xlat_tables_v2.h 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416
  1. /*
  2. * Copyright (c) 2017-2021, Arm Limited and Contributors. All rights reserved.
  3. *
  4. * SPDX-License-Identifier: BSD-3-Clause
  5. */
  6. #ifndef XLAT_TABLES_V2_H
  7. #define XLAT_TABLES_V2_H
  8. #include <lib/xlat_tables/xlat_tables_defs.h>
  9. #include <lib/xlat_tables/xlat_tables_v2_helpers.h>
  10. #ifndef __ASSEMBLER__
  11. #include <stddef.h>
  12. #include <stdint.h>
  13. #include <lib/xlat_tables/xlat_mmu_helpers.h>
  14. /*
  15. * Default granularity size for an mmap_region_t.
  16. * Useful when no specific granularity is required.
  17. *
  18. * By default, choose the biggest possible block size allowed by the
  19. * architectural state and granule size in order to minimize the number of page
  20. * tables required for the mapping.
  21. */
  22. #define REGION_DEFAULT_GRANULARITY XLAT_BLOCK_SIZE(MIN_LVL_BLOCK_DESC)
  23. /* Helper macro to define an mmap_region_t. */
  24. #define MAP_REGION(_pa, _va, _sz, _attr) \
  25. MAP_REGION_FULL_SPEC(_pa, _va, _sz, _attr, REGION_DEFAULT_GRANULARITY)
  26. /* Helper macro to define an mmap_region_t with an identity mapping. */
  27. #define MAP_REGION_FLAT(_adr, _sz, _attr) \
  28. MAP_REGION(_adr, _adr, _sz, _attr)
  29. /*
  30. * Helper macro to define entries for mmap_region_t. It allows to define 'pa'
  31. * and sets 'va' to 0 for each region. To be used with mmap_add_alloc_va().
  32. */
  33. #define MAP_REGION_ALLOC_VA(pa, sz, attr) MAP_REGION(pa, 0, sz, attr)
  34. /*
  35. * Helper macro to define an mmap_region_t to map with the desired granularity
  36. * of translation tables.
  37. *
  38. * The granularity value passed to this macro must be a valid block or page
  39. * size. When using a 4KB translation granule, this might be 4KB, 2MB or 1GB.
  40. * Passing REGION_DEFAULT_GRANULARITY is also allowed and means that the library
  41. * is free to choose the granularity for this region. In this case, it is
  42. * equivalent to the MAP_REGION() macro.
  43. */
  44. #define MAP_REGION2(_pa, _va, _sz, _attr, _gr) \
  45. MAP_REGION_FULL_SPEC(_pa, _va, _sz, _attr, _gr)
  46. /*
  47. * Shifts and masks to access fields of an mmap attribute
  48. */
  49. #define MT_TYPE_MASK U(0x7)
  50. #define MT_TYPE(_attr) ((_attr) & MT_TYPE_MASK)
  51. /* Access permissions (RO/RW) */
  52. #define MT_PERM_SHIFT U(3)
  53. /* Physical address space (SECURE/NS/Root/Realm) */
  54. #define MT_PAS_SHIFT U(4)
  55. #define MT_PAS_MASK (U(3) << MT_PAS_SHIFT)
  56. #define MT_PAS(_attr) ((_attr) & MT_PAS_MASK)
  57. /* Access permissions for instruction execution (EXECUTE/EXECUTE_NEVER) */
  58. #define MT_EXECUTE_SHIFT U(6)
  59. /* In the EL1&0 translation regime, User (EL0) or Privileged (EL1). */
  60. #define MT_USER_SHIFT U(7)
  61. /* Shareability attribute for the memory region */
  62. #define MT_SHAREABILITY_SHIFT U(8)
  63. #define MT_SHAREABILITY_MASK (U(3) << MT_SHAREABILITY_SHIFT)
  64. #define MT_SHAREABILITY(_attr) ((_attr) & MT_SHAREABILITY_MASK)
  65. /* All other bits are reserved */
  66. /*
  67. * Memory mapping attributes
  68. */
  69. /*
  70. * Memory types supported.
  71. * These are organised so that, going down the list, the memory types are
  72. * getting weaker; conversely going up the list the memory types are getting
  73. * stronger.
  74. */
  75. #define MT_DEVICE U(0)
  76. #define MT_NON_CACHEABLE U(1)
  77. #define MT_MEMORY U(2)
  78. /* Values up to 7 are reserved to add new memory types in the future */
  79. #define MT_RO (U(0) << MT_PERM_SHIFT)
  80. #define MT_RW (U(1) << MT_PERM_SHIFT)
  81. #define MT_SECURE (U(0) << MT_PAS_SHIFT)
  82. #define MT_NS (U(1) << MT_PAS_SHIFT)
  83. #define MT_ROOT (U(2) << MT_PAS_SHIFT)
  84. #define MT_REALM (U(3) << MT_PAS_SHIFT)
  85. /*
  86. * Access permissions for instruction execution are only relevant for normal
  87. * read-only memory, i.e. MT_MEMORY | MT_RO. They are ignored (and potentially
  88. * overridden) otherwise:
  89. * - Device memory is always marked as execute-never.
