1 /* 2 * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <arch_helpers.h> 8 #include <assert.h> 9 #include <debug.h> 10 #include <errno.h> 11 #include <platform_def.h> 12 #include <types.h> 13 #include <utils_def.h> 14 #include <xlat_tables_arch_private.h> 15 #include <xlat_tables_defs.h> 16 #include <xlat_tables_v2.h> 17 18 #include "xlat_tables_private.h" 19 20 #if LOG_LEVEL < LOG_LEVEL_VERBOSE 21 22 void xlat_mmap_print(__unused mmap_region_t *const mmap) 23 { 24 /* Empty */ 25 } 26 27 void xlat_tables_print(__unused xlat_ctx_t *ctx) 28 { 29 /* Empty */ 30 } 31 32 #else /* if LOG_LEVEL >= LOG_LEVEL_VERBOSE */ 33 34 void xlat_mmap_print(mmap_region_t *const mmap) 35 { 36 tf_printf("mmap:\n"); 37 const mmap_region_t *mm = mmap; 38 39 while (mm->size != 0U) { 40 tf_printf(" VA:0x%lx PA:0x%llx size:0x%zx attr:0x%x " 41 "granularity:0x%zx\n", mm->base_va, mm->base_pa, 42 mm->size, mm->attr, mm->granularity); 43 ++mm; 44 }; 45 tf_printf("\n"); 46 } 47 48 /* Print the attributes of the specified block descriptor. */ 49 static void xlat_desc_print(const xlat_ctx_t *ctx, uint64_t desc) 50 { 51 int mem_type_index = ATTR_INDEX_GET(desc); 52 int xlat_regime = ctx->xlat_regime; 53 54 if (mem_type_index == ATTR_IWBWA_OWBWA_NTR_INDEX) { 55 tf_printf("MEM"); 56 } else if (mem_type_index == ATTR_NON_CACHEABLE_INDEX) { 57 tf_printf("NC"); 58 } else { 59 assert(mem_type_index == ATTR_DEVICE_INDEX); 60 tf_printf("DEV"); 61 } 62 63 if (xlat_regime == EL3_REGIME) { 64 /* For EL3 only check the AP[2] and XN bits. */ 65 tf_printf((desc & LOWER_ATTRS(AP_RO)) ? "-RO" : "-RW"); 66 tf_printf((desc & UPPER_ATTRS(XN)) ? "-XN" : "-EXEC"); 67 } else { 68 assert(xlat_regime == EL1_EL0_REGIME); 69 /* 70 * For EL0 and EL1: 71 * - In AArch64 PXN and UXN can be set independently but in 72 * AArch32 there is no UXN (XN affects both privilege levels). 73 * For consistency, we set them simultaneously in both cases. 74 * - RO and RW permissions must be the same in EL1 and EL0. If 75 * EL0 can access that memory region, so can EL1, with the 76 * same permissions. 77 */ 78 #if ENABLE_ASSERTIONS 79 uint64_t xn_mask = xlat_arch_regime_get_xn_desc(EL1_EL0_REGIME); 80 uint64_t xn_perm = desc & xn_mask; 81 82 assert((xn_perm == xn_mask) || (xn_perm == 0ULL)); 83 #endif 84 tf_printf((desc & LOWER_ATTRS(AP_RO)) ? "-RO" : "-RW"); 85 /* Only check one of PXN and UXN, the other one is the same. */ 86 tf_printf((desc & UPPER_ATTRS(PXN)) ? "-XN" : "-EXEC"); 87 /* 88 * Privileged regions can only be accessed from EL1, user 89 * regions can be accessed from EL1 and EL0. 90 */ 91 tf_printf((desc & LOWER_ATTRS(AP_ACCESS_UNPRIVILEGED)) 92 ? "-USER" : "-PRIV"); 93 } 94 95 tf_printf(LOWER_ATTRS(NS) & desc ? "-NS" : "-S"); 96 } 97 98 static const char * const level_spacers[] = { 99 "[LV0] ", 100 " [LV1] ", 101 " [LV2] ", 102 " [LV3] " 103 }; 104 105 static const char *invalid_descriptors_ommited = 106 "%s(%d invalid descriptors omitted)\n"; 107 108 /* 109 * Recursive function that reads the translation tables passed as an argument 110 * and prints their status. 