1 /* 2 * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <errno.h> 9 #include <inttypes.h> 10 #include <stdint.h> 11 #include <string.h> 12 13 #include <arch_helpers.h> 14 #include <arch/aarch64/arch_features.h> 15 #include <bl31/bl31.h> 16 #include <bl31/interrupt_mgmt.h> 17 #include <common/debug.h> 18 #include <common/runtime_svc.h> 19 #include <common/tbbr/tbbr_img_def.h> 20 #include <lib/el3_runtime/context_mgmt.h> 21 #include <lib/fconf/fconf.h> 22 #include <lib/fconf/fconf_dyn_cfg_getter.h> 23 #include <lib/smccc.h> 24 #include <lib/spinlock.h> 25 #include <lib/utils.h> 26 #include <lib/xlat_tables/xlat_tables_v2.h> 27 #include <plat/common/common_def.h> 28 #include <plat/common/platform.h> 29 #include <platform_def.h> 30 #include <services/ffa_svc.h> 31 #include <services/spmc_svc.h> 32 #include <services/spmd_svc.h> 33 #include <smccc_helpers.h> 34 #include "spmd_private.h" 35 36 /******************************************************************************* 37 * SPM Core context information. 38 ******************************************************************************/ 39 static spmd_spm_core_context_t spm_core_context[PLATFORM_CORE_COUNT]; 40 41 /******************************************************************************* 42 * SPM Core attribute information is read from its manifest if the SPMC is not 43 * at EL3. Else, it is populated from the SPMC directly. 44 ******************************************************************************/ 45 static spmc_manifest_attribute_t spmc_attrs; 46 47 /******************************************************************************* 48 * SPM Core entry point information. Discovered on the primary core and reused 49 * on secondary cores. 50 ******************************************************************************/ 51 static entry_point_info_t *spmc_ep_info; 52 53 /******************************************************************************* 54 * SPM Core context on CPU based on mpidr. 55 ******************************************************************************/ 56 spmd_spm_core_context_t *spmd_get_context_by_mpidr(uint64_t mpidr) 57 { 58 int core_idx = plat_core_pos_by_mpidr(mpidr); 59 60 if (core_idx < 0) { 61 ERROR("Invalid mpidr: %" PRIx64 ", returned ID: %d\n", mpidr, core_idx); 62 panic(); 63 } 64 65 return &spm_core_context[core_idx]; 66 } 67 68 /******************************************************************************* 69 * SPM Core context on current CPU get helper. 70 ******************************************************************************/ 71 spmd_spm_core_context_t *spmd_get_context(void) 72 { 73 return spmd_get_context_by_mpidr(read_mpidr()); 74 } 75 76 /******************************************************************************* 77 * SPM Core ID getter. 78 ******************************************************************************/ 79 uint16_t spmd_spmc_id_get(void) 80 { 81 return spmc_attrs.spmc_id; 82 } 83 84 /******************************************************************************* 85 * Static function declaration. 86 ******************************************************************************/ 87 static int32_t spmd_init(void); 88 static int spmd_spmc_init(void *pm_addr); 89 static uint64_t spmd_ffa_error_return(void *handle, 90 int error_code); 91 static uint64_t spmd_smc_forward(uint32_t smc_fid, 92 bool secure_origin, 93 uint64_t x1, 94 uint64_t x2, 95 uint64_t x3, 96 uint64_t x4, 97 void *cookie, 98 void *handle, 99 uint64_t flags); 100 101 /****************************************************************************** 102 * Builds an SPMD to SPMC direct message request. 103 *****************************************************************************/ 104 void spmd_build_spmc_message(gp_regs_t *gpregs, uint8_t target_func, 105 unsigned long long message) 106 { 107 write_ctx_reg(gpregs, CTX_GPREG_X0, FFA_MSG_SEND_DIRECT_REQ_SMC32); 108 write_ctx_reg(gpregs, CTX_GPREG_X1, 109 (SPMD_DIRECT_MSG_ENDPOINT_ID << FFA_DIRECT_MSG_SOURCE_SHIFT) | 110 spmd_spmc_id_get()); 111 write_ctx_reg(gpregs, CTX_GPREG_X2, BIT(31) | target_func); 112 write_ctx_reg(gpregs, CTX_GPREG_X3, message); 113 } 114 115 116 /******************************************************************************* 117 * This function takes an SPMC context pointer and performs a synchronous 118 * SPMC entry. 