1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2016, 2022 Linaro Limited 4 * Copyright (c) 2014, STMicroelectronics International N.V. 5 * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. 6 */ 7 8 #include <assert.h> 9 #include <config.h> 10 #include <kernel/boot.h> 11 #include <kernel/dt.h> 12 #include <kernel/linker.h> 13 #include <kernel/panic.h> 14 #include <kernel/spinlock.h> 15 #include <kernel/tee_l2cc_mutex.h> 16 #include <kernel/tee_misc.h> 17 #include <kernel/tlb_helpers.h> 18 #include <kernel/user_mode_ctx.h> 19 #include <kernel/virtualization.h> 20 #include <libfdt.h> 21 #include <memtag.h> 22 #include <mm/core_memprot.h> 23 #include <mm/core_mmu.h> 24 #include <mm/mobj.h> 25 #include <mm/pgt_cache.h> 26 #include <mm/phys_mem.h> 27 #include <mm/tee_pager.h> 28 #include <mm/vm.h> 29 #include <platform_config.h> 30 #include <stdalign.h> 31 #include <string.h> 32 #include <trace.h> 33 #include <util.h> 34 35 #ifndef DEBUG_XLAT_TABLE 36 #define DEBUG_XLAT_TABLE 0 37 #endif 38 39 #define SHM_VASPACE_SIZE (1024 * 1024 * 32) 40 41 /* Virtual memory pool for core mappings */ 42 tee_mm_pool_t core_virt_mem_pool; 43 44 /* Virtual memory pool for shared memory mappings */ 45 tee_mm_pool_t core_virt_shm_pool; 46 47 #ifdef CFG_CORE_PHYS_RELOCATABLE 48 unsigned long core_mmu_tee_load_pa __nex_bss; 49 #else 50 const unsigned long core_mmu_tee_load_pa = TEE_LOAD_ADDR; 51 #endif 52 53 /* 54 * These variables are initialized before .bss is cleared. To avoid 55 * resetting them when .bss is cleared we're storing them in .data instead, 56 * even if they initially are zero. 57 */ 58 59 #ifdef CFG_CORE_RESERVED_SHM 60 /* Default NSec shared memory allocated from NSec world */ 61 unsigned long default_nsec_shm_size __nex_bss; 62 unsigned long default_nsec_shm_paddr __nex_bss; 63 #endif 64 65 static struct tee_mmap_region static_mmap_regions[CFG_MMAP_REGIONS 66 #if defined(CFG_CORE_ASLR) || defined(CFG_CORE_PHYS_RELOCATABLE) 67 + 1 68 #endif 69 + 4] __nex_bss; 70 static struct memory_map static_memory_map __nex_data = { 71 .map = static_mmap_regions, 72 .alloc_count = ARRAY_SIZE(static_mmap_regions), 73 }; 74 75 /* Offset of the first TEE RAM mapping from start of secure RAM */ 76 static size_t tee_ram_initial_offs __nex_bss; 77 78 /* Define the platform's memory layout. */ 79 struct memaccess_area { 80 paddr_t paddr; 81 size_t size; 82 }; 83 84 #define MEMACCESS_AREA(a, s) { .paddr = a, .size = s } 85 86 static struct memaccess_area secure_only[] __nex_data = { 87 #ifdef CFG_CORE_PHYS_RELOCATABLE 88 MEMACCESS_AREA(0, 0), 89 #else 90 #ifdef TRUSTED_SRAM_BASE 91 MEMACCESS_AREA(TRUSTED_SRAM_BASE, TRUSTED_SRAM_SIZE), 92 #endif 93 MEMACCESS_AREA(TRUSTED_DRAM_BASE, TRUSTED_DRAM_SIZE), 94 #endif 95 }; 96 97 static struct memaccess_area nsec_shared[] __nex_data = { 98 #ifdef CFG_CORE_RESERVED_SHM 99 MEMACCESS_AREA(TEE_SHMEM_START, TEE_SHMEM_SIZE), 100 #endif 101 }; 102 103 #if defined(CFG_SECURE_DATA_PATH) 104 static const char *tz_sdp_match = "linaro,secure-heap"; 105 static struct memaccess_area sec_sdp; 106 #ifdef CFG_TEE_SDP_MEM_BASE 107 register_sdp_mem(CFG_TEE_SDP_MEM_BASE, CFG_TEE_SDP_MEM_SIZE); 108 #endif 109 #ifdef TEE_SDP_TEST_MEM_BASE 110 register_sdp_mem(TEE_SDP_TEST_MEM_BASE, TEE_SDP_TEST_MEM_SIZE); 111 #endif 112 #endif 113 114 #ifdef CFG_CORE_RESERVED_SHM 115 register_phys_mem(MEM_AREA_NSEC_SHM, TEE_SHMEM_START, TEE_SHMEM_SIZE); 116 #endif 117 static unsigned int mmu_spinlock; 118 119 static uint32_t mmu_lock(void) 120 { 121 return cpu_spin_lock_xsave(&mmu_spinlock); 122 } 123 124 static void mmu_unlock(uint32_t exceptions) 125 { 126 cpu_spin_unlock_xrestore(&mmu_spinlock, exceptions); 127 } 128 129 static void grow_mem_map(struct memory_map *mem_map) 130 { 131 if (mem_map->count == mem_map->alloc_count) { 132 EMSG("Out of entries (%zu) in mem_map", mem_map->alloc_count); 133 panic(); 134 } 135 mem_map->count++; 136 } 137 138 void core_mmu_get_secure_memory(paddr_t *base, paddr_size_t *size) 139 { 140 /* 141 * The first range is always used to cover OP-TEE core memory, but 142 * depending on configuration it may cover more than that. 143 */ 144 *base = secure_only[0].paddr; 145 *size = secure_only[0].size; 146 } 147 148 void core_mmu_set_secure_memory(paddr_t base, size_t size) 149 { 150 #ifdef CFG_CORE_PHYS_RELOCATABLE 151 static_assert(ARRAY_SIZE(secure_only) == 1); 152 #endif 153 runtime_assert(IS_ENABLED(CFG_CORE_PHYS_RELOCATABLE)); 154 assert(!secure_only[0].size); 155 assert(base && size); 156 157 DMSG("Physical secure memory base %#"PRIxPA" size %#zx", base, size); 158 secure_only[0].paddr = base; 159 secure_only[0].size = size; 160 } 161 162 void core_mmu_get_ta_range(paddr_t *base, size_t *size) 163 { 164 paddr_t b = 0; 165 size_t s = 0; 166 167 static_assert(!(TEE_RAM_VA_SIZE % SMALL_PAGE_SIZE)); 168 #ifdef TA_RAM_START 169 b = TA_RAM_START; 170 s = TA_RAM_SIZE; 171 #else 172 static_assert(ARRAY_SIZE(secure_only) <= 2); 173 if (ARRAY_SIZE(secure_only) == 1) { 174 vaddr_t load_offs = 0; 175 176 assert(core_mmu_tee_load_pa >= secure_only[0].paddr); 177 load_offs = core_mmu_tee_load_pa - secure_only[0].paddr; 178 179 assert(secure_only[0].size > 180 load_offs + TEE_RAM_VA_SIZE + TEE_SDP_TEST_MEM_SIZE); 181 b = secure_only[0].paddr + load_offs + TEE_RAM_VA_SIZE; 182 s = secure_only[0].size - load_offs - TEE_RAM_VA_SIZE - 183 TEE_SDP_TEST_MEM_SIZE; 184 } else { 185 assert(secure_only[1].size > TEE_SDP_TEST_MEM_SIZE); 186 b = secure_only[1].paddr; 187 s = secure_only[1].size - TEE_SDP_TEST_MEM_SIZE; 188 } 189 #endif 190 if (base) 191 *base = b; 192 if (size) 193 *size = s; 194 } 195 196 static struct memory_map *get_memory_map(void) 197 { 198 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 199 struct memory_map *map = virt_get_memory_map(); 200 201 if (map) 202 return map; 203 } 204 205 return &static_memory_map; 206 } 207 208 static bool _pbuf_intersects(struct memaccess_area *a, size_t alen, 209 paddr_t pa, size_t size) 210 { 211 size_t n; 212 213 for (n = 0; n < alen; n++) 214 if (core_is_buffer_intersect(pa, size, a[n].paddr, a[n].size)) 215 return true; 216 return false; 217 } 218 219 #define pbuf_intersects(a, pa, size) \ 220 _pbuf_intersects((a), ARRAY_SIZE(a), (pa), (size)) 221 222 static bool _pbuf_is_inside(struct memaccess_area *a, size_t alen, 223 paddr_t pa, size_t size) 224 { 225 size_t n; 226 227 for (n = 0; n < alen; n++) 228 if (core_is_buffer_inside(pa, size, a[n].paddr, a[n].size)) 229 return true; 230 return false; 231 } 232 233 #define pbuf_is_inside(a, pa, size) \ 234 _pbuf_is_inside((a), ARRAY_SIZE(a), (pa), (size)) 235 236 static bool pa_is_in_map(struct tee_mmap_region *map, paddr_t pa, size_t len) 237 { 238 paddr_t end_pa = 0; 239 240 if (!map) 241 return false; 242 243 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 244 return false; 245 246 return (pa >= map->pa && end_pa <= map->pa + map->size - 1); 247 } 248 249 static bool va_is_in_map(struct tee_mmap_region *map, vaddr_t va) 250 { 251 if (!map) 252 return false; 253 return (va >= map->va && va <= (map->va + map->size - 1)); 254 } 255 256 /* check if target buffer fits in a core default map area */ 257 static bool pbuf_inside_map_area(unsigned long p, size_t l, 258 struct tee_mmap_region *map) 259 { 260 return core_is_buffer_inside(p, l, map->pa, map->size); 261 } 262 263 TEE_Result core_mmu_for_each_map(void *ptr, 264 TEE_Result (*fn)(struct tee_mmap_region *map, 265 void *ptr)) 266 { 267 struct memory_map *mem_map = get_memory_map(); 268 TEE_Result res = TEE_SUCCESS; 269 size_t n = 0; 270 271 for (n = 0; n < mem_map->count; n++) { 272 res = fn(mem_map->map + n, ptr); 273 if (res) 274 return res; 275 } 276 277 return TEE_SUCCESS; 278 } 279 280 static struct tee_mmap_region *find_map_by_type(enum teecore_memtypes type) 281 { 282 struct memory_map *mem_map = get_memory_map(); 283 size_t n = 0; 284 285 for (n = 0; n < mem_map->count; n++) { 286 if (mem_map->map[n].type == type) 287 return mem_map->map + n; 288 } 289 return NULL; 290 } 291 292 static struct tee_mmap_region * 293 find_map_by_type_and_pa(enum teecore_memtypes type, paddr_t pa, size_t len) 294 { 295 struct memory_map *mem_map = get_memory_map(); 296 size_t n = 0; 297 298 for (n = 0; n < mem_map->count; n++) { 299 if (mem_map->map[n].type != type) 300 continue; 301 if (pa_is_in_map(mem_map->map + n, pa, len)) 302 return mem_map->map + n; 303 } 304 return NULL; 305 } 306 307 static struct tee_mmap_region *find_map_by_va(void *va) 308 { 309 struct memory_map *mem_map = get_memory_map(); 310 vaddr_t a = (vaddr_t)va; 311 size_t n = 0; 312 313 for (n = 0; n < mem_map->count; n++) { 314 if (a >= mem_map->map[n].va && 315 a <= (mem_map->map[n].va - 1 + mem_map->map[n].size)) 316 return mem_map->map + n; 317 } 318 319 return NULL; 320 } 321 322 static struct tee_mmap_region *find_map_by_pa(unsigned long pa) 323 { 324 struct memory_map *mem_map = get_memory_map(); 325 size_t n = 0; 326 327 for (n = 0; n < mem_map->count; n++) { 328 /* Skip unmapped regions */ 329 if ((mem_map->map[n].attr & TEE_MATTR_VALID_BLOCK) && 330 pa >= mem_map->map[n].pa && 331 pa <= (mem_map->map[n].pa - 1 + mem_map->map[n].size)) 332 return mem_map->map + n; 333 } 334 335 return NULL; 336 } 337 338 #if defined(CFG_SECURE_DATA_PATH) 339 static bool dtb_get_sdp_region(void) 340 { 341 void *fdt = NULL; 342 int node = 0; 343 int tmp_node = 0; 344 paddr_t tmp_addr = 0; 345 size_t tmp_size = 0; 346 347 if (!IS_ENABLED(CFG_EMBED_DTB)) 348 return false; 349 350 fdt = get_embedded_dt(); 351 if (!fdt) 352 panic("No DTB found"); 353 354 node = fdt_node_offset_by_compatible(fdt, -1, tz_sdp_match); 355 if (node < 0) { 356 DMSG("No %s compatible node found", tz_sdp_match); 357 return false; 358 } 359 tmp_node = node; 360 while (tmp_node >= 0) { 361 