1 /*
2 * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <errno.h>
9 #include <stdbool.h>
10 #include <stdint.h>
11 #include <string.h>
12
13 #include <platform_def.h>
14
15 #include <arch_features.h>
16 #include <arch_helpers.h>
17 #include <common/debug.h>
18 #include <lib/utils_def.h>
19 #include <lib/xlat_tables/xlat_tables_defs.h>
20 #include <lib/xlat_tables/xlat_tables_v2.h>
21
22 #include "xlat_tables_private.h"
23
24 /* Helper function that cleans the data cache only if it is enabled. */
xlat_clean_dcache_range(uintptr_t addr,size_t size)25 static inline __attribute__((unused)) void xlat_clean_dcache_range(uintptr_t addr, size_t size)
26 {
27 if (is_dcache_enabled())
28 clean_dcache_range(addr, size);
29 }
30
31 #if PLAT_XLAT_TABLES_DYNAMIC
32
33 /*
34 * The following functions assume that they will be called using subtables only.
35 * The base table can't be unmapped, so it is not needed to do any special
36 * handling for it.
37 */
38
39 /*
40 * Returns the index of the array corresponding to the specified translation
41 * table.
42 */
xlat_table_get_index(const xlat_ctx_t * ctx,const uint64_t * table)43 static int xlat_table_get_index(const xlat_ctx_t *ctx, const uint64_t *table)
44 {
45 for (int i = 0; i < ctx->tables_num; i++)
46 if (ctx->tables[i] == table)
47 return i;
48
49 /*
50 * Maybe we were asked to get the index of the base level table, which
51 * should never happen.
52 */
53 assert(false);
54
55 return -1;
56 }
57
58 /* Returns a pointer to an empty translation table. */
xlat_table_get_empty(const xlat_ctx_t * ctx)59 static uint64_t *xlat_table_get_empty(const xlat_ctx_t *ctx)
60 {
61 for (int i = 0; i < ctx->tables_num; i++)
62 if (ctx->tables_mapped_regions[i] == 0)
63 return ctx->tables[i];
64
65 return NULL;
66 }
67
68 /* Increments region count for a given table. */
xlat_table_inc_regions_count(const xlat_ctx_t * ctx,const uint64_t * table)69 static void xlat_table_inc_regions_count(const xlat_ctx_t *ctx,
70 const uint64_t *table)
71 {
72 int idx = xlat_table_get_index(ctx, table);
73
74 ctx->tables_mapped_regions[idx]++;
75 }
76
77 /* Decrements region count for a given table. */
xlat_table_dec_regions_count(const xlat_ctx_t * ctx,const uint64_t * table)78 static void xlat_table_dec_regions_count(const xlat_ctx_t *ctx,
79 const uint64_t *table)
80 {
81 int idx = xlat_table_get_index(ctx, table);
82
83 ctx->tables_mapped_regions[idx]--;
84 }
85
86 /* Returns 0 if the specified table isn't empty, otherwise 1. */
xlat_table_is_empty(const xlat_ctx_t * ctx,const uint64_t * table)87 static bool xlat_table_is_empty(const xlat_ctx_t *ctx, const uint64_t *table)
88 {
89 return ctx->tables_mapped_regions[xlat_table_get_index(ctx, table)] == 0;
90 }
91
92 #else /* PLAT_XLAT_TABLES_DYNAMIC */
93
94 /* Returns a pointer to the first empty translation table. */
xlat_table_get_empty(xlat_ctx_t * ctx)95 static uint64_t *xlat_table_get_empty(xlat_ctx_t *ctx)
96 {
97 assert(ctx->next_table < ctx->tables_num);
98
99 return ctx->tables[ctx->next_table++];
100 }
101
102 #endif /* PLAT_XLAT_TABLES_DYNAMIC */
103
104 /*
105 * Returns a block/page table descriptor for the given level and attributes.
106 */
xlat_desc(const xlat_ctx_t * ctx,uint32_t attr,unsigned long long addr_pa,unsigned int level)107 uint64_t xlat_desc(const xlat_ctx_t *ctx, uint32_t attr,
108 unsigned long long addr_pa, unsigned int level)
109 {
110 uint64_t desc;
111 uint32_t mem_type;
112
113 /* Make sure that the granularity is fine enough to map this address. */
114 assert((addr_pa & XLAT_BLOCK_MASK(level)) == 0U);
115
116 desc = addr_pa;
117 /*
118 * There are different translation table descriptors for level 3 and the
119 * rest.
120 */
121 desc |= (level == XLAT_TABLE_LEVEL_MAX) ? PAGE_DESC : BLOCK_DESC;
122 /*
123 * Always set the access flag, as this library assumes access flag
124 * faults aren't managed.
125 */
126 desc |= LOWER_ATTRS(ACCESS_FLAG);
127 /*
128 * Deduce other fields of the descriptor based on the MT_NS and MT_RW
129 * memory region attributes.
130 */
131 desc |= ((attr & MT_NS) != 0U) ? LOWER_ATTRS(NS) : 0U;
132 desc |= ((attr & MT_RW) != 0U) ? LOWER_ATTRS(AP_RW) : LOWER_ATTRS(AP_RO);
133
134 /*
135 * Do not allow unprivileged access when the mapping is for a privileged
136 * EL. For translation regimes that do not have mappings for access for
137 * lower exception levels, set AP[2] to AP_NO_ACCESS_UNPRIVILEGED.
138 */
139 if (ctx->xlat_regime == EL1_EL0_REGIME) {
140 if ((attr & MT_USER) != 0U) {
141 /* EL0 mapping requested, so we give User access */
142 desc |= LOWER_ATTRS(AP_ACCESS_UNPRIVILEGED);
143 } else {
144 /* EL1 mapping requested, no User access granted */
145 desc |= LOWER_ATTRS(AP_NO_ACCESS_UNPRIVILEGED);
146 }
147 } else {
148 assert((ctx->xlat_regime == EL2_REGIME) ||
149 (ctx->xlat_regime == EL3_REGIME));
150 desc |= LOWER_ATTRS(AP_ONE_VA_RANGE_RES1);
151 }
152
153 /*
154 * Deduce shareability domain and executability of the memory region
155 * from the memory type of the attributes (MT_TYPE).
