1 /* 2 * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <arch_helpers.h> 8 #include <assert.h> 9 #include <debug.h> 10 #include <errno.h> 11 #include <platform_def.h> 12 #include <types.h> 13 #include <utils_def.h> 14 #include <xlat_tables_defs.h> 15 #include <xlat_tables_v2.h> 16 17 #include "xlat_tables_private.h" 18 19 #if LOG_LEVEL < LOG_LEVEL_VERBOSE 20 21 void xlat_mmap_print(__unused const mmap_region_t *mmap) 22 { 23 /* Empty */ 24 } 25 26 void xlat_tables_print(__unused xlat_ctx_t *ctx) 27 { 28 /* Empty */ 29 } 30 31 #else /* if LOG_LEVEL >= LOG_LEVEL_VERBOSE */ 32 33 void xlat_mmap_print(const mmap_region_t *mmap) 34 { 35 tf_printf("mmap:\n"); 36 const mmap_region_t *mm = mmap; 37 38 while (mm->size != 0U) { 39 tf_printf(" VA:0x%lx PA:0x%llx size:0x%zx attr:0x%x " 40 "granularity:0x%zx\n", mm->base_va, mm->base_pa, 41 mm->size, mm->attr, mm->granularity); 42 ++mm; 43 }; 44 tf_printf("\n"); 45 } 46 47 /* Print the attributes of the specified block descriptor. */ 48 static void xlat_desc_print(const xlat_ctx_t *ctx, uint64_t desc) 49 { 50 uint64_t mem_type_index = ATTR_INDEX_GET(desc); 51 int xlat_regime = ctx->xlat_regime; 52 53 if (mem_type_index == ATTR_IWBWA_OWBWA_NTR_INDEX) { 54 tf_printf("MEM"); 55 } else if (mem_type_index == ATTR_NON_CACHEABLE_INDEX) { 56 tf_printf("NC"); 57 } else { 58 assert(mem_type_index == ATTR_DEVICE_INDEX); 59 tf_printf("DEV"); 60 } 61 62 if (xlat_regime == EL3_REGIME) { 63 /* For EL3 only check the AP[2] and XN bits. */ 64 tf_printf(((desc & LOWER_ATTRS(AP_RO)) != 0ULL) ? "-RO" : "-RW"); 65 tf_printf(((desc & UPPER_ATTRS(XN)) != 0ULL) ? "-XN" : "-EXEC"); 66 } else { 67 assert(xlat_regime == EL1_EL0_REGIME); 68 /* 69 * For EL0 and EL1: 70 * - In AArch64 PXN and UXN can be set independently but in 71 * AArch32 there is no UXN (XN affects both privilege levels). 72 * For consistency, we set them simultaneously in both cases. 73 * - RO and RW permissions must be the same in EL1 and EL0. If 74 * EL0 can access that memory region, so can EL1, with the 75 * same permissions. 76 */ 77 #if ENABLE_ASSERTIONS 78 uint64_t xn_mask = xlat_arch_regime_get_xn_desc(EL1_EL0_REGIME); 79 uint64_t xn_perm = desc & xn_mask; 80 81 assert((xn_perm == xn_mask) || (xn_perm == 0ULL)); 82 #endif 83 tf_printf(((desc & LOWER_ATTRS(AP_RO)) != 0ULL) ? "-RO" : "-RW"); 84 /* Only check one of PXN and UXN, the other one is the same. */ 85 tf_printf(((desc & UPPER_ATTRS(PXN)) != 0ULL) ? "-XN" : "-EXEC"); 86 /* 87 * Privileged regions can only be accessed from EL1, user 88 * regions can be accessed from EL1 and EL0. 89 */ 90 tf_printf(((desc & LOWER_ATTRS(AP_ACCESS_UNPRIVILEGED)) != 0ULL) 91 ? "-USER" : "-PRIV"); 92 } 93 94 tf_printf(((LOWER_ATTRS(NS) & desc) != 0ULL) ? "-NS" : "-S"); 95 } 96 97 static const char * const level_spacers[] = { 98 "[LV0] ", 99 " [LV1] ", 100 " [LV2] ", 101 " [LV3] " 102 }; 103 104 static const char *invalid_descriptors_ommited = 105 "%s(%d invalid descriptors omitted)\n"; 106 107 /* 108 * Recursive function that reads the translation tables passed as an argument 109 * and prints their status. 