119 ******************************************************************************/ 120 uint64_t spmd_spm_core_sync_entry(spmd_spm_core_context_t *spmc_ctx) 121 { 122 uint64_t rc; 123 124 assert(spmc_ctx != NULL); 125 126 cm_set_context(&(spmc_ctx->cpu_ctx), SECURE); 127 128 /* Restore the context assigned above */ 129 #if SPMD_SPM_AT_SEL2 130 cm_el2_sysregs_context_restore(SECURE); 131 #else 132 cm_el1_sysregs_context_restore(SECURE); 133 #endif 134 cm_set_next_eret_context(SECURE); 135 136 /* Enter SPMC */ 137 rc = spmd_spm_core_enter(&spmc_ctx->c_rt_ctx); 138 139 /* Save secure state */ 140 #if SPMD_SPM_AT_SEL2 141 cm_el2_sysregs_context_save(SECURE); 142 #else 143 cm_el1_sysregs_context_save(SECURE); 144 #endif 145 146 return rc; 147 } 148 149 /******************************************************************************* 150 * This function returns to the place where spmd_spm_core_sync_entry() was 151 * called originally. 152 ******************************************************************************/ 153 __dead2 void spmd_spm_core_sync_exit(uint64_t rc) 154 { 155 spmd_spm_core_context_t *ctx = spmd_get_context(); 156 157 /* Get current CPU context from SPMC context */ 158 assert(cm_get_context(SECURE) == &(ctx->cpu_ctx)); 159 160 /* 161 * The SPMD must have initiated the original request through a 162 * synchronous entry into SPMC. Jump back to the original C runtime 163 * context with the value of rc in x0; 164 */ 165 spmd_spm_core_exit(ctx->c_rt_ctx, rc); 166 167 panic(); 168 } 169 170 /******************************************************************************* 171 * Jump to the SPM Core for the first time. 172 ******************************************************************************/ 173 static int32_t spmd_init(void) 174 { 175 spmd_spm_core_context_t *ctx = spmd_get_context(); 176 uint64_t rc; 177 178 VERBOSE("SPM Core init start.\n"); 179 180 /* Primary boot core enters the SPMC for initialization. */ 181 ctx->state = SPMC_STATE_ON_PENDING; 182 183 rc = spmd_spm_core_sync_entry(ctx); 184 if (rc != 0ULL) { 185 ERROR("SPMC initialisation failed 0x%" PRIx64 "\n", rc); 186 return 0; 187 } 188 189 ctx->state = SPMC_STATE_ON; 190 191 VERBOSE("SPM Core init end.\n"); 192 193 return 1; 194 } 195 196 /******************************************************************************* 197 * spmd_secure_interrupt_handler 198 * Enter the SPMC for further handling of the secure interrupt by the SPMC 199 * itself or a Secure Partition. 200 ******************************************************************************/ 201 static uint64_t spmd_secure_interrupt_handler(uint32_t id, 202 uint32_t flags, 203 void *handle, 204 void *cookie) 205 { 206 spmd_spm_core_context_t *ctx = spmd_get_context(); 207 gp_regs_t *gpregs = get_gpregs_ctx(&ctx->cpu_ctx); 208 unsigned int linear_id = plat_my_core_pos(); 209 int64_t rc; 210 211 /* Sanity check the security state when the exception was generated */ 212 assert(get_interrupt_src_ss(flags) == NON_SECURE); 213 214 /* Sanity check the pointer to this cpu's context */ 215 assert(handle == cm_get_context(NON_SECURE)); 216 217 /* Save the non-secure context before entering SPMC */ 218 cm_el1_sysregs_context_save(NON_SECURE); 219 #if SPMD_SPM_AT_SEL2 220 cm_el2_sysregs_context_save(NON_SECURE); 221 #endif 222 223 /* Convey the event to the SPMC through the FFA_INTERRUPT interface. */ 224 write_ctx_reg(gpregs, CTX_GPREG_X0, FFA_INTERRUPT); 225 write_ctx_reg(gpregs, CTX_GPREG_X1, 0); 226 write_ctx_reg(gpregs, CTX_GPREG_X2, 0); 227 write_ctx_reg(gpregs, CTX_GPREG_X3, 0); 228 write_ctx_reg(gpregs, CTX_GPREG_X4, 0); 229 write_ctx_reg(gpregs, CTX_GPREG_X5, 0); 230 write_ctx_reg(gpregs, CTX_GPREG_X6, 0); 231 write_ctx_reg(gpregs, CTX_GPREG_X7, 0); 232 233 /* Mark current core as handling a secure interrupt. */ 234 ctx->secure_interrupt_ongoing = true; 235 236 rc = spmd_spm_core_sync_entry(ctx); 237 if (rc != 0ULL) { 238 ERROR("%s failed (%" PRId64 ") on CPU%u\n", __func__, rc, linear_id); 239 } 240 241 ctx->secure_interrupt_ongoing = false; 242 243 cm_el1_sysregs_context_restore(NON_SECURE); 244 #if SPMD_SPM_AT_SEL2 245 cm_el2_sysregs_context_restore(NON_SECURE); 246 #endif 247 cm_set_next_eret_context(NON_SECURE); 248 249 SMC_RET0(&ctx->cpu_ctx); 250 } 251 252 /******************************************************************************* 253 * spmd_group0_interrupt_handler_nwd 254 * Group0 secure interrupt in the normal world are trapped to EL3. Delegate the 255 * handling of the interrupt to the platform handler, and return only upon 256 * successfully handling the Group0 interrupt. 