1 /* 2 * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <arch_helpers.h> 8 #include <assert.h> 9 #include <debug.h> 10 #include <errno.h> 11 #include <platform_def.h> 12 #include <stdbool.h> 13 #include <types.h> 14 #include <utils_def.h> 15 #include <xlat_tables_defs.h> 16 #include <xlat_tables_v2.h> 17 18 #include "xlat_tables_private.h" 19 20 #if LOG_LEVEL < LOG_LEVEL_VERBOSE 21 22 void xlat_mmap_print(__unused const mmap_region_t *mmap) 23 { 24 /* Empty */ 25 } 26 27 void xlat_tables_print(__unused xlat_ctx_t *ctx) 28 { 29 /* Empty */ 30 } 31 32 #else /* if LOG_LEVEL >= LOG_LEVEL_VERBOSE */ 33 34 void xlat_mmap_print(const mmap_region_t *mmap) 35 { 36 tf_printf("mmap:\n"); 37 const mmap_region_t *mm = mmap; 38 39 while (mm->size != 0U) { 40 tf_printf(" VA:0x%lx PA:0x%llx size:0x%zx attr:0x%x " 41 "granularity:0x%zx\n", mm->base_va, mm->base_pa, 42 mm->size, mm->attr, mm->granularity); 43 ++mm; 44 }; 45 tf_printf("\n"); 46 } 47 48 /* Print the attributes of the specified block descriptor. */ 49 static void xlat_desc_print(const xlat_ctx_t *ctx, uint64_t desc) 50 { 51 uint64_t mem_type_index = ATTR_INDEX_GET(desc); 52 int xlat_regime = ctx->xlat_regime; 53 54 if (mem_type_index == ATTR_IWBWA_OWBWA_NTR_INDEX) { 55 tf_printf("MEM"); 56 } else if (mem_type_index == ATTR_NON_CACHEABLE_INDEX) { 57 tf_printf("NC"); 58 } else { 59 assert(mem_type_index == ATTR_DEVICE_INDEX); 60 tf_printf("DEV"); 61 } 62 63 if (xlat_regime == EL3_REGIME) { 64 /* For EL3 only check the AP[2] and XN bits. */ 65 tf_printf(((desc & LOWER_ATTRS(AP_RO)) != 0ULL) ? "-RO" : "-RW"); 66 tf_printf(((desc & UPPER_ATTRS(XN)) != 0ULL) ? "-XN" : "-EXEC"); 67 } else { 68 assert(xlat_regime == EL1_EL0_REGIME); 69 /* 70 * For EL0 and EL1: 71 * - In AArch64 PXN and UXN can be set independently but in 72 * AArch32 there is no UXN (XN affects both privilege levels). 73 * For consistency, we set them simultaneously in both cases. 74 * - RO and RW permissions must be the same in EL1 and EL0. If 75 * EL0 can access that memory region, so can EL1, with the 76 * same permissions. 77 */ 78 #if ENABLE_ASSERTIONS 79 uint64_t xn_mask = xlat_arch_regime_get_xn_desc(EL1_EL0_REGIME); 80 uint64_t xn_perm = desc & xn_mask; 81 82 assert((xn_perm == xn_mask) || (xn_perm == 0ULL)); 83 #endif 84 tf_printf(((desc & LOWER_ATTRS(AP_RO)) != 0ULL) ? "-RO" : "-RW"); 85 /* Only check one of PXN and UXN, the other one is the same. */ 86 tf_printf(((desc & UPPER_ATTRS(PXN)) != 0ULL) ? "-XN" : "-EXEC"); 87 /* 88 * Privileged regions can only be accessed from EL1, user 89 * regions can be accessed from EL1 and EL0. 90 */ 91 tf_printf(((desc & LOWER_ATTRS(AP_ACCESS_UNPRIVILEGED)) != 0ULL) 92 ? "-USER" : "-PRIV"); 93 } 94 95 tf_printf(((LOWER_ATTRS(NS) & desc) != 0ULL) ? "-NS" : "-S"); 96 } 97 98 static const char * const level_spacers[] = { 99 "[LV0] ", 100 " [LV1] ", 101 " [LV2] ", 102 " [LV3] " 103 }; 104 105 static const char *invalid_descriptors_ommited = 106 "%s(%d invalid descriptors omitted)\n"; 107 108 /* 109 * Recursive function that reads the translation tables passed as an argument 110 * and prints their status. 