110 */ 111 static void xlat_tables_print_internal(xlat_ctx_t *ctx, uintptr_t table_base_va, 112 const uint64_t *table_base, unsigned int table_entries, 113 unsigned int level) 114 { 115 assert(level <= XLAT_TABLE_LEVEL_MAX); 116 117 uint64_t desc; 118 uintptr_t table_idx_va = table_base_va; 119 unsigned int table_idx = 0U; 120 size_t level_size = XLAT_BLOCK_SIZE(level); 121 122 /* 123 * Keep track of how many invalid descriptors are counted in a row. 124 * Whenever multiple invalid descriptors are found, only the first one 125 * is printed, and a line is added to inform about how many descriptors 126 * have been omitted. 127 */ 128 int invalid_row_count = 0; 129 130 while (table_idx < table_entries) { 131 132 desc = table_base[table_idx]; 133 134 if ((desc & DESC_MASK) == INVALID_DESC) { 135 136 if (invalid_row_count == 0) { 137 tf_printf("%sVA:0x%lx size:0x%zx\n", 138 level_spacers[level], 139 table_idx_va, level_size); 140 } 141 invalid_row_count++; 142 143 } else { 144 145 if (invalid_row_count > 1) { 146 tf_printf(invalid_descriptors_ommited, 147 level_spacers[level], 148 invalid_row_count - 1); 149 } 150 invalid_row_count = 0; 151 152 /* 153 * Check if this is a table or a block. Tables are only 154 * allowed in levels other than 3, but DESC_PAGE has the 155 * same value as DESC_TABLE, so we need to check. 156 */ 157 if (((desc & DESC_MASK) == TABLE_DESC) && 158 (level < XLAT_TABLE_LEVEL_MAX)) { 159 /* 160 * Do not print any PA for a table descriptor, 161 * as it doesn't directly map physical memory 162 * but instead points to the next translation 163 * table in the translation table walk. 164 */ 165 tf_printf("%sVA:0x%lx size:0x%zx\n", 166 level_spacers[level], 167 table_idx_va, level_size); 168 169 uintptr_t addr_inner = desc & TABLE_ADDR_MASK; 170 171 xlat_tables_print_internal(ctx, table_idx_va, 172 (uint64_t *)addr_inner, 173 XLAT_TABLE_ENTRIES, level + 1U); 174 } else { 175 tf_printf("%sVA:0x%lx PA:0x%llx size:0x%zx ", 176 level_spacers[level], 177 table_idx_va, 178 (uint64_t)(desc & TABLE_ADDR_MASK), 179 level_size); 180 xlat_desc_print(ctx, desc); 181 tf_printf("\n"); 182 } 183 } 184 185 table_idx++; 186 table_idx_va += level_size; 187 } 188 189 if (invalid_row_count > 1) { 190 tf_printf(invalid_descriptors_ommited, 191 level_spacers[level], invalid_row_count - 1); 192 } 193 } 194 195 void xlat_tables_print(xlat_ctx_t *ctx) 196 { 197 const char *xlat_regime_str; 198 int used_page_tables; 199 200 if (ctx->xlat_regime == EL1_EL0_REGIME) { 201 xlat_regime_str = "1&0"; 202 } else { 203 assert(ctx->xlat_regime == EL3_REGIME); 204 xlat_regime_str = "3"; 205 } 206 VERBOSE("Translation tables state:\n"); 207 VERBOSE(" Xlat regime: EL%s\n", xlat_regime_str); 208 VERBOSE(" Max allowed PA: 0x%llx\n", ctx->pa_max_address); 209 VERBOSE(" Max allowed VA: 0x%lx\n", ctx->va_max_address); 210 VERBOSE(" Max mapped PA: 0x%llx\n", ctx->max_pa); 211 VERBOSE(" Max mapped VA: 0x%lx\n", ctx->max_va); 212 213 VERBOSE(" Initial lookup level: %u\n", ctx->base_level); 214 VERBOSE(" Entries @initial lookup level: %u\n", 215 ctx->base_table_entries); 216 217 #if PLAT_XLAT_TABLES_DYNAMIC 218 used_page_tables = 0; 219 for (int i = 0; i < ctx->tables_num; ++i) { 220 if (ctx->tables_mapped_regions[i] != 0) 221 ++used_page_tables; 222 } 223 #else 224 used_page_tables = ctx->next_table; 225 #endif 226 VERBOSE(" Used %d sub-tables out of %d (spare: %d)\n", 227 used_page_tables, ctx->tables_num, 228 ctx->tables_num - used_page_tables); 229 230 xlat_tables_print_internal(ctx, 0U, ctx->base_table, 231 ctx->base_table_entries, ctx->base_level); 232 } 233 234 #endif /* LOG_LEVEL >= LOG_LEVEL_VERBOSE */ 235 236 /* 237 * Do a translation table walk to find the block or page descriptor that maps 238 * virtual_addr. 239 * 240 * On success, return the address of the descriptor within the translation 241 * table. Its lookup level is stored in '*out_level'. 242 * On error, return NULL. 243 * 244 * xlat_table_base 245 * Base address for the initial lookup level. 246 * xlat_table_base_entries 247 * Number of entries in the translation table for the initial lookup level. 248 * virt_addr_space_size 249 * Size in bytes of the virtual address space. 250 */ 251 static uint64_t *find_xlat_table_entry(uintptr_t virtual_addr, 252 void *xlat_table_base, 253 unsigned int xlat_table_base_entries, 254 unsigned long long virt_addr_space_size, 255 unsigned int *out_level) 256 { 257 unsigned int start_level; 258 uint64_t *table; 259 unsigned int entries; 260 261 start_level = GET_XLAT_TABLE_LEVEL_BASE(virt_addr_space_size); 262 263 table = xlat_table_base; 264 entries = xlat_table_base_entries; 265 266 for (unsigned int level = start_level; 267 level <= XLAT_TABLE_LEVEL_MAX; 268 ++level) { 269 uint64_t idx, desc, desc_type; 270 271 idx = XLAT_TABLE_IDX(virtual_addr, level); 272 if (idx >= entries) { 273 WARN("Missing xlat table entry at address 0x%lx\n", 274 virtual_addr); 275 return NULL; 276 } 277 278 desc = table[idx]; 279 desc_type = desc & DESC_MASK; 280 281 if (desc_type == INVALID_DESC) { 282 VERBOSE("Invalid entry (memory not mapped)\n"); 283 return NULL; 284 } 285 286 if (level == XLAT_TABLE_LEVEL_MAX) { 287 /* 288 * Only page descriptors allowed at the final lookup 289 * level. 290 */ 291 assert(desc_type == PAGE_DESC); 292 *out_level = level; 293 return &table[idx]; 294 } 295 296 if (desc_type == BLOCK_DESC) { 297 *out_level = level; 298 return &table[idx]; 299 } 300 301 assert(desc_type == TABLE_DESC); 302 table = (uint64_t *)(uintptr_t)(desc & TABLE_ADDR_MASK); 303 entries = XLAT_TABLE_ENTRIES; 304 } 305 306 /* 307 * This shouldn't be reached, the translation table walk should end at 308 * most at level XLAT_TABLE_LEVEL_MAX and return from inside the loop. 309 */ 310 assert(0); 311 312 return NULL; 313 } 314 315 316 static int get_mem_attributes_internal(const xlat_ctx_t *ctx, uintptr_t base_va, 317 uint32_t *attributes, uint64_t **table_entry, 318 unsigned long long *addr_pa, unsigned int *table_level) 319 { 320 uint64_t *entry; 321 uint64_t desc; 322 unsigned int level; 323 unsigned long long virt_addr_space_size; 324 325 /* 326 * Sanity-check arguments. 