1 /* 2 * Copyright (c) 2023, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <errno.h> 9 #include <string.h> 10 #include "spmd_private.h" 11 12 #include <common/debug.h> 13 #include <lib/el3_runtime/context_mgmt.h> 14 #include <services/el3_spmd_logical_sp.h> 15 #include <services/spmc_svc.h> 16 17 18 #if ENABLE_SPMD_LP 19 static bool is_spmd_lp_inited; 20 static bool is_spmc_inited; 21 22 /* 23 * Helper function to obtain the array storing the EL3 24 * SPMD Logical Partition descriptors. 25 */ 26 static struct spmd_lp_desc *get_spmd_el3_lp_array(void) 27 { 28 return (struct spmd_lp_desc *) SPMD_LP_DESCS_START; 29 } 30 31 /******************************************************************************* 32 * Validate any logical partition descriptors before we initialize. 33 * Initialization of said partitions will be taken care of during SPMD boot. 34 ******************************************************************************/ 35 static int el3_spmd_sp_desc_validate(struct spmd_lp_desc *lp_array) 36 { 37 /* Check the array bounds are valid. */ 38 assert(SPMD_LP_DESCS_END > SPMD_LP_DESCS_START); 39 40 /* 41 * No support for SPMD logical partitions when SPMC is at EL3. 42 */ 43 assert(!is_spmc_at_el3()); 44 45 /* If no SPMD logical partitions are implemented then simply bail out. */ 46 if (SPMD_LP_DESCS_COUNT == 0U) { 47 return -1; 48 } 49 50 for (uint32_t index = 0U; index < SPMD_LP_DESCS_COUNT; index++) { 51 struct spmd_lp_desc *lp_desc = &lp_array[index]; 52 53 /* Validate our logical partition descriptors. */ 54 if (lp_desc == NULL) { 55 ERROR("Invalid SPMD Logical SP Descriptor\n"); 56 return -EINVAL; 57 } 58 59 /* 60 * Ensure the ID follows the convention to indicate it resides 61 * in the secure world. 62 */ 63 if (!ffa_is_secure_world_id(lp_desc->sp_id)) { 64 ERROR("Invalid SPMD Logical SP ID (0x%x)\n", 65 lp_desc->sp_id); 66 return -EINVAL; 67 } 68 69 /* Ensure SPMD logical partition is in valid range. */ 70 if (!is_spmd_lp_id(lp_desc->sp_id)) { 71 ERROR("Invalid SPMD Logical Partition ID (0x%x)\n", 72 lp_desc->sp_id); 73 return -EINVAL; 74 } 75 76 /* Ensure the UUID is not the NULL UUID. */ 77 if (lp_desc->uuid[0] == 0 && lp_desc->uuid[1] == 0 && 78 lp_desc->uuid[2] == 0 && lp_desc->uuid[3] == 0) { 79 ERROR("Invalid UUID for SPMD Logical SP (0x%x)\n", 80 lp_desc->sp_id); 81 return -EINVAL; 82 } 83 84 /* Ensure init function callback is registered. */ 85 if (lp_desc->init == NULL) { 86 ERROR("Missing init function for Logical SP(0x%x)\n", 87 lp_desc->sp_id); 88 return -EINVAL; 89 } 90 91 /* Ensure that SPMD LP only supports sending direct requests. */ 92 if (lp_desc->properties != FFA_PARTITION_DIRECT_REQ_SEND) { 93 ERROR("Invalid SPMD logical partition properties (0x%x)\n", 94 lp_desc->properties); 95 return -EINVAL; 96 } 97 98 /* Ensure that all partition IDs are unique. */ 99 for (uint32_t inner_idx = index + 1; 100 inner_idx < SPMD_LP_DESCS_COUNT; inner_idx++) { 101 if (lp_desc->sp_id == lp_array[inner_idx].sp_id) { 102 ERROR("Duplicate SPMD logical SP ID Detected (0x%x)\n", 103 lp_desc->sp_id); 104 return -EINVAL; 