1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2016, 2022 Linaro Limited
4 * Copyright (c) 2014, STMicroelectronics International N.V.
5 * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
6 */
7
8 #include <assert.h>
9 #include <config.h>
10 #include <kernel/boot.h>
11 #include <kernel/dt.h>
12 #include <kernel/linker.h>
13 #include <kernel/panic.h>
14 #include <kernel/spinlock.h>
15 #include <kernel/tee_l2cc_mutex.h>
16 #include <kernel/tee_misc.h>
17 #include <kernel/tlb_helpers.h>
18 #include <kernel/user_mode_ctx.h>
19 #include <kernel/virtualization.h>
20 #include <libfdt.h>
21 #include <mm/core_memprot.h>
22 #include <mm/core_mmu.h>
23 #include <mm/mobj.h>
24 #include <mm/pgt_cache.h>
25 #include <mm/tee_pager.h>
26 #include <mm/vm.h>
27 #include <platform_config.h>
28 #include <string.h>
29 #include <trace.h>
30 #include <util.h>
31
32 #ifndef DEBUG_XLAT_TABLE
33 #define DEBUG_XLAT_TABLE 0
34 #endif
35
36 #define SHM_VASPACE_SIZE (1024 * 1024 * 32)
37
38 /*
39 * These variables are initialized before .bss is cleared. To avoid
40 * resetting them when .bss is cleared we're storing them in .data instead,
41 * even if they initially are zero.
42 */
43
44 #ifdef CFG_CORE_RESERVED_SHM
45 /* Default NSec shared memory allocated from NSec world */
46 unsigned long default_nsec_shm_size __nex_bss;
47 unsigned long default_nsec_shm_paddr __nex_bss;
48 #endif
49
50 static struct tee_mmap_region static_memory_map[CFG_MMAP_REGIONS
51 #ifdef CFG_CORE_ASLR
52 + 1
53 #endif
54 + 1] __nex_bss;
55
56 /* Define the platform's memory layout. */
57 struct memaccess_area {
58 paddr_t paddr;
59 size_t size;
60 };
61
62 #define MEMACCESS_AREA(a, s) { .paddr = a, .size = s }
63
64 static struct memaccess_area secure_only[] __nex_data = {
65 #ifdef TRUSTED_SRAM_BASE
66 MEMACCESS_AREA(TRUSTED_SRAM_BASE, TRUSTED_SRAM_SIZE),
67 #endif
68 MEMACCESS_AREA(TRUSTED_DRAM_BASE, TRUSTED_DRAM_SIZE),
69 };
70
71 static struct memaccess_area nsec_shared[] __nex_data = {
72 #ifdef CFG_CORE_RESERVED_SHM
73 MEMACCESS_AREA(TEE_SHMEM_START, TEE_SHMEM_SIZE),
74 #endif
75 };
76
77 #if defined(CFG_SECURE_DATA_PATH)
78 static const char *tz_sdp_match = "linaro,secure-heap";
79 static struct memaccess_area sec_sdp;
80 #ifdef CFG_TEE_SDP_MEM_BASE
81 register_sdp_mem(CFG_TEE_SDP_MEM_BASE, CFG_TEE_SDP_MEM_SIZE);
82 #endif
83 #ifdef TEE_SDP_TEST_MEM_BASE
84 register_sdp_mem(TEE_SDP_TEST_MEM_BASE, TEE_SDP_TEST_MEM_SIZE);
85 #endif
86 #endif
87
88 #ifdef CFG_CORE_RWDATA_NOEXEC
89 register_phys_mem_ul(MEM_AREA_TEE_RAM_RO, TEE_RAM_START,
90 VCORE_UNPG_RX_PA - TEE_RAM_START);
91 register_phys_mem_ul(MEM_AREA_TEE_RAM_RX, VCORE_UNPG_RX_PA,
92 VCORE_UNPG_RX_SZ_UNSAFE);
93 register_phys_mem_ul(MEM_AREA_TEE_RAM_RO, VCORE_UNPG_RO_PA,
94 VCORE_UNPG_RO_SZ_UNSAFE);
95
96 #ifdef CFG_VIRTUALIZATION
97 register_phys_mem_ul(MEM_AREA_NEX_RAM_RO, VCORE_UNPG_RW_PA,
98 VCORE_UNPG_RW_SZ_UNSAFE);
99 register_phys_mem_ul(MEM_AREA_NEX_RAM_RW, VCORE_NEX_RW_PA,
100 VCORE_NEX_RW_SZ_UNSAFE);
101 #else
102 register_phys_mem_ul(MEM_AREA_TEE_RAM_RW, VCORE_UNPG_RW_PA,
103 VCORE_UNPG_RW_SZ_UNSAFE);
104 #endif
105
106 #ifdef CFG_WITH_PAGER
107 register_phys_mem_ul(MEM_AREA_INIT_RAM_RX, VCORE_INIT_RX_PA,
108 VCORE_INIT_RX_SZ_UNSAFE);
