1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2016, 2022 Linaro Limited 4 * Copyright (c) 2014, STMicroelectronics International N.V. 5 * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. 6 */ 7 8 #include <assert.h> 9 #include <config.h> 10 #include <kernel/boot.h> 11 #include <kernel/linker.h> 12 #include <kernel/panic.h> 13 #include <kernel/spinlock.h> 14 #include <kernel/tee_l2cc_mutex.h> 15 #include <kernel/tee_misc.h> 16 #include <kernel/tlb_helpers.h> 17 #include <kernel/user_mode_ctx.h> 18 #include <kernel/virtualization.h> 19 #include <mm/core_memprot.h> 20 #include <mm/core_mmu.h> 21 #include <mm/mobj.h> 22 #include <mm/pgt_cache.h> 23 #include <mm/tee_pager.h> 24 #include <mm/vm.h> 25 #include <platform_config.h> 26 #include <string.h> 27 #include <trace.h> 28 #include <util.h> 29 30 #ifndef DEBUG_XLAT_TABLE 31 #define DEBUG_XLAT_TABLE 0 32 #endif 33 34 #define SHM_VASPACE_SIZE (1024 * 1024 * 32) 35 36 /* 37 * These variables are initialized before .bss is cleared. To avoid 38 * resetting them when .bss is cleared we're storing them in .data instead, 39 * even if they initially are zero. 40 */ 41 42 #ifdef CFG_CORE_RESERVED_SHM 43 /* Default NSec shared memory allocated from NSec world */ 44 unsigned long default_nsec_shm_size __nex_bss; 45 unsigned long default_nsec_shm_paddr __nex_bss; 46 #endif 47 48 static struct tee_mmap_region static_memory_map[CFG_MMAP_REGIONS 49 #ifdef CFG_CORE_ASLR 50 + 1 51 #endif 52 + 1] __nex_bss; 53 54 /* Define the platform's memory layout. */ 55 struct memaccess_area { 56 paddr_t paddr; 57 size_t size; 58 }; 59 60 #define MEMACCESS_AREA(a, s) { .paddr = a, .size = s } 61 62 static struct memaccess_area secure_only[] __nex_data = { 63 #ifdef TRUSTED_SRAM_BASE 64 MEMACCESS_AREA(TRUSTED_SRAM_BASE, TRUSTED_SRAM_SIZE), 65 #endif 66 MEMACCESS_AREA(TRUSTED_DRAM_BASE, TRUSTED_DRAM_SIZE), 67 }; 68 69 static struct memaccess_area nsec_shared[] __nex_data = { 70 #ifdef CFG_CORE_RESERVED_SHM 71 MEMACCESS_AREA(TEE_SHMEM_START, TEE_SHMEM_SIZE), 72 #endif 73 }; 74 75 #if defined(CFG_SECURE_DATA_PATH) 76 #ifdef CFG_TEE_SDP_MEM_BASE 77 register_sdp_mem(CFG_TEE_SDP_MEM_BASE, CFG_TEE_SDP_MEM_SIZE); 78 #endif 79 #ifdef TEE_SDP_TEST_MEM_BASE 80 register_sdp_mem(TEE_SDP_TEST_MEM_BASE, TEE_SDP_TEST_MEM_SIZE); 81 #endif 82 #endif 83 84 #ifdef CFG_CORE_RWDATA_NOEXEC 85 register_phys_mem_ul(MEM_AREA_TEE_RAM_RO, TEE_RAM_START, 86 VCORE_UNPG_RX_PA - TEE_RAM_START); 87 register_phys_mem_ul(MEM_AREA_TEE_RAM_RX, VCORE_UNPG_RX_PA, 88 VCORE_UNPG_RX_SZ_UNSAFE); 89 register_phys_mem_ul(MEM_AREA_TEE_RAM_RO, VCORE_UNPG_RO_PA, 90 VCORE_UNPG_RO_SZ_UNSAFE); 91 92 #ifdef CFG_VIRTUALIZATION 93 register_phys_mem_ul(MEM_AREA_NEX_RAM_RO, VCORE_UNPG_RW_PA, 94 VCORE_UNPG_RW_SZ_UNSAFE); 95 register_phys_mem_ul(MEM_AREA_NEX_RAM_RW, VCORE_NEX_RW_PA, 96 VCORE_NEX_RW_SZ_UNSAFE); 97 #else 98 register_phys_mem_ul(MEM_AREA_TEE_RAM_RW, VCORE_UNPG_RW_PA, 99 VCORE_UNPG_RW_SZ_UNSAFE); 100 #endif 101 102 #ifdef CFG_WITH_PAGER 103 register_phys_mem_ul(MEM_AREA_INIT_RAM_RX, VCORE_INIT_RX_PA, 104 VCORE_INIT_RX_SZ_UNSAFE); 105 register_phys_mem_ul(MEM_AREA_INIT_RAM_RO, VCORE_INIT_RO_PA, 106 VCORE_INIT_RO_SZ_UNSAFE); 107 #endif /*CFG_WITH_PAGER*/ 108 #else /*!CFG_CORE_RWDATA_NOEXEC*/ 109 register_phys_mem(MEM_AREA_TEE_RAM, TEE_RAM_START, TEE_RAM_PH_SIZE); 110 #endif /*!CFG_CORE_RWDATA_NOEXEC*/ 111 112 #ifdef CFG_VIRTUALIZATION 113 register_phys_mem(MEM_AREA_SEC_RAM_OVERALL, TRUSTED_DRAM_BASE, 114 TRUSTED_DRAM_SIZE); 115 #endif 116 117 #if defined(CFG_CORE_SANITIZE_KADDRESS) && defined(CFG_WITH_PAGER) 118 /* Asan ram is part of MEM_AREA_TEE_RAM_RW when pager is disabled */ 119 register_phys_mem_ul(MEM_AREA_TEE_ASAN, ASAN_MAP_PA, ASAN_MAP_SZ); 120 #endif 121 122 #ifndef CFG_VIRTUALIZATION 123 /* Every guest will have own TA RAM if virtualization support is enabled */ 124 register_phys_mem(MEM_AREA_TA_RAM, TA_RAM_START, TA_RAM_SIZE); 125 #endif 126 #ifdef CFG_CORE_RESERVED_SHM 127 register_phys_mem(MEM_AREA_NSEC_SHM, TEE_SHMEM_START, TEE_SHMEM_SIZE); 128 #endif 129 130 static unsigned int mmu_spinlock; 131 132 static uint32_t mmu_lock(void) 133 { 134 return cpu_spin_lock_xsave(&mmu_spinlock); 135 } 136 137 static void mmu_unlock(uint32_t exceptions) 138 { 139 cpu_spin_unlock_xrestore(&mmu_spinlock, exceptions); 140 } 141 142 static struct tee_mmap_region *get_memory_map(void) 143 { 144 if (IS_ENABLED(CFG_VIRTUALIZATION)) { 145 struct tee_mmap_region *map = virt_get_memory_map(); 146 147 if (map) 148 return map; 149 } 150 151 return static_memory_map; 152 } 153 154 static bool _pbuf_intersects(struct memaccess_area *a, size_t alen, 155 paddr_t pa, size_t size) 156 { 157 size_t n; 158 159 for (n = 0; n < alen; n++) 160 if (core_is_buffer_intersect(pa, size, a[n].paddr, a[n].size)) 161 return true; 162 return false; 163 } 164 165 #define pbuf_intersects(a, pa, size) \ 166 _pbuf_intersects((a), ARRAY_SIZE(a), (pa), (size)) 167 168 static bool _pbuf_is_inside(struct memaccess_area *a, size_t alen, 169 paddr_t pa, size_t size) 170 { 171 size_t n; 172 173 for (n = 0; n < alen; n++) 174 if (core_is_buffer_inside(pa, size, a[n].paddr, a[n].size)) 175 return true; 176 return false; 177 } 178 179 #define pbuf_is_inside(a, pa, size) \ 180 _pbuf_is_inside((a), ARRAY_SIZE(a), (pa), (size)) 181 182 static bool pa_is_in_map(struct tee_mmap_region *map, paddr_t pa, size_t len) 183 { 184 paddr_t end_pa = 0; 185 186 if (!map) 187 return false; 188 189 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 190 return false; 191 192 return (pa >= map->pa && end_pa <= map->pa + map->size - 1); 193 } 194 195 static bool va_is_in_map(struct tee_mmap_region *map, vaddr_t va) 196 { 197 if (!map) 198 return false; 199 return (va >= map->va && va <= (map->va + map->size - 1)); 200 } 201 202 /* check if target buffer fits in a core default map area */ 203 static bool pbuf_inside_map_area(unsigned long p, size_t l, 204 struct tee_mmap_region *map) 205 { 206 return core_is_buffer_inside(p, l, map->pa, map->size); 207 } 208 209 static struct tee_mmap_region *find_map_by_type(enum teecore_memtypes type) 210 { 211 struct tee_mmap_region *map; 212 213 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) 214 if (map->type == type) 215 return map; 216 return NULL; 217 } 218 219 static struct tee_mmap_region * 220 find_map_by_type_and_pa(enum teecore_memtypes type, paddr_t pa, size_t len) 221 { 222 struct tee_mmap_region *map; 223 224 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 225 if (map->type != type) 226 continue; 227 if (pa_is_in_map(map, pa, len)) 228 return map; 229 } 230 return NULL; 231 } 232 233 static struct tee_mmap_region *find_map_by_va(void *va) 234 { 235 struct tee_mmap_region *map = get_memory_map(); 236 unsigned long a = (unsigned long)va; 237 238 while (!core_mmap_is_end_of_table(map)) { 239 if (a >= map->va && a <= (map->va - 1 + map->size)) 240 return map; 241 map++; 242 } 243 return NULL; 244 } 245 246 static struct tee_mmap_region *find_map_by_pa(unsigned long pa) 247 { 248 struct tee_mmap_region *map = get_memory_map(); 249 250 while (!core_mmap_is_end_of_table(map)) { 251 if (pa >= map->pa && pa <= (map->pa + map->size - 1)) 252 return map; 253 map++; 254 } 255 return NULL; 256 } 257 258 #if defined(CFG_CORE_DYN_SHM) || defined(CFG_SECURE_DATA_PATH) 259 static bool pbuf_is_special_mem(paddr_t pbuf, size_t len, 260 const struct core_mmu_phys_mem *start, 261 const struct core_mmu_phys_mem *end) 262 { 263 const struct core_mmu_phys_mem *mem; 264 265 for (mem = start; mem < end; mem++) { 266 if (core_is_buffer_inside(pbuf, len, mem->addr, mem->size)) 267 return true; 268 } 269 270 return false; 271 } 272 #endif 273 274 #ifdef CFG_CORE_DYN_SHM 275 static void carve_out_phys_mem(struct core_mmu_phys_mem **mem, size_t *nelems, 276 paddr_t pa, size_t size) 277 { 278 struct core_mmu_phys_mem *m = *mem; 279 size_t n = 0; 280 281 while (true) { 282 if (n >= *nelems) { 283 DMSG("No need to carve out %#" PRIxPA " size %#zx", 284 pa, size); 285 return; 286 } 287 if (core_is_buffer_inside(pa, size, m[n].addr, m[n].size)) 288 break; 289 if (!core_is_buffer_outside(pa, size, m[n].addr, m[n].size)) 290 panic(); 291 n++; 292 } 293 294 if (pa == m[n].addr && size == m[n].size) { 295 /* Remove this entry */ 296 (*nelems)--; 297 memmove(m + n, m + n + 1, sizeof(*m) * (*nelems - n)); 298 m = nex_realloc(m, sizeof(*m) * *nelems); 