111 */ 112 static void xlat_tables_print_internal(xlat_ctx_t *ctx, 113 const uintptr_t table_base_va, 114 uint64_t *const table_base, const int table_entries, 115 const unsigned int level) 116 { 117 assert(level <= XLAT_TABLE_LEVEL_MAX); 118 119 uint64_t desc; 120 uintptr_t table_idx_va = table_base_va; 121 int table_idx = 0; 122 123 size_t level_size = XLAT_BLOCK_SIZE(level); 124 125 /* 126 * Keep track of how many invalid descriptors are counted in a row. 127 * Whenever multiple invalid descriptors are found, only the first one 128 * is printed, and a line is added to inform about how many descriptors 129 * have been omitted. 130 */ 131 int invalid_row_count = 0; 132 133 while (table_idx < table_entries) { 134 135 desc = table_base[table_idx]; 136 137 if ((desc & DESC_MASK) == INVALID_DESC) { 138 139 if (invalid_row_count == 0) { 140 tf_printf("%sVA:%p size:0x%zx\n", 141 level_spacers[level], 142 (void *)table_idx_va, level_size); 143 } 144 invalid_row_count++; 145 146 } else { 147 148 if (invalid_row_count > 1) { 149 tf_printf(invalid_descriptors_ommited, 150 level_spacers[level], 151 invalid_row_count - 1); 152 } 153 invalid_row_count = 0; 154 155 /* 156 * Check if this is a table or a block. Tables are only 157 * allowed in levels other than 3, but DESC_PAGE has the 158 * same value as DESC_TABLE, so we need to check. 159 */ 160 if (((desc & DESC_MASK) == TABLE_DESC) && 161 (level < XLAT_TABLE_LEVEL_MAX)) { 162 /* 163 * Do not print any PA for a table descriptor, 164 * as it doesn't directly map physical memory 165 * but instead points to the next translation 166 * table in the translation table walk. 167 */ 168 tf_printf("%sVA:%p size:0x%zx\n", 169 level_spacers[level], 170 (void *)table_idx_va, level_size); 171 172 uintptr_t addr_inner = desc & TABLE_ADDR_MASK; 173 174 xlat_tables_print_internal(ctx, table_idx_va, 175 (uint64_t *)addr_inner, 176 XLAT_TABLE_ENTRIES, level + 1); 177 } else { 178 tf_printf("%sVA:%p PA:0x%llx size:0x%zx ", 179 level_spacers[level], 180 (void *)table_idx_va, 181 (unsigned long long)(desc & TABLE_ADDR_MASK), 182 level_size); 183 xlat_desc_print(ctx, desc); 184 tf_printf("\n"); 185 } 186 } 187 188 table_idx++; 189 table_idx_va += level_size; 190 } 191 192 if (invalid_row_count > 1) { 193 tf_printf(invalid_descriptors_ommited, 194 level_spacers[level], invalid_row_count - 1); 195 } 196 } 197 198 void xlat_tables_print(xlat_ctx_t *ctx) 199 { 200 const char *xlat_regime_str; 201 if (ctx->xlat_regime == EL1_EL0_REGIME) { 202 xlat_regime_str = "1&0"; 203 } else { 204 assert(ctx->xlat_regime == EL3_REGIME); 205 xlat_regime_str = "3"; 206 } 207 VERBOSE("Translation tables state:\n"); 208 VERBOSE(" Xlat regime: EL%s\n", xlat_regime_str); 209 VERBOSE(" Max allowed PA: 0x%llx\n", ctx->pa_max_address); 210 VERBOSE(" Max allowed VA: %p\n", (void *) ctx->va_max_address); 211 VERBOSE(" Max mapped PA: 0x%llx\n", ctx->max_pa); 212 VERBOSE(" Max mapped VA: %p\n", (void *) ctx->max_va); 213 214 VERBOSE(" Initial lookup level: %i\n", ctx->base_level); 215 VERBOSE(" Entries @initial lookup level: %i\n", 216 ctx->base_table_entries); 217 218 int used_page_tables; 219 #if PLAT_XLAT_TABLES_DYNAMIC 220 used_page_tables = 0; 221 for (unsigned int i = 0; i < ctx->tables_num; ++i) { 222 if (ctx->tables_mapped_regions[i] != 0) 223 ++used_page_tables; 224 } 225 #else 