111 */ 112 static void xlat_tables_print_internal(xlat_ctx_t *ctx, uintptr_t table_base_va, 113 const uint64_t *table_base, unsigned int table_entries, 114 unsigned int level) 115 { 116 assert(level <= XLAT_TABLE_LEVEL_MAX); 117 118 uint64_t desc; 119 uintptr_t table_idx_va = table_base_va; 120 unsigned int table_idx = 0U; 121 size_t level_size = XLAT_BLOCK_SIZE(level); 122 123 /* 124 * Keep track of how many invalid descriptors are counted in a row. 125 * Whenever multiple invalid descriptors are found, only the first one 126 * is printed, and a line is added to inform about how many descriptors 127 * have been omitted. 128 */ 129 int invalid_row_count = 0; 130 131 while (table_idx < table_entries) { 132 133 desc = table_base[table_idx]; 134 135 if ((desc & DESC_MASK) == INVALID_DESC) { 136 137 if (invalid_row_count == 0) { 138 tf_printf("%sVA:0x%lx size:0x%zx\n", 139 level_spacers[level], 140 table_idx_va, level_size); 141 } 142 invalid_row_count++; 143 144 } else { 145 146 if (invalid_row_count > 1) { 147 tf_printf(invalid_descriptors_ommited, 148 level_spacers[level], 149 invalid_row_count - 1); 150 } 151 invalid_row_count = 0; 152 153 /* 154 * Check if this is a table or a block. Tables are only 155 * allowed in levels other than 3, but DESC_PAGE has the 156 * same value as DESC_TABLE, so we need to check. 157 */ 158 if (((desc & DESC_MASK) == TABLE_DESC) && 159 (level < XLAT_TABLE_LEVEL_MAX)) { 160 /* 161 * Do not print any PA for a table descriptor, 162 * as it doesn't directly map physical memory 163 * but instead points to the next translation 164 * table in the translation table walk. 165 */ 166 tf_printf("%sVA:0x%lx size:0x%zx\n", 167 level_spacers[level], 168 table_idx_va, level_size); 169 170 uintptr_t addr_inner = desc & TABLE_ADDR_MASK; 171 172 xlat_tables_print_internal(ctx, table_idx_va, 173 (uint64_t *)addr_inner, 174 XLAT_TABLE_ENTRIES, level + 1U); 175 } else { 176 tf_printf("%sVA:0x%lx PA:0x%llx size:0x%zx ", 177 level_spacers[level], 178 table_idx_va, 179 (uint64_t)(desc & TABLE_ADDR_MASK), 180 level_size); 181 xlat_desc_print(ctx, desc); 182 tf_printf("\n"); 183 } 184 } 185 186 table_idx++; 187 table_idx_va += level_size; 188 } 189 190 if (invalid_row_count > 1) { 191 tf_printf(invalid_descriptors_ommited, 192 level_spacers[level], invalid_row_count - 1); 193 } 194 } 195 196 void xlat_tables_print(xlat_ctx_t *ctx) 197 { 198 const char *xlat_regime_str; 199 int used_page_tables; 200 201 if (ctx->xlat_regime == EL1_EL0_REGIME) { 202 xlat_regime_str = "1&0"; 203 } else { 204 assert(ctx->xlat_regime == EL3_REGIME); 205 xlat_regime_str = "3"; 206 } 207 VERBOSE("Translation tables state:\n"); 208 VERBOSE(" Xlat regime: EL%s\n", xlat_regime_str); 209 VERBOSE(" Max allowed PA: 0x%llx\n", ctx->pa_max_address); 210 VERBOSE(" Max allowed VA: 0x%lx\n", ctx->va_max_address); 211 VERBOSE(" Max mapped PA: 0x%llx\n", ctx->max_pa); 212 VERBOSE(" Max mapped VA: 0x%lx\n", ctx->max_va); 213 214 VERBOSE(" Initial lookup level: %u\n", ctx->base_level); 215 