1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2016, 2022 Linaro Limited 4 * Copyright (c) 2014, STMicroelectronics International N.V. 5 * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. 6 */ 7 8 #include <assert.h> 9 #include <config.h> 10 #include <kernel/boot.h> 11 #include <kernel/dt.h> 12 #include <kernel/linker.h> 13 #include <kernel/panic.h> 14 #include <kernel/spinlock.h> 15 #include <kernel/tee_l2cc_mutex.h> 16 #include <kernel/tee_misc.h> 17 #include <kernel/tlb_helpers.h> 18 #include <kernel/user_mode_ctx.h> 19 #include <kernel/virtualization.h> 20 #include <libfdt.h> 21 #include <mm/core_memprot.h> 22 #include <mm/core_mmu.h> 23 #include <mm/mobj.h> 24 #include <mm/pgt_cache.h> 25 #include <mm/tee_pager.h> 26 #include <mm/vm.h> 27 #include <platform_config.h> 28 #include <string.h> 29 #include <trace.h> 30 #include <util.h> 31 32 #ifndef DEBUG_XLAT_TABLE 33 #define DEBUG_XLAT_TABLE 0 34 #endif 35 36 #define SHM_VASPACE_SIZE (1024 * 1024 * 32) 37 38 #ifdef CFG_CORE_PHYS_RELOCATABLE 39 unsigned long core_mmu_tee_load_pa __nex_bss; 40 #else 41 const unsigned long core_mmu_tee_load_pa = TEE_LOAD_ADDR; 42 #endif 43 44 /* 45 * These variables are initialized before .bss is cleared. To avoid 46 * resetting them when .bss is cleared we're storing them in .data instead, 47 * even if they initially are zero. 48 */ 49 50 #ifdef CFG_CORE_RESERVED_SHM 51 /* Default NSec shared memory allocated from NSec world */ 52 unsigned long default_nsec_shm_size __nex_bss; 53 unsigned long default_nsec_shm_paddr __nex_bss; 54 #endif 55 56 static struct tee_mmap_region static_memory_map[CFG_MMAP_REGIONS 57 #if defined(CFG_CORE_ASLR) || defined(CFG_CORE_PHYS_RELOCATABLE) 58 + 1 59 #endif 60 + 1] __nex_bss; 61 62 /* Define the platform's memory layout. */ 63 struct memaccess_area { 64 paddr_t paddr; 65 size_t size; 66 }; 67 68 #define MEMACCESS_AREA(a, s) { .paddr = a, .size = s } 69 70 static struct memaccess_area secure_only[] __nex_data = { 71 #ifdef CFG_CORE_PHYS_RELOCATABLE 72 MEMACCESS_AREA(0, 0), 73 #else 74 #ifdef TRUSTED_SRAM_BASE 75 MEMACCESS_AREA(TRUSTED_SRAM_BASE, TRUSTED_SRAM_SIZE), 76 #endif 77 MEMACCESS_AREA(TRUSTED_DRAM_BASE, TRUSTED_DRAM_SIZE), 78 #endif 79 }; 80 81 static struct memaccess_area nsec_shared[] __nex_data = { 82 #ifdef CFG_CORE_RESERVED_SHM 83 MEMACCESS_AREA(TEE_SHMEM_START, TEE_SHMEM_SIZE), 84 #endif 85 }; 86 87 #if defined(CFG_SECURE_DATA_PATH) 88 static const char *tz_sdp_match = "linaro,secure-heap"; 89 static struct memaccess_area sec_sdp; 90 #ifdef CFG_TEE_SDP_MEM_BASE 91 register_sdp_mem(CFG_TEE_SDP_MEM_BASE, CFG_TEE_SDP_MEM_SIZE); 92 #endif 93 #ifdef TEE_SDP_TEST_MEM_BASE 94 register_sdp_mem(TEE_SDP_TEST_MEM_BASE, TEE_SDP_TEST_MEM_SIZE); 95 #endif 96 #endif 97 98 #ifdef CFG_CORE_RESERVED_SHM 99 register_phys_mem(MEM_AREA_NSEC_SHM, TEE_SHMEM_START, TEE_SHMEM_SIZE); 100 #endif 101 static unsigned int mmu_spinlock; 102 103 static uint32_t mmu_lock(void) 104 { 105 return cpu_spin_lock_xsave(&mmu_spinlock); 106 } 107 108 static void mmu_unlock(uint32_t exceptions) 109 { 110 cpu_spin_unlock_xrestore(&mmu_spinlock, exceptions); 111 } 112 113 void core_mmu_get_secure_memory(paddr_t *base, paddr_size_t *size) 114 { 115 /* 116 * The first range is always used to cover OP-TEE core memory, but 117 * depending on configuration it may cover more than that. 118 */ 119 *base = secure_only[0].paddr; 120 *size = secure_only[0].size; 121 } 122 123 void core_mmu_set_secure_memory(paddr_t base, size_t size) 124 { 125 #ifdef CFG_CORE_PHYS_RELOCATABLE 126 static_assert(ARRAY_SIZE(secure_only) == 1); 127 #endif 128 runtime_assert(IS_ENABLED(CFG_CORE_PHYS_RELOCATABLE)); 129 assert(!secure_only[0].size); 130 assert(base && size); 131 132 DMSG("Physical secure memory base %#"PRIxPA" size %#zx", base, size); 133 secure_only[0].paddr = base; 134 secure_only[0].size = size; 135 } 136 137 void core_mmu_get_ta_range(paddr_t *base, size_t *size) 138 { 139 paddr_t b = 0; 140 size_t s = 0; 141 142 static_assert(!(TEE_RAM_VA_SIZE % SMALL_PAGE_SIZE)); 143 #ifdef TA_RAM_START 144 b = TA_RAM_START; 145 s = TA_RAM_SIZE; 146 #else 147 static_assert(ARRAY_SIZE(secure_only) <= 2); 148 if (ARRAY_SIZE(secure_only) == 1) { 149 vaddr_t load_offs = 0; 150 151 assert(core_mmu_tee_load_pa >= secure_only[0].paddr); 152 load_offs = core_mmu_tee_load_pa - secure_only[0].paddr; 153 154 assert(secure_only[0].size > 155 load_offs + TEE_RAM_VA_SIZE + TEE_SDP_TEST_MEM_SIZE); 156 b = secure_only[0].paddr + load_offs + TEE_RAM_VA_SIZE; 157 s = secure_only[0].size - load_offs - TEE_RAM_VA_SIZE - 158 TEE_SDP_TEST_MEM_SIZE; 159 } else { 160 assert(secure_only[1].size > TEE_SDP_TEST_MEM_SIZE); 161 b = secure_only[1].paddr; 162 s = secure_only[1].size - TEE_SDP_TEST_MEM_SIZE; 163 } 164 #endif 165 if (base) 166 *base = b; 167 if (size) 168 *size = s; 169 } 170 171 static struct tee_mmap_region *get_memory_map(void) 172 { 173 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 174 struct tee_mmap_region *map = virt_get_memory_map(); 175 176 if (map) 177 return map; 178 } 179 180 return static_memory_map; 181 } 182 183 static bool _pbuf_intersects(struct memaccess_area *a, size_t alen, 184 paddr_t pa, size_t size) 185 { 186 size_t n; 187 188 for (n = 0; n < alen; n++) 189 if (core_is_buffer_intersect(pa, size, a[n].paddr, a[n].size)) 190 return true; 191 return false; 192 } 193 194 #define pbuf_intersects(a, pa, size) \ 195 _pbuf_intersects((a), ARRAY_SIZE(a), (pa), (size)) 196 197 static bool _pbuf_is_inside(struct memaccess_area *a, size_t alen, 198 paddr_t pa, size_t size) 199 { 200 size_t n; 201 202 for (n = 0; n < alen; n++) 203 if (core_is_buffer_inside(pa, size, a[n].paddr, a[n].size)) 204 return true; 205 return false; 206 } 207 208 #define pbuf_is_inside(a, pa, size) \ 209 _pbuf_is_inside((a), ARRAY_SIZE(a), (pa), (size)) 210 211 static bool pa_is_in_map(struct tee_mmap_region *map, paddr_t pa, size_t len) 212 { 213 paddr_t end_pa = 0; 214 215 if (!map) 216 return false; 217 218 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 219 return false; 220 221 return (pa >= map->pa && end_pa <= map->pa + map->size - 1); 222 } 223 224 static bool va_is_in_map(struct tee_mmap_region *map, vaddr_t va) 225 { 226 if (!map) 227 return false; 228 return (va >= map->va && va <= (map->va + map->size - 1)); 229 } 230 231 /* check if target buffer fits in a core default map area */ 232 static bool pbuf_inside_map_area(unsigned long p, size_t l, 233 struct tee_mmap_region *map) 234 { 235 return core_is_buffer_inside(p, l, map->pa, map->size); 236 } 237 238 static struct tee_mmap_region *find_map_by_type(enum teecore_memtypes type) 239 { 240 struct tee_mmap_region *map; 241 242 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) 243 if (map->type == type) 244 return map; 245 return NULL; 246 } 247 248 static struct tee_mmap_region * 249 find_map_by_type_and_pa(enum teecore_memtypes type, paddr_t pa, size_t len) 250 { 251 struct tee_mmap_region *map; 252 253 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 254 if (map->type != type) 255 continue; 256 if (pa_is_in_map(map, pa, len)) 257 return map; 258 } 259 return NULL; 260 } 261 262 static struct tee_mmap_region *find_map_by_va(void *va) 263 { 264 struct tee_mmap_region *map = get_memory_map(); 265 unsigned long a = (unsigned long)va; 266 267 while (!core_mmap_is_end_of_table(map)) { 268 if (a >= map->va && a <= (map->va - 1 + map->size)) 269 return map; 270 map++; 271 } 272 return NULL; 273 } 274 275 static struct tee_mmap_region *find_map_by_pa(unsigned long pa) 276 { 277 struct tee_mmap_region *map = get_memory_map(); 278 279 while (!core_mmap_is_end_of_table(map)) { 280 if (pa >= map->pa && pa <= (map->pa + map->size - 1)) 281 return map; 282 map++; 283 } 284 return NULL; 285 } 286 287 #if defined(CFG_SECURE_DATA_PATH) 288 static bool dtb_get_sdp_region(void) 289 { 290 void *fdt = NULL; 291 int node = 0; 292 int tmp_node = 0; 293 paddr_t tmp_addr = 0; 294 size_t tmp_size = 0; 295 296 if (!IS_ENABLED(CFG_EMBED_DTB)) 297 return false; 298 299 fdt = get_embedded_dt(); 300 if (!fdt) 301 panic("No DTB found"); 302 303 node = fdt_node_offset_by_compatible(fdt, -1, tz_sdp_match); 304 if (node < 0) { 305 DMSG("No %s compatible node found", tz_sdp_match); 306 return false; 307 } 308 tmp_node = node; 309 while (tmp_node >= 0) { 310 tmp_node = fdt_node_offset_by_compatible(fdt, tmp_node, 311 tz_sdp_match); 312 if (tmp_node >= 0) 313 DMSG("Ignore SDP pool node %s, supports only 1 node", 314 fdt_get_name(fdt, tmp_node, NULL)); 315 } 316 317 tmp_addr = fdt_reg_base_address(fdt, node); 318 if (tmp_addr == DT_INFO_INVALID_REG) { 319 EMSG("%s: Unable to get base addr from DT", tz_sdp_match); 320 return false; 321 } 322 323 tmp_size = fdt_reg_size(fdt, node); 324 if (tmp_size == DT_INFO_INVALID_REG_SIZE) { 325 EMSG("%s: Unable to get size of base addr from DT", 326 tz_sdp_match); 327 return false; 328 } 329 330 sec_sdp.paddr = tmp_addr; 331 sec_sdp.size = tmp_size; 332 333 return true; 334 } 335 #endif 336 337 #if defined(CFG_CORE_DYN_SHM) || defined(CFG_SECURE_DATA_PATH) 338 static bool pbuf_is_special_mem(paddr_t pbuf, size_t len, 339 const struct core_mmu_phys_mem *start, 340 const struct core_mmu_phys_mem *end) 341 { 342 const struct core_mmu_phys_mem *mem; 