tmp_node = fdt_node_offset_by_compatible(fdt, tmp_node, 362 tz_sdp_match); 363 if (tmp_node >= 0) 364 DMSG("Ignore SDP pool node %s, supports only 1 node", 365 fdt_get_name(fdt, tmp_node, NULL)); 366 } 367 368 if (fdt_reg_info(fdt, node, &tmp_addr, &tmp_size)) { 369 EMSG("%s: Unable to get base addr or size from DT", 370 tz_sdp_match); 371 return false; 372 } 373 374 sec_sdp.paddr = tmp_addr; 375 sec_sdp.size = tmp_size; 376 377 return true; 378 } 379 #endif 380 381 #if defined(CFG_CORE_DYN_SHM) || defined(CFG_SECURE_DATA_PATH) 382 static bool pbuf_is_special_mem(paddr_t pbuf, size_t len, 383 const struct core_mmu_phys_mem *start, 384 const struct core_mmu_phys_mem *end) 385 { 386 const struct core_mmu_phys_mem *mem; 387 388 for (mem = start; mem < end; mem++) { 389 if (core_is_buffer_inside(pbuf, len, mem->addr, mem->size)) 390 return true; 391 } 392 393 return false; 394 } 395 #endif 396 397 #ifdef CFG_CORE_DYN_SHM 398 static void carve_out_phys_mem(struct core_mmu_phys_mem **mem, size_t *nelems, 399 paddr_t pa, size_t size) 400 { 401 struct core_mmu_phys_mem *m = *mem; 402 size_t n = 0; 403 404 while (true) { 405 if (n >= *nelems) { 406 DMSG("No need to carve out %#" PRIxPA " size %#zx", 407 pa, size); 408 return; 409 } 410 if (core_is_buffer_inside(pa, size, m[n].addr, m[n].size)) 411 break; 412 if (!core_is_buffer_outside(pa, size, m[n].addr, m[n].size)) 413 panic(); 414 n++; 415 } 416 417 if (pa == m[n].addr && size == m[n].size) { 418 /* Remove this entry */ 419 (*nelems)--; 420 memmove(m + n, m + n + 1, sizeof(*m) * (*nelems - n)); 421 m = nex_realloc(m, sizeof(*m) * *nelems); 422 if (!m) 423 panic(); 424 *mem = m; 425 } else if (pa == m[n].addr) { 426 m[n].addr += size; 427 m[n].size -= size; 428 } else if ((pa + size) == (m[n].addr + m[n].size)) { 429 m[n].size -= size; 430 } else { 431 /* Need to split the memory entry */ 432 m = nex_realloc(m, sizeof(*m) * (*nelems + 1)); 433 if (!m) 434 panic(); 435 *mem = m; 436 memmove(m + n + 1, m + n, sizeof(*m) * (*nelems - n)); 437 (*nelems)++; 438 m[n].size = pa - m[n].addr; 439 m[n + 1].size -= size + m[n].size; 440 m[n + 1].addr = pa + size; 441 } 442 } 443 444 static void check_phys_mem_is_outside(struct core_mmu_phys_mem *start, 445 size_t nelems, 446 struct tee_mmap_region *map) 447 { 448 size_t n; 449 450 for (n = 0; n < nelems; n++) { 451 if (!core_is_buffer_outside(start[n].addr, start[n].size, 452 map->pa, map->size)) { 453 EMSG("Non-sec mem (%#" PRIxPA ":%#" PRIxPASZ 454 ") overlaps map (type %d %#" PRIxPA ":%#zx)", 455 start[n].addr, start[n].size, 456 map->type, map->pa, map->size); 457 panic(); 458 } 459 } 460 } 461 462 static const struct core_mmu_phys_mem *discovered_nsec_ddr_start __nex_bss; 463 static size_t discovered_nsec_ddr_nelems __nex_bss; 464 465 static int cmp_pmem_by_addr(const void *a, const void *b) 466 { 467 const struct core_mmu_phys_mem *pmem_a = a; 468 const struct core_mmu_phys_mem *pmem_b = b; 469 470 return CMP_TRILEAN(pmem_a->addr, pmem_b->addr); 471 } 472 473 void core_mmu_set_discovered_nsec_ddr(struct core_mmu_phys_mem *start, 474 size_t nelems) 475 { 476 struct core_mmu_phys_mem *m = start; 477 size_t num_elems = nelems; 478 struct memory_map *mem_map = &static_memory_map; 479 const struct core_mmu_phys_mem __maybe_unused *pmem; 480 size_t n = 0; 481 482 assert(!discovered_nsec_ddr_start); 483 assert(m && num_elems); 484 485 qsort(m, num_elems, sizeof(*m), cmp_pmem_by_addr); 486 487 /* 488 * Non-secure shared memory and also secure data 489 * path memory are supposed to reside inside 490 * non-secure memory. Since NSEC_SHM and SDP_MEM 491 * are used for a specific purpose make holes for 492 * those memory in the normal non-secure memory. 493 * 494 * This has to be done since for instance QEMU 495 * isn't aware of which memory range in the 496 * non-secure memory is used for NSEC_SHM. 497 */ 498 499 #ifdef CFG_SECURE_DATA_PATH 500 if (dtb_get_sdp_region()) 501 carve_out_phys_mem(&m, &num_elems, sec_sdp.paddr, sec_sdp.size); 502 503 for (pmem = phys_sdp_mem_begin; pmem < phys_sdp_mem_end; pmem++) 504 carve_out_phys_mem(&m, &num_elems, pmem->addr, pmem->size); 505 #endif 506 507 for (n = 0; n < ARRAY_SIZE(secure_only); n++) 508 carve_out_phys_mem(&m, &num_elems, secure_only[n].paddr, 509 secure_only[n].size); 510 511 for (n = 0; n < mem_map->count; n++) { 512 switch (mem_map->map[n].type) { 513 case MEM_AREA_NSEC_SHM: 514 carve_out_phys_mem(&m, &num_elems, mem_map->map[n].pa, 515 mem_map->map[n].size); 516 break; 517 case MEM_AREA_EXT_DT: 518 case MEM_AREA_MANIFEST_DT: 519 case MEM_AREA_RAM_NSEC: 520 case MEM_AREA_RES_VASPACE: 521 case MEM_AREA_SHM_VASPACE: 522 case MEM_AREA_TS_VASPACE: 523 case MEM_AREA_PAGER_VASPACE: 524 break; 525 default: 526 check_phys_mem_is_outside(m, num_elems, 527 mem_map->map + n); 528 } 529 } 530 531 discovered_nsec_ddr_start = m; 532 discovered_nsec_ddr_nelems = num_elems; 533 534 if (!core_mmu_check_end_pa(m[num_elems - 1].addr, 535 m[num_elems - 1].size)) 536 panic(); 537 } 538 539 static bool get_discovered_nsec_ddr(const struct core_mmu_phys_mem **start, 540 const struct core_mmu_phys_mem **end) 541 { 542 if (!discovered_nsec_ddr_start) 543 return false; 544 545 *start = discovered_nsec_ddr_start; 546 *end = discovered_nsec_ddr_start + discovered_nsec_ddr_nelems; 547 548 return true; 549 } 550 551 static bool pbuf_is_nsec_ddr(paddr_t pbuf, size_t len) 552 { 553 const struct core_mmu_phys_mem *start; 554 const struct core_mmu_phys_mem *end; 555 556 if (!get_discovered_nsec_ddr(&start, &end)) 557 return false; 558 559 return pbuf_is_special_mem(pbuf, len, start, end); 560 } 561 562 bool core_mmu_nsec_ddr_is_defined(void) 563 { 564 const struct core_mmu_phys_mem *start; 565 const struct core_mmu_phys_mem *end; 566 567 if (!get_discovered_nsec_ddr(&start, &end)) 568 return false; 569 570 return start != end; 571 } 572 #else 573 static bool pbuf_is_nsec_ddr(paddr_t pbuf __unused, size_t len __unused) 574 { 575 return false; 576 } 577 #endif /*CFG_CORE_DYN_SHM*/ 578 579 #define MSG_MEM_INSTERSECT(pa1, sz1, pa2, sz2) \ 580 EMSG("[%" PRIxPA " %" PRIx64 "] intersects [%" PRIxPA " %" PRIx64 "]", \ 581 pa1, (uint64_t)pa1 + (sz1), pa2, (uint64_t)pa2 + (sz2)) 582 583 #ifdef CFG_SECURE_DATA_PATH 584 static bool pbuf_is_sdp_mem(paddr_t pbuf, size_t len) 585 { 586 bool is_sdp_mem = false; 587 588 if (sec_sdp.size) 589 is_sdp_mem = core_is_buffer_inside(pbuf, len, sec_sdp.paddr, 590 sec_sdp.size); 591 592 if (!is_sdp_mem) 593 is_sdp_mem = pbuf_is_special_mem(pbuf, len, phys_sdp_mem_begin, 594 phys_sdp_mem_end); 595 596 return is_sdp_mem; 597 } 598 599 static struct mobj *core_sdp_mem_alloc_mobj(paddr_t pa, size_t size) 600 { 601 struct mobj *mobj = mobj_phys_alloc(pa, size, TEE_MATTR_MEM_TYPE_CACHED, 602 CORE_MEM_SDP_MEM); 603 604 if (!mobj) 605 panic("can't create SDP physical memory object"); 606 607 return mobj; 608 } 609 610 struct mobj **core_sdp_mem_create_mobjs(void) 611 { 612 const struct core_mmu_phys_mem *mem = NULL; 613 struct mobj **mobj_base = NULL; 614 struct mobj **mobj = NULL; 615 int cnt = phys_sdp_mem_end - phys_sdp_mem_begin; 616 617 if (sec_sdp.size) 618 cnt++; 619 620 /* SDP mobjs table must end with a NULL entry */ 621 mobj_base = calloc(cnt + 1, sizeof(struct mobj *)); 622 if (!mobj_base) 623 panic("Out of memory"); 624 625 mobj = mobj_base; 626 627 for (mem = phys_sdp_mem_begin; mem < phys_sdp_mem_end; mem++, mobj++) 628 *mobj = core_sdp_mem_alloc_mobj(mem->addr, mem->size); 629 630 if (sec_sdp.size) 631 *mobj = core_sdp_mem_alloc_mobj(sec_sdp.paddr, sec_sdp.size); 632 633 return mobj_base; 634 } 635 636 #else /* CFG_SECURE_DATA_PATH */ 637 static bool pbuf_is_sdp_mem(paddr_t pbuf __unused, size_t len __unused) 638 { 639 return false; 640 } 641 642 #endif /* CFG_SECURE_DATA_PATH */ 643 644 /* Check special memories comply with registered memories */ 645 static void verify_special_mem_areas(struct memory_map *mem_map, 646 const struct core_mmu_phys_mem *start, 647 const struct core_mmu_phys_mem *end, 648 const char *area_name __maybe_unused) 649 { 650 const struct core_mmu_phys_mem *mem = NULL; 651 const struct core_mmu_phys_mem *mem2 = NULL; 652 size_t n = 0; 653 654 if (start == end) { 655 DMSG("No %s memory area defined", area_name); 656 return; 657 } 658 659 for (mem = start; mem < end; mem++) 660 DMSG("%s memory [%" PRIxPA " %" PRIx64 "]", 661 area_name, mem->addr, (uint64_t)mem->addr + mem->size); 662 663 /* Check memories do not intersect each other */ 664 for (mem = start; mem + 1 < end; mem++) { 665 for (mem2 = mem + 1; mem2 < end; mem2++) { 666 if (core_is_buffer_intersect(mem2->addr, mem2->size, 667 mem->addr, mem->size)) { 668 MSG_MEM_INSTERSECT(mem2->addr, mem2->size, 669 mem->addr, mem->size); 670 panic("Special memory intersection"); 671 } 672 } 673 } 674 675 /* 676 * Check memories do not intersect any mapped memory. 677 * This is called before reserved VA space is loaded in mem_map. 678 */ 679 for (mem = start; mem < end; mem++) { 680 for (n = 0; n < mem_map->count; n++) { 681 if (core_is_buffer_intersect(mem->addr, mem->size, 682 mem_map->map[n].pa, 683 mem_map->map[n].size)) { 684 MSG_MEM_INSTERSECT(mem->addr, mem->size, 685 mem_map->map[n].pa, 686 mem_map->map[n].size); 687 panic("Special memory intersection"); 688 } 689 } 690 } 691 } 692 693 static void merge_mmaps(struct tee_mmap_region *dst, 694 const struct tee_mmap_region *src) 695 { 696 paddr_t end_pa = MAX(dst->pa + dst->size - 1, src->pa + src->size - 1); 697 paddr_t pa = MIN(dst->pa, src->pa); 698 699 DMSG("Merging %#"PRIxPA"..%#"PRIxPA" and %#"PRIxPA"..