 2428 return (vaddr_t)__heap2_end; 2429 } 2430 2431 static paddr_t get_linear_map_end_pa(void) 2432 { 2433 return get_linear_map_end_va() - boot_mmu_config.map_offset; 2434 } 2435 #endif 2436 2437 #if defined(CFG_TEE_CORE_DEBUG) 2438 static void check_pa_matches_va(void *va, paddr_t pa) 2439 { 2440 TEE_Result res = TEE_ERROR_GENERIC; 2441 vaddr_t v = (vaddr_t)va; 2442 paddr_t p = 0; 2443 struct core_mmu_table_info ti __maybe_unused = { }; 2444 2445 if (core_mmu_user_va_range_is_defined()) { 2446 vaddr_t user_va_base = 0; 2447 size_t user_va_size = 0; 2448 2449 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 2450 if (v >= user_va_base && 2451 v <= (user_va_base - 1 + user_va_size)) { 2452 if (!core_mmu_user_mapping_is_active()) { 2453 if (pa) 2454 panic("issue in linear address space"); 2455 return; 2456 } 2457 2458 res = vm_va2pa(to_user_mode_ctx(thread_get_tsd()->ctx), 2459 va, &p); 2460 if (res == TEE_ERROR_NOT_SUPPORTED) 2461 return; 2462 if (res == TEE_SUCCESS && pa != p) 2463 panic("bad pa"); 2464 if (res != TEE_SUCCESS && pa) 2465 panic("false pa"); 2466 return; 2467 } 2468 } 2469 #ifdef CFG_WITH_PAGER 2470 if (is_unpaged(va)) { 2471 if (v - boot_mmu_config.map_offset != pa) 2472 panic("issue in linear address space"); 2473 return; 2474 } 2475 2476 if (tee_pager_get_table_info(v, &ti)) { 2477 uint32_t a; 2478 2479 /* 2480 * Lookups in the page table managed by the pager is 2481 * dangerous for addresses in the paged area as those pages 2482 * changes all the time. But some ranges are safe, 2483 * rw-locked areas when the page is populated for instance. 2484 */ 2485 core_mmu_get_entry(&ti, core_mmu_va2idx(&ti, v), &p, &a); 2486 if (a & TEE_MATTR_VALID_BLOCK) { 2487 paddr_t mask = BIT64(ti.shift) - 1; 2488 2489 p |= v & mask; 2490 if (pa != p) 2491 panic(); 2492 } else { 2493 if (pa) 2494 panic(); 2495 } 2496 return; 2497 } 2498 #endif 2499 2500 if (!core_va2pa_helper(va, &p)) { 2501 /* Verfiy only the static mapping (case non null phys addr) */ 2502 if (p && pa != p) { 2503 DMSG("va %p maps 0x%" PRIxPA ", expect 0x%" PRIxPA, 2504 va, p, pa); 2505 panic(); 2506 } 2507 } else { 2508 if (pa) { 2509 DMSG("va %p unmapped, expect 0x%" PRIxPA, va, pa); 2510 panic(); 2511 } 2512 } 2513 } 2514 #else 2515 static void check_pa_matches_va(void *va __unused, paddr_t pa __unused) 2516 { 2517 } 2518 #endif 2519 2520 paddr_t virt_to_phys(void *va) 2521 { 2522 paddr_t pa = 0; 2523 2524 if (!arch_va2pa_helper(va, &pa)) 2525 pa = 0; 2526 check_pa_matches_va(memtag_strip_tag(va), pa); 2527 return pa; 2528 } 2529 2530 /* 2531 * Don't use check_va_matches_pa() for RISC-V, as its callee 2532 * arch_va2pa_helper() will call it eventually, this creates 2533 * indirect recursion and can lead to a stack overflow. 2534 * Moreover, if arch_va2pa_helper() returns true, it implies 2535 * the va2pa mapping is matched, no need to check it again. 2536 */ 2537 #if defined(CFG_TEE_CORE_DEBUG) && !defined(__riscv) 2538 static void check_va_matches_pa(paddr_t pa, void *va) 2539 { 2540 paddr_t p = 0; 2541 2542 if (!va) 2543 return; 2544 2545 p = virt_to_phys(va); 2546 if (p != pa) { 2547 DMSG("va %p maps 0x%" PRIxPA " expect 0x%" PRIxPA, va, p, pa); 2548 panic(); 2549 } 2550 } 2551 #else 2552 static void check_va_matches_pa(paddr_t pa __unused, void *va __unused) 2553 { 2554 } 2555 #endif 2556 2557 static void *phys_to_virt_ts_vaspace(paddr_t pa, size_t len) 2558 { 2559 if (!core_mmu_user_mapping_is_active()) 2560 return NULL; 2561 2562 return vm_pa2va(to_user_mode_ctx(thread_get_tsd()->ctx), pa, len); 