VERBOSE(" Entries @initial lookup level: %u\n", 216 ctx->base_table_entries); 217 218 #if PLAT_XLAT_TABLES_DYNAMIC 219 used_page_tables = 0; 220 for (int i = 0; i < ctx->tables_num; ++i) { 221 if (ctx->tables_mapped_regions[i] != 0) 222 ++used_page_tables; 223 } 224 #else 225 used_page_tables = ctx->next_table; 226 #endif 227 VERBOSE(" Used %d sub-tables out of %d (spare: %d)\n", 228 used_page_tables, ctx->tables_num, 229 ctx->tables_num - used_page_tables); 230 231 xlat_tables_print_internal(ctx, 0U, ctx->base_table, 232 ctx->base_table_entries, ctx->base_level); 233 } 234 235 #endif /* LOG_LEVEL >= LOG_LEVEL_VERBOSE */ 236 237 /* 238 * Do a translation table walk to find the block or page descriptor that maps 239 * virtual_addr. 240 * 241 * On success, return the address of the descriptor within the translation 242 * table. Its lookup level is stored in '*out_level'. 243 * On error, return NULL. 244 * 245 * xlat_table_base 246 * Base address for the initial lookup level. 247 * xlat_table_base_entries 248 * Number of entries in the translation table for the initial lookup level. 249 * virt_addr_space_size 250 * Size in bytes of the virtual address space. 251 */ 252 static uint64_t *find_xlat_table_entry(uintptr_t virtual_addr, 253 void *xlat_table_base, 254 unsigned int xlat_table_base_entries, 255 unsigned long long virt_addr_space_size, 256 unsigned int *out_level) 257 { 258 unsigned int start_level; 259 uint64_t *table; 260 unsigned int entries; 261 262 start_level = GET_XLAT_TABLE_LEVEL_BASE(virt_addr_space_size); 263 264 table = xlat_table_base; 265 entries = xlat_table_base_entries; 266 267 for (unsigned int level = start_level; 268 level <= XLAT_TABLE_LEVEL_MAX; 269 ++level) { 270 uint64_t idx, desc, desc_type; 271 272 idx = XLAT_TABLE_IDX(virtual_addr, level); 273 if (idx >= entries) { 274 WARN("Missing xlat table entry at address 0x%lx\n", 275 virtual_addr); 276 return NULL; 277 } 278 279 desc = table[idx]; 280 desc_type = desc & DESC_MASK; 281 282 if (desc_type == INVALID_DESC) { 283 VERBOSE("Invalid entry (memory not mapped)\n"); 284 return NULL; 285 } 286 287 if (level == XLAT_TABLE_LEVEL_MAX) { 288 /* 289 * Only page descriptors allowed at the final lookup 290 * level. 291 */ 292 assert(desc_type == PAGE_DESC); 293 *out_level = level; 294 return &table[idx]; 295 } 296 297 if (desc_type == BLOCK_DESC) { 298 *out_level = level; 299 return &table[idx]; 300 } 301 302 assert(desc_type == TABLE_DESC); 303 table = (uint64_t *)(uintptr_t)(desc & TABLE_ADDR_MASK); 304 entries = XLAT_TABLE_ENTRIES; 305 } 306 307 /* 308 * This shouldn't be reached, the translation table walk should end at 309 * most at level XLAT_TABLE_LEVEL_MAX and return from inside the loop. 310 */ 311 assert(false); 312 313 return NULL; 314 } 315 316 317 static int get_mem_attributes_internal(const xlat_ctx_t *ctx, uintptr_t base_va, 318 uint32_t *attributes, uint64_t **table_entry, 319 unsigned long long *addr_pa, unsigned int *table_level) 320 { 321 uint64_t *entry; 322 uint64_t desc; 323 unsigned int level; 324 unsigned long long virt_addr_space_size; 325 326 /* 327 * Sanity-check arguments. 