1 /* 2 * Copyright (c) 2017-2025, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #ifndef XLAT_TABLES_V2_H 8 #define XLAT_TABLES_V2_H 9 10 #include <lib/xlat_tables/xlat_tables_defs.h> 11 #include <lib/xlat_tables/xlat_tables_v2_helpers.h> 12 13 #ifndef __ASSEMBLER__ 14 #include <stddef.h> 15 #include <stdint.h> 16 17 #include <lib/xlat_tables/xlat_mmu_helpers.h> 18 19 /* 20 * Default granularity size for an mmap_region_t. 21 * Useful when no specific granularity is required. 22 * 23 * By default, choose the biggest possible block size allowed by the 24 * architectural state and granule size in order to minimize the number of page 25 * tables required for the mapping. 26 */ 27 #define REGION_DEFAULT_GRANULARITY XLAT_BLOCK_SIZE(MIN_LVL_BLOCK_DESC) 28 29 /* Helper macro to define an mmap_region_t. */ 30 #define MAP_REGION(_pa, _va, _sz, _attr) \ 31 MAP_REGION_FULL_SPEC(_pa, _va, _sz, _attr, REGION_DEFAULT_GRANULARITY) 32 33 /* Helper macro to define an mmap_region_t with an identity mapping. */ 34 #define MAP_REGION_FLAT(_adr, _sz, _attr) \ 35 MAP_REGION(_adr, _adr, _sz, _attr) 36 37 /* 38 * Helper macro to define entries for mmap_region_t. It allows to define 'pa' 39 * and sets 'va' to 0 for each region. To be used with mmap_add_alloc_va(). 40 */ 41 #define MAP_REGION_ALLOC_VA(pa, sz, attr) MAP_REGION(pa, 0, sz, attr) 42 43 /* 44 * Helper macro to define an mmap_region_t to map with the desired granularity 45 * of translation tables. 46 * 47 * The granularity value passed to this macro must be a valid block or page 48 * size. When using a 4KB translation granule, this might be 4KB, 2MB or 1GB. 49 * Passing REGION_DEFAULT_GRANULARITY is also allowed and means that the library 50 * is free to choose the granularity for this region. In this case, it is 51 * equivalent to the MAP_REGION() macro. 52 */ 53 #define MAP_REGION2(_pa, _va, _sz, _attr, _gr) \ 54 MAP_REGION_FULL_SPEC(_pa, _va, _sz, _attr, _gr) 55 56 /* 57 * Shifts and masks to access fields of an mmap attribute 58 */ 59 #define MT_TYPE_MASK U(0x7) 60 #define MT_TYPE(_attr) ((_attr) & MT_TYPE_MASK) 61 /* Access permissions (RO/RW) */ 62 #define MT_PERM_SHIFT U(3) 63 64 /* Physical address space (SECURE/NS/Root/Realm) */ 65 #define MT_PAS_SHIFT U(4) 66 #define MT_PAS_MASK (U(3) << MT_PAS_SHIFT) 67 #define MT_PAS(_attr) ((_attr) & MT_PAS_MASK) 68 69 /* Access permissions for instruction execution (EXECUTE/EXECUTE_NEVER) */ 70 #define MT_EXECUTE_SHIFT U(6) 71 /* In the EL1&0 translation regime, User (EL0) or Privileged (EL1). */ 72 #define MT_USER_SHIFT U(7) 73 74 /* Shareability attribute for the memory region */ 75 #define MT_SHAREABILITY_SHIFT U(8) 76 #define MT_SHAREABILITY_MASK (U(3) << MT_SHAREABILITY_SHIFT) 77 #define MT_SHAREABILITY(_attr) ((_attr) & MT_SHAREABILITY_MASK) 78 79 /* All other bits are reserved */ 80 81 /* 82 * Memory mapping attributes 83 */ 84 85 /* 86 * Memory types supported. 87 * These are organised so that, going down the list, the memory types are 88 * getting weaker; conversely going up the list the memory types are getting 89 * stronger. 90 */ 91 #define MT_DEVICE U(0) 92 #define MT_NON_CACHEABLE U(1) 93 #define MT_MEMORY U(2) 94 /* Values up to 7 are reserved to add new memory types in the future */ 95 96 #define MT_RO (U(0) << MT_PERM_SHIFT) 97 #define MT_RW (U(1) << MT_PERM_SHIFT) 98 99 #define MT_SECURE (U(0) << MT_PAS_SHIFT) 100 #define MT_NS (U(1) << MT_PAS_SHIFT) 101 #define MT_ROOT (U(2) << MT_PAS_SHIFT) 102 #define MT_REALM (U(3) << MT_PAS_SHIFT) 103 104 /* 105 * Access permissions for instruction execution are only relevant for normal 106 * read-only memory, i.e. MT_MEMORY | MT_RO. They are ignored (and potentially 107 * overridden) otherwise: 108 * - Device memory is always marked as execute-never. 109 * - Read-write normal memory is always marked as execute-never. 110 */ 111 #define MT_EXECUTE (U(0) << MT_EXECUTE_SHIFT) 112 #define MT_EXECUTE_NEVER (U(1) << MT_EXECUTE_SHIFT) 113 114 /* 115 * When mapping a region at EL0 or EL1, this attribute will be used to determine 116 * if a User mapping (EL0) will be created or a Privileged mapping (EL1). 