156 *
157 * Data accesses to device memory and non-cacheable normal memory are
158 * coherent for all observers in the system, and correspondingly are
159 * always treated as being Outer Shareable. Therefore, for these 2 types
160 * of memory, it is not strictly needed to set the shareability field
161 * in the translation tables.
162 */
163 mem_type = MT_TYPE(attr);
164 if (mem_type == MT_DEVICE) {
165 desc |= LOWER_ATTRS(ATTR_DEVICE_INDEX | OSH);
166 /*
167 * Always map device memory as execute-never.
168 * This is to avoid the possibility of a speculative instruction
169 * fetch, which could be an issue if this memory region
170 * corresponds to a read-sensitive peripheral.
171 */
172 desc |= xlat_arch_regime_get_xn_desc(ctx->xlat_regime);
173
174 } else { /* Normal memory */
175 /*
176 * Always map read-write normal memory as execute-never.
177 * This library assumes that it is used by software that does
178 * not self-modify its code, therefore R/W memory is reserved
179 * for data storage, which must not be executable.
180 *
181 * Note that setting the XN bit here is for consistency only.
182 * The function that enables the MMU sets the SCTLR_ELx.WXN bit,
183 * which makes any writable memory region to be treated as
184 * execute-never, regardless of the value of the XN bit in the
185 * translation table.
186 *
187 * For read-only memory, rely on the MT_EXECUTE/MT_EXECUTE_NEVER
188 * attribute to figure out the value of the XN bit. The actual
189 * XN bit(s) to set in the descriptor depends on the context's
190 * translation regime and the policy applied in
191 * xlat_arch_regime_get_xn_desc().
192 */
193 if (((attr & MT_RW) != 0U) || ((attr & MT_EXECUTE_NEVER) != 0U)) {
194 desc |= xlat_arch_regime_get_xn_desc(ctx->xlat_regime);
195 }
196
197 if (mem_type == MT_MEMORY) {
198 desc |= LOWER_ATTRS(ATTR_IWBWA_OWBWA_NTR_INDEX | ISH);
199
200 /* Check if Branch Target Identification is enabled */
201 #if ENABLE_BTI
202 /* Set GP bit for block and page code entries
203 * if BTI mechanism is implemented.
204 */
205 if (is_armv8_5_bti_present() &&
206 ((attr & (MT_TYPE_MASK | MT_RW |
207 MT_EXECUTE_NEVER)) == MT_CODE)) {
208 desc |= GP;
209 }
210 #endif
211 } else {
212 assert(mem_type == MT_NON_CACHEABLE);
213 desc |= LOWER_ATTRS(ATTR_NON_CACHEABLE_INDEX | OSH);
214 }
215 }
216
217 return desc;
218 }
219
220 /*
221 * Enumeration of actions that can be made when mapping table entries depending
222 * on the previous value in that entry and information about the region being
223 * mapped.
224 */
225 typedef enum {
226
227 /* Do nothing */
228 ACTION_NONE,
229
230 /* Write a block (or page, if in level 3) entry. */
231 ACTION_WRITE_BLOCK_ENTRY,
232
233 /*
234 * Create a new table and write a table entry pointing to it. Recurse
235 * into it for further processing.
236 */
237 ACTION_CREATE_NEW_TABLE,
238
239 /*
240 * There is a table descriptor in this entry, read it and recurse into
241 * that table for further processing.
242 */
243 ACTION_RECURSE_INTO_TABLE,
244
245 } action_t;
246
247 /*
248 * Function that returns the first VA of the table affected by the specified
249 * mmap region.
250 */
xlat_tables_find_start_va(mmap_region_t * mm,const uintptr_t table_base_va,const unsigned int level)251 static uintptr_t xlat_tables_find_start_va(mmap_region_t *mm,
252 const uintptr_t table_base_va,
253 const unsigned int level)
254 {
255 uintptr_t table_idx_va;
256
257 if (mm->base_va > table_base_va) {
258 /* Find the first index of the table affected by the region. */
259 table_idx_va = mm->base_va & ~XLAT_BLOCK_MASK(level);
260 } else {
261 /* Start from the beginning of the table. */
262 table_idx_va = table_base_va;
263 }
264
265 return table_idx_va;
266 }
267
268 /*
269 * Function that returns table index for the given VA and level arguments.
270 */
xlat_tables_va_to_index(const uintptr_t table_base_va,const uintptr_t va,const unsigned int level)271 static inline unsigned int xlat_tables_va_to_index(const uintptr_t table_base_va,
272 const uintptr_t va,
273 const unsigned int level)
274 {
275 return (unsigned int)((va - table_base_va) >> XLAT_ADDR_SHIFT(level));
276 }
277
278 #if PLAT_XLAT_TABLES_DYNAMIC
279
280 /*
281 * From the given arguments, it decides which action to take when unmapping the
282 * specified region.
283 */
xlat_tables_unmap_region_action(const mmap_region_t * mm,const uintptr_t table_idx_va,const uintptr_t table_idx_end_va,const unsigned int level,const uint64_t desc_type)284 static action_t xlat_tables_unmap_region_action(const mmap_region_t *mm,
285 const uintptr_t table_idx_va, const uintptr_t table_idx_end_va,
286 const unsigned int level, const uint64_t desc_type)
287 {
288 action_t action;
289 uintptr_t region_end_va = mm->base_va + mm->size - 1U;
290
291 if ((mm->base_va <= table_idx_va) &&
292 (region_end_va >= table_idx_end_va)) {
293 /* Region covers all block */
294
295 if (level == 3U) {
296 /*
297 * Last level, only page descriptors allowed,
298 * erase it.