257 ******************************************************************************/ 258 static uint64_t spmd_group0_interrupt_handler_nwd(uint32_t id, 259 uint32_t flags, 260 void *handle, 261 void *cookie) 262 { 263 uint32_t intid; 264 265 /* Sanity check the security state when the exception was generated. */ 266 assert(get_interrupt_src_ss(flags) == NON_SECURE); 267 268 /* Sanity check the pointer to this cpu's context. */ 269 assert(handle == cm_get_context(NON_SECURE)); 270 271 assert(id == INTR_ID_UNAVAILABLE); 272 273 assert(plat_ic_get_pending_interrupt_type() == INTR_TYPE_EL3); 274 275 intid = plat_ic_get_pending_interrupt_id(); 276 277 if (plat_spmd_handle_group0_interrupt(intid) < 0) { 278 ERROR("Group0 interrupt %u not handled\n", intid); 279 panic(); 280 } 281 282 return 0U; 283 } 284 285 #if ENABLE_RME && SPMD_SPM_AT_SEL2 && !RESET_TO_BL31 286 static int spmd_dynamic_map_mem(uintptr_t base_addr, size_t size, 287 unsigned int attr, uintptr_t *align_addr, 288 size_t *align_size) 289 { 290 uintptr_t base_addr_align; 291 size_t mapped_size_align; 292 int rc; 293 294 /* Page aligned address and size if necessary */ 295 base_addr_align = page_align(base_addr, DOWN); 296 mapped_size_align = page_align(size, UP); 297 298 if ((base_addr != base_addr_align) && 299 (size == mapped_size_align)) { 300 mapped_size_align += PAGE_SIZE; 301 } 302 303 /* 304 * Map dynamically given region with its aligned base address and 305 * size 306 */ 307 rc = mmap_add_dynamic_region((unsigned long long)base_addr_align, 308 base_addr_align, 309 mapped_size_align, 310 attr); 311 if (rc == 0) { 312 *align_addr = base_addr_align; 313 *align_size = mapped_size_align; 314 } 315 316 return rc; 317 } 318 319 static void spmd_do_sec_cpy(uintptr_t root_base_addr, uintptr_t sec_base_addr, 320 size_t size) 321 { 322 uintptr_t root_base_addr_align, sec_base_addr_align; 323 size_t root_mapped_size_align, sec_mapped_size_align; 324 int rc; 325 326 assert(root_base_addr != 0UL); 327 assert(sec_base_addr != 0UL); 328 assert(size != 0UL); 329 330 /* Map the memory with required attributes */ 331 rc = spmd_dynamic_map_mem(root_base_addr, size, MT_RO_DATA | MT_ROOT, 332 &root_base_addr_align, 333 &root_mapped_size_align); 334 if (rc != 0) { 335 ERROR("%s %s %lu (%d)\n", "Error while mapping", "root region", 336 root_base_addr, rc); 337 panic(); 338 } 339 340 rc = spmd_dynamic_map_mem(sec_base_addr, size, MT_RW_DATA | MT_SECURE, 341 &sec_base_addr_align, &sec_mapped_size_align); 342 if (rc != 0) { 343 ERROR("%s %s %lu (%d)\n", "Error while mapping", 344 "secure region", sec_base_addr, rc); 345 panic(); 346 } 347 348 /* Do copy operation */ 349 (void)memcpy((void *)sec_base_addr, (void *)root_base_addr, size); 350 351 /* Unmap root memory region */ 352 rc = mmap_remove_dynamic_region(root_base_addr_align, 353 root_mapped_size_align); 354 if (rc != 0) { 355 ERROR("%s %s %lu (%d)\n", "Error while unmapping", 356 "root region", root_base_addr_align, rc); 357 panic(); 358 } 359 360 /* Unmap secure memory region */ 361 rc = mmap_remove_dynamic_region(sec_base_addr_align, 362 sec_mapped_size_align); 363 if (rc != 0) { 364 ERROR("%s %s %lu (%d)\n", "Error while unmapping", 365 "secure region", sec_base_addr_align, rc); 366 panic(); 367 } 368 } 369 #endif /* ENABLE_RME && SPMD_SPM_AT_SEL2 && !RESET_TO_BL31 */ 370 371 /******************************************************************************* 372 * Loads SPMC manifest and inits SPMC. 373 ******************************************************************************/ 374 static int spmd_spmc_init(void *pm_addr) 375 { 376 cpu_context_t *cpu_ctx; 377 unsigned int core_id; 378 uint32_t ep_attr, flags; 379 int rc; 380 const struct dyn_cfg_dtb_info_t *image_info __unused; 381 382 /* Load the SPM Core manifest */ 383 rc = plat_spm_core_manifest_load(&spmc_attrs, pm_addr); 384 if (rc != 0) { 385 WARN("No or invalid SPM Core manifest image provided by BL2\n"); 386 return rc; 387 } 388 389 /* 390 * Ensure that the SPM Core version is compatible with the SPM 391 * Dispatcher version. 392 */ 393 if ((spmc_attrs.major_version != FFA_VERSION_MAJOR) || 394 (spmc_attrs.minor_version > FFA_VERSION_MINOR)) { 395 WARN("Unsupported FFA version (%u.%u)\n", 396 spmc_attrs.major_version, spmc_attrs.minor_version); 397 return -EINVAL; 398 } 399 400 VERBOSE("FFA version (%u.%u)\n", spmc_attrs.major_version, 401 spmc_attrs.minor_version); 402 403 VERBOSE("SPM Core run time EL%x.\n", 404 SPMD_SPM_AT_SEL2 ? MODE_EL2 : MODE_EL1); 405 406 /* Validate the SPMC ID, Ensure high bit is set */ 407 if (((spmc_attrs.spmc_id >> SPMC_SECURE_ID_SHIFT) & 408 SPMC_SECURE_ID_MASK) == 0U) { 409 WARN("Invalid ID (0x%x) for SPMC.\n", spmc_attrs.spmc_id); 410 return -EINVAL; 411 } 412 413 /* Validate the SPM Core execution state */ 414 if ((spmc_attrs.exec_state != MODE_RW_64) && 415 (spmc_attrs.exec_state != MODE_RW_32)) { 416 WARN("Unsupported %s%x.\n", "SPM Core execution state 0x", 417 spmc_attrs.exec_state); 418 return -EINVAL; 419 } 420 421 VERBOSE("%s%x.