299 if (!m) 300 panic(); 301 *mem = m; 302 } else if (pa == m[n].addr) { 303 m[n].addr += size; 304 m[n].size -= size; 305 } else if ((pa + size) == (m[n].addr + m[n].size)) { 306 m[n].size -= size; 307 } else { 308 /* Need to split the memory entry */ 309 m = nex_realloc(m, sizeof(*m) * (*nelems + 1)); 310 if (!m) 311 panic(); 312 *mem = m; 313 memmove(m + n + 1, m + n, sizeof(*m) * (*nelems - n)); 314 (*nelems)++; 315 m[n].size = pa - m[n].addr; 316 m[n + 1].size -= size + m[n].size; 317 m[n + 1].addr = pa + size; 318 } 319 } 320 321 static void check_phys_mem_is_outside(struct core_mmu_phys_mem *start, 322 size_t nelems, 323 struct tee_mmap_region *map) 324 { 325 size_t n; 326 327 for (n = 0; n < nelems; n++) { 328 if (!core_is_buffer_outside(start[n].addr, start[n].size, 329 map->pa, map->size)) { 330 EMSG("Non-sec mem (%#" PRIxPA ":%#" PRIxPASZ 331 ") overlaps map (type %d %#" PRIxPA ":%#zx)", 332 start[n].addr, start[n].size, 333 map->type, map->pa, map->size); 334 panic(); 335 } 336 } 337 } 338 339 static const struct core_mmu_phys_mem *discovered_nsec_ddr_start __nex_bss; 340 static size_t discovered_nsec_ddr_nelems __nex_bss; 341 342 static int cmp_pmem_by_addr(const void *a, const void *b) 343 { 344 const struct core_mmu_phys_mem *pmem_a = a; 345 const struct core_mmu_phys_mem *pmem_b = b; 346 347 return CMP_TRILEAN(pmem_a->addr, pmem_b->addr); 348 } 349 350 void core_mmu_set_discovered_nsec_ddr(struct core_mmu_phys_mem *start, 351 size_t nelems) 352 { 353 struct core_mmu_phys_mem *m = start; 354 size_t num_elems = nelems; 355 struct tee_mmap_region *map = static_memory_map; 356 const struct core_mmu_phys_mem __maybe_unused *pmem; 357 358 assert(!discovered_nsec_ddr_start); 359 assert(m && num_elems); 360 361 qsort(m, num_elems, sizeof(*m), cmp_pmem_by_addr); 362 363 /* 364 * Non-secure shared memory and also secure data 365 * path memory are supposed to reside inside 366 * non-secure memory. Since NSEC_SHM and SDP_MEM 367 * are used for a specific purpose make holes for 368 * those memory in the normal non-secure memory. 369 * 370 * This has to be done since for instance QEMU 371 * isn't aware of which memory range in the 372 * non-secure memory is used for NSEC_SHM. 373 */ 374 375 #ifdef CFG_SECURE_DATA_PATH 376 for (pmem = phys_sdp_mem_begin; pmem < phys_sdp_mem_end; pmem++) 377 carve_out_phys_mem(&m, &num_elems, pmem->addr, pmem->size); 378 #endif 379 380 carve_out_phys_mem(&m, &num_elems, TEE_RAM_START, TEE_RAM_PH_SIZE); 381 carve_out_phys_mem(&m, &num_elems, TA_RAM_START, TA_RAM_SIZE); 382 383 for (map = static_memory_map; !core_mmap_is_end_of_table(map); map++) { 384 switch (map->type) { 385 case MEM_AREA_NSEC_SHM: 386 carve_out_phys_mem(&m, &num_elems, map->pa, map->size); 387 break; 388 case MEM_AREA_EXT_DT: 389 case MEM_AREA_RES_VASPACE: 390 case MEM_AREA_SHM_VASPACE: 391 case MEM_AREA_TS_VASPACE: 392 case MEM_AREA_PAGER_VASPACE: 393 break; 394 default: 395 check_phys_mem_is_outside(m, num_elems, map); 396 } 397 } 398 399 discovered_nsec_ddr_start = m; 400 discovered_nsec_ddr_nelems = num_elems; 401 402 if (!core_mmu_check_end_pa(m[num_elems - 1].addr, 403 m[num_elems - 1].size)) 404 panic(); 405 } 406 407 static bool get_discovered_nsec_ddr(const struct core_mmu_phys_mem **start, 408 const struct core_mmu_phys_mem **end) 409 { 410 if (!discovered_nsec_ddr_start) 411 return false; 412 413 *start = discovered_nsec_ddr_start; 414 *end = discovered_nsec_ddr_start + discovered_nsec_ddr_nelems; 415 416 return true; 417 } 418 419 static bool pbuf_is_nsec_ddr(paddr_t pbuf, size_t len) 420 { 421 const struct core_mmu_phys_mem *start; 422 const struct core_mmu_phys_mem *end; 423 424 if (!get_discovered_nsec_ddr(&start, &end)) 425 return false; 426 427 return pbuf_is_special_mem(pbuf, len, start, end); 428 } 429 430 bool core_mmu_nsec_ddr_is_defined(void) 431 { 432 const struct core_mmu_phys_mem *start; 433 const struct core_mmu_phys_mem *end; 434 435 if (!get_discovered_nsec_ddr(&start, &end)) 436 return false; 437 438 return start != end; 439 } 440 #else 441 static bool pbuf_is_nsec_ddr(paddr_t pbuf __unused, size_t len __unused) 442 { 443 return false; 444 } 445 #endif /*CFG_CORE_DYN_SHM*/ 446 447 #define MSG_MEM_INSTERSECT(pa1, sz1, pa2, sz2) \ 448 EMSG("[%" PRIxPA " %" PRIx64 "] intersects [%" PRIxPA " %" PRIx64 "]", \ 449 pa1, (uint64_t)pa1 + (sz1), pa2, (uint64_t)pa2 + (sz2)) 450 451 #ifdef CFG_SECURE_DATA_PATH 452 static bool pbuf_is_sdp_mem(paddr_t pbuf, size_t len) 453 { 454 return pbuf_is_special_mem(pbuf, len, phys_sdp_mem_begin, 455 phys_sdp_mem_end); 456 } 457 458 struct mobj **core_sdp_mem_create_mobjs(void) 459 { 460 const struct core_mmu_phys_mem *mem; 461 struct mobj **mobj_base; 462 struct mobj **mobj; 463 int cnt = phys_sdp_mem_end - phys_sdp_mem_begin; 464 465 /* SDP mobjs table must end with a NULL entry */ 466 mobj_base = calloc(cnt + 1, sizeof(struct mobj *)); 467 if (!mobj_base) 468 panic("Out of memory"); 469 470 for (mem = phys_sdp_mem_begin, mobj = mobj_base; 471 mem < phys_sdp_mem_end; mem++, mobj++) { 472 *mobj = mobj_phys_alloc(mem->addr, mem->size, 473 TEE_MATTR_MEM_TYPE_CACHED, 474 CORE_MEM_SDP_MEM); 475 if (!*mobj) 476 panic("can't create SDP physical memory object"); 477 } 478 return mobj_base; 479 } 480 481 #else /* CFG_SECURE_DATA_PATH */ 482 static bool pbuf_is_sdp_mem(paddr_t pbuf __unused, size_t len __unused) 483 { 484 return false; 485 } 486 487 #endif /* CFG_SECURE_DATA_PATH */ 488 489 /* Check special memories comply with registered memories */ 490 static void verify_special_mem_areas(struct tee_mmap_region *mem_map, 491 size_t len, 492 const struct core_mmu_phys_mem *start, 493 const struct core_mmu_phys_mem *end, 494 const char *area_name __maybe_unused) 495 { 496 const struct core_mmu_phys_mem *mem; 497 const struct core_mmu_phys_mem *mem2; 498 struct tee_mmap_region *mmap; 499 size_t n; 500 501 if (start == end) { 502 DMSG("No %s memory area defined", area_name); 503 return; 504 } 505 506 for (mem = start; mem < end; mem++) 507 DMSG("%s memory [%" PRIxPA " %" PRIx64 "]", 508 area_name, mem->addr, (uint64_t)mem->addr + mem->size); 509 510 /* Check memories do not intersect each other */ 511 for (mem = start; mem + 1 < end; mem++) { 512 for (mem2 = mem + 1; mem2 < end; mem2++) { 513 if (core_is_buffer_intersect(mem2->addr, mem2->size, 514 mem->addr, mem->size)) { 515 MSG_MEM_INSTERSECT(mem2->addr, mem2->size, 516 mem->addr, mem->size); 517 panic("Special memory intersection"); 518 } 519 } 520 } 521 522 /* 523 * Check memories do not intersect any mapped memory. 524 * This is called before reserved VA space is loaded in mem_map. 525 */ 526 for (mem = start; mem < end; mem++) { 527 for (mmap = mem_map, n = 0; n < len; mmap++, n++) { 528 if (core_is_buffer_intersect(mem->addr, mem->size, 529 mmap->pa, mmap->size)) { 530 MSG_MEM_INSTERSECT(mem->addr, mem->size, 531 mmap->pa, mmap->size); 532 panic("Special memory intersection"); 533 } 534 } 535 } 536 } 537 538 static void add_phys_mem(struct tee_mmap_region *memory_map, size_t num_elems, 539 const struct core_mmu_phys_mem *mem, size_t *last) 540 { 541 size_t n = 0; 542 paddr_t pa; 543 paddr_size_t size; 544 545 /* 546 * If some ranges of memory of the same type do overlap 547 * each others they are coalesced into one entry. To help this 548 * added entries are sorted by increasing physical. 549 * 550 * Note that it's valid to have the same physical memory as several 551 * different memory types, for instance the same device memory 552 * mapped as both secure and non-secure. This will probably not 553 * happen often in practice. 