projects / project / bcm63xx / atf.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Sanitise includes across codebase
[project/bcm63xx/atf.git] / lib / xlat_tables_v2 / xlat_tables_core.c
1 /*
2 * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <errno.h>
9 #include <stdbool.h>
10 #include <stdint.h>
11 #include <string.h>
12
13 #include <platform_def.h>
14
15 #include <arch_helpers.h>
16 #include <common/debug.h>
17 #include <lib/utils_def.h>
18 #include <lib/xlat_tables/xlat_tables_defs.h>
19 #include <lib/xlat_tables/xlat_tables_v2.h>
20
21 #include "xlat_tables_private.h"
22
23 /* Helper function that cleans the data cache only if it is enabled. */
24 static inline void xlat_clean_dcache_range(uintptr_t addr, size_t size)
25 {
26 if (is_dcache_enabled())
27 clean_dcache_range(addr, size);
28 }
29
30 #if PLAT_XLAT_TABLES_DYNAMIC
31
32 /*
33 * The following functions assume that they will be called using subtables only.
34 * The base table can't be unmapped, so it is not needed to do any special
35 * handling for it.
36 */
37
38 /*
39 * Returns the index of the array corresponding to the specified translation
40 * table.
41 */
42 static int xlat_table_get_index(const xlat_ctx_t *ctx, const uint64_t *table)
43 {
44 for (int i = 0; i < ctx->tables_num; i++)
45 if (ctx->tables[i] == table)
46 return i;
47
48 /*
49 * Maybe we were asked to get the index of the base level table, which
50 * should never happen.
51 */
52 assert(false);
53
54 return -1;
55 }
56
57 /* Returns a pointer to an empty translation table. */
58 static uint64_t *xlat_table_get_empty(const xlat_ctx_t *ctx)
59 {
60 for (int i = 0; i < ctx->tables_num; i++)
61 if (ctx->tables_mapped_regions[i] == 0)
62 return ctx->tables[i];
63
64 return NULL;
65 }
66
67 /* Increments region count for a given table. */
68 static void xlat_table_inc_regions_count(const xlat_ctx_t *ctx,
69 const uint64_t *table)
70 {
71 int idx = xlat_table_get_index(ctx, table);
72
73 ctx->tables_mapped_regions[idx]++;
74 }
75
76 /* Decrements region count for a given table. */
77 static void xlat_table_dec_regions_count(const xlat_ctx_t *ctx,
78 const uint64_t *table)
79 {
80 int idx = xlat_table_get_index(ctx, table);
81
82 ctx->tables_mapped_regions[idx]--;
83 }
84
85 /* Returns 0 if the specified table isn't empty, otherwise 1. */
86 static bool xlat_table_is_empty(const xlat_ctx_t *ctx, const uint64_t *table)
87 {
88 return ctx->tables_mapped_regions[xlat_table_get_index(ctx, table)] == 0;
89 }
90
91 #else /* PLAT_XLAT_TABLES_DYNAMIC */
92
93 /* Returns a pointer to the first empty translation table. */
94 static uint64_t *xlat_table_get_empty(xlat_ctx_t *ctx)
95 {
96 assert(ctx->next_table < ctx->tables_num);
97
98 return ctx->tables[ctx->next_table++];
99 }
100
101 #endif /* PLAT_XLAT_TABLES_DYNAMIC */
102
103 /*
104 * Returns a block/page table descriptor for the given level and attributes.
105 */
106 uint64_t xlat_desc(const xlat_ctx_t *ctx, uint32_t attr,
107 unsigned long long addr_pa, unsigned int level)
108 {
109 uint64_t desc;
110 uint32_t mem_type;
111
112 /* Make sure that the granularity is fine enough to map this address. */
113 assert((addr_pa & XLAT_BLOCK_MASK(level)) == 0U);
114
115 desc = addr_pa;
116 /*
117 * There are different translation table descriptors for level 3 and the
118 * rest.
119 */
120 desc |= (level == XLAT_TABLE_LEVEL_MAX) ? PAGE_DESC : BLOCK_DESC;
121 /*
122 * Always set the access flag, as this library assumes access flag
123 * faults aren't managed.
124 */
125 desc |= LOWER_ATTRS(ACCESS_FLAG);
126 /*
127 * Deduce other fields of the descriptor based on the MT_NS and MT_RW
128 * memory region attributes.
129 */
130 desc |= ((attr & MT_NS) != 0U) ? LOWER_ATTRS(NS) : 0U;
131 desc |= ((attr & MT_RW) != 0U) ? LOWER_ATTRS(AP_RW) : LOWER_ATTRS(AP_RO);
132
133 /*
134 * Do not allow unprivileged access when the mapping is for a privileged
135 * EL. For translation regimes that do not have mappings for access for
136 * lower exception levels, set AP[2] to AP_NO_ACCESS_UNPRIVILEGED.
137 */
138 if (ctx->xlat_regime == EL1_EL0_REGIME) {
139 if ((attr & MT_USER) != 0U) {
140 /* EL0 mapping requested, so we give User access */
141 desc |= LOWER_ATTRS(AP_ACCESS_UNPRIVILEGED);
142 } else {
143 /* EL1 mapping requested, no User access granted */
144 desc |= LOWER_ATTRS(AP_NO_ACCESS_UNPRIVILEGED);
145 }
146 } else {
147 assert((ctx->xlat_regime == EL2_REGIME) ||
148 (ctx->xlat_regime == EL3_REGIME));
149 desc |= LOWER_ATTRS(AP_ONE_VA_RANGE_RES1);
150 }
151
152 /*
153 * Deduce shareability domain and executability of the memory region
154 * from the memory type of the attributes (MT_TYPE).