\n", "SPM Core execution state 0x", 422 spmc_attrs.exec_state); 423 424 #if SPMD_SPM_AT_SEL2 425 /* Ensure manifest has not requested AArch32 state in S-EL2 */ 426 if (spmc_attrs.exec_state == MODE_RW_32) { 427 WARN("AArch32 state at S-EL2 is not supported.\n"); 428 return -EINVAL; 429 } 430 431 /* 432 * Check if S-EL2 is supported on this system if S-EL2 433 * is required for SPM 434 */ 435 if (!is_feat_sel2_supported()) { 436 WARN("SPM Core run time S-EL2 is not supported.\n"); 437 return -EINVAL; 438 } 439 #endif /* SPMD_SPM_AT_SEL2 */ 440 441 /* Initialise an entrypoint to set up the CPU context */ 442 ep_attr = SECURE | EP_ST_ENABLE; 443 if ((read_sctlr_el3() & SCTLR_EE_BIT) != 0ULL) { 444 ep_attr |= EP_EE_BIG; 445 } 446 447 SET_PARAM_HEAD(spmc_ep_info, PARAM_EP, VERSION_1, ep_attr); 448 449 /* 450 * Populate SPSR for SPM Core based upon validated parameters from the 451 * manifest. 452 */ 453 if (spmc_attrs.exec_state == MODE_RW_32) { 454 spmc_ep_info->spsr = SPSR_MODE32(MODE32_svc, SPSR_T_ARM, 455 SPSR_E_LITTLE, 456 DAIF_FIQ_BIT | 457 DAIF_IRQ_BIT | 458 DAIF_ABT_BIT); 459 } else { 460 461 #if SPMD_SPM_AT_SEL2 462 static const uint32_t runtime_el = MODE_EL2; 463 #else 464 static const uint32_t runtime_el = MODE_EL1; 465 #endif 466 spmc_ep_info->spsr = SPSR_64(runtime_el, 467 MODE_SP_ELX, 468 DISABLE_ALL_EXCEPTIONS); 469 } 470 471 #if ENABLE_RME && SPMD_SPM_AT_SEL2 && !RESET_TO_BL31 472 image_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, TOS_FW_CONFIG_ID); 473 assert(image_info != NULL); 474 475 if ((image_info->config_addr == 0UL) || 476 (image_info->secondary_config_addr == 0UL) || 477 (image_info->config_max_size == 0UL)) { 478 return -EINVAL; 479 } 480 481 /* Copy manifest from root->secure region */ 482 spmd_do_sec_cpy(image_info->config_addr, 483 image_info->secondary_config_addr, 484 image_info->config_max_size); 485 486 /* Update ep info of BL32 */ 487 assert(spmc_ep_info != NULL); 488 spmc_ep_info->args.arg0 = image_info->secondary_config_addr; 489 #endif /* ENABLE_RME && SPMD_SPM_AT_SEL2 && !RESET_TO_BL31 */ 490 491 /* Set an initial SPMC context state for all cores. */ 492 for (core_id = 0U; core_id < PLATFORM_CORE_COUNT; core_id++) { 493 spm_core_context[core_id].state = SPMC_STATE_OFF; 494 495 /* Setup an initial cpu context for the SPMC. */ 496 cpu_ctx = &spm_core_context[core_id].cpu_ctx; 497 cm_setup_context(cpu_ctx, spmc_ep_info); 498 499 /* 500 * Pass the core linear ID to the SPMC through x4. 501 * (TF-A implementation defined behavior helping 502 * a legacy TOS migration to adopt FF-A). 503 */ 504 write_ctx_reg(get_gpregs_ctx(cpu_ctx), CTX_GPREG_X4, core_id); 505 } 506 507 /* Register power management hooks with PSCI */ 508 psci_register_spd_pm_hook(&spmd_pm); 509 510 /* Register init function for deferred init. */ 511 bl31_register_bl32_init(&spmd_init); 512 513 INFO("SPM Core setup done.\n"); 514 515 /* 516 * Register an interrupt handler routing secure interrupts to SPMD 517 * while the NWd is running. 518 */ 519 flags = 0; 520 set_interrupt_rm_flag(flags, NON_SECURE); 521 rc = register_interrupt_type_handler(INTR_TYPE_S_EL1, 522 spmd_secure_interrupt_handler, 523 flags); 524 if (rc != 0) { 525 panic(); 526 } 527 528 /* 529 * Register an interrupt handler routing Group0 interrupts to SPMD 530 * while the NWd is running. 531 */ 532 rc = register_interrupt_type_handler(INTR_TYPE_EL3, 533 spmd_group0_interrupt_handler_nwd, 534 flags); 535 if (rc != 0) { 536 panic(); 537 } 538 return 0; 539 } 540 541 /******************************************************************************* 542 * Initialize context of SPM Core. 543 ******************************************************************************/ 544 int spmd_setup(void) 545 { 546 int rc; 547 void *spmc_manifest; 548 549 /* 550 * If the SPMC is at EL3, then just initialise it directly. The 551 * shenanigans of when it is at a lower EL are not needed. 552 */ 553 if (is_spmc_at_el3()) { 554 /* Allow the SPMC to populate its attributes directly. */ 555 spmc_populate_attrs(&spmc_attrs); 556 557 rc = spmc_setup(); 558 if (rc != 0) { 559 WARN("SPMC initialisation failed 0x%x.\n", rc); 560 } 561 return 0; 562 } 563 564 spmc_ep_info = bl31_plat_get_next_image_ep_info(SECURE); 565 if (spmc_ep_info == NULL) { 566 WARN("No SPM Core image provided by BL2 boot loader.\n"); 567 return 0; 568 } 569 570 /* Under no circumstances will this parameter be 0 */ 571 assert(spmc_ep_info->pc != 0ULL); 572 573 /* 574 * Check if BL32 ep_info has a reference to 'tos_fw_config'. This will 575 * be used as a manifest for the SPM Core at the next lower EL/mode. 576 */ 577 spmc_manifest = (void *)spmc_ep_info->args.arg0; 578 if (spmc_manifest == NULL) { 579 WARN("Invalid or absent SPM Core manifest.