554 */ 555 DMSG("%s type %s 0x%08" PRIxPA " size 0x%08" PRIxPASZ, 556 mem->name, teecore_memtype_name(mem->type), mem->addr, mem->size); 557 while (true) { 558 if (n >= (num_elems - 1)) { 559 EMSG("Out of entries (%zu) in memory_map", num_elems); 560 panic(); 561 } 562 if (n == *last) 563 break; 564 pa = memory_map[n].pa; 565 size = memory_map[n].size; 566 if (mem->type == memory_map[n].type && 567 ((pa <= (mem->addr + (mem->size - 1))) && 568 (mem->addr <= (pa + (size - 1))))) { 569 DMSG("Physical mem map overlaps 0x%" PRIxPA, mem->addr); 570 memory_map[n].pa = MIN(pa, mem->addr); 571 memory_map[n].size = MAX(size, mem->size) + 572 (pa - memory_map[n].pa); 573 return; 574 } 575 if (mem->type < memory_map[n].type || 576 (mem->type == memory_map[n].type && mem->addr < pa)) 577 break; /* found the spot where to insert this memory */ 578 n++; 579 } 580 581 memmove(memory_map + n + 1, memory_map + n, 582 sizeof(struct tee_mmap_region) * (*last - n)); 583 (*last)++; 584 memset(memory_map + n, 0, sizeof(memory_map[0])); 585 memory_map[n].type = mem->type; 586 memory_map[n].pa = mem->addr; 587 memory_map[n].size = mem->size; 588 } 589 590 static void add_va_space(struct tee_mmap_region *memory_map, size_t num_elems, 591 enum teecore_memtypes type, size_t size, size_t *last) 592 { 593 size_t n = 0; 594 595 DMSG("type %s size 0x%08zx", teecore_memtype_name(type), size); 596 while (true) { 597 if (n >= (num_elems - 1)) { 598 EMSG("Out of entries (%zu) in memory_map", num_elems); 599 panic(); 600 } 601 if (n == *last) 602 break; 603 if (type < memory_map[n].type) 604 break; 605 n++; 606 } 607 608 memmove(memory_map + n + 1, memory_map + n, 609 sizeof(struct tee_mmap_region) * (*last - n)); 610 (*last)++; 611 memset(memory_map + n, 0, sizeof(memory_map[0])); 612 memory_map[n].type = type; 613 memory_map[n].size = size; 614 } 615 616 uint32_t core_mmu_type_to_attr(enum teecore_memtypes t) 617 { 618 const uint32_t attr = TEE_MATTR_VALID_BLOCK; 619 const uint32_t tagged = TEE_MATTR_MEM_TYPE_TAGGED << 620 TEE_MATTR_MEM_TYPE_SHIFT; 621 const uint32_t cached = TEE_MATTR_MEM_TYPE_CACHED << 622 TEE_MATTR_MEM_TYPE_SHIFT; 623 const uint32_t noncache = TEE_MATTR_MEM_TYPE_DEV << 624 TEE_MATTR_MEM_TYPE_SHIFT; 625 626 switch (t) { 627 case MEM_AREA_TEE_RAM: 628 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | tagged; 629 case MEM_AREA_TEE_RAM_RX: 630 case MEM_AREA_INIT_RAM_RX: 631 case MEM_AREA_IDENTITY_MAP_RX: 632 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRX | tagged; 633 case MEM_AREA_TEE_RAM_RO: 634 case MEM_AREA_INIT_RAM_RO: 635 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | tagged; 636 case MEM_AREA_TEE_RAM_RW: 637 case MEM_AREA_NEX_RAM_RO: /* This has to be r/w during init runtime */ 638 case MEM_AREA_NEX_RAM_RW: 639 case MEM_AREA_TEE_ASAN: 640 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 641 case MEM_AREA_TEE_COHERENT: 642 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | noncache; 643 case MEM_AREA_TA_RAM: 644 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 645 case MEM_AREA_NSEC_SHM: 646 return attr | TEE_MATTR_PRW | cached; 647 case MEM_AREA_EXT_DT: 648 /* 649 * If CFG_MAP_EXT_DT_SECURE is enabled map the external device 650 * tree as secure non-cached memory, otherwise, fall back to 651 * non-secure mapping. 652 */ 653 if (IS_ENABLED(CFG_MAP_EXT_DT_SECURE)) 654 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | 655 noncache; 656 fallthrough; 657 case MEM_AREA_IO_NSEC: 658 return attr | TEE_MATTR_PRW | noncache; 659 case MEM_AREA_IO_SEC: 660 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | noncache; 661 case MEM_AREA_RAM_NSEC: 662 return attr | TEE_MATTR_PRW | cached; 663 case MEM_AREA_RAM_SEC: 664 case MEM_AREA_SEC_RAM_OVERALL: 665 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 666 case MEM_AREA_RES_VASPACE: 667 case MEM_AREA_SHM_VASPACE: 668 return 0; 669 case MEM_AREA_PAGER_VASPACE: 670 return TEE_MATTR_SECURE; 671 default: 672 panic("invalid type"); 673 } 674 } 675 676 static bool __maybe_unused map_is_tee_ram(const struct tee_mmap_region *mm) 677 { 678 switch (mm->type) { 679 case MEM_AREA_TEE_RAM: 680 case MEM_AREA_TEE_RAM_RX: 681 case MEM_AREA_TEE_RAM_RO: 682 case MEM_AREA_TEE_RAM_RW: 683 case MEM_AREA_INIT_RAM_RX: 684 case MEM_AREA_INIT_RAM_RO: 685 case MEM_AREA_NEX_RAM_RW: 686 case MEM_AREA_NEX_RAM_RO: 687 case MEM_AREA_TEE_ASAN: 688 return true; 689 default: 690 return false; 691 } 692 } 693 694 static bool __maybe_unused map_is_secure(const struct tee_mmap_region *mm) 695 { 696 return !!(core_mmu_type_to_attr(mm->type) & TEE_MATTR_SECURE); 697 } 698 699 static bool __maybe_unused map_is_pgdir(const struct tee_mmap_region *mm) 700 { 701 return mm->region_size == CORE_MMU_PGDIR_SIZE; 702 } 703 704 static int cmp_mmap_by_lower_va(const void *a, const void *b) 705 { 706 const struct tee_mmap_region *mm_a = a; 707 const struct tee_mmap_region *mm_b = b; 708 709 return CMP_TRILEAN(mm_a->va, mm_b->va); 710 } 711 712 static void dump_mmap_table(struct tee_mmap_region *memory_map) 713 { 714 struct tee_mmap_region *map; 715 716 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 717 vaddr_t __maybe_unused vstart; 718 719 vstart = map->va + ((vaddr_t)map->pa & (map->region_size - 1)); 720 DMSG("type %-12s va 0x%08" PRIxVA "..0x%08" PRIxVA 721 " pa 0x%08" PRIxPA "..0x%08" PRIxPA " size 0x%08zx (%s)", 722 teecore_memtype_name(map->type), vstart, 723 vstart + map->size - 1, map->pa, 724 (paddr_t)(map->pa + map->size - 1), map->size, 725 map->region_size == SMALL_PAGE_SIZE ? "smallpg" : "pgdir"); 726 } 727 } 728 729 #if DEBUG_XLAT_TABLE 730 731 static void dump_xlat_table(vaddr_t va, unsigned int level) 732 { 733 struct core_mmu_table_info tbl_info; 734 unsigned int idx = 0; 735 paddr_t pa; 736 uint32_t attr; 737 738 core_mmu_find_table(NULL, va, level, &tbl_info); 739 va = tbl_info.va_base; 740 for (idx = 0; idx < tbl_info.num_entries; idx++) { 741 core_mmu_get_entry(&tbl_info, idx, &pa, &attr); 742 if (attr || level > CORE_MMU_BASE_TABLE_LEVEL) { 743 const char *security_bit = ""; 744 745 if (core_mmu_entry_have_security_bit(attr)) { 746 if (attr & TEE_MATTR_SECURE) 747 security_bit = "S"; 748 else 749 security_bit = "NS"; 750 } 751 752 if (attr & TEE_MATTR_TABLE) { 753 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 754 " TBL:0x%010" PRIxPA " %s", 755 level * 2, "", level, va, pa, 756 security_bit); 757 dump_xlat_table(va, level + 1); 758 } else if (attr) { 759 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 760 " PA:0x%010" PRIxPA " %s-%s-%s-%s", 761 level * 2, "", level, va, pa, 762 mattr_is_cached(attr) ? "MEM" : 763 "DEV", 764 attr & TEE_MATTR_PW ? "RW" : "RO", 765 attr & TEE_MATTR_PX ? "X " : "XN", 766 security_bit); 767 } else { 768 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 769 " INVALID\n", 770 level * 2, "", level, va); 771 } 772 } 773 va += BIT64(tbl_info.shift); 774 } 775 } 776 777 #else 778 779 static void dump_xlat_table(vaddr_t va __unused, int level __unused) 780 { 781 } 782 783 #endif 784 785 /* 786 * Reserves virtual memory space for pager usage. 787 * 788 * From the start of the first memory used by the link script + 789 * TEE_RAM_VA_SIZE should be covered, either with a direct mapping or empty 790 * mapping for pager usage. This adds translation tables as needed for the 791 * pager to operate. 792 */ 793 static void add_pager_vaspace(struct tee_mmap_region *mmap, size_t num_elems, 794 size_t *last) 795 { 796 paddr_t begin = 0; 797 paddr_t end = 0; 798 size_t size = 0; 799 size_t pos = 0; 800 size_t n = 0; 801 802 if (*last >= (num_elems - 1)) { 803 EMSG("Out of entries (%zu) in memory map", num_elems); 804 panic(); 805 } 806 807 for (n = 0; !core_mmap_is_end_of_table(mmap + n); n++) { 808 if (map_is_tee_ram(mmap + n)) { 809 if (!begin) 810 begin = mmap[n].pa; 811 pos = n + 1; 812 } 813 } 814 815 end = mmap[pos - 1].pa + mmap[pos - 1].size; 816 size = TEE_RAM_VA_SIZE - (end - begin); 817 if (!size) 818 return; 819 820 assert(pos <= *last); 821 memmove(mmap + pos + 1, mmap + pos, 822 sizeof(struct tee_mmap_region) * (*last - pos)); 823 (*last)++; 824 memset(mmap + pos, 0, sizeof(mmap[0])); 825 mmap[pos].type = MEM_AREA_PAGER_VASPACE; 826 mmap[pos].va = 0; 827 mmap[pos].size = size; 828 mmap[pos].region_size = SMALL_PAGE_SIZE; 829 mmap[pos].attr = core_mmu_type_to_attr(MEM_AREA_PAGER_VASPACE); 830 } 831 832 static void check_sec_nsec_mem_config(void) 833 { 834 size_t n = 0; 835 836 for (n = 0; n < ARRAY_SIZE(secure_only); n++) { 837 if (pbuf_intersects(nsec_shared, secure_only[n].paddr, 838 secure_only[n].size)) 839 panic("Invalid memory access config: sec/nsec"); 840 } 841 } 842 843 static size_t collect_mem_ranges(struct tee_mmap_region *memory_map, 844 size_t num_elems) 845 { 846 const struct core_mmu_phys_mem *mem = NULL; 847 size_t last = 0; 848 849 for (mem = phys_mem_map_begin; mem < phys_mem_map_end; mem++) { 850 struct core_mmu_phys_mem m = *mem; 851 852 /* Discard null size entries */ 853 if (!m.size) 854 continue; 855 856 /* Only unmapped virtual range may have a null phys addr */ 857 assert(m.addr || !core_mmu_type_to_attr(m.type)); 858 859 add_phys_mem(memory_map, num_elems, &m, &last); 860 } 861 862 if (IS_ENABLED(CFG_SECURE_DATA_PATH)) 863 verify_special_mem_areas(memory_map, num_elems, 864 phys_sdp_mem_begin, 865 phys_sdp_mem_end, "SDP"); 866 867 add_va_space(memory_map, num_elems, MEM_AREA_RES_VASPACE, 868 CFG_RESERVED_VASPACE_SIZE, &last); 869 870 add_va_space(memory_map, num_elems, MEM_AREA_SHM_VASPACE, 871 SHM_VASPACE_SIZE, &last); 872 873 memory_map[last].type = MEM_AREA_END; 874 875 return last; 876 } 877 878 static void assign_mem_granularity(struct tee_mmap_region *memory_map) 879 { 880 struct tee_mmap_region *map = NULL; 881 882 /* 883 * Assign region sizes, note that MEM_AREA_TEE_RAM always uses 884 * SMALL_PAGE_SIZE. 885 */ 886 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 887 paddr_t mask = map->pa | map->size; 888 889 if (!