155 *
156 * Data accesses to device memory and non-cacheable normal memory are
157 * coherent for all observers in the system, and correspondingly are
158 * always treated as being Outer Shareable. Therefore, for these 2 types
159 * of memory, it is not strictly needed to set the shareability field
160 * in the translation tables.
161 */
162 mem_type = MT_TYPE(attr);
163 if (mem_type == MT_DEVICE) {
164 desc |= LOWER_ATTRS(ATTR_DEVICE_INDEX | OSH);
165 /*
166 * Always map device memory as execute-never.
167 * This is to avoid the possibility of a speculative instruction
168 * fetch, which could be an issue if this memory region
169 * corresponds to a read-sensitive peripheral.
170 */
171 desc |= xlat_arch_regime_get_xn_desc(ctx->xlat_regime);
172
173 } else { /* Normal memory */
174 /*
175 * Always map read-write normal memory as execute-never.
176 * This library assumes that it is used by software that does
177 * not self-modify its code, therefore R/W memory is reserved
178 * for data storage, which must not be executable.
179 *
180 * Note that setting the XN bit here is for consistency only.
181 * The function that enables the MMU sets the SCTLR_ELx.WXN bit,
182 * which makes any writable memory region to be treated as
183 * execute-never, regardless of the value of the XN bit in the
184 * translation table.
185 *
186 * For read-only memory, rely on the MT_EXECUTE/MT_EXECUTE_NEVER
187 * attribute to figure out the value of the XN bit. The actual
188 * XN bit(s) to set in the descriptor depends on the context's
189 * translation regime and the policy applied in
190 * xlat_arch_regime_get_xn_desc().
191 */
192 if (((attr & MT_RW) != 0U) || ((attr & MT_EXECUTE_NEVER) != 0U)) {
193 desc |= xlat_arch_regime_get_xn_desc(ctx->xlat_regime);
194 }
195
196 if (mem_type == MT_MEMORY) {
197 desc |= LOWER_ATTRS(ATTR_IWBWA_OWBWA_NTR_INDEX | ISH);
198 } else {
199 assert(mem_type == MT_NON_CACHEABLE);
200 desc |= LOWER_ATTRS(ATTR_NON_CACHEABLE_INDEX | OSH);
201 }
202 }
203
204 return desc;
205 }
206
207 /*
208 * Enumeration of actions that can be made when mapping table entries depending
209 * on the previous value in that entry and information about the region being
210 * mapped.
211 */
212 typedef enum {
213
214 /* Do nothing */
215 ACTION_NONE,
216
217 /* Write a block (or page, if in level 3) entry. */
218 ACTION_WRITE_BLOCK_ENTRY,
219
220 /*
221 * Create a new table and write a table entry pointing to it. Recurse
222 * into it for further processing.
223 */
224 ACTION_CREATE_NEW_TABLE,
225
226 /*
227 * There is a table descriptor in this entry, read it and recurse into
228 * that table for further processing.
229 */
230 ACTION_RECURSE_INTO_TABLE,
231
232 } action_t;
233
234 #if PLAT_XLAT_TABLES_DYNAMIC
235
236 /*
237 * Recursive function that writes to the translation tables and unmaps the
238 * specified region.
239 */
240 static void xlat_tables_unmap_region(xlat_ctx_t *ctx, mmap_region_t *mm,
241 const uintptr_t table_base_va,
242 uint64_t *const table_base,
243 const unsigned int table_entries,
244 const unsigned int level)
245 {
246 assert((level >= ctx->base_level) && (level <= XLAT_TABLE_LEVEL_MAX));
247
248 uint64_t *subtable;
249 uint64_t desc;
250
251 uintptr_t table_idx_va;
252 uintptr_t table_idx_end_va; /* End VA of this entry */
253
254 uintptr_t region_end_va = mm->base_va + mm->size - 1U;
255
256 unsigned int table_idx;
257
258 if (mm->base_va > table_base_va) {
259 /* Find the first index of the table affected by the region. */
260 table_idx_va = mm->base_va & ~XLAT_BLOCK_MASK(level);
261
262 table_idx = (unsigned int)((table_idx_va - table_base_va) >>
263 XLAT_ADDR_SHIFT(level));
264
265 assert(table_idx < table_entries);
266 } else {
267 /* Start from the beginning of the table. */
268 table_idx_va = table_base_va;
269 table_idx = 0;
270 }
271
272 while (table_idx < table_entries) {
273
274 table_idx_end_va = table_idx_va + XLAT_BLOCK_SIZE(level) - 1U;
275
276 desc = table_base[table_idx];
277 uint64_t desc_type = desc & DESC_MASK;
278
279 action_t action;
280
281 if ((mm->base_va <= table_idx_va) &&
282 (region_end_va >= table_idx_end_va)) {
283 /* Region covers all block */
284
285 if (level == 3U) {
286 /*
287 * Last level, only page descriptors allowed,
288 * erase it.
289 */
290 assert(desc_type == PAGE_DESC);
291
292 action = ACTION_WRITE_BLOCK_ENTRY;
293 } else {
294 /*
295 * Other levels can have table descriptors. If
296 * so, recurse into it and erase descriptors
297 * inside it as needed. If there is a block
298 * descriptor, just erase it. If an invalid
299 * descriptor is found, this table isn't
300 * actually mapped, which shouldn't happen.