343 344 for (mem = start; mem < end; mem++) { 345 if (core_is_buffer_inside(pbuf, len, mem->addr, mem->size)) 346 return true; 347 } 348 349 return false; 350 } 351 #endif 352 353 #ifdef CFG_CORE_DYN_SHM 354 static void carve_out_phys_mem(struct core_mmu_phys_mem **mem, size_t *nelems, 355 paddr_t pa, size_t size) 356 { 357 struct core_mmu_phys_mem *m = *mem; 358 size_t n = 0; 359 360 while (true) { 361 if (n >= *nelems) { 362 DMSG("No need to carve out %#" PRIxPA " size %#zx", 363 pa, size); 364 return; 365 } 366 if (core_is_buffer_inside(pa, size, m[n].addr, m[n].size)) 367 break; 368 if (!core_is_buffer_outside(pa, size, m[n].addr, m[n].size)) 369 panic(); 370 n++; 371 } 372 373 if (pa == m[n].addr && size == m[n].size) { 374 /* Remove this entry */ 375 (*nelems)--; 376 memmove(m + n, m + n + 1, sizeof(*m) * (*nelems - n)); 377 m = nex_realloc(m, sizeof(*m) * *nelems); 378 if (!m) 379 panic(); 380 *mem = m; 381 } else if (pa == m[n].addr) { 382 m[n].addr += size; 383 m[n].size -= size; 384 } else if ((pa + size) == (m[n].addr + m[n].size)) { 385 m[n].size -= size; 386 } else { 387 /* Need to split the memory entry */ 388 m = nex_realloc(m, sizeof(*m) * (*nelems + 1)); 389 if (!m) 390 panic(); 391 *mem = m; 392 memmove(m + n + 1, m + n, sizeof(*m) * (*nelems - n)); 393 (*nelems)++; 394 m[n].size = pa - m[n].addr; 395 m[n + 1].size -= size + m[n].size; 396 m[n + 1].addr = pa + size; 397 } 398 } 399 400 static void check_phys_mem_is_outside(struct core_mmu_phys_mem *start, 401 size_t nelems, 402 struct tee_mmap_region *map) 403 { 404 size_t n; 405 406 for (n = 0; n < nelems; n++) { 407 if (!core_is_buffer_outside(start[n].addr, start[n].size, 408 map->pa, map->size)) { 409 EMSG("Non-sec mem (%#" PRIxPA ":%#" PRIxPASZ 410 ") overlaps map (type %d %#" PRIxPA ":%#zx)", 411 start[n].addr, start[n].size, 412 map->type, map->pa, map->size); 413 panic(); 414 } 415 } 416 } 417 418 static const struct core_mmu_phys_mem *discovered_nsec_ddr_start __nex_bss; 419 static size_t discovered_nsec_ddr_nelems __nex_bss; 420 421 static int cmp_pmem_by_addr(const void *a, const void *b) 422 { 423 const struct core_mmu_phys_mem *pmem_a = a; 424 const struct core_mmu_phys_mem *pmem_b = b; 425 426 return CMP_TRILEAN(pmem_a->addr, pmem_b->addr); 427 } 428 429 void core_mmu_set_discovered_nsec_ddr(struct core_mmu_phys_mem *start, 430 size_t nelems) 431 { 432 struct core_mmu_phys_mem *m = start; 433 size_t num_elems = nelems; 434 struct tee_mmap_region *map = static_memory_map; 435 const struct core_mmu_phys_mem __maybe_unused *pmem; 436 size_t n = 0; 437 438 assert(!discovered_nsec_ddr_start); 439 assert(m && num_elems); 440 441 qsort(m, num_elems, sizeof(*m), cmp_pmem_by_addr); 442 443 /* 444 * Non-secure shared memory and also secure data 445 * path memory are supposed to reside inside 446 * non-secure memory. Since NSEC_SHM and SDP_MEM 447 * are used for a specific purpose make holes for 448 * those memory in the normal non-secure memory. 449 * 450 * This has to be done since for instance QEMU 451 * isn't aware of which memory range in the 452 * non-secure memory is used for NSEC_SHM. 453 */ 454 455 #ifdef CFG_SECURE_DATA_PATH 456 if (dtb_get_sdp_region()) 457 carve_out_phys_mem(&m, &num_elems, sec_sdp.paddr, sec_sdp.size); 458 459 for (pmem = phys_sdp_mem_begin; pmem < phys_sdp_mem_end; pmem++) 460 carve_out_phys_mem(&m, &num_elems, pmem->addr, pmem->size); 461 #endif 462 463 for (n = 0; n < ARRAY_SIZE(secure_only); n++) 464 carve_out_phys_mem(&m, &num_elems, secure_only[n].paddr, 465 secure_only[n].size); 466 467 for (map = static_memory_map; !core_mmap_is_end_of_table(map); map++) { 468 switch (map->type) { 469 case MEM_AREA_NSEC_SHM: 470 carve_out_phys_mem(&m, &num_elems, map->pa, map->size); 471 break; 472 case MEM_AREA_EXT_DT: 473 case MEM_AREA_MANIFEST_DT: 474 case MEM_AREA_RAM_NSEC: 475 case MEM_AREA_RES_VASPACE: 476 case MEM_AREA_SHM_VASPACE: 477 case MEM_AREA_TS_VASPACE: 478 case MEM_AREA_PAGER_VASPACE: 479 break; 480 default: 481 check_phys_mem_is_outside(m, num_elems, map); 482 } 483 } 484 485 discovered_nsec_ddr_start = m; 486 discovered_nsec_ddr_nelems = num_elems; 487 488 if (!core_mmu_check_end_pa(m[num_elems - 1].addr, 489 m[num_elems - 1].size)) 490 panic(); 491 } 492 493 static bool get_discovered_nsec_ddr(const struct core_mmu_phys_mem **start, 494 const struct core_mmu_phys_mem **end) 495 { 496 if (!discovered_nsec_ddr_start) 497 return false; 498 499 *start = discovered_nsec_ddr_start; 500 *end = discovered_nsec_ddr_start + discovered_nsec_ddr_nelems; 501 502 return true; 503 } 504 505 static bool pbuf_is_nsec_ddr(paddr_t pbuf, size_t len) 506 { 507 const struct core_mmu_phys_mem *start; 508 const struct core_mmu_phys_mem *end; 509 510 if (!get_discovered_nsec_ddr(&start, &end)) 511 return false; 512 513 return pbuf_is_special_mem(pbuf, len, start, end); 514 } 515 516 bool core_mmu_nsec_ddr_is_defined(void) 517 { 518 const struct core_mmu_phys_mem *start; 519 const struct core_mmu_phys_mem *end; 520 521 if (!get_discovered_nsec_ddr(&start, &end)) 522 return false; 523 524 return start != end; 525 } 526 #else 527 static bool pbuf_is_nsec_ddr(paddr_t pbuf __unused, size_t len __unused) 528 { 529 return false; 530 } 531 #endif /*CFG_CORE_DYN_SHM*/ 532 533 #define MSG_MEM_INSTERSECT(pa1, sz1, pa2, sz2) \ 534 EMSG("[%" PRIxPA " %" PRIx64 "] intersects [%" PRIxPA " %" PRIx64 "]", \ 535 pa1, (uint64_t)pa1 + (sz1), pa2, (uint64_t)pa2 + (sz2)) 536 537 #ifdef CFG_SECURE_DATA_PATH 538 static bool pbuf_is_sdp_mem(paddr_t pbuf, size_t len) 539 { 540 bool is_sdp_mem = false; 541 542 if (sec_sdp.size) 543 is_sdp_mem = core_is_buffer_inside(pbuf, len, sec_sdp.paddr, 544 sec_sdp.size); 545 546 if (!is_sdp_mem) 547 is_sdp_mem = pbuf_is_special_mem(pbuf, len, phys_sdp_mem_begin, 548 phys_sdp_mem_end); 549 550 return is_sdp_mem; 551 } 552 553 static struct mobj *core_sdp_mem_alloc_mobj(paddr_t pa, size_t size) 554 { 555 struct mobj *mobj = mobj_phys_alloc(pa, size, TEE_MATTR_MEM_TYPE_CACHED, 556 CORE_MEM_SDP_MEM); 557 558 if (!mobj) 559 panic("can't create SDP physical memory object"); 560 561 return mobj; 562 } 563 564 struct mobj **core_sdp_mem_create_mobjs(void) 565 { 566 const struct core_mmu_phys_mem *mem = NULL; 567 struct mobj **mobj_base = NULL; 568 struct mobj **mobj = NULL; 569 int cnt = phys_sdp_mem_end - phys_sdp_mem_begin; 570 571 if (sec_sdp.size) 572 cnt++; 573 574 /* SDP mobjs table must end with a NULL entry */ 575 mobj_base = calloc(cnt + 1, sizeof(struct mobj *)); 576 if (!mobj_base) 577 panic("Out of memory"); 578 579 mobj = mobj_base; 580 581 for (mem = phys_sdp_mem_begin; mem < phys_sdp_mem_end; mem++, mobj++) 582 *mobj = core_sdp_mem_alloc_mobj(mem->addr, mem->size); 583 584 if (sec_sdp.size) 585 *mobj = core_sdp_mem_alloc_mobj(sec_sdp.paddr, sec_sdp.size); 586 587 return mobj_base; 588 } 589 590 #else /* CFG_SECURE_DATA_PATH */ 591 static bool pbuf_is_sdp_mem(paddr_t pbuf __unused, size_t len __unused) 592 { 593 return false; 594 } 595 596 #endif /* CFG_SECURE_DATA_PATH */ 597 598 /* Check special memories comply with registered memories */ 599 static void verify_special_mem_areas(struct tee_mmap_region *mem_map, 600 const struct core_mmu_phys_mem *start, 601 const struct core_mmu_phys_mem *end, 602 const char *area_name __maybe_unused) 603 { 604 const struct core_mmu_phys_mem *mem; 605 const struct core_mmu_phys_mem *mem2; 606 struct tee_mmap_region *mmap; 607 608 if (start == end) { 609 DMSG("No %s memory area defined", area_name); 610 return; 611 } 612 613 for (mem = start; mem < end; mem++) 614 DMSG("%s memory [%" PRIxPA " %" PRIx64 "]", 615 area_name, mem->addr, (uint64_t)mem->addr + mem->size); 616 617 /* Check memories do not intersect each other */ 618 for (mem = start; mem + 1 < end; mem++) { 619 for (mem2 = mem + 1; mem2 < end; mem2++) { 620 if (core_is_buffer_intersect(mem2->addr, mem2->size, 621 mem->addr, mem->size)) { 622 MSG_MEM_INSTERSECT(mem2->addr, mem2->size, 623 mem->addr, mem->size); 624 panic("Special memory intersection"); 625 } 626 } 627 } 628 629 /* 630 * Check memories do not intersect any mapped memory. 631 * This is called before reserved VA space is loaded in mem_map. 632 */ 633 for (mem = start; mem < end; mem++) { 634 for (mmap = mem_map; mmap->type != MEM_AREA_END; mmap++) { 635 if (core_is_buffer_intersect(mem->addr, mem->size, 636 mmap->pa, mmap->size)) { 637 MSG_MEM_INSTERSECT(mem->addr, mem->size, 638 mmap->pa, mmap->size); 639 panic("Special memory intersection"); 640 } 641 } 642 } 643 } 644 645 static void add_phys_mem(struct tee_mmap_region *memory_map, size_t num_elems, 646 const char *mem_name __maybe_unused, 647 enum teecore_memtypes mem_type, 648 paddr_t mem_addr, paddr_size_t mem_size, size_t *last) 649 { 650 size_t n = 0; 651 paddr_t pa; 652 paddr_size_t size; 653 654 if (!mem_size) /* Discard null size entries */ 655 return; 656 /* 657 * If some ranges of memory of the same type do overlap 658 * each others they are coalesced into one entry. To help this 659 * added entries are sorted by increasing physical. 660 * 661 * Note that it's valid to have the same physical memory as several 662 * different memory types, for instance the same device memory 663 * mapped as both secure and non-secure. This will probably not 664 * happen often in practice. 