117 */ 118 #define MT_USER (U(1) << MT_USER_SHIFT) 119 #define MT_PRIVILEGED (U(0) << MT_USER_SHIFT) 120 121 /* 122 * Shareability defines the visibility of any cache changes to 123 * all masters belonging to a shareable domain. 124 * 125 * MT_SHAREABILITY_ISH: For inner shareable domain 126 * MT_SHAREABILITY_OSH: For outer shareable domain 127 * MT_SHAREABILITY_NSH: For non shareable domain 128 */ 129 #define MT_SHAREABILITY_ISH (U(1) << MT_SHAREABILITY_SHIFT) 130 #define MT_SHAREABILITY_OSH (U(2) << MT_SHAREABILITY_SHIFT) 131 #define MT_SHAREABILITY_NSH (U(3) << MT_SHAREABILITY_SHIFT) 132 133 /* Compound attributes for most common usages */ 134 #define MT_CODE (MT_MEMORY | MT_RO | MT_EXECUTE) 135 #define MT_RO_DATA (MT_MEMORY | MT_RO | MT_EXECUTE_NEVER) 136 #define MT_RW_DATA (MT_MEMORY | MT_RW | MT_EXECUTE_NEVER) 137 138 #if ENABLE_FEAT_MORELLO 139 /* Capbility load, store and track permission attribute */ 140 #define MT_CAP_LD_ST_TRACK (U(1) << 31) 141 #else 142 #define MT_CAP_LD_ST_TRACK U(0) 143 #endif 144 145 /* 146 * Structure for specifying a single region of memory. 147 */ 148 typedef struct mmap_region { 149 unsigned long long base_pa; 150 uintptr_t base_va; 151 size_t size; 152 unsigned int attr; 153 /* Desired granularity. See the MAP_REGION2() macro for more details. */ 154 size_t granularity; 155 } mmap_region_t; 156 157 /* 158 * Translation regimes supported by this library. EL_REGIME_INVALID tells the 159 * library to detect it at runtime. 160 */ 161 #define EL1_EL0_REGIME 1 162 #define EL2_REGIME 2 163 #define EL3_REGIME 3 164 #define EL_REGIME_INVALID -1 165 166 /* Memory type for EL3 regions. With RME, EL3 is in ROOT PAS */ 167 #if ENABLE_RME 168 #define EL3_PAS MT_ROOT 169 #else 170 #define EL3_PAS MT_SECURE 171 #endif /* ENABLE_RME */ 172 173 /* 174 * Declare the translation context type. 175 * Its definition is private. 176 */ 177 typedef struct xlat_ctx xlat_ctx_t; 178 179 /* 180 * Statically allocate a translation context and associated structures. Also 181 * initialize them. 182 * 183 * _ctx_name: 184 * Prefix for the translation context variable. 185 * E.g. If _ctx_name is 'foo', the variable will be called 'foo_xlat_ctx'. 186 * Useful to distinguish multiple contexts from one another. 187 * 188 * _mmap_count: 189 * Number of mmap_region_t to allocate. 190 * Would typically be MAX_MMAP_REGIONS for the translation context describing 191 * the BL image currently executing. 192 * 193 * _xlat_tables_count: 194 * Number of sub-translation tables to allocate. 195 * Would typically be MAX_XLAT_TABLES for the translation context describing 196 * the BL image currently executing. 197 * Note that this is only for sub-tables ; at the initial lookup level, there 198 * is always a single table. 199 * 200 * _virt_addr_space_size, _phy_addr_space_size: 201 * Size (in bytes) of the virtual (resp. physical) address space. 202 * Would typically be PLAT_VIRT_ADDR_SPACE_SIZE 203 * (resp. PLAT_PHY_ADDR_SPACE_SIZE) for the translation context describing the 204 * BL image currently executing. 205 */ 206 #define REGISTER_XLAT_CONTEXT(_ctx_name, _mmap_count, _xlat_tables_count, \ 207 _virt_addr_space_size, _phy_addr_space_size) \ 208 REGISTER_XLAT_CONTEXT_FULL_SPEC(_ctx_name, (_mmap_count), \ 209 (_xlat_tables_count), \ 210 (_virt_addr_space_size), \ 211 (_phy_addr_space_size), \ 212 EL_REGIME_INVALID, \ 213 ".xlat_table", ".base_xlat_table") 214 215 /* 216 * Same as REGISTER_XLAT_CONTEXT plus the additional parameters: 217 * 218 * _xlat_regime: 219 * Specify the translation regime managed by this xlat_ctx_t instance. The 220 * values are the one from the EL*_REGIME definitions. 221 * 222 * _section_name: 223 * Specify the name of the section where the translation tables have to be 224 * placed by the linker. 225 * 226 * _base_table_section_name: 227 * Specify the name of the section where the base translation tables have to 228 * be placed by the linker. 