299 */
300 assert(desc_type == PAGE_DESC);
301
302 action = ACTION_WRITE_BLOCK_ENTRY;
303 } else {
304 /*
305 * Other levels can have table descriptors. If
306 * so, recurse into it and erase descriptors
307 * inside it as needed. If there is a block
308 * descriptor, just erase it. If an invalid
309 * descriptor is found, this table isn't
310 * actually mapped, which shouldn't happen.
311 */
312 if (desc_type == TABLE_DESC) {
313 action = ACTION_RECURSE_INTO_TABLE;
314 } else {
315 assert(desc_type == BLOCK_DESC);
316 action = ACTION_WRITE_BLOCK_ENTRY;
317 }
318 }
319
320 } else if ((mm->base_va <= table_idx_end_va) ||
321 (region_end_va >= table_idx_va)) {
322 /*
323 * Region partially covers block.
324 *
325 * It can't happen in level 3.
326 *
327 * There must be a table descriptor here, if not there
328 * was a problem when mapping the region.
329 */
330 assert(level < 3U);
331 assert(desc_type == TABLE_DESC);
332
333 action = ACTION_RECURSE_INTO_TABLE;
334 } else {
335 /* The region doesn't cover the block at all */
336 action = ACTION_NONE;
337 }
338
339 return action;
340 }
341 /*
342 * Recursive function that writes to the translation tables and unmaps the
343 * specified region.
344 */
xlat_tables_unmap_region(xlat_ctx_t * ctx,mmap_region_t * mm,const uintptr_t table_base_va,uint64_t * const table_base,const unsigned int table_entries,const unsigned int level)345 static void xlat_tables_unmap_region(xlat_ctx_t *ctx, mmap_region_t *mm,
346 const uintptr_t table_base_va,
347 uint64_t *const table_base,
348 const unsigned int table_entries,
349 const unsigned int level)
350 {
351 assert((level >= ctx->base_level) && (level <= XLAT_TABLE_LEVEL_MAX));
352
353 uint64_t *subtable;
354 uint64_t desc;
355
356 uintptr_t table_idx_va;
357 uintptr_t table_idx_end_va; /* End VA of this entry */
358
359 uintptr_t region_end_va = mm->base_va + mm->size - 1U;
360
361 unsigned int table_idx;
362
363 table_idx_va = xlat_tables_find_start_va(mm, table_base_va, level);
364 table_idx = xlat_tables_va_to_index(table_base_va, table_idx_va, level);
365
366 while (table_idx < table_entries) {
367
368 table_idx_end_va = table_idx_va + XLAT_BLOCK_SIZE(level) - 1U;
369
370 desc = table_base[table_idx];
371 uint64_t desc_type = desc & DESC_MASK;
372
373 action_t action = xlat_tables_unmap_region_action(mm,
374 table_idx_va, table_idx_end_va, level,
375 desc_type);
376
377 if (action == ACTION_WRITE_BLOCK_ENTRY) {
378
379 table_base[table_idx] = INVALID_DESC;
380 xlat_arch_tlbi_va(table_idx_va, ctx->xlat_regime);
381
382 } else if (action == ACTION_RECURSE_INTO_TABLE) {
383
384 subtable = (uint64_t *)(uintptr_t)(desc & TABLE_ADDR_MASK);
385
386 /* Recurse to write into subtable */
387 xlat_tables_unmap_region(ctx, mm, table_idx_va,
388 subtable, XLAT_TABLE_ENTRIES,
389 level + 1U);
390 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
391 xlat_clean_dcache_range((uintptr_t)subtable,
392 XLAT_TABLE_ENTRIES * sizeof(uint64_t));
393 #endif
394 /*
395 * If the subtable is now empty, remove its reference.
396 */
397 if (xlat_table_is_empty(ctx, subtable)) {
398 table_base[table_idx] = INVALID_DESC;
399 xlat_arch_tlbi_va(table_idx_va,
400 ctx->xlat_regime);
401 }
402
403 } else {
404 assert(action == ACTION_NONE);
405 }
406
407 table_idx++;
408 table_idx_va += XLAT_BLOCK_SIZE(level);
409
410 /* If reached the end of the region, exit */
411 if (region_end_va <= table_idx_va)
412 break;
413 }
414
415 if (level > ctx->base_level)
416 xlat_table_dec_regions_count(ctx, table_base);
417 }
418
419 #endif /* PLAT_XLAT_TABLES_DYNAMIC */
420
421 /*
422 * From the given arguments, it decides which action to take when mapping the
423 * specified region.
424 */
xlat_tables_map_region_action(const mmap_region_t * mm,unsigned int desc_type,unsigned long long dest_pa,uintptr_t table_entry_base_va,unsigned int level)425 static action_t xlat_tables_map_region_action(const mmap_region_t *mm,
426 unsigned int desc_type, unsigned long long dest_pa,
427 uintptr_t table_entry_base_va, unsigned int level)
428 {
429 uintptr_t mm_end_va = mm->base_va + mm->size - 1U;
430 uintptr_t table_entry_end_va =
431 table_entry_base_va + XLAT_BLOCK_SIZE(level) - 1U;
432
433 /*
434 * The descriptor types allowed depend on the current table level.
435 */
436
437 if ((mm->base_va <= table_entry_base_va) &&
438 (mm_end_va >= table_entry_end_va)) {
439
440 /*
441 * Table entry is covered by region
442 * --------------------------------
443 *
444 * This means that this table entry can describe the whole
445 * translation with this granularity in principle.
446 */
447
448 if (level == 3U) {
449 /*
450 * Last level, only page descriptors are allowed.
451 */
452 if (desc_type == PAGE_DESC) {
453 /*
454 * There's another region mapped here, don't
455 * overwrite.
456 */
457 return ACTION_NONE;
458 } else {
459 assert(desc_type == INVALID_DESC);
460 return ACTION_WRITE_BLOCK_ENTRY;
461 }
462
463 } else {
464
465 /*
466 * Other levels. Table descriptors are allowed. Block
467 * descriptors too, but they have some limitations.
