/* * Copyright (c) 2019-2020 LK Trusty Authors. All Rights Reserved. * Copyright (c) 2022, Arm Limited. All rights reserved. * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files * (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ #define LOCAL_TRACE 0 #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static enum arm_ffa_init_state ffa_init_state = ARM_FFA_INIT_UNINIT; static uint32_t ffa_version; static uint16_t ffa_local_id; static size_t ffa_buf_size; static void* ffa_tx; static void* ffa_rx; static bool supports_ns_bit = false; static bool supports_rx_release = false; static bool console_log_is_unsupported; static mutex_t ffa_rxtx_buffer_lock = MUTEX_INITIAL_VALUE(ffa_rxtx_buffer_lock); #if ARCH_ARM64 static bool send_direct_req2_is_unsupported; static struct bst_root arm_ffa_direct_req2_handler_tree = BST_ROOT_INITIAL_VALUE; static spin_lock_t arm_ffa_direct_req2_tree_lock = SPIN_LOCK_INITIAL_VALUE; /** * struct arm_ffa_direct_req2_bst_obj - Binary search tree object for * ffa_direct_req2 handler * @bst_node: BST node * @uuid_lo_hi: Array that holds UUID as two 64 bit words * uuid_lo_hi[0] is what the FFA spec labels "Lo" - bytes [0-7] * uuid_lo_hi[1] is what the FFA spec labels "Hi" - bytes [8-15] * @handler: Pointer to FFA_DIRECT_REQ2 handler function */ struct arm_ffa_direct_req2_bst_obj { struct bst_node bst_node; uint64_t uuid_lo_hi[2]; arm_ffa_direct_req2_handler_t handler; }; static int arm_ffa_direct_req2_handler_compare(struct bst_node* a, struct bst_node* b); #endif /** * uuid_to_le64_pair() - convert uuid_t to (lo, hi)-pair per FFA spec. * * @uuid_lo_hi: Must be an array large enough to store a pair of 64-bit values. * These output elements are little-endian encoded. Upon function return, * uuid_lo_hi[0] contains what the FFA spec labels "Lo" - bytes [0-7], and * uuid_lo_hi[1] contains what the FFA spec labels "Hi" - bytes [8-15]. */ static inline void uuid_to_le64_pair(uuid_t uuid_obj, uint64_t uuid_lo_hi[static 2]) { uuid_lo_hi[0] = (((uint64_t)__bswap16(uuid_obj.time_hi_and_version) << 48) | ((uint64_t)__bswap16(uuid_obj.time_mid) << 32) | ((uint64_t)__bswap32(uuid_obj.time_low))); for (int i = 0; i < 8; i++) { uuid_lo_hi[1] |= ((uint64_t)uuid_obj.clock_seq_and_node[i]) << (i * 8); } } #if ARCH_ARM64 status_t arm_ffa_register_direct_req2_handler( uuid_t uuid, arm_ffa_direct_req2_handler_t handler) { struct arm_ffa_direct_req2_bst_obj* obj; obj = calloc(1, sizeof(*obj)); if (!obj) { LTRACEF("ERROR: not enough memory for direct_req2 handler\n"); return ERR_NO_MEMORY; } uuid_to_le64_pair(uuid, obj->uuid_lo_hi); obj->handler = handler; spin_lock(&arm_ffa_direct_req2_tree_lock); if (!bst_insert(&arm_ffa_direct_req2_handler_tree, &obj->bst_node, arm_ffa_direct_req2_handler_compare)) { spin_unlock(&arm_ffa_direct_req2_tree_lock); free(obj); LTRACEF("ERROR: couldn't insert direct_req2 hander into BST\n"); return ERR_ALREADY_EXISTS; } else { spin_unlock(&arm_ffa_direct_req2_tree_lock); return 0; } } static int arm_ffa_direct_req2_handler_compare(struct bst_node* a, struct bst_node* b) { struct arm_ffa_direct_req2_bst_obj* obj_a = containerof(a, struct arm_ffa_direct_req2_bst_obj, bst_node); struct arm_ffa_direct_req2_bst_obj* obj_b = containerof(b, struct arm_ffa_direct_req2_bst_obj, bst_node); return memcmp(obj_a->uuid_lo_hi, obj_b->uuid_lo_hi, sizeof(obj_a->uuid_lo_hi)); } status_t arm_ffa_handle_direct_req2(struct smc_ret18* regs) { struct arm_ffa_direct_req2_bst_obj search_obj; struct arm_ffa_direct_req2_bst_obj* found_obj; uint16_t sender_id = (regs->r1 >> 16) & 0xffff; search_obj.uuid_lo_hi[0] = regs->r2; search_obj.uuid_lo_hi[1] = regs->r3; spin_lock(&arm_ffa_direct_req2_tree_lock); found_obj = bst_search_type(&arm_ffa_direct_req2_handler_tree, &search_obj, arm_ffa_direct_req2_handler_compare, struct arm_ffa_direct_req2_bst_obj, bst_node); spin_unlock(&arm_ffa_direct_req2_tree_lock); if (found_obj) { return found_obj->handler(sender_id, ®s->r4); } else { LTRACEF("Error: No handler for UUID 0x%016lx 0x%016lx for sender %d\n", regs->r2, regs->r3, sender_id); return ERR_NOT_FOUND; } } #endif enum arm_ffa_init_state arm_ffa_init_state(void) { return ffa_init_state; } static status_t arm_ffa_call_id_get(uint16_t* id) { struct smc_ret8 smc_ret; smc_ret = smc8(SMC_FC_FFA_ID_GET, 0, 0, 0, 0, 0, 0, 0); switch ((uint32_t)smc_ret.r0) { case SMC_FC_FFA_SUCCESS: case SMC_FC64_FFA_SUCCESS: if (smc_ret.r2 & ~0xFFFFUL) { TRACEF("Unexpected FFA_ID_GET result: %lx\n", smc_ret.r2); return ERR_NOT_VALID; } *id = (uint16_t)(smc_ret.r2 & 0xFFFF); return NO_ERROR; case SMC_FC_FFA_ERROR: if ((int32_t)smc_ret.r2 == FFA_ERROR_NOT_SUPPORTED) { return ERR_NOT_SUPPORTED; } else { TRACEF("Unexpected FFA_ERROR: %lx\n", smc_ret.r2); return ERR_NOT_VALID; } default: TRACEF("Unexpected FFA SMC: %lx\n", smc_ret.r0); return ERR_NOT_VALID; } } static status_t arm_ffa_call_version(uint16_t major, uint16_t minor, uint16_t* major_ret, uint16_t* minor_ret) { struct smc_ret8 smc_ret; uint32_t version = FFA_VERSION(major, minor); /* Bit 31 must be cleared. */ ASSERT(!