328 */ 329 assert(ctx != NULL); 330 assert(ctx->initialized); 331 assert((ctx->xlat_regime == EL1_EL0_REGIME) || 332 (ctx->xlat_regime == EL3_REGIME)); 333 334 virt_addr_space_size = (unsigned long long)ctx->va_max_address + 1ULL; 335 assert(virt_addr_space_size > 0U); 336 337 entry = find_xlat_table_entry(base_va, 338 ctx->base_table, 339 ctx->base_table_entries, 340 virt_addr_space_size, 341 &level); 342 if (entry == NULL) { 343 WARN("Address 0x%lx is not mapped.\n", base_va); 344 return -EINVAL; 345 } 346 347 if (addr_pa != NULL) { 348 *addr_pa = *entry & TABLE_ADDR_MASK; 349 } 350 351 if (table_entry != NULL) { 352 *table_entry = entry; 353 } 354 355 if (table_level != NULL) { 356 *table_level = level; 357 } 358 359 desc = *entry; 360 361 #if LOG_LEVEL >= LOG_LEVEL_VERBOSE 362 VERBOSE("Attributes: "); 363 xlat_desc_print(ctx, desc); 364 tf_printf("\n"); 365 #endif /* LOG_LEVEL >= LOG_LEVEL_VERBOSE */ 366 367 assert(attributes != NULL); 368 *attributes = 0U; 369 370 uint64_t attr_index = (desc >> ATTR_INDEX_SHIFT) & ATTR_INDEX_MASK; 371 372 if (attr_index == ATTR_IWBWA_OWBWA_NTR_INDEX) { 373 *attributes |= MT_MEMORY; 374 } else if (attr_index == ATTR_NON_CACHEABLE_INDEX) { 375 *attributes |= MT_NON_CACHEABLE; 376 } else { 377 assert(attr_index == ATTR_DEVICE_INDEX); 378 *attributes |= MT_DEVICE; 379 } 380 381 uint64_t ap2_bit = (desc >> AP2_SHIFT) & 1U; 382 383 if (ap2_bit == AP2_RW) 384 *attributes |= MT_RW; 385 386 if (ctx->xlat_regime == EL1_EL0_REGIME) { 387 uint64_t ap1_bit = (desc >> AP1_SHIFT) & 1U; 388 389 if (ap1_bit == AP1_ACCESS_UNPRIVILEGED) 390 *attributes |= MT_USER; 391 } 392 393 uint64_t ns_bit = (desc >> NS_SHIFT) & 1U; 394 395 if (ns_bit == 1U) 396 *attributes |= MT_NS; 397 398 uint64_t xn_mask = xlat_arch_regime_get_xn_desc(ctx->xlat_regime); 399 400 if ((desc & xn_mask) == xn_mask) { 401 *attributes |= MT_EXECUTE_NEVER; 402 } else { 403 assert((desc & xn_mask) == 0U); 404 } 405 406 return 0; 407 } 408 409 410 int get_mem_attributes(const xlat_ctx_t *ctx, uintptr_t base_va, 411 uint32_t *attributes) 412 { 413 return get_mem_attributes_internal(ctx, base_va, attributes, 414 NULL, NULL, NULL); 415 } 416 417 418 int change_mem_attributes(const xlat_ctx_t *ctx, 419 uintptr_t base_va, 420 size_t size, 421 uint32_t attr) 422 { 423 /* Note: This implementation isn't optimized. */ 424 425 assert(ctx != NULL); 426 assert(ctx->initialized); 427 428 unsigned long long virt_addr_space_size = 429 (unsigned long long)ctx->va_max_address + 1U; 430 assert(virt_addr_space_size > 0U); 431 432 if (!IS_PAGE_ALIGNED(base_va)) { 433 WARN("%s: Address 0x%lx is not aligned on a page boundary.\n", 434 __func__, base_va); 435 return -EINVAL; 436 } 437 438 if (size == 0U) { 439 WARN("%s: Size is 0.\n", __func__); 440 return -EINVAL; 441 } 442 443 if ((size % PAGE_SIZE) != 0U) { 444 WARN("%s: Size 0x%zx is not a multiple of a page size.\n", 445 __func__, size); 446 return -EINVAL; 447 } 448 449 if (((attr & MT_EXECUTE_NEVER) == 0U) && ((attr & MT_RW) != 0U)) { 450 WARN("%s: Mapping memory as read-write and executable not allowed.