(mask & CORE_MMU_PGDIR_MASK)) 890 map->region_size = CORE_MMU_PGDIR_SIZE; 891 else if (!(mask & SMALL_PAGE_MASK)) 892 map->region_size = SMALL_PAGE_SIZE; 893 else 894 panic("Impossible memory alignment"); 895 896 if (map_is_tee_ram(map)) 897 map->region_size = SMALL_PAGE_SIZE; 898 } 899 } 900 901 static bool place_tee_ram_at_top(paddr_t paddr) 902 { 903 return paddr > BIT64(core_mmu_get_va_width()) / 2; 904 } 905 906 /* 907 * MMU arch driver shall override this function if it helps 908 * optimizing the memory footprint of the address translation tables. 909 */ 910 bool __weak core_mmu_prefer_tee_ram_at_top(paddr_t paddr) 911 { 912 return place_tee_ram_at_top(paddr); 913 } 914 915 static bool assign_mem_va_dir(vaddr_t tee_ram_va, 916 struct tee_mmap_region *memory_map, 917 bool tee_ram_at_top) 918 { 919 struct tee_mmap_region *map = NULL; 920 vaddr_t va = 0; 921 bool va_is_secure = true; 922 923 /* Clear eventual previous assignments */ 924 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 925 map->va = 0; 926 927 /* 928 * TEE RAM regions are always aligned with region_size. 929 * 930 * Note that MEM_AREA_PAGER_VASPACE also counts as TEE RAM here 931 * since it handles virtual memory which covers the part of the ELF 932 * that cannot fit directly into memory. 933 */ 934 va = tee_ram_va; 935 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 936 if (map_is_tee_ram(map) || 937 map->type == MEM_AREA_PAGER_VASPACE) { 938 assert(!(va & (map->region_size - 1))); 939 assert(!(map->size & (map->region_size - 1))); 940 map->va = va; 941 if (ADD_OVERFLOW(va, map->size, &va)) 942 return false; 943 if (va >= BIT64(core_mmu_get_va_width())) 944 return false; 945 } 946 } 947 948 if (tee_ram_at_top) { 949 /* 950 * Map non-tee ram regions at addresses lower than the tee 951 * ram region. 952 */ 953 va = tee_ram_va; 954 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 955 map->attr = core_mmu_type_to_attr(map->type); 956 if (map->va) 957 continue; 958 959 if (!IS_ENABLED(CFG_WITH_LPAE) && 960 va_is_secure != map_is_secure(map)) { 961 va_is_secure = !va_is_secure; 962 va = ROUNDDOWN(va, CORE_MMU_PGDIR_SIZE); 963 } 964 965 if (SUB_OVERFLOW(va, map->size, &va)) 966 return false; 967 va = ROUNDDOWN(va, map->region_size); 968 /* 969 * Make sure that va is aligned with pa for 970 * efficient pgdir mapping. Basically pa & 971 * pgdir_mask should be == va & pgdir_mask 972 */ 973 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 974 if (SUB_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, &va)) 975 return false; 976 va += (map->pa - va) & CORE_MMU_PGDIR_MASK; 977 } 978 map->va = va; 979 } 980 } else { 981 /* 982 * Map non-tee ram regions at addresses higher than the tee 983 * ram region. 984 */ 985 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 986 map->attr = core_mmu_type_to_attr(map->type); 987 if (map->va) 988 continue; 989 990 if (!IS_ENABLED(CFG_WITH_LPAE) && 991 va_is_secure != map_is_secure(map)) { 992 va_is_secure = !va_is_secure; 993 if (ROUNDUP_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, 994 &va)) 995 return false; 996 } 997 998 if (ROUNDUP_OVERFLOW(va, map->region_size, &va)) 999 return false; 1000 /* 1001 * Make sure that va is aligned with pa for 1002 * efficient pgdir mapping. Basically pa & 1003 * pgdir_mask should be == va & pgdir_mask 1004 */ 1005 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1006 vaddr_t offs = (map->pa - va) & 1007 CORE_MMU_PGDIR_MASK; 1008 1009 if (ADD_OVERFLOW(va, offs, &va)) 1010 return false; 1011 } 1012 1013 map->va = va; 1014 if (ADD_OVERFLOW(va, map->size, &va)) 1015 return false; 1016 if (va >= BIT64(core_mmu_get_va_width())) 1017 return false; 1018 } 1019 } 1020 1021 return true; 1022 } 1023 1024 static bool assign_mem_va(vaddr_t tee_ram_va, 1025 struct tee_mmap_region *memory_map) 1026 { 1027 bool tee_ram_at_top = place_tee_ram_at_top(tee_ram_va); 1028 1029 /* 1030 * Check that we're not overlapping with the user VA range. 1031 */ 1032 if (IS_ENABLED(CFG_WITH_LPAE)) { 1033 /* 1034 * User VA range is supposed to be defined after these 1035 * mappings have been established. 1036 */ 1037 assert(!core_mmu_user_va_range_is_defined()); 1038 } else { 1039 vaddr_t user_va_base = 0; 1040 size_t user_va_size = 0; 1041 1042 assert(core_mmu_user_va_range_is_defined()); 1043 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 1044 if (tee_ram_va < (user_va_base + user_va_size)) 1045 return false; 1046 } 1047 1048 if (IS_ENABLED(CFG_WITH_PAGER)) { 1049 bool prefered_dir = core_mmu_prefer_tee_ram_at_top(tee_ram_va); 1050 1051 /* Try whole mapping covered by a single base xlat entry */ 1052 if (prefered_dir != tee_ram_at_top && 1053 assign_mem_va_dir(tee_ram_va, memory_map, prefered_dir)) 1054 return true; 1055 } 1056 1057 return assign_mem_va_dir(tee_ram_va, memory_map, tee_ram_at_top); 1058 } 1059 1060 static int cmp_init_mem_map(const void *a, const void *b) 1061 { 1062 const struct tee_mmap_region *mm_a = a; 1063 const struct tee_mmap_region *mm_b = b; 1064 int rc = 0; 1065 1066 rc = CMP_TRILEAN(mm_a->region_size, mm_b->region_size); 1067 if (!rc) 1068 rc = CMP_TRILEAN(mm_a->pa, mm_b->pa); 1069 /* 1070 * 32bit MMU descriptors cannot mix secure and non-secure mapping in 1071 * the same level2 table. Hence sort secure mapping from non-secure 1072 * mapping. 1073 */ 1074 if (!rc && !IS_ENABLED(CFG_WITH_LPAE)) 1075 rc = CMP_TRILEAN(map_is_secure(mm_a), map_is_secure(mm_b)); 1076 1077 return rc; 1078 } 1079 1080 static bool mem_map_add_id_map(struct tee_mmap_region *memory_map, 1081 size_t num_elems, size_t *last, 1082 vaddr_t id_map_start, vaddr_t id_map_end) 1083 { 1084 struct tee_mmap_region *map = NULL; 1085 vaddr_t start = ROUNDDOWN(id_map_start, SMALL_PAGE_SIZE); 1086 vaddr_t end = ROUNDUP(id_map_end, SMALL_PAGE_SIZE); 1087 size_t len = end - start; 1088 1089 if (*last >= num_elems - 1) { 1090 EMSG("Out of entries (%zu) in memory map", num_elems); 1091 panic(); 1092 } 1093 1094 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 1095 if (core_is_buffer_intersect(map->va, map->size, start, len)) 1096 return false; 1097 1098 *map = (struct tee_mmap_region){ 1099 .type = MEM_AREA_IDENTITY_MAP_RX, 1100 /* 1101 * Could use CORE_MMU_PGDIR_SIZE to potentially save a 1102 * translation table, at the increased risk of clashes with 1103 * the rest of the memory map. 1104 */ 1105 .region_size = SMALL_PAGE_SIZE, 1106 .pa = start, 1107 .va = start, 1108 .size = len, 1109 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1110 }; 1111 1112 (*last)++; 1113 1114 return true; 1115 } 1116 1117 static unsigned long init_mem_map(struct tee_mmap_region *memory_map, 1118 size_t num_elems, unsigned long seed) 1119 { 1120 /* 1121 * @id_map_start and @id_map_end describes a physical memory range 1122 * that must be mapped Read-Only eXecutable at identical virtual 1123 * addresses. 1124 */ 1125 vaddr_t id_map_start = (vaddr_t)__identity_map_init_start; 1126 vaddr_t id_map_end = (vaddr_t)__identity_map_init_end; 1127 unsigned long offs = 0; 1128 size_t last = 0; 1129 1130 last = collect_mem_ranges(memory_map, num_elems); 1131 assign_mem_granularity(memory_map); 1132 1133 /* 1134 * To ease mapping and lower use of xlat tables, sort mapping 1135 * description moving small-page regions after the pgdir regions. 