105 } 106 } 107 } 108 return 0; 109 } 110 111 static void spmd_encode_ffa_error(struct ffa_value *retval, int32_t error_code) 112 { 113 retval->func = FFA_ERROR; 114 retval->arg1 = FFA_TARGET_INFO_MBZ; 115 retval->arg2 = (uint32_t)error_code; 116 retval->arg3 = FFA_TARGET_INFO_MBZ; 117 retval->arg4 = FFA_TARGET_INFO_MBZ; 118 retval->arg5 = FFA_TARGET_INFO_MBZ; 119 retval->arg6 = FFA_TARGET_INFO_MBZ; 120 retval->arg7 = FFA_TARGET_INFO_MBZ; 121 } 122 123 static void spmd_build_direct_message_req(spmd_spm_core_context_t *ctx, 124 uint64_t x1, uint64_t x2, 125 uint64_t x3, uint64_t x4) 126 { 127 gp_regs_t *gpregs = get_gpregs_ctx(&ctx->cpu_ctx); 128 129 write_ctx_reg(gpregs, CTX_GPREG_X0, FFA_MSG_SEND_DIRECT_REQ_SMC32); 130 write_ctx_reg(gpregs, CTX_GPREG_X1, x1); 131 write_ctx_reg(gpregs, CTX_GPREG_X2, x2); 132 write_ctx_reg(gpregs, CTX_GPREG_X3, x3); 133 write_ctx_reg(gpregs, CTX_GPREG_X4, x4); 134 write_ctx_reg(gpregs, CTX_GPREG_X5, 0U); 135 write_ctx_reg(gpregs, CTX_GPREG_X6, 0U); 136 write_ctx_reg(gpregs, CTX_GPREG_X7, 0U); 137 } 138 139 static void spmd_encode_ctx_to_ffa_value(spmd_spm_core_context_t *ctx, 140 struct ffa_value *retval) 141 { 142 gp_regs_t *gpregs = get_gpregs_ctx(&ctx->cpu_ctx); 143 144 retval->func = read_ctx_reg(gpregs, CTX_GPREG_X0); 145 retval->arg1 = read_ctx_reg(gpregs, CTX_GPREG_X1); 146 retval->arg2 = read_ctx_reg(gpregs, CTX_GPREG_X2); 147 retval->arg3 = read_ctx_reg(gpregs, CTX_GPREG_X3); 148 retval->arg4 = read_ctx_reg(gpregs, CTX_GPREG_X4); 149 retval->arg5 = read_ctx_reg(gpregs, CTX_GPREG_X5); 150 retval->arg6 = read_ctx_reg(gpregs, CTX_GPREG_X6); 151 retval->arg7 = read_ctx_reg(gpregs, CTX_GPREG_X7); 152 retval->arg8 = read_ctx_reg(gpregs, CTX_GPREG_X8); 153 retval->arg9 = read_ctx_reg(gpregs, CTX_GPREG_X9); 154 retval->arg10 = read_ctx_reg(gpregs, CTX_GPREG_X10); 155 retval->arg11 = read_ctx_reg(gpregs, CTX_GPREG_X11); 156 retval->arg12 = read_ctx_reg(gpregs, CTX_GPREG_X12); 157 retval->arg13 = read_ctx_reg(gpregs, CTX_GPREG_X13); 158 retval->arg14 = read_ctx_reg(gpregs, CTX_GPREG_X14); 159 retval->arg15 = read_ctx_reg(gpregs, CTX_GPREG_X15); 160 retval->arg16 = read_ctx_reg(gpregs, CTX_GPREG_X16); 161 retval->arg17 = read_ctx_reg(gpregs, CTX_GPREG_X17); 162 } 163 164 static void spmd_logical_sp_set_dir_req_ongoing(spmd_spm_core_context_t *ctx) 165 { 166 ctx->spmd_lp_sync_req_ongoing |= SPMD_LP_FFA_DIR_REQ_ONGOING; 167 } 168 169 static void spmd_logical_sp_reset_dir_req_ongoing(spmd_spm_core_context_t *ctx) 170 { 171 ctx->spmd_lp_sync_req_ongoing &= ~SPMD_LP_FFA_DIR_REQ_ONGOING; 172 } 173 174 static void spmd_build_ffa_info_get_regs(spmd_spm_core_context_t *ctx, 175 const uint32_t uuid[4], 176 const uint16_t start_index, 177 const uint16_t tag) 178 { 179 gp_regs_t *gpregs = get_gpregs_ctx(&ctx->cpu_ctx); 180 181 uint64_t arg1 = (uint64_t)uuid[1] << 32 | uuid[0]; 182 uint64_t arg2 = (uint64_t)uuid[3] << 32 | uuid[2]; 183 uint64_t arg3 = start_index | (uint64_t)tag << 16; 184 185 write_ctx_reg(gpregs, CTX_GPREG_X0, FFA_PARTITION_INFO_GET_REGS_SMC64); 186 write_ctx_reg(gpregs, CTX_GPREG_X1, arg1); 