  90. * - Read-write normal memory is always marked as execute-never.
  91. */
  92. #define MT_EXECUTE (U(0) << MT_EXECUTE_SHIFT)
  93. #define MT_EXECUTE_NEVER (U(1) << MT_EXECUTE_SHIFT)
  94. /*
  95. * When mapping a region at EL0 or EL1, this attribute will be used to determine
  96. * if a User mapping (EL0) will be created or a Privileged mapping (EL1).
  97. */
  98. #define MT_USER (U(1) << MT_USER_SHIFT)
  99. #define MT_PRIVILEGED (U(0) << MT_USER_SHIFT)
  100. /*
  101. * Shareability defines the visibility of any cache changes to
  102. * all masters belonging to a shareable domain.
  103. *
  104. * MT_SHAREABILITY_ISH: For inner shareable domain
  105. * MT_SHAREABILITY_OSH: For outer shareable domain
  106. * MT_SHAREABILITY_NSH: For non shareable domain
  107. */
  108. #define MT_SHAREABILITY_ISH (U(1) << MT_SHAREABILITY_SHIFT)
  109. #define MT_SHAREABILITY_OSH (U(2) << MT_SHAREABILITY_SHIFT)
  110. #define MT_SHAREABILITY_NSH (U(3) << MT_SHAREABILITY_SHIFT)
  111. /* Compound attributes for most common usages */
  112. #define MT_CODE (MT_MEMORY | MT_RO | MT_EXECUTE)
  113. #define MT_RO_DATA (MT_MEMORY | MT_RO | MT_EXECUTE_NEVER)
  114. #define MT_RW_DATA (MT_MEMORY | MT_RW | MT_EXECUTE_NEVER)
  115. /*
  116. * Structure for specifying a single region of memory.
  117. */
  118. typedef struct mmap_region {
  119. unsigned long long base_pa;
  120. uintptr_t base_va;
  121. size_t size;
  122. unsigned int attr;
  123. /* Desired granularity. See the MAP_REGION2() macro for more details. */
  124. size_t granularity;
  125. } mmap_region_t;
  126. /*
  127. * Translation regimes supported by this library. EL_REGIME_INVALID tells the
  128. * library to detect it at runtime.
  129. */
  130. #define EL1_EL0_REGIME 1
  131. #define EL2_REGIME 2
  132. #define EL3_REGIME 3
  133. #define EL_REGIME_INVALID -1
  134. /* Memory type for EL3 regions. With RME, EL3 is in ROOT PAS */
  135. #if ENABLE_RME
  136. #define EL3_PAS MT_ROOT
  137. #else
  138. #define EL3_PAS MT_SECURE
  139. #endif /* ENABLE_RME */
  140. /*
  141. * Declare the translation context type.
  142. * Its definition is private.
  143. */
  144. typedef struct xlat_ctx xlat_ctx_t;
  145. /*
  146. * Statically allocate a translation context and associated structures. Also
  147. * initialize them.
  148. *
  149. * _ctx_name:
  150. * Prefix for the translation context variable.
  151. * E.g. If _ctx_name is 'foo', the variable will be called 'foo_xlat_ctx'.
  152. * Useful to distinguish multiple contexts from one another.
  153. *
  154. * _mmap_count:
  155. * Number of mmap_region_t to allocate.
  156. * Would typically be MAX_MMAP_REGIONS for the translation context describing
  157. * the BL image currently executing.
  158. *
  159. * _xlat_tables_count:
  160. * Number of sub-translation tables to allocate.
  161. * Would typically be MAX_XLAT_TABLES for the translation context describing
  162. * the BL image currently executing.
  163. * Note that this is only for sub-tables ; at the initial lookup level, there
  164. * is always a single table.
  165. *
  166. * _virt_addr_space_size, _phy_addr_space_size:
  167. * Size (in bytes) of the virtual (resp. physical) address space.
  168. * Would typically be PLAT_VIRT_ADDR_SPACE_SIZE
  169. * (resp. PLAT_PHY_ADDR_SPACE_SIZE) for the translation context describing the
  170. * BL image currently executing.