\n", 451 __func__); 452 return -EINVAL; 453 } 454 455 size_t pages_count = size / PAGE_SIZE; 456 457 VERBOSE("Changing memory attributes of %zu pages starting from address 0x%lx...\n", 458 pages_count, base_va); 459 460 uintptr_t base_va_original = base_va; 461 462 /* 463 * Sanity checks. 464 */ 465 for (size_t i = 0U; i < pages_count; ++i) { 466 const uint64_t *entry; 467 uint64_t desc, attr_index; 468 unsigned int level; 469 470 entry = find_xlat_table_entry(base_va, 471 ctx->base_table, 472 ctx->base_table_entries, 473 virt_addr_space_size, 474 &level); 475 if (entry == NULL) { 476 WARN("Address 0x%lx is not mapped.\n", base_va); 477 return -EINVAL; 478 } 479 480 desc = *entry; 481 482 /* 483 * Check that all the required pages are mapped at page 484 * granularity. 485 */ 486 if (((desc & DESC_MASK) != PAGE_DESC) || 487 (level != XLAT_TABLE_LEVEL_MAX)) { 488 WARN("Address 0x%lx is not mapped at the right granularity.\n", 489 base_va); 490 WARN("Granularity is 0x%llx, should be 0x%x.\n", 491 (unsigned long long)XLAT_BLOCK_SIZE(level), PAGE_SIZE); 492 return -EINVAL; 493 } 494 495 /* 496 * If the region type is device, it shouldn't be executable. 497 */ 498 attr_index = (desc >> ATTR_INDEX_SHIFT) & ATTR_INDEX_MASK; 499 if (attr_index == ATTR_DEVICE_INDEX) { 500 if ((attr & MT_EXECUTE_NEVER) == 0U) { 501 WARN("Setting device memory as executable at address 0x%lx.", 502 base_va); 503 return -EINVAL; 504 } 505 } 506 507 base_va += PAGE_SIZE; 508 } 509 510 /* Restore original value. */ 511 base_va = base_va_original; 512 513 for (unsigned int i = 0U; i < pages_count; ++i) { 514 515 uint32_t old_attr = 0U, new_attr; 516 uint64_t *entry = NULL; 517 unsigned int level = 0U; 518 unsigned long long addr_pa = 0ULL; 519 520 (void) get_mem_attributes_internal(ctx, base_va, &old_attr, 521 &entry, &addr_pa, &level); 522 523 /* 524 * From attr, only MT_RO/MT_RW, MT_EXECUTE/MT_EXECUTE_NEVER and 525 * MT_USER/MT_PRIVILEGED are taken into account. Any other 526 * information is ignored. 527 */ 528 529 /* Clean the old attributes so that they can be rebuilt. */ 530 new_attr = old_attr & ~(MT_RW | MT_EXECUTE_NEVER | MT_USER); 531 532 /* 533 * Update attributes, but filter out the ones this function 534 * isn't allowed to change. 535 */ 536 new_attr |= attr & (MT_RW | MT_EXECUTE_NEVER | MT_USER); 537 538 /* 539 * The break-before-make sequence requires writing an invalid 540 * descriptor and making sure that the system sees the change 541 * before writing the new descriptor. 542 */ 543 *entry = INVALID_DESC; 544 545 /* Invalidate any cached copy of this mapping in the TLBs. */ 546 xlat_arch_tlbi_va(base_va, ctx->xlat_regime); 547 548 /* Ensure completion of the invalidation. */ 549 xlat_arch_tlbi_va_sync(); 550 551 /* Write new descriptor */ 552 *entry = xlat_desc(ctx, new_attr, addr_pa, level); 553 554 base_va += PAGE_SIZE; 555 } 556 557 /* Ensure that the last descriptor writen is seen by the system. */ 558 dsbish(); 559 560 return 0; 561 } 562