187 write_ctx_reg(gpregs, CTX_GPREG_X2, arg2); 188 write_ctx_reg(gpregs, CTX_GPREG_X3, arg3); 189 write_ctx_reg(gpregs, CTX_GPREG_X4, 0U); 190 write_ctx_reg(gpregs, CTX_GPREG_X5, 0U); 191 write_ctx_reg(gpregs, CTX_GPREG_X6, 0U); 192 write_ctx_reg(gpregs, CTX_GPREG_X7, 0U); 193 write_ctx_reg(gpregs, CTX_GPREG_X8, 0U); 194 write_ctx_reg(gpregs, CTX_GPREG_X9, 0U); 195 write_ctx_reg(gpregs, CTX_GPREG_X10, 0U); 196 write_ctx_reg(gpregs, CTX_GPREG_X11, 0U); 197 write_ctx_reg(gpregs, CTX_GPREG_X12, 0U); 198 write_ctx_reg(gpregs, CTX_GPREG_X13, 0U); 199 write_ctx_reg(gpregs, CTX_GPREG_X14, 0U); 200 write_ctx_reg(gpregs, CTX_GPREG_X15, 0U); 201 write_ctx_reg(gpregs, CTX_GPREG_X16, 0U); 202 write_ctx_reg(gpregs, CTX_GPREG_X17, 0U); 203 } 204 205 static void spmd_logical_sp_set_info_regs_ongoing(spmd_spm_core_context_t *ctx) 206 { 207 ctx->spmd_lp_sync_req_ongoing |= SPMD_LP_FFA_INFO_GET_REG_ONGOING; 208 } 209 210 static void spmd_logical_sp_reset_info_regs_ongoing( 211 spmd_spm_core_context_t *ctx) 212 { 213 ctx->spmd_lp_sync_req_ongoing &= ~SPMD_LP_FFA_INFO_GET_REG_ONGOING; 214 } 215 #endif 216 217 /* 218 * Initialize SPMD logical partitions. This function assumes that it is called 219 * only after the SPMC has successfully initialized. 220 */ 221 int32_t spmd_logical_sp_init(void) 222 { 223 #if ENABLE_SPMD_LP 224 int32_t rc = 0; 225 struct spmd_lp_desc *spmd_lp_descs; 226 227 if (is_spmd_lp_inited == true) { 228 return 0; 229 } 230 231 if (is_spmc_inited == false) { 232 return -1; 233 } 234 235 spmd_lp_descs = get_spmd_el3_lp_array(); 236 237 /* Perform initial validation of the SPMD Logical Partitions. */ 238 rc = el3_spmd_sp_desc_validate(spmd_lp_descs); 239 if (rc != 0) { 240 ERROR("Logical SPMD Partition validation failed!\n"); 241 return rc; 242 } 243 244 VERBOSE("SPMD Logical Secure Partition init start.\n"); 245 for (unsigned int i = 0U; i < SPMD_LP_DESCS_COUNT; i++) { 246 rc = spmd_lp_descs[i].init(); 247 if (rc != 0) { 248 ERROR("SPMD Logical SP (0x%x) failed to initialize\n", 249 spmd_lp_descs[i].sp_id); 250 return rc; 251 } 252 VERBOSE("SPMD Logical SP (0x%x) Initialized\n", 253 spmd_lp_descs[i].sp_id); 254 } 255 256 INFO("SPMD Logical Secure Partition init completed.\n"); 257 if (rc == 0) { 258 is_spmd_lp_inited = true; 259 } 260 return rc; 261 #else 262 return 0; 263 #endif 264 } 265 266 void spmd_logical_sp_set_spmc_initialized(void) 267 { 268 #if ENABLE_SPMD_LP 269 is_spmc_inited = true; 270 #endif 271 } 272 273 void spmd_logical_sp_set_spmc_failure(void) 274 { 275 #if ENABLE_SPMD_LP 276 is_spmc_inited = false; 277 #endif 278 } 279 280 /* 281 * This function takes an ffa_value structure populated with partition 282 * information from an FFA_PARTITION_INFO_GET_REGS ABI call, extracts 283 * the values and writes it into a ffa_partition_info_v1_1 structure for 284 * other code to consume. 285 */ 286 bool ffa_partition_info_regs_get_part_info( 287 struct ffa_value args, uint8_t idx, 288 struct ffa_partition_info_v1_1 *partition_info) 289 { 290 uint64_t *arg_ptrs; 291 uint64_t info, uuid_lo, uuid_high; 292 293 /* 294 * Each partition information is encoded in 3 registers, so there can be 295 * a maximum of 5 entries. 