  171. */
  172. #define REGISTER_XLAT_CONTEXT(_ctx_name, _mmap_count, _xlat_tables_count, \
  173. _virt_addr_space_size, _phy_addr_space_size) \
  174. REGISTER_XLAT_CONTEXT_FULL_SPEC(_ctx_name, (_mmap_count), \
  175. (_xlat_tables_count), \
  176. (_virt_addr_space_size), \
  177. (_phy_addr_space_size), \
  178. EL_REGIME_INVALID, \
  179. ".xlat_table", ".base_xlat_table")
  180. /*
  181. * Same as REGISTER_XLAT_CONTEXT plus the additional parameters:
  182. *
  183. * _xlat_regime:
  184. * Specify the translation regime managed by this xlat_ctx_t instance. The
  185. * values are the one from the EL*_REGIME definitions.
  186. *
  187. * _section_name:
  188. * Specify the name of the section where the translation tables have to be
  189. * placed by the linker.
  190. *
  191. * _base_table_section_name:
  192. * Specify the name of the section where the base translation tables have to
  193. * be placed by the linker.
  194. */
  195. #define REGISTER_XLAT_CONTEXT2(_ctx_name, _mmap_count, _xlat_tables_count, \
  196. _virt_addr_space_size, _phy_addr_space_size, \
  197. _xlat_regime, _section_name, _base_table_section_name) \
  198. REGISTER_XLAT_CONTEXT_FULL_SPEC(_ctx_name, (_mmap_count), \
  199. (_xlat_tables_count), \
  200. (_virt_addr_space_size), \
  201. (_phy_addr_space_size), \
  202. (_xlat_regime), \
  203. (_section_name), (_base_table_section_name) \
  204. )
  205. /******************************************************************************
  206. * Generic translation table APIs.
  207. * Each API comes in 2 variants:
  208. * - one that acts on the current translation context for this BL image
  209. * - another that acts on the given translation context instead. This variant
  210. * is named after the 1st version, with an additional '_ctx' suffix.
  211. *****************************************************************************/
  212. /*
  213. * Initialize translation tables from the current list of mmap regions. Calling
  214. * this function marks the transition point after which static regions can no
  215. * longer be added.
  216. */
  217. void init_xlat_tables(void);
  218. void init_xlat_tables_ctx(xlat_ctx_t *ctx);
  219. /*
  220. * Fill all fields of a dynamic translation tables context. It must be done
  221. * either statically with REGISTER_XLAT_CONTEXT() or at runtime with this
  222. * function.
  223. */
  224. void xlat_setup_dynamic_ctx(xlat_ctx_t *ctx, unsigned long long pa_max,
  225. uintptr_t va_max, struct mmap_region *mmap,
  226. unsigned int mmap_num, uint64_t **tables,
  227. unsigned int tables_num, uint64_t *base_table,
  228. int xlat_regime, int *mapped_regions);
  229. /*
  230. * Add a static region with defined base PA and base VA. This function can only
  231. * be used before initializing the translation tables. The region cannot be
  232. * removed afterwards.
  233. */
  234. void mmap_add_region(unsigned long long base_pa, uintptr_t base_va,
  235. size_t size, unsigned int attr);
  236. void mmap_add_region_ctx(xlat_ctx_t *ctx, const mmap_region_t *mm);
  237. /*
  238. * Add an array of static regions with defined base PA and base VA. This
  239. * function can only be used before initializing the translation tables. The
  240. * regions cannot be removed afterwards.
  241. */
  242. void mmap_add(const mmap_region_t *mm);
  243. void mmap_add_ctx(xlat_ctx_t *ctx, const mmap_region_t *mm);
  244. /*
  245. * Add a region with defined base PA. Returns base VA calculated using the
  246. * highest existing region in the mmap array even if it fails to allocate the
  247. * region.
  248. */
  249. void mmap_add_region_alloc_va(unsigned long long base_pa, uintptr_t *base_va,
  250. size_t size, unsigned int attr);
  251. void mmap_add_region_alloc_va_ctx(xlat_ctx_t *ctx, mmap_region_t *mm);
  252. /*
  253. * Add an array of static regions with defined base PA, and fill the base VA
  254. * field on the array of structs. This function can only be used before
  255. * initializing the translation tables. The regions cannot be removed afterwards.
  256. */
  257. void mmap_add_alloc_va(mmap_region_t *mm);
  258. #if PLAT_XLAT_TABLES_DYNAMIC
  259. /*
  260. * Add a dynamic region with defined base PA and base VA. This type of region
  261. * can be added and removed even after the translation tables are initialized.
  262. *
  263. * Returns:
  264. * 0: Success.
  265. * EINVAL: Invalid values were used as arguments.
  266. * ERANGE: Memory limits were surpassed.
  267. * ENOMEM: Not enough space in the mmap array or not enough free xlat tables.
  268. * EPERM: It overlaps another region in an invalid way.