665 */ 666 DMSG("%s type %s 0x%08" PRIxPA " size 0x%08" PRIxPASZ, 667 mem_name, teecore_memtype_name(mem_type), mem_addr, mem_size); 668 while (true) { 669 if (n >= (num_elems - 1)) { 670 EMSG("Out of entries (%zu) in memory_map", num_elems); 671 panic(); 672 } 673 if (n == *last) 674 break; 675 pa = memory_map[n].pa; 676 size = memory_map[n].size; 677 if (mem_type == memory_map[n].type && 678 ((pa <= (mem_addr + (mem_size - 1))) && 679 (mem_addr <= (pa + (size - 1))))) { 680 DMSG("Physical mem map overlaps 0x%" PRIxPA, mem_addr); 681 memory_map[n].pa = MIN(pa, mem_addr); 682 memory_map[n].size = MAX(size, mem_size) + 683 (pa - memory_map[n].pa); 684 return; 685 } 686 if (mem_type < memory_map[n].type || 687 (mem_type == memory_map[n].type && mem_addr < pa)) 688 break; /* found the spot where to insert this memory */ 689 n++; 690 } 691 692 memmove(memory_map + n + 1, memory_map + n, 693 sizeof(struct tee_mmap_region) * (*last - n)); 694 (*last)++; 695 memset(memory_map + n, 0, sizeof(memory_map[0])); 696 memory_map[n].type = mem_type; 697 memory_map[n].pa = mem_addr; 698 memory_map[n].size = mem_size; 699 } 700 701 static void add_va_space(struct tee_mmap_region *memory_map, size_t num_elems, 702 enum teecore_memtypes type, size_t size, size_t *last) 703 { 704 size_t n = 0; 705 706 DMSG("type %s size 0x%08zx", teecore_memtype_name(type), size); 707 while (true) { 708 if (n >= (num_elems - 1)) { 709 EMSG("Out of entries (%zu) in memory_map", num_elems); 710 panic(); 711 } 712 if (n == *last) 713 break; 714 if (type < memory_map[n].type) 715 break; 716 n++; 717 } 718 719 memmove(memory_map + n + 1, memory_map + n, 720 sizeof(struct tee_mmap_region) * (*last - n)); 721 (*last)++; 722 memset(memory_map + n, 0, sizeof(memory_map[0])); 723 memory_map[n].type = type; 724 memory_map[n].size = size; 725 } 726 727 uint32_t core_mmu_type_to_attr(enum teecore_memtypes t) 728 { 729 const uint32_t attr = TEE_MATTR_VALID_BLOCK; 730 const uint32_t tagged = TEE_MATTR_MEM_TYPE_TAGGED << 731 TEE_MATTR_MEM_TYPE_SHIFT; 732 const uint32_t cached = TEE_MATTR_MEM_TYPE_CACHED << 733 TEE_MATTR_MEM_TYPE_SHIFT; 734 const uint32_t noncache = TEE_MATTR_MEM_TYPE_DEV << 735 TEE_MATTR_MEM_TYPE_SHIFT; 736 737 switch (t) { 738 case MEM_AREA_TEE_RAM: 739 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | tagged; 740 case MEM_AREA_TEE_RAM_RX: 741 case MEM_AREA_INIT_RAM_RX: 742 case MEM_AREA_IDENTITY_MAP_RX: 743 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRX | tagged; 744 case MEM_AREA_TEE_RAM_RO: 745 case MEM_AREA_INIT_RAM_RO: 746 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | tagged; 747 case MEM_AREA_TEE_RAM_RW: 748 case MEM_AREA_NEX_RAM_RO: /* This has to be r/w during init runtime */ 749 case MEM_AREA_NEX_RAM_RW: 750 case MEM_AREA_TEE_ASAN: 751 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 752 case MEM_AREA_TEE_COHERENT: 753 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | noncache; 754 case MEM_AREA_TA_RAM: 755 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged; 756 case MEM_AREA_NSEC_SHM: 757 case MEM_AREA_NEX_NSEC_SHM: 758 return attr | TEE_MATTR_PRW | cached; 759 case MEM_AREA_MANIFEST_DT: 760 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | cached; 761 case MEM_AREA_TRANSFER_LIST: 762 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 763 case MEM_AREA_EXT_DT: 764 /* 765 * If CFG_MAP_EXT_DT_SECURE is enabled map the external device 766 * tree as secure non-cached memory, otherwise, fall back to 767 * non-secure mapping. 768 */ 769 if (IS_ENABLED(CFG_MAP_EXT_DT_SECURE)) 770 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | 771 noncache; 772 fallthrough; 773 case MEM_AREA_IO_NSEC: 774 return attr | TEE_MATTR_PRW | noncache; 775 case MEM_AREA_IO_SEC: 776 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | noncache; 777 case MEM_AREA_RAM_NSEC: 778 return attr | TEE_MATTR_PRW | cached; 779 case MEM_AREA_RAM_SEC: 780 case MEM_AREA_SEC_RAM_OVERALL: 781 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached; 782 case MEM_AREA_ROM_SEC: 783 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | cached; 784 case MEM_AREA_RES_VASPACE: 785 case MEM_AREA_SHM_VASPACE: 786 return 0; 787 case MEM_AREA_PAGER_VASPACE: 788 return TEE_MATTR_SECURE; 789 default: 790 panic("invalid type"); 791 } 792 } 793 794 static bool __maybe_unused map_is_tee_ram(const struct tee_mmap_region *mm) 795 { 796 switch (mm->type) { 797 case MEM_AREA_TEE_RAM: 798 case MEM_AREA_TEE_RAM_RX: 799 case MEM_AREA_TEE_RAM_RO: 800 case MEM_AREA_TEE_RAM_RW: 801 case MEM_AREA_INIT_RAM_RX: 802 case MEM_AREA_INIT_RAM_RO: 803 case MEM_AREA_NEX_RAM_RW: 804 case MEM_AREA_NEX_RAM_RO: 805 case MEM_AREA_TEE_ASAN: 806 return true; 807 default: 808 return false; 809 } 810 } 811 812 static bool __maybe_unused map_is_secure(const struct tee_mmap_region *mm) 813 { 814 return !!(core_mmu_type_to_attr(mm->type) & TEE_MATTR_SECURE); 815 } 816 817 static bool __maybe_unused map_is_pgdir(const struct tee_mmap_region *mm) 818 { 819 return mm->region_size == CORE_MMU_PGDIR_SIZE; 820 } 821 822 static int cmp_mmap_by_lower_va(const void *a, const void *b) 823 { 824 const struct tee_mmap_region *mm_a = a; 825 const struct tee_mmap_region *mm_b = b; 826 827 return CMP_TRILEAN(mm_a->va, mm_b->va); 828 } 829 830 static void dump_mmap_table(struct tee_mmap_region *memory_map) 831 { 832 struct tee_mmap_region *map; 833 834 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 835 vaddr_t __maybe_unused vstart; 836 837 vstart = map->va + ((vaddr_t)map->pa & (map->region_size - 1)); 838 DMSG("type %-12s va 0x%08" PRIxVA "..0x%08" PRIxVA 839 " pa 0x%08" PRIxPA "..0x%08" PRIxPA " size 0x%08zx (%s)", 840 teecore_memtype_name(map->type), vstart, 841 vstart + map->size - 1, map->pa, 842 (paddr_t)(map->pa + map->size - 1), map->size, 843 map->region_size == SMALL_PAGE_SIZE ? "smallpg" : "pgdir"); 844 } 845 } 846 847 #if DEBUG_XLAT_TABLE 848 849 static void dump_xlat_table(vaddr_t va, unsigned int level) 850 { 851 struct core_mmu_table_info tbl_info; 852 unsigned int idx = 0; 853 paddr_t pa; 854 uint32_t attr; 855 856 core_mmu_find_table(NULL, va, level, &tbl_info); 857 va = tbl_info.va_base; 858 for (idx = 0; idx < tbl_info.num_entries; idx++) { 859 core_mmu_get_entry(&tbl_info, idx, &pa, &attr); 860 if (attr || level > CORE_MMU_BASE_TABLE_LEVEL) { 861 const char *security_bit = ""; 862 863 if (core_mmu_entry_have_security_bit(attr)) { 864 if (attr & TEE_MATTR_SECURE) 865 security_bit = "S"; 866 else 867 security_bit = "NS"; 868 } 869 870 if (attr & TEE_MATTR_TABLE) { 871 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 872 " TBL:0x%010" PRIxPA " %s", 873 level * 2, "", level, va, pa, 874 security_bit); 875 dump_xlat_table(va, level + 1); 876 } else if (attr) { 877 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 878 " PA:0x%010" PRIxPA " %s-%s-%s-%s", 879 level * 2, "", level, va, pa, 880 mattr_is_cached(attr) ? "MEM" : 881 "DEV", 882 attr & TEE_MATTR_PW ? "RW" : "RO", 883 attr & TEE_MATTR_PX ? "X " : "XN", 884 security_bit); 885 } else { 886 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA 887 " INVALID\n", 888 level * 2, "", level, va); 889 } 890 } 891 va += BIT64(tbl_info.shift); 892 } 893 } 894 895 #else 896 897 static void dump_xlat_table(vaddr_t va __unused, int level __unused) 898 { 899 } 900 901 #endif 902 903 /* 904 * Reserves virtual memory space for pager usage. 905 * 906 * From the start of the first memory used by the link script + 907 * TEE_RAM_VA_SIZE should be covered, either with a direct mapping or empty 908 * mapping for pager usage. This adds translation tables as needed for the 909 * pager to operate. 910 */ 911 static void add_pager_vaspace(struct tee_mmap_region *mmap, size_t num_elems, 912 size_t *last) 913 { 914 paddr_t begin = 0; 915 paddr_t end = 0; 916 size_t size = 0; 917 size_t pos = 0; 918 size_t n = 0; 919 920 if (*last >= (num_elems - 1)) { 921 EMSG("Out of entries (%zu) in memory map", num_elems); 922 panic(); 923 } 924 925 for (n = 0; !core_mmap_is_end_of_table(mmap + n); n++) { 926 if (map_is_tee_ram(mmap + n)) { 927 if (!begin) 928 begin = mmap[n].pa; 929 pos = n + 1; 930 } 931 } 932 933 end = mmap[pos - 1].pa + mmap[pos - 1].size; 934 assert(end - begin < TEE_RAM_VA_SIZE); 935 size = TEE_RAM_VA_SIZE - (end - begin); 936 937 assert(pos <= *last); 938 memmove(mmap + pos + 1, mmap + pos, 939 sizeof(struct tee_mmap_region) * (*last - pos)); 940 (*last)++; 941 memset(mmap + pos, 0, sizeof(mmap[0])); 942 mmap[pos].type = MEM_AREA_PAGER_VASPACE; 943 mmap[pos].va = 0; 944 mmap[pos].size = size; 945 mmap[pos].region_size = SMALL_PAGE_SIZE; 946 mmap[pos].attr = core_mmu_type_to_attr(MEM_AREA_PAGER_VASPACE); 947 } 948 949 static void check_sec_nsec_mem_config(void) 950 { 951 size_t n = 0; 952 953 for (n = 0; n < ARRAY_SIZE(secure_only); n++) { 954 if (pbuf_intersects(nsec_shared, secure_only[n].paddr, 955 secure_only[n].size)) 956 panic("Invalid memory access config: sec/nsec"); 957 } 958 } 959 960 static void collect_device_mem_ranges(struct tee_mmap_region *memory_map, 961 size_t num_elems, size_t *last) 962 { 963 const char *compatible = "arm,ffa-manifest-device-regions"; 964 void *fdt = get_manifest_dt(); 965 const char *name = NULL; 966 uint64_t