301 */
302 if (desc_type == TABLE_DESC) {
303 action = ACTION_RECURSE_INTO_TABLE;
304 } else {
305 assert(desc_type == BLOCK_DESC);
306 action = ACTION_WRITE_BLOCK_ENTRY;
307 }
308 }
309
310 } else if ((mm->base_va <= table_idx_end_va) ||
311 (region_end_va >= table_idx_va)) {
312 /*
313 * Region partially covers block.
314 *
315 * It can't happen in level 3.
316 *
317 * There must be a table descriptor here, if not there
318 * was a problem when mapping the region.
319 */
320 assert(level < 3U);
321 assert(desc_type == TABLE_DESC);
322
323 action = ACTION_RECURSE_INTO_TABLE;
324 } else {
325 /* The region doesn't cover the block at all */
326 action = ACTION_NONE;
327 }
328
329 if (action == ACTION_WRITE_BLOCK_ENTRY) {
330
331 table_base[table_idx] = INVALID_DESC;
332 xlat_arch_tlbi_va(table_idx_va, ctx->xlat_regime);
333
334 } else if (action == ACTION_RECURSE_INTO_TABLE) {
335
336 subtable = (uint64_t *)(uintptr_t)(desc & TABLE_ADDR_MASK);
337
338 /* Recurse to write into subtable */
339 xlat_tables_unmap_region(ctx, mm, table_idx_va,
340 subtable, XLAT_TABLE_ENTRIES,
341 level + 1U);
342 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
343 xlat_clean_dcache_range((uintptr_t)subtable,
344 XLAT_TABLE_ENTRIES * sizeof(uint64_t));
345 #endif
346 /*
347 * If the subtable is now empty, remove its reference.
348 */
349 if (xlat_table_is_empty(ctx, subtable)) {
350 table_base[table_idx] = INVALID_DESC;
351 xlat_arch_tlbi_va(table_idx_va,
352 ctx->xlat_regime);
353 }
354
355 } else {
356 assert(action == ACTION_NONE);
357 }
358
359 table_idx++;
360 table_idx_va += XLAT_BLOCK_SIZE(level);
361
362 /* If reached the end of the region, exit */
363 if (region_end_va <= table_idx_va)
364 break;
365 }
366
367 if (level > ctx->base_level)
368 xlat_table_dec_regions_count(ctx, table_base);
369 }
370
371 #endif /* PLAT_XLAT_TABLES_DYNAMIC */
372
373 /*
374 * From the given arguments, it decides which action to take when mapping the
375 * specified region.
376 */
377 static action_t xlat_tables_map_region_action(const mmap_region_t *mm,
378 unsigned int desc_type, unsigned long long dest_pa,
379 uintptr_t table_entry_base_va, unsigned int level)
380 {
381 uintptr_t mm_end_va = mm->base_va + mm->size - 1U;
382 uintptr_t table_entry_end_va =
383 table_entry_base_va + XLAT_BLOCK_SIZE(level) - 1U;
384
385 /*
386 * The descriptor types allowed depend on the current table level.
387 */
388
389 if ((mm->base_va <= table_entry_base_va) &&
390 (mm_end_va >= table_entry_end_va)) {
391
392 /*
393 * Table entry is covered by region
394 * --------------------------------
395 *
396 * This means that this table entry can describe the whole
397 * translation with this granularity in principle.
398 */
399
400 if (level == 3U) {
401 /*
402 * Last level, only page descriptors are allowed.
403 */
404 if (desc_type == PAGE_DESC) {
405 /*
406 * There's another region mapped here, don't
407 * overwrite.
408 */
409 return ACTION_NONE;
410 } else {
411 assert(desc_type == INVALID_DESC);
412 return ACTION_WRITE_BLOCK_ENTRY;
413 }
414
415 } else {
416
417 /*
418 * Other levels. Table descriptors are allowed. Block
419 * descriptors too, but they have some limitations.
420 */
421
422 if (desc_type == TABLE_DESC) {
423 /* There's already a table, recurse into it. */
424 return ACTION_RECURSE_INTO_TABLE;
425
426 } else if (desc_type == INVALID_DESC) {
427 /*
428 * There's nothing mapped here, create a new
429 * entry.
430 *
431 * Check if the destination granularity allows
432 * us to use a block descriptor or we need a
433 * finer table for it.
434 *
435 * Also, check if the current level allows block
436 * descriptors. If not, create a table instead.
437 */
438 if (((dest_pa & XLAT_BLOCK_MASK(level)) != 0U)
439 || (level < MIN_LVL_BLOCK_DESC) ||
440 (mm->granularity < XLAT_BLOCK_SIZE(level)))
441 return ACTION_CREATE_NEW_TABLE;
442 else
443 return ACTION_WRITE_BLOCK_ENTRY;
444
445 } else {
446 /*
447 * There's another region mapped here, don't
448 * overwrite.
449 */
450 assert(desc_type == BLOCK_DESC);
451
452 return ACTION_NONE;
453 }
454 }
455
456 } else if ((mm->base_va <= table_entry_end_va) ||
457 (mm_end_va >= table_entry_base_va)) {
458
459 /*
460 * Region partially covers table entry
461 * -----------------------------------
462 *
463 * This means that this table entry can't describe the whole
464 * translation, a finer table is needed.