109 register_phys_mem_ul(MEM_AREA_INIT_RAM_RO, VCORE_INIT_RO_PA,
110 VCORE_INIT_RO_SZ_UNSAFE);
111 #endif /*CFG_WITH_PAGER*/
112 #else /*!CFG_CORE_RWDATA_NOEXEC*/
113 register_phys_mem(MEM_AREA_TEE_RAM, TEE_RAM_START, TEE_RAM_PH_SIZE);
114 #endif /*!CFG_CORE_RWDATA_NOEXEC*/
115
116 #ifdef CFG_VIRTUALIZATION
117 register_phys_mem(MEM_AREA_SEC_RAM_OVERALL, TRUSTED_DRAM_BASE,
118 TRUSTED_DRAM_SIZE);
119 #endif
120
121 #if defined(CFG_CORE_SANITIZE_KADDRESS) && defined(CFG_WITH_PAGER)
122 /* Asan ram is part of MEM_AREA_TEE_RAM_RW when pager is disabled */
123 register_phys_mem_ul(MEM_AREA_TEE_ASAN, ASAN_MAP_PA, ASAN_MAP_SZ);
124 #endif
125
126 #ifndef CFG_VIRTUALIZATION
127 /* Every guest will have own TA RAM if virtualization support is enabled */
128 register_phys_mem(MEM_AREA_TA_RAM, TA_RAM_START, TA_RAM_SIZE);
129 #endif
130 #ifdef CFG_CORE_RESERVED_SHM
131 register_phys_mem(MEM_AREA_NSEC_SHM, TEE_SHMEM_START, TEE_SHMEM_SIZE);
132 #endif
133
134 static unsigned int mmu_spinlock;
135
mmu_lock(void)136 static uint32_t mmu_lock(void)
137 {
138 return cpu_spin_lock_xsave(&mmu_spinlock);
139 }
140
mmu_unlock(uint32_t exceptions)141 static void mmu_unlock(uint32_t exceptions)
142 {
143 cpu_spin_unlock_xrestore(&mmu_spinlock, exceptions);
144 }
145
get_memory_map(void)146 static struct tee_mmap_region *get_memory_map(void)
147 {
148 if (IS_ENABLED(CFG_VIRTUALIZATION)) {
149 struct tee_mmap_region *map = virt_get_memory_map();
150
151 if (map)
152 return map;
153 }
154
155 return static_memory_map;
156 }
157
_pbuf_intersects(struct memaccess_area * a,size_t alen,paddr_t pa,size_t size)158 static bool _pbuf_intersects(struct memaccess_area *a, size_t alen,
159 paddr_t pa, size_t size)
160 {
161 size_t n;
162
163 for (n = 0; n < alen; n++)
164 if (core_is_buffer_intersect(pa, size, a[n].paddr, a[n].size))
165 return true;
166 return false;
167 }
168
169 #define pbuf_intersects(a, pa, size) \
170 _pbuf_intersects((a), ARRAY_SIZE(a), (pa), (size))
171
_pbuf_is_inside(struct memaccess_area * a,size_t alen,paddr_t pa,size_t size)172 static bool _pbuf_is_inside(struct memaccess_area *a, size_t alen,
173 paddr_t pa, size_t size)
174 {
175 size_t n;
176
177 for (n = 0; n < alen; n++)
178 if (core_is_buffer_inside(pa, size, a[n].paddr, a[n].size))
179 return true;
180 return false;
181 }
182
183 #define pbuf_is_inside(a, pa, size) \
184 _pbuf_is_inside((a), ARRAY_SIZE(a), (pa), (size))
185
pa_is_in_map(struct tee_mmap_region * map,paddr_t pa,size_t len)186 static bool pa_is_in_map(struct tee_mmap_region *map, paddr_t pa, size_t len)
187 {
188 paddr_t end_pa = 0;
189
190 if (!map)
191 return false;
192
193 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa))
194 return false;
195
196 return (pa >= map->pa && end_pa <= map->pa + map->size - 1);
197 }
198
va_is_in_map(struct tee_mmap_region * map,vaddr_t va)199 static bool va_is_in_map(struct tee_mmap_region *map, vaddr_t va)
200 {
201 if (!map)
202 return false;
203 return (va >= map->va && va <= (map->va + map->size - 1));
204 }
205
206 /* check if target buffer fits in a core default map area */
pbuf_inside_map_area(unsigned long p,size_t l,struct tee_mmap_region * map)207 static bool pbuf_inside_map_area(unsigned long p, size_t l,
208 struct tee_mmap_region *map)
209 {