(version >> 31)); smc_ret = smc8(SMC_FC_FFA_VERSION, version, 0, 0, 0, 0, 0, 0); if ((int32_t)smc_ret.r0 == FFA_ERROR_NOT_SUPPORTED) { return ERR_NOT_SUPPORTED; } *major_ret = FFA_VERSION_TO_MAJOR(smc_ret.r0); *minor_ret = FFA_VERSION_TO_MINOR(smc_ret.r0); return NO_ERROR; } /* TODO: When adding support for FFA version 1.1 feature ids should be added. */ static status_t arm_ffa_call_features(ulong id, bool* is_implemented, ffa_features2_t* features2, ffa_features3_t* features3) { struct smc_ret8 smc_ret; ASSERT(is_implemented); /* * According to the FF-A spec section "Discovery of NS bit usage", * NS_BIT is optionally set by a v1.0 SP such as Trusty, and must * be set by a v1.1+ SP. Here, we set it unconditionally for the * relevant feature. */ bool request_ns_bit = (id == SMC_FC_FFA_MEM_RETRIEVE_REQ) || (id == SMC_FC64_FFA_MEM_RETRIEVE_REQ); smc_ret = smc8(SMC_FC_FFA_FEATURES, id, request_ns_bit ? FFA_FEATURES2_MEM_RETRIEVE_REQ_NS_BIT : 0, 0, 0, 0, 0, 0); switch ((uint32_t)smc_ret.r0) { case SMC_FC_FFA_SUCCESS: case SMC_FC64_FFA_SUCCESS: *is_implemented = true; if (features2) { *features2 = (ffa_features2_t)smc_ret.r2; } if (features3) { *features3 = (ffa_features3_t)smc_ret.r3; } return NO_ERROR; case SMC_FC_FFA_ERROR: if ((int32_t)smc_ret.r2 == FFA_ERROR_NOT_SUPPORTED) { *is_implemented = false; return NO_ERROR; } else { TRACEF("Unexpected FFA_ERROR: %lx\n", smc_ret.r2); return ERR_NOT_VALID; } default: TRACEF("Unexpected FFA SMC: %lx\n", smc_ret.r0); return ERR_NOT_VALID; } } /* * Call with ffa_rxtx_buffer_lock acquired and the ffa_tx buffer already * populated with struct ffa_mtd_common. Transmit in a single fragment. */ static status_t arm_ffa_call_mem_retrieve_req(uint32_t* total_len, uint32_t* fragment_len) { struct smc_ret8 smc_ret; struct ffa_mtd_v1_0* req_v1_0 = ffa_tx; struct ffa_mtd_v1_1* req_v1_1 = ffa_tx; size_t len; DEBUG_ASSERT(is_mutex_held(&ffa_rxtx_buffer_lock)); if (ffa_version < FFA_VERSION(1, 1)) { len = offsetof(struct ffa_mtd_v1_0, emad[0]) + req_v1_0->emad_count * sizeof(struct ffa_emad); } else { len = req_v1_1->emad_offset + req_v1_1->emad_count * req_v1_1->emad_size; } smc_ret = smc8(SMC_FC_FFA_MEM_RETRIEVE_REQ, len, len, 0, 0, 0, 0, 0); int32_t error; switch ((uint32_t)smc_ret.r0) { case SMC_FC_FFA_MEM_RETRIEVE_RESP: if (total_len) { *total_len = (uint32_t)smc_ret.r1; } if (fragment_len) { *fragment_len = (uint32_t)smc_ret.r2; } return NO_ERROR; case SMC_FC_FFA_ERROR: error = (int32_t)smc_ret.r2; switch (error) { case FFA_ERROR_NOT_SUPPORTED: return ERR_NOT_SUPPORTED; case FFA_ERROR_INVALID_PARAMETERS: return ERR_INVALID_ARGS; case FFA_ERROR_NO_MEMORY: return ERR_NO_MEMORY; case FFA_ERROR_DENIED: return ERR_BAD_STATE; case FFA_ERROR_ABORTED: return ERR_CANCELLED; default: TRACEF("Unknown error: 0x%x\n", error); return ERR_NOT_VALID; } default: return ERR_NOT_VALID; } } static status_t arm_ffa_call_mem_frag_rx(uint64_t handle, uint32_t offset, uint32_t* fragment_len) { struct smc_ret8 smc_ret; DEBUG_ASSERT(is_mutex_held(&ffa_rxtx_buffer_lock)); smc_ret = smc8(SMC_FC_FFA_MEM_FRAG_RX, (uint32_t)handle, handle >> 32, offset, 0, 0, 0, 0); /* FRAG_RX is followed by FRAG_TX on successful completion. */ switch ((uint32_t)smc_ret.r0) { case SMC_FC_FFA_MEM_FRAG_TX: { uint64_t handle_out = (uint32_t)smc_ret.r1 | ((uint64_t)(uint32_t)smc_ret.r2 << 32); if (handle != handle_out) { TRACEF("Handle for response doesn't match the request, %" PRId64 " != %" PRId64, handle, handle_out); return ERR_NOT_VALID; } *fragment_len = smc_ret.r3; return NO_ERROR; } case SMC_FC_FFA_ERROR: switch ((int32_t)smc_ret.r2) { case FFA_ERROR_NOT_SUPPORTED: return ERR_NOT_SUPPORTED; case FFA_ERROR_INVALID_PARAMETERS: return ERR_INVALID_ARGS; case FFA_ERROR_ABORTED: return ERR_CANCELLED; default: TRACEF("Unexpected error %d\n", (int32_t)smc_ret.r2); return ERR_NOT_VALID; } default: TRACEF("Unexpected function id returned 0x%08lx\n", smc_ret.r0); return ERR_NOT_VALID; } } static status_t arm_ffa_call_mem_share(size_t num_comp_mrd, size_t num_cons_mrd, uint32_t* total_len, uint32_t* fragment_len, uint64_t* handle) { struct smc_ret8 smc_ret; struct ffa_mtd_v1_0* req_v1_0 = ffa_tx; struct ffa_mtd_v1_1* req_v1_1 = ffa_tx; size_t len; int32_t error; DEBUG_ASSERT(is_mutex_held(&ffa_rxtx_buffer_lock)); if (ffa_version < FFA_VERSION(1, 1)) { len = offsetof(struct ffa_mtd_v1_0, emad[0]) + (req_v1_0->emad_count * sizeof(struct ffa_emad)) + (num_comp_mrd * sizeof(struct ffa_comp_mrd)) + (num_cons_mrd * sizeof(struct ffa_cons_mrd)); } else { len = req_v1_1->emad_offset + (req_v1_1->emad_count * req_v1_1->emad_size) + (num_comp_mrd * sizeof(struct ffa_comp_mrd)) + (num_cons_mrd * sizeof(struct ffa_cons_mrd)); } /* w3 and w4 MBZ since tx buffer is used, the rest SBZ */ smc_ret = smc8(SMC_FC64_FFA_MEM_SHARE, len, len, 0, 0, 0, 0, 0); switch ((uint32_t)smc_ret.r0) { case SMC_FC_FFA_SUCCESS: if (total_len) { *total_len = (uint32_t)smc_ret.r1; } if (fragment_len) { *fragment_len = (uint32_t)smc_ret.r2; } if (handle) { *handle = (uint32_t)smc_ret.r2; *handle |= ((uint64_t)smc_ret.r3) << 32; } return NO_ERROR; case SMC_FC_FFA_ERROR: error = (int32_t)smc_ret.r2; switch (error) { case FFA_ERROR_INVALID_PARAMETERS: return ERR_NOT_SUPPORTED; case FFA_ERROR_DENIED: return ERR_BAD_STATE; case FFA_ERROR_NO_MEMORY: return ERR_NO_MEMORY; case FFA_ERROR_BUSY: return ERR_BUSY; case FFA_ERROR_ABORTED: return ERR_CANCELLED; default: TRACEF("Unexpected error: 0x%x\n", error); return ERR_NOT_VALID; } default: return ERR_NOT_VALID; } } static status_t arm_ffa_call_mem_relinquish( uint64_t handle, uint32_t flags, uint32_t endpoint_count, const ffa_endpoint_id16_t* endpoints) { struct smc_ret8 smc_ret; struct ffa_mem_relinquish_descriptor* req = ffa_tx; if (!req) { TRACEF("ERROR: no FF-A tx buffer\n"); return ERR_NOT_CONFIGURED; } ASSERT(endpoint_count <= (ffa_buf_size - sizeof(struct ffa_mem_relinquish_descriptor)) / sizeof(ffa_endpoint_id16_t)); mutex_acquire(&ffa_rxtx_buffer_lock); req->handle = handle; req->flags = flags; req->endpoint_count = endpoint_count; memcpy(req->endpoint_array, endpoints, endpoint_count * sizeof(ffa_endpoint_id16_t)); smc_ret = smc8(SMC_FC_FFA_MEM_RELINQUISH, 0, 0, 0, 0, 0, 0, 0); mutex_release(&ffa_rxtx_buffer_lock); switch ((uint32_t)smc_ret.r0) { case SMC_FC_FFA_SUCCESS: case SMC_FC64_FFA_SUCCESS: return NO_ERROR; case SMC_FC_FFA_ERROR: switch ((int32_t)smc_ret.r2) { case FFA_ERROR_NOT_SUPPORTED: return ERR_NOT_SUPPORTED; case FFA_ERROR_INVALID_PARAMETERS: return ERR_INVALID_ARGS; case FFA_ERROR_NO_MEMORY: return ERR_NO_MEMORY; case FFA_ERROR_DENIED: return ERR_BAD_STATE; case FFA_ERROR_ABORTED: return ERR_CANCELLED; default: TRACEF("Unexpected FFA_ERROR: %lx\n", smc_ret.r2); return ERR_NOT_VALID; } default: TRACEF("Unexpected FFA SMC: %lx\n", smc_ret.r0); return ERR_NOT_VALID; } } static status_t arm_ffa_call_rxtx_map(paddr_t tx_paddr, paddr_t rx_paddr, size_t page_count) { struct smc_ret8 smc_ret; /* Page count specified in bits [0:5] */ ASSERT(page_count); ASSERT(page_count < (1 << 6)); #if ARCH_ARM64 smc_ret = smc8(SMC_FC64_FFA_RXTX_MAP, tx_paddr, rx_paddr, page_count, 0, 0, 0, 0); #else smc_ret = smc8(SMC_FC_FFA_RXTX_MAP, tx_paddr, rx_paddr, page_count, 0, 0, 0, 0); #endif switch ((uint32_t)smc_ret.r0) { case SMC_FC_FFA_SUCCESS: case SMC_FC64_FFA_SUCCESS: return NO_ERROR; case SMC_FC_FFA_ERROR: switch ((int32_t)smc_ret.r2) { case FFA_ERROR_NOT_SUPPORTED: return ERR_NOT_SUPPORTED; case FFA_ERROR_INVALID_PARAMETERS: return ERR_INVALID_ARGS; case FFA_ERROR_NO_MEMORY: return ERR_NO_MEMORY; case FFA_ERROR_DENIED: return ERR_ALREADY_EXISTS; default: TRACEF("Unexpected FFA_ERROR: %lx\n", smc_ret.r2); return ERR_NOT_VALID; } default: TRACEF("Unexpected FFA SMC: %lx\n", smc_ret.r0); return ERR_NOT_VALID; } } static status_t arm_ffa_call_rx_release(void) { struct smc_ret8 smc_ret; DEBUG_ASSERT(is_mutex_held(&ffa_rxtx_buffer_lock)); smc_ret = smc8(SMC_FC_FFA_RX_RELEASE, 0, 0, 0, 0, 0, 0, 0); switch ((uint32_t)smc_ret.r0) { case SMC_FC_FFA_SUCCESS: case SMC_FC64_FFA_SUCCESS: return NO_ERROR; case SMC_FC_FFA_ERROR: switch ((int32_t)smc_ret.r2) { case FFA_ERROR_NOT_SUPPORTED: return ERR_NOT_SUPPORTED; case FFA_ERROR_DENIED: return ERR_BAD_STATE; default: return ERR_NOT_VALID; } default: return ERR_NOT_VALID; } } #if WITH_SMP static status_t ffa_call_secondary_ep_register(void) { struct smc_ret8 smc_ret; paddr_t secondary_ep_paddr; extern char _start[]; secondary_ep_paddr = vaddr_to_paddr(_start); smc_ret = smc8(SMC_FC64_FFA_SECONDARY_EP_REGISTER, secondary_ep_paddr, 0, 0, 0, 0, 0, 0); switch ((uint32_t)smc_ret.r0) { case SMC_FC_FFA_SUCCESS: case SMC_FC64_FFA_SUCCESS: return NO_ERROR; case SMC_FC_FFA_ERROR: switch ((int32_t)smc_ret.r2) { case FFA_ERROR_NOT_SUPPORTED: return ERR_NOT_SUPPORTED; case FFA_ERROR_INVALID_PARAMETERS: return ERR_INVALID_ARGS; default: return ERR_NOT_VALID; } case SMC_UNKNOWN: return ERR_NOT_SUPPORTED; default: return ERR_NOT_VALID; } } #endif /* WITH_SMP */ struct smc_ret18 arm_ffa_call_error(enum ffa_error err) { long target = 0; /* Target must be zero (MBZ) at secure FF-A instances */ return smc8_ret18(SMC_FC_FFA_ERROR, target, (ulong)err, 0, 0, 0, 0, 0); } struct smc_ret18 arm_ffa_call_msg_wait(void) { return smc8_ret18(SMC_FC_FFA_MSG_WAIT, 0, 0, 0, 0, 0, 0, 0); } struct smc_ret18 arm_ffa_msg_send_direct_resp( const struct smc_ret18* direct_req_regs, ulong a0, ulong a1, ulong a2, ulong a3, ulong a4) { uint32_t sender_receiver_id; uint32_t flags; DEBUG_ASSERT(direct_req_regs); /* Copy and flip the sender from the direct message request */ sender_receiver_id = ((uint32_t)direct_req_regs->r1 >> 16) | ((uint32_t)ffa_local_id << 16); /* Copy the flags as well */ flags = direct_req_regs->r2; switch ((uint32_t)direct_req_regs->r0) { case SMC_FC_FFA_MSG_SEND_DIRECT_REQ: return smc8_ret18(SMC_FC_FFA_MSG_SEND_DIRECT_RESP, sender_receiver_id, flags, a0, a1, a2, a3, a4); case