226 used_page_tables = ctx->next_table; 227 #endif 228 VERBOSE(" Used %i sub-tables out of %i (spare: %i)\n", 229 used_page_tables, ctx->tables_num, 230 ctx->tables_num - used_page_tables); 231 232 xlat_tables_print_internal(ctx, 0, ctx->base_table, 233 ctx->base_table_entries, ctx->base_level); 234 } 235 236 #endif /* LOG_LEVEL >= LOG_LEVEL_VERBOSE */ 237 238 /* 239 * Do a translation table walk to find the block or page descriptor that maps 240 * virtual_addr. 241 * 242 * On success, return the address of the descriptor within the translation 243 * table. Its lookup level is stored in '*out_level'. 244 * On error, return NULL. 245 * 246 * xlat_table_base 247 * Base address for the initial lookup level. 248 * xlat_table_base_entries 249 * Number of entries in the translation table for the initial lookup level. 250 * virt_addr_space_size 251 * Size in bytes of the virtual address space. 252 */ 253 static uint64_t *find_xlat_table_entry(uintptr_t virtual_addr, 254 void *xlat_table_base, 255 int xlat_table_base_entries, 256 unsigned long long virt_addr_space_size, 257 int *out_level) 258 { 259 unsigned int start_level; 260 uint64_t *table; 261 int entries; 262 263 VERBOSE("%s(%p)\n", __func__, (void *)virtual_addr); 264 265 start_level = GET_XLAT_TABLE_LEVEL_BASE(virt_addr_space_size); 266 VERBOSE("Starting translation table walk from level %i\n", start_level); 267 268 table = xlat_table_base; 269 entries = xlat_table_base_entries; 270 271 for (unsigned int level = start_level; 272 level <= XLAT_TABLE_LEVEL_MAX; 273 ++level) { 274 int idx; 275 uint64_t desc; 276 uint64_t desc_type; 277 278 VERBOSE("Table address: %p\n", (void *)table); 279 280 idx = XLAT_TABLE_IDX(virtual_addr, level); 281 VERBOSE("Index into level %i table: %i\n", level, idx); 282 if (idx >= entries) { 283 VERBOSE("Invalid address\n"); 284 return NULL; 285 } 286 287 desc = table[idx]; 288 desc_type = desc & DESC_MASK; 289 VERBOSE("Descriptor at level %i: 0x%llx\n", level, 290 (unsigned long long)desc); 291 292 if (desc_type == INVALID_DESC) { 293 VERBOSE("Invalid entry (memory not mapped)\n"); 294 return NULL; 295 } 296 297 if (level == XLAT_TABLE_LEVEL_MAX) { 298 /* 299 * There can't be table entries at the final lookup 300 * level. 301 */ 302 assert(desc_type == PAGE_DESC); 303 VERBOSE("Descriptor mapping a memory page (size: 0x%llx)\n", 304 (unsigned long long)XLAT_BLOCK_SIZE(XLAT_TABLE_LEVEL_MAX)); 305 *out_level = level; 306 return &table[idx]; 307 } 308 309 if (desc_type == BLOCK_DESC) { 310 VERBOSE("Descriptor mapping a memory block (size: 0x%llx)\n", 311 (unsigned long long)XLAT_BLOCK_SIZE(level)); 312 *out_level = level; 313 return &table[idx]; 314 } 315 316 assert(desc_type == TABLE_DESC); 317 VERBOSE("Table descriptor, continuing xlat table walk...\n"); 318 table = (uint64_t *)(uintptr_t)(desc & TABLE_ADDR_MASK); 319 entries = XLAT_TABLE_ENTRIES; 320 } 321 322 /* 323 * This shouldn't be reached, the translation table walk should end at 324 * most at level XLAT_TABLE_LEVEL_MAX and return from inside the loop. 325 */ 326 assert(0); 327 328 return NULL; 329 } 330 331 332 static int get_mem_attributes_internal(const xlat_ctx_t *ctx, uintptr_t base_va, 333 uint32_t *attributes, uint64_t **table_entry, 334 unsigned long long *addr_pa, int *table_level) 335 { 336 uint64_t *entry; 337 uint64_t desc; 338 int level; 339 unsigned long long virt_addr_space_size; 340 341 /* 342 * Sanity-check arguments. 