296 */ 297 if (idx >= 5 || partition_info == NULL) { 298 return false; 299 } 300 301 /* List of pointers to args in return value. */ 302 arg_ptrs = (uint64_t *)&args + ((idx * 3) + 3); 303 info = *arg_ptrs; 304 305 arg_ptrs++; 306 uuid_lo = *arg_ptrs; 307 308 arg_ptrs++; 309 uuid_high = *arg_ptrs; 310 311 partition_info->ep_id = (uint16_t)(info & 0xFFFFU); 312 partition_info->execution_ctx_count = (uint16_t)((info >> 16) & 0xFFFFU); 313 partition_info->properties = (uint32_t)(info >> 32); 314 partition_info->uuid[0] = (uint32_t)(uuid_lo & 0xFFFFFFFFU); 315 partition_info->uuid[1] = (uint32_t)((uuid_lo >> 32) & 0xFFFFFFFFU); 316 partition_info->uuid[2] = (uint32_t)(uuid_high & 0xFFFFFFFFU); 317 partition_info->uuid[3] = (uint32_t)((uuid_high >> 32) & 0xFFFFFFFFU); 318 319 return true; 320 } 321 322 /* 323 * This function can be used by an SPMD logical partition to invoke the 324 * FFA_PARTITION_INFO_GET_REGS ABI to the SPMC, to discover the secure 325 * partitions in the system. The function takes a UUID, start index and 326 * tag and the partition information are returned in an ffa_value structure 327 * and can be consumed by using appropriate helper functions. 328 */ 329 bool spmd_el3_invoke_partition_info_get( 330 const uint32_t target_uuid[4], 331 const uint16_t start_index, 332 const uint16_t tag, 333 struct ffa_value *retval) 334 { 335 #if ENABLE_SPMD_LP 336 uint64_t rc = UINT64_MAX; 337 spmd_spm_core_context_t *ctx = spmd_get_context(); 338 339 if (retval == NULL) { 340 return false; 341 } 342 343 memset(retval, 0, sizeof(*retval)); 344 345 if (!is_spmc_inited) { 346 VERBOSE("Cannot discover partition before," 347 " SPMC is initialized.\n"); 348 spmd_encode_ffa_error(retval, FFA_ERROR_DENIED); 349 return true; 350 } 351 352 if (tag != 0) { 353 VERBOSE("Tag must be zero. other tags unsupported\n"); 354 spmd_encode_ffa_error(retval, 355 FFA_ERROR_INVALID_PARAMETER); 356 return true; 357 } 358 359 /* Save the non-secure context before entering SPMC */ 360 cm_el1_sysregs_context_save(NON_SECURE); 361 #if SPMD_SPM_AT_SEL2 362 cm_el2_sysregs_context_save(NON_SECURE); 363 #endif 364 365 spmd_build_ffa_info_get_regs(ctx, target_uuid, start_index, tag); 366 spmd_logical_sp_set_info_regs_ongoing(ctx); 367 368 rc = spmd_spm_core_sync_entry(ctx); 369 if (rc != 0ULL) { 370 ERROR("%s failed (%lx) on CPU%u\n", __func__, rc, 371 plat_my_core_pos()); 372 panic(); 373 } 374 375 spmd_logical_sp_reset_info_regs_ongoing(ctx); 376 spmd_encode_ctx_to_ffa_value(ctx, retval); 377 378 assert(is_ffa_error(retval) || is_ffa_success(retval)); 379 380 cm_el1_sysregs_context_restore(NON_SECURE); 381 #if SPMD_SPM_AT_SEL2 382 cm_el2_sysregs_context_restore(NON_SECURE); 383 #endif 384 cm_set_next_eret_context(NON_SECURE); 385 return true; 386 #else 387 return false; 388 #endif 389 } 390 391 /******************************************************************************* 392 * This function sends an FF-A Direct Request from a partition in EL3 to a 393 * partition that may reside under an SPMC (only lower ELs supported). The main 394 * use of this API is for SPMD logical partitions. 