page_count = 0; 967 uint64_t base = 0; 968 int subnode = 0; 969 int node = 0; 970 971 assert(fdt); 972 973 node = fdt_node_offset_by_compatible(fdt, 0, compatible); 974 if (node < 0) 975 return; 976 977 fdt_for_each_subnode(subnode, fdt, node) { 978 name = fdt_get_name(fdt, subnode, NULL); 979 if (!name) 980 continue; 981 982 if (dt_getprop_as_number(fdt, subnode, "base-address", 983 &base)) { 984 EMSG("Mandatory field is missing: base-address"); 985 continue; 986 } 987 988 if (base & SMALL_PAGE_MASK) { 989 EMSG("base-address is not page aligned"); 990 continue; 991 } 992 993 if (dt_getprop_as_number(fdt, subnode, "pages-count", 994 &page_count)) { 995 EMSG("Mandatory field is missing: pages-count"); 996 continue; 997 } 998 999 add_phys_mem(memory_map, num_elems, name, MEM_AREA_IO_SEC, 1000 base, base + page_count * SMALL_PAGE_SIZE, last); 1001 } 1002 } 1003 1004 static size_t collect_mem_ranges(struct tee_mmap_region *memory_map, 1005 size_t num_elems) 1006 { 1007 const struct core_mmu_phys_mem *mem = NULL; 1008 vaddr_t ram_start = secure_only[0].paddr; 1009 size_t last = 0; 1010 1011 1012 #define ADD_PHYS_MEM(_type, _addr, _size) \ 1013 add_phys_mem(memory_map, num_elems, #_addr, (_type), \ 1014 (_addr), (_size), &last) 1015 1016 if (IS_ENABLED(CFG_CORE_RWDATA_NOEXEC)) { 1017 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RO, ram_start, 1018 VCORE_UNPG_RX_PA - ram_start); 1019 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RX, VCORE_UNPG_RX_PA, 1020 VCORE_UNPG_RX_SZ); 1021 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RO, VCORE_UNPG_RO_PA, 1022 VCORE_UNPG_RO_SZ); 1023 1024 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 1025 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RO, VCORE_UNPG_RW_PA, 1026 VCORE_UNPG_RW_SZ); 1027 ADD_PHYS_MEM(MEM_AREA_NEX_RAM_RW, VCORE_NEX_RW_PA, 1028 VCORE_NEX_RW_SZ); 1029 } else { 1030 ADD_PHYS_MEM(MEM_AREA_TEE_RAM_RW, VCORE_UNPG_RW_PA, 1031 VCORE_UNPG_RW_SZ); 1032 } 1033 1034 if (IS_ENABLED(CFG_WITH_PAGER)) { 1035 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RX, VCORE_INIT_RX_PA, 1036 VCORE_INIT_RX_SZ); 1037 ADD_PHYS_MEM(MEM_AREA_INIT_RAM_RO, VCORE_INIT_RO_PA, 1038 VCORE_INIT_RO_SZ); 1039 } 1040 } else { 1041 ADD_PHYS_MEM(MEM_AREA_TEE_RAM, TEE_RAM_START, TEE_RAM_PH_SIZE); 1042 } 1043 1044 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) { 1045 ADD_PHYS_MEM(MEM_AREA_SEC_RAM_OVERALL, TRUSTED_DRAM_BASE, 1046 TRUSTED_DRAM_SIZE); 1047 } else { 1048 /* 1049 * Every guest will have own TA RAM if virtualization 1050 * support is enabled. 1051 */ 1052 paddr_t ta_base = 0; 1053 size_t ta_size = 0; 1054 1055 core_mmu_get_ta_range(&ta_base, &ta_size); 1056 ADD_PHYS_MEM(MEM_AREA_TA_RAM, ta_base, ta_size); 1057 } 1058 1059 if (IS_ENABLED(CFG_CORE_SANITIZE_KADDRESS) && 1060 IS_ENABLED(CFG_WITH_PAGER)) { 1061 /* 1062 * Asan ram is part of MEM_AREA_TEE_RAM_RW when pager is 1063 * disabled. 1064 */ 1065 ADD_PHYS_MEM(MEM_AREA_TEE_ASAN, ASAN_MAP_PA, ASAN_MAP_SZ); 1066 } 1067 1068 #undef ADD_PHYS_MEM 1069 1070 /* Collect device memory info from SP manifest */ 1071 if (IS_ENABLED(CFG_CORE_SEL2_SPMC)) 1072 collect_device_mem_ranges(memory_map, num_elems, &last); 1073 1074 for (mem = phys_mem_map_begin; mem < phys_mem_map_end; mem++) { 1075 /* Only unmapped virtual range may have a null phys addr */ 1076 assert(mem->addr || !core_mmu_type_to_attr(mem->type)); 1077 1078 add_phys_mem(memory_map, num_elems, mem->name, mem->type, 1079 mem->addr, mem->size, &last); 1080 } 1081 1082 if (IS_ENABLED(CFG_SECURE_DATA_PATH)) 1083 verify_special_mem_areas(memory_map, phys_sdp_mem_begin, 1084 phys_sdp_mem_end, "SDP"); 1085 1086 add_va_space(memory_map, num_elems, MEM_AREA_RES_VASPACE, 1087 CFG_RESERVED_VASPACE_SIZE, &last); 1088 1089 add_va_space(memory_map, num_elems, MEM_AREA_SHM_VASPACE, 1090 SHM_VASPACE_SIZE, &last); 1091 1092 memory_map[last].type = MEM_AREA_END; 1093 1094 return last; 1095 } 1096 1097 static void assign_mem_granularity(struct tee_mmap_region *memory_map) 1098 { 1099 struct tee_mmap_region *map = NULL; 1100 1101 /* 1102 * Assign region sizes, note that MEM_AREA_TEE_RAM always uses 1103 * SMALL_PAGE_SIZE. 1104 */ 1105 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1106 paddr_t mask = map->pa | map->size; 1107 1108 if (!(mask & CORE_MMU_PGDIR_MASK)) 1109 map->region_size = CORE_MMU_PGDIR_SIZE; 1110 else if (!(mask & SMALL_PAGE_MASK)) 1111 map->region_size = SMALL_PAGE_SIZE; 1112 else 1113 panic("Impossible memory alignment"); 1114 1115 if (map_is_tee_ram(map)) 1116 map->region_size = SMALL_PAGE_SIZE; 1117 } 1118 } 1119 1120 static bool place_tee_ram_at_top(paddr_t paddr) 1121 { 1122 return paddr > BIT64(core_mmu_get_va_width()) / 2; 1123 } 1124 1125 /* 1126 * MMU arch driver shall override this function if it helps 1127 * optimizing the memory footprint of the address translation tables. 1128 */ 1129 bool __weak core_mmu_prefer_tee_ram_at_top(paddr_t paddr) 1130 { 1131 return place_tee_ram_at_top(paddr); 1132 } 1133 1134 static bool assign_mem_va_dir(vaddr_t tee_ram_va, 1135 struct tee_mmap_region *memory_map, 1136 bool tee_ram_at_top) 1137 { 1138 struct tee_mmap_region *map = NULL; 1139 vaddr_t va = 0; 1140 bool va_is_secure = true; 1141 1142 /* 1143 * tee_ram_va might equals 0 when CFG_CORE_ASLR=y. 1144 * 0 is by design an invalid va, so return false directly. 1145 */ 1146 if (!tee_ram_va) 1147 return false; 1148 1149 /* Clear eventual previous assignments */ 1150 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 1151 map->va = 0; 1152 1153 /* 1154 * TEE RAM regions are always aligned with region_size. 1155 * 1156 * Note that MEM_AREA_PAGER_VASPACE also counts as TEE RAM here 1157 * since it handles virtual memory which covers the part of the ELF 1158 * that cannot fit directly into memory. 1159 */ 1160 va = tee_ram_va; 1161 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1162 if (map_is_tee_ram(map) || 1163 map->type == MEM_AREA_PAGER_VASPACE) { 1164 assert(!(va & (map->region_size - 1))); 1165 assert(!(map->size & (map->region_size - 1))); 1166 map->va = va; 1167 if (ADD_OVERFLOW(va, map->size, &va)) 1168 return false; 1169 if (va >= BIT64(core_mmu_get_va_width())) 1170 return false; 1171 } 1172 } 1173 1174 if (tee_ram_at_top) { 1175 /* 1176 * Map non-tee ram regions at addresses lower than the tee 1177 * ram region. 1178 */ 1179 va = tee_ram_va; 1180 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1181 map->attr = core_mmu_type_to_attr(map->type); 1182 if (map->va) 1183 continue; 1184 1185 if (!IS_ENABLED(CFG_WITH_LPAE) && 1186 va_is_secure != map_is_secure(map)) { 1187 va_is_secure = !va_is_secure; 1188 va = ROUNDDOWN(va, CORE_MMU_PGDIR_SIZE); 1189 } 1190 1191 if (SUB_OVERFLOW(va, map->size, &va)) 1192 return false; 1193 va = ROUNDDOWN(va, map->region_size); 1194 /* 1195 * Make sure that va is aligned with pa for 1196 * efficient pgdir mapping. Basically pa & 1197 * pgdir_mask should be == va & pgdir_mask 1198 */ 1199 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1200 if (SUB_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, &va)) 1201 return false; 1202 va += (map->pa - va) & CORE_MMU_PGDIR_MASK; 1203 } 1204 map->va = va; 1205 } 1206 } else { 1207 /* 1208 * Map non-tee ram regions at addresses higher than the tee 1209 * ram region. 1210 */ 1211 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) { 1212 map->attr = core_mmu_type_to_attr(map->type); 1213 if (map->va) 1214 continue; 1215 1216 if (!IS_ENABLED(CFG_WITH_LPAE) && 1217 va_is_secure != map_is_secure(map)) { 1218 va_is_secure = !va_is_secure; 1219 if (ROUNDUP_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, 1220 &va)) 1221 return false; 1222 } 1223 1224 if (ROUNDUP_OVERFLOW(va, map->region_size, &va)) 1225 return false; 1226 /* 1227 * Make sure that va is aligned with pa for 1228 * efficient pgdir mapping. Basically pa & 1229 * pgdir_mask should be == va & pgdir_mask 1230 */ 1231 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) { 1232 vaddr_t offs = (map->pa - va) & 1233 CORE_MMU_PGDIR_MASK; 1234 1235 if (ADD_OVERFLOW(va, offs, &va)) 1236 return false; 1237 } 1238 1239 map->va = va; 1240 if (ADD_OVERFLOW(va, map->size, &va)) 1241 return false; 1242 if (va >= BIT64(core_mmu_get_va_width())) 1243 return false; 1244 } 1245 } 1246 1247 return true; 1248 } 1249 1250 static bool assign_mem_va(vaddr_t tee_ram_va, 1251 struct tee_mmap_region *memory_map) 1252 { 1253 bool tee_ram_at_top = place_tee_ram_at_top(tee_ram_va); 1254 1255 /* 1256 * Check that we're not overlapping with the user VA range. 1257 */ 1258 if (IS_ENABLED(CFG_WITH_LPAE)) { 1259 /* 1260 * User VA range is supposed to be defined after these 1261 * mappings have been established. 