1136 */ 1137 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1138 cmp_init_mem_map); 1139 1140 add_pager_vaspace(memory_map, num_elems, &last); 1141 if (IS_ENABLED(CFG_CORE_ASLR) && seed) { 1142 vaddr_t base_addr = TEE_RAM_START + seed; 1143 const unsigned int va_width = core_mmu_get_va_width(); 1144 const vaddr_t va_mask = GENMASK_64(va_width - 1, 1145 SMALL_PAGE_SHIFT); 1146 vaddr_t ba = base_addr; 1147 size_t n = 0; 1148 1149 for (n = 0; n < 3; n++) { 1150 if (n) 1151 ba = base_addr ^ BIT64(va_width - n); 1152 ba &= va_mask; 1153 if (assign_mem_va(ba, memory_map) && 1154 mem_map_add_id_map(memory_map, num_elems, &last, 1155 id_map_start, id_map_end)) { 1156 offs = ba - TEE_RAM_START; 1157 DMSG("Mapping core at %#"PRIxVA" offs %#lx", 1158 ba, offs); 1159 goto out; 1160 } else { 1161 DMSG("Failed to map core at %#"PRIxVA, ba); 1162 } 1163 } 1164 EMSG("Failed to map core with seed %#lx", seed); 1165 } 1166 1167 if (!assign_mem_va(TEE_RAM_START, memory_map)) 1168 panic(); 1169 1170 out: 1171 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1172 cmp_mmap_by_lower_va); 1173 1174 dump_mmap_table(memory_map); 1175 1176 return offs; 1177 } 1178 1179 static void check_mem_map(struct tee_mmap_region *map) 1180 { 1181 struct tee_mmap_region *m = NULL; 1182 1183 for (m = map; !core_mmap_is_end_of_table(m); m++) { 1184 switch (m->type) { 1185 case MEM_AREA_TEE_RAM: 1186 case MEM_AREA_TEE_RAM_RX: 1187 case MEM_AREA_TEE_RAM_RO: 1188 case MEM_AREA_TEE_RAM_RW: 1189 case MEM_AREA_INIT_RAM_RX: 1190 case MEM_AREA_INIT_RAM_RO: 1191 case MEM_AREA_NEX_RAM_RW: 1192 case MEM_AREA_NEX_RAM_RO: 1193 case MEM_AREA_IDENTITY_MAP_RX: 1194 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1195 panic("TEE_RAM can't fit in secure_only"); 1196 break; 1197 case MEM_AREA_TA_RAM: 1198 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1199 panic("TA_RAM can't fit in secure_only"); 1200 break; 1201 case MEM_AREA_NSEC_SHM: 1202 if (!pbuf_is_inside(nsec_shared, m->pa, m->size)) 1203 panic("NS_SHM can't fit in nsec_shared"); 1204 break; 1205 case MEM_AREA_SEC_RAM_OVERALL: 1206 case MEM_AREA_TEE_COHERENT: 1207 case MEM_AREA_TEE_ASAN: 1208 case MEM_AREA_IO_SEC: 1209 case MEM_AREA_IO_NSEC: 1210 case MEM_AREA_EXT_DT: 1211 case MEM_AREA_RAM_SEC: 1212 case MEM_AREA_RAM_NSEC: 1213 case MEM_AREA_RES_VASPACE: 1214 case MEM_AREA_SHM_VASPACE: 1215 case MEM_AREA_PAGER_VASPACE: 1216 break; 1217 default: 1218 EMSG("Uhandled memtype %d", m->type); 1219 panic(); 1220 } 1221 } 1222 } 1223 1224 static struct tee_mmap_region *get_tmp_mmap(void) 1225 { 1226 struct tee_mmap_region *tmp_mmap = (void *)__heap1_start; 1227 1228 #ifdef CFG_WITH_PAGER 1229 if (__heap1_end - __heap1_start < (ptrdiff_t)sizeof(static_memory_map)) 1230 tmp_mmap = (void *)__heap2_start; 1231 #endif 1232 1233 memset(tmp_mmap, 0, sizeof(static_memory_map)); 1234 1235 return tmp_mmap; 1236 } 1237 1238 /* 1239 * core_init_mmu_map() - init tee core default memory mapping 1240 * 1241 * This routine sets the static default TEE core mapping. If @seed is > 0 1242 * and configured with CFG_CORE_ASLR it will map tee core at a location 1243 * based on the seed and return the offset from the link address. 1244 * 1245 * If an error happened: core_init_mmu_map is expected to panic. 1246 * 1247 * Note: this function is weak just to make it possible to exclude it from 1248 * the unpaged area. 1249 */ 1250 void __weak core_init_mmu_map(unsigned long seed, struct core_mmu_config *cfg) 1251 { 1252 #ifndef CFG_VIRTUALIZATION 1253 vaddr_t start = ROUNDDOWN((vaddr_t)__nozi_start, SMALL_PAGE_SIZE); 1254 #else 1255 vaddr_t start = ROUNDDOWN((vaddr_t)__vcore_nex_rw_start, 1256 SMALL_PAGE_SIZE); 1257 #endif 1258 vaddr_t len = ROUNDUP((vaddr_t)__nozi_end, SMALL_PAGE_SIZE) - start; 1259 struct tee_mmap_region *tmp_mmap = get_tmp_mmap(); 1260 unsigned long offs = 0; 1261 1262 check_sec_nsec_mem_config(); 1263 1264 /* 1265 * Add a entry covering the translation tables which will be 1266 * involved in some virt_to_phys() and phys_to_virt() conversions. 1267 */ 1268 static_memory_map[0] = (struct tee_mmap_region){ 1269 .type = MEM_AREA_TEE_RAM, 1270 .region_size = SMALL_PAGE_SIZE, 1271 .pa = start, 1272 .va = start, 1273 .size = len, 1274 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1275 }; 1276 1277 COMPILE_TIME_ASSERT(CFG_MMAP_REGIONS >= 13); 1278 offs = init_mem_map(tmp_mmap, ARRAY_SIZE(static_memory_map), seed); 1279 1280 check_mem_map(tmp_mmap); 1281 core_init_mmu(tmp_mmap); 1282 dump_xlat_table(0x0, CORE_MMU_BASE_TABLE_LEVEL); 1283 core_init_mmu_regs(cfg); 1284 cfg->load_offset = offs; 1285 memcpy(static_memory_map, tmp_mmap, sizeof(static_memory_map)); 1286 } 1287 1288 bool core_mmu_mattr_is_ok(uint32_t mattr) 1289 { 1290 /* 1291 * Keep in sync with core_mmu_lpae.c:mattr_to_desc and 1292 * core_mmu_v7.c:mattr_to_texcb 1293 */ 1294 1295 switch ((mattr >> TEE_MATTR_MEM_TYPE_SHIFT) & TEE_MATTR_MEM_TYPE_MASK) { 1296 case TEE_MATTR_MEM_TYPE_DEV: 1297 case TEE_MATTR_MEM_TYPE_STRONGLY_O: 1298 case TEE_MATTR_MEM_TYPE_CACHED: 1299 case TEE_MATTR_MEM_TYPE_TAGGED: 1300 return true; 1301 default: 1302 return false; 1303 } 1304 } 1305 1306 /* 1307 * test attributes of target physical buffer 1308 * 1309 * Flags: pbuf_is(SECURE, NOT_SECURE, RAM, IOMEM, KEYVAULT). 1310 * 1311 */ 1312 bool core_pbuf_is(uint32_t attr, paddr_t pbuf, size_t len) 1313 { 1314 struct tee_mmap_region *map; 1315 1316 /* Empty buffers complies with anything */ 1317 if (len == 0) 1318 return true; 1319 1320 switch (attr) { 1321 case CORE_MEM_SEC: 1322 return pbuf_is_inside(secure_only, pbuf, len); 1323 case CORE_MEM_NON_SEC: 1324 return pbuf_is_inside(nsec_shared, pbuf, len) || 1325 pbuf_is_nsec_ddr(pbuf, len); 1326 case CORE_MEM_TEE_RAM: 1327 return core_is_buffer_inside(pbuf, len, TEE_RAM_START, 1328 TEE_RAM_PH_SIZE); 1329 case CORE_MEM_TA_RAM: 1330 return core_is_buffer_inside(pbuf, len, TA_RAM_START, 1331 TA_RAM_SIZE); 1332 #ifdef CFG_CORE_RESERVED_SHM 1333 case CORE_MEM_NSEC_SHM: 1334 return core_is_buffer_inside(pbuf, len, TEE_SHMEM_START, 1335 TEE_SHMEM_SIZE); 1336 #endif 1337 case CORE_MEM_SDP_MEM: 1338 return pbuf_is_sdp_mem(pbuf, len); 1339 case CORE_MEM_CACHED: 1340 map = find_map_by_pa(pbuf); 1341 if (!map || !pbuf_inside_map_area(pbuf, len, map)) 1342 return false; 1343 return mattr_is_cached(map->attr); 1344 default: 1345 return false; 1346 } 1347 } 1348 1349 /* test attributes of target virtual buffer (in core mapping) */ 1350 bool core_vbuf_is(uint32_t attr, const void *vbuf, size_t len) 1351 { 1352 paddr_t p; 1353 1354 /* Empty buffers complies with anything */ 1355 if (len == 0) 1356 return true; 1357 1358 p = virt_to_phys((void *)vbuf); 1359 if (!p) 1360 return false; 1361 1362 return core_pbuf_is(attr, p, len); 1363 } 1364 1365 /* core_va2pa - teecore exported service */ 1366 static int __maybe_unused core_va2pa_helper(void *va, paddr_t *pa) 1367 { 1368 struct tee_mmap_region *map; 1369 1370 map = find_map_by_va(va); 1371 if (!va_is_in_map(map, (vaddr_t)va)) 1372 return -1; 1373 1374 /* 1375 * We can calculate PA for static map. Virtual address ranges 1376 * reserved to core dynamic mapping return a 'match' (return 0;) 1377 * together with an invalid null physical address. 1378 */ 1379 if (map->pa) 1380 *pa = map->pa + (vaddr_t)va - map->va; 1381 else 1382 *pa = 0; 1383 1384 return 0; 1385 } 1386 1387 static void *map_pa2va(struct tee_mmap_region *map, paddr_t pa, size_t len) 1388 { 1389 if (!pa_is_in_map(map, pa, len)) 1390 return NULL; 1391 1392 return (void *)(vaddr_t)(map->va + pa - map->pa); 1393 } 1394 1395 /* 1396 * teecore gets some memory area definitions 1397 */ 1398 void core_mmu_get_mem_by_type(unsigned int type, vaddr_t *s, vaddr_t *e) 1399 { 1400 struct tee_mmap_region *map = find_map_by_type(type); 1401 1402 if (map) { 1403 *s = map->va; 1404 *e = map->va + map->size; 1405 } else { 1406 *s = 0; 1407 *e = 0; 1408 } 1409 } 1410 1411 enum teecore_memtypes core_mmu_get_type_by_pa(paddr_t pa) 1412 { 1413 struct tee_mmap_region *map = find_map_by_pa(pa); 1414 1415 if (!map) 1416 return MEM_AREA_MAXTYPE; 1417 return map->type; 1418 } 1419 1420 void core_mmu_set_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1421 paddr_t pa, uint32_t attr) 1422 { 1423 assert(idx < tbl_info->num_entries); 1424 core_mmu_set_entry_primitive(tbl_info->table, tbl_info->level, 1425 idx, pa, attr); 1426 } 1427 1428 void core_mmu_get_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1429 paddr_t *pa, uint32_t *attr) 1430 { 1431 assert(idx < tbl_info->num_entries); 1432 core_mmu_get_entry_primitive(tbl_info->table, tbl_info->level, 1433 idx, pa, attr); 1434 } 1435 