229 */ 230 #define REGISTER_XLAT_CONTEXT2(_ctx_name, _mmap_count, _xlat_tables_count, \ 231 _virt_addr_space_size, _phy_addr_space_size, \ 232 _xlat_regime, _section_name, _base_table_section_name) \ 233 REGISTER_XLAT_CONTEXT_FULL_SPEC(_ctx_name, (_mmap_count), \ 234 (_xlat_tables_count), \ 235 (_virt_addr_space_size), \ 236 (_phy_addr_space_size), \ 237 (_xlat_regime), \ 238 (_section_name), (_base_table_section_name) \ 239 ) 240 241 /****************************************************************************** 242 * Generic translation table APIs. 243 * Each API comes in 2 variants: 244 * - one that acts on the current translation context for this BL image 245 * - another that acts on the given translation context instead. This variant 246 * is named after the 1st version, with an additional '_ctx' suffix. 247 *****************************************************************************/ 248 249 /* 250 * Initialize translation tables from the current list of mmap regions. Calling 251 * this function marks the transition point after which static regions can no 252 * longer be added. 253 */ 254 void init_xlat_tables(void); 255 void init_xlat_tables_ctx(xlat_ctx_t *ctx); 256 257 /* 258 * Fill all fields of a dynamic translation tables context. It must be done 259 * either statically with REGISTER_XLAT_CONTEXT() or at runtime with this 260 * function. 261 */ 262 void xlat_setup_dynamic_ctx(xlat_ctx_t *ctx, unsigned long long pa_max, 263 uintptr_t va_max, struct mmap_region *mmap, 264 unsigned int mmap_num, uint64_t **tables, 265 unsigned int tables_num, uint64_t *base_table, 266 int xlat_regime, int *mapped_regions); 267 268 /* 269 * Add a static region with defined base PA and base VA. This function can only 270 * be used before initializing the translation tables. The region cannot be 271 * removed afterwards. 272 */ 273 void mmap_add_region(unsigned long long base_pa, uintptr_t base_va, 274 size_t size, unsigned int attr); 275 void mmap_add_region_ctx(xlat_ctx_t *ctx, const mmap_region_t *mm); 276 277 /* 278 * Add an array of static regions with defined base PA and base VA. This 279 * function can only be used before initializing the translation tables. The 280 * regions cannot be removed afterwards. 281 */ 282 void mmap_add(const mmap_region_t *mm); 283 void mmap_add_ctx(xlat_ctx_t *ctx, const mmap_region_t *mm); 284 285 /* 286 * Add a region with defined base PA. Returns base VA calculated using the 287 * highest existing region in the mmap array even if it fails to allocate the 288 * region. 289 */ 290 void mmap_add_region_alloc_va(unsigned long long base_pa, uintptr_t *base_va, 291 size_t size, unsigned int attr); 292 void mmap_add_region_alloc_va_ctx(xlat_ctx_t *ctx, mmap_region_t *mm); 293 294 /* 295 * Add an array of static regions with defined base PA, and fill the base VA 296 * field on the array of structs. This function can only be used before 297 * initializing the translation tables. The regions cannot be removed afterwards. 298 */ 299 void mmap_add_alloc_va(mmap_region_t *mm); 300 301 #if PLAT_XLAT_TABLES_DYNAMIC 302 /* 303 * Add a dynamic region with defined base PA and base VA. This type of region 304 * can be added and removed even after the translation tables are initialized. 305 * 306 * Returns: 307 * 0: Success. 308 * EINVAL: Invalid values were used as arguments. 309 * ERANGE: Memory limits were surpassed. 310 * ENOMEM: Not enough space in the mmap array or not enough free xlat tables. 311 * EPERM: It overlaps another region in an invalid way. 312 */ 313 int mmap_add_dynamic_region(unsigned long long base_pa, uintptr_t base_va, 314 size_t size, unsigned int attr); 315 int mmap_add_dynamic_region_ctx(xlat_ctx_t *ctx, mmap_region_t *mm); 316 317 /* 318 * Add a dynamic region with defined base PA. Returns base VA calculated using 319 * the highest existing region in the mmap array even if it fails to allocate 320 * the region. 321 * 322 * mmap_add_dynamic_region_alloc_va() returns the allocated VA in 'base_va'. 323 * mmap_add_dynamic_region_alloc_va_ctx() returns it in 'mm->base_va'. 324 * 325 * It returns the same error values as mmap_add_dynamic_region(). 