468 */
469
470 if (desc_type == TABLE_DESC) {
471 /* There's already a table, recurse into it. */
472 return ACTION_RECURSE_INTO_TABLE;
473
474 } else if (desc_type == INVALID_DESC) {
475 /*
476 * There's nothing mapped here, create a new
477 * entry.
478 *
479 * Check if the destination granularity allows
480 * us to use a block descriptor or we need a
481 * finer table for it.
482 *
483 * Also, check if the current level allows block
484 * descriptors. If not, create a table instead.
485 */
486 if (((dest_pa & XLAT_BLOCK_MASK(level)) != 0U)
487 || (level < MIN_LVL_BLOCK_DESC) ||
488 (mm->granularity < XLAT_BLOCK_SIZE(level)))
489 return ACTION_CREATE_NEW_TABLE;
490 else
491 return ACTION_WRITE_BLOCK_ENTRY;
492
493 } else {
494 /*
495 * There's another region mapped here, don't
496 * overwrite.
497 */
498 assert(desc_type == BLOCK_DESC);
499
500 return ACTION_NONE;
501 }
502 }
503
504 } else if ((mm->base_va <= table_entry_end_va) ||
505 (mm_end_va >= table_entry_base_va)) {
506
507 /*
508 * Region partially covers table entry
509 * -----------------------------------
510 *
511 * This means that this table entry can't describe the whole
512 * translation, a finer table is needed.
513
514 * There cannot be partial block overlaps in level 3. If that
515 * happens, some of the preliminary checks when adding the
516 * mmap region failed to detect that PA and VA must at least be
517 * aligned to PAGE_SIZE.
518 */
519 assert(level < 3U);
520
521 if (desc_type == INVALID_DESC) {
522 /*
523 * The block is not fully covered by the region. Create
524 * a new table, recurse into it and try to map the
525 * region with finer granularity.
526 */
527 return ACTION_CREATE_NEW_TABLE;
528
529 } else {
530 assert(desc_type == TABLE_DESC);
531 /*
532 * The block is not fully covered by the region, but
533 * there is already a table here. Recurse into it and
534 * try to map with finer granularity.
535 *
536 * PAGE_DESC for level 3 has the same value as
537 * TABLE_DESC, but this code can't run on a level 3
538 * table because there can't be overlaps in level 3.
539 */
540 return ACTION_RECURSE_INTO_TABLE;
541 }
542 } else {
543
544 /*
545 * This table entry is outside of the region specified in the
546 * arguments, don't write anything to it.
547 */
548 return ACTION_NONE;
549 }
550 }
551
552 /*
553 * Recursive function that writes to the translation tables and maps the
554 * specified region. On success, it returns the VA of the last byte that was
555 * successfully mapped. On error, it returns the VA of the next entry that
556 * should have been mapped.
557 */
xlat_tables_map_region(xlat_ctx_t * ctx,mmap_region_t * mm,uintptr_t table_base_va,uint64_t * const table_base,unsigned int table_entries,unsigned int level)558 static uintptr_t xlat_tables_map_region(xlat_ctx_t *ctx, mmap_region_t *mm,
559 uintptr_t table_base_va,
560 uint64_t *const table_base,
561 unsigned int table_entries,
562 unsigned int level)
563 {
564 assert((level >= ctx->base_level) && (level <= XLAT_TABLE_LEVEL_MAX));
565
566 uintptr_t mm_end_va = mm->base_va + mm->size - 1U;
567
568 uintptr_t table_idx_va;
569 unsigned long long table_idx_pa;
570
571 uint64_t *subtable;
572 uint64_t desc;
573
574 unsigned int table_idx;
575
576 table_idx_va = xlat_tables_find_start_va(mm, table_base_va, level);
577 table_idx = xlat_tables_va_to_index(table_base_va, table_idx_va, level);
578
579 #if PLAT_XLAT_TABLES_DYNAMIC
580 if (level > ctx->base_level)
581 xlat_table_inc_regions_count(ctx, table_base);
582 #endif
583
584 while (table_idx < table_entries) {
585
586 desc = table_base[table_idx];
587
588 table_idx_pa = mm->base_pa + table_idx_va - mm->base_va;
589
590 action_t action = xlat_tables_map_region_action(mm,
591 (uint32_t)(desc & DESC_MASK), table_idx_pa,
592 table_idx_va, level);
593
594 if (action == ACTION_WRITE_BLOCK_ENTRY) {
595
596 table_base[table_idx] =
597 xlat_desc(ctx, (uint32_t)mm->attr, table_idx_pa,
598 level);
599
600 } else if (action == ACTION_CREATE_NEW_TABLE) {
601 uintptr_t end_va;
602
603 subtable = xlat_table_get_empty(ctx);
604 if (subtable == NULL) {
605 /* Not enough free tables to map this region */
606 return table_idx_va;
607 }
608
609 /* Point to new subtable from this one. */
610 table_base[table_idx] =
611 TABLE_DESC | (uintptr_t)subtable;
612
613 /* Recurse to write into subtable */
614 end_va = xlat_tables_map_region(ctx, mm, table_idx_va,
615 subtable, XLAT_TABLE_ENTRIES,
616 level + 1U);
617 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
618 xlat_clean_dcache_range((uintptr_t)subtable,
619 XLAT_TABLE_ENTRIES * sizeof(uint64_t));
620 #endif
621 if (end_va !=
622 (table_idx_va + XLAT_BLOCK_SIZE(level) - 1U))
623 return end_va;
624
625 } else if (action == ACTION_RECURSE_INTO_TABLE) {
626 uintptr_t end_va;
627
628 subtable = (uint64_t *)(uintptr_t)(desc & TABLE_ADDR_MASK);
629 /* Recurse to write into subtable */
630 end_va = xlat_tables_map_region(ctx, mm, table_idx_va,
631 subtable, XLAT_TABLE_ENTRIES,
632 level + 1U);
633 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
634 xlat_clean_dcache_range((uintptr_t)subtable,
635 XLAT_TABLE_ENTRIES * sizeof(uint64_t));
636 #endif
637 if (end_va !=
638 (table_idx_va + XLAT_BLOCK_SIZE(level) - 1U))
639 return end_va;
640
641 } else {
642
643 assert(action == ACTION_NONE);
644
645 }
646
647 table_idx++;
648 table_idx_va += XLAT_BLOCK_SIZE(level);
649
650 /* If reached the end of the region, exit */
651 if (mm_end_va <= table_idx_va)
652 break;
653 }
654
655 return table_idx_va - 1U;
656 }
657
658 /*
659 * Function that verifies that a region can be mapped.