1436 static void clear_region(struct core_mmu_table_info *tbl_info, 1437 struct tee_mmap_region *region) 1438 { 1439 unsigned int end = 0; 1440 unsigned int idx = 0; 1441 1442 /* va, len and pa should be block aligned */ 1443 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1444 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1445 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1446 1447 idx = core_mmu_va2idx(tbl_info, region->va); 1448 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1449 1450 while (idx < end) { 1451 core_mmu_set_entry(tbl_info, idx, 0, 0); 1452 idx++; 1453 } 1454 } 1455 1456 static void set_region(struct core_mmu_table_info *tbl_info, 1457 struct tee_mmap_region *region) 1458 { 1459 unsigned int end; 1460 unsigned int idx; 1461 paddr_t pa; 1462 1463 /* va, len and pa should be block aligned */ 1464 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1465 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1466 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1467 1468 idx = core_mmu_va2idx(tbl_info, region->va); 1469 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1470 pa = region->pa; 1471 1472 while (idx < end) { 1473 core_mmu_set_entry(tbl_info, idx, pa, region->attr); 1474 idx++; 1475 pa += BIT64(tbl_info->shift); 1476 } 1477 } 1478 1479 static void set_pg_region(struct core_mmu_table_info *dir_info, 1480 struct vm_region *region, struct pgt **pgt, 1481 struct core_mmu_table_info *pg_info) 1482 { 1483 struct tee_mmap_region r = { 1484 .va = region->va, 1485 .size = region->size, 1486 .attr = region->attr, 1487 }; 1488 vaddr_t end = r.va + r.size; 1489 uint32_t pgt_attr = (r.attr & TEE_MATTR_SECURE) | TEE_MATTR_TABLE; 1490 1491 while (r.va < end) { 1492 if (!pg_info->table || 1493 r.va >= (pg_info->va_base + CORE_MMU_PGDIR_SIZE)) { 1494 /* 1495 * We're assigning a new translation table. 1496 */ 1497 unsigned int idx; 1498 1499 /* Virtual addresses must grow */ 1500 assert(r.va > pg_info->va_base); 1501 1502 idx = core_mmu_va2idx(dir_info, r.va); 1503 pg_info->va_base = core_mmu_idx2va(dir_info, idx); 1504 1505 #ifdef CFG_PAGED_USER_TA 1506 /* 1507 * Advance pgt to va_base, note that we may need to 1508 * skip multiple page tables if there are large 1509 * holes in the vm map. 1510 */ 1511 while ((*pgt)->vabase < pg_info->va_base) { 1512 *pgt = SLIST_NEXT(*pgt, link); 1513 /* We should have allocated enough */ 1514 assert(*pgt); 1515 } 1516 assert((*pgt)->vabase == pg_info->va_base); 1517 pg_info->table = (*pgt)->tbl; 1518 #else 1519 assert(*pgt); /* We should have allocated enough */ 1520 pg_info->table = (*pgt)->tbl; 1521 *pgt = SLIST_NEXT(*pgt, link); 1522 #endif 1523 1524 core_mmu_set_entry(dir_info, idx, 1525 virt_to_phys(pg_info->table), 1526 pgt_attr); 1527 } 1528 1529 r.size = MIN(CORE_MMU_PGDIR_SIZE - (r.va - pg_info->va_base), 1530 end - r.va); 1531 1532 if (!mobj_is_paged(region->mobj)) { 1533 size_t granule = BIT(pg_info->shift); 1534 size_t offset = r.va - region->va + region->offset; 1535 1536 r.size = MIN(r.size, 1537 mobj_get_phys_granule(region->mobj)); 1538 r.size = ROUNDUP(r.size, SMALL_PAGE_SIZE); 1539 1540 if (mobj_get_pa(region->mobj, offset, granule, 1541 &r.pa) != TEE_SUCCESS) 1542 panic("Failed to get PA of unpaged mobj"); 1543 set_region(pg_info, &r); 1544 } 1545 r.va += r.size; 1546 } 1547 } 1548 1549 static bool can_map_at_level(paddr_t paddr, vaddr_t vaddr, 1550 size_t size_left, paddr_t block_size, 1551 struct tee_mmap_region *mm __maybe_unused) 1552 { 1553 /* VA and PA are aligned to block size at current level */ 1554 if ((vaddr | paddr) & (block_size - 1)) 1555 return false; 1556 1557 /* Remainder fits into block at current level */ 1558 if (size_left < block_size) 1559 return false; 1560 1561 #ifdef CFG_WITH_PAGER 1562 /* 1563 * If pager is enabled, we need to map tee ram 1564 * regions with small pages only 1565 */ 1566 if (map_is_tee_ram(mm) && block_size != SMALL_PAGE_SIZE) 1567 return false; 1568 #endif 1569 1570 return true; 1571 } 1572 1573 void core_mmu_map_region(struct mmu_partition *prtn, struct tee_mmap_region *mm) 1574 { 1575 struct core_mmu_table_info tbl_info; 1576 unsigned int idx; 1577 vaddr_t vaddr = mm->va; 1578 paddr_t paddr = mm->pa; 1579 ssize_t size_left = mm->size; 1580 unsigned int level; 1581 bool table_found; 1582 uint32_t old_attr; 1583 1584 assert(!((vaddr | paddr) & SMALL_PAGE_MASK)); 1585 1586 while (size_left > 0) { 1587 level = CORE_MMU_BASE_TABLE_LEVEL; 1588 1589 while (true) { 1590 paddr_t block_size = 0; 1591 1592 assert(level <= CORE_MMU_PGDIR_LEVEL); 1593 1594 table_found = core_mmu_find_table(prtn, vaddr, level, 1595 &tbl_info); 1596 if (!table_found) 1597 panic("can't find table for mapping"); 1598 1599 block_size = BIT64(tbl_info.shift); 1600 1601 idx = core_mmu_va2idx(&tbl_info, vaddr); 1602 if (!can_map_at_level(paddr, vaddr, size_left, 1603 block_size, mm)) { 1604 bool secure = mm->attr & TEE_MATTR_SECURE; 1605 1606 /* 1607 * This part of the region can't be mapped at 1608 * this level. Need to go deeper. 1609 */ 1610 if (!core_mmu_entry_to_finer_grained(&tbl_info, 1611 idx, 1612 secure)) 1613 panic("Can't divide MMU entry"); 1614 level++; 1615 continue; 1616 } 1617 1618 /* We can map part of the region at current level */ 1619 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1620 if (old_attr) 1621 panic("Page is already mapped"); 1622 1623 core_mmu_set_entry(&tbl_info, idx, paddr, mm->attr); 1624 paddr += block_size; 1625 vaddr += block_size; 1626 size_left -= block_size; 1627 1628 break; 1629 } 1630 } 1631 } 1632 1633 TEE_Result core_mmu_map_pages(vaddr_t vstart, paddr_t *pages, size_t num_pages, 1634 enum teecore_memtypes memtype) 1635 { 1636 TEE_Result ret; 1637 struct core_mmu_table_info tbl_info; 1638 struct tee_mmap_region *mm; 1639 unsigned int idx; 1640 uint32_t old_attr; 1641 uint32_t exceptions; 1642 vaddr_t vaddr = vstart; 1643 size_t i; 1644 bool secure; 1645 1646 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1647 1648 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1649 1650 if (vaddr & SMALL_PAGE_MASK) 1651 return TEE_ERROR_BAD_PARAMETERS; 1652 1653 exceptions = mmu_lock(); 1654 1655 mm = find_map_by_va((void *)vaddr); 1656 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1657 panic("VA does not belong to any known mm region"); 1658 1659 if (!core_mmu_is_dynamic_vaspace(mm)) 1660 panic("Trying to map into static region"); 1661 1662 for (i = 0; i < num_pages; i++) { 1663 if (pages[i] & SMALL_PAGE_MASK) { 1664 ret = TEE_ERROR_BAD_PARAMETERS; 1665 goto err; 1666 } 1667 1668 while (true) { 1669 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1670 &tbl_info)) 1671 panic("Can't find pagetable for vaddr "); 1672 1673 idx = core_mmu_va2idx(&tbl_info, vaddr); 1674 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1675 break; 1676 1677 /* This is supertable. Need to divide it. */ 1678 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1679 secure)) 1680 panic("Failed to spread pgdir on small tables"); 1681 } 1682 1683 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1684 if (old_attr) 1685 panic("Page is already mapped"); 1686 1687 core_mmu_set_entry(&tbl_info, idx, pages[i], 1688 core_mmu_type_to_attr(memtype)); 1689 vaddr += SMALL_PAGE_SIZE; 1690 } 1691 1692 /* 1693 * Make sure all the changes to translation tables are visible 1694 * before returning. TLB doesn't need to be invalidated as we are 1695 * guaranteed that there's no valid mapping in this range. 