%#"PRIxPA, 700 dst->pa, dst->pa + dst->size - 1, src->pa, 701 src->pa + src->size - 1); 702 dst->pa = pa; 703 dst->size = end_pa - pa + 1; 704 } 705 706 static bool mmaps_are_mergeable(const struct tee_mmap_region *r1, 707 const struct tee_mmap_region *r2) 708 { 709 if (r1->type != r2->type) 710 return false; 711 712 if (r1->pa == r2->pa) 713 return true; 714 715 if (r1->pa < r2->pa) 716 return r1->pa + r1->size >= r2->pa; 717 else 718 return r2->pa + r2->size >= r1->pa; 719 } 720 721 static void add_phys_mem(struct memory_map *mem_map, 722 const char *mem_name __maybe_unused, 723 enum teecore_memtypes mem_type, 724 paddr_t mem_addr, paddr_size_t mem_size) 725 { 726 size_t n = 0; 727 const struct tee_mmap_region m0 = { 728 .type = mem_type, 729 .pa = mem_addr, 730 .size = mem_size, 731 }; 732 733 if (!mem_size) /* Discard null size entries */ 734 return; 735 736 /* 737 * If some ranges of memory of the same type do overlap 738 * each others they are coalesced into one entry. To help this 739 * added entries are sorted by increasing physical. 740 * 741 * Note that it's valid to have the same physical memory as several 742 * different memory types, for instance the same device memory 743 * mapped as both secure and non-secure. This will probably not 744 * happen often in practice. 745 */ 746 DMSG("%s type %s 0x%08" PRIxPA " size 0x%08" PRIxPASZ, 747 mem_name, teecore_memtype_name(mem_type), mem_addr, mem_size); 748 for (n = 0; n < mem_map->count; n++) { 749 if (mmaps_are_mergeable(mem_map->map + n, &m0)) { 750 merge_mmaps(mem_map->map + n, &m0); 751 /* 752 * The merged result might be mergeable with the 753 * next or previous entry. 754 */ 755 if (n + 1 < mem_map->count && 756 mmaps_are_mergeable(mem_map->map + n, 757 mem_map->map + n + 1)) { 758 merge_mmaps(mem_map->map + n, 759 mem_map->map + n + 1); 760 rem_array_elem(mem_map->map, mem_map->count, 761 sizeof(*mem_map->map), n + 1); 762 mem_map->count--; 763 } 764 if (n > 0 && mmaps_are_mergeable(mem_map->map + n - 1, 765 mem_map->map + n)) { 766 merge_mmaps(mem_map->map + n - 1, 767 mem_map->map + n); 768 rem_array_elem(mem_map->map, mem_map->count, 769 sizeof(*mem_map->map), n); 770 mem_map->count--; 771 } 772 return; 773 } 774 if (mem_type < mem_map->map[n].type || 775 (mem_type == mem_map->map[n].type && 776 mem_addr < mem_map->map[n].pa)) 777 break; /* found the spot where to insert this memory */ 778 } 779 780 grow_mem_map(mem_map); 781 ins_array_elem(mem_map->map, mem_map->count, sizeof(*mem_map->map), 782 n, &m0); 783 } 784 785 static void add_va_space(struct memory_map *mem_map, 786 enum teecore_memtypes type, size_t size) 787 { 788 size_t n = 0; 789 790 DMSG("type %s size 0x%08zx", teecore_memtype_name(type), size); 791 for (n = 0; n < mem_map->count; n++) { 792 if (type < mem_map->map[n].type) 793 break; 794 } 795 796 grow_mem_map(mem_map); 797 ins_array_elem(mem_map->map, mem_map->count, sizeof(*mem_map->map), 798 n, NULL); 799 mem_map->map[n] = (struct tee_mmap_region){ 800 .type = type, 801 .size = size, 802 }; 803 } 804 805 uint32_t core_mmu_type_to_attr(enum teecore_memtypes t) 806 { 807 const uint32_t attr = TEE_MATTR_VALID_BLOCK; 808 const uint32_t tagged = TEE_MATTR_MEM_TYPE_TAGGED << 809 TEE_MATTR_MEM_TYPE_SHIFT; 810 const uint32_t cached = TEE_MATTR_MEM_TYPE_CACHED << 811 TEE_MATTR_MEM_TYPE_SHIFT; 812 const uint32_t noncache = TEE_MATTR_MEM_TYPE_DEV << 813 TEE_MATTR_MEM_TYPE_SHIFT; 814 815 switch (t) { 816 case MEM_AREA_TEE_RAM: 817 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | tagged; 818 case MEM_AREA_TEE_RAM_RX: 819 case MEM_AREA_INIT_RAM_RX: 820 case MEM_AREA_IDENTITY_MAP_RX: 821 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRX | tagged; 822 case MEM_AREA_TEE_RAM_RO: 823 case MEM_AREA_INIT_RAM_RO: 824 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | tagged; 825 case MEM_AREA_TEE_RAM_RW: 826 case MEM_AREA_NEX_RAM_RO: /* This has to be r/w during init runtime */ 827 case MEM_AREA_NEX_RAM_RW: 828 case MEM_AREA_TEE_ASAN: 829 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 830 case MEM_AREA_TEE_COHERENT: 831 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | noncache; 832 case MEM_AREA_NSEC_SHM: 833 case MEM_AREA_NEX_NSEC_SHM: 834 return attr | TEE_MATTR_PRW | cached; 835 case MEM_AREA_MANIFEST_DT: 836 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | cached; 837 case MEM_AREA_TRANSFER_LIST: 838 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 839 case MEM_AREA_EXT_DT: 840 /* 841 * If CFG_MAP_EXT_DT_SECURE is enabled map the external device 842 * tree as secure non-cached memory, otherwise, fall back to 843 * non-secure mapping. 844 */ 845 if (IS_ENABLED(CFG_MAP_EXT_DT_SECURE)) 846 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | 847 noncache; 848 fallthrough; 849 case MEM_AREA_IO_NSEC: 850 return attr | TEE_MATTR_PRW | noncache; 851 case MEM_AREA_IO_SEC: 852 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | noncache; 853 case MEM_AREA_RAM_NSEC: 854 return attr | TEE_MATTR_PRW | cached; 855 case MEM_AREA_RAM_SEC: 856 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 857 case MEM_AREA_SEC_RAM_OVERALL: 858 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 859 case MEM_AREA_ROM_SEC: 860 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | cached; 861 case MEM_AREA_RES_VASPACE: 862 case MEM_AREA_SHM_VASPACE: 863 return 0; 864 case MEM_AREA_PAGER_VASPACE: 865 return TEE_MATTR_SECURE; 866 default: 867 panic("invalid type"); 868 } 869 } 870 871 static bool __maybe_unused map_is_tee_ram(const struct tee_mmap_region *mm) 872 { 873 switch (mm->type) { 874 case MEM_AREA_TEE_RAM: 875 case MEM_AREA_TEE_RAM_RX: 876 case MEM_AREA_TEE_RAM_RO: 877 case MEM_AREA_TEE_RAM_RW: 878 case MEM_AREA_INIT_RAM_RX: 879 case MEM_AREA_INIT_RAM_RO: 880 case MEM_AREA_NEX_RAM_RW: 881 case MEM_AREA_NEX_RAM_RO: 882 case MEM_AREA_TEE_ASAN: 883 return true; 884 default: 885 return false; 886 } 887 } 888 889 static bool __maybe_unused map_is_secure(const struct tee_mmap_region *mm) 890 { 891 return !!(core_mmu_type_to_attr(mm->type) & TEE_MATTR_SECURE); 892 } 893 894 static bool __maybe_unused map_is_pgdir(const struct tee_mmap_region *mm) 895 { 896 return mm->region_size == CORE_MMU_PGDIR_SIZE; 897 } 898 899 static int cmp_mmap_by_lower_va(const void *a, const void *b) 900 { 901 const struct tee_mmap_region *mm_a = a; 902 const struct tee_mmap_region *mm_b = b; 903 904 return CMP_TRILEAN(mm_a->va, mm_b->va); 905 } 906 907 static void dump_mmap_table(struct memory_map *mem_map) 908 { 909 size_t n = 0; 910 911 for (n = 0; n < mem_map->count; n++) { 912 struct tee_mmap_region *map __maybe_unused = mem_map->map + n; 913 914 DMSG("type %-12s va 0x%08" PRIxVA "..0x%08" PRIxVA 915 " pa 0x%08" PRIxPA "..0x%08" PRIxPA " size 0x%08zx (%s)", 916 teecore_memtype_name(map->type), map->va, 917 map->va + map->size - 1, map->pa, 918 (paddr_t)(map->pa + map->size - 1), map->size, 919 map->region_size == SMALL_PAGE_SIZE ? "smallpg" : "pgdir"); 920 } 921 } 922 923 #if DEBUG_XLAT_TABLE 924 925 static void dump_xlat_table(vaddr_t va, unsigned int level) 926 { 927 struct core_mmu_table_info tbl_info; 928 unsigned int idx = 0; 929 paddr_t pa; 930 uint32_t attr; 931 932 core_mmu_find_table(NULL, va, level, &tbl_info); 933 va = tbl_info.va_base; 934 for (idx = 0; idx < tbl_info.num_entries; idx++) { 935 core_mmu_get_entry(&tbl_info, idx, &pa, &attr); 936 if (attr || level > CORE_MMU_BASE_TABLE_LEVEL) { 937 const char *security_bit = ""; 938 939 if (core_mmu_entry_have_security_bit(attr)) { 940 if (attr & TEE_MATTR_SECURE) 941 security_bit = "S"; 942 else 943 security_bit = "NS"; 944 } 945 946 if (attr & TEE_MATTR_TABLE) { 947 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 948 " TBL:0x%010" PRIxPA " %s", 949 level * 2, "", level, va, pa, 950 security_bit); 951 dump_xlat_table(va, level + 1); 952 } else if (attr) { 953 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 954 " PA:0x%010" PRIxPA " %s-%s-%s-%s", 955 level * 2, "", level, va, pa, 956 mattr_is_cached(attr) ? "MEM" : 957 "DEV", 958 attr & TEE_MATTR_PW ? "RW" : "RO", 959 attr & TEE_MATTR_PX ? "X " : "XN", 960 security_bit); 961 } else { 962 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 963 " INVALID\n", 964 level * 2, "", level, va); 965 } 966 } 967 va += BIT64(tbl_info.shift); 968 } 969 } 970 971 #else 972 973 static void dump_xlat_table(vaddr_t va __unused, int level __unused) 974 { 975 } 976 977 #endif 978 979 /* 980 * Reserves virtual memory space for pager usage. 981 * 982 * From the start of the first memory used by the link script + 983 * TEE_RAM_VA_SIZE should be covered, either with a direct mapping or empty 984 * mapping for pager usage. This adds translation tables as needed for the 985 * pager to operate. 