SMC_FC64_FFA_MSG_SEND_DIRECT_REQ: return smc8_ret18(SMC_FC64_FFA_MSG_SEND_DIRECT_RESP, sender_receiver_id, flags, a0, a1, a2, a3, a4); default: dprintf(CRITICAL, "Invalid direct request function id %lx\n", direct_req_regs->r0); return arm_ffa_call_error(FFA_ERROR_INVALID_PARAMETERS); } __UNREACHABLE; } struct smc_ret18 arm_ffa_msg_send_direct_resp2( const struct smc_ret18* direct_req_regs, uint64_t args[static ARM_FFA_MSG_EXTENDED_ARGS_COUNT]) { uint32_t sender_receiver_id; DEBUG_ASSERT(direct_req_regs); DEBUG_ASSERT(args); if ((uint32_t)direct_req_regs->r0 != SMC_FC64_FFA_MSG_SEND_DIRECT_REQ2) { dprintf(CRITICAL, "Invalid direct request function id %x\n", (uint32_t)direct_req_regs->r0); return arm_ffa_call_error(FFA_ERROR_INVALID_PARAMETERS); } /* Copy and flip the sender from the direct message request */ sender_receiver_id = (direct_req_regs->r1 >> 16) | ((uint32_t)ffa_local_id << 16); return smc18(SMC_FC64_FFA_MSG_SEND_DIRECT_RESP2, sender_receiver_id, 0, 0, args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7], args[8], args[9], args[10], args[11], args[12], args[13]); } #if ARCH_ARM64 status_t arm_ffa_msg_send_direct_req2( uuid_t uuid, uint16_t receiver_id, uint64_t args[static ARM_FFA_MSG_EXTENDED_ARGS_COUNT], struct smc_ret18* resp) { struct smc_ret18 smc_ret; uint64_t uuid_lo_hi[2]; uint32_t fid = SMC_FC64_FFA_MSG_SEND_DIRECT_REQ2; uint32_t sender_receiver_id = ((uint32_t)ffa_local_id << 16) | receiver_id; if (send_direct_req2_is_unsupported) { return FFA_ERROR_NOT_SUPPORTED; } if (!args || !resp) { return ERR_INVALID_ARGS; } uuid_to_le64_pair(uuid, uuid_lo_hi); smc_ret = smc18(fid, sender_receiver_id, uuid_lo_hi[0], uuid_lo_hi[1], args[0], args[1], args[2], args[3], args[4], args[5], args[6], args[7], args[8], args[9], args[10], args[11], args[12], args[13]); switch ((uint32_t)smc_ret.r0) { case SMC_FC64_FFA_MSG_SEND_DIRECT_RESP2: *resp = smc_ret; return NO_ERROR; case SMC_FC_FFA_ERROR: switch ((int32_t)smc_ret.r2) { case FFA_ERROR_NOT_SUPPORTED: send_direct_req2_is_unsupported = true; return ERR_NOT_SUPPORTED; case FFA_ERROR_INVALID_PARAMETERS: dprintf(CRITICAL, "Invalid parameters for direct request2\n"); return ERR_INVALID_ARGS; default: return ERR_NOT_VALID; } case SMC_UNKNOWN: send_direct_req2_is_unsupported = true; return ERR_NOT_SUPPORTED; case SMC_FC_FFA_INTERRUPT: /* * SMC_FC_FFA_INTERRUPT or SMC_FC_FFA_YIELD can be returned per the FF-A * spec but it shouldn't happen when Trusty is the receiver of requests. */ panic("Received SMC_FC_FFA_INTERRUPT in response to direct request2"); case SMC_FC_FFA_YIELD: /* See previous case */ panic("Received SMC_FC_FFA_YIELD in response to direct request2"); default: dprintf(CRITICAL, "Unexpected response (%x) to direct request2\n", (uint32_t)smc_ret.r0); return ERR_NOT_VALID; } } #endif ssize_t arm_ffa_console_log(const char* buf, size_t len) { struct smc_ret8 smc_ret; if (console_log_is_unsupported) { return ERR_NOT_SUPPORTED; } if (!len) { /* Nothing to print, just return */ return 0; } if (len != 1) { /* TODO: support more than one character */ len = 1; } smc_ret = smc8(SMC_FC_FFA_CONSOLE_LOG, len, (ulong)buf[0], 0, 0, 0, 0, 0); switch ((uint32_t)smc_ret.r0) { case SMC_FC_FFA_SUCCESS: case SMC_FC64_FFA_SUCCESS: return len; case SMC_FC_FFA_ERROR: switch ((int32_t)smc_ret.r2) { case FFA_ERROR_NOT_SUPPORTED: console_log_is_unsupported = true; return ERR_NOT_SUPPORTED; case FFA_ERROR_INVALID_PARAMETERS: return ERR_INVALID_ARGS; case FFA_ERROR_RETRY: /* FFA_ERROR_RETRY returns how many characters were printed */ return (uint32_t)smc_ret.r3; default: return ERR_NOT_VALID; } case SMC_UNKNOWN: console_log_is_unsupported = true; return ERR_NOT_SUPPORTED; default: return ERR_NOT_VALID; } } static status_t arm_ffa_rx_release_is_implemented(bool* is_implemented) { bool is_implemented_val; status_t res = arm_ffa_call_features(SMC_FC_FFA_RX_RELEASE, &is_implemented_val, NULL, NULL); if (res != NO_ERROR) { TRACEF("Failed to query for feature FFA_RX_RELEASE, err = %d\n", res); return res; } if (is_implemented) { *is_implemented = is_implemented_val; } return NO_ERROR; } static status_t arm_ffa_rxtx_map_is_implemented(bool* is_implemented, size_t* buf_size_log2) { ffa_features2_t features2; bool is_implemented_val = false; status_t res; ASSERT(is_implemented); #if ARCH_ARM64 res = arm_ffa_call_features(SMC_FC64_FFA_RXTX_MAP, &is_implemented_val, &features2, NULL); #else res = arm_ffa_call_features(SMC_FC_FFA_RXTX_MAP, &is_implemented_val, &features2, NULL); #endif if (res != NO_ERROR) { TRACEF("Failed to query for feature FFA_RXTX_MAP, err = %d\n", res); return res; } if (!is_implemented_val) { *is_implemented = false; return NO_ERROR; } if (buf_size_log2) { ulong buf_size_id = features2 & FFA_FEATURES2_RXTX_MAP_BUF_SIZE_MASK; switch (buf_size_id) { case FFA_FEATURES2_RXTX_MAP_BUF_SIZE_4K: *buf_size_log2 = 12; break; case FFA_FEATURES2_RXTX_MAP_BUF_SIZE_16K: *buf_size_log2 = 14; break; case FFA_FEATURES2_RXTX_MAP_BUF_SIZE_64K: *buf_size_log2 = 16; break; default: TRACEF("Unexpected rxtx buffer size identifier: %lx\n", buf_size_id); return ERR_NOT_VALID; } } *is_implemented = true; return NO_ERROR; } static status_t arm_ffa_mem_retrieve_req_is_implemented( bool* is_implemented, bool* dyn_alloc_supp, bool* has_ns_bit, size_t* ref_count_num_bits) { ffa_features2_t features2; ffa_features3_t features3; bool is_implemented_val = false; status_t res; ASSERT(is_implemented); res = arm_ffa_call_features(SMC_FC_FFA_MEM_RETRIEVE_REQ, &is_implemented_val, &features2, &features3); if (res != NO_ERROR) { TRACEF("Failed to query for feature FFA_MEM_RETRIEVE_REQ, err = %d\n", res); return res; } if (!is_implemented_val) { *is_implemented = false; return NO_ERROR; } if (dyn_alloc_supp) { *dyn_alloc_supp = !!(features2 & FFA_FEATURES2_MEM_DYNAMIC_BUFFER); } if (has_ns_bit) { *has_ns_bit = !!(features2 & FFA_FEATURES2_MEM_RETRIEVE_REQ_NS_BIT); } if (ref_count_num_bits) { *ref_count_num_bits = (features3 & FFA_FEATURES3_MEM_RETRIEVE_REQ_REFCOUNT_MASK) + 1; } *is_implemented = true; return NO_ERROR; } /* Helper function to set up the tx buffer with standard values before calling FFA_MEM_RETRIEVE_REQ. */ static void arm_ffa_populate_receive_req_tx_buffer(uint16_t sender_id, uint64_t handle, uint64_t tag) { struct ffa_mtd_v1_0* req_v1_0 = ffa_tx; struct ffa_mtd_v1_1* req_v1_1 = ffa_tx; struct ffa_mtd_common* req = ffa_tx; struct ffa_emad* emad; DEBUG_ASSERT(is_mutex_held(&ffa_rxtx_buffer_lock)); if (ffa_version < FFA_VERSION(1, 1)) { memset(req_v1_0, 0, sizeof(struct ffa_mtd_v1_0)); } else { memset(req_v1_1, 0, sizeof(struct ffa_mtd_v1_1)); } req->sender_id = sender_id; req->handle = handle; /* We must use the same tag as the one used by the sender to retrieve. */ req->tag = tag; if (ffa_version < FFA_VERSION(1, 1)) { /* * We only support retrieving memory for ourselves for now. * TODO: Also support stream endpoints. Possibly more than one. */ req_v1_0->emad_count = 1; emad = req_v1_0->emad; } else { req_v1_1->emad_count = 1; req_v1_1->emad_size = sizeof(struct ffa_emad); req_v1_1->emad_offset = sizeof(struct ffa_mtd_v1_1); emad = (struct ffa_emad*)((uint8_t*)req_v1_1 + req_v1_1->emad_offset); } memset(emad, 0, sizeof(struct ffa_emad)); emad[0].mapd.endpoint_id = ffa_local_id; } static void arm_ffa_populate_share_tx_buffer(uint16_t receiver_id, paddr_t buffer, size_t num_ffa_pages, uint arch_mmu_flags, uint64_t tag) { struct ffa_mtd_v1_0* req_v1_0 = ffa_tx; struct ffa_mtd_v1_1* req_v1_1 = ffa_tx; struct ffa_mtd_common* req = ffa_tx; struct ffa_emad* emad; ffa_mem_attr8_t attributes = 0; ffa_mem_perm8_t permissions = 0; uint32_t comp_mrd_offset = 0; struct ffa_comp_mrd* comp_mrd; DEBUG_ASSERT(is_mutex_held(&ffa_rxtx_buffer_lock)); if (ffa_version < FFA_VERSION(1, 1)) { memset(req_v1_0, 0, sizeof(struct ffa_mtd_v1_0)); } else { memset(req_v1_1, 0, sizeof(struct ffa_mtd_v1_1)); } req->sender_id = ffa_local_id; switch (arch_mmu_flags & ARCH_MMU_FLAG_CACHE_MASK) { case ARCH_MMU_FLAG_UNCACHED_DEVICE: attributes |= FFA_MEM_ATTR_DEVICE_NGNRE; break; case ARCH_MMU_FLAG_UNCACHED: attributes |= FFA_MEM_ATTR_NORMAL_MEMORY_UNCACHED; break; case ARCH_MMU_FLAG_CACHED: attributes |= FFA_MEM_ATTR_NORMAL_MEMORY_CACHED_WB | FFA_MEM_ATTR_INNER_SHAREABLE; break; } req->memory_region_attributes = attributes; req->flags = FFA_MTD_FLAG_TYPE_SHARE_MEMORY; /* We must use the same tag as the one used by the receiver to share . */ req->tag = tag; /* MBZ for MEM_SHARE */ req->handle = 0; if (ffa_version < FFA_VERSION(1, 1)) { /* * We only support retrieving memory for ourselves for now. * TODO: Also support stream endpoints. Possibly more than one. */ req_v1_0->emad_count = 1; emad = req_v1_0->emad; } else { req_v1_1->emad_count = 1; req_v1_1->emad_size = sizeof(struct ffa_emad); req_v1_1->emad_offset = sizeof(struct ffa_mtd_v1_1); emad = (struct ffa_emad*)((uint8_t*)req_v1_1 + req_v1_1->emad_offset); } memset(emad, 0, sizeof(struct ffa_emad)); emad[0].mapd.endpoint_id = receiver_id; permissions = FFA_MEM_PERM_NX; if (arch_mmu_flags & ARCH_MMU_FLAG_PERM_RO) { permissions |= FFA_MEM_PERM_RO; } else { permissions |= FFA_MEM_PERM_RW; } emad[0].mapd.memory_access_permissions = permissions; if (ffa_version < FFA_VERSION(1, 1)) { /* We only support one emad */ comp_mrd_offset = sizeof(struct ffa_mtd_v1_0) + sizeof(struct ffa_emad); } else { comp_mrd_offset = sizeof(struct ffa_mtd_v1_1) + sizeof(struct ffa_emad); } emad[0].comp_mrd_offset = comp_mrd_offset; comp_mrd = (struct ffa_comp_mrd*)((uint8_t*)emad + sizeof(struct ffa_emad)); comp_mrd->total_page_count = num_ffa_pages; comp_mrd->address_range_count = 1; comp_mrd->address_range_array[0].address = buffer; comp_mrd->address_range_array[0].page_count = num_ffa_pages; } /* *desc_buffer is malloc'd and on success passes responsibility to free to the caller. Populate the tx buffer before calling. */ static status_t arm_ffa_mem_retrieve(uint16_t sender_id, uint64_t