210 return core_is_buffer_inside(p, l, map->pa, map->size);
211 }
212
find_map_by_type(enum teecore_memtypes type)213 static struct tee_mmap_region *find_map_by_type(enum teecore_memtypes type)
214 {
215 struct tee_mmap_region *map;
216
217 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++)
218 if (map->type == type)
219 return map;
220 return NULL;
221 }
222
223 static struct tee_mmap_region *
find_map_by_type_and_pa(enum teecore_memtypes type,paddr_t pa,size_t len)224 find_map_by_type_and_pa(enum teecore_memtypes type, paddr_t pa, size_t len)
225 {
226 struct tee_mmap_region *map;
227
228 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) {
229 if (map->type != type)
230 continue;
231 if (pa_is_in_map(map, pa, len))
232 return map;
233 }
234 return NULL;
235 }
236
find_map_by_va(void * va)237 static struct tee_mmap_region *find_map_by_va(void *va)
238 {
239 struct tee_mmap_region *map = get_memory_map();
240 unsigned long a = (unsigned long)va;
241
242 while (!core_mmap_is_end_of_table(map)) {
243 if (a >= map->va && a <= (map->va - 1 + map->size))
244 return map;
245 map++;
246 }
247 return NULL;
248 }
249
find_map_by_pa(unsigned long pa)250 static struct tee_mmap_region *find_map_by_pa(unsigned long pa)
251 {
252 struct tee_mmap_region *map = get_memory_map();
253
254 while (!core_mmap_is_end_of_table(map)) {
255 if (pa >= map->pa && pa <= (map->pa + map->size - 1))
256 return map;
257 map++;
258 }
259 return NULL;
260 }
261
262 #if defined(CFG_SECURE_DATA_PATH)
dtb_get_sdp_region(void)263 static bool dtb_get_sdp_region(void)
264 {
265 void *fdt = NULL;
266 int node = 0;
267 int tmp_node = 0;
268 paddr_t tmp_addr = 0;
269 size_t tmp_size = 0;
270
271 if (!IS_ENABLED(CFG_EMBED_DTB))
272 return false;
273
274 fdt = get_embedded_dt();
275 if (!fdt)
276 panic("No DTB found");
277
278 node = fdt_node_offset_by_compatible(fdt, -1, tz_sdp_match);
279 if (node < 0) {
280 DMSG("No %s compatible node found", tz_sdp_match);
281 return false;
282 }
283 tmp_node = node;
284 while (tmp_node >= 0) {
285 tmp_node = fdt_node_offset_by_compatible(fdt, tmp_node,
286 tz_sdp_match);
287 if (tmp_node >= 0)
288 DMSG("Ignore SDP pool node %s, supports only 1 node",
289 fdt_get_name(fdt, tmp_node, NULL));
290 }
291
292 tmp_addr = _fdt_reg_base_address(fdt, node);
293 if (tmp_addr == DT_INFO_INVALID_REG) {
294 EMSG("%s: Unable to get base addr from DT", tz_sdp_match);
295 return false;
296 }
297
298 tmp_size = _fdt_reg_size(fdt, node);
299 if (tmp_size == DT_INFO_INVALID_REG_SIZE) {
300 EMSG("%s: Unable to get size of base addr from DT",
301 tz_sdp_match);
302 return false;
303 }
304
305 sec_sdp.paddr = tmp_addr;
306 sec_sdp.size = tmp_size;
307
308 return true;
309 }
310 #endif
311
312 #if defined(CFG_CORE_DYN_SHM) || defined(CFG_SECURE_DATA_PATH)
pbuf_is_special_mem(paddr_t pbuf,size_t len,const struct core_mmu_phys_mem * start,const struct core_mmu_phys_mem * end)313 static bool pbuf_is_special_mem(paddr_t pbuf, size_t len,
314 const struct core_mmu_phys_mem *start,
315 const struct core_mmu_phys_mem *end)
316 {
317 const struct core_mmu_phys_mem *mem;
318
319 for (mem = start; mem < end; mem++) {
320 if (core_is_buffer_inside(pbuf, len, mem->addr, mem->size))
321 return true;
322 }
323
324 return false;
325 }
326 #endif