1696 */ 1697 core_mmu_table_write_barrier(); 1698 mmu_unlock(exceptions); 1699 1700 return TEE_SUCCESS; 1701 err: 1702 mmu_unlock(exceptions); 1703 1704 if (i) 1705 core_mmu_unmap_pages(vstart, i); 1706 1707 return ret; 1708 } 1709 1710 TEE_Result core_mmu_map_contiguous_pages(vaddr_t vstart, paddr_t pstart, 1711 size_t num_pages, 1712 enum teecore_memtypes memtype) 1713 { 1714 struct core_mmu_table_info tbl_info = { }; 1715 struct tee_mmap_region *mm = NULL; 1716 unsigned int idx = 0; 1717 uint32_t old_attr = 0; 1718 uint32_t exceptions = 0; 1719 vaddr_t vaddr = vstart; 1720 paddr_t paddr = pstart; 1721 size_t i = 0; 1722 bool secure = false; 1723 1724 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1725 1726 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1727 1728 if ((vaddr | paddr) & SMALL_PAGE_MASK) 1729 return TEE_ERROR_BAD_PARAMETERS; 1730 1731 exceptions = mmu_lock(); 1732 1733 mm = find_map_by_va((void *)vaddr); 1734 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1735 panic("VA does not belong to any known mm region"); 1736 1737 if (!core_mmu_is_dynamic_vaspace(mm)) 1738 panic("Trying to map into static region"); 1739 1740 for (i = 0; i < num_pages; i++) { 1741 while (true) { 1742 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1743 &tbl_info)) 1744 panic("Can't find pagetable for vaddr "); 1745 1746 idx = core_mmu_va2idx(&tbl_info, vaddr); 1747 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1748 break; 1749 1750 /* This is supertable. Need to divide it. */ 1751 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1752 secure)) 1753 panic("Failed to spread pgdir on small tables"); 1754 } 1755 1756 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1757 if (old_attr) 1758 panic("Page is already mapped"); 1759 1760 core_mmu_set_entry(&tbl_info, idx, paddr, 1761 core_mmu_type_to_attr(memtype)); 1762 paddr += SMALL_PAGE_SIZE; 1763 vaddr += SMALL_PAGE_SIZE; 1764 } 1765 1766 /* 1767 * Make sure all the changes to translation tables are visible 1768 * before returning. TLB doesn't need to be invalidated as we are 1769 * guaranteed that there's no valid mapping in this range. 1770 */ 1771 core_mmu_table_write_barrier(); 1772 mmu_unlock(exceptions); 1773 1774 return TEE_SUCCESS; 1775 } 1776 1777 void core_mmu_unmap_pages(vaddr_t vstart, size_t num_pages) 1778 { 1779 struct core_mmu_table_info tbl_info; 1780 struct tee_mmap_region *mm; 1781 size_t i; 1782 unsigned int idx; 1783 uint32_t exceptions; 1784 1785 exceptions = mmu_lock(); 1786 1787 mm = find_map_by_va((void *)vstart); 1788 if (!mm || !va_is_in_map(mm, vstart + num_pages * SMALL_PAGE_SIZE - 1)) 1789 panic("VA does not belong to any known mm region"); 1790 1791 if (!core_mmu_is_dynamic_vaspace(mm)) 1792 panic("Trying to unmap static region"); 1793 1794 for (i = 0; i < num_pages; i++, vstart += SMALL_PAGE_SIZE) { 1795 if (!core_mmu_find_table(NULL, vstart, UINT_MAX, &tbl_info)) 1796 panic("Can't find pagetable"); 1797 1798 if (tbl_info.shift != SMALL_PAGE_SHIFT) 1799 panic("Invalid pagetable level"); 1800 1801 idx = core_mmu_va2idx(&tbl_info, vstart); 1802 core_mmu_set_entry(&tbl_info, idx, 0, 0); 1803 } 1804 tlbi_all(); 1805 1806 mmu_unlock(exceptions); 1807 } 1808 1809 void core_mmu_populate_user_map(struct core_mmu_table_info *dir_info, 1810 struct user_mode_ctx *uctx) 1811 { 1812 struct core_mmu_table_info pg_info = { }; 1813 struct pgt_cache *pgt_cache = &thread_get_tsd()->pgt_cache; 1814 struct pgt *pgt = NULL; 1815 struct vm_region *r = NULL; 1816 struct vm_region *r_last = NULL; 1817 1818 /* Find the first and last valid entry */ 1819 r = TAILQ_FIRST(&uctx->vm_info.regions); 1820 if (!r) 1821 return; /* Nothing to map */ 1822 r_last = TAILQ_LAST(&uctx->vm_info.regions, vm_region_head); 1823 1824 /* 1825 * Allocate all page tables in advance. 1826 */ 1827 pgt_alloc(pgt_cache, uctx->ts_ctx, r->va, 1828 r_last->va + r_last->size - 1); 1829 pgt = SLIST_FIRST(pgt_cache); 1830 1831 core_mmu_set_info_table(&pg_info, dir_info->level + 1, 0, NULL); 1832 1833 TAILQ_FOREACH(r, &uctx->vm_info.regions, link) 1834 set_pg_region(dir_info, r, &pgt, &pg_info); 1835 } 1836 1837 TEE_Result core_mmu_remove_mapping(enum teecore_memtypes type, void *addr, 1838 size_t len) 1839 { 1840 struct core_mmu_table_info tbl_info = { }; 1841 struct tee_mmap_region *res_map = NULL; 1842 struct tee_mmap_region *map = NULL; 1843 paddr_t pa = virt_to_phys(addr); 1844 size_t granule = 0; 1845 ptrdiff_t i = 0; 1846 paddr_t p = 0; 1847 size_t l = 0; 1848 1849 map = find_map_by_type_and_pa(type, pa, len); 1850 if (!map) 1851 return TEE_ERROR_GENERIC; 1852 1853 res_map = find_map_by_type(MEM_AREA_RES_VASPACE); 1854 if (!res_map) 1855 return TEE_ERROR_GENERIC; 1856 if (!core_mmu_find_table(NULL, res_map->va, UINT_MAX, &tbl_info)) 1857 return TEE_ERROR_GENERIC; 1858 granule = BIT(tbl_info.shift); 1859 1860 if (map < static_memory_map || 1861 map >= static_memory_map + ARRAY_SIZE(static_memory_map)) 1862 return TEE_ERROR_GENERIC; 1863 i = map - static_memory_map; 1864 1865 /* Check that we have a full match */ 1866 p = ROUNDDOWN(pa, granule); 1867 l = ROUNDUP(len + pa - p, granule); 1868 if (map->pa != p || map->size != l) 1869 return TEE_ERROR_GENERIC; 1870 1871 clear_region(&tbl_info, map); 1872 tlbi_all(); 1873 1874 /* If possible remove the va range from res_map */ 1875 if (res_map->va - map->size == map->va) { 1876 res_map->va -= map->size; 1877 res_map->size += map->size; 1878 } 1879 1880 /* Remove the entry. */ 1881 memmove(map, map + 1, 1882 (ARRAY_SIZE(static_memory_map) - i - 1) * sizeof(*map)); 1883 1884 /* Clear the last new entry in case it was used */ 1885 memset(static_memory_map + ARRAY_SIZE(static_memory_map) - 1, 1886 0, sizeof(*map)); 1887 1888 return TEE_SUCCESS; 1889 } 1890 1891 struct tee_mmap_region * 1892 core_mmu_find_mapping_exclusive(enum teecore_memtypes type, size_t len) 1893 { 1894 struct tee_mmap_region *map = NULL; 1895 struct tee_mmap_region *map_found = NULL; 1896 1897 if (!len) 1898 return NULL; 1899 1900 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 1901 if (map->type != type) 1902 continue; 1903 1904 if (map_found) 1905 return NULL; 1906 1907 map_found = map; 1908 } 1909 1910 if (!map_found || map_found->size < len) 1911 return NULL; 1912 1913 return map_found; 1914 } 1915 1916 void *core_mmu_add_mapping(enum teecore_memtypes type, paddr_t addr, size_t len) 1917 { 1918 struct core_mmu_table_info tbl_info; 1919 struct tee_mmap_region *map; 1920 size_t n; 1921 size_t granule; 1922 paddr_t p; 1923 size_t l; 1924 1925 if (!len) 1926 return NULL; 1927 1928 if (!core_mmu_check_end_pa(addr, len)) 1929 return NULL; 1930 1931 /* Check if the memory is already mapped */ 1932 map = find_map_by_type_and_pa(type, addr, len); 1933 if (map && pbuf_inside_map_area(addr, len, map)) 1934 return (void *)(vaddr_t)(map->va + addr - map->pa); 1935 1936 /* Find the reserved va space used for late mappings */ 1937 map = find_map_by_type(MEM_AREA_RES_VASPACE); 1938 if (!map) 1939 return NULL; 1940 1941 if (!core_mmu_find_table(NULL, map->va, UINT_MAX, &tbl_info)) 1942 return NULL; 1943 1944 granule = BIT64(tbl_info.shift); 1945 p = ROUNDDOWN(addr, granule); 1946 l = ROUNDUP(len + addr - p, granule); 1947 1948 /* Ban overflowing virtual addresses */ 1949 if (map->size < l) 1950 return NULL; 1951 1952 /* 1953 * Something is wrong, we can't fit the va range into the selected 1954 * table. The reserved va range is possibly missaligned with 1955 * granule. 1956 */ 1957 if (core_mmu_va2idx(&tbl_info, map->va + len) >= tbl_info.num_entries) 1958 return NULL; 1959 1960 /* Find end of the memory map */ 1961 n = 0; 1962 while (!core_mmap_is_end_of_table(static_memory_map + n)) 1963 n++; 1964 1965 if (n < (ARRAY_SIZE(static_memory_map) - 1)) { 1966 /* There's room for another entry */ 1967 static_memory_map[n].va = map->va; 1968 static_memory_map[n].size = l; 1969 static_memory_map[n + 1].type = MEM_AREA_END; 1970 map->va += l; 1971 map->size -= l; 1972 map = static_memory_map + n; 1973 } else { 1974 /* 1975 * There isn't room for another entry, steal the reserved 1976 * entry as it's not useful for anything else any longer. 1977 */ 1978 map->size = l; 1979 } 1980 map->type = type; 1981 map->region_size = granule; 1982 map->attr = core_mmu_type_to_attr(type); 1983 map->pa = p; 1984 1985 set_region(&tbl_info, map); 1986 1987 /* Make sure the new entry is visible before continuing. */ 1988 core_mmu_table_write_barrier(); 1989 1990 return (void *)(vaddr_t)(map->va + addr - map->pa); 1991 } 1992 1993 #ifdef CFG_WITH_PAGER 1994 static vaddr_t get_linear_map_end(void) 1995 { 1996 /* this is synced with the generic linker file kern.ld.S */ 1997 return (vaddr_t)__heap2_end; 1998 } 1999 #endif 2000 2001 #if defined(CFG_TEE_CORE_DEBUG) 2002 static void check_pa_matches_va(void *va, paddr_t pa) 2003 { 2004 TEE_Result res = TEE_ERROR_GENERIC; 2005 vaddr_t v = (vaddr_t)va; 2006 paddr_t p = 0; 2007 struct core_mmu_table_info ti __maybe_unused = { }; 2008 2009 if (core_mmu_user_va_range_is_defined()) { 2010 vaddr_t user_va_base = 0; 2011 size_t user_va_size = 0; 2012 2013 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 2014 if (v >= user_va_base && 2015 v <= (user_va_base - 1 + user_va_size)) { 2016 if (!core_mmu_user_mapping_is_active()) { 2017 if (pa) 2018 panic("issue in linear address space"); 2019 return; 2020 } 2021 2022 res = vm_va2pa(to_user_mode_ctx(thread_get_tsd()->ctx), 2023 va, &p); 2024 if (res == TEE_ERROR_NOT_SUPPORTED) 2025 return; 2026 if (res == TEE_SUCCESS && pa != p) 2027 panic("bad pa"); 2028 if (res != TEE_SUCCESS && pa) 2029 panic("false pa"); 2030 return; 2031 } 2032 } 2033 #ifdef CFG_WITH_PAGER 2034 if (is_unpaged(va)) { 2035 if (v - boot_mmu_config.load_offset != pa) 2036 panic("issue in linear address space"); 2037 return; 2038 } 2039 2040 if (tee_pager_get_table_info(v, &ti)) { 2041 uint32_t a; 2042 2043 /* 2044 * Lookups in the page table managed by the pager is 2045 * dangerous for addresses in the paged area as those pages 2046 * changes all the time. But some ranges are safe, 2047 * rw-locked areas when the page is populated for instance. 