465
466 * There cannot be partial block overlaps in level 3. If that
467 * happens, some of the preliminary checks when adding the
468 * mmap region failed to detect that PA and VA must at least be
469 * aligned to PAGE_SIZE.
470 */
471 assert(level < 3U);
472
473 if (desc_type == INVALID_DESC) {
474 /*
475 * The block is not fully covered by the region. Create
476 * a new table, recurse into it and try to map the
477 * region with finer granularity.
478 */
479 return ACTION_CREATE_NEW_TABLE;
480
481 } else {
482 assert(desc_type == TABLE_DESC);
483 /*
484 * The block is not fully covered by the region, but
485 * there is already a table here. Recurse into it and
486 * try to map with finer granularity.
487 *
488 * PAGE_DESC for level 3 has the same value as
489 * TABLE_DESC, but this code can't run on a level 3
490 * table because there can't be overlaps in level 3.
491 */
492 return ACTION_RECURSE_INTO_TABLE;
493 }
494 } else {
495
496 /*
497 * This table entry is outside of the region specified in the
498 * arguments, don't write anything to it.
499 */
500 return ACTION_NONE;
501 }
502 }
503
504 /*
505 * Recursive function that writes to the translation tables and maps the
506 * specified region. On success, it returns the VA of the last byte that was
507 * successfully mapped. On error, it returns the VA of the next entry that
508 * should have been mapped.
509 */
510 static uintptr_t xlat_tables_map_region(xlat_ctx_t *ctx, mmap_region_t *mm,
511 uintptr_t table_base_va,
512 uint64_t *const table_base,
513 unsigned int table_entries,
514 unsigned int level)
515 {
516 assert((level >= ctx->base_level) && (level <= XLAT_TABLE_LEVEL_MAX));
517
518 uintptr_t mm_end_va = mm->base_va + mm->size - 1U;
519
520 uintptr_t table_idx_va;
521 unsigned long long table_idx_pa;
522
523 uint64_t *subtable;
524 uint64_t desc;
525
526 unsigned int table_idx;
527
528 if (mm->base_va > table_base_va) {
529 /* Find the first index of the table affected by the region. */
530 table_idx_va = mm->base_va & ~XLAT_BLOCK_MASK(level);
531
532 table_idx = (unsigned int)((table_idx_va - table_base_va) >>
533 XLAT_ADDR_SHIFT(level));
534
535 assert(table_idx < table_entries);
536 } else {
537 /* Start from the beginning of the table. */
538 table_idx_va = table_base_va;
539 table_idx = 0U;
540 }
541
542 #if PLAT_XLAT_TABLES_DYNAMIC
543 if (level > ctx->base_level)
544 xlat_table_inc_regions_count(ctx, table_base);
545 #endif
546
547 while (table_idx < table_entries) {
548
549 desc = table_base[table_idx];
550
551 table_idx_pa = mm->base_pa + table_idx_va - mm->base_va;
552
553 action_t action = xlat_tables_map_region_action(mm,
554 (uint32_t)(desc & DESC_MASK), table_idx_pa,
555 table_idx_va, level);
556
557 if (action == ACTION_WRITE_BLOCK_ENTRY) {
558
559 table_base[table_idx] =
560 xlat_desc(ctx, (uint32_t)mm->attr, table_idx_pa,
561 level);
562
563 } else if (action == ACTION_CREATE_NEW_TABLE) {
564 uintptr_t end_va;
565
566 subtable = xlat_table_get_empty(ctx);
567 if (subtable == NULL) {
568 /* Not enough free tables to map this region */
569 return table_idx_va;
570 }
571
572 /* Point to new subtable from this one. */
573 table_base[table_idx] = TABLE_DESC | (unsigned long)subtable;
574
575 /* Recurse to write into subtable */
576 end_va = xlat_tables_map_region(ctx, mm, table_idx_va,
577 subtable, XLAT_TABLE_ENTRIES,
578 level + 1U);
579 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
580 xlat_clean_dcache_range((uintptr_t)subtable,
581 XLAT_TABLE_ENTRIES * sizeof(uint64_t));
582 #endif
583 if (end_va !=
584 (table_idx_va + XLAT_BLOCK_SIZE(level) - 1U))
585 return end_va;
586
587 } else if (action == ACTION_RECURSE_INTO_TABLE) {
588 uintptr_t end_va;
589
590 subtable = (uint64_t *)(uintptr_t)(desc & TABLE_ADDR_MASK);
591 /* Recurse to write into subtable */
592 end_va = xlat_tables_map_region(ctx, mm, table_idx_va,
593 subtable, XLAT_TABLE_ENTRIES,
594 level + 1U);
595 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
596 xlat_clean_dcache_range((uintptr_t)subtable,
597 XLAT_TABLE_ENTRIES * sizeof(uint64_t));
598 #endif
599 if (end_va !=
600 (table_idx_va + XLAT_BLOCK_SIZE(level) - 1U))
601 return end_va;
602
603 } else {
604
605 assert(action == ACTION_NONE);
606
607 }
608
609 table_idx++;
610 table_idx_va += XLAT_BLOCK_SIZE(level);
611
612 /* If reached the end of the region, exit */
613 if (mm_end_va <= table_idx_va)
614 break;
615 }
616
617 return table_idx_va - 1U;
618 }
619
620 /*
621 * Function that verifies that a region can be mapped.
622 * Returns:
623 * 0: Success, the mapping is allowed.
624 * EINVAL: Invalid values were used as arguments.
625 * ERANGE: The memory limits were surpassed.