2563 } 2564 2565 #ifdef CFG_WITH_PAGER 2566 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2567 { 2568 paddr_t end_pa = 0; 2569 2570 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 2571 return NULL; 2572 2573 if (pa >= TEE_LOAD_ADDR && pa < get_linear_map_end_pa()) { 2574 if (end_pa > get_linear_map_end_pa()) 2575 return NULL; 2576 return (void *)(vaddr_t)(pa + boot_mmu_config.map_offset); 2577 } 2578 2579 return tee_pager_phys_to_virt(pa, len); 2580 } 2581 #else 2582 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2583 { 2584 struct tee_mmap_region *mmap = NULL; 2585 2586 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM, pa, len); 2587 if (!mmap) 2588 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RW, pa, len); 2589 if (!mmap) 2590 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RO, pa, len); 2591 if (!mmap) 2592 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RW, pa, len); 2593 if (!mmap) 2594 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RO, pa, len); 2595 if (!mmap) 2596 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RX, pa, len); 2597 /* 2598 * Note that MEM_AREA_INIT_RAM_RO and MEM_AREA_INIT_RAM_RX are only 2599 * used with pager and not needed here. 2600 */ 2601 return map_pa2va(mmap, pa, len); 2602 } 2603 #endif 2604 2605 void *phys_to_virt(paddr_t pa, enum teecore_memtypes m, size_t len) 2606 { 2607 void *va = NULL; 2608 2609 switch (m) { 2610 case MEM_AREA_TS_VASPACE: 2611 va = phys_to_virt_ts_vaspace(pa, len); 2612 break; 2613 case MEM_AREA_TEE_RAM: 2614 case MEM_AREA_TEE_RAM_RX: 2615 case MEM_AREA_TEE_RAM_RO: 2616 case MEM_AREA_TEE_RAM_RW: 2617 case MEM_AREA_NEX_RAM_RO: 2618 case MEM_AREA_NEX_RAM_RW: 2619 va = phys_to_virt_tee_ram(pa, len); 2620 break; 2621 case MEM_AREA_SHM_VASPACE: 2622 /* Find VA from PA in dynamic SHM is not yet supported */ 2623 va = NULL; 2624 break; 2625 default: 2626 va = map_pa2va(find_map_by_type_and_pa(m, pa, len), pa, len); 2627 } 2628 if (m != MEM_AREA_SEC_RAM_OVERALL) 2629 check_va_matches_pa(pa, va); 2630 return va; 2631 } 2632 2633 void *phys_to_virt_io(paddr_t pa, size_t len) 2634 { 2635 struct tee_mmap_region *map = NULL; 2636 void *va = NULL; 2637 2638 map = find_map_by_type_and_pa(MEM_AREA_IO_SEC, pa, len); 2639 if (!map) 2640 map = find_map_by_type_and_pa(MEM_AREA_IO_NSEC, pa, len); 2641 if (!map) 2642 return NULL; 2643 va = map_pa2va(map, pa, len); 2644 check_va_matches_pa(pa, va); 2645 return va; 2646 } 2647 2648 vaddr_t core_mmu_get_va(paddr_t pa, enum teecore_memtypes type, size_t len) 2649 { 2650 if (cpu_mmu_enabled()) 2651 return (vaddr_t)phys_to_virt(pa, type, len); 2652 2653 return (vaddr_t)pa; 2654 } 2655 2656 #ifdef CFG_WITH_PAGER 2657 bool is_unpaged(const void *va) 2658 { 2659 vaddr_t v = (vaddr_t)va; 2660 2661 return v >= VCORE_START_VA && v < get_linear_map_end_va(); 2662 } 2663 #endif 2664 2665 #ifdef CFG_NS_VIRTUALIZATION 2666 bool is_nexus(const void *va) 2667 { 2668 vaddr_t v = (vaddr_t)va; 2669 2670 return v >= VCORE_START_VA && v < VCORE_NEX_RW_PA + VCORE_NEX_RW_SZ; 2671 } 2672 #endif 2673 2674 vaddr_t io_pa_or_va(struct io_pa_va *p, size_t len) 2675 { 2676 assert(p->pa); 2677 if (cpu_mmu_enabled()) { 2678 if (!p->va) 2679 p->va = (vaddr_t)phys_to_virt_io(p->pa, len); 2680 assert(p->va); 2681 return p->va; 2682 } 2683 return p->pa; 2684 } 2685 2686 vaddr_t io_pa_or_va_secure(struct io_pa_va *p, size_t len) 2687 { 2688 assert(p->pa); 2689 if (cpu_mmu_enabled()) { 2690 if (!p->va) 2691 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_SEC, 