327
328 #ifdef CFG_CORE_DYN_SHM
carve_out_phys_mem(struct core_mmu_phys_mem ** mem,size_t * nelems,paddr_t pa,size_t size)329 static void carve_out_phys_mem(struct core_mmu_phys_mem **mem, size_t *nelems,
330 paddr_t pa, size_t size)
331 {
332 struct core_mmu_phys_mem *m = *mem;
333 size_t n = 0;
334
335 while (true) {
336 if (n >= *nelems) {
337 DMSG("No need to carve out %#" PRIxPA " size %#zx",
338 pa, size);
339 return;
340 }
341 if (core_is_buffer_inside(pa, size, m[n].addr, m[n].size))
342 break;
343 if (!core_is_buffer_outside(pa, size, m[n].addr, m[n].size))
344 panic();
345 n++;
346 }
347
348 if (pa == m[n].addr && size == m[n].size) {
349 /* Remove this entry */
350 (*nelems)--;
351 memmove(m + n, m + n + 1, sizeof(*m) * (*nelems - n));
352 m = nex_realloc(m, sizeof(*m) * *nelems);
353 if (!m)
354 panic();
355 *mem = m;
356 } else if (pa == m[n].addr) {
357 m[n].addr += size;
358 m[n].size -= size;
359 } else if ((pa + size) == (m[n].addr + m[n].size)) {
360 m[n].size -= size;
361 } else {
362 /* Need to split the memory entry */
363 m = nex_realloc(m, sizeof(*m) * (*nelems + 1));
364 if (!m)
365 panic();
366 *mem = m;
367 memmove(m + n + 1, m + n, sizeof(*m) * (*nelems - n));
368 (*nelems)++;
369 m[n].size = pa - m[n].addr;
370 m[n + 1].size -= size + m[n].size;
371 m[n + 1].addr = pa + size;
372 }
373 }
374
check_phys_mem_is_outside(struct core_mmu_phys_mem * start,size_t nelems,struct tee_mmap_region * map)375 static void check_phys_mem_is_outside(struct core_mmu_phys_mem *start,
376 size_t nelems,
377 struct tee_mmap_region *map)
378 {
379 size_t n;
380
381 for (n = 0; n < nelems; n++) {
382 if (!core_is_buffer_outside(start[n].addr, start[n].size,
383 map->pa, map->size)) {
384 EMSG("Non-sec mem (%#" PRIxPA ":%#" PRIxPASZ
385 ") overlaps map (type %d %#" PRIxPA ":%#zx)",
386 start[n].addr, start[n].size,
387 map->type, map->pa, map->size);
388 panic();
389 }
390 }
391 }
392
393 static const struct core_mmu_phys_mem *discovered_nsec_ddr_start __nex_bss;
394 static size_t discovered_nsec_ddr_nelems __nex_bss;
395
cmp_pmem_by_addr(const void * a,const void * b)396 static int cmp_pmem_by_addr(const void *a, const void *b)
397 {
398 const struct core_mmu_phys_mem *pmem_a = a;
399 const struct core_mmu_phys_mem *pmem_b = b;
400
401 return CMP_TRILEAN(pmem_a->addr, pmem_b->addr);
402 }
403
core_mmu_set_discovered_nsec_ddr(struct core_mmu_phys_mem * start,size_t nelems)404 void core_mmu_set_discovered_nsec_ddr(struct core_mmu_phys_mem *start,
405 size_t nelems)
406 {
407 struct core_mmu_phys_mem *m = start;
408 size_t num_elems = nelems;
409 struct tee_mmap_region *map = static_memory_map;
410 const struct core_mmu_phys_mem __maybe_unused *pmem;
411
412 assert(!discovered_nsec_ddr_start);
413 assert(m && num_elems);
414
415 qsort(m, num_elems, sizeof(*m), cmp_pmem_by_addr);
416
417 /*
418 * Non-secure shared memory and also secure data
419 * path memory are supposed to reside inside
420 * non-secure memory. Since NSEC_SHM and SDP_MEM
421 * are used for a specific purpose make holes for
422 * those memory in the normal non-secure memory.
423 *
424 * This has to be done since for instance QEMU
425 * isn't aware of which memory range in the
426 * non-secure memory is used for NSEC_SHM.