626 * ENOMEM: There is not enough memory in the mmap array.
627 * EPERM: Region overlaps another one in an invalid way.
628 */
629 static int mmap_add_region_check(const xlat_ctx_t *ctx, const mmap_region_t *mm)
630 {
631 unsigned long long base_pa = mm->base_pa;
632 uintptr_t base_va = mm->base_va;
633 size_t size = mm->size;
634 size_t granularity = mm->granularity;
635
636 unsigned long long end_pa = base_pa + size - 1U;
637 uintptr_t end_va = base_va + size - 1U;
638
639 if (!IS_PAGE_ALIGNED(base_pa) || !IS_PAGE_ALIGNED(base_va) ||
640 !IS_PAGE_ALIGNED(size))
641 return -EINVAL;
642
643 if ((granularity != XLAT_BLOCK_SIZE(1U)) &&
644 (granularity != XLAT_BLOCK_SIZE(2U)) &&
645 (granularity != XLAT_BLOCK_SIZE(3U))) {
646 return -EINVAL;
647 }
648
649 /* Check for overflows */
650 if ((base_pa > end_pa) || (base_va > end_va))
651 return -ERANGE;
652
653 if ((base_va + (uintptr_t)size - (uintptr_t)1) > ctx->va_max_address)
654 return -ERANGE;
655
656 if ((base_pa + (unsigned long long)size - 1ULL) > ctx->pa_max_address)
657 return -ERANGE;
658
659 /* Check that there is space in the ctx->mmap array */
660 if (ctx->mmap[ctx->mmap_num - 1].size != 0U)
661 return -ENOMEM;
662
663 /* Check for PAs and VAs overlaps with all other regions */
664 for (const mmap_region_t *mm_cursor = ctx->mmap;
665 mm_cursor->size != 0U; ++mm_cursor) {
666
667 uintptr_t mm_cursor_end_va = mm_cursor->base_va
668 + mm_cursor->size - 1U;
669
670 /*
671 * Check if one of the regions is completely inside the other
672 * one.
673 */
674 bool fully_overlapped_va =
675 ((base_va >= mm_cursor->base_va) &&
676 (end_va <= mm_cursor_end_va)) ||
677 ((mm_cursor->base_va >= base_va) &&
678 (mm_cursor_end_va <= end_va));
679
680 /*
681 * Full VA overlaps are only allowed if both regions are
682 * identity mapped (zero offset) or have the same VA to PA
683 * offset. Also, make sure that it's not the exact same area.
684 * This can only be done with static regions.
685 */
686 if (fully_overlapped_va) {
687
688 #if PLAT_XLAT_TABLES_DYNAMIC
689 if (((mm->attr & MT_DYNAMIC) != 0U) ||
690 ((mm_cursor->attr & MT_DYNAMIC) != 0U))
691 return -EPERM;
692 #endif /* PLAT_XLAT_TABLES_DYNAMIC */
693 if ((mm_cursor->base_va - mm_cursor->base_pa) !=
694 (base_va - base_pa))
695 return -EPERM;
696
697 if ((base_va == mm_cursor->base_va) &&
698 (size == mm_cursor->size))
699 return -EPERM;
700
701 } else {
702 /*
703 * If the regions do not have fully overlapping VAs,
704 * then they must have fully separated VAs and PAs.
705 * Partial overlaps are not allowed
706 */
707
708 unsigned long long mm_cursor_end_pa =
709 mm_cursor->base_pa + mm_cursor->size - 1U;
710
711 bool separated_pa = (end_pa < mm_cursor->base_pa) ||
712 (base_pa > mm_cursor_end_pa);
713 bool separated_va = (end_va < mm_cursor->base_va) ||
714 (base_va > mm_cursor_end_va);
715
716 if (!separated_va || !separated_pa)
717 return -EPERM;
718 }
719 }
720
721 return 0;
722 }
723
724 void mmap_add_region_ctx(xlat_ctx_t *ctx, const mmap_region_t *mm)
725 {
726 mmap_region_t *mm_cursor = ctx->mmap, *mm_destination;
727 const mmap_region_t *mm_end = ctx->mmap + ctx->mmap_num;
728 const mmap_region_t *mm_last;
729 unsigned long long end_pa = mm->base_pa + mm->size - 1U;
730 uintptr_t end_va = mm->base_va + mm->size - 1U;
731 int ret;
732
733 /* Ignore empty regions */
734 if (mm->size == 0U)
735 return;
736
737 /* Static regions must be added before initializing the xlat tables. */
738 assert(!ctx->initialized);
739
740 ret = mmap_add_region_check(ctx, mm);
741 if (ret != 0) {
742 ERROR("mmap_add_region_check() failed. error %d\n", ret);
743 assert(false);
744 return;
745 }
746
747 /*
748 * Find correct place in mmap to insert new region.
749 *
750 * 1 - Lower region VA end first.
751 * 2 - Smaller region size first.
752 *
753 * VA 0 0xFF
754 *
755 * 1st |------|
756 * 2nd |------------|
757 * 3rd |------|
758 * 4th |---|
759 * 5th |---|
760 * 6th |----------|
761 * 7th |-------------------------------------|
762 *
763 * This is required for overlapping regions only. It simplifies adding
764 * regions with the loop in xlat_tables_init_internal because the outer
765 * ones won't overwrite block or page descriptors of regions added
766 * previously.
767 *
768 * Overlapping is only allowed for static regions.