327 */ 328 assert(ctx != NULL); 329 assert(ctx->initialized != 0); 330 assert((ctx->xlat_regime == EL1_EL0_REGIME) || 331 (ctx->xlat_regime == EL3_REGIME)); 332 333 virt_addr_space_size = (unsigned long long)ctx->va_max_address + 1ULL; 334 assert(virt_addr_space_size > 0U); 335 336 entry = find_xlat_table_entry(base_va, 337 ctx->base_table, 338 ctx->base_table_entries, 339 virt_addr_space_size, 340 &level); 341 if (entry == NULL) { 342 WARN("Address 0x%lx is not mapped.\n", base_va); 343 return -EINVAL; 344 } 345 346 if (addr_pa != NULL) { 347 *addr_pa = *entry & TABLE_ADDR_MASK; 348 } 349 350 if (table_entry != NULL) { 351 *table_entry = entry; 352 } 353 354 if (table_level != NULL) { 355 *table_level = level; 356 } 357 358 desc = *entry; 359 360 #if LOG_LEVEL >= LOG_LEVEL_VERBOSE 361 VERBOSE("Attributes: "); 362 xlat_desc_print(ctx, desc); 363 tf_printf("\n"); 364 #endif /* LOG_LEVEL >= LOG_LEVEL_VERBOSE */ 365 366 assert(attributes != NULL); 367 *attributes = 0U; 368 369 uint64_t attr_index = (desc >> ATTR_INDEX_SHIFT) & ATTR_INDEX_MASK; 370 371 if (attr_index == ATTR_IWBWA_OWBWA_NTR_INDEX) { 372 *attributes |= MT_MEMORY; 373 } else if (attr_index == ATTR_NON_CACHEABLE_INDEX) { 374 *attributes |= MT_NON_CACHEABLE; 375 } else { 376 assert(attr_index == ATTR_DEVICE_INDEX); 377 *attributes |= MT_DEVICE; 378 } 379 380 uint64_t ap2_bit = (desc >> AP2_SHIFT) & 1U; 381 382 if (ap2_bit == AP2_RW) 383 *attributes |= MT_RW; 384 385 if (ctx->xlat_regime == EL1_EL0_REGIME) { 386 uint64_t ap1_bit = (desc >> AP1_SHIFT) & 1U; 387 388 if (ap1_bit == AP1_ACCESS_UNPRIVILEGED) 389 *attributes |= MT_USER; 390 } 391 392 uint64_t ns_bit = (desc >> NS_SHIFT) & 1U; 393 394 if (ns_bit == 1U) 395 *attributes |= MT_NS; 396 397 uint64_t xn_mask = xlat_arch_regime_get_xn_desc(ctx->xlat_regime); 398 399 if ((desc & xn_mask) == xn_mask) { 400 *attributes |= MT_EXECUTE_NEVER; 401 } else { 402 assert((desc & xn_mask) == 0U); 403 } 404 405 return 0; 406 } 407 408 409 int get_mem_attributes(const xlat_ctx_t *ctx, uintptr_t base_va, 410 uint32_t *attributes) 411 { 412 return get_mem_attributes_internal(ctx, base_va, attributes, 413 NULL, NULL, NULL); 414 } 415 416 417 int change_mem_attributes(const xlat_ctx_t *ctx, 418 uintptr_t base_va, 419 size_t size, 420 uint32_t attr) 421 { 422 /* Note: This implementation isn't optimized. */ 423 424 assert(ctx != NULL); 425 assert(ctx->initialized != 0); 426 427 unsigned long long virt_addr_space_size = 428 (unsigned long long)ctx->va_max_address + 1U; 429 assert(virt_addr_space_size > 0U); 430 431 if (!IS_PAGE_ALIGNED(base_va)) { 432 WARN("%s: Address 0x%lx is not aligned on a page boundary.\n", 433 __func__, base_va); 434 return -EINVAL; 435 } 436 437 if (size == 0U) { 438 WARN("%s: Size is 0.\n", __func__); 439 return -EINVAL; 440 } 441 442 if ((size % PAGE_SIZE) != 0U) { 443 WARN("%s: Size 0x%zx is not a multiple of a page size.\n", 444 __func__, size); 445 return -EINVAL; 446 } 447 448 if (((attr & MT_EXECUTE_NEVER) == 0U) && ((attr & MT_RW) != 0U)) { 449 WARN("%s: Mapping memory as read-write and executable not allowed.