2692 len); 2693 assert(p->va); 2694 return p->va; 2695 } 2696 return p->pa; 2697 } 2698 2699 vaddr_t io_pa_or_va_nsec(struct io_pa_va *p, size_t len) 2700 { 2701 assert(p->pa); 2702 if (cpu_mmu_enabled()) { 2703 if (!p->va) 2704 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_NSEC, 2705 len); 2706 assert(p->va); 2707 return p->va; 2708 } 2709 return p->pa; 2710 } 2711 2712 #ifdef CFG_CORE_RESERVED_SHM 2713 static TEE_Result teecore_init_pub_ram(void) 2714 { 2715 vaddr_t s = 0; 2716 vaddr_t e = 0; 2717 2718 /* get virtual addr/size of NSec shared mem allocated from teecore */ 2719 core_mmu_get_mem_by_type(MEM_AREA_NSEC_SHM, &s, &e); 2720 2721 if (s >= e || s & SMALL_PAGE_MASK || e & SMALL_PAGE_MASK) 2722 panic("invalid PUB RAM"); 2723 2724 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2725 if (!tee_vbuf_is_non_sec(s, e - s)) 2726 panic("PUB RAM is not non-secure"); 2727 2728 #ifdef CFG_PL310 2729 /* Allocate statically the l2cc mutex */ 2730 tee_l2cc_store_mutex_boot_pa(virt_to_phys((void *)s)); 2731 s += sizeof(uint32_t); /* size of a pl310 mutex */ 2732 s = ROUNDUP(s, SMALL_PAGE_SIZE); /* keep required alignment */ 2733 #endif 2734 2735 default_nsec_shm_paddr = virt_to_phys((void *)s); 2736 default_nsec_shm_size = e - s; 2737 2738 return TEE_SUCCESS; 2739 } 2740 early_init(teecore_init_pub_ram); 2741 #endif /*CFG_CORE_RESERVED_SHM*/ 2742 2743 static void __maybe_unused carve_out_core_mem(paddr_t pa, paddr_t end_pa) 2744 { 2745 tee_mm_entry_t *mm __maybe_unused = NULL; 2746 2747 DMSG("%#"PRIxPA" .. %#"PRIxPA, pa, end_pa); 2748 mm = phys_mem_alloc2(pa, end_pa - pa); 2749 assert(mm); 2750 } 2751 2752 void core_mmu_init_phys_mem(void) 2753 { 2754 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 2755 paddr_t b1 = 0; 2756 paddr_size_t s1 = 0; 2757 2758 static_assert(ARRAY_SIZE(secure_only) <= 2); 2759 2760 if (ARRAY_SIZE(secure_only) == 2) { 2761 b1 = secure_only[1].paddr; 2762 s1 = secure_only[1].size; 2763 } 2764 virt_init_memory(&static_memory_map, secure_only[0].paddr, 2765 secure_only[0].size, b1, s1); 2766 } else { 2767 #ifdef CFG_WITH_PAGER 2768 /* 2769 * The pager uses all core memory so there's no need to add 2770 * it to the pool. 2771 */ 2772 static_assert(ARRAY_SIZE(secure_only) == 2); 2773 phys_mem_init(0, 0, secure_only[1].paddr, secure_only[1].size); 2774 #else /*!CFG_WITH_PAGER*/ 2775 size_t align = BIT(CORE_MMU_USER_CODE_SHIFT); 2776 paddr_t end_pa = 0; 2777 size_t size = 0; 2778 paddr_t ps = 0; 2779 paddr_t pa = 0; 2780 2781 static_assert(ARRAY_SIZE(secure_only) <= 2); 2782 if (ARRAY_SIZE(secure_only) == 2) { 2783 ps = secure_only[1].paddr; 2784 size = secure_only[1].size; 2785 } 2786 phys_mem_init(secure_only[0].paddr, secure_only[0].size, 2787 ps, size); 2788 2789 /* 2790 * The VCORE macros are relocatable so we need to translate 2791 * the addresses now that the MMU is enabled. 2792 */ 2793 end_pa = vaddr_to_phys(ROUNDUP2(VCORE_FREE_END_PA, 2794 align) - 1) + 1; 2795 /* Carve out the part used by OP-TEE core */ 2796 carve_out_core_mem(vaddr_to_phys(VCORE_UNPG_RX_PA), end_pa); 2797 if (IS_ENABLED(CFG_CORE_SANITIZE_KADDRESS)) { 2798 pa = vaddr_to_phys(ROUNDUP2(ASAN_MAP_PA, align)); 2799 carve_out_core_mem(pa, pa + ASAN_MAP_SZ); 2800 } 2801 2802 /* Carve out test SDP memory */ 2803 #ifdef TEE_SDP_TEST_MEM_BASE 2804 if (TEE_SDP_TEST_MEM_SIZE) { 2805 pa = TEE_SDP_TEST_MEM_BASE; 2806 carve_out_core_mem(pa, pa + TEE_SDP_TEST_MEM_SIZE); 2807 } 2808 #endif 2809 #endif /*!CFG_WITH_PAGER*/ 2810 } 2811 } 2812