1262 */ 1263 assert(!core_mmu_user_va_range_is_defined()); 1264 } else { 1265 vaddr_t user_va_base = 0; 1266 size_t user_va_size = 0; 1267 1268 assert(core_mmu_user_va_range_is_defined()); 1269 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 1270 if (tee_ram_va < (user_va_base + user_va_size)) 1271 return false; 1272 } 1273 1274 if (IS_ENABLED(CFG_WITH_PAGER)) { 1275 bool prefered_dir = core_mmu_prefer_tee_ram_at_top(tee_ram_va); 1276 1277 /* Try whole mapping covered by a single base xlat entry */ 1278 if (prefered_dir != tee_ram_at_top && 1279 assign_mem_va_dir(tee_ram_va, memory_map, prefered_dir)) 1280 return true; 1281 } 1282 1283 return assign_mem_va_dir(tee_ram_va, memory_map, tee_ram_at_top); 1284 } 1285 1286 static int cmp_init_mem_map(const void *a, const void *b) 1287 { 1288 const struct tee_mmap_region *mm_a = a; 1289 const struct tee_mmap_region *mm_b = b; 1290 int rc = 0; 1291 1292 rc = CMP_TRILEAN(mm_a->region_size, mm_b->region_size); 1293 if (!rc) 1294 rc = CMP_TRILEAN(mm_a->pa, mm_b->pa); 1295 /* 1296 * 32bit MMU descriptors cannot mix secure and non-secure mapping in 1297 * the same level2 table. Hence sort secure mapping from non-secure 1298 * mapping. 1299 */ 1300 if (!rc && !IS_ENABLED(CFG_WITH_LPAE)) 1301 rc = CMP_TRILEAN(map_is_secure(mm_a), map_is_secure(mm_b)); 1302 1303 return rc; 1304 } 1305 1306 static bool mem_map_add_id_map(struct tee_mmap_region *memory_map, 1307 size_t num_elems, size_t *last, 1308 vaddr_t id_map_start, vaddr_t id_map_end) 1309 { 1310 struct tee_mmap_region *map = NULL; 1311 vaddr_t start = ROUNDDOWN(id_map_start, SMALL_PAGE_SIZE); 1312 vaddr_t end = ROUNDUP(id_map_end, SMALL_PAGE_SIZE); 1313 size_t len = end - start; 1314 1315 if (*last >= num_elems - 1) { 1316 EMSG("Out of entries (%zu) in memory map", num_elems); 1317 panic(); 1318 } 1319 1320 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) 1321 if (core_is_buffer_intersect(map->va, map->size, start, len)) 1322 return false; 1323 1324 *map = (struct tee_mmap_region){ 1325 .type = MEM_AREA_IDENTITY_MAP_RX, 1326 /* 1327 * Could use CORE_MMU_PGDIR_SIZE to potentially save a 1328 * translation table, at the increased risk of clashes with 1329 * the rest of the memory map. 1330 */ 1331 .region_size = SMALL_PAGE_SIZE, 1332 .pa = start, 1333 .va = start, 1334 .size = len, 1335 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1336 }; 1337 1338 (*last)++; 1339 1340 return true; 1341 } 1342 1343 static unsigned long init_mem_map(struct tee_mmap_region *memory_map, 1344 size_t num_elems, unsigned long seed) 1345 { 1346 /* 1347 * @id_map_start and @id_map_end describes a physical memory range 1348 * that must be mapped Read-Only eXecutable at identical virtual 1349 * addresses. 1350 */ 1351 vaddr_t id_map_start = (vaddr_t)__identity_map_init_start; 1352 vaddr_t id_map_end = (vaddr_t)__identity_map_init_end; 1353 vaddr_t start_addr = secure_only[0].paddr; 1354 unsigned long offs = 0; 1355 size_t last = 0; 1356 1357 last = collect_mem_ranges(memory_map, num_elems); 1358 assign_mem_granularity(memory_map); 1359 1360 /* 1361 * To ease mapping and lower use of xlat tables, sort mapping 1362 * description moving small-page regions after the pgdir regions. 1363 */ 1364 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1365 cmp_init_mem_map); 1366 1367 if (IS_ENABLED(CFG_WITH_PAGER)) 1368 add_pager_vaspace(memory_map, num_elems, &last); 1369 1370 if (IS_ENABLED(CFG_CORE_ASLR) && seed) { 1371 vaddr_t base_addr = start_addr + seed; 1372 const unsigned int va_width = core_mmu_get_va_width(); 1373 const vaddr_t va_mask = GENMASK_64(va_width - 1, 1374 SMALL_PAGE_SHIFT); 1375 vaddr_t ba = base_addr; 1376 size_t n = 0; 1377 1378 for (n = 0; n < 3; n++) { 1379 if (n) 1380 ba = base_addr ^ BIT64(va_width - n); 1381 ba &= va_mask; 1382 if (assign_mem_va(ba, memory_map) && 1383 mem_map_add_id_map(memory_map, num_elems, &last, 1384 id_map_start, id_map_end)) { 1385 offs = ba - start_addr; 1386 DMSG("Mapping core at %#"PRIxVA" offs %#lx", 1387 ba, offs); 1388 goto out; 1389 } else { 1390 DMSG("Failed to map core at %#"PRIxVA, ba); 1391 } 1392 } 1393 EMSG("Failed to map core with seed %#lx", seed); 1394 } 1395 1396 if (!assign_mem_va(start_addr, memory_map)) 1397 panic(); 1398 1399 out: 1400 qsort(memory_map, last, sizeof(struct tee_mmap_region), 1401 cmp_mmap_by_lower_va); 1402 1403 dump_mmap_table(memory_map); 1404 1405 return offs; 1406 } 1407 1408 static void check_mem_map(struct tee_mmap_region *map) 1409 { 1410 struct tee_mmap_region *m = NULL; 1411 1412 for (m = map; !core_mmap_is_end_of_table(m); m++) { 1413 switch (m->type) { 1414 case MEM_AREA_TEE_RAM: 1415 case MEM_AREA_TEE_RAM_RX: 1416 case MEM_AREA_TEE_RAM_RO: 1417 case MEM_AREA_TEE_RAM_RW: 1418 case MEM_AREA_INIT_RAM_RX: 1419 case MEM_AREA_INIT_RAM_RO: 1420 case MEM_AREA_NEX_RAM_RW: 1421 case MEM_AREA_NEX_RAM_RO: 1422 case MEM_AREA_IDENTITY_MAP_RX: 1423 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1424 panic("TEE_RAM can't fit in secure_only"); 1425 break; 1426 case MEM_AREA_TA_RAM: 1427 if (!pbuf_is_inside(secure_only, m->pa, m->size)) 1428 panic("TA_RAM can't fit in secure_only"); 1429 break; 1430 case MEM_AREA_NSEC_SHM: 1431 if (!pbuf_is_inside(nsec_shared, m->pa, m->size)) 1432 panic("NS_SHM can't fit in nsec_shared"); 1433 break; 1434 case MEM_AREA_SEC_RAM_OVERALL: 1435 case MEM_AREA_TEE_COHERENT: 1436 case MEM_AREA_TEE_ASAN: 1437 case MEM_AREA_IO_SEC: 1438 case MEM_AREA_IO_NSEC: 1439 case MEM_AREA_EXT_DT: 1440 case MEM_AREA_MANIFEST_DT: 1441 case MEM_AREA_TRANSFER_LIST: 1442 case MEM_AREA_RAM_SEC: 1443 case MEM_AREA_RAM_NSEC: 1444 case MEM_AREA_RES_VASPACE: 1445 case MEM_AREA_SHM_VASPACE: 1446 case MEM_AREA_PAGER_VASPACE: 1447 break; 1448 default: 1449 EMSG("Uhandled memtype %d", m->type); 1450 panic(); 1451 } 1452 } 1453 } 1454 1455 static struct tee_mmap_region *get_tmp_mmap(void) 1456 { 1457 struct tee_mmap_region *tmp_mmap = (void *)__heap1_start; 1458 1459 #ifdef CFG_WITH_PAGER 1460 if (__heap1_end - __heap1_start < (ptrdiff_t)sizeof(static_memory_map)) 1461 tmp_mmap = (void *)__heap2_start; 1462 #endif 1463 1464 memset(tmp_mmap, 0, sizeof(static_memory_map)); 1465 1466 return tmp_mmap; 1467 } 1468 1469 /* 1470 * core_init_mmu_map() - init tee core default memory mapping 1471 * 1472 * This routine sets the static default TEE core mapping. If @seed is > 0 1473 * and configured with CFG_CORE_ASLR it will map tee core at a location 1474 * based on the seed and return the offset from the link address. 1475 * 1476 * If an error happened: core_init_mmu_map is expected to panic. 1477 * 1478 * Note: this function is weak just to make it possible to exclude it from 1479 * the unpaged area. 1480 */ 1481 void __weak core_init_mmu_map(unsigned long seed, struct core_mmu_config *cfg) 1482 { 1483 #ifndef CFG_NS_VIRTUALIZATION 1484 vaddr_t start = ROUNDDOWN((vaddr_t)__nozi_start, SMALL_PAGE_SIZE); 1485 #else 1486 vaddr_t start = ROUNDDOWN((vaddr_t)__vcore_nex_rw_start, 1487 SMALL_PAGE_SIZE); 1488 #endif 1489 vaddr_t len = ROUNDUP((vaddr_t)__nozi_end, SMALL_PAGE_SIZE) - start; 1490 struct tee_mmap_region *tmp_mmap = get_tmp_mmap(); 1491 unsigned long offs = 0; 1492 1493 if (IS_ENABLED(CFG_CORE_PHYS_RELOCATABLE) && 1494 (core_mmu_tee_load_pa & SMALL_PAGE_MASK)) 1495 panic("OP-TEE load address is not page aligned"); 1496 1497 check_sec_nsec_mem_config(); 1498 1499 /* 1500 * Add a entry covering the translation tables which will be 1501 * involved in some virt_to_phys() and phys_to_virt() conversions. 1502 */ 1503 static_memory_map[0] = (struct tee_mmap_region){ 1504 .type = MEM_AREA_TEE_RAM, 1505 .region_size = SMALL_PAGE_SIZE, 1506 .pa = start, 1507 .va = start, 1508 .size = len, 1509 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX), 1510 }; 1511 1512 COMPILE_TIME_ASSERT(CFG_MMAP_REGIONS >= 13); 1513 offs = init_mem_map(tmp_mmap, ARRAY_SIZE(static_memory_map), seed); 1514 1515 check_mem_map(tmp_mmap); 1516 core_init_mmu(tmp_mmap); 1517 dump_xlat_table(0x0, CORE_MMU_BASE_TABLE_LEVEL); 1518 core_init_mmu_regs(cfg); 1519 cfg->map_offset = offs; 1520 memcpy(static_memory_map, tmp_mmap, sizeof(static_memory_map)); 1521 } 1522 1523 bool core_mmu_mattr_is_ok(uint32_t mattr) 1524 { 1525 /* 1526 * Keep in sync with core_mmu_lpae.c:mattr_to_desc and 1527 * core_mmu_v7.c:mattr_to_texcb 1528 */ 1529 1530 switch ((mattr >> TEE_MATTR_MEM_TYPE_SHIFT) & TEE_MATTR_MEM_TYPE_MASK) { 1531 case TEE_MATTR_MEM_TYPE_DEV: 1532 case TEE_MATTR_MEM_TYPE_STRONGLY_O: 1533 case TEE_MATTR_MEM_TYPE_CACHED: 1534 case TEE_MATTR_MEM_TYPE_TAGGED: 1535 return true; 1536 default: 1537 return false; 1538 } 1539 } 1540 1541 /* 1542 * test attributes of target physical buffer 1543 * 1544 * Flags: pbuf_is(SECURE, NOT_SECURE, RAM, IOMEM, KEYVAULT). 1545 * 1546 */ 1547 bool core_pbuf_is(uint32_t attr, paddr_t pbuf, size_t len) 1548 { 1549 paddr_t ta_base = 0; 1550 size_t ta_size = 0; 1551 struct tee_mmap_region *map; 1552 1553 /* Empty buffers complies with anything */ 1554 if (len == 0) 1555 return true; 1556 1557 switch (attr) { 1558 case CORE_MEM_SEC: 1559 return pbuf_is_inside(secure_only, pbuf, len); 1560 case CORE_MEM_NON_SEC: 1561 return pbuf_is_inside(nsec_shared, pbuf, len) || 1562 pbuf_is_nsec_ddr(pbuf, len); 1563 case CORE_MEM_TEE_RAM: 1564 return core_is_buffer_inside(pbuf, len, TEE_RAM_START, 1565 TEE_RAM_PH_SIZE); 1566 case CORE_MEM_TA_RAM: 1567 core_mmu_get_ta_range(&ta_base, &ta_size); 1568 return core_is_buffer_inside(pbuf, len, ta_base, ta_size); 1569 #ifdef CFG_CORE_RESERVED_SHM 1570 case CORE_MEM_NSEC_SHM: 1571 return core_is_buffer_inside(pbuf, len, TEE_SHMEM_START, 1572 TEE_SHMEM_SIZE); 1573 #endif 1574 case CORE_MEM_SDP_MEM: 1575 return pbuf_is_sdp_mem(pbuf, len); 1576 case CORE_MEM_CACHED: 1577 map = find_map_by_pa(pbuf); 1578 if (!map || !pbuf_inside_map_area(pbuf, len, map)) 1579 return false; 1580 return mattr_is_cached(map->attr); 1581 default: 1582 return false; 1583 } 1584 } 1585 1586 /* test attributes of target virtual buffer (in core mapping) */ 1587 bool core_vbuf_is(uint32_t attr, const void *vbuf, size_t len) 1588 { 1589 paddr_t p; 1590 1591 /* Empty buffers complies with anything */ 1592 if (len == 0) 1593 return true; 1594 1595 p = virt_to_phys((void *)vbuf); 1596 if (!p) 1597 return false; 1598 1599 return core_pbuf_is(attr, p, len); 1600 } 1601 1602 /* core_va2pa - teecore exported service */ 1603 static int __maybe_unused core_va2pa_helper(void *va, paddr_t *pa) 1604 { 1605 struct tee_mmap_region *map; 1606 1607 map = find_map_by_va(va); 1608 if (!va_is_in_map(map, (vaddr_t)va)) 1609 return -1; 1610 1611 /* 1612 * We can calculate PA for static map. Virtual address ranges 1613 * reserved to core dynamic mapping return a 'match' (return 0;) 1614 * together with an invalid null physical address. 