395 * The API is expected to be used when there are platform specific SMCs that 396 * need to be routed to a secure partition that is FF-A compliant or when 397 * there are group 0 interrupts that need to be handled first in EL3 and then 398 * forwarded to an FF-A compliant secure partition. Therefore, it is expected 399 * that the handle to the context provided belongs to the non-secure context. 400 * This also means that interrupts/SMCs that trap to EL3 during secure execution 401 * cannot use this API. 402 * x1, x2, x3 and x4 are encoded as specified in the FF-A specification. 403 * retval is used to pass the direct response values to the caller. 404 * The function returns true if retval has valid values, and false otherwise. 405 ******************************************************************************/ 406 bool spmd_el3_ffa_msg_direct_req(uint64_t x1, 407 uint64_t x2, 408 uint64_t x3, 409 uint64_t x4, 410 void *handle, 411 struct ffa_value *retval) 412 { 413 #if ENABLE_SPMD_LP 414 415 uint64_t rc = UINT64_MAX; 416 spmd_spm_core_context_t *ctx = spmd_get_context(); 417 418 if (retval == NULL) { 419 return false; 420 } 421 422 memset(retval, 0, sizeof(*retval)); 423 424 if (!is_spmd_lp_inited || !is_spmc_inited) { 425 VERBOSE("Cannot send SPMD logical partition direct message," 426 " Partitions not initialized or SPMC not initialized.\n"); 427 spmd_encode_ffa_error(retval, FFA_ERROR_DENIED); 428 return true; 429 } 430 431 /* 432 * x2 must be zero, since there is no support for framework message via 433 * an SPMD logical partition. This is sort of a useless check and it is 434 * possible to not take parameter. However, as the framework extends it 435 * may be useful to have x2 and extend this function later with 436 * functionality based on x2. 437 */ 438 if (x2 != 0) { 439 VERBOSE("x2 must be zero. Cannot send framework message.\n"); 440 spmd_encode_ffa_error(retval, FFA_ERROR_DENIED); 441 return true; 442 } 443 444 /* 445 * Current context must be non-secure. API is expected to be used 446 * when entry into EL3 and the SPMD logical partition is via an 447 * interrupt that occurs when execution is in normal world and 448 * SMCs from normal world. FF-A compliant SPMCs are expected to 449 * trap interrupts during secure execution in lower ELs since they 450 * are usually not re-entrant and SMCs from secure world can be 451 * handled synchronously. There is no known use case for an SPMD 452 * logical partition to send a direct message to another partition 453 * in response to a secure interrupt or SMCs from secure world. 454 */ 455 if (handle != cm_get_context(NON_SECURE)) { 456 VERBOSE("Handle must be for the non-secure context.\n"); 457 spmd_encode_ffa_error(retval, FFA_ERROR_DENIED); 458 return true; 459 } 460 461 if (!is_spmd_lp_id(ffa_endpoint_source(x1))) { 462 VERBOSE("Source ID must be valid SPMD logical partition" 463 " ID.