326 */ 327 int mmap_add_dynamic_region_alloc_va(unsigned long long base_pa, 328 uintptr_t *base_va, 329 size_t size, unsigned int attr); 330 int mmap_add_dynamic_region_alloc_va_ctx(xlat_ctx_t *ctx, mmap_region_t *mm); 331 332 /* 333 * Remove a region with the specified base VA and size. Only dynamic regions can 334 * be removed, and they can be removed even if the translation tables are 335 * initialized. 336 * 337 * Returns: 338 * 0: Success. 339 * EINVAL: The specified region wasn't found. 340 * EPERM: Trying to remove a static region. 341 */ 342 int mmap_remove_dynamic_region(uintptr_t base_va, size_t size); 343 int mmap_remove_dynamic_region_ctx(xlat_ctx_t *ctx, 344 uintptr_t base_va, 345 size_t size); 346 347 #endif /* PLAT_XLAT_TABLES_DYNAMIC */ 348 349 /* 350 * Change the memory attributes of the memory region starting from a given 351 * virtual address in a set of translation tables. 352 * 353 * This function can only be used after the translation tables have been 354 * initialized. 355 * 356 * The base address of the memory region must be aligned on a page boundary. 357 * The size of this memory region must be a multiple of a page size. 358 * The memory region must be already mapped by the given translation tables 359 * and it must be mapped at the granularity of a page. 360 * 361 * Return 0 on success, a negative value on error. 362 * 363 * In case of error, the memory attributes remain unchanged and this function 364 * has no effect. 365 * 366 * ctx 367 * Translation context to work on. 368 * base_va: 369 * Virtual address of the 1st page to change the attributes of. 370 * size: 371 * Size in bytes of the memory region. 372 * attr: 373 * New attributes of the page tables. The attributes that can be changed are 374 * data access (MT_RO/MT_RW), instruction access (MT_EXECUTE_NEVER/MT_EXECUTE) 375 * and user/privileged access (MT_USER/MT_PRIVILEGED) in the case of contexts 376 * that are used in the EL1&0 translation regime. Also, note that this 377 * function doesn't allow to remap a region as RW and executable, or to remap 378 * device memory as executable. 379 * 380 * NOTE: The caller of this function must be able to write to the translation 381 * tables, i.e. the memory where they are stored must be mapped with read-write 382 * access permissions. This function assumes it is the case. If this is not 383 * the case then this function might trigger a data abort exception. 384 * 385 * NOTE2: The caller is responsible for making sure that the targeted 386 * translation tables are not modified by any other code while this function is 387 * executing. 388 */ 389 int xlat_change_mem_attributes_ctx(const xlat_ctx_t *ctx, uintptr_t base_va, 390 size_t size, uint32_t attr); 391 int xlat_change_mem_attributes(uintptr_t base_va, size_t size, uint32_t attr); 392 393 #if PLAT_RO_XLAT_TABLES 394 /* 395 * Change the memory attributes of the memory region encompassing the higher 396 * level translation tables to secure read-only data. 397 * 398 * Return 0 on success, a negative error code on error. 399 */ 400 int xlat_make_tables_readonly(void); 401 #endif 402 403 /* 404 * Query the memory attributes of a memory page in a set of translation tables. 405 * 406 * Return 0 on success, a negative error code on error. 407 * On success, the attributes are stored into *attr. 408 * 409 * ctx 410 * Translation context to work on. 411 * base_va 412 * Virtual address of the page to get the attributes of. 413 * There are no alignment restrictions on this address. The attributes of the 414 * memory page it lies within are returned. 415 * attr 416 * Output parameter where to store the attributes of the targeted memory page. 417 * table_level 418 * Output parameter where to store base_va's table level 419 */ 420 int xlat_get_mem_attributes_ctx(const xlat_ctx_t *ctx, uintptr_t base_va, 421 uint32_t *attr, unsigned int *table_level); 422 int xlat_get_mem_attributes(uintptr_t base_va, uint32_t *attr); 423 424 #endif /*__ASSEMBLER__*/ 425 #endif /* XLAT_TABLES_V2_H */ 426