986 */ 987 static void add_pager_vaspace(struct memory_map *mem_map) 988 { 989 paddr_t begin = 0; 990 paddr_t end = 0; 991 size_t size = 0; 992 size_t pos = 0; 993 size_t n = 0; 994 995 996 for (n = 0; n < mem_map->count; n++) { 997 if (map_is_tee_ram(mem_map->map + n)) { 998 if (!begin) 999 begin = mem_map->map[n].pa; 1000 pos = n + 1; 1001 } 1002 } 1003 1004 end = mem_map->map[pos - 1].pa + mem_map->map[pos - 1].size; 1005 assert(end - begin < TEE_RAM_VA_SIZE); 1006 size = TEE_RAM_VA_SIZE - (end - begin); 1007 1008 grow_mem_map(mem_map); 1009 ins_array_elem(mem_map->map, mem_map->count, sizeof(*mem_map->map), 1010 n, NULL); 1011 mem_map->map[n] = (struct tee_mmap_region){ 1012 .type = MEM_AREA_PAGER_VASPACE, 1013 .size = size, 1014 .region_size = SMALL_PAGE_SIZE, 1015 .attr = core_mmu_type_to_attr(MEM_AREA_PAGER_VASPACE), 1016 }; 1017 } 1018 1019 static void check_sec_nsec_mem_config(void) 1020 { 1021 size_t n = 0; 1022 1023 for (n = 0; n < ARRAY_SIZE(secure_only); n++) { 1024 if (pbuf_intersects(nsec_shared, secure_only[n].paddr, 1025 secure_only[n].size)) 1026 panic("Invalid memory access config: sec/nsec"); 1027 } 1028 } 1029 1030 static void collect_device_mem_ranges(struct memory_map *mem_map) 1031 { 1032 const char *compatible = "arm,ffa-manifest-device-regions"; 1033 void *fdt = get_manifest_dt(); 1034 const char *name = NULL; 1035 uint64_t page_count = 0; 1036 uint64_t base = 0; 1037 int subnode = 0; 1038 int node = 0; 1039 1040 assert(fdt); 1041 1042 node = fdt_node_offset_by_compatible(fdt, 0, compatible); 1043 if (node < 0) 1044 return; 1045 1046 fdt_for_each_subnode(subnode, fdt, node) { 1047 name = fdt_get_name(fdt, subnode, NULL); 1048 if (!name) 1049 continue; 1050 1051 if (dt_getprop_as_number(fdt, subnode, "base-address", 1052 &base)) { 1053 EMSG("Mandatory field is missing: base-address"); 1054 continue; 1055 } 1056 1057 if (base & SMALL_PAGE_MASK) { 1058 EMSG("base-address is not page aligned"); 1059 continue; 1060 } 1061 1062 if (dt_getprop_as_number(fdt, subnode, "pages-count", 1063 &page_count)) { 1064 EMSG("Mandatory field is missing: pages-count"); 1065 continue; 1066 } 1067 1068 add_phys_mem(mem_map, name, MEM_AREA_IO_SEC, 1069 base, base + page_count * SMALL_PAGE_SIZE); 1070 } 1071 } 1072 1073 static void collect_mem_ranges(struct memory_map *mem_map) 1074 { 1075 const struct core_mmu_phys_mem *mem = NULL; 1076 vaddr_t ram_start = secure_only[0].paddr; 1077 size_t n = 0; 1078 1079 #define ADD_PHYS_MEM(_type, _addr, _size) \ 1080 add_phys_mem(mem_map, #_addr, (_type), (_addr), (_size)) 1081 1082 if (IS_ENABLED(CFG_CORE_RWDATA_NOEXEC)) { 1083 paddr_t next_pa = 0; 1084 1085 /* 1086 * Read-only and read-execute physical memory areas must 1087 * not be mapped by MEM_AREA_SEC_RAM_OVERALL, but all the 1088 * read/write should. 1089 */ 1090 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, ram_start, 1091 VCORE_UNPG_RX_PA - ram_start); 1092 assert(VCORE_UNPG_RX_PA >= ram_start); 1093 tee_ram_initial_offs = VCORE_UNPG_RX_PA - ram_start; 1094 DMSG("tee_ram_initial_offs %#zx", tee_ram_initial_offs); 1095 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RX, VCORE_UNPG_RX_PA, 1096 VCORE_UNPG_RX_SZ); 1097 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RO, VCORE_UNPG_RO_PA, 1098 VCORE_UNPG_RO_SZ); 1099 1100 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 1101 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RO, VCORE_UNPG_RW_PA, 1102 VCORE_UNPG_RW_SZ); 1103 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, VCORE_UNPG_RW_PA, 1104 VCORE_UNPG_RW_SZ); 1105 1106 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RW, VCORE_NEX_RW_PA, 1107 VCORE_NEX_RW_SZ); 1108 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, VCORE_NEX_RW_PA, 1109 VCORE_NEX_RW_SZ); 1110 1111 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RW, VCORE_FREE_PA, 1112 VCORE_FREE_SZ); 1113 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, VCORE_FREE_PA, 1114 VCORE_FREE_SZ); 1115 next_pa = VCORE_FREE_PA + VCORE_FREE_SZ; 1116 } else { 1117 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RW, VCORE_UNPG_RW_PA, 1118 VCORE_UNPG_RW_SZ); 1119 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, VCORE_UNPG_RW_PA, 1120 VCORE_UNPG_RW_SZ); 1121 1122 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RW, VCORE_FREE_PA, 1123 VCORE_FREE_SZ); 1124 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, VCORE_FREE_PA, 1125 VCORE_FREE_SZ); 1126 next_pa = VCORE_FREE_PA + VCORE_FREE_SZ; 1127 } 1128 1129 if (IS_ENABLED(CFG_WITH_PAGER)) { 1130 paddr_t pa = 0; 1131 size_t sz = 0; 1132 1133 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RX, VCORE_INIT_RX_PA, 1134 VCORE_INIT_RX_SZ); 1135 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RO, VCORE_INIT_RO_PA, 1136 VCORE_INIT_RO_SZ); 1137 /* 1138 * Core init mapping shall cover up to end of the 1139 * physical RAM. This is required since the hash 1140 * table is appended to the binary data after the 1141 * firmware build sequence. 1142 */ 1143 pa = VCORE_INIT_RO_PA + VCORE_INIT_RO_SZ; 1144 sz = TEE_RAM_START + TEE_RAM_PH_SIZE - pa; 1145 ADD_PHYS_MEM(MEM_AREA_TEE_RAM, pa, sz); 1146 } else { 1147 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, next_pa, 1148 secure_only[0].paddr + 1149 secure_only[0].size - next_pa); 1150 } 1151 } else { 1152 ADD_PHYS_MEM(MEM_AREA_TEE_RAM, TEE_RAM_START, TEE_RAM_PH_SIZE); 1153 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, secure_only[n].paddr, 1154 secure_only[0].size); 1155 } 1156 1157 for (n = 1; n < ARRAY_SIZE(secure_only); n++) 1158 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, secure_only[n].paddr, 1159 secure_only[n].size); 1160 1161 if (IS_ENABLED(CFG_CORE_SANITIZE_KADDRESS) && 1162 IS_ENABLED(CFG_WITH_PAGER)) { 1163 /* 1164 * Asan ram is part of MEM_AREA_TEE_RAM_RW when pager is 1165 * disabled. 1166 */ 1167 ADD_PHYS_MEM(MEM_AREA_TEE_ASAN, ASAN_MAP_PA, ASAN_MAP_SZ); 1168 } 1169 1170 #undef ADD_PHYS_MEM 1171 1172 /* Collect device memory info from SP manifest */ 1173 if (IS_ENABLED(CFG_CORE_SEL2_SPMC)) 1174 collect_device_mem_ranges(mem_map); 1175 1176 for (mem = phys_mem_map_begin; mem < phys_mem_map_end; mem++) { 1177 /* Only unmapped virtual range may have a null phys addr */ 1178 assert(mem->addr || !core_mmu_type_to_attr(mem->type)); 1179 1180 add_phys_mem(mem_map, mem->name, mem->type, 1181 mem->addr, mem->size); 1182 } 1183 1184 if (IS_ENABLED(CFG_SECURE_DATA_PATH)) 1185 verify_special_mem_areas(mem_map, phys_sdp_mem_begin, 1186 phys_sdp_mem_end, "SDP"); 1187 1188 add_va_space(mem_map, MEM_AREA_RES_VASPACE, CFG_RESERVED_VASPACE_SIZE); 1189 add_va_space(mem_map, MEM_AREA_SHM_VASPACE, SHM_VASPACE_SIZE); 1190 } 1191 1192 static void assign_mem_granularity(struct memory_map *mem_map) 1193 { 1194 size_t n = 0; 1195 1196 /* 1197 * Assign region sizes, note that MEM_AREA_TEE_RAM always uses 1198 * SMALL_PAGE_SIZE. 1199 */ 1200 for (n = 0; n < mem_map->count; n++) { 1201 paddr_t mask = mem_map->map[n].pa | mem_map->map[n].size; 1202 1203 if (mask & SMALL_PAGE_MASK) 1204 panic("Impossible memory alignment"); 1205 1206 if (map_is_tee_ram(mem_map->map + n)) 1207 mem_map->map[n].region_size = SMALL_PAGE_SIZE; 1208 else 1209 mem_map->map[n].region_size = CORE_MMU_PGDIR_SIZE; 1210 } 1211 } 1212 1213 static bool place_tee_ram_at_top(paddr_t paddr) 1214 { 1215 return paddr > BIT64(core_mmu_get_va_width()) / 2; 1216 } 1217 1218 /* 1219 * MMU arch driver shall override this function if it helps 1220 * optimizing the memory footprint of the address translation tables. 1221 */ 1222 bool __weak core_mmu_prefer_tee_ram_at_top(paddr_t paddr) 1223 { 1224 return place_tee_ram_at_top(paddr); 1225 } 1226 1227 static bool assign_mem_va_dir(vaddr_t tee_ram_va, struct memory_map *mem_map, 1228 bool tee_ram_at_top) 1229 { 1230 struct tee_mmap_region *map = NULL; 1231 vaddr_t va = 0; 1232 bool va_is_secure = true; 1233 size_t n = 0; 1234 1235 /* 1236 * tee_ram_va might equals 0 when CFG_CORE_ASLR=y. 1237 * 0 is by design an invalid va, so return false directly. 1238 */ 1239 if (!tee_ram_va) 1240 return false; 1241 1242 /* Clear eventual previous assignments */ 1243 for (n = 0; n < mem_map->count; n++) 1244 mem_map->map[n].va = 0; 1245 1246 /* 1247 * TEE RAM regions are always aligned with region_size. 1248 * 1249 * Note that MEM_AREA_PAGER_VASPACE also counts as TEE RAM here 1250 * since it handles virtual memory which covers the part of the ELF 1251 * that cannot fit directly into memory. 1252 */ 1253 va = tee_ram_va + tee_ram_initial_offs; 1254 for (n = 0; n < mem_map->count; n++) { 1255 map = mem_map->map + n; 1256 if (map_is_tee_ram(map) || 1257 map->type == MEM_AREA_PAGER_VASPACE) { 1258 assert(!(va & (map->region_size - 1))); 1259 assert(!(map->size & (map->region_size - 1))); 1260 map->va = va; 1261 if (ADD_OVERFLOW(va, map->size, &va)) 1262 return false; 1263 if (va >= BIT64(core_mmu_get_va_width())) 1264 return false; 1265 } 1266 } 1267 1268 if (tee_ram_at_top) { 1269 /* 1270 * Map non-tee ram regions at addresses lower than the tee 1271 * ram region. 1272 */ 1273 va = tee_ram_va; 1274 for (n = 0; n < mem_map->count; n++) { 1275 map = mem_map->map + n; 1276 map->attr = core_mmu_type_to_attr(map->type); 1277 if (map->va) 1278 continue; 1279 1280 if (!IS_ENABLED(CFG_WITH_LPAE) && 1281 va_is_secure != map_is_secure(map)) { 1282 va_is_secure = !va_is_secure; 1283 va = ROUNDDOWN(va, CORE_MMU_PGDIR_SIZE); 1284 } 1285 1286 if (SUB_OVERFLOW(va, map->size, &va)) 1287 return false; 1288 va = ROUNDDOWN(va, map->region_size); 1289 /* 1290 * Make sure that va is aligned with pa for 1291 * efficient pgdir mapping. Basically pa & 1292 * pgdir_mask should be == va & pgdir_mask 1293 */ 1294 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1295 if (SUB_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, &va)) 1296 return false; 1297 va += (map->pa - va) & CORE_MMU_PGDIR_MASK; 1298 } 1299 map->va = va; 1300 } 1301 } else { 1302 /* 1303 * Map non-tee ram regions at addresses higher than the tee 1304 * ram region. 1305 */ 1306 for (n = 0; n < mem_map->count; n++) { 1307 map = mem_map->map + n; 1308 map->attr = core_mmu_type_to_attr(map->type); 1309 if (map->va) 1310 continue; 1311 1312 if (!IS_ENABLED(CFG_WITH_LPAE) && 1313 va_is_secure != map_is_secure(map)) { 1314 va_is_secure = !va_is_secure; 1315 if (ROUNDUP_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, 1316 &va)) 1317 return false; 1318 } 1319 1320 if (ROUNDUP_OVERFLOW(va, map->region_size, &va)) 1321 return false; 1322 /* 1323 * Make sure that va is aligned with pa for 1324 * efficient pgdir mapping. Basically pa & 1325 * pgdir_mask should be == va & pgdir_mask 1326 */ 1327 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1328 vaddr_t offs = (map->pa - va) & 1329 CORE_MMU_PGDIR_MASK; 1330 1331 if (ADD_OVERFLOW(va, offs, &va)) 1332 return false; 1333 } 1334 1335 map->va = va; 1336 if (ADD_OVERFLOW(va, map->size, &va)) 1337 return false; 1338 if (va >= BIT64(core_mmu_get_va_width())) 1339 return false; 1340 } 1341 } 1342 1343 return true; 1344 } 1345 1346 static bool assign_mem_va(vaddr_t tee_ram_va, struct memory_map *mem_map) 1347 { 1348 bool tee_ram_at_top = place_tee_ram_at_top(tee_ram_va); 1349 1350 /* 1351 * Check that we're not overlapping with the user VA range. 