\n"); 464 spmd_encode_ffa_error(retval, 465 FFA_ERROR_INVALID_PARAMETER); 466 return true; 467 } 468 469 if (is_spmd_lp_id(ffa_endpoint_destination(x1))) { 470 VERBOSE("Destination ID must not be SPMD logical partition" 471 " ID.\n"); 472 spmd_encode_ffa_error(retval, 473 FFA_ERROR_INVALID_PARAMETER); 474 return true; 475 } 476 477 if (!ffa_is_secure_world_id(ffa_endpoint_destination(x1))) { 478 VERBOSE("Destination ID must be secure world ID.\n"); 479 spmd_encode_ffa_error(retval, 480 FFA_ERROR_INVALID_PARAMETER); 481 return true; 482 } 483 484 if (ffa_endpoint_destination(x1) == SPMD_DIRECT_MSG_ENDPOINT_ID) { 485 VERBOSE("Destination ID must not be SPMD ID.\n"); 486 spmd_encode_ffa_error(retval, 487 FFA_ERROR_INVALID_PARAMETER); 488 return true; 489 } 490 491 if (ffa_endpoint_destination(x1) == spmd_spmc_id_get()) { 492 VERBOSE("Destination ID must not be SPMC ID.\n"); 493 spmd_encode_ffa_error(retval, 494 FFA_ERROR_INVALID_PARAMETER); 495 return true; 496 } 497 498 /* Save the non-secure context before entering SPMC */ 499 cm_el1_sysregs_context_save(NON_SECURE); 500 #if SPMD_SPM_AT_SEL2 501 cm_el2_sysregs_context_save(NON_SECURE); 502 #endif 503 504 /* 505 * Perform synchronous entry into the SPMC. Synchronous entry is 506 * required because the spec requires that a direct message request 507 * from an SPMD LP look like a function call from it's perspective. 508 */ 509 spmd_build_direct_message_req(ctx, x1, x2, x3, x4); 510 spmd_logical_sp_set_dir_req_ongoing(ctx); 511 512 rc = spmd_spm_core_sync_entry(ctx); 513 514 spmd_logical_sp_reset_dir_req_ongoing(ctx); 515 516 if (rc != 0ULL) { 517 ERROR("%s failed (%lx) on CPU%u\n", __func__, rc, 518 plat_my_core_pos()); 519 panic(); 520 } else { 521 spmd_encode_ctx_to_ffa_value(ctx, retval); 522 523 /* 524 * Only expect error or direct response, 525 * spmd_spm_core_sync_exit should not be called on other paths. 526 * Checks are asserts since the LSP can fail gracefully if the 527 * source or destination ids are not the same. Panic'ing would 528 * not provide any benefit. 529 */ 530 assert(is_ffa_error(retval) || is_ffa_direct_msg_resp(retval)); 531 assert(is_ffa_error(retval) || 532 (ffa_endpoint_destination(retval->arg1) == 533 ffa_endpoint_source(x1))); 534 assert(is_ffa_error(retval) || 535 (ffa_endpoint_source(retval->arg1) == 536 ffa_endpoint_destination(x1))); 537 } 538 539 cm_el1_sysregs_context_restore(NON_SECURE); 540 #if SPMD_SPM_AT_SEL2 541 cm_el2_sysregs_context_restore(NON_SECURE); 542 #endif 543 cm_set_next_eret_context(NON_SECURE); 544 545 return true; 546 #else 547 return false; 548 #endif 549 } 550 551 bool is_spmd_logical_sp_info_regs_req_in_progress( 552 spmd_spm_core_context_t *ctx) 553 { 554 #if ENABLE_SPMD_LP 555 return ((ctx->spmd_lp_sync_req_ongoing & SPMD_LP_FFA_INFO_GET_REG_ONGOING) 556 == SPMD_LP_FFA_INFO_GET_REG_ONGOING); 557 #else 558 return false; 559 #endif 560 } 561 562 bool is_spmd_logical_sp_dir_req_in_progress( 563 spmd_spm_core_context_t *ctx) 564 { 565 #if ENABLE_SPMD_LP 566 return ((ctx->spmd_lp_sync_req_ongoing & SPMD_LP_FFA_DIR_REQ_ONGOING) 567 == SPMD_LP_FFA_DIR_REQ_ONGOING); 568 #else 569 return false; 570 #endif 571 } 572