769 */
770
771 while (((mm_cursor->base_va + mm_cursor->size - 1U) < end_va)
772 && (mm_cursor->size != 0U)) {
773 ++mm_cursor;
774 }
775
776 while (((mm_cursor->base_va + mm_cursor->size - 1U) == end_va) &&
777 (mm_cursor->size != 0U) && (mm_cursor->size < mm->size)) {
778 ++mm_cursor;
779 }
780
781 /*
782 * Find the last entry marker in the mmap
783 */
784 mm_last = ctx->mmap;
785 while ((mm_last->size != 0U) && (mm_last < mm_end)) {
786 ++mm_last;
787 }
788
789 /*
790 * Check if we have enough space in the memory mapping table.
791 * This shouldn't happen as we have checked in mmap_add_region_check
792 * that there is free space.
793 */
794 assert(mm_last->size == 0U);
795
796 /* Make room for new region by moving other regions up by one place */
797 mm_destination = mm_cursor + 1;
798 (void)memmove(mm_destination, mm_cursor,
799 (uintptr_t)mm_last - (uintptr_t)mm_cursor);
800
801 /*
802 * Check we haven't lost the empty sentinel from the end of the array.
803 * This shouldn't happen as we have checked in mmap_add_region_check
804 * that there is free space.
805 */
806 assert(mm_end->size == 0U);
807
808 *mm_cursor = *mm;
809
810 if (end_pa > ctx->max_pa)
811 ctx->max_pa = end_pa;
812 if (end_va > ctx->max_va)
813 ctx->max_va = end_va;
814 }
815
816 /*
817 * Determine the table level closest to the initial lookup level that
818 * can describe this translation. Then, align base VA to the next block
819 * at the determined level.
820 */
821 static void mmap_alloc_va_align_ctx(xlat_ctx_t *ctx, mmap_region_t *mm)
822 {
823 /*
824 * By or'ing the size and base PA the alignment will be the one
825 * corresponding to the smallest boundary of the two of them.
826 *
827 * There are three different cases. For example (for 4 KiB page size):
828 *
829 * +--------------+------------------++--------------+
830 * | PA alignment | Size multiple of || VA alignment |
831 * +--------------+------------------++--------------+
832 * | 2 MiB | 2 MiB || 2 MiB | (1)
833 * | 2 MiB | 4 KiB || 4 KiB | (2)
834 * | 4 KiB | 2 MiB || 4 KiB | (3)
835 * +--------------+------------------++--------------+
836 *
837 * - In (1), it is possible to take advantage of the alignment of the PA
838 * and the size of the region to use a level 2 translation table
839 * instead of a level 3 one.
840 *
841 * - In (2), the size is smaller than a block entry of level 2, so it is
842 * needed to use a level 3 table to describe the region or the library
843 * will map more memory than the desired one.
844 *
845 * - In (3), even though the region has the size of one level 2 block
846 * entry, it isn't possible to describe the translation with a level 2
847 * block entry because of the alignment of the base PA.
848 *
849 * Only bits 47:21 of a level 2 block descriptor are used by the MMU,
850 * bits 20:0 of the resulting address are 0 in this case. Because of
851 * this, the PA generated as result of this translation is aligned to
852 * 2 MiB. The PA that was requested to be mapped is aligned to 4 KiB,
853 * though, which means that the resulting translation is incorrect.
854 * The only way to prevent this is by using a finer granularity.
855 */
856 unsigned long long align_check;
857
858 align_check = mm->base_pa | (unsigned long long)mm->size;
859
860 /*
861 * Assume it is always aligned to level 3. There's no need to check that
862 * level because its block size is PAGE_SIZE. The checks to verify that
863 * the addresses and size are aligned to PAGE_SIZE are inside
864 * mmap_add_region.
865 */
866 for (unsigned int level = ctx->base_level; level <= 2U; ++level) {
867
868 if ((align_check & XLAT_BLOCK_MASK(level)) != 0U)
869 continue;
870
871 mm->base_va = round_up(mm->base_va, XLAT_BLOCK_SIZE(level));
872 return;
873 }
874 }
875
876 void mmap_add_region_alloc_va_ctx(xlat_ctx_t *ctx, mmap_region_t *mm)
877 {
878 mm->base_va = ctx->max_va + 1UL;
879
880 assert(mm->size > 0U);
881
882 mmap_alloc_va_align_ctx(ctx, mm);
883
884 /* Detect overflows. More checks are done in mmap_add_region_check(). */
885 assert(mm->base_va > ctx->max_va);
886
887 mmap_add_region_ctx(ctx, mm);
888 }
889
890 void mmap_add_ctx(xlat_ctx_t *ctx, const mmap_region_t *mm)
891 {
892 const mmap_region_t *mm_cursor = mm;
893
894 while (mm_cursor->granularity != 0U) {
895 mmap_add_region_ctx(ctx, mm_cursor);
896 mm_cursor++;
897 }
898 }
899
900 #if PLAT_XLAT_TABLES_DYNAMIC
901
902 int mmap_add_dynamic_region_ctx(xlat_ctx_t *ctx, mmap_region_t *mm)
903 {
904 mmap_region_t *mm_cursor = ctx->mmap;
905 const mmap_region_t *mm_last = mm_cursor + ctx->mmap_num;
906 unsigned long long end_pa = mm->base_pa + mm->size - 1U;
907 uintptr_t end_va = mm->base_va + mm->size - 1U;
908 int ret;
909
910 /* Nothing to do */
911 if (mm->size == 0U)
912 return 0;
913
914 /* Now this region is a dynamic one */
915 mm->attr |= MT_DYNAMIC;
916
917 ret = mmap_add_region_check(ctx, mm);
918 if (ret != 0)
919 return ret;
920
921 /*
922 * Find the adequate entry in the mmap array in the same way done for
923 * static regions in mmap_add_region_ctx().