427 */
428
429 #ifdef CFG_SECURE_DATA_PATH
430 if (dtb_get_sdp_region())
431 carve_out_phys_mem(&m, &num_elems, sec_sdp.paddr, sec_sdp.size);
432
433 for (pmem = phys_sdp_mem_begin; pmem < phys_sdp_mem_end; pmem++)
434 carve_out_phys_mem(&m, &num_elems, pmem->addr, pmem->size);
435 #endif
436
437 carve_out_phys_mem(&m, &num_elems, TEE_RAM_START, TEE_RAM_PH_SIZE);
438 carve_out_phys_mem(&m, &num_elems, TA_RAM_START, TA_RAM_SIZE);
439
440 for (map = static_memory_map; !core_mmap_is_end_of_table(map); map++) {
441 switch (map->type) {
442 case MEM_AREA_NSEC_SHM:
443 carve_out_phys_mem(&m, &num_elems, map->pa, map->size);
444 break;
445 case MEM_AREA_EXT_DT:
446 case MEM_AREA_RES_VASPACE:
447 case MEM_AREA_SHM_VASPACE:
448 case MEM_AREA_TS_VASPACE:
449 case MEM_AREA_PAGER_VASPACE:
450 break;
451 default:
452 check_phys_mem_is_outside(m, num_elems, map);
453 }
454 }
455
456 discovered_nsec_ddr_start = m;
457 discovered_nsec_ddr_nelems = num_elems;
458
459 if (!core_mmu_check_end_pa(m[num_elems - 1].addr,
460 m[num_elems - 1].size))
461 panic();
462 }
463
get_discovered_nsec_ddr(const struct core_mmu_phys_mem ** start,const struct core_mmu_phys_mem ** end)464 static bool get_discovered_nsec_ddr(const struct core_mmu_phys_mem **start,
465 const struct core_mmu_phys_mem **end)
466 {
467 if (!discovered_nsec_ddr_start)
468 return false;
469
470 *start = discovered_nsec_ddr_start;
471 *end = discovered_nsec_ddr_start + discovered_nsec_ddr_nelems;
472
473 return true;
474 }
475
pbuf_is_nsec_ddr(paddr_t pbuf,size_t len)476 static bool pbuf_is_nsec_ddr(paddr_t pbuf, size_t len)
477 {
478 const struct core_mmu_phys_mem *start;
479 const struct core_mmu_phys_mem *end;
480
481 if (!get_discovered_nsec_ddr(&start, &end))
482 return false;
483
484 return pbuf_is_special_mem(pbuf, len, start, end);
485 }
486
core_mmu_nsec_ddr_is_defined(void)487 bool core_mmu_nsec_ddr_is_defined(void)
488 {
489 const struct core_mmu_phys_mem *start;
490 const struct core_mmu_phys_mem *end;
491
492 if (!get_discovered_nsec_ddr(&start, &end))
493 return false;
494
495 return start != end;
496 }
497 #else
pbuf_is_nsec_ddr(paddr_t pbuf __unused,size_t len __unused)498 static bool pbuf_is_nsec_ddr(paddr_t pbuf __unused, size_t len __unused)
499 {
500 return false;
501 }
502 #endif /*CFG_CORE_DYN_SHM*/
503
504 #define MSG_MEM_INSTERSECT(pa1, sz1, pa2, sz2) \
505 EMSG("[%" PRIxPA " %" PRIx64 "] intersects [%" PRIxPA " %" PRIx64 "]", \
506 pa1, (uint64_t)pa1 + (sz1), pa2, (uint64_t)pa2 + (sz2))
507
508 #ifdef CFG_SECURE_DATA_PATH
pbuf_is_sdp_mem(paddr_t pbuf,size_t len)509 static bool pbuf_is_sdp_mem(paddr_t pbuf, size_t len)
510 {
511 bool is_sdp_mem = false;
512
513 if (sec_sdp.size)
514 is_sdp_mem = core_is_buffer_inside(pbuf, len, sec_sdp.paddr,
515 sec_sdp.size);
516
517 if (!is_sdp_mem)
518 is_sdp_mem = pbuf_is_special_mem(pbuf, len, phys_sdp_mem_begin,
519 phys_sdp_mem_end);
520
521 return is_sdp_mem;
522 }
523
core_sdp_mem_alloc_mobj(paddr_t pa,size_t size)524 static struct mobj *core_sdp_mem_alloc_mobj(paddr_t pa, size_t size)
525 {
526 struct mobj *mobj = mobj_phys_alloc(pa, size, TEE_MATTR_MEM_TYPE_CACHED,
527 CORE_MEM_SDP_MEM);
528
529 if (!mobj)
530 panic("can't create SDP physical memory object");
531
532 return mobj;
533 }
534
core_sdp_mem_create_mobjs(void)535 struct mobj **core_sdp_mem_create_mobjs(void)
536 {
537 const struct core_mmu_phys_mem *mem = NULL;
538 struct mobj **mobj_base = NULL;
539 struct mobj **mobj = NULL;
540 int cnt = phys_sdp_mem_end - phys_sdp_mem_begin;
541
542 if (sec_sdp.size)
543 cnt++;
544
545 /* SDP mobjs table must end with a NULL entry */
546 mobj_base = calloc(cnt + 1, sizeof(struct mobj *));
547 if (!mobj_base)
548 panic("Out of memory");
549
550 mobj = mobj_base;
551
552 for (mem = phys_sdp_mem_begin; mem < phys_sdp_mem_end; mem++, mobj++)