handle, uint32_t* len, uint32_t* fragment_len) { status_t res = NO_ERROR; DEBUG_ASSERT(is_mutex_held(&ffa_rxtx_buffer_lock)); DEBUG_ASSERT(len); uint32_t len_out, fragment_len_out; res = arm_ffa_call_mem_retrieve_req(&len_out, &fragment_len_out); LTRACEF("total_len: %u, fragment_len: %u\n", len_out, fragment_len_out); if (res != NO_ERROR) { TRACEF("FF-A memory retrieve request failed, err = %d\n", res); return res; } if (fragment_len_out > len_out) { TRACEF("Fragment length larger than total length %u > %u\n", fragment_len_out, len_out); return ERR_IO; } /* Check that the first fragment fits in our buffer */ if (fragment_len_out > ffa_buf_size) { TRACEF("Fragment length %u larger than buffer size\n", fragment_len_out); return ERR_IO; } if (fragment_len) { *fragment_len = fragment_len_out; } if (len) { *len = len_out; } return NO_ERROR; } status_t arm_ffa_mem_address_range_get(struct arm_ffa_mem_frag_info* frag_info, size_t index, paddr_t* addr, size_t* size) { uint32_t page_count; size_t frag_idx; DEBUG_ASSERT(frag_info); if (index < frag_info->start_index || index >= frag_info->start_index + frag_info->count) { return ERR_OUT_OF_RANGE; } frag_idx = index - frag_info->start_index; page_count = frag_info->address_ranges[frag_idx].page_count; LTRACEF("address %p, page_count 0x%x\n", (void*)frag_info->address_ranges[frag_idx].address, frag_info->address_ranges[frag_idx].page_count); if (page_count < 1 || ((size_t)page_count > (SIZE_MAX / FFA_PAGE_SIZE))) { TRACEF("bad page count 0x%x at %zu\n", page_count, index); return ERR_IO; } if (addr) { *addr = (paddr_t)frag_info->address_ranges[frag_idx].address; } if (size) { *size = page_count * FFA_PAGE_SIZE; } return NO_ERROR; } status_t arm_ffa_mem_retrieve_start(uint16_t sender_id, uint64_t handle, uint64_t tag, uint32_t* address_range_count, uint* arch_mmu_flags, struct arm_ffa_mem_frag_info* frag_info) { status_t res; struct ffa_mtd_v1_0* mtd_v1_0; struct ffa_mtd_v1_1* mtd_v1_1; struct ffa_mtd_common* mtd; struct ffa_emad* emad; struct ffa_comp_mrd* comp_mrd; uint32_t computed_len; uint32_t header_size; uint32_t total_len; uint32_t fragment_len; DEBUG_ASSERT(frag_info); mutex_acquire(&ffa_rxtx_buffer_lock); arm_ffa_populate_receive_req_tx_buffer(sender_id, handle, tag); res = arm_ffa_mem_retrieve(sender_id, handle, &total_len, &fragment_len); if (res != NO_ERROR) { TRACEF("FF-A memory retrieve failed err=%d\n", res); return res; } mtd = ffa_rx; if (ffa_version < FFA_VERSION(1, 1)) { if (fragment_len < sizeof(struct ffa_mtd_v1_0)) { TRACEF("Fragment too short for memory transaction descriptor\n"); return ERR_IO; } mtd_v1_0 = ffa_rx; if (fragment_len < offsetof(struct ffa_mtd_v1_0, emad) + sizeof(struct ffa_emad)) { TRACEF("Fragment too short for endpoint memory access descriptor\n"); return ERR_IO; } emad = mtd_v1_0->emad; /* * We don't retrieve the memory on behalf of anyone else, so we only * expect one receiver address range descriptor. */ if (mtd_v1_0->emad_count != 1) { TRACEF("unexpected response count %d != 1\n", mtd_v1_0->emad_count); return ERR_IO; } } else { if (fragment_len < sizeof(struct ffa_mtd_v1_1)) { TRACEF("Fragment too short for memory transaction descriptor\n"); return ERR_IO; } mtd_v1_1 = ffa_rx; /* * We know from the check above that * fragment_len >= sizeof(ffa_mtd_v1) >= sizeof(ffa_emad) * so we can rewrite the following * fragment_len < emad_offset + sizeof(ffa_emad) * into * fragment_len - sizeof(ffa_emad) < emad_offset * to avoid a potential overflow. */ if (fragment_len - sizeof(struct ffa_emad) < mtd_v1_1->emad_offset) { TRACEF("Fragment too short for endpoint memory access descriptor\n"); return ERR_IO; } if (mtd_v1_1->emad_offset < sizeof(struct ffa_mtd_v1_1)) { TRACEF("Endpoint memory access descriptor offset too short\n"); return ERR_IO; } if (!IS_ALIGNED(mtd_v1_1->emad_offset, 16)) { TRACEF("Endpoint memory access descriptor not aligned to 16 bytes\n"); return ERR_IO; } emad = (struct ffa_emad*)((uint8_t*)mtd_v1_1 + mtd_v1_1->emad_offset); if (mtd_v1_1->emad_count != 1) { TRACEF("unexpected response count %d != 1\n", mtd_v1_1->emad_count); return ERR_IO; } } LTRACEF("comp_mrd_offset: %u\n", emad->comp_mrd_offset); if (emad->comp_mrd_offset + sizeof(*comp_mrd) > fragment_len) { TRACEF("Fragment length %u too short for comp_mrd_offset %u\n", fragment_len, emad->comp_mrd_offset); return ERR_IO; } comp_mrd = ffa_rx + emad->comp_mrd_offset; uint32_t address_range_count_out = comp_mrd->address_range_count; frag_info->address_ranges = comp_mrd->address_range_array; LTRACEF("address_range_count: %u\n", address_range_count_out); computed_len = emad->comp_mrd_offset + offsetof(struct ffa_comp_mrd, address_range_array) + sizeof(struct ffa_cons_mrd) * comp_mrd->address_range_count; if (total_len != computed_len) { TRACEF("Reported length %u != computed length %u\n", total_len, computed_len); return ERR_IO; } header_size = emad->comp_mrd_offset + offsetof(struct ffa_comp_mrd, address_range_array); frag_info->count = (fragment_len - header_size) / sizeof(struct ffa_cons_mrd); LTRACEF("Descriptors in fragment %u\n", frag_info->count); if (frag_info->count * sizeof(struct ffa_cons_mrd) + header_size != fragment_len) { TRACEF("fragment length %u, contains partial descriptor\n", fragment_len); return ERR_IO; } frag_info->received_len = fragment_len; frag_info->start_index = 0; uint arch_mmu_flags_out = 0; switch (mtd->flags & FFA_MTD_FLAG_TYPE_MASK) { case FFA_MTD_FLAG_TYPE_SHARE_MEMORY: /* * If memory is shared, assume it is not safe to execute out of. This * specifically indicates that another party may have access to the * memory. */ arch_mmu_flags_out |= ARCH_MMU_FLAG_PERM_NO_EXECUTE; break; case FFA_MTD_FLAG_TYPE_LEND_MEMORY: break; case FFA_MTD_FLAG_TYPE_DONATE_MEMORY: TRACEF("Unexpected donate memory transaction type is not supported\n"); return ERR_NOT_IMPLEMENTED; default: TRACEF("Unknown memory transaction type: 0x%x\n", mtd->flags); return ERR_NOT_VALID; } switch (mtd->memory_region_attributes & ~FFA_MEM_ATTR_NONSECURE) { case FFA_MEM_ATTR_DEVICE_NGNRE: arch_mmu_flags_out |= ARCH_MMU_FLAG_UNCACHED_DEVICE; break; case FFA_MEM_ATTR_NORMAL_MEMORY_UNCACHED: arch_mmu_flags_out |= ARCH_MMU_FLAG_UNCACHED; break; case (FFA_MEM_ATTR_NORMAL_MEMORY_CACHED_WB | FFA_MEM_ATTR_INNER_SHAREABLE): arch_mmu_flags_out |= ARCH_MMU_FLAG_CACHED; break; default: TRACEF("Invalid memory attributes, 0x%x\n", mtd->memory_region_attributes); return ERR_NOT_VALID; } if (!(emad->mapd.memory_access_permissions & FFA_MEM_PERM_RW)) { arch_mmu_flags_out |= ARCH_MMU_FLAG_PERM_RO; } if (emad->mapd.memory_access_permissions & FFA_MEM_PERM_NX) { /* * Don't allow executable mappings if the stage 2 page tables don't * allow it. The hardware allows the stage 2 NX bit to only apply to * EL1, not EL0, but neither FF-A nor LK can currently express this, so * disallow both if FFA_MEM_PERM_NX is set. */ arch_mmu_flags_out |= ARCH_MMU_FLAG_PERM_NO_EXECUTE; } if (!supports_ns_bit || (mtd->memory_region_attributes & FFA_MEM_ATTR_NONSECURE)) { arch_mmu_flags_out |= ARCH_MMU_FLAG_NS; /* Regardless of origin, we don't want to execute out of NS memory. */ arch_mmu_flags_out |= ARCH_MMU_FLAG_PERM_NO_EXECUTE; } if (arch_mmu_flags) { *arch_mmu_flags = arch_mmu_flags_out; } if (address_range_count) { *address_range_count = address_range_count_out; } return res; } /* This assumes that the fragment is completely composed of memory region descriptors (struct ffa_cons_mrd) */ status_t arm_ffa_mem_retrieve_next_frag( uint64_t handle, struct arm_ffa_mem_frag_info* frag_info) { status_t res; uint32_t fragment_len; mutex_acquire(&ffa_rxtx_buffer_lock); res = arm_ffa_call_mem_frag_rx(handle, frag_info->received_len, &fragment_len); if (res != NO_ERROR) { TRACEF("Failed to get memory retrieve fragment, err = %d\n", res); return res; } frag_info->received_len += fragment_len; frag_info->start_index += frag_info->count; frag_info->count = fragment_len / sizeof(struct ffa_cons_mrd); if (frag_info->count * sizeof(struct ffa_cons_mrd) != fragment_len) { TRACEF("fragment length %u, contains partial descriptor\n", fragment_len); return ERR_IO; } frag_info->address_ranges = ffa_rx; return NO_ERROR; } status_t arm_ffa_mem_share_kernel_buffer(uint16_t receiver_id, paddr_t buffer, size_t num_ffa_pages, uint arch_mmu_flags, uint64_t* handle) { status_t res; uint32_t len_out, fragment_len_out; DEBUG_ASSERT(handle); if (buffer % FFA_PAGE_SIZE) { LTRACEF("Buffer address must be page-aligned\n"); return ERR_INVALID_ARGS; } if (!(arch_mmu_flags & ARCH_MMU_FLAG_PERM_NO_EXECUTE)) { LTRACEF("Only non-executable buffers may be shared over FFA\n"); return ERR_INVALID_ARGS; } mutex_acquire(&ffa_rxtx_buffer_lock); /* Populate the tx buffer with 1 composite mrd and 1 constituent mrd */ arm_ffa_populate_share_tx_buffer(receiver_id, buffer, num_ffa_pages, arch_mmu_flags, 0); res = arm_ffa_call_mem_share(1, 1, &len_out, &fragment_len_out, handle); LTRACEF("total_len: %u, fragment_len: %u, handle: %" PRIx64 "\n", len_out, fragment_len_out, *handle); if (res != NO_ERROR) { TRACEF("FF-A memory share failed, err= %d\n", res); } mutex_release(&ffa_rxtx_buffer_lock); return res; } status_t arm_ffa_mem_reclaim(uint64_t handle) { struct smc_ret8 smc_ret; uint32_t handle_lo = (uint32_t)handle; uint32_t handle_hi = (uint32_t)(handle >> 32); uint32_t flags = 0; smc_ret = smc8(SMC_FC_FFA_MEM_RECLAIM, handle_lo, handle_hi, flags, 0, 0, 0, 0); switch ((uint32_t)smc_ret.r0) { case SMC_FC_FFA_SUCCESS: return NO_ERROR; case SMC_FC_FFA_ERROR: switch ((int32_t)smc_ret.r2) { case FFA_ERROR_INVALID_PARAMETERS: return ERR_INVALID_ARGS; case FFA_ERROR_NO_MEMORY: return ERR_NO_MEMORY; case FFA_ERROR_DENIED: return ERR_BAD_STATE; case FFA_ERROR_ABORTED: return ERR_CANCELLED; default: TRACEF("Unexpected FFA_ERROR: %lx\n", smc_ret.r2); return ERR_NOT_VALID; } default: TRACEF("Unexpected FFA SMC: %lx\n", smc_ret.r0); return ERR_NOT_VALID; } } status_t arm_ffa_rx_release(void) { status_t res; ASSERT(is_mutex_held(&ffa_rxtx_buffer_lock)); if (!supports_rx_release) { res = NO_ERROR; } else { res = arm_ffa_call_rx_release(); } mutex_release(&ffa_rxtx_buffer_lock); if (res == ERR_NOT_SUPPORTED) { TRACEF("Tried to release rx buffer when the operation is not supported!