\n"); 580 return 0; 581 } 582 583 /* Load manifest, init SPMC */ 584 rc = spmd_spmc_init(spmc_manifest); 585 if (rc != 0) { 586 WARN("Booting device without SPM initialization.\n"); 587 } 588 589 return 0; 590 } 591 592 /******************************************************************************* 593 * Forward FF-A SMCs to the other security state. 594 ******************************************************************************/ 595 uint64_t spmd_smc_switch_state(uint32_t smc_fid, 596 bool secure_origin, 597 uint64_t x1, 598 uint64_t x2, 599 uint64_t x3, 600 uint64_t x4, 601 void *handle) 602 { 603 unsigned int secure_state_in = (secure_origin) ? SECURE : NON_SECURE; 604 unsigned int secure_state_out = (!secure_origin) ? SECURE : NON_SECURE; 605 606 /* Save incoming security state */ 607 #if SPMD_SPM_AT_SEL2 608 if (secure_state_in == NON_SECURE) { 609 cm_el1_sysregs_context_save(secure_state_in); 610 } 611 cm_el2_sysregs_context_save(secure_state_in); 612 #else 613 cm_el1_sysregs_context_save(secure_state_in); 614 #endif 615 616 /* Restore outgoing security state */ 617 #if SPMD_SPM_AT_SEL2 618 if (secure_state_out == NON_SECURE) { 619 cm_el1_sysregs_context_restore(secure_state_out); 620 } 621 cm_el2_sysregs_context_restore(secure_state_out); 622 #else 623 cm_el1_sysregs_context_restore(secure_state_out); 624 #endif 625 cm_set_next_eret_context(secure_state_out); 626 627 #if SPMD_SPM_AT_SEL2 628 /* 629 * If SPMC is at SEL2, save additional registers x8-x17, which may 630 * be used in FF-A calls such as FFA_PARTITION_INFO_GET_REGS. 631 * Note that technically, all SPMCs can support this, but this code is 632 * under ifdef to minimize breakage in case other SPMCs do not save 633 * and restore x8-x17. 634 * We also need to pass through these registers since not all FF-A ABIs 635 * modify x8-x17, in which case, SMCCC requires that these registers be 636 * preserved, so the SPMD passes through these registers and expects the 637 * SPMC to save and restore (potentially also modify) them. 638 */ 639 SMC_RET18(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4, 640 SMC_GET_GP(handle, CTX_GPREG_X5), 641 SMC_GET_GP(handle, CTX_GPREG_X6), 642 SMC_GET_GP(handle, CTX_GPREG_X7), 643 SMC_GET_GP(handle, CTX_GPREG_X8), 644 SMC_GET_GP(handle, CTX_GPREG_X9), 645 SMC_GET_GP(handle, CTX_GPREG_X10), 646 SMC_GET_GP(handle, CTX_GPREG_X11), 647 SMC_GET_GP(handle, CTX_GPREG_X12), 648 SMC_GET_GP(handle, CTX_GPREG_X13), 649 SMC_GET_GP(handle, CTX_GPREG_X14), 650 SMC_GET_GP(handle, CTX_GPREG_X15), 651 SMC_GET_GP(handle, CTX_GPREG_X16), 652 SMC_GET_GP(handle, CTX_GPREG_X17) 653 ); 654 655 #else 656 SMC_RET8(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4, 657 SMC_GET_GP(handle, CTX_GPREG_X5), 658 SMC_GET_GP(handle, CTX_GPREG_X6), 659 SMC_GET_GP(handle, CTX_GPREG_X7)); 660 #endif 661 } 662 663 /******************************************************************************* 664 * Forward SMCs to the other security state. 665 ******************************************************************************/ 666 static uint64_t spmd_smc_forward(uint32_t smc_fid, 667 bool secure_origin, 668 uint64_t x1, 669 uint64_t x2, 670 uint64_t x3, 671 uint64_t x4, 672 void *cookie, 673 void *handle, 674 uint64_t flags) 675 { 676 if (is_spmc_at_el3() && !secure_origin) { 677 return spmc_smc_handler(smc_fid, secure_origin, x1, x2, x3, x4, 678 cookie, handle, flags); 679 } 680 return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2, x3, x4, 681 handle); 682 683 } 684 685 /******************************************************************************* 686 * Return FFA_ERROR with specified error code 687 ******************************************************************************/ 688 static uint64_t spmd_ffa_error_return(void *handle, int error_code) 689 { 690 SMC_RET8(handle, (uint32_t) FFA_ERROR, 691 FFA_TARGET_INFO_MBZ, (uint32_t)error_code, 692 FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 693 FFA_PARAM_MBZ, FFA_PARAM_MBZ); 694 } 695 696 /******************************************************************************* 697 * spmd_check_address_in_binary_image 698 ******************************************************************************/ 699 bool spmd_check_address_in_binary_image(uint64_t address) 700 { 701 assert(!check_uptr_overflow(spmc_attrs.load_address, spmc_attrs.binary_size)); 702 703 return ((address >= spmc_attrs.load_address) && 704 (address < (spmc_attrs.load_address + spmc_attrs.binary_size))); 705 } 706 707 /****************************************************************************** 708 * spmd_is_spmc_message 709 *****************************************************************************/ 710 static bool spmd_is_spmc_message(unsigned int ep) 711 { 712 if (is_spmc_at_el3()) { 713 return false; 714 } 715 716 return ((ffa_endpoint_destination(ep) == SPMD_DIRECT_MSG_ENDPOINT_ID) 717 && (ffa_endpoint_source(ep) == spmc_attrs.spmc_id)); 718 } 719 720 /****************************************************************************** 721 * spmd_handle_spmc_message 722 *****************************************************************************/ 723 static int spmd_handle_spmc_message(unsigned long long msg, 724 unsigned long long parm1, unsigned long long parm2, 725 unsigned long long parm3, unsigned long long parm4) 726 { 727 VERBOSE("%s %llx %llx %llx %llx %llx\n", __func__, 728 msg, parm1, parm2, parm3, parm4); 729 730 return -EINVAL; 731 } 732 733 /******************************************************************************* 734 * This function forwards FF-A SMCs to either the main SPMD handler or the 735 * SPMC at EL3, depending on the origin security state, if enabled. 736 ******************************************************************************/ 737 uint64_t spmd_ffa_smc_handler(uint32_t smc_fid, 738 uint64_t x1, 739 uint64_t x2, 740 uint64_t x3, 741 uint64_t x4, 742 void *cookie, 743 void *handle, 744 uint64_t flags) 745 { 746 if (is_spmc_at_el3()) { 747 /* 748 * If we have an SPMC at EL3 allow handling of the SMC first. 749 * The SPMC will call back through to SPMD handler if required. 750 */ 751 if (is_caller_secure(flags)) { 752 return spmc_smc_handler(smc_fid, 753 is_caller_secure(flags), 754 x1, x2, x3, x4, cookie, 755 handle, flags); 756 } 757 } 758 return spmd_smc_handler(smc_fid, x1, x2, x3, x4, cookie, 759 handle, flags); 760 } 761 762 /******************************************************************************* 763 * This function handles all SMCs in the range reserved for FFA. Each call is 764 * either forwarded to the other security state or handled by the SPM dispatcher 765 ******************************************************************************/ 766 uint64_t spmd_smc_handler(uint32_t smc_fid, 767 uint64_t x1, 768 uint64_t x2, 769 uint64_t x3, 770 uint64_t x4, 771 void *cookie, 772 void *handle, 773 uint64_t flags) 774 { 775 unsigned int linear_id = plat_my_core_pos(); 776 spmd_spm_core_context_t *ctx = spmd_get_context(); 777 bool secure_origin; 778 int32_t ret; 779 uint32_t input_version; 780 781 /* Determine which security state this SMC originated from */ 782 secure_origin = is_caller_secure(flags); 783 784 VERBOSE("SPM(%u): 0x%x 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64 785 " 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64 "\n", 786 linear_id, smc_fid, x1, x2, x3, x4, 787 SMC_GET_GP(handle, CTX_GPREG_X5), 788 SMC_GET_GP(handle, CTX_GPREG_X6), 789 SMC_GET_GP(handle, CTX_GPREG_X7)); 790 791 switch (smc_fid) { 792 case FFA_ERROR: 793 /* 794 * Check if this is the first invocation of this interface on 795 * this CPU. If so, then indicate that the SPM Core initialised 796 * unsuccessfully. 797 */ 798 if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) { 799 spmd_spm_core_sync_exit(x2); 800 } 801 802 return spmd_smc_forward(smc_fid, secure_origin, 803 x1, x2, x3, x4, cookie, 804 handle, flags); 805 break; /* not reached */ 806 807 case FFA_VERSION: 808 input_version = (uint32_t)(0xFFFFFFFF & x1); 809 /* 810 * If caller is secure and SPMC was initialized, 811 * return FFA_VERSION of SPMD. 812 * If caller is non secure and SPMC was initialized, 813 * forward to the EL3 SPMC if enabled, otherwise return 814 * the SPMC version if implemented at a lower EL. 815 * Sanity check to "input_version". 816 * If the EL3 SPMC is enabled, ignore the SPMC state as 817 * this is not used. 818 */ 819 if ((input_version & FFA_VERSION_BIT31_MASK) || 820 (!is_spmc_at_el3() && (ctx->state == SPMC_STATE_RESET))) { 821 ret = FFA_ERROR_NOT_SUPPORTED; 822 } else if (!secure_origin) { 823 if (is_spmc_at_el3()) { 824 /* 825 * Forward the call directly to the EL3 SPMC, if 826 * enabled, as we don't need to wrap the call in 827 * a direct request. 828 */ 829 return spmd_smc_forward(smc_fid, secure_origin, 830 x1, x2, x3, x4, cookie, 831 handle, flags); 832 } 833 834 gp_regs_t *gpregs = get_gpregs_ctx(&ctx->cpu_ctx); 835 uint64_t rc; 836 837 if (spmc_attrs.major_version == 1 && 838 spmc_attrs.minor_version == 0) { 839 ret = MAKE_FFA_VERSION(spmc_attrs.major_version, 840 spmc_attrs.minor_version); 841 SMC_RET8(handle, (uint32_t)ret, 842 FFA_TARGET_INFO_MBZ, 843 FFA_TARGET_INFO_MBZ, 844 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 845 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 846 FFA_PARAM_MBZ); 847 break; 848 } 849 /* Save non-secure system registers context */ 850 cm_el1_sysregs_context_save(NON_SECURE); 851 #if SPMD_SPM_AT_SEL2 852 cm_el2_sysregs_context_save(NON_SECURE); 853 #endif 854 855 /* 856 * The incoming request has FFA_VERSION as X0 smc_fid 857 * and requested version in x1. Prepare a direct request 858 * from SPMD to SPMC with FFA_VERSION framework function 859 * identifier in X2 and requested version in X3. 