343 */ 344 assert(ctx != NULL); 345 assert(ctx->initialized); 346 assert(ctx->xlat_regime == EL1_EL0_REGIME || ctx->xlat_regime == EL3_REGIME); 347 348 virt_addr_space_size = (unsigned long long)ctx->va_max_address + 1; 349 assert(virt_addr_space_size > 0); 350 351 entry = find_xlat_table_entry(base_va, 352 ctx->base_table, 353 ctx->base_table_entries, 354 virt_addr_space_size, 355 &level); 356 if (entry == NULL) { 357 WARN("Address %p is not mapped.\n", (void *)base_va); 358 return -EINVAL; 359 } 360 361 if (addr_pa != NULL) { 362 *addr_pa = *entry & TABLE_ADDR_MASK; 363 } 364 365 if (table_entry != NULL) { 366 *table_entry = entry; 367 } 368 369 if (table_level != NULL) { 370 *table_level = level; 371 } 372 373 desc = *entry; 374 375 #if LOG_LEVEL >= LOG_LEVEL_VERBOSE 376 VERBOSE("Attributes: "); 377 xlat_desc_print(ctx, desc); 378 tf_printf("\n"); 379 #endif /* LOG_LEVEL >= LOG_LEVEL_VERBOSE */ 380 381 assert(attributes != NULL); 382 *attributes = 0; 383 384 int attr_index = (desc >> ATTR_INDEX_SHIFT) & ATTR_INDEX_MASK; 385 386 if (attr_index == ATTR_IWBWA_OWBWA_NTR_INDEX) { 387 *attributes |= MT_MEMORY; 388 } else if (attr_index == ATTR_NON_CACHEABLE_INDEX) { 389 *attributes |= MT_NON_CACHEABLE; 390 } else { 391 assert(attr_index == ATTR_DEVICE_INDEX); 392 *attributes |= MT_DEVICE; 393 } 394 395 int ap2_bit = (desc >> AP2_SHIFT) & 1; 396 397 if (ap2_bit == AP2_RW) 398 *attributes |= MT_RW; 399 400 if (ctx->xlat_regime == EL1_EL0_REGIME) { 401 int ap1_bit = (desc >> AP1_SHIFT) & 1; 402 if (ap1_bit == AP1_ACCESS_UNPRIVILEGED) 403 *attributes |= MT_USER; 404 } 405 406 int ns_bit = (desc >> NS_SHIFT) & 1; 407 408 if (ns_bit == 1) 409 *attributes |= MT_NS; 410 411 uint64_t xn_mask = xlat_arch_regime_get_xn_desc(ctx->xlat_regime); 412 413 if ((desc & xn_mask) == xn_mask) { 414 *attributes |= MT_EXECUTE_NEVER; 415 } else { 416 assert((desc & xn_mask) == 0); 417 } 418 419 return 0; 420 } 421 422 423 int get_mem_attributes(const xlat_ctx_t *ctx, uintptr_t base_va, 424 uint32_t *attributes) 425 { 426 return get_mem_attributes_internal(ctx, base_va, attributes, 427 NULL, NULL, NULL); 428 } 429 430 431 int change_mem_attributes(xlat_ctx_t *ctx, 432 uintptr_t base_va, 433 size_t size, 434 uint32_t attr) 435 { 436 /* Note: This implementation isn't optimized. */ 437 438 assert(ctx != NULL); 439 assert(ctx->initialized); 440 441 unsigned long long virt_addr_space_size = 442 (unsigned long long)ctx->va_max_address + 1; 443 assert(virt_addr_space_size > 0); 444 445 if (!IS_PAGE_ALIGNED(base_va)) { 446 WARN("%s: Address %p is not aligned on a page boundary.\n", 447 __func__, (void *)base_va); 448 return -EINVAL; 449 } 450 451 if (size == 0) { 452 WARN("%s: Size is 0.\n", __func__); 453 return -EINVAL; 454 } 455 456 if ((size % PAGE_SIZE) != 0) { 457 WARN("%s: Size 0x%zx is not a multiple of a page size.\n", 458 __func__, size); 459 return -EINVAL; 460 } 461 462 if (((attr & MT_EXECUTE_NEVER) == 0) && ((attr & MT_RW) != 0)) { 463 WARN("%s() doesn't allow to remap memory as read-write and executable.