924 */
925
926 while (((mm_cursor->base_va + mm_cursor->size - 1U) < end_va)
927 && (mm_cursor->size != 0U)) {
928 ++mm_cursor;
929 }
930
931 while (((mm_cursor->base_va + mm_cursor->size - 1U) == end_va) &&
932 (mm_cursor->size != 0U) && (mm_cursor->size < mm->size)) {
933 ++mm_cursor;
934 }
935
936 /* Make room for new region by moving other regions up by one place */
937 (void)memmove(mm_cursor + 1U, mm_cursor,
938 (uintptr_t)mm_last - (uintptr_t)mm_cursor);
939
940 /*
941 * Check we haven't lost the empty sentinal from the end of the array.
942 * This shouldn't happen as we have checked in mmap_add_region_check
943 * that there is free space.
944 */
945 assert(mm_last->size == 0U);
946
947 *mm_cursor = *mm;
948
949 /*
950 * Update the translation tables if the xlat tables are initialized. If
951 * not, this region will be mapped when they are initialized.
952 */
953 if (ctx->initialized) {
954 end_va = xlat_tables_map_region(ctx, mm_cursor,
955 0U, ctx->base_table, ctx->base_table_entries,
956 ctx->base_level);
957 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
958 xlat_clean_dcache_range((uintptr_t)ctx->base_table,
959 ctx->base_table_entries * sizeof(uint64_t));
960 #endif
961 /* Failed to map, remove mmap entry, unmap and return error. */
962 if (end_va != (mm_cursor->base_va + mm_cursor->size - 1U)) {
963 (void)memmove(mm_cursor, mm_cursor + 1U,
964 (uintptr_t)mm_last - (uintptr_t)mm_cursor);
965
966 /*
967 * Check if the mapping function actually managed to map
968 * anything. If not, just return now.
969 */
970 if (mm->base_va >= end_va)
971 return -ENOMEM;
972
973 /*
974 * Something went wrong after mapping some table
975 * entries, undo every change done up to this point.
976 */
977 mmap_region_t unmap_mm = {
978 .base_pa = 0U,
979 .base_va = mm->base_va,
980 .size = end_va - mm->base_va,
981 .attr = 0U
982 };
983 xlat_tables_unmap_region(ctx, &unmap_mm, 0U,
984 ctx->base_table, ctx->base_table_entries,
985 ctx->base_level);
986 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
987 xlat_clean_dcache_range((uintptr_t)ctx->base_table,
988 ctx->base_table_entries * sizeof(uint64_t));
989 #endif
990 return -ENOMEM;
991 }
992
993 /*
994 * Make sure that all entries are written to the memory. There
995 * is no need to invalidate entries when mapping dynamic regions
996 * because new table/block/page descriptors only replace old
997 * invalid descriptors, that aren't TLB cached.
998 */
999 dsbishst();
1000 }
1001
1002 if (end_pa > ctx->max_pa)
1003 ctx->max_pa = end_pa;
1004 if (end_va > ctx->max_va)
1005 ctx->max_va = end_va;
1006
1007 return 0;
1008 }
1009
1010 int mmap_add_dynamic_region_alloc_va_ctx(xlat_ctx_t *ctx, mmap_region_t *mm)
1011 {
1012 mm->base_va = ctx->max_va + 1UL;
1013
1014 if (mm->size == 0U)
1015 return 0;
1016
1017 mmap_alloc_va_align_ctx(ctx, mm);
1018
1019 /* Detect overflows. More checks are done in mmap_add_region_check(). */
1020 if (mm->base_va < ctx->max_va) {
1021 return -ENOMEM;
1022 }
1023
1024 return mmap_add_dynamic_region_ctx(ctx, mm);
1025 }
1026
1027 /*
1028 * Removes the region with given base Virtual Address and size from the given
1029 * context.
1030 *
1031 * Returns:
1032 * 0: Success.
1033 * EINVAL: Invalid values were used as arguments (region not found).
1034 * EPERM: Tried to remove a static region.