860 */ 861 spmd_build_spmc_message(gpregs, 862 SPMD_FWK_MSG_FFA_VERSION_REQ, 863 input_version); 864 865 rc = spmd_spm_core_sync_entry(ctx); 866 867 if ((rc != 0ULL) || 868 (SMC_GET_GP(gpregs, CTX_GPREG_X0) != 869 FFA_MSG_SEND_DIRECT_RESP_SMC32) || 870 (SMC_GET_GP(gpregs, CTX_GPREG_X2) != 871 (FFA_FWK_MSG_BIT | 872 SPMD_FWK_MSG_FFA_VERSION_RESP))) { 873 ERROR("Failed to forward FFA_VERSION\n"); 874 ret = FFA_ERROR_NOT_SUPPORTED; 875 } else { 876 ret = SMC_GET_GP(gpregs, CTX_GPREG_X3); 877 } 878 879 /* 880 * Return here after SPMC has handled FFA_VERSION. 881 * The returned SPMC version is held in X3. 882 * Forward this version in X0 to the non-secure caller. 883 */ 884 return spmd_smc_forward(ret, true, FFA_PARAM_MBZ, 885 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 886 FFA_PARAM_MBZ, cookie, gpregs, 887 flags); 888 } else { 889 ret = MAKE_FFA_VERSION(FFA_VERSION_MAJOR, 890 FFA_VERSION_MINOR); 891 } 892 893 SMC_RET8(handle, (uint32_t)ret, FFA_TARGET_INFO_MBZ, 894 FFA_TARGET_INFO_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 895 FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ); 896 break; /* not reached */ 897 898 case FFA_FEATURES: 899 /* 900 * This is an optional interface. Do the minimal checks and 901 * forward to SPM Core which will handle it if implemented. 902 */ 903 904 /* Forward SMC from Normal world to the SPM Core */ 905 if (!secure_origin) { 906 return spmd_smc_forward(smc_fid, secure_origin, 907 x1, x2, x3, x4, cookie, 908 handle, flags); 909 } 910 911 /* 912 * Return success if call was from secure world i.e. all 913 * FFA functions are supported. This is essentially a 914 * nop. 915 */ 916 SMC_RET8(handle, FFA_SUCCESS_SMC32, x1, x2, x3, x4, 917 SMC_GET_GP(handle, CTX_GPREG_X5), 918 SMC_GET_GP(handle, CTX_GPREG_X6), 919 SMC_GET_GP(handle, CTX_GPREG_X7)); 920 921 break; /* not reached */ 922 923 case FFA_ID_GET: 924 /* 925 * Returns the ID of the calling FFA component. 926 */ 927 if (!secure_origin) { 928 SMC_RET8(handle, FFA_SUCCESS_SMC32, 929 FFA_TARGET_INFO_MBZ, FFA_NS_ENDPOINT_ID, 930 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 931 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 932 FFA_PARAM_MBZ); 933 } 934 935 SMC_RET8(handle, FFA_SUCCESS_SMC32, 936 FFA_TARGET_INFO_MBZ, spmc_attrs.spmc_id, 937 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 938 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 939 FFA_PARAM_MBZ); 940 941 break; /* not reached */ 942 943 case FFA_SECONDARY_EP_REGISTER_SMC64: 944 if (secure_origin) { 945 ret = spmd_pm_secondary_ep_register(x1); 946 947 if (ret < 0) { 948 SMC_RET8(handle, FFA_ERROR_SMC64, 949 FFA_TARGET_INFO_MBZ, ret, 950 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 951 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 952 FFA_PARAM_MBZ); 953 } else { 954 SMC_RET8(handle, FFA_SUCCESS_SMC64, 955 FFA_TARGET_INFO_MBZ, FFA_PARAM_MBZ, 956 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 957 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 958 FFA_PARAM_MBZ); 959 } 960 } 961 962 return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 963 break; /* Not reached */ 964 965 case FFA_SPM_ID_GET: 966 if (MAKE_FFA_VERSION(1, 1) > FFA_VERSION_COMPILED) { 967 return spmd_ffa_error_return(handle, 968 FFA_ERROR_NOT_SUPPORTED); 969 } 970 /* 971 * Returns the ID of the SPMC or SPMD depending on the FF-A 972 * instance where this function is invoked 973 */ 974 if (!secure_origin) { 975 SMC_RET8(handle, FFA_SUCCESS_SMC32, 976 FFA_TARGET_INFO_MBZ, spmc_attrs.spmc_id, 977 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 978 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 979 FFA_PARAM_MBZ); 980 } 981 SMC_RET8(handle, FFA_SUCCESS_SMC32, 982 FFA_TARGET_INFO_MBZ, SPMD_DIRECT_MSG_ENDPOINT_ID, 983 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 984 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 985 FFA_PARAM_MBZ); 986 987 break; /* not reached */ 988 989 case FFA_MSG_SEND_DIRECT_REQ_SMC32: 990 case FFA_MSG_SEND_DIRECT_REQ_SMC64: 991 if (!secure_origin) { 992 /* Validate source endpoint is non-secure for non-secure caller. */ 993 if (ffa_is_secure_world_id(ffa_endpoint_source(x1))) { 994 return