1352 */ 1353 if (IS_ENABLED(CFG_WITH_LPAE)) { 1354 /* 1355 * User VA range is supposed to be defined after these 1356 * mappings have been established. 1357 */ 1358 assert(!core_mmu_user_va_range_is_defined()); 1359 } else { 1360 vaddr_t user_va_base = 0; 1361 size_t user_va_size = 0; 1362 1363 assert(core_mmu_user_va_range_is_defined()); 1364 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 1365 if (tee_ram_va < (user_va_base + user_va_size)) 1366 return false; 1367 } 1368 1369 if (IS_ENABLED(CFG_WITH_PAGER)) { 1370 bool prefered_dir = core_mmu_prefer_tee_ram_at_top(tee_ram_va); 1371 1372 /* Try whole mapping covered by a single base xlat entry */ 1373 if (prefered_dir != tee_ram_at_top && 1374 assign_mem_va_dir(tee_ram_va, mem_map, prefered_dir)) 1375 return true; 1376 } 1377 1378 return assign_mem_va_dir(tee_ram_va, mem_map, tee_ram_at_top); 1379 } 1380 1381 static int cmp_init_mem_map(const void *a, const void *b) 1382 { 1383 const struct tee_mmap_region *mm_a = a; 1384 const struct tee_mmap_region *mm_b = b; 1385 int rc = 0; 1386 1387 rc = CMP_TRILEAN(mm_a->region_size, mm_b->region_size); 1388 if (!rc) 1389 rc = CMP_TRILEAN(mm_a->pa, mm_b->pa); 1390 /* 1391 * 32bit MMU descriptors cannot mix secure and non-secure mapping in 1392 * the same level2 table. Hence sort secure mapping from non-secure 1393 * mapping. 1394 */ 1395 if (!rc && !IS_ENABLED(CFG_WITH_LPAE)) 1396 rc = CMP_TRILEAN(map_is_secure(mm_a), map_is_secure(mm_b)); 1397 1398 return rc; 1399 } 1400 1401 static bool mem_map_add_id_map(struct memory_map *mem_map, 1402 vaddr_t id_map_start, vaddr_t id_map_end) 1403 { 1404 vaddr_t start = ROUNDDOWN(id_map_start, SMALL_PAGE_SIZE); 1405 vaddr_t end = ROUNDUP(id_map_end, SMALL_PAGE_SIZE); 1406 size_t len = end - start; 1407 size_t n = 0; 1408 1409 1410 for (n = 0; n < mem_map->count; n++) 1411 if (core_is_buffer_intersect(mem_map->map[n].va, 1412 mem_map->map[n].size, start, len)) 1413 return false; 1414 1415 grow_mem_map(mem_map); 1416 mem_map->map[mem_map->count - 1] = (struct tee_mmap_region){ 1417 .type = MEM_AREA_IDENTITY_MAP_RX, 1418 /* 1419 * Could use CORE_MMU_PGDIR_SIZE to potentially save a 1420 * translation table, at the increased risk of clashes with 1421 * the rest of the memory map. 1422 */ 1423 .region_size = SMALL_PAGE_SIZE, 1424 .pa = start, 1425 .va = start, 1426 .size = len, 1427 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1428 }; 1429 1430 return true; 1431 } 1432 1433 static struct memory_map *init_mem_map(struct memory_map *mem_map, 1434 unsigned long seed, 1435 unsigned long *ret_offs) 1436 { 1437 /* 1438 * @id_map_start and @id_map_end describes a physical memory range 1439 * that must be mapped Read-Only eXecutable at identical virtual 1440 * addresses. 1441 */ 1442 vaddr_t id_map_start = (vaddr_t)__identity_map_init_start; 1443 vaddr_t id_map_end = (vaddr_t)__identity_map_init_end; 1444 vaddr_t start_addr = secure_only[0].paddr; 1445 unsigned long offs = 0; 1446 1447 collect_mem_ranges(mem_map); 1448 assign_mem_granularity(mem_map); 1449 1450 /* 1451 * To ease mapping and lower use of xlat tables, sort mapping 1452 * description moving small-page regions after the pgdir regions. 1453 */ 1454 qsort(mem_map->map, mem_map->count, sizeof(struct tee_mmap_region), 1455 cmp_init_mem_map); 1456 1457 if (IS_ENABLED(CFG_WITH_PAGER)) 1458 add_pager_vaspace(mem_map); 1459 1460 if (IS_ENABLED(CFG_CORE_ASLR) && seed) { 1461 vaddr_t base_addr = start_addr + seed; 1462 const unsigned int va_width = core_mmu_get_va_width(); 1463 const vaddr_t va_mask = GENMASK_64(va_width - 1, 1464 SMALL_PAGE_SHIFT); 1465 vaddr_t ba = base_addr; 1466 size_t n = 0; 1467 1468 for (n = 0; n < 3; n++) { 1469 if (n) 1470 ba = base_addr ^ BIT64(va_width - n); 1471 ba &= va_mask; 1472 if (assign_mem_va(ba, mem_map) && 1473 mem_map_add_id_map(mem_map, id_map_start, 1474 id_map_end)) { 1475 offs = ba - start_addr; 1476 DMSG("Mapping core at %#"PRIxVA" offs %#lx", 1477 ba, offs); 1478 goto out; 1479 } else { 1480 DMSG("Failed to map core at %#"PRIxVA, ba); 1481 } 1482 } 1483 EMSG("Failed to map core with seed %#lx", seed); 1484 } 1485 1486 if (!assign_mem_va(start_addr, mem_map)) 1487 panic(); 1488 1489 out: 1490 qsort(mem_map->map, mem_map->count, sizeof(struct tee_mmap_region), 1491 cmp_mmap_by_lower_va); 1492 1493 dump_mmap_table(mem_map); 1494 1495 *ret_offs = offs; 1496 return mem_map; 1497 } 1498 1499 static void check_mem_map(struct memory_map *mem_map) 1500 { 1501 struct tee_mmap_region *m = NULL; 1502 size_t n = 0; 1503 1504 for (n = 0; n < mem_map->count; n++) { 1505 m = mem_map->map + n; 1506 switch (m->type) { 1507 case MEM_AREA_TEE_RAM: 1508 case MEM_AREA_TEE_RAM_RX: 1509 case MEM_AREA_TEE_RAM_RO: 1510 case MEM_AREA_TEE_RAM_RW: 1511 case MEM_AREA_INIT_RAM_RX: 1512 case MEM_AREA_INIT_RAM_RO: 1513 case MEM_AREA_NEX_RAM_RW: 1514 case MEM_AREA_NEX_RAM_RO: 1515 case MEM_AREA_IDENTITY_MAP_RX: 1516 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1517 panic("TEE_RAM can't fit in secure_only"); 1518 break; 1519 case MEM_AREA_SEC_RAM_OVERALL: 1520 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1521 panic("SEC_RAM_OVERALL can't fit in secure_only"); 1522 break; 1523 case MEM_AREA_NSEC_SHM: 1524 if (!pbuf_is_inside(nsec_shared, m->pa, m->size)) 1525 panic("NS_SHM can't fit in nsec_shared"); 1526 break; 1527 case MEM_AREA_TEE_COHERENT: 1528 case MEM_AREA_TEE_ASAN: 1529 case MEM_AREA_IO_SEC: 1530 case MEM_AREA_IO_NSEC: 1531 case MEM_AREA_EXT_DT: 1532 case MEM_AREA_MANIFEST_DT: 1533 case MEM_AREA_TRANSFER_LIST: 1534 case MEM_AREA_RAM_SEC: 1535 case MEM_AREA_RAM_NSEC: 1536 case MEM_AREA_ROM_SEC: 1537 case MEM_AREA_RES_VASPACE: 1538 case MEM_AREA_SHM_VASPACE: 1539 case MEM_AREA_PAGER_VASPACE: 1540 break; 1541 default: 1542 EMSG("Uhandled memtype %d", m->type); 1543 panic(); 1544 } 1545 } 1546 } 1547 1548 /* 1549 * core_init_mmu_map() - init tee core default memory mapping 1550 * 1551 * This routine sets the static default TEE core mapping. If @seed is > 0 1552 * and configured with CFG_CORE_ASLR it will map tee core at a location 1553 * based on the seed and return the offset from the link address. 1554 * 1555 * If an error happened: core_init_mmu_map is expected to panic. 1556 * 1557 * Note: this function is weak just to make it possible to exclude it from 1558 * the unpaged area. 1559 */ 1560 void __weak core_init_mmu_map(unsigned long seed, struct core_mmu_config *cfg) 1561 { 1562 #ifndef CFG_NS_VIRTUALIZATION 1563 vaddr_t start = ROUNDDOWN((vaddr_t)__nozi_start, SMALL_PAGE_SIZE); 1564 #else 1565 vaddr_t start = ROUNDDOWN((vaddr_t)__vcore_nex_rw_start, 1566 SMALL_PAGE_SIZE); 1567 #endif 1568 vaddr_t len = ROUNDUP((vaddr_t)__nozi_end, SMALL_PAGE_SIZE) - start; 1569 struct tee_mmap_region tmp_mmap_region = { }; 1570 struct memory_map mem_map = { }; 1571 unsigned long offs = 0; 1572 1573 if (IS_ENABLED(CFG_CORE_PHYS_RELOCATABLE) && 1574 (core_mmu_tee_load_pa & SMALL_PAGE_MASK)) 1575 panic("OP-TEE load address is not page aligned"); 1576 1577 check_sec_nsec_mem_config(); 1578 1579 mem_map = static_memory_map; 1580 static_memory_map = (struct memory_map){ 1581 .map = &tmp_mmap_region, 1582 .alloc_count = 1, 1583 .count = 1, 1584 }; 1585 /* 1586 * Add a entry covering the translation tables which will be 1587 * involved in some virt_to_phys() and phys_to_virt() conversions. 1588 */ 1589 static_memory_map.map[0] = (struct tee_mmap_region){ 1590 .type = MEM_AREA_TEE_RAM, 1591 .region_size = SMALL_PAGE_SIZE, 1592 .pa = start, 1593 .va = start, 1594 .size = len, 1595 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1596 }; 1597 1598 init_mem_map(&mem_map, seed, &offs); 1599 1600 check_mem_map(&mem_map); 1601 core_init_mmu(&mem_map); 1602 dump_xlat_table(0x0, CORE_MMU_BASE_TABLE_LEVEL); 1603 core_init_mmu_regs(cfg); 1604 cfg->map_offset = offs; 1605 static_memory_map = mem_map; 1606 } 1607 1608 bool core_mmu_mattr_is_ok(uint32_t mattr) 1609 { 1610 /* 1611 * Keep in sync with core_mmu_lpae.c:mattr_to_desc and 1612 * core_mmu_v7.c:mattr_to_texcb 1613 */ 1614 1615 switch ((mattr >> TEE_MATTR_MEM_TYPE_SHIFT) & TEE_MATTR_MEM_TYPE_MASK) { 1616 case TEE_MATTR_MEM_TYPE_DEV: 1617 case TEE_MATTR_MEM_TYPE_STRONGLY_O: 1618 case TEE_MATTR_MEM_TYPE_CACHED: 1619 case TEE_MATTR_MEM_TYPE_TAGGED: 1620 return true; 1621 default: 1622 return false; 1623 } 1624 } 1625 1626 /* 1627 * test attributes of target physical buffer 1628 * 1629 * Flags: pbuf_is(SECURE, NOT_SECURE, RAM, IOMEM, KEYVAULT). 1630 * 1631 */ 1632 bool core_pbuf_is(uint32_t attr, paddr_t pbuf, size_t len) 1633 { 1634 struct tee_mmap_region *map; 1635 1636 /* Empty buffers complies with anything */ 1637 if (len == 0) 1638 return true; 1639 1640 switch (attr) { 1641 case CORE_MEM_SEC: 1642 return pbuf_is_inside(secure_only, pbuf, len); 1643 case CORE_MEM_NON_SEC: 1644 return pbuf_is_inside(nsec_shared, pbuf, len) || 1645 pbuf_is_nsec_ddr(pbuf, len); 1646 case CORE_MEM_TEE_RAM: 1647 return core_is_buffer_inside(pbuf, len, TEE_RAM_START, 1648 TEE_RAM_PH_SIZE); 1649 #ifdef CFG_CORE_RESERVED_SHM 1650 case CORE_MEM_NSEC_SHM: 1651 return core_is_buffer_inside(pbuf, len, TEE_SHMEM_START, 1652 TEE_SHMEM_SIZE); 1653 #endif 1654 case CORE_MEM_SDP_MEM: 1655 return pbuf_is_sdp_mem(pbuf, len); 1656 case CORE_MEM_CACHED: 1657 map = find_map_by_pa(pbuf); 1658 if (!map || !pbuf_inside_map_area(pbuf, len, map)) 1659 return false; 1660 return mattr_is_cached(map->attr); 1661 default: 1662 return false; 1663 } 1664 } 1665 1666 /* test attributes of target virtual buffer (in core mapping) */ 1667 bool core_vbuf_is(uint32_t attr, const void *vbuf, size_t len) 1668 { 1669 paddr_t p; 1670 1671 /* Empty buffers complies with anything */ 1672 if (len == 0) 1673 return true; 1674 1675 p = virt_to_phys((void *)vbuf); 1676 if (!p) 1677 return false; 1678 1679 return core_pbuf_is(attr, p, len); 1680 } 1681 1682 /* core_va2pa - teecore exported service */ 1683 static int __maybe_unused core_va2pa_helper(void *va, paddr_t *pa) 1684 { 1685 struct tee_mmap_region *map; 1686 1687 map = find_map_by_va(va); 1688 if (!va_is_in_map(map, (vaddr_t)va)) 1689 return -1; 1690 1691 /* 1692 * We can calculate PA for static map. Virtual address ranges 1693 * reserved to core dynamic mapping return a 'match' (return 0;) 1694 * together with an invalid null physical address. 