1615 */ 1616 if (map->pa) 1617 *pa = map->pa + (vaddr_t)va - map->va; 1618 else 1619 *pa = 0; 1620 1621 return 0; 1622 } 1623 1624 static void *map_pa2va(struct tee_mmap_region *map, paddr_t pa, size_t len) 1625 { 1626 if (!pa_is_in_map(map, pa, len)) 1627 return NULL; 1628 1629 return (void *)(vaddr_t)(map->va + pa - map->pa); 1630 } 1631 1632 /* 1633 * teecore gets some memory area definitions 1634 */ 1635 void core_mmu_get_mem_by_type(enum teecore_memtypes type, vaddr_t *s, 1636 vaddr_t *e) 1637 { 1638 struct tee_mmap_region *map = find_map_by_type(type); 1639 1640 if (map) { 1641 *s = map->va; 1642 *e = map->va + map->size; 1643 } else { 1644 *s = 0; 1645 *e = 0; 1646 } 1647 } 1648 1649 enum teecore_memtypes core_mmu_get_type_by_pa(paddr_t pa) 1650 { 1651 struct tee_mmap_region *map = find_map_by_pa(pa); 1652 1653 if (!map) 1654 return MEM_AREA_MAXTYPE; 1655 return map->type; 1656 } 1657 1658 void core_mmu_set_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1659 paddr_t pa, uint32_t attr) 1660 { 1661 assert(idx < tbl_info->num_entries); 1662 core_mmu_set_entry_primitive(tbl_info->table, tbl_info->level, 1663 idx, pa, attr); 1664 } 1665 1666 void core_mmu_get_entry(struct core_mmu_table_info *tbl_info, unsigned int idx, 1667 paddr_t *pa, uint32_t *attr) 1668 { 1669 assert(idx < tbl_info->num_entries); 1670 core_mmu_get_entry_primitive(tbl_info->table, tbl_info->level, 1671 idx, pa, attr); 1672 } 1673 1674 static void clear_region(struct core_mmu_table_info *tbl_info, 1675 struct tee_mmap_region *region) 1676 { 1677 unsigned int end = 0; 1678 unsigned int idx = 0; 1679 1680 /* va, len and pa should be block aligned */ 1681 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1682 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1683 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1684 1685 idx = core_mmu_va2idx(tbl_info, region->va); 1686 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1687 1688 while (idx < end) { 1689 core_mmu_set_entry(tbl_info, idx, 0, 0); 1690 idx++; 1691 } 1692 } 1693 1694 static void set_region(struct core_mmu_table_info *tbl_info, 1695 struct tee_mmap_region *region) 1696 { 1697 unsigned int end; 1698 unsigned int idx; 1699 paddr_t pa; 1700 1701 /* va, len and pa should be block aligned */ 1702 assert(!core_mmu_get_block_offset(tbl_info, region->va)); 1703 assert(!core_mmu_get_block_offset(tbl_info, region->size)); 1704 assert(!core_mmu_get_block_offset(tbl_info, region->pa)); 1705 1706 idx = core_mmu_va2idx(tbl_info, region->va); 1707 end = core_mmu_va2idx(tbl_info, region->va + region->size); 1708 pa = region->pa; 1709 1710 while (idx < end) { 1711 core_mmu_set_entry(tbl_info, idx, pa, region->attr); 1712 idx++; 1713 pa += BIT64(tbl_info->shift); 1714 } 1715 } 1716 1717 static void set_pg_region(struct core_mmu_table_info *dir_info, 1718 struct vm_region *region, struct pgt **pgt, 1719 struct core_mmu_table_info *pg_info) 1720 { 1721 struct tee_mmap_region r = { 1722 .va = region->va, 1723 .size = region->size, 1724 .attr = region->attr, 1725 }; 1726 vaddr_t end = r.va + r.size; 1727 uint32_t pgt_attr = (r.attr & TEE_MATTR_SECURE) | TEE_MATTR_TABLE; 1728 1729 while (r.va < end) { 1730 if (!pg_info->table || 1731 r.va >= (pg_info->va_base + CORE_MMU_PGDIR_SIZE)) { 1732 /* 1733 * We're assigning a new translation table. 1734 */ 1735 unsigned int idx; 1736 1737 /* Virtual addresses must grow */ 1738 assert(r.va > pg_info->va_base); 1739 1740 idx = core_mmu_va2idx(dir_info, r.va); 1741 pg_info->va_base = core_mmu_idx2va(dir_info, idx); 1742 1743 /* 1744 * Advance pgt to va_base, note that we may need to 1745 * skip multiple page tables if there are large 1746 * holes in the vm map. 1747 */ 1748 while ((*pgt)->vabase < pg_info->va_base) { 1749 *pgt = SLIST_NEXT(*pgt, link); 1750 /* We should have allocated enough */ 1751 assert(*pgt); 1752 } 1753 assert((*pgt)->vabase == pg_info->va_base); 1754 pg_info->table = (*pgt)->tbl; 1755 1756 core_mmu_set_entry(dir_info, idx, 1757 virt_to_phys(pg_info->table), 1758 pgt_attr); 1759 } 1760 1761 r.size = MIN(CORE_MMU_PGDIR_SIZE - (r.va - pg_info->va_base), 1762 end - r.va); 1763 1764 if (!(*pgt)->populated && !mobj_is_paged(region->mobj)) { 1765 size_t granule = BIT(pg_info->shift); 1766 size_t offset = r.va - region->va + region->offset; 1767 1768 r.size = MIN(r.size, 1769 mobj_get_phys_granule(region->mobj)); 1770 r.size = ROUNDUP(r.size, SMALL_PAGE_SIZE); 1771 1772 if (mobj_get_pa(region->mobj, offset, granule, 1773 &r.pa) != TEE_SUCCESS) 1774 panic("Failed to get PA of unpaged mobj"); 1775 set_region(pg_info, &r); 1776 } 1777 r.va += r.size; 1778 } 1779 } 1780 1781 static bool can_map_at_level(paddr_t paddr, vaddr_t vaddr, 1782 size_t size_left, paddr_t block_size, 1783 struct tee_mmap_region *mm __maybe_unused) 1784 { 1785 /* VA and PA are aligned to block size at current level */ 1786 if ((vaddr | paddr) & (block_size - 1)) 1787 return false; 1788 1789 /* Remainder fits into block at current level */ 1790 if (size_left < block_size) 1791 return false; 1792 1793 #ifdef CFG_WITH_PAGER 1794 /* 1795 * If pager is enabled, we need to map tee ram 1796 * regions with small pages only 1797 */ 1798 if (map_is_tee_ram(mm) && block_size != SMALL_PAGE_SIZE) 1799 return false; 1800 #endif 1801 1802 return true; 1803 } 1804 1805 void core_mmu_map_region(struct mmu_partition *prtn, struct tee_mmap_region *mm) 1806 { 1807 struct core_mmu_table_info tbl_info; 1808 unsigned int idx; 1809 vaddr_t vaddr = mm->va; 1810 paddr_t paddr = mm->pa; 1811 ssize_t size_left = mm->size; 1812 unsigned int level; 1813 bool table_found; 1814 uint32_t old_attr; 1815 1816 assert(!((vaddr | paddr) & SMALL_PAGE_MASK)); 1817 1818 while (size_left > 0) { 1819 level = CORE_MMU_BASE_TABLE_LEVEL; 1820 1821 while (true) { 1822 paddr_t block_size = 0; 1823 1824 assert(core_mmu_level_in_range(level)); 1825 1826 table_found = core_mmu_find_table(prtn, vaddr, level, 1827 &tbl_info); 1828 if (!table_found) 1829 panic("can't find table for mapping"); 1830 1831 block_size = BIT64(tbl_info.shift); 1832 1833 idx = core_mmu_va2idx(&tbl_info, vaddr); 1834 if (!can_map_at_level(paddr, vaddr, size_left, 1835 block_size, mm)) { 1836 bool secure = mm->attr & TEE_MATTR_SECURE; 1837 1838 /* 1839 * This part of the region can't be mapped at 1840 * this level. Need to go deeper. 1841 */ 1842 if (!core_mmu_entry_to_finer_grained(&tbl_info, 1843 idx, 1844 secure)) 1845 panic("Can't divide MMU entry"); 1846 level = tbl_info.next_level; 1847 continue; 1848 } 1849 1850 /* We can map part of the region at current level */ 1851 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1852 if (old_attr) 1853 panic("Page is already mapped"); 1854 1855 core_mmu_set_entry(&tbl_info, idx, paddr, mm->attr); 1856 paddr += block_size; 1857 vaddr += block_size; 1858 size_left -= block_size; 1859 1860 break; 1861 } 1862 } 1863 } 1864 1865 TEE_Result core_mmu_map_pages(vaddr_t vstart, paddr_t *pages, size_t num_pages, 1866 enum teecore_memtypes memtype) 1867 { 1868 TEE_Result ret; 1869 struct core_mmu_table_info tbl_info; 1870 struct tee_mmap_region *mm; 1871 unsigned int idx; 1872 uint32_t old_attr; 1873 uint32_t exceptions; 1874 vaddr_t vaddr = vstart; 1875 size_t i; 1876 bool secure; 1877 1878 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1879 1880 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1881 1882 if (vaddr & SMALL_PAGE_MASK) 1883 return TEE_ERROR_BAD_PARAMETERS; 1884 1885 exceptions = mmu_lock(); 1886 1887 mm = find_map_by_va((void *)vaddr); 1888 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1889 panic("VA does not belong to any known mm region"); 1890 1891 if (!core_mmu_is_dynamic_vaspace(mm)) 1892 panic("Trying to map into static region"); 1893 1894 for (i = 0; i < num_pages; i++) { 1895 if (pages[i] & SMALL_PAGE_MASK) { 1896 ret = TEE_ERROR_BAD_PARAMETERS; 1897 goto err; 1898 } 1899 1900 while (true) { 1901 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1902 &tbl_info)) 1903 panic("Can't find pagetable for vaddr "); 1904 1905 idx = core_mmu_va2idx(&tbl_info, vaddr); 1906 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1907 break; 1908 1909 /* This is supertable. Need to divide it. */ 1910 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1911 secure)) 1912 panic("Failed to spread pgdir on small tables"); 1913 } 1914 1915 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1916 if (old_attr) 1917 panic("Page is already mapped"); 1918 1919 core_mmu_set_entry(&tbl_info, idx, pages[i], 1920 core_mmu_type_to_attr(memtype)); 1921 vaddr += SMALL_PAGE_SIZE; 1922 } 1923 1924 /* 1925 * Make sure all the changes to translation tables are visible 1926 * before returning. TLB doesn't need to be invalidated as we are 1927 * guaranteed that there's no valid mapping in this range. 