660 * Returns:
661 * 0: Success, the mapping is allowed.
662 * EINVAL: Invalid values were used as arguments.
663 * ERANGE: The memory limits were surpassed.
664 * ENOMEM: There is not enough memory in the mmap array.
665 * EPERM: Region overlaps another one in an invalid way.
666 */
mmap_add_region_check(const xlat_ctx_t * ctx,const mmap_region_t * mm)667 static int mmap_add_region_check(const xlat_ctx_t *ctx, const mmap_region_t *mm)
668 {
669 unsigned long long base_pa = mm->base_pa;
670 uintptr_t base_va = mm->base_va;
671 size_t size = mm->size;
672 size_t granularity = mm->granularity;
673
674 unsigned long long end_pa = base_pa + size - 1U;
675 uintptr_t end_va = base_va + size - 1U;
676
677 if (!IS_PAGE_ALIGNED(base_pa) || !IS_PAGE_ALIGNED(base_va) ||
678 !IS_PAGE_ALIGNED(size))
679 return -EINVAL;
680
681 if ((granularity != XLAT_BLOCK_SIZE(1U)) &&
682 (granularity != XLAT_BLOCK_SIZE(2U)) &&
683 (granularity != XLAT_BLOCK_SIZE(3U))) {
684 return -EINVAL;
685 }
686
687 /* Check for overflows */
688 if ((base_pa > end_pa) || (base_va > end_va))
689 return -ERANGE;
690
691 if (end_va > ctx->va_max_address)
692 return -ERANGE;
693
694 if (end_pa > ctx->pa_max_address)
695 return -ERANGE;
696
697 /* Check that there is space in the ctx->mmap array */
698 if (ctx->mmap[ctx->mmap_num - 1].size != 0U)
699 return -ENOMEM;
700
701 /* Check for PAs and VAs overlaps with all other regions */
702 for (const mmap_region_t *mm_cursor = ctx->mmap;
703 mm_cursor->size != 0U; ++mm_cursor) {
704
705 uintptr_t mm_cursor_end_va = mm_cursor->base_va
706 + mm_cursor->size - 1U;
707
708 /*
709 * Check if one of the regions is completely inside the other
710 * one.
711 */
712 bool fully_overlapped_va =
713 ((base_va >= mm_cursor->base_va) &&
714 (end_va <= mm_cursor_end_va)) ||
715 ((mm_cursor->base_va >= base_va) &&
716 (mm_cursor_end_va <= end_va));
717
718 /*
719 * Full VA overlaps are only allowed if both regions are
720 * identity mapped (zero offset) or have the same VA to PA
721 * offset. Also, make sure that it's not the exact same area.
722 * This can only be done with static regions.
723 */
724 if (fully_overlapped_va) {
725
726 #if PLAT_XLAT_TABLES_DYNAMIC
727 if (((mm->attr & MT_DYNAMIC) != 0U) ||
728 ((mm_cursor->attr & MT_DYNAMIC) != 0U))
729 return -EPERM;
730 #endif /* PLAT_XLAT_TABLES_DYNAMIC */
731 if ((mm_cursor->base_va - mm_cursor->base_pa) !=
732 (base_va - base_pa))
733 return -EPERM;
734
735 if ((base_va == mm_cursor->base_va) &&
736 (size == mm_cursor->size))
737 return -EPERM;
738
739 } else {
740 /*
741 * If the regions do not have fully overlapping VAs,
742 * then they must have fully separated VAs and PAs.
743 * Partial overlaps are not allowed
744 */
745
746 unsigned long long mm_cursor_end_pa =
747 mm_cursor->base_pa + mm_cursor->size - 1U;
748
749 bool separated_pa = (end_pa < mm_cursor->base_pa) ||
750 (base_pa > mm_cursor_end_pa);
751 bool separated_va = (end_va < mm_cursor->base_va) ||
752 (base_va > mm_cursor_end_va);
753
754 if (!separated_va || !separated_pa)
755 return -EPERM;
756 }
757 }
758
759 return 0;
760 }
761
mmap_add_region_ctx(xlat_ctx_t * ctx,const mmap_region_t * mm)762 void mmap_add_region_ctx(xlat_ctx_t *ctx, const mmap_region_t *mm)
763 {
764 mmap_region_t *mm_cursor = ctx->mmap, *mm_destination;
765 const mmap_region_t *mm_end = ctx->mmap + ctx->mmap_num;
766 const mmap_region_t *mm_last;
767 unsigned long long end_pa = mm->base_pa + mm->size - 1U;
768 uintptr_t end_va = mm->base_va + mm->size - 1U;
769 int ret;
770
771 /* Ignore empty regions */
772 if (mm->size == 0U)
773 return;
774
775 /* Static regions must be added before initializing the xlat tables. */
776 assert(!ctx->initialized);
777
778 ret = mmap_add_region_check(ctx, mm);
779 if (ret != 0) {
780 ERROR("mmap_add_region_check() failed. error %d\n", ret);
781 assert(false);
782 return;
783 }
784
785 /*
786 * Find correct place in mmap to insert new region.
787 *
788 * 1 - Lower region VA end first.
789 * 2 - Smaller region size first.
790 *
791 * VA 0 0xFF
792 *
793 * 1st |------|
794 * 2nd |------------|
795 * 3rd |------|
796 * 4th |---|
797 * 5th |---|
798 * 6th |----------|
799 * 7th |-------------------------------------|
800 *
801 * This is required for overlapping regions only. It simplifies adding
802 * regions with the loop in xlat_tables_init_internal because the outer
803 * ones won't overwrite block or page descriptors of regions added
804 * previously.