553 *mobj = core_sdp_mem_alloc_mobj(mem->addr, mem->size);
554
555 if (sec_sdp.size)
556 *mobj = core_sdp_mem_alloc_mobj(sec_sdp.paddr, sec_sdp.size);
557
558 return mobj_base;
559 }
560
561 #else /* CFG_SECURE_DATA_PATH */
pbuf_is_sdp_mem(paddr_t pbuf __unused,size_t len __unused)562 static bool pbuf_is_sdp_mem(paddr_t pbuf __unused, size_t len __unused)
563 {
564 return false;
565 }
566
567 #endif /* CFG_SECURE_DATA_PATH */
568
569 /* Check special memories comply with registered memories */
verify_special_mem_areas(struct tee_mmap_region * mem_map,size_t len,const struct core_mmu_phys_mem * start,const struct core_mmu_phys_mem * end,const char * area_name __maybe_unused)570 static void verify_special_mem_areas(struct tee_mmap_region *mem_map,
571 size_t len,
572 const struct core_mmu_phys_mem *start,
573 const struct core_mmu_phys_mem *end,
574 const char *area_name __maybe_unused)
575 {
576 const struct core_mmu_phys_mem *mem;
577 const struct core_mmu_phys_mem *mem2;
578 struct tee_mmap_region *mmap;
579 size_t n;
580
581 if (start == end) {
582 DMSG("No %s memory area defined", area_name);
583 return;
584 }
585
586 for (mem = start; mem < end; mem++)
587 DMSG("%s memory [%" PRIxPA " %" PRIx64 "]",
588 area_name, mem->addr, (uint64_t)mem->addr + mem->size);
589
590 /* Check memories do not intersect each other */
591 for (mem = start; mem + 1 < end; mem++) {
592 for (mem2 = mem + 1; mem2 < end; mem2++) {
593 if (core_is_buffer_intersect(mem2->addr, mem2->size,
594 mem->addr, mem->size)) {
595 MSG_MEM_INSTERSECT(mem2->addr, mem2->size,
596 mem->addr, mem->size);
597 panic("Special memory intersection");
598 }
599 }
600 }
601
602 /*
603 * Check memories do not intersect any mapped memory.
604 * This is called before reserved VA space is loaded in mem_map.
605 */
606 for (mem = start; mem < end; mem++) {
607 for (mmap = mem_map, n = 0; n < len; mmap++, n++) {
608 if (core_is_buffer_intersect(mem->addr, mem->size,
609 mmap->pa, mmap->size)) {
610 MSG_MEM_INSTERSECT(mem->addr, mem->size,
611 mmap->pa, mmap->size);
612 panic("Special memory intersection");
613 }
614 }
615 }
616 }
617
add_phys_mem(struct tee_mmap_region * memory_map,size_t num_elems,const struct core_mmu_phys_mem * mem,size_t * last)618 static void add_phys_mem(struct tee_mmap_region *memory_map, size_t num_elems,
619 const struct core_mmu_phys_mem *mem, size_t *last)
620 {
621 size_t n = 0;
622 paddr_t pa;
623 paddr_size_t size;
624
625 /*
626 * If some ranges of memory of the same type do overlap
627 * each others they are coalesced into one entry. To help this
628 * added entries are sorted by increasing physical.
629 *
630 * Note that it's valid to have the same physical memory as several
631 * different memory types, for instance the same device memory
632 * mapped as both secure and non-secure. This will probably not
633 * happen often in practice.
634 */
635 DMSG("%s type %s 0x%08" PRIxPA " size 0x%08" PRIxPASZ,
636 mem->name, teecore_memtype_name(mem->type), mem->addr, mem->size);
637 while (true) {
638 if (n >= (num_elems - 1)) {
639 EMSG("Out of entries (%zu) in memory_map", num_elems);
640 panic();
641 }
642 if (n == *last)
643 break;
644 pa = memory_map[n].pa;
645 size = memory_map[n].size;
646 if (mem->type == memory_map[n].type &&
647 ((pa <= (mem->addr + (mem->size - 1))) &&
648 (mem->addr <= (pa + (size - 1))))) {
649 DMSG("Physical mem map overlaps 0x%" PRIxPA, mem->addr);
650 memory_map[n].pa = MIN(pa, mem->addr);
651 memory_map[n].size = MAX(size, mem->size) +
652 (pa - memory_map[n].pa);
653 return;
654 }
655 if (mem->type < memory_map[n].type ||
656 (mem->type == memory_map[n].type && mem->addr < pa))
657 break; /* found the spot where to insert this memory */
658 n++;
659 }
660
661 memmove(memory_map + n + 1, memory_map + n,
662 sizeof(struct tee_mmap_region) * (*last - n));
663 (*last)++;