1035 */
1036 int mmap_remove_dynamic_region_ctx(xlat_ctx_t *ctx, uintptr_t base_va,
1037 size_t size)
1038 {
1039 mmap_region_t *mm = ctx->mmap;
1040 const mmap_region_t *mm_last = mm + ctx->mmap_num;
1041 int update_max_va_needed = 0;
1042 int update_max_pa_needed = 0;
1043
1044 /* Check sanity of mmap array. */
1045 assert(mm[ctx->mmap_num].size == 0U);
1046
1047 while (mm->size != 0U) {
1048 if ((mm->base_va == base_va) && (mm->size == size))
1049 break;
1050 ++mm;
1051 }
1052
1053 /* Check that the region was found */
1054 if (mm->size == 0U)
1055 return -EINVAL;
1056
1057 /* If the region is static it can't be removed */
1058 if ((mm->attr & MT_DYNAMIC) == 0U)
1059 return -EPERM;
1060
1061 /* Check if this region is using the top VAs or PAs. */
1062 if ((mm->base_va + mm->size - 1U) == ctx->max_va)
1063 update_max_va_needed = 1;
1064 if ((mm->base_pa + mm->size - 1U) == ctx->max_pa)
1065 update_max_pa_needed = 1;
1066
1067 /* Update the translation tables if needed */
1068 if (ctx->initialized) {
1069 xlat_tables_unmap_region(ctx, mm, 0U, ctx->base_table,
1070 ctx->base_table_entries,
1071 ctx->base_level);
1072 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
1073 xlat_clean_dcache_range((uintptr_t)ctx->base_table,
1074 ctx->base_table_entries * sizeof(uint64_t));
1075 #endif
1076 xlat_arch_tlbi_va_sync();
1077 }
1078
1079 /* Remove this region by moving the rest down by one place. */
1080 (void)memmove(mm, mm + 1U, (uintptr_t)mm_last - (uintptr_t)mm);
1081
1082 /* Check if we need to update the max VAs and PAs */
1083 if (update_max_va_needed == 1) {
1084 ctx->max_va = 0U;
1085 mm = ctx->mmap;
1086 while (mm->size != 0U) {
1087 if ((mm->base_va + mm->size - 1U) > ctx->max_va)
1088 ctx->max_va = mm->base_va + mm->size - 1U;
1089 ++mm;
1090 }
1091 }
1092
1093 if (update_max_pa_needed == 1) {
1094 ctx->max_pa = 0U;
1095 mm = ctx->mmap;
1096 while (mm->size != 0U) {
1097 if ((mm->base_pa + mm->size - 1U) > ctx->max_pa)
1098 ctx->max_pa = mm->base_pa + mm->size - 1U;
1099 ++mm;
1100 }
1101 }
1102
1103 return 0;
1104 }
1105
1106 void xlat_setup_dynamic_ctx(xlat_ctx_t *ctx, unsigned long long pa_max,
1107 uintptr_t va_max, struct mmap_region *mmap,
1108 unsigned int mmap_num, uint64_t **tables,
1109 unsigned int tables_num, uint64_t *base_table,
1110 int xlat_regime, int *mapped_regions)
1111 {
1112 ctx->xlat_regime = xlat_regime;
1113
1114 ctx->pa_max_address = pa_max;
1115 ctx->va_max_address = va_max;
1116
1117 ctx->mmap = mmap;
1118 ctx->mmap_num = mmap_num;
1119 memset(ctx->mmap, 0, sizeof(struct mmap_region) * mmap_num);
1120
1121 ctx->tables = (void *) tables;
1122 ctx->tables_num = tables_num;
1123
1124 uintptr_t va_space_size = va_max + 1;
1125 ctx->base_level = GET_XLAT_TABLE_LEVEL_BASE(va_space_size);
1126 ctx->base_table = base_table;
1127 ctx->base_table_entries = GET_NUM_BASE_LEVEL_ENTRIES(va_space_size);
1128
1129 ctx->tables_mapped_regions = mapped_regions;
1130
1131 ctx->max_pa = 0;
1132 ctx->max_va = 0;
1133 ctx->initialized = 0;
1134 }
1135
1136 #endif /* PLAT_XLAT_TABLES_DYNAMIC */
1137
1138 void __init init_xlat_tables_ctx(xlat_ctx_t *ctx)
1139 {
1140 assert(ctx != NULL);
1141 assert(!ctx->initialized);
1142 assert((ctx->xlat_regime == EL3_REGIME) ||
1143 (ctx->xlat_regime == EL2_REGIME) ||
1144 (ctx->xlat_regime == EL1_EL0_REGIME));
1145 assert(!is_mmu_enabled_ctx(ctx));
1146
1147 mmap_region_t *mm = ctx->mmap;
1148
1149 xlat_mmap_print(mm);
1150
1151 /* All tables must be zeroed before mapping any region. */
1152
1153 for (unsigned int i = 0U; i < ctx->base_table_entries; i++)
1154 ctx->base_table[i] = INVALID_DESC;
1155
1156 for (int j = 0; j < ctx->tables_num; j++) {
1157 #if PLAT_XLAT_TABLES_DYNAMIC
1158 ctx->tables_mapped_regions[j] = 0;
1159 #endif
1160 for (unsigned int i = 0U; i < XLAT_TABLE_ENTRIES; i++)
1161 ctx->tables[j][i] = INVALID_DESC;
1162 }
1163
1164 while (mm->size != 0U) {
1165 uintptr_t end_va = xlat_tables_map_region(ctx, mm, 0U,
1166 ctx->base_table, ctx->base_table_entries,
1167 ctx->base_level);
1168 #if !(HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY)
1169 xlat_clean_dcache_range((uintptr_t)ctx->base_table,
1170 ctx->base_table_entries * sizeof(uint64_t));
1171 #endif
1172 if (end_va != (mm->base_va + mm->size - 1U)) {
1173 ERROR("Not enough memory to map region:\n"
1174 " VA:0x%lx PA:0x%llx size:0x%zx attr:0x%x\n",
1175 mm->base_va, mm->base_pa, mm->size, mm->attr);
1176 panic();
1177 }
1178
1179 mm++;
1180 }
1181
1182 assert(ctx->pa_max_address <= xlat_arch_get_max_supported_pa());
1183 assert(ctx->max_va <= ctx->va_max_address);
1184 assert(ctx->max_pa <= ctx->pa_max_address);
1185
1186 ctx->initialized = true;
1187
1188 xlat_tables_print(ctx);
1189 }
Broadcom-s Trusted Firmware A