1928 */ 1929 core_mmu_table_write_barrier(); 1930 mmu_unlock(exceptions); 1931 1932 return TEE_SUCCESS; 1933 err: 1934 mmu_unlock(exceptions); 1935 1936 if (i) 1937 core_mmu_unmap_pages(vstart, i); 1938 1939 return ret; 1940 } 1941 1942 TEE_Result core_mmu_map_contiguous_pages(vaddr_t vstart, paddr_t pstart, 1943 size_t num_pages, 1944 enum teecore_memtypes memtype) 1945 { 1946 struct core_mmu_table_info tbl_info = { }; 1947 struct tee_mmap_region *mm = NULL; 1948 unsigned int idx = 0; 1949 uint32_t old_attr = 0; 1950 uint32_t exceptions = 0; 1951 vaddr_t vaddr = vstart; 1952 paddr_t paddr = pstart; 1953 size_t i = 0; 1954 bool secure = false; 1955 1956 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX)); 1957 1958 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE; 1959 1960 if ((vaddr | paddr) & SMALL_PAGE_MASK) 1961 return TEE_ERROR_BAD_PARAMETERS; 1962 1963 exceptions = mmu_lock(); 1964 1965 mm = find_map_by_va((void *)vaddr); 1966 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1)) 1967 panic("VA does not belong to any known mm region"); 1968 1969 if (!core_mmu_is_dynamic_vaspace(mm)) 1970 panic("Trying to map into static region"); 1971 1972 for (i = 0; i < num_pages; i++) { 1973 while (true) { 1974 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX, 1975 &tbl_info)) 1976 panic("Can't find pagetable for vaddr "); 1977 1978 idx = core_mmu_va2idx(&tbl_info, vaddr); 1979 if (tbl_info.shift == SMALL_PAGE_SHIFT) 1980 break; 1981 1982 /* This is supertable. Need to divide it. */ 1983 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx, 1984 secure)) 1985 panic("Failed to spread pgdir on small tables"); 1986 } 1987 1988 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr); 1989 if (old_attr) 1990 panic("Page is already mapped"); 1991 1992 core_mmu_set_entry(&tbl_info, idx, paddr, 1993 core_mmu_type_to_attr(memtype)); 1994 paddr += SMALL_PAGE_SIZE; 1995 vaddr += SMALL_PAGE_SIZE; 1996 } 1997 1998 /* 1999 * Make sure all the changes to translation tables are visible 2000 * before returning. TLB doesn't need to be invalidated as we are 2001 * guaranteed that there's no valid mapping in this range. 2002 */ 2003 core_mmu_table_write_barrier(); 2004 mmu_unlock(exceptions); 2005 2006 return TEE_SUCCESS; 2007 } 2008 2009 void core_mmu_unmap_pages(vaddr_t vstart, size_t num_pages) 2010 { 2011 struct core_mmu_table_info tbl_info; 2012 struct tee_mmap_region *mm; 2013 size_t i; 2014 unsigned int idx; 2015 uint32_t exceptions; 2016 2017 exceptions = mmu_lock(); 2018 2019 mm = find_map_by_va((void *)vstart); 2020 if (!mm || !va_is_in_map(mm, vstart + num_pages * SMALL_PAGE_SIZE - 1)) 2021 panic("VA does not belong to any known mm region"); 2022 2023 if (!core_mmu_is_dynamic_vaspace(mm)) 2024 panic("Trying to unmap static region"); 2025 2026 for (i = 0; i < num_pages; i++, vstart += SMALL_PAGE_SIZE) { 2027 if (!core_mmu_find_table(NULL, vstart, UINT_MAX, &tbl_info)) 2028 panic("Can't find pagetable"); 2029 2030 if (tbl_info.shift != SMALL_PAGE_SHIFT) 2031 panic("Invalid pagetable level"); 2032 2033 idx = core_mmu_va2idx(&tbl_info, vstart); 2034 core_mmu_set_entry(&tbl_info, idx, 0, 0); 2035 } 2036 tlbi_all(); 2037 2038 mmu_unlock(exceptions); 2039 } 2040 2041 void core_mmu_populate_user_map(struct core_mmu_table_info *dir_info, 2042 struct user_mode_ctx *uctx) 2043 { 2044 struct core_mmu_table_info pg_info = { }; 2045 struct pgt_cache *pgt_cache = &uctx->pgt_cache; 2046 struct pgt *pgt = NULL; 2047 struct pgt *p = NULL; 2048 struct vm_region *r = NULL; 2049 2050 if (TAILQ_EMPTY(&uctx->vm_info.regions)) 2051 return; /* Nothing to map */ 2052 2053 /* 2054 * Allocate all page tables in advance. 2055 */ 2056 pgt_get_all(uctx); 2057 pgt = SLIST_FIRST(pgt_cache); 2058 2059 core_mmu_set_info_table(&pg_info, dir_info->next_level, 0, NULL); 2060 2061 TAILQ_FOREACH(r, &uctx->vm_info.regions, link) 2062 set_pg_region(dir_info, r, &pgt, &pg_info); 2063 /* Record that the translation tables now are populated. */ 2064 SLIST_FOREACH(p, pgt_cache, link) { 2065 p->populated = true; 2066 if (p == pgt) 2067 break; 2068 } 2069 assert(p == pgt); 2070 } 2071 2072 TEE_Result core_mmu_remove_mapping(enum teecore_memtypes type, void *addr, 2073 size_t len) 2074 { 2075 struct core_mmu_table_info tbl_info = { }; 2076 struct tee_mmap_region *res_map = NULL; 2077 struct tee_mmap_region *map = NULL; 2078 paddr_t pa = virt_to_phys(addr); 2079 size_t granule = 0; 2080 ptrdiff_t i = 0; 2081 paddr_t p = 0; 2082 size_t l = 0; 2083 2084 map = find_map_by_type_and_pa(type, pa, len); 2085 if (!map) 2086 return TEE_ERROR_GENERIC; 2087 2088 res_map = find_map_by_type(MEM_AREA_RES_VASPACE); 2089 if (!res_map) 2090 return TEE_ERROR_GENERIC; 2091 if (!core_mmu_find_table(NULL, res_map->va, UINT_MAX, &tbl_info)) 2092 return TEE_ERROR_GENERIC; 2093 granule = BIT(tbl_info.shift); 2094 2095 if (map < static_memory_map || 2096 map >= static_memory_map + ARRAY_SIZE(static_memory_map)) 2097 return TEE_ERROR_GENERIC; 2098 i = map - static_memory_map; 2099 2100 /* Check that we have a full match */ 2101 p = ROUNDDOWN(pa, granule); 2102 l = ROUNDUP(len + pa - p, granule); 2103 if (map->pa != p || map->size != l) 2104 return TEE_ERROR_GENERIC; 2105 2106 clear_region(&tbl_info, map); 2107 tlbi_all(); 2108 2109 /* If possible remove the va range from res_map */ 2110 if (res_map->va - map->size == map->va) { 2111 res_map->va -= map->size; 2112 res_map->size += map->size; 2113 } 2114 2115 /* Remove the entry. */ 2116 memmove(map, map + 1, 2117 (ARRAY_SIZE(static_memory_map) - i - 1) * sizeof(*map)); 2118 2119 /* Clear the last new entry in case it was used */ 2120 memset(static_memory_map + ARRAY_SIZE(static_memory_map) - 1, 2121 0, sizeof(*map)); 2122 2123 return TEE_SUCCESS; 2124 } 2125 2126 struct tee_mmap_region * 2127 core_mmu_find_mapping_exclusive(enum teecore_memtypes type, size_t len) 2128 { 2129 struct tee_mmap_region *map = NULL; 2130 struct tee_mmap_region *map_found = NULL; 2131 2132 if (!len) 2133 return NULL; 2134 2135 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) { 2136 if (map->type != type) 2137 continue; 2138 2139 if (map_found) 2140 return NULL; 2141 2142 map_found = map; 2143 } 2144 2145 if (!map_found || map_found->size < len) 2146 return NULL; 2147 2148 return map_found; 2149 } 2150 2151 void *core_mmu_add_mapping(enum teecore_memtypes type, paddr_t addr, size_t len) 2152 { 2153 struct core_mmu_table_info tbl_info; 2154 struct tee_mmap_region *map; 2155 size_t n; 2156 size_t granule; 2157 paddr_t p; 2158 size_t l; 2159 2160 if (!len) 2161 return NULL; 2162 2163 if (!core_mmu_check_end_pa(addr, len)) 2164 return NULL; 2165 2166 /* Check if the memory is already mapped */ 2167 map = find_map_by_type_and_pa(type, addr, len); 2168 if (map && pbuf_inside_map_area(addr, len, map)) 2169 return (void *)(vaddr_t)(map->va + addr - map->pa); 2170 2171 /* Find the reserved va space used for late mappings */ 2172 map = find_map_by_type(MEM_AREA_RES_VASPACE); 2173 if (!map) 2174 return NULL; 2175 2176 if (!core_mmu_find_table(NULL, map->va, UINT_MAX, &tbl_info)) 2177 return NULL; 2178 2179 granule = BIT64(tbl_info.shift); 2180 p = ROUNDDOWN(addr, granule); 2181 l = ROUNDUP(len + addr - p, granule); 2182 2183 /* Ban overflowing virtual addresses */ 2184 if (map->size < l) 2185 return NULL; 2186 2187 /* 2188 * Something is wrong, we can't fit the va range into the selected 2189 * table. The reserved va range is possibly missaligned with 2190 * granule. 2191 */ 2192 if (core_mmu_va2idx(&tbl_info, map->va + len) >= tbl_info.num_entries) 2193 return NULL; 2194 2195 /* Find end of the memory map */ 2196 n = 0; 2197 while (!core_mmap_is_end_of_table(static_memory_map + n)) 2198 n++; 2199 2200 if (n < (ARRAY_SIZE(static_memory_map) - 1)) { 2201 /* There's room for another entry */ 2202 static_memory_map[n].va = map->va; 2203 static_memory_map[n].size = l; 2204 static_memory_map[n + 1].type = MEM_AREA_END; 2205 map->va += l; 2206 map->size -= l; 2207 map = static_memory_map + n; 2208 } else { 2209 /* 2210 * There isn't room for another entry, steal the reserved 2211 * entry as it's not useful for anything else any longer. 