664 memset(memory_map + n, 0, sizeof(memory_map[0]));
665 memory_map[n].type = mem->type;
666 memory_map[n].pa = mem->addr;
667 memory_map[n].size = mem->size;
668 }
669
add_va_space(struct tee_mmap_region * memory_map,size_t num_elems,enum teecore_memtypes type,size_t size,size_t * last)670 static void add_va_space(struct tee_mmap_region *memory_map, size_t num_elems,
671 enum teecore_memtypes type, size_t size, size_t *last)
672 {
673 size_t n = 0;
674
675 DMSG("type %s size 0x%08zx", teecore_memtype_name(type), size);
676 while (true) {
677 if (n >= (num_elems - 1)) {
678 EMSG("Out of entries (%zu) in memory_map", num_elems);
679 panic();
680 }
681 if (n == *last)
682 break;
683 if (type < memory_map[n].type)
684 break;
685 n++;
686 }
687
688 memmove(memory_map + n + 1, memory_map + n,
689 sizeof(struct tee_mmap_region) * (*last - n));
690 (*last)++;
691 memset(memory_map + n, 0, sizeof(memory_map[0]));
692 memory_map[n].type = type;
693 memory_map[n].size = size;
694 }
695
core_mmu_type_to_attr(enum teecore_memtypes t)696 uint32_t core_mmu_type_to_attr(enum teecore_memtypes t)
697 {
698 const uint32_t attr = TEE_MATTR_VALID_BLOCK;
699 const uint32_t tagged = TEE_MATTR_MEM_TYPE_TAGGED <<
700 TEE_MATTR_MEM_TYPE_SHIFT;
701 const uint32_t cached = TEE_MATTR_MEM_TYPE_CACHED <<
702 TEE_MATTR_MEM_TYPE_SHIFT;
703 const uint32_t noncache = TEE_MATTR_MEM_TYPE_DEV <<
704 TEE_MATTR_MEM_TYPE_SHIFT;
705
706 switch (t) {
707 case MEM_AREA_TEE_RAM:
708 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | tagged;
709 case MEM_AREA_TEE_RAM_RX:
710 case MEM_AREA_INIT_RAM_RX:
711 case MEM_AREA_IDENTITY_MAP_RX:
712 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRX | tagged;
713 case MEM_AREA_TEE_RAM_RO:
714 case MEM_AREA_INIT_RAM_RO:
715 return attr | TEE_MATTR_SECURE | TEE_MATTR_PR | tagged;
716 case MEM_AREA_TEE_RAM_RW:
717 case MEM_AREA_NEX_RAM_RO: /* This has to be r/w during init runtime */
718 case MEM_AREA_NEX_RAM_RW:
719 case MEM_AREA_TEE_ASAN:
720 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged;
721 case MEM_AREA_TEE_COHERENT:
722 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRWX | noncache;
723 case MEM_AREA_TA_RAM:
724 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | tagged;
725 case MEM_AREA_NSEC_SHM:
726 return attr | TEE_MATTR_PRW | cached;
727 case MEM_AREA_EXT_DT:
728 /*
729 * If CFG_MAP_EXT_DT_SECURE is enabled map the external device
730 * tree as secure non-cached memory, otherwise, fall back to
731 * non-secure mapping.
732 */
733 if (IS_ENABLED(CFG_MAP_EXT_DT_SECURE))
734 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW |
735 noncache;
736 fallthrough;
737 case MEM_AREA_IO_NSEC:
738 return attr | TEE_MATTR_PRW | noncache;
739 case MEM_AREA_IO_SEC:
740 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | noncache;
741 case MEM_AREA_RAM_NSEC:
742 return attr | TEE_MATTR_PRW | cached;
743 case MEM_AREA_RAM_SEC:
744 case MEM_AREA_SEC_RAM_OVERALL:
745 return attr | TEE_MATTR_SECURE | TEE_MATTR_PRW | cached;
746 case MEM_AREA_RES_VASPACE:
747 case MEM_AREA_SHM_VASPACE:
748 return 0;
749 case MEM_AREA_PAGER_VASPACE:
750 return TEE_MATTR_SECURE;
751 default:
752 panic("invalid type");
753 }
754 }
755
map_is_tee_ram(const struct tee_mmap_region * mm)756 static bool __maybe_unused map_is_tee_ram(const struct tee_mmap_region *mm)
757 {
758 switch (mm->type) {
759 case MEM_AREA_TEE_RAM:
760 case MEM_AREA_TEE_RAM_RX:
761 case MEM_AREA_TEE_RAM_RO:
762 case MEM_AREA_TEE_RAM_RW:
763 case MEM_AREA_INIT_RAM_RX:
764 case MEM_AREA_INIT_RAM_RO:
765 case MEM_AREA_NEX_RAM_RW:
766 case MEM_AREA_NEX_RAM_RO:
767 case MEM_AREA_TEE_ASAN:
768 return true;
769 default:
770 return false;
771 }
772 }
773
map_is_secure(const struct tee_mmap_region * mm)774 static bool __maybe_unused map_is_secure(const struct tee_mmap_region *mm)
775 {