1695 */ 1696 if (map->pa) 1697 *pa = map->pa + (vaddr_t)va - map->va; 1698 else 1699 *pa = 0; 1700 1701 return 0; 1702 } 1703 1704 static void *map_pa2va(struct tee_mmap_region *map, paddr_t pa, size_t len) 1705 { 1706 if (!pa_is_in_map(map, pa, len)) 1707 return NULL; 1708 1709 return (void *)(vaddr_t)(map->va + pa - map->pa); 1710 } 1711 1712 /* 1713 * teecore gets some memory area definitions 1714 */ 1715 void core_mmu_get_mem_by_type(enum teecore_memtypes type, vaddr_t *s, 1716 vaddr_t *e) 1717 { 1718 struct tee_mmap_region *map = find_map_by_type(type); 1719 1720 if (map) { 1721 *s = map->va; 1722 *e = map->va + map->size; 1723 } else { 1724 *s = 0; 1725 *e = 0; 1726 } 1727 } 1728 1729 enum teecore_memtypes core_mmu_get_type_by_pa(paddr_t pa) 1730 { 1731 struct tee_mmap_region *map = find_map_by_pa(pa); 1732 1733 if (!map) 1734 return MEM_AREA_MAXTYPE; 1735 return map->type; 1736 } 1737 1738 void core_mmu_set_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1739 paddr_t pa, uint32_t attr) 1740 { 1741 assert(idx < tbl_info->num_entries); 1742 core_mmu_set_entry_primitive(tbl_info->table, tbl_info->level, 1743 idx, pa, attr); 1744 } 1745 1746 void core_mmu_get_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1747 paddr_t *pa, uint32_t *attr) 1748 { 1749 assert(idx < tbl_info->num_entries); 1750 core_mmu_get_entry_primitive(tbl_info->table, tbl_info->level, 1751 idx, pa, attr); 1752 } 1753 1754 static void clear_region(struct core_mmu_table_info *tbl_info, 1755 struct tee_mmap_region *region) 1756 { 1757 unsigned int end = 0; 1758 unsigned int idx = 0; 1759 1760 /* va, len and pa should be block aligned */ 1761 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1762 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1763 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1764 1765 idx = core_mmu_va2idx(tbl_info, region->va); 1766 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1767 1768 while (idx < end) { 1769 core_mmu_set_entry(tbl_info, idx, 0, 0); 1770 idx++; 1771 } 1772 } 1773 1774 static void set_region(struct core_mmu_table_info *tbl_info, 1775 struct tee_mmap_region *region) 1776 { 1777 unsigned int end; 1778 unsigned int idx; 1779 paddr_t pa; 1780 1781 /* va, len and pa should be block aligned */ 1782 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1783 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1784 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1785 1786 idx = core_mmu_va2idx(tbl_info, region->va); 1787 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1788 pa = region->pa; 1789 1790 while (idx < end) { 1791 core_mmu_set_entry(tbl_info, idx, pa, region->attr); 1792 idx++; 1793 pa += BIT64(tbl_info->shift); 1794 } 1795 } 1796 1797 static void set_pg_region(struct core_mmu_table_info *dir_info, 1798 struct vm_region *region, struct pgt **pgt, 1799 struct core_mmu_table_info *pg_info) 1800 { 1801 struct tee_mmap_region r = { 1802 .va = region->va, 1803 .size = region->size, 1804 .attr = region->attr, 1805 }; 1806 vaddr_t end = r.va + r.size; 1807 uint32_t pgt_attr = (r.attr & TEE_MATTR_SECURE) | TEE_MATTR_TABLE; 1808 1809 while (r.va < end) { 1810 if (!pg_info->table || 1811 r.va >= (pg_info->va_base + CORE_MMU_PGDIR_SIZE)) { 1812 /* 1813 * We're assigning a new translation table. 1814 */ 1815 unsigned int idx; 1816 1817 /* Virtual addresses must grow */ 1818 assert(r.va > pg_info->va_base); 1819 1820 idx = core_mmu_va2idx(dir_info, r.va); 1821 pg_info->va_base = core_mmu_idx2va(dir_info, idx); 1822 1823 /* 1824 * Advance pgt to va_base, note that we may need to 1825 * skip multiple page tables if there are large 1826 * holes in the vm map. 1827 */ 1828 while ((*pgt)->vabase < pg_info->va_base) { 1829 *pgt = SLIST_NEXT(*pgt, link); 1830 /* We should have allocated enough */ 1831 assert(*pgt); 1832 } 1833 assert((*pgt)->vabase == pg_info->va_base); 1834 pg_info->table = (*pgt)->tbl; 1835 1836 core_mmu_set_entry(dir_info, idx, 1837 virt_to_phys(pg_info->table), 1838 pgt_attr); 1839 } 1840 1841 r.size = MIN(CORE_MMU_PGDIR_SIZE - (r.va - pg_info->va_base), 1842 end - r.va); 1843 1844 if (!(*pgt)->populated && !mobj_is_paged(region->mobj)) { 1845 size_t granule = BIT(pg_info->shift); 1846 size_t offset = r.va - region->va + region->offset; 1847 1848 r.size = MIN(r.size, 1849 mobj_get_phys_granule(region->mobj)); 1850 r.size = ROUNDUP(r.size, SMALL_PAGE_SIZE); 1851 1852 if (mobj_get_pa(region->mobj, offset, granule, 1853 &r.pa) != TEE_SUCCESS) 1854 panic("Failed to get PA of unpaged mobj"); 1855 set_region(pg_info, &r); 1856 } 1857 r.va += r.size; 1858 } 1859 } 1860 1861 static bool can_map_at_level(paddr_t paddr, vaddr_t vaddr, 1862 size_t size_left, paddr_t block_size, 1863 struct tee_mmap_region *mm) 1864 { 1865 /* VA and PA are aligned to block size at current level */ 1866 if ((vaddr | paddr) & (block_size - 1)) 1867 return false; 1868 1869 /* Remainder fits into block at current level */ 1870 if (size_left < block_size) 1871 return false; 1872 1873 /* 1874 * The required block size of the region is compatible with the 1875 * block size of the current level. 1876 */ 1877 if (mm->region_size < block_size) 1878 return false; 1879 1880 #ifdef CFG_WITH_PAGER 1881 /* 1882 * If pager is enabled, we need to map TEE RAM and the whole pager 1883 * regions with small pages only 1884 */ 1885 if ((map_is_tee_ram(mm) || mm->type == MEM_AREA_PAGER_VASPACE) && 1886 block_size != SMALL_PAGE_SIZE) 1887 return false; 1888 #endif 1889 1890 return true; 1891 } 1892 1893 void core_mmu_map_region(struct mmu_partition *prtn, struct tee_mmap_region *mm) 1894 { 1895 struct core_mmu_table_info tbl_info; 1896 unsigned int idx; 1897 vaddr_t vaddr = mm->va; 1898 paddr_t paddr = mm->pa; 1899 ssize_t size_left = mm->size; 1900 unsigned int level; 1901 bool table_found; 1902 uint32_t old_attr; 1903 1904 assert(!((vaddr | paddr) & SMALL_PAGE_MASK)); 1905 1906 while (size_left > 0) { 1907 level = CORE_MMU_BASE_TABLE_LEVEL; 1908 1909 while (true) { 1910 paddr_t block_size = 0; 1911 1912 assert(core_mmu_level_in_range(level)); 1913 1914 table_found = core_mmu_find_table(prtn, vaddr, level, 1915 &tbl_info); 1916 if (!table_found) 1917 panic("can't find table for mapping"); 1918 1919 block_size = BIT64(tbl_info.shift); 1920 1921 idx = core_mmu_va2idx(&tbl_info, vaddr); 1922 if (!can_map_at_level(paddr, vaddr, size_left, 1923 block_size, mm)) { 1924 bool secure = mm->attr & TEE_MATTR_SECURE; 1925 1926 /* 1927 * This part of the region can't be mapped at 1928 * this level. Need to go deeper. 1929 */ 1930 if (!core_mmu_entry_to_finer_grained(&tbl_info, 1931 idx, 1932 secure)) 1933 panic("Can't divide MMU entry"); 1934 level = tbl_info.next_level; 1935 continue; 1936 } 1937 1938 /* We can map part of the region at current level */ 1939 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1940 if (old_attr) 1941 panic("Page is already mapped"); 1942 1943 core_mmu_set_entry(&tbl_info, idx, paddr, mm->attr); 1944 paddr += block_size; 1945 vaddr += block_size; 1946 size_left -= block_size; 1947 1948 break; 1949 } 1950 } 1951 } 1952 1953 TEE_Result core_mmu_map_pages(vaddr_t vstart, paddr_t *pages, size_t num_pages, 1954 enum teecore_memtypes memtype) 1955 { 1956 TEE_Result ret; 1957 struct core_mmu_table_info tbl_info; 1958 struct tee_mmap_region *mm; 1959 unsigned int idx; 1960 uint32_t old_attr; 1961 uint32_t exceptions; 1962 vaddr_t vaddr = vstart; 1963 size_t i; 1964 bool secure; 1965 1966 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1967 1968 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1969 1970 if (vaddr & SMALL_PAGE_MASK) 1971 return TEE_ERROR_BAD_PARAMETERS; 1972 1973 exceptions = mmu_lock(); 1974 1975 mm = find_map_by_va((void *)vaddr); 1976 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1977 panic("VA does not belong to any known mm region"); 1978 1979 if (!core_mmu_is_dynamic_vaspace(mm)) 1980 panic("Trying to map into static region"); 1981 1982 for (i = 0; i < num_pages; i++) { 1983 if (pages[i] & SMALL_PAGE_MASK) { 1984 ret = TEE_ERROR_BAD_PARAMETERS; 1985 goto err; 1986 } 1987 1988 while (true) { 1989 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1990 &tbl_info)) 1991 panic("Can't find pagetable for vaddr "); 1992 1993 idx = core_mmu_va2idx(&tbl_info, vaddr); 1994 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1995 break; 1996 1997 /* This is supertable. Need to divide it. */ 1998 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1999 secure)) 2000 panic("Failed to spread pgdir on small tables"); 2001 } 2002 2003 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 2004 if (old_attr) 2005 panic("Page is already mapped"); 2006 2007 core_mmu_set_entry(&tbl_info, idx, pages[i], 2008 core_mmu_type_to_attr(memtype)); 2009 vaddr += SMALL_PAGE_SIZE; 2010 } 2011 2012 /* 2013 * Make sure all the changes to translation tables are visible 2014 * before returning. TLB doesn't need to be invalidated as we are 2015 * guaranteed that there's no valid mapping in this range. 