805 *
806 * Overlapping is only allowed for static regions.
807 */
808
809 while (((mm_cursor->base_va + mm_cursor->size - 1U) < end_va)
810 && (mm_cursor->size != 0U)) {
811 ++mm_cursor;
812 }
813
814 while (((mm_cursor->base_va + mm_cursor->size - 1U) == end_va) &&
815 (mm_cursor->size != 0U) && (mm_cursor->size < mm->size)) {
816 ++mm_cursor;
817 }
818
819 /*
820 * Find the last entry marker in the mmap
821 */
822 mm_last = ctx->mmap;
823 while ((mm_last->size != 0U) && (mm_last < mm_end)) {
824 ++mm_last;
825 }
826
827 /*
828 * Check if we have enough space in the memory mapping table.
829 * This shouldn't happen as we have checked in mmap_add_region_check
830 * that there is free space.
831 */
832 assert(mm_last->size == 0U);
833
834 /* Make room for new region by moving other regions up by one place */
835 mm_destination = mm_cursor + 1;
836 (void)memmove(mm_destination, mm_cursor,
837 (uintptr_t)mm_last - (uintptr_t)mm_cursor);
838
839 /*
840 * Check we haven't lost the empty sentinel from the end of the array.
841 * This shouldn't happen as we have checked in mmap_add_region_check
842 * that there is free space.
843 */
844 assert(mm_end->size == 0U);
845
846 *mm_cursor = *mm;
847
848 if (end_pa > ctx->max_pa)
849 ctx->max_pa = end_pa;
850 if (end_va > ctx->max_va)
851 ctx->max_va = end_va;
852 }
853
854 /*
855 * Determine the table level closest to the initial lookup level that
856 * can describe this translation. Then, align base VA to the next block
857 * at the determined level.
858 */
mmap_alloc_va_align_ctx(xlat_ctx_t * ctx,mmap_region_t * mm)859 static void mmap_alloc_va_align_ctx(xlat_ctx_t *ctx, mmap_region_t *mm)
860 {
861 /*
862 * By or'ing the size and base PA the alignment will be the one
863 * corresponding to the smallest boundary of the two of them.
864 *
865 * There are three different cases. For example (for 4 KiB page size):
866 *
867 * +--------------+------------------++--------------+
868 * | PA alignment | Size multiple of || VA alignment |
869 * +--------------+------------------++--------------+
870 * | 2 MiB | 2 MiB || 2 MiB | (1)
871 * | 2 MiB | 4 KiB || 4 KiB | (2)
872 * | 4 KiB | 2 MiB || 4 KiB | (3)
873 * +--------------+------------------++--------------+
874 *
875 * - In (1), it is possible to take advantage of the alignment of the PA
876 * and the size of the region to use a level 2 translation table
877 * instead of a level 3 one.
878 *
879 * - In (2), the size is smaller than a block entry of level 2, so it is
880 * needed to use a level 3 table to describe the region or the library
881 * will map more memory than the desired one.
882 *
883 * - In (3), even though the region has the size of one level 2 block
884 * entry, it isn't possible to describe the translation with a level 2
885 * block entry because of the alignment of the base PA.
886 *
887 * Only bits 47:21 of a level 2 block descriptor are used by the MMU,
888 * bits 20:0 of the resulting address are 0 in this case. Because of
889 * this, the PA generated as result of this translation is aligned to
890 * 2 MiB. The PA that was requested to be mapped is aligned to 4 KiB,
891 * though, which means that the resulting translation is incorrect.
892 * The only way to prevent this is by using a finer granularity.
893 */
894 unsigned long long align_check;
895
896 align_check = mm->base_pa | (unsigned long long)mm->size;
897
898 /*
899 * Assume it is always aligned to level 3. There's no need to check that
900 * level because its block size is PAGE_SIZE. The checks to verify that
901 * the addresses and size are aligned to PAGE_SIZE are inside
902 * mmap_add_region.
903 */
904 for (unsigned int level = ctx->base_level; level <= 2U; ++level) {
905
906 if ((align_check & XLAT_BLOCK_MASK(level)) != 0U)
907 continue;
908
909 mm->base_va = round_up(mm->base_va, XLAT_BLOCK_SIZE(level));
910 return;
911 }
912 }
913
mmap_add_region_alloc_va_ctx(xlat_ctx_t * ctx,mmap_region_t * mm)914 void mmap_add_region_alloc_va_ctx(xlat_ctx_t *ctx, mmap_region_t *mm)
915 {
916 mm->base_va = ctx->max_va + 1UL;
917
918 assert(mm->size > 0U);
919
920 mmap_alloc_va_align_ctx(ctx, mm);
921
922 /* Detect overflows. More checks are done in mmap_add_region_check(). */
923 assert(mm->base_va > ctx->max_va);
924
925 mmap_add_region_ctx(ctx, mm);
926 }
927
mmap_add_ctx(xlat_ctx_t * ctx,const mmap_region_t * mm)928 void mmap_add_ctx(xlat_ctx_t *ctx, const mmap_region_t *mm)
929 {
930 const mmap_region_t *mm_cursor = mm;
931
932 while (mm_cursor->granularity != 0U) {
933 mmap_add_region_ctx(ctx, mm_cursor);
934 mm_cursor++;
935 }
936 }
937
938 #if PLAT_XLAT_TABLES_DYNAMIC
939
mmap_add_dynamic_region_ctx(xlat_ctx_t * ctx,mmap_region_t * mm)940 int mmap_add_dynamic_region_ctx(xlat_ctx_t *ctx, mmap_region_t *mm)
941 {
942 mmap_region_t *mm_cursor = ctx->mmap;
943 const mmap_region_t *mm_last = mm_cursor + ctx->mmap_num;
944 unsigned long long end_pa = mm->base_pa + mm->size - 1U;
945 uintptr_t end_va = mm->base_va + mm->size - 1U;
946 int ret;
947
948 /* Nothing to do */
949 if (mm->size == 0U)
950 return 0;
951
952 /* Now this region is a dynamic one */
953 mm->attr |= MT_DYNAMIC;
954
955 ret = mmap_add_region_check(ctx, mm);
956 if (ret != 0)
957 return ret;
958
959 /*
960 * Find the adequate entry in the mmap array in the same way done for
961 * static regions in mmap_add_region_ctx().