  269. */
  270. int mmap_add_dynamic_region(unsigned long long base_pa, uintptr_t base_va,
  271. size_t size, unsigned int attr);
  272. int mmap_add_dynamic_region_ctx(xlat_ctx_t *ctx, mmap_region_t *mm);
  273. /*
  274. * Add a dynamic region with defined base PA. Returns base VA calculated using
  275. * the highest existing region in the mmap array even if it fails to allocate
  276. * the region.
  277. *
  278. * mmap_add_dynamic_region_alloc_va() returns the allocated VA in 'base_va'.
  279. * mmap_add_dynamic_region_alloc_va_ctx() returns it in 'mm->base_va'.
  280. *
  281. * It returns the same error values as mmap_add_dynamic_region().
  282. */
  283. int mmap_add_dynamic_region_alloc_va(unsigned long long base_pa,
  284. uintptr_t *base_va,
  285. size_t size, unsigned int attr);
  286. int mmap_add_dynamic_region_alloc_va_ctx(xlat_ctx_t *ctx, mmap_region_t *mm);
  287. /*
  288. * Remove a region with the specified base VA and size. Only dynamic regions can
  289. * be removed, and they can be removed even if the translation tables are
  290. * initialized.
  291. *
  292. * Returns:
  293. * 0: Success.
  294. * EINVAL: The specified region wasn't found.
  295. * EPERM: Trying to remove a static region.
  296. */
  297. int mmap_remove_dynamic_region(uintptr_t base_va, size_t size);
  298. int mmap_remove_dynamic_region_ctx(xlat_ctx_t *ctx,
  299. uintptr_t base_va,
  300. size_t size);
  301. #endif /* PLAT_XLAT_TABLES_DYNAMIC */
  302. /*
  303. * Change the memory attributes of the memory region starting from a given
  304. * virtual address in a set of translation tables.
  305. *
  306. * This function can only be used after the translation tables have been
  307. * initialized.
  308. *
  309. * The base address of the memory region must be aligned on a page boundary.
  310. * The size of this memory region must be a multiple of a page size.
  311. * The memory region must be already mapped by the given translation tables
  312. * and it must be mapped at the granularity of a page.
  313. *
  314. * Return 0 on success, a negative value on error.
  315. *
  316. * In case of error, the memory attributes remain unchanged and this function
  317. * has no effect.
  318. *
  319. * ctx
  320. * Translation context to work on.
  321. * base_va:
  322. * Virtual address of the 1st page to change the attributes of.
  323. * size:
  324. * Size in bytes of the memory region.
  325. * attr:
  326. * New attributes of the page tables. The attributes that can be changed are
  327. * data access (MT_RO/MT_RW), instruction access (MT_EXECUTE_NEVER/MT_EXECUTE)
  328. * and user/privileged access (MT_USER/MT_PRIVILEGED) in the case of contexts
  329. * that are used in the EL1&0 translation regime. Also, note that this
  330. * function doesn't allow to remap a region as RW and executable, or to remap
  331. * device memory as executable.
  332. *
  333. * NOTE: The caller of this function must be able to write to the translation
  334. * tables, i.e. the memory where they are stored must be mapped with read-write
  335. * access permissions. This function assumes it is the case. If this is not
  336. * the case then this function might trigger a data abort exception.
  337. *
  338. * NOTE2: The caller is responsible for making sure that the targeted
  339. * translation tables are not modified by any other code while this function is
  340. * executing.
  341. */
  342. int xlat_change_mem_attributes_ctx(const xlat_ctx_t *ctx, uintptr_t base_va,
  343. size_t size, uint32_t attr);
  344. int xlat_change_mem_attributes(uintptr_t base_va, size_t size, uint32_t attr);
  345. #if PLAT_RO_XLAT_TABLES
  346. /*
  347. * Change the memory attributes of the memory region encompassing the higher
  348. * level translation tables to secure read-only data.
  349. *
  350. * Return 0 on success, a negative error code on error.
  351. */
  352. int xlat_make_tables_readonly(void);
  353. #endif
  354. /*
  355. * Query the memory attributes of a memory page in a set of translation tables.
  356. *
  357. * Return 0 on success, a negative error code on error.
  358. * On success, the attributes are stored into *attr.
  359. *
  360. * ctx
  361. * Translation context to work on.
  362. * base_va
  363. * Virtual address of the page to get the attributes of.
  364. * There are no alignment restrictions on this address. The attributes of the
  365. * memory page it lies within are returned.
  366. * attr
  367. * Output parameter where to store the attributes of the targeted memory page.
  368. */
  369. int xlat_get_mem_attributes_ctx(const xlat_ctx_t *ctx, uintptr_t base_va,
  370. uint32_t *attr);
  371. int xlat_get_mem_attributes(uintptr_t base_va, uint32_t *attr);
  372. #endif /*__ASSEMBLER__*/
  373. #endif /* XLAT_TABLES_V2_H */