2016 */ 2017 core_mmu_table_write_barrier(); 2018 mmu_unlock(exceptions); 2019 2020 return TEE_SUCCESS; 2021 err: 2022 mmu_unlock(exceptions); 2023 2024 if (i) 2025 core_mmu_unmap_pages(vstart, i); 2026 2027 return ret; 2028 } 2029 2030 TEE_Result core_mmu_map_contiguous_pages(vaddr_t vstart, paddr_t pstart, 2031 size_t num_pages, 2032 enum teecore_memtypes memtype) 2033 { 2034 struct core_mmu_table_info tbl_info = { }; 2035 struct tee_mmap_region *mm = NULL; 2036 unsigned int idx = 0; 2037 uint32_t old_attr = 0; 2038 uint32_t exceptions = 0; 2039 vaddr_t vaddr = vstart; 2040 paddr_t paddr = pstart; 2041 size_t i = 0; 2042 bool secure = false; 2043 2044 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 2045 2046 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 2047 2048 if ((vaddr | paddr) & SMALL_PAGE_MASK) 2049 return TEE_ERROR_BAD_PARAMETERS; 2050 2051 exceptions = mmu_lock(); 2052 2053 mm = find_map_by_va((void *)vaddr); 2054 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 2055 panic("VA does not belong to any known mm region"); 2056 2057 if (!core_mmu_is_dynamic_vaspace(mm)) 2058 panic("Trying to map into static region"); 2059 2060 for (i = 0; i < num_pages; i++) { 2061 while (true) { 2062 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 2063 &tbl_info)) 2064 panic("Can't find pagetable for vaddr "); 2065 2066 idx = core_mmu_va2idx(&tbl_info, vaddr); 2067 if (tbl_info.shift == SMALL_PAGE_SHIFT) 2068 break; 2069 2070 /* This is supertable. Need to divide it. */ 2071 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 2072 secure)) 2073 panic("Failed to spread pgdir on small tables"); 2074 } 2075 2076 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 2077 if (old_attr) 2078 panic("Page is already mapped"); 2079 2080 core_mmu_set_entry(&tbl_info, idx, paddr, 2081 core_mmu_type_to_attr(memtype)); 2082 paddr += SMALL_PAGE_SIZE; 2083 vaddr += SMALL_PAGE_SIZE; 2084 } 2085 2086 /* 2087 * Make sure all the changes to translation tables are visible 2088 * before returning. TLB doesn't need to be invalidated as we are 2089 * guaranteed that there's no valid mapping in this range. 2090 */ 2091 core_mmu_table_write_barrier(); 2092 mmu_unlock(exceptions); 2093 2094 return TEE_SUCCESS; 2095 } 2096 2097 static bool mem_range_is_in_vcore_free(vaddr_t vstart, size_t num_pages) 2098 { 2099 return core_is_buffer_inside(vstart, num_pages * SMALL_PAGE_SIZE, 2100 VCORE_FREE_PA, VCORE_FREE_SZ); 2101 } 2102 2103 void core_mmu_unmap_pages(vaddr_t vstart, size_t num_pages) 2104 { 2105 struct core_mmu_table_info tbl_info; 2106 struct tee_mmap_region *mm; 2107 size_t i; 2108 unsigned int idx; 2109 uint32_t exceptions; 2110 2111 exceptions = mmu_lock(); 2112 2113 mm = find_map_by_va((void *)vstart); 2114 if (!mm || !va_is_in_map(mm, vstart + num_pages * SMALL_PAGE_SIZE - 1)) 2115 panic("VA does not belong to any known mm region"); 2116 2117 if (!core_mmu_is_dynamic_vaspace(mm) && 2118 !mem_range_is_in_vcore_free(vstart, num_pages)) 2119 panic("Trying to unmap static region"); 2120 2121 for (i = 0; i < num_pages; i++, vstart += SMALL_PAGE_SIZE) { 2122 if (!core_mmu_find_table(NULL, vstart, UINT_MAX, &tbl_info)) 2123 panic("Can't find pagetable"); 2124 2125 if (tbl_info.shift != SMALL_PAGE_SHIFT) 2126 panic("Invalid pagetable level"); 2127 2128 idx = core_mmu_va2idx(&tbl_info, vstart); 2129 core_mmu_set_entry(&tbl_info, idx, 0, 0); 2130 } 2131 tlbi_all(); 2132 2133 mmu_unlock(exceptions); 2134 } 2135 2136 void core_mmu_populate_user_map(struct core_mmu_table_info *dir_info, 2137 struct user_mode_ctx *uctx) 2138 { 2139 struct core_mmu_table_info pg_info = { }; 2140 struct pgt_cache *pgt_cache = &uctx->pgt_cache; 2141 struct pgt *pgt = NULL; 2142 struct pgt *p = NULL; 2143 struct vm_region *r = NULL; 2144 2145 if (TAILQ_EMPTY(&uctx->vm_info.regions)) 2146 return; /* Nothing to map */ 2147 2148 /* 2149 * Allocate all page tables in advance. 2150 */ 2151 pgt_get_all(uctx); 2152 pgt = SLIST_FIRST(pgt_cache); 2153 2154 core_mmu_set_info_table(&pg_info, dir_info->next_level, 0, NULL); 2155 2156 TAILQ_FOREACH(r, &uctx->vm_info.regions, link) 2157 set_pg_region(dir_info, r, &pgt, &pg_info); 2158 /* Record that the translation tables now are populated. */ 2159 SLIST_FOREACH(p, pgt_cache, link) { 2160 p->populated = true; 2161 if (p == pgt) 2162 break; 2163 } 2164 assert(p == pgt); 2165 } 2166 2167 TEE_Result core_mmu_remove_mapping(enum teecore_memtypes type, void *addr, 2168 size_t len) 2169 { 2170 struct core_mmu_table_info tbl_info = { }; 2171 struct tee_mmap_region *res_map = NULL; 2172 struct tee_mmap_region *map = NULL; 2173 paddr_t pa = virt_to_phys(addr); 2174 size_t granule = 0; 2175 ptrdiff_t i = 0; 2176 paddr_t p = 0; 2177 size_t l = 0; 2178 2179 map = find_map_by_type_and_pa(type, pa, len); 2180 if (!map) 2181 return TEE_ERROR_GENERIC; 2182 2183 res_map = find_map_by_type(MEM_AREA_RES_VASPACE); 2184 if (!res_map) 2185 return TEE_ERROR_GENERIC; 2186 if (!core_mmu_find_table(NULL, res_map->va, UINT_MAX, &tbl_info)) 2187 return TEE_ERROR_GENERIC; 2188 granule = BIT(tbl_info.shift); 2189 2190 if (map < static_memory_map.map || 2191 map >= static_memory_map.map + static_memory_map.count) 2192 return TEE_ERROR_GENERIC; 2193 i = map - static_memory_map.map; 2194 2195 /* Check that we have a full match */ 2196 p = ROUNDDOWN(pa, granule); 2197 l = ROUNDUP(len + pa - p, granule); 2198 if (map->pa != p || map->size != l) 2199 return TEE_ERROR_GENERIC; 2200 2201 clear_region(&tbl_info, map); 2202 tlbi_all(); 2203 2204 /* If possible remove the va range from res_map */ 2205 if (res_map->va - map->size == map->va) { 2206 res_map->va -= map->size; 2207 res_map->size += map->size; 2208 } 2209 2210 /* Remove the entry. */ 2211 rem_array_elem(static_memory_map.map, static_memory_map.count, 2212 sizeof(*static_memory_map.map), i); 2213 static_memory_map.count--; 2214 2215 return TEE_SUCCESS; 2216 } 2217 2218 struct tee_mmap_region * 2219 core_mmu_find_mapping_exclusive(enum teecore_memtypes type, size_t len) 2220 { 2221 struct memory_map *mem_map = get_memory_map(); 2222 struct tee_mmap_region *map_found = NULL; 2223 size_t n = 0; 2224 2225 if (!len) 2226 return NULL; 2227 2228 for (n = 0; n < mem_map->count; n++) { 2229 if (mem_map->map[n].type != type) 2230 continue; 2231 2232 if (map_found) 2233 return NULL; 2234 2235 map_found = mem_map->map + n; 2236 } 2237 2238 if (!map_found || map_found->size < len) 2239 return NULL; 2240 2241 return map_found; 2242 } 2243 2244 void *core_mmu_add_mapping(enum teecore_memtypes type, paddr_t addr, size_t len) 2245 { 2246 struct memory_map *mem_map = &static_memory_map; 2247 struct core_mmu_table_info tbl_info = { }; 2248 struct tee_mmap_region *map = NULL; 2249 size_t granule = 0; 2250 paddr_t p = 0; 2251 size_t l = 0; 2252 2253 if (!len) 2254 return NULL; 2255 2256 if (!core_mmu_check_end_pa(addr, len)) 2257 return NULL; 2258 2259 /* Check if the memory is already mapped */ 2260 map = find_map_by_type_and_pa(type, addr, len); 2261 if (map && pbuf_inside_map_area(addr, len, map)) 2262 return (void *)(vaddr_t)(map->va + addr - map->pa); 2263 2264 /* Find the reserved va space used for late mappings */ 2265 map = find_map_by_type(MEM_AREA_RES_VASPACE); 2266 if (!map) 2267 return NULL; 2268 2269 if (!core_mmu_find_table(NULL, map->va, UINT_MAX, &tbl_info)) 2270 return NULL; 2271 2272 granule = BIT64(tbl_info.shift); 2273 p = ROUNDDOWN(addr, granule); 2274 l = ROUNDUP(len + addr - p, granule); 2275 2276 /* Ban overflowing virtual addresses */ 2277 if (map->size < l) 2278 return NULL; 2279 2280 /* 2281 * Something is wrong, we can't fit the va range into the selected 2282 * table. The reserved va range is possibly missaligned with 2283 * granule. 2284 */ 2285 if (core_mmu_va2idx(&tbl_info, map->va + len) >= tbl_info.num_entries) 2286 return NULL; 2287 2288 if (static_memory_map.count >= static_memory_map.alloc_count) 2289 return NULL; 2290 2291 mem_map->map[mem_map->count] = (struct tee_mmap_region){ 2292 .va = map->va, 2293 .size = l, 2294 .type = type, 2295 .region_size = granule, 2296 .attr = core_mmu_type_to_attr(type), 2297 .pa = p, 2298 }; 2299 map->va += l; 2300 map->size -= l; 2301 map = mem_map->map + mem_map->count; 2302 mem_map->count++; 2303 2304 set_region(&tbl_info, map); 2305 2306 /* Make sure the new entry is visible before continuing. */ 2307 core_mmu_table_write_barrier(); 2308 2309 return (void *)(vaddr_t)(map->va + addr - map->pa); 2310 } 2311 2312 #ifdef CFG_WITH_PAGER 2313 static vaddr_t get_linear_map_end_va(void) 2314 { 2315 /* this is synced with the generic linker file kern.ld.S */ 2316 return (vaddr_t)__heap2_end; 2317 } 2318 2319 static paddr_t get_linear_map_end_pa(void) 2320 { 2321 return get_linear_map_end_va() - boot_mmu_config.map_offset; 2322 } 2323 #endif 2324 2325 #if defined(CFG_TEE_CORE_DEBUG) 2326 static void check_pa_matches_va(void *va, paddr_t pa) 2327 { 2328 TEE_Result res = TEE_ERROR_GENERIC; 2329 vaddr_t v = (vaddr_t)va; 2330 paddr_t p = 0; 2331 struct core_mmu_table_info ti __maybe_unused = { }; 2332 2333 if (core_mmu_user_va_range_is_defined()) { 2334 vaddr_t user_va_base = 0; 2335 size_t user_va_size = 0; 2336 2337 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 2338 if (v >= user_va_base && 2339 v <= (user_va_base - 1 + user_va_size)) { 2340 if (!core_mmu_user_mapping_is_active()) { 2341 if (pa) 2342 panic("issue in linear address space"); 2343 return; 2344 } 2345 2346 res = vm_va2pa(to_user_mode_ctx(thread_get_tsd()->ctx), 2347 va, &p); 2348 if (res == TEE_ERROR_NOT_SUPPORTED) 2349 return; 2350 if (res == TEE_SUCCESS && pa != p) 2351 panic("bad pa"); 2352 if (res != TEE_SUCCESS && pa) 2353 panic("false pa"); 2354 return; 2355 } 2356 } 2357 #ifdef CFG_WITH_PAGER 2358 if (is_unpaged(va)) { 2359 if (v - boot_mmu_config.map_offset != pa) 2360 panic("issue in linear address space"); 2361 return; 2362 } 2363 2364 if (tee_pager_get_table_info(v, &ti)) { 2365 uint32_t a; 2366 2367 /* 2368 * Lookups in the page table managed by the pager is 2369 * dangerous for addresses in the paged area as those pages 2370 * changes all the time. But some ranges are safe, 2371 * rw-locked areas when the page is populated for instance. 