\n", 464 __func__); 465 return -EINVAL; 466 } 467 468 int pages_count = size / PAGE_SIZE; 469 470 VERBOSE("Changing memory attributes of %i pages starting from address %p...\n", 471 pages_count, (void *)base_va); 472 473 uintptr_t base_va_original = base_va; 474 475 /* 476 * Sanity checks. 477 */ 478 for (int i = 0; i < pages_count; ++i) { 479 uint64_t *entry; 480 uint64_t desc; 481 int level; 482 483 entry = find_xlat_table_entry(base_va, 484 ctx->base_table, 485 ctx->base_table_entries, 486 virt_addr_space_size, 487 &level); 488 if (entry == NULL) { 489 WARN("Address %p is not mapped.\n", (void *)base_va); 490 return -EINVAL; 491 } 492 493 desc = *entry; 494 495 /* 496 * Check that all the required pages are mapped at page 497 * granularity. 498 */ 499 if (((desc & DESC_MASK) != PAGE_DESC) || 500 (level != XLAT_TABLE_LEVEL_MAX)) { 501 WARN("Address %p is not mapped at the right granularity.\n", 502 (void *)base_va); 503 WARN("Granularity is 0x%llx, should be 0x%x.\n", 504 (unsigned long long)XLAT_BLOCK_SIZE(level), PAGE_SIZE); 505 return -EINVAL; 506 } 507 508 /* 509 * If the region type is device, it shouldn't be executable. 510 */ 511 int attr_index = (desc >> ATTR_INDEX_SHIFT) & ATTR_INDEX_MASK; 512 if (attr_index == ATTR_DEVICE_INDEX) { 513 if ((attr & MT_EXECUTE_NEVER) == 0) { 514 WARN("Setting device memory as executable at address %p.", 515 (void *)base_va); 516 return -EINVAL; 517 } 518 } 519 520 base_va += PAGE_SIZE; 521 } 522 523 /* Restore original value. */ 524 base_va = base_va_original; 525 526 VERBOSE("%s: All pages are mapped, now changing their attributes...\n", 527 __func__); 528 529 for (int i = 0; i < pages_count; ++i) { 530 531 uint32_t old_attr, new_attr; 532 uint64_t *entry; 533 int level; 534 unsigned long long addr_pa; 535 536 get_mem_attributes_internal(ctx, base_va, &old_attr, 537 &entry, &addr_pa, &level); 538 539 VERBOSE("Old attributes: 0x%x\n", old_attr); 540 541 /* 542 * From attr, only MT_RO/MT_RW, MT_EXECUTE/MT_EXECUTE_NEVER and 543 * MT_USER/MT_PRIVILEGED are taken into account. Any other 544 * information is ignored. 545 */ 546 547 /* Clean the old attributes so that they can be rebuilt. */ 548 new_attr = old_attr & ~(MT_RW|MT_EXECUTE_NEVER|MT_USER); 549 550 /* 551 * Update attributes, but filter out the ones this function 552 * isn't allowed to change. 553 */ 554 new_attr |= attr & (MT_RW|MT_EXECUTE_NEVER|MT_USER); 555 556 VERBOSE("New attributes: 0x%x\n", new_attr); 557 558 /* 559 * The break-before-make sequence requires writing an invalid 560 * descriptor and making sure that the system sees the change 561 * before writing the new descriptor. 562 */ 563 *entry = INVALID_DESC; 564 565 /* Invalidate any cached copy of this mapping in the TLBs. */ 566 xlat_arch_tlbi_va_regime(base_va, ctx->xlat_regime); 567 568 /* Ensure completion of the invalidation. */ 569 xlat_arch_tlbi_va_sync(); 570 571 /* Write new descriptor */ 572 *entry = xlat_desc(ctx, new_attr, addr_pa, level); 573 574 base_va += PAGE_SIZE; 575 } 576 577 /* Ensure that the last descriptor writen is seen by the system. */ 578 dsbish(); 579 580 return 0; 581 } 582