\n", 450 __func__); 451 return -EINVAL; 452 } 453 454 size_t pages_count = size / PAGE_SIZE; 455 456 VERBOSE("Changing memory attributes of %zu pages starting from address 0x%lx...\n", 457 pages_count, base_va); 458 459 uintptr_t base_va_original = base_va; 460 461 /* 462 * Sanity checks. 463 */ 464 for (size_t i = 0U; i < pages_count; ++i) { 465 const uint64_t *entry; 466 uint64_t desc, attr_index; 467 unsigned int level; 468 469 entry = find_xlat_table_entry(base_va, 470 ctx->base_table, 471 ctx->base_table_entries, 472 virt_addr_space_size, 473 &level); 474 if (entry == NULL) { 475 WARN("Address 0x%lx is not mapped.\n", base_va); 476 return -EINVAL; 477 } 478 479 desc = *entry; 480 481 /* 482 * Check that all the required pages are mapped at page 483 * granularity. 484 */ 485 if (((desc & DESC_MASK) != PAGE_DESC) || 486 (level != XLAT_TABLE_LEVEL_MAX)) { 487 WARN("Address 0x%lx is not mapped at the right granularity.\n", 488 base_va); 489 WARN("Granularity is 0x%llx, should be 0x%x.\n", 490 (unsigned long long)XLAT_BLOCK_SIZE(level), PAGE_SIZE); 491 return -EINVAL; 492 } 493 494 /* 495 * If the region type is device, it shouldn't be executable. 496 */ 497 attr_index = (desc >> ATTR_INDEX_SHIFT) & ATTR_INDEX_MASK; 498 if (attr_index == ATTR_DEVICE_INDEX) { 499 if ((attr & MT_EXECUTE_NEVER) == 0U) { 500 WARN("Setting device memory as executable at address 0x%lx.", 501 base_va); 502 return -EINVAL; 503 } 504 } 505 506 base_va += PAGE_SIZE; 507 } 508 509 /* Restore original value. */ 510 base_va = base_va_original; 511 512 for (unsigned int i = 0U; i < pages_count; ++i) { 513 514 uint32_t old_attr = 0U, new_attr; 515 uint64_t *entry = NULL; 516 unsigned int level = 0U; 517 unsigned long long addr_pa = 0ULL; 518 519 (void) get_mem_attributes_internal(ctx, base_va, &old_attr, 520 &entry, &addr_pa, &level); 521 522 /* 523 * From attr, only MT_RO/MT_RW, MT_EXECUTE/MT_EXECUTE_NEVER and 524 * MT_USER/MT_PRIVILEGED are taken into account. Any other 525 * information is ignored. 526 */ 527 528 /* Clean the old attributes so that they can be rebuilt. */ 529 new_attr = old_attr & ~(MT_RW | MT_EXECUTE_NEVER | MT_USER); 530 531 /* 532 * Update attributes, but filter out the ones this function 533 * isn't allowed to change. 534 */ 535 new_attr |= attr & (MT_RW | MT_EXECUTE_NEVER | MT_USER); 536 537 /* 538 * The break-before-make sequence requires writing an invalid 539 * descriptor and making sure that the system sees the change 540 * before writing the new descriptor. 541 */ 542 *entry = INVALID_DESC; 543 544 /* Invalidate any cached copy of this mapping in the TLBs. */ 545 xlat_arch_tlbi_va(base_va, ctx->xlat_regime); 546 547 /* Ensure completion of the invalidation. */ 548 xlat_arch_tlbi_va_sync(); 549 550 /* Write new descriptor */ 551 *entry = xlat_desc(ctx, new_attr, addr_pa, level); 552 553 base_va += PAGE_SIZE; 554 } 555 556 /* Ensure that the last descriptor writen is seen by the system. */ 557 dsbish(); 558 559 return 0; 560 } 561