2212 */ 2213 map->size = l; 2214 } 2215 map->type = type; 2216 map->region_size = granule; 2217 map->attr = core_mmu_type_to_attr(type); 2218 map->pa = p; 2219 2220 set_region(&tbl_info, map); 2221 2222 /* Make sure the new entry is visible before continuing. */ 2223 core_mmu_table_write_barrier(); 2224 2225 return (void *)(vaddr_t)(map->va + addr - map->pa); 2226 } 2227 2228 #ifdef CFG_WITH_PAGER 2229 static vaddr_t get_linear_map_end_va(void) 2230 { 2231 /* this is synced with the generic linker file kern.ld.S */ 2232 return (vaddr_t)__heap2_end; 2233 } 2234 2235 static paddr_t get_linear_map_end_pa(void) 2236 { 2237 return get_linear_map_end_va() - boot_mmu_config.map_offset; 2238 } 2239 #endif 2240 2241 #if defined(CFG_TEE_CORE_DEBUG) 2242 static void check_pa_matches_va(void *va, paddr_t pa) 2243 { 2244 TEE_Result res = TEE_ERROR_GENERIC; 2245 vaddr_t v = (vaddr_t)va; 2246 paddr_t p = 0; 2247 struct core_mmu_table_info ti __maybe_unused = { }; 2248 2249 if (core_mmu_user_va_range_is_defined()) { 2250 vaddr_t user_va_base = 0; 2251 size_t user_va_size = 0; 2252 2253 core_mmu_get_user_va_range(&user_va_base, &user_va_size); 2254 if (v >= user_va_base && 2255 v <= (user_va_base - 1 + user_va_size)) { 2256 if (!core_mmu_user_mapping_is_active()) { 2257 if (pa) 2258 panic("issue in linear address space"); 2259 return; 2260 } 2261 2262 res = vm_va2pa(to_user_mode_ctx(thread_get_tsd()->ctx), 2263 va, &p); 2264 if (res == TEE_ERROR_NOT_SUPPORTED) 2265 return; 2266 if (res == TEE_SUCCESS && pa != p) 2267 panic("bad pa"); 2268 if (res != TEE_SUCCESS && pa) 2269 panic("false pa"); 2270 return; 2271 } 2272 } 2273 #ifdef CFG_WITH_PAGER 2274 if (is_unpaged(va)) { 2275 if (v - boot_mmu_config.map_offset != pa) 2276 panic("issue in linear address space"); 2277 return; 2278 } 2279 2280 if (tee_pager_get_table_info(v, &ti)) { 2281 uint32_t a; 2282 2283 /* 2284 * Lookups in the page table managed by the pager is 2285 * dangerous for addresses in the paged area as those pages 2286 * changes all the time. But some ranges are safe, 2287 * rw-locked areas when the page is populated for instance. 2288 */ 2289 core_mmu_get_entry(&ti, core_mmu_va2idx(&ti, v), &p, &a); 2290 if (a & TEE_MATTR_VALID_BLOCK) { 2291 paddr_t mask = BIT64(ti.shift) - 1; 2292 2293 p |= v & mask; 2294 if (pa != p) 2295 panic(); 2296 } else { 2297 if (pa) 2298 panic(); 2299 } 2300 return; 2301 } 2302 #endif 2303 2304 if (!core_va2pa_helper(va, &p)) { 2305 /* Verfiy only the static mapping (case non null phys addr) */ 2306 if (p && pa != p) { 2307 DMSG("va %p maps 0x%" PRIxPA ", expect 0x%" PRIxPA, 2308 va, p, pa); 2309 panic(); 2310 } 2311 } else { 2312 if (pa) { 2313 DMSG("va %p unmapped, expect 0x%" PRIxPA, va, pa); 2314 panic(); 2315 } 2316 } 2317 } 2318 #else 2319 static void check_pa_matches_va(void *va __unused, paddr_t pa __unused) 2320 { 2321 } 2322 #endif 2323 2324 paddr_t virt_to_phys(void *va) 2325 { 2326 paddr_t pa = 0; 2327 2328 if (!arch_va2pa_helper(va, &pa)) 2329 pa = 0; 2330 check_pa_matches_va(va, pa); 2331 return pa; 2332 } 2333 2334 #if defined(CFG_TEE_CORE_DEBUG) 2335 static void check_va_matches_pa(paddr_t pa, void *va) 2336 { 2337 paddr_t p = 0; 2338 2339 if (!va) 2340 return; 2341 2342 p = virt_to_phys(va); 2343 if (p != pa) { 2344 DMSG("va %p maps 0x%" PRIxPA " expect 0x%" PRIxPA, va, p, pa); 2345 panic(); 2346 } 2347 } 2348 #else 2349 static void check_va_matches_pa(paddr_t pa __unused, void *va __unused) 2350 { 2351 } 2352 #endif 2353 2354 static void *phys_to_virt_ts_vaspace(paddr_t pa, size_t len) 2355 { 2356 if (!core_mmu_user_mapping_is_active()) 2357 return NULL; 2358 2359 return vm_pa2va(to_user_mode_ctx(thread_get_tsd()->ctx), pa, len); 2360 } 2361 2362 #ifdef CFG_WITH_PAGER 2363 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2364 { 2365 paddr_t end_pa = 0; 2366 2367 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa)) 2368 return NULL; 2369 2370 if (pa >= TEE_LOAD_ADDR && pa < get_linear_map_end_pa()) { 2371 if (end_pa > get_linear_map_end_pa()) 2372 return NULL; 2373 return (void *)(vaddr_t)(pa + boot_mmu_config.map_offset); 2374 } 2375 2376 return tee_pager_phys_to_virt(pa, len); 2377 } 2378 #else 2379 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len) 2380 { 2381 struct tee_mmap_region *mmap = NULL; 2382 2383 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM, pa, len); 2384 if (!mmap) 2385 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RW, pa, len); 2386 if (!mmap) 2387 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RO, pa, len); 2388 if (!mmap) 2389 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RW, pa, len); 2390 if (!mmap) 2391 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RO, pa, len); 2392 if (!mmap) 2393 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RX, pa, len); 2394 /* 2395 * Note that MEM_AREA_INIT_RAM_RO and MEM_AREA_INIT_RAM_RX are only 2396 * used with pager and not needed here. 2397 */ 2398 return map_pa2va(mmap, pa, len); 2399 } 2400 #endif 2401 2402 void *phys_to_virt(paddr_t pa, enum teecore_memtypes m, size_t len) 2403 { 2404 void *va = NULL; 2405 2406 switch (m) { 2407 case MEM_AREA_TS_VASPACE: 2408 va = phys_to_virt_ts_vaspace(pa, len); 2409 break; 2410 case MEM_AREA_TEE_RAM: 2411 case MEM_AREA_TEE_RAM_RX: 2412 case MEM_AREA_TEE_RAM_RO: 2413 case MEM_AREA_TEE_RAM_RW: 2414 case MEM_AREA_NEX_RAM_RO: 2415 case MEM_AREA_NEX_RAM_RW: 2416 va = phys_to_virt_tee_ram(pa, len); 2417 break; 2418 case MEM_AREA_SHM_VASPACE: 2419 /* Find VA from PA in dynamic SHM is not yet supported */ 2420 va = NULL; 2421 break; 2422 default: 2423 va = map_pa2va(find_map_by_type_and_pa(m, pa, len), pa, len); 2424 } 2425 if (m != MEM_AREA_SEC_RAM_OVERALL) 2426 check_va_matches_pa(pa, va); 2427 return va; 2428 } 2429 2430 void *phys_to_virt_io(paddr_t pa, size_t len) 2431 { 2432 struct tee_mmap_region *map = NULL; 2433 void *va = NULL; 2434 2435 map = find_map_by_type_and_pa(MEM_AREA_IO_SEC, pa, len); 2436 if (!map) 2437 map = find_map_by_type_and_pa(MEM_AREA_IO_NSEC, pa, len); 2438 if (!map) 2439 return NULL; 2440 va = map_pa2va(map, pa, len); 2441 check_va_matches_pa(pa, va); 2442 return va; 2443 } 2444 2445 vaddr_t core_mmu_get_va(paddr_t pa, enum teecore_memtypes type, size_t len) 2446 { 2447 if (cpu_mmu_enabled()) 2448 return (vaddr_t)phys_to_virt(pa, type, len); 2449 2450 return (vaddr_t)pa; 2451 } 2452 2453 #ifdef CFG_WITH_PAGER 2454 bool is_unpaged(void *va) 2455 { 2456 vaddr_t v = (vaddr_t)va; 2457 2458 return v >= VCORE_START_VA && v < get_linear_map_end_va(); 2459 } 2460 #else 2461 bool is_unpaged(void *va __unused) 2462 { 2463 return true; 2464 } 2465 #endif 2466 2467 void core_mmu_init_virtualization(void) 2468 { 2469 paddr_t b1 = 0; 2470 paddr_size_t s1 = 0; 2471 2472 static_assert(ARRAY_SIZE(secure_only) <= 2); 2473 if (ARRAY_SIZE(secure_only) == 2) { 2474 b1 = secure_only[1].paddr; 2475 s1 = secure_only[1].size; 2476 } 2477 virt_init_memory(static_memory_map, secure_only[0].paddr, 2478 secure_only[0].size, b1, s1); 2479 } 2480 2481 vaddr_t io_pa_or_va(struct io_pa_va *p, size_t len) 2482 { 2483 assert(p->pa); 2484 if (cpu_mmu_enabled()) { 2485 if (!p->va) 2486 p->va = (vaddr_t)phys_to_virt_io(p->pa, len); 2487 assert(p->va); 2488 return p->va; 2489 } 2490 return p->pa; 2491 } 2492 2493 vaddr_t io_pa_or_va_secure(struct io_pa_va *p, size_t len) 2494 { 2495 assert(p->pa); 2496 if (cpu_mmu_enabled()) { 2497 if (!p->va) 2498 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_SEC, 2499 len); 2500 assert(p->va); 2501 return p->va; 2502 } 2503 return p->pa; 2504 } 2505 2506 vaddr_t io_pa_or_va_nsec(struct io_pa_va *p, size_t len) 2507 { 2508 assert(p->pa); 2509 if (cpu_mmu_enabled()) { 2510 if (!p->va) 2511 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_NSEC, 2512 len); 2513 assert(p->va); 2514 return p->va; 2515 } 2516 return p->pa; 2517 } 2518 2519 #ifdef CFG_CORE_RESERVED_SHM 2520 static TEE_Result teecore_init_pub_ram(void) 2521 { 2522 vaddr_t s = 0; 2523 vaddr_t e = 0; 2524 2525 /* get virtual addr/size of NSec shared mem allocated from teecore */ 2526 core_mmu_get_mem_by_type(MEM_AREA_NSEC_SHM, &s, &e); 2527 2528 if (s >= e || s & SMALL_PAGE_MASK || e & SMALL_PAGE_MASK) 2529 panic("invalid PUB RAM"); 2530 2531 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2532 if (!tee_vbuf_is_non_sec(s, e - s)) 2533 panic("PUB RAM is not non-secure"); 2534 2535 #ifdef CFG_PL310 2536 /* Allocate statically the l2cc mutex */ 2537 tee_l2cc_store_mutex_boot_pa(virt_to_phys((void *)s)); 2538 s += sizeof(uint32_t); /* size of a pl310 mutex */ 2539 s = ROUNDUP(s, SMALL_PAGE_SIZE); /* keep required alignment */ 2540 #endif 2541 2542 default_nsec_shm_paddr = virt_to_phys((void *)s); 2543 default_nsec_shm_size = e - s; 2544 2545 return TEE_SUCCESS; 2546 } 2547 early_init(teecore_init_pub_ram); 2548 #endif /*CFG_CORE_RESERVED_SHM*/ 2549 2550 void core_mmu_init_ta_ram(void) 2551 { 2552 vaddr_t s = 0; 2553 vaddr_t e = 0; 2554 paddr_t ps = 0; 2555 size_t size = 0; 2556 2557 /* 2558 * Get virtual addr/size of RAM where TA are loaded/executedNSec 2559 * shared mem allocated from teecore. 2560 */ 2561 if (IS_ENABLED(CFG_NS_VIRTUALIZATION)) 2562 virt_get_ta_ram(&s, &e); 2563 else 2564 core_mmu_get_mem_by_type(MEM_AREA_TA_RAM, &s, &e); 2565 2566 ps = virt_to_phys((void *)s); 2567 size = e - s; 2568 2569 if (!ps || (ps & CORE_MMU_USER_CODE_MASK) || 2570 !size || (size & CORE_MMU_USER_CODE_MASK)) 2571 panic("invalid TA RAM"); 2572 2573 /* extra check: we could rely on core_mmu_get_mem_by_type() */ 2574 if (!tee_pbuf_is_sec(ps, size)) 2575 panic("TA RAM is not secure"); 2576 2577 if (!tee_mm_is_empty(&tee_mm_sec_ddr)) 2578 panic("TA RAM pool is not empty"); 2579 2580 /* remove previous config and init TA ddr memory pool */ 2581 tee_mm_final(&tee_mm_sec_ddr); 2582 tee_mm_init(&tee_mm_sec_ddr, ps, size, CORE_MMU_USER_CODE_SHIFT, 2583 TEE_MM_POOL_NO_FLAGS); 2584 } 2585