spmd_ffa_error_return(handle, 995 FFA_ERROR_INVALID_PARAMETER); 996 } 997 } 998 if (secure_origin && spmd_is_spmc_message(x1)) { 999 ret = spmd_handle_spmc_message(x3, x4, 1000 SMC_GET_GP(handle, CTX_GPREG_X5), 1001 SMC_GET_GP(handle, CTX_GPREG_X6), 1002 SMC_GET_GP(handle, CTX_GPREG_X7)); 1003 1004 SMC_RET8(handle, FFA_SUCCESS_SMC32, 1005 FFA_TARGET_INFO_MBZ, ret, 1006 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1007 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1008 FFA_PARAM_MBZ); 1009 } else { 1010 /* Forward direct message to the other world */ 1011 return spmd_smc_forward(smc_fid, secure_origin, 1012 x1, x2, x3, x4, cookie, 1013 handle, flags); 1014 } 1015 break; /* Not reached */ 1016 1017 case FFA_MSG_SEND_DIRECT_RESP_SMC32: 1018 if (secure_origin && spmd_is_spmc_message(x1)) { 1019 spmd_spm_core_sync_exit(0ULL); 1020 } else { 1021 /* Forward direct message to the other world */ 1022 return spmd_smc_forward(smc_fid, secure_origin, 1023 x1, x2, x3, x4, cookie, 1024 handle, flags); 1025 } 1026 break; /* Not reached */ 1027 1028 case FFA_RX_RELEASE: 1029 case FFA_RXTX_MAP_SMC32: 1030 case FFA_RXTX_MAP_SMC64: 1031 case FFA_RXTX_UNMAP: 1032 case FFA_PARTITION_INFO_GET: 1033 #if MAKE_FFA_VERSION(1, 1) <= FFA_VERSION_COMPILED 1034 case FFA_NOTIFICATION_BITMAP_CREATE: 1035 case FFA_NOTIFICATION_BITMAP_DESTROY: 1036 case FFA_NOTIFICATION_BIND: 1037 case FFA_NOTIFICATION_UNBIND: 1038 case FFA_NOTIFICATION_SET: 1039 case FFA_NOTIFICATION_GET: 1040 case FFA_NOTIFICATION_INFO_GET: 1041 case FFA_NOTIFICATION_INFO_GET_SMC64: 1042 case FFA_MSG_SEND2: 1043 case FFA_RX_ACQUIRE: 1044 #endif 1045 case FFA_MSG_RUN: 1046 /* 1047 * Above calls should be invoked only by the Normal world and 1048 * must not be forwarded from Secure world to Normal world. 1049 */ 1050 if (secure_origin) { 1051 return spmd_ffa_error_return(handle, 1052 FFA_ERROR_NOT_SUPPORTED); 1053 } 1054 1055 /* Forward the call to the other world */ 1056 /* fallthrough */ 1057 case FFA_MSG_SEND: 1058 case FFA_MSG_SEND_DIRECT_RESP_SMC64: 1059 case FFA_MEM_DONATE_SMC32: 1060 case FFA_MEM_DONATE_SMC64: 1061 case FFA_MEM_LEND_SMC32: 1062 case FFA_MEM_LEND_SMC64: 1063 case FFA_MEM_SHARE_SMC32: 1064 case FFA_MEM_SHARE_SMC64: 1065 case FFA_MEM_RETRIEVE_REQ_SMC32: 1066 case FFA_MEM_RETRIEVE_REQ_SMC64: 1067 case FFA_MEM_RETRIEVE_RESP: 1068 case FFA_MEM_RELINQUISH: 1069 case FFA_MEM_RECLAIM: 1070 case FFA_MEM_FRAG_TX: 1071 case FFA_MEM_FRAG_RX: 1072 case FFA_SUCCESS_SMC32: 1073 case FFA_SUCCESS_SMC64: 1074 /* 1075 * TODO: Assume that no requests originate from EL3 at the 1076 * moment. This will change if a SP service is required in 1077 * response to secure interrupts targeted to EL3. Until then 1078 * simply forward the call to the Normal world. 1079 */ 1080 1081 return spmd_smc_forward(smc_fid, secure_origin, 1082 x1, x2, x3, x4, cookie, 1083 handle, flags); 1084 break; /* not reached */ 1085 1086 case FFA_MSG_WAIT: 1087 /* 1088 * Check if this is the first invocation of this interface on 1089 * this CPU from the Secure world. If so, then indicate that the 1090 * SPM Core initialised successfully. 1091 */ 1092 if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) { 1093 spmd_spm_core_sync_exit(0ULL); 1094 } 1095 1096 /* Forward the call to the other world */ 1097 /* fallthrough */ 1098 case FFA_INTERRUPT: 1099 case FFA_MSG_YIELD: 1100 /* This interface must be invoked only by the Secure world */ 1101 if (!secure_origin) { 1102 return spmd_ffa_error_return(handle, 1103 FFA_ERROR_NOT_SUPPORTED); 1104 } 1105 1106 return spmd_smc_forward(smc_fid, secure_origin, 1107 x1, x2, x3, x4, cookie, 1108 handle, flags); 1109 break; /* not reached */ 1110 1111 case FFA_NORMAL_WORLD_RESUME: 1112 if (secure_origin && ctx->secure_interrupt_ongoing) { 1113 spmd_spm_core_sync_exit(0ULL); 1114 } else { 1115 return spmd_ffa_error_return(handle, FFA_ERROR_DENIED); 1116 } 1117 break; /* Not reached */ 1118 #if MAKE_FFA_VERSION(1, 1) <= FFA_VERSION_COMPILED 1119 case FFA_PARTITION_INFO_GET_REGS_SMC64: 1120 if (secure_origin) { 1121 /* TODO: Future patches to enable support for this */ 1122 return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 1123 } 1124 1125 /* Call only supported with SMCCC 1.2+ */ 1126 if (MAKE_SMCCC_VERSION(SMCCC_MAJOR_VERSION, SMCCC_MINOR_VERSION) < 0x10002) { 1127 return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 1128 } 1129 1130 return spmd_smc_forward(smc_fid, secure_origin, 1131 x1, x2, x3, x4, cookie, 1132 handle, flags); 1133 break; /* Not reached */ 1134 #endif 1135 default: 1136 WARN("SPM: Unsupported call 0x%08x\n", smc_fid); 1137 return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 1138 } 1139 } 1140