\n"); } else if (res != NO_ERROR) { TRACEF("Failed to release rx buffer, err = %d\n", res); return res; } return NO_ERROR; } status_t arm_ffa_mem_relinquish(uint64_t handle) { status_t res; /* As flags are set to 0 no request to zero the memory is made */ res = arm_ffa_call_mem_relinquish(handle, 0, 1, &ffa_local_id); if (res != NO_ERROR) { TRACEF("Failed to relinquish memory region, err = %d\n", res); } return res; } static status_t arm_ffa_setup(void) { status_t res; uint16_t ver_major_ret; uint16_t ver_minor_ret; bool is_implemented; size_t buf_size_log2; size_t ref_count_num_bits; size_t arch_page_count; size_t ffa_page_count; size_t count; paddr_t tx_paddr; paddr_t rx_paddr; void* tx_vaddr; void* rx_vaddr; struct list_node page_list = LIST_INITIAL_VALUE(page_list); res = arm_ffa_call_version(FFA_CURRENT_VERSION_MAJOR, FFA_CURRENT_VERSION_MINOR, &ver_major_ret, &ver_minor_ret); if (res != NO_ERROR) { TRACEF("No compatible FF-A version found\n"); return res; } else if (FFA_CURRENT_VERSION_MAJOR != ver_major_ret) { /* Allow downgrade within the same major version */ TRACEF("Incompatible FF-A interface version, %" PRIu16 ".%" PRIu16 "\n", ver_major_ret, ver_minor_ret); return ERR_NOT_SUPPORTED; } ffa_version = FFA_VERSION(ver_major_ret, ver_minor_ret); if (ffa_version > FFA_CURRENT_VERSION) { /* The SPMC supports a newer version, downgrade us */ ffa_version = FFA_CURRENT_VERSION; } LTRACEF("Negotiated FF-A version %" PRIu16 ".%" PRIu16 "\n", FFA_VERSION_TO_MAJOR(ffa_version), FFA_VERSION_TO_MINOR(ffa_version)); res = arm_ffa_call_id_get(&ffa_local_id); if (res != NO_ERROR) { TRACEF("Failed to get FF-A partition id (err=%d)\n", res); return res; } res = arm_ffa_rx_release_is_implemented(&is_implemented); if (res != NO_ERROR) { TRACEF("Error checking if FFA_RX_RELEASE is implemented (err=%d)\n", res); return res; } if (is_implemented) { supports_rx_release = true; } else { LTRACEF("FFA_RX_RELEASE is not implemented\n"); } res = arm_ffa_rxtx_map_is_implemented(&is_implemented, &buf_size_log2); if (res != NO_ERROR) { TRACEF("Error checking if FFA_RXTX_MAP is implemented (err=%d)\n", res); return res; } if (!is_implemented) { TRACEF("FFA_RXTX_MAP is not implemented\n"); return ERR_NOT_SUPPORTED; } res = arm_ffa_mem_retrieve_req_is_implemented( &is_implemented, NULL, &supports_ns_bit, &ref_count_num_bits); if (res != NO_ERROR) { TRACEF("Error checking if FFA_MEM_RETRIEVE_REQ is implemented (err=%d)\n", res); return res; } if (!is_implemented) { TRACEF("FFA_MEM_RETRIEVE_REQ is not implemented\n"); } else if (ref_count_num_bits < 64) { /* * Expect 64 bit reference count. If we don't have it, future calls to * SMC_FC_FFA_MEM_RETRIEVE_REQ can fail if we receive the same handle * multiple times. Warn about this, but don't return an error as we only * receive each handle once in the typical case. */ TRACEF("Warning FFA_MEM_RETRIEVE_REQ does not have 64 bit reference count (%zu)\n", ref_count_num_bits); } ffa_buf_size = 1U << buf_size_log2; ASSERT((ffa_buf_size % FFA_PAGE_SIZE) == 0); arch_page_count = DIV_ROUND_UP(ffa_buf_size, PAGE_SIZE); ffa_page_count = ffa_buf_size / FFA_PAGE_SIZE; count = pmm_alloc_contiguous(arch_page_count, buf_size_log2, &tx_paddr, &page_list); if (count != arch_page_count) { TRACEF("Failed to allocate tx buffer %zx!=%zx\n", count, arch_page_count); res = ERR_NO_MEMORY; goto err_alloc_tx; } tx_vaddr = paddr_to_kvaddr(tx_paddr); ASSERT(tx_vaddr); count = pmm_alloc_contiguous(arch_page_count, buf_size_log2, &rx_paddr, &page_list); if (count != arch_page_count) { TRACEF("Failed to allocate rx buffer %zx!=%zx\n", count, arch_page_count); res = ERR_NO_MEMORY; goto err_alloc_rx; } rx_vaddr = paddr_to_kvaddr(rx_paddr); ASSERT(rx_vaddr); res = arm_ffa_call_rxtx_map(tx_paddr, rx_paddr, ffa_page_count); if (res != NO_ERROR) { TRACEF("Failed to map tx @ %p, rx @ %p, page count 0x%zx (err=%d)\n", (void*)tx_paddr, (void*)rx_paddr, ffa_page_count, res); goto err_rxtx_map; } ffa_tx = tx_vaddr; ffa_rx = rx_vaddr; return res; err_rxtx_map: err_alloc_rx: pmm_free(&page_list); err_alloc_tx: /* pmm_alloc_contiguous leaves the page list unchanged on failure */ return res; } static void arm_ffa_init(uint level) { status_t res; res = arm_ffa_setup(); if (res == NO_ERROR) { ffa_init_state = ARM_FFA_INIT_SUCCESS; #if WITH_SMP res = ffa_call_secondary_ep_register(); if (res == ERR_NOT_SUPPORTED) { LTRACEF("FFA_SECONDARY_EP_REGISTER is not supported\n"); } else if (res != NO_ERROR) { TRACEF("Failed to register secondary core entry point (err=%d)\n", res); } #endif } else { TRACEF("Failed to initialize FF-A (err=%d)\n", res); ffa_init_state = ARM_FFA_INIT_FAILED; } } LK_INIT_HOOK(arm_ffa_init, arm_ffa_init, LK_INIT_LEVEL_PLATFORM - 2);