962 */
963
964 while (((mm_cursor->base_va + mm_cursor->size - 1U) < end_va)
965 && (mm_cursor->size != 0U)) {
966 ++mm_cursor;
967 }
968
969 while (((mm_cursor->base_va + mm_cursor->size - 1U) == end_va) &&
970 (mm_cursor->size != 0U) && (mm_cursor->size < mm->size)) {
971 ++mm_cursor;
972 }
973
974 /* Make room for new region by moving other regions up by one place */
975 (void)memmove(mm_cursor + 1U, mm_cursor,
976 (uintptr_t)mm_last - (uintptr_t)mm_cursor);
977
978 /*
979 * Check we haven't lost the empty sentinal from the end of the array.
980 * This shouldn't happen as we have checked in mmap_add_region_check
981 * that there is free space.
982 */
983 assert(mm_last->size == 0U);
984
985 *mm_cursor = *mm;
986
987 /*
988 * Update the translation tables if the xlat tables are initialized. If
989 * not, this region will be mapped when they are initialized.
990 */
991 if (ctx->initialized) {
992 end_va = xlat_tables_map_region(ctx, mm_cursor,
993 0U, ctx->base_table, ctx->base_table_entries,
994 ctx->base_level);
995 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
996 xlat_clean_dcache_range((uintptr_t)ctx->base_table,
997 ctx->base_table_entries * sizeof(uint64_t));
998 #endif
999 /* Failed to map, remove mmap entry, unmap and return error. */
1000 if (end_va != (mm_cursor->base_va + mm_cursor->size - 1U)) {
1001 (void)memmove(mm_cursor, mm_cursor + 1U,
1002 (uintptr_t)mm_last - (uintptr_t)mm_cursor);
1003
1004 /*
1005 * Check if the mapping function actually managed to map
1006 * anything. If not, just return now.
1007 */
1008 if (mm->base_va >= end_va)
1009 return -ENOMEM;
1010
1011 /*
1012 * Something went wrong after mapping some table
1013 * entries, undo every change done up to this point.
1014 */
1015 mmap_region_t unmap_mm = {
1016 .base_pa = 0U,
1017 .base_va = mm->base_va,
1018 .size = end_va - mm->base_va,
1019 .attr = 0U
1020 };
1021 xlat_tables_unmap_region(ctx, &unmap_mm, 0U,
1022 ctx->base_table, ctx->base_table_entries,
1023 ctx->base_level);
1024 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
1025 xlat_clean_dcache_range((uintptr_t)ctx->base_table,
1026 ctx->base_table_entries * sizeof(uint64_t));
1027 #endif
1028 return -ENOMEM;
1029 }
1030
1031 /*
1032 * Make sure that all entries are written to the memory. There
1033 * is no need to invalidate entries when mapping dynamic regions
1034 * because new table/block/page descriptors only replace old
1035 * invalid descriptors, that aren't TLB cached.
1036 */
1037 dsbishst();
1038 }
1039
1040 if (end_pa > ctx->max_pa)
1041 ctx->max_pa = end_pa;
1042 if (end_va > ctx->max_va)
1043 ctx->max_va = end_va;
1044
1045 return 0;
1046 }
1047
mmap_add_dynamic_region_alloc_va_ctx(xlat_ctx_t * ctx,mmap_region_t * mm)1048 int mmap_add_dynamic_region_alloc_va_ctx(xlat_ctx_t *ctx, mmap_region_t *mm)
1049 {
1050 mm->base_va = ctx->max_va + 1UL;
1051
1052 if (mm->size == 0U)
1053 return 0;
1054
1055 mmap_alloc_va_align_ctx(ctx, mm);
1056
1057 /* Detect overflows. More checks are done in mmap_add_region_check(). */
1058 if (mm->base_va < ctx->max_va) {
1059 return -ENOMEM;
1060 }
1061
1062 return mmap_add_dynamic_region_ctx(ctx, mm);
1063 }
1064
1065 /*
1066 * Removes the region with given base Virtual Address and size from the given
1067 * context.
1068 *
1069 * Returns:
1070 * 0: Success.
1071 * EINVAL: Invalid values were used as arguments (region not found).
1072 * EPERM: Tried to remove a static region.