2372 */ 2373 core_mmu_get_entry(&ti, core_mmu_va2idx(&ti, v), &p, &a); 2374 if (a & TEE_MATTR_VALID_BLOCK) { 2375 paddr_t mask = BIT64(ti.shift) - 1; 2376 2377 p |= v & mask; 2378 if (pa != p) 2379 panic(); 2380 } else { 2381 if (pa) 2382 panic(); 2383 } 2384 return; 2385 } 2386 #endif 2387 2388 if (!core_va2pa_helper(va, &p)) { 2389 /* Verfiy only the static mapping (case non null phys addr) */ 2390 if (p && pa != p) { 2391 DMSG("va %p maps 0x%" PRIxPA ", expect 0x%" PRIxPA, 2392 va, p, pa); 2393 panic(); 2394 } 2395 } else { 2396 if (pa) { 2397 DMSG("va %p unmapped, expect 0x%" PRIxPA, va, pa); 2398 panic(); 2399 } 2400 } 2401 } 2402 #else 2403 static void check_pa_matches_va(void *va __unused, paddr_t pa __unused) 2404 { 2405 } 2406 #endif 2407 2408 paddr_t virt_to_phys(void *va) 2409 { 2410 paddr_t pa = 0; 2411 2412 if (!arch_va2pa_helper(va, &pa)) 2413 pa = 0; 2414 check_pa_matches_va(memtag_strip_tag(va), pa); 2415 return pa; 2416 } 2417 2418 /* 2419 * Don't use check_va_matches_pa() for RISC-V, as its callee 2420 * arch_va2pa_helper() will call it eventually, this creates 2421 * indirect recursion and can lead to a stack overflow. 2422 * Moreover, if arch_va2pa_helper() returns true, it implies 2423 * the va2pa mapping is matched, no need to check it again. 2424 */ 2425 #if defined(CFG_TEE_CORE_DEBUG) && !defined(__riscv) 2426 static void check_va_matches_pa(paddr_t pa, void *va) 2427 { 2428 paddr_t p = 0; 2429 2430 if (!va) 2431 return; 2432 2433 p = virt_to_phys(va); 2434 if (p != pa) { 2435 DMSG("va %p maps 0x%" PRIxPA " expect 0x%" PRIxPA, va, p, pa); 2436 panic(); 2437 } 2438 } 2439 #else 2440 static void check_va_matches_pa(paddr_t pa __unused, void *va __unused) 2441 { 2442 } 2443 #endif 2444 2445 static void *phys_to_virt_ts_vaspace(paddr_t pa, size_t len) 2446 { 2447 if (!core_mmu_user_mapping_is_active()) 2448 return NULL; 2449 2450 return vm_pa2va(to_user_mode_ctx(thread_get_tsd()->ctx), pa, len); 2451 } 2452 2453 #ifdef CFG_WITH_PAGER 2454 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2455 { 2456 paddr_t end_pa = 0; 2457 2458 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 2459 return NULL; 2460 2461 if (pa >= TEE_LOAD_ADDR && pa < get_linear_map_end_pa()) { 2462 if (end_pa > get_linear_map_end_pa()) 2463 return NULL; 2464 return (void *)(vaddr_t)(pa + boot_mmu_config.map_offset); 2465 } 2466 2467 return tee_pager_phys_to_virt(pa, len); 2468 } 2469 #else 2470 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2471 { 2472 struct tee_mmap_region *mmap = NULL; 2473 2474 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM, pa, len); 2475 if (!mmap) 2476 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RW, pa, len); 2477 if (!mmap) 2478 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RO, pa, len); 2479 if (!mmap) 2480 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RW, pa, len); 2481 if (!mmap) 2482 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RO, pa, len); 2483 if (!mmap) 2484 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RX, pa, len); 2485 /* 2486 * Note that MEM_AREA_INIT_RAM_RO and MEM_AREA_INIT_RAM_RX are only 2487 * used with pager and not needed here. 2488 */ 2489 return map_pa2va(mmap, pa, len); 2490 } 2491 #endif 2492 2493 void *phys_to_virt(paddr_t pa, enum teecore_memtypes m, size_t len) 2494 { 2495 void *va = NULL; 2496 2497 switch (m) { 2498 case MEM_AREA_TS_VASPACE: 2499 va = phys_to_virt_ts_vaspace(pa, len); 2500 break; 2501 case MEM_AREA_TEE_RAM: 2502 case MEM_AREA_TEE_RAM_RX: 2503 case MEM_AREA_TEE_RAM_RO: 2504 case MEM_AREA_TEE_RAM_RW: 2505 case MEM_AREA_NEX_RAM_RO: 2506 case MEM_AREA_NEX_RAM_RW: 2507 va = phys_to_virt_tee_ram(pa, len); 2508 break; 2509 case MEM_AREA_SHM_VASPACE: 2510 /* Find VA from PA in dynamic SHM is not yet supported */ 2511 va = NULL; 2512 break; 2513 default: 2514 va = map_pa2va(find_map_by_type_and_pa(m, pa, len), pa, len); 2515 } 2516 if (m != MEM_AREA_SEC_RAM_OVERALL) 2517 check_va_matches_pa(pa, va); 2518 return va; 2519 } 2520 2521 void *phys_to_virt_io(paddr_t pa, size_t len) 2522 { 2523 struct tee_mmap_region *map = NULL; 2524 void *va = NULL; 2525 2526 map = find_map_by_type_and_pa(MEM_AREA_IO_SEC, pa, len); 2527 if (!map) 2528 map = find_map_by_type_and_pa(MEM_AREA_IO_NSEC, pa, len); 2529 if (!map) 2530 return NULL; 2531 va = map_pa2va(map, pa, len); 2532 check_va_matches_pa(pa, va); 2533 return va; 2534 } 2535 2536 vaddr_t core_mmu_get_va(paddr_t pa, enum teecore_memtypes type, size_t len) 2537 { 2538 if (cpu_mmu_enabled()) 2539 return (vaddr_t)phys_to_virt(pa, type, len); 2540 2541 return (vaddr_t)pa; 2542 } 2543 2544 #ifdef CFG_WITH_PAGER 2545 bool is_unpaged(const void *va) 2546 { 2547 vaddr_t v = (vaddr_t)va; 2548 2549 return v >= VCORE_START_VA && v < get_linear_map_end_va(); 2550 } 2551 #endif 2552 2553 #ifdef CFG_NS_VIRTUALIZATION 2554 bool is_nexus(const void *va) 2555 { 2556 vaddr_t v = (vaddr_t)va; 2557 2558 return v >= VCORE_START_VA && v < VCORE_NEX_RW_PA + VCORE_NEX_RW_SZ; 2559 } 2560 #endif 2561 2562 void core_mmu_init_virtualization(void) 2563 { 2564 paddr_t b1 = 0; 2565 paddr_size_t s1 = 0; 2566 2567 static_assert(ARRAY_SIZE(secure_only) <= 2); 2568 if (ARRAY_SIZE(secure_only) == 2) { 2569 b1 = secure_only[1].paddr; 2570 s1 = secure_only[1].size; 2571 } 2572 virt_init_memory(&static_memory_map, secure_only[0].paddr, 2573 secure_only[0].size, b1, s1); 2574 } 2575 2576 vaddr_t io_pa_or_va(struct io_pa_va *p, size_t len) 2577 { 2578 assert(p->pa); 2579 if (cpu_mmu_enabled()) { 2580 if (!p->va) 2581 p->va = (vaddr_t)phys_to_virt_io(p->pa, len); 2582 assert(p->va); 2583 return p->va; 2584 } 2585 return p->pa; 2586 } 2587 2588 vaddr_t io_pa_or_va_secure(struct io_pa_va *p, size_t len) 2589 { 2590 assert(p->pa); 2591 if (cpu_mmu_enabled()) { 2592 if (!p->va) 2593 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_SEC, 2594 len); 2595 assert(p->va); 2596 return p->va; 2597 } 2598 return p->pa; 2599 } 2600 2601 vaddr_t io_pa_or_va_nsec(struct io_pa_va *p, size_t len) 2602 { 2603 assert(p->pa); 2604 if (cpu_mmu_enabled()) { 2605 if (!p->va) 2606 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_NSEC, 2607 len); 2608 assert(p->va); 2609 return p->va; 2610 } 2611 return p->pa; 2612 } 2613 2614 #ifdef CFG_CORE_RESERVED_SHM 2615 static TEE_Result teecore_init_pub_ram(void) 2616 { 2617 vaddr_t s = 0; 2618 vaddr_t e = 0; 2619 2620 /* get virtual addr/size of NSec shared mem allocated from teecore */ 2621 core_mmu_get_mem_by_type(MEM_AREA_NSEC_SHM, &s, &e); 2622 2623 if (s >= e || s & SMALL_PAGE_MASK || e & SMALL_PAGE_MASK) 2624 panic("invalid PUB RAM"); 2625 2626 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2627 if (!tee_vbuf_is_non_sec(s, e - s)) 2628 panic("PUB RAM is not non-secure"); 2629 2630 #ifdef CFG_PL310 2631 /* Allocate statically the l2cc mutex */ 2632 tee_l2cc_store_mutex_boot_pa(virt_to_phys((void *)s)); 2633 s += sizeof(uint32_t); /* size of a pl310 mutex */ 2634 s = ROUNDUP(s, SMALL_PAGE_SIZE); /* keep required alignment */ 2635 #endif 2636 2637 default_nsec_shm_paddr = virt_to_phys((void *)s); 2638 default_nsec_shm_size = e - s; 2639 2640 return TEE_SUCCESS; 2641 } 2642 early_init(teecore_init_pub_ram); 2643 #endif /*CFG_CORE_RESERVED_SHM*/ 2644 2645 static void __maybe_unused carve_out_core_mem(paddr_t pa, paddr_t end_pa) 2646 { 2647 tee_mm_entry_t *mm __maybe_unused = NULL; 2648 2649 DMSG("%#"PRIxPA" .. %#"PRIxPA, pa, end_pa); 2650 mm = phys_mem_alloc2(pa, end_pa - pa); 2651 assert(mm); 2652 } 2653 2654 void core_mmu_init_phys_mem(void) 2655 { 2656 paddr_t ps = 0; 2657 size_t size = 0; 2658 2659 /* 2660 * Get virtual addr/size of RAM where TA are loaded/executedNSec 2661 * shared mem allocated from teecore. 2662 */ 2663 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 2664 vaddr_t s = 0; 2665 vaddr_t e = 0; 2666 2667 virt_get_ta_ram(&s, &e); 2668 ps = virt_to_phys((void *)s); 2669 size = e - s; 2670 phys_mem_init(0, 0, ps, size); 2671 } else { 2672 #ifdef CFG_WITH_PAGER 2673 /* 2674 * The pager uses all core memory so there's no need to add 2675 * it to the pool. 2676 */ 2677 static_assert(ARRAY_SIZE(secure_only) == 2); 2678 phys_mem_init(0, 0, secure_only[1].paddr, secure_only[1].size); 2679 #else /*!CFG_WITH_PAGER*/ 2680 size_t align = BIT(CORE_MMU_USER_CODE_SHIFT); 2681 paddr_t end_pa = 0; 2682 paddr_t pa = 0; 2683 2684 static_assert(ARRAY_SIZE(secure_only) <= 2); 2685 if (ARRAY_SIZE(secure_only) == 2) { 2686 ps = secure_only[1].paddr; 2687 size = secure_only[1].size; 2688 } 2689 phys_mem_init(secure_only[0].paddr, secure_only[0].size, 2690 ps, size); 2691 2692 /* 2693 * The VCORE macros are relocatable so we need to translate 2694 * the addresses now that the MMU is enabled. 2695 */ 2696 end_pa = vaddr_to_phys(ROUNDUP(VCORE_FREE_END_PA, 2697 align) - 1) + 1; 2698 /* Carve out the part used by OP-TEE core */ 2699 carve_out_core_mem(vaddr_to_phys(VCORE_UNPG_RX_PA), end_pa); 2700 if (IS_ENABLED(CFG_CORE_SANITIZE_KADDRESS)) { 2701 pa = vaddr_to_phys(ROUNDUP(ASAN_MAP_PA, align)); 2702 carve_out_core_mem(pa, pa + ASAN_MAP_SZ); 2703 } 2704 2705 /* Carve out test SDP memory */ 2706 #ifdef TEE_SDP_TEST_MEM_BASE 2707 if (TEE_SDP_TEST_MEM_SIZE) { 2708 pa = vaddr_to_phys(TEE_SDP_TEST_MEM_BASE); 2709 carve_out_core_mem(pa, pa + TEE_SDP_TEST_MEM_SIZE); 2710 } 2711 #endif 2712 #endif /*!CFG_WITH_PAGER*/ 2713 } 2714 } 2715