2048 */ 2049 core_mmu_get_entry(&ti, core_mmu_va2idx(&ti, v), &p, &a); 2050 if (a & TEE_MATTR_VALID_BLOCK) { 2051 paddr_t mask = BIT64(ti.shift) - 1; 2052 2053 p |= v & mask; 2054 if (pa != p) 2055 panic(); 2056 } else { 2057 if (pa) 2058 panic(); 2059 } 2060 return; 2061 } 2062 #endif 2063 2064 if (!core_va2pa_helper(va, &p)) { 2065 /* Verfiy only the static mapping (case non null phys addr) */ 2066 if (p && pa != p) { 2067 DMSG("va %p maps 0x%" PRIxPA ", expect 0x%" PRIxPA, 2068 va, p, pa); 2069 panic(); 2070 } 2071 } else { 2072 if (pa) { 2073 DMSG("va %p unmapped, expect 0x%" PRIxPA, va, pa); 2074 panic(); 2075 } 2076 } 2077 } 2078 #else 2079 static void check_pa_matches_va(void *va __unused, paddr_t pa __unused) 2080 { 2081 } 2082 #endif 2083 2084 paddr_t virt_to_phys(void *va) 2085 { 2086 paddr_t pa = 0; 2087 2088 if (!arch_va2pa_helper(va, &pa)) 2089 pa = 0; 2090 check_pa_matches_va(va, pa); 2091 return pa; 2092 } 2093 2094 #if defined(CFG_TEE_CORE_DEBUG) 2095 static void check_va_matches_pa(paddr_t pa, void *va) 2096 { 2097 paddr_t p = 0; 2098 2099 if (!va) 2100 return; 2101 2102 p = virt_to_phys(va); 2103 if (p != pa) { 2104 DMSG("va %p maps 0x%" PRIxPA " expect 0x%" PRIxPA, va, p, pa); 2105 panic(); 2106 } 2107 } 2108 #else 2109 static void check_va_matches_pa(paddr_t pa __unused, void *va __unused) 2110 { 2111 } 2112 #endif 2113 2114 static void *phys_to_virt_ts_vaspace(paddr_t pa, size_t len) 2115 { 2116 if (!core_mmu_user_mapping_is_active()) 2117 return NULL; 2118 2119 return vm_pa2va(to_user_mode_ctx(thread_get_tsd()->ctx), pa, len); 2120 } 2121 2122 #ifdef CFG_WITH_PAGER 2123 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2124 { 2125 paddr_t end_pa = 0; 2126 2127 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 2128 return NULL; 2129 2130 if (pa >= TEE_LOAD_ADDR && pa < get_linear_map_end()) { 2131 if (end_pa > get_linear_map_end()) 2132 return NULL; 2133 return (void *)(vaddr_t)(pa + boot_mmu_config.load_offset); 2134 } 2135 2136 return tee_pager_phys_to_virt(pa, len); 2137 } 2138 #else 2139 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2140 { 2141 struct tee_mmap_region *mmap = NULL; 2142 2143 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM, pa, len); 2144 if (!mmap) 2145 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RW, pa, len); 2146 if (!mmap) 2147 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RO, pa, len); 2148 if (!mmap) 2149 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RW, pa, len); 2150 if (!mmap) 2151 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RO, pa, len); 2152 if (!mmap) 2153 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RX, pa, len); 2154 /* 2155 * Note that MEM_AREA_INIT_RAM_RO and MEM_AREA_INIT_RAM_RX are only 2156 * used with pager and not needed here. 2157 */ 2158 return map_pa2va(mmap, pa, len); 2159 } 2160 #endif 2161 2162 void *phys_to_virt(paddr_t pa, enum teecore_memtypes m, size_t len) 2163 { 2164 void *va = NULL; 2165 2166 switch (m) { 2167 case MEM_AREA_TS_VASPACE: 2168 va = phys_to_virt_ts_vaspace(pa, len); 2169 break; 2170 case MEM_AREA_TEE_RAM: 2171 case MEM_AREA_TEE_RAM_RX: 2172 case MEM_AREA_TEE_RAM_RO: 2173 case MEM_AREA_TEE_RAM_RW: 2174 case MEM_AREA_NEX_RAM_RO: 2175 case MEM_AREA_NEX_RAM_RW: 2176 va = phys_to_virt_tee_ram(pa, len); 2177 break; 2178 case MEM_AREA_SHM_VASPACE: 2179 /* Find VA from PA in dynamic SHM is not yet supported */ 2180 va = NULL; 2181 break; 2182 default: 2183 va = map_pa2va(find_map_by_type_and_pa(m, pa, len), pa, len); 2184 } 2185 if (m != MEM_AREA_SEC_RAM_OVERALL) 2186 check_va_matches_pa(pa, va); 2187 return va; 2188 } 2189 2190 void *phys_to_virt_io(paddr_t pa, size_t len) 2191 { 2192 struct tee_mmap_region *map = NULL; 2193 void *va = NULL; 2194 2195 map = find_map_by_type_and_pa(MEM_AREA_IO_SEC, pa, len); 2196 if (!map) 2197 map = find_map_by_type_and_pa(MEM_AREA_IO_NSEC, pa, len); 2198 if (!map) 2199 return NULL; 2200 va = map_pa2va(map, pa, len); 2201 check_va_matches_pa(pa, va); 2202 return va; 2203 } 2204 2205 vaddr_t core_mmu_get_va(paddr_t pa, enum teecore_memtypes type, size_t len) 2206 { 2207 if (cpu_mmu_enabled()) 2208 return (vaddr_t)phys_to_virt(pa, type, len); 2209 2210 return (vaddr_t)pa; 2211 } 2212 2213 #ifdef CFG_WITH_PAGER 2214 bool is_unpaged(void *va) 2215 { 2216 vaddr_t v = (vaddr_t)va; 2217 2218 return v >= VCORE_START_VA && v < get_linear_map_end(); 2219 } 2220 #else 2221 bool is_unpaged(void *va __unused) 2222 { 2223 return true; 2224 } 2225 #endif 2226 2227 void core_mmu_init_virtualization(void) 2228 { 2229 virt_init_memory(static_memory_map); 2230 } 2231 2232 vaddr_t io_pa_or_va(struct io_pa_va *p, size_t len) 2233 { 2234 assert(p->pa); 2235 if (cpu_mmu_enabled()) { 2236 if (!p->va) 2237 p->va = (vaddr_t)phys_to_virt_io(p->pa, len); 2238 assert(p->va); 2239 return p->va; 2240 } 2241 return p->pa; 2242 } 2243 2244 vaddr_t io_pa_or_va_secure(struct io_pa_va *p, size_t len) 2245 { 2246 assert(p->pa); 2247 if (cpu_mmu_enabled()) { 2248 if (!p->va) 2249 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_SEC, 2250 len); 2251 assert(p->va); 2252 return p->va; 2253 } 2254 return p->pa; 2255 } 2256 2257 vaddr_t io_pa_or_va_nsec(struct io_pa_va *p, size_t len) 2258 { 2259 assert(p->pa); 2260 if (cpu_mmu_enabled()) { 2261 if (!p->va) 2262 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_NSEC, 2263 len); 2264 assert(p->va); 2265 return p->va; 2266 } 2267 return p->pa; 2268 } 2269 2270 #ifdef CFG_CORE_RESERVED_SHM 2271 static TEE_Result teecore_init_pub_ram(void) 2272 { 2273 vaddr_t s = 0; 2274 vaddr_t e = 0; 2275 2276 /* get virtual addr/size of NSec shared mem allocated from teecore */ 2277 core_mmu_get_mem_by_type(MEM_AREA_NSEC_SHM, &s, &e); 2278 2279 if (s >= e || s & SMALL_PAGE_MASK || e & SMALL_PAGE_MASK) 2280 panic("invalid PUB RAM"); 2281 2282 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2283 if (!tee_vbuf_is_non_sec(s, e - s)) 2284 panic("PUB RAM is not non-secure"); 2285 2286 #ifdef CFG_PL310 2287 /* Allocate statically the l2cc mutex */ 2288 tee_l2cc_store_mutex_boot_pa(virt_to_phys((void *)s)); 2289 s += sizeof(uint32_t); /* size of a pl310 mutex */ 2290 s = ROUNDUP(s, SMALL_PAGE_SIZE); /* keep required alignment */ 2291 #endif 2292 2293 default_nsec_shm_paddr = virt_to_phys((void *)s); 2294 default_nsec_shm_size = e - s; 2295 2296 return TEE_SUCCESS; 2297 } 2298 early_init(teecore_init_pub_ram); 2299 #endif /*CFG_CORE_RESERVED_SHM*/ 2300 2301 void core_mmu_init_ta_ram(void) 2302 { 2303 vaddr_t s = 0; 2304 vaddr_t e = 0; 2305 paddr_t ps = 0; 2306 size_t size = 0; 2307 2308 /* 2309 * Get virtual addr/size of RAM where TA are loaded/executedNSec 2310 * shared mem allocated from teecore. 2311 */ 2312 if (IS_ENABLED(CFG_VIRTUALIZATION)) 2313 virt_get_ta_ram(&s, &e); 2314 else 2315 core_mmu_get_mem_by_type(MEM_AREA_TA_RAM, &s, &e); 2316 2317 ps = virt_to_phys((void *)s); 2318 size = e - s; 2319 2320 if (!ps || (ps & CORE_MMU_USER_CODE_MASK) || 2321 !size || (size & CORE_MMU_USER_CODE_MASK)) 2322 panic("invalid TA RAM"); 2323 2324 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2325 if (!tee_pbuf_is_sec(ps, size)) 2326 panic("TA RAM is not secure"); 2327 2328 if (!tee_mm_is_empty(&tee_mm_sec_ddr)) 2329 panic("TA RAM pool is not empty"); 2330 2331 /* remove previous config and init TA ddr memory pool */ 2332 tee_mm_final(&tee_mm_sec_ddr); 2333 tee_mm_init(&tee_mm_sec_ddr, ps, size, CORE_MMU_USER_CODE_SHIFT, 2334 TEE_MM_POOL_NO_FLAGS); 2335 } 2336