1073 */
mmap_remove_dynamic_region_ctx(xlat_ctx_t * ctx,uintptr_t base_va,size_t size)1074 int mmap_remove_dynamic_region_ctx(xlat_ctx_t *ctx, uintptr_t base_va,
1075 size_t size)
1076 {
1077 mmap_region_t *mm = ctx->mmap;
1078 const mmap_region_t *mm_last = mm + ctx->mmap_num;
1079 int update_max_va_needed = 0;
1080 int update_max_pa_needed = 0;
1081
1082 /* Check sanity of mmap array. */
1083 assert(mm[ctx->mmap_num].size == 0U);
1084
1085 while (mm->size != 0U) {
1086 if ((mm->base_va == base_va) && (mm->size == size))
1087 break;
1088 ++mm;
1089 }
1090
1091 /* Check that the region was found */
1092 if (mm->size == 0U)
1093 return -EINVAL;
1094
1095 /* If the region is static it can't be removed */
1096 if ((mm->attr & MT_DYNAMIC) == 0U)
1097 return -EPERM;
1098
1099 /* Check if this region is using the top VAs or PAs. */
1100 if ((mm->base_va + mm->size - 1U) == ctx->max_va)
1101 update_max_va_needed = 1;
1102 if ((mm->base_pa + mm->size - 1U) == ctx->max_pa)
1103 update_max_pa_needed = 1;
1104
1105 /* Update the translation tables if needed */
1106 if (ctx->initialized) {
1107 xlat_tables_unmap_region(ctx, mm, 0U, ctx->base_table,
1108 ctx->base_table_entries,
1109 ctx->base_level);
1110 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
1111 xlat_clean_dcache_range((uintptr_t)ctx->base_table,
1112 ctx->base_table_entries * sizeof(uint64_t));
1113 #endif
1114 xlat_arch_tlbi_va_sync();
1115 }
1116
1117 /* Remove this region by moving the rest down by one place. */
1118 (void)memmove(mm, mm + 1U, (uintptr_t)mm_last - (uintptr_t)mm);
1119
1120 /* Check if we need to update the max VAs and PAs */
1121 if (update_max_va_needed == 1) {
1122 ctx->max_va = 0U;
1123 mm = ctx->mmap;
1124 while (mm->size != 0U) {
1125 if ((mm->base_va + mm->size - 1U) > ctx->max_va)
1126 ctx->max_va = mm->base_va + mm->size - 1U;
1127 ++mm;
1128 }
1129 }
1130
1131 if (update_max_pa_needed == 1) {
1132 ctx->max_pa = 0U;
1133 mm = ctx->mmap;
1134 while (mm->size != 0U) {
1135 if ((mm->base_pa + mm->size - 1U) > ctx->max_pa)
1136 ctx->max_pa = mm->base_pa + mm->size - 1U;
1137 ++mm;
1138 }
1139 }
1140
1141 return 0;
1142 }
1143
xlat_setup_dynamic_ctx(xlat_ctx_t * ctx,unsigned long long pa_max,uintptr_t va_max,struct mmap_region * mmap,unsigned int mmap_num,uint64_t ** tables,unsigned int tables_num,uint64_t * base_table,int xlat_regime,int * mapped_regions)1144 void xlat_setup_dynamic_ctx(xlat_ctx_t *ctx, unsigned long long pa_max,
1145 uintptr_t va_max, struct mmap_region *mmap,
1146 unsigned int mmap_num, uint64_t **tables,
1147 unsigned int tables_num, uint64_t *base_table,
1148 int xlat_regime, int *mapped_regions)
1149 {
1150 ctx->xlat_regime = xlat_regime;
1151
1152 ctx->pa_max_address = pa_max;
1153 ctx->va_max_address = va_max;
1154
1155 ctx->mmap = mmap;
1156 ctx->mmap_num = mmap_num;
1157 memset(ctx->mmap, 0, sizeof(struct mmap_region) * mmap_num);
1158
1159 ctx->tables = (void *) tables;
1160 ctx->tables_num = tables_num;
1161
1162 uintptr_t va_space_size = va_max + 1;
1163 ctx->base_level = GET_XLAT_TABLE_LEVEL_BASE(va_space_size);
1164 ctx->base_table = base_table;
1165 ctx->base_table_entries = GET_NUM_BASE_LEVEL_ENTRIES(va_space_size);
1166
1167 ctx->tables_mapped_regions = mapped_regions;
1168
1169 ctx->max_pa = 0;
1170 ctx->max_va = 0;
1171 ctx->initialized = 0;
1172 }
1173
1174 #endif /* PLAT_XLAT_TABLES_DYNAMIC */
1175
init_xlat_tables_ctx(xlat_ctx_t * ctx)1176 void __init init_xlat_tables_ctx(xlat_ctx_t *ctx)
1177 {
1178 assert(ctx != NULL);
1179 assert(!ctx->initialized);
1180 assert((ctx->xlat_regime == EL3_REGIME) ||
1181 (ctx->xlat_regime == EL2_REGIME) ||
1182 (ctx->xlat_regime == EL1_EL0_REGIME));
1183 assert(!is_mmu_enabled_ctx(ctx));
1184
1185 mmap_region_t *mm = ctx->mmap;
1186
1187 assert(ctx->va_max_address >=
1188 (xlat_get_min_virt_addr_space_size() - 1U));
1189 assert(ctx->va_max_address <= (MAX_VIRT_ADDR_SPACE_SIZE - 1U));
1190 assert(IS_POWER_OF_TWO(ctx->va_max_address + 1U));
1191
1192 xlat_mmap_print(mm);
1193
1194 /* All tables must be zeroed before mapping any region. */
1195
1196 for (unsigned int i = 0U; i < ctx->base_table_entries; i++)
1197 ctx->base_table[i] = INVALID_DESC;
1198
1199 for (int j = 0; j < ctx->tables_num; j++) {
1200 #if PLAT_XLAT_TABLES_DYNAMIC
1201 ctx->tables_mapped_regions[j] = 0;
1202 #endif
1203 for (unsigned int i = 0U; i < XLAT_TABLE_ENTRIES; i++)
1204 ctx->tables[j][i] = INVALID_DESC;
1205 }
1206
1207 while (mm->size != 0U) {
1208 uintptr_t end_va = xlat_tables_map_region(ctx, mm, 0U,
1209 ctx->base_table, ctx->base_table_entries,
1210 ctx->base_level);
1211 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
1212 xlat_clean_dcache_range((uintptr_t)ctx->base_table,
1213 ctx->base_table_entries * sizeof(uint64_t));
1214 #endif
1215 if (end_va != (mm->base_va + mm->size - 1U)) {
1216 ERROR("Not enough memory to map region:\n"
1217 " VA:0x%lx PA:0x%llx size:0x%zx attr:0x%x\n",
1218 mm->base_va, mm->base_pa, mm->size, mm->attr);
1219 panic();
1220 }
1221
1222 mm++;
1223 }
1224
1225 assert(ctx->pa_max_address <= xlat_arch_get_max_supported_pa());
1226 assert(ctx->max_va <= ctx->va_max_address);
1227 assert(ctx->max_pa <= ctx->pa_max_address);
1228
1229 ctx->initialized = true;
1230
1231 xlat_tables_print(ctx);
1232 }
1233