776 return !!(core_mmu_type_to_attr(mm->type) & TEE_MATTR_SECURE);
777 }
778
map_is_pgdir(const struct tee_mmap_region * mm)779 static bool __maybe_unused map_is_pgdir(const struct tee_mmap_region *mm)
780 {
781 return mm->region_size == CORE_MMU_PGDIR_SIZE;
782 }
783
cmp_mmap_by_lower_va(const void * a,const void * b)784 static int cmp_mmap_by_lower_va(const void *a, const void *b)
785 {
786 const struct tee_mmap_region *mm_a = a;
787 const struct tee_mmap_region *mm_b = b;
788
789 return CMP_TRILEAN(mm_a->va, mm_b->va);
790 }
791
dump_mmap_table(struct tee_mmap_region * memory_map)792 static void dump_mmap_table(struct tee_mmap_region *memory_map)
793 {
794 struct tee_mmap_region *map;
795
796 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) {
797 vaddr_t __maybe_unused vstart;
798
799 vstart = map->va + ((vaddr_t)map->pa & (map->region_size - 1));
800 DMSG("type %-12s va 0x%08" PRIxVA "..0x%08" PRIxVA
801 " pa 0x%08" PRIxPA "..0x%08" PRIxPA " size 0x%08zx (%s)",
802 teecore_memtype_name(map->type), vstart,
803 vstart + map->size - 1, map->pa,
804 (paddr_t)(map->pa + map->size - 1), map->size,
805 map->region_size == SMALL_PAGE_SIZE ? "smallpg" : "pgdir");
806 }
807 }
808
809 #if DEBUG_XLAT_TABLE
810
dump_xlat_table(vaddr_t va,unsigned int level)811 static void dump_xlat_table(vaddr_t va, unsigned int level)
812 {
813 struct core_mmu_table_info tbl_info;
814 unsigned int idx = 0;
815 paddr_t pa;
816 uint32_t attr;
817
818 core_mmu_find_table(NULL, va, level, &tbl_info);
819 va = tbl_info.va_base;
820 for (idx = 0; idx < tbl_info.num_entries; idx++) {
821 core_mmu_get_entry(&tbl_info, idx, &pa, &attr);
822 if (attr || level > CORE_MMU_BASE_TABLE_LEVEL) {
823 const char *security_bit = "";
824
825 if (core_mmu_entry_have_security_bit(attr)) {
826 if (attr & TEE_MATTR_SECURE)
827 security_bit = "S";
828 else
829 security_bit = "NS";
830 }
831
832 if (attr & TEE_MATTR_TABLE) {
833 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA
834 " TBL:0x%010" PRIxPA " %s",
835 level * 2, "", level, va, pa,
836 security_bit);
837 dump_xlat_table(va, level + 1);
838 } else if (attr) {
839 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA
840 " PA:0x%010" PRIxPA " %s-%s-%s-%s",
841 level * 2, "", level, va, pa,
842 mattr_is_cached(attr) ? "MEM" :
843 "DEV",
844 attr & TEE_MATTR_PW ? "RW" : "RO",
845 attr & TEE_MATTR_PX ? "X " : "XN",
846 security_bit);
847 } else {
848 DMSG_RAW("%*s [LVL%d] VA:0x%010" PRIxVA
849 " INVALID\n",
850 level * 2, "", level, va);
851 }
852 }
853 va += BIT64(tbl_info.shift);
854 }
855 }
856
857 #else
858
dump_xlat_table(vaddr_t va __unused,int level __unused)859 static void dump_xlat_table(vaddr_t va __unused, int level __unused)
860 {
861 }
862
863 #endif
864
865 /*
866 * Reserves virtual memory space for pager usage.
867 *
868 * From the start of the first memory used by the link script +
869 * TEE_RAM_VA_SIZE should be covered, either with a direct mapping or empty
870 * mapping for pager usage. This adds translation tables as needed for the
871 * pager to operate.
872 */
add_pager_vaspace(struct tee_mmap_region * mmap,size_t num_elems,size_t * last)873 static void add_pager_vaspace(struct tee_mmap_region *mmap, size_t num_elems,
874 size_t *last)
875 {
876 paddr_t begin = 0;
877 paddr_t end = 0;
878 size_t size = 0;
879 size_t pos = 0;
880 size_t n = 0;
881
882 if (*last >= (num_elems - 1)) {
883 EMSG("Out of entries (%zu) in memory map", num_elems);
884 panic();
885 }
886
887 for (n = 0; !core_mmap_is_end_of_table(mmap + n); n++) {
888 if (map_is_tee_ram(mmap + n)) {
889 if (!begin)
890 begin = mmap[n].pa;
891 pos = n + 1;
892 }
893 }
894
895 end = mmap[pos - 1].pa + mmap[pos - 1].size;
896 size = TEE_RAM_VA_SIZE - (end - begin);
897 if (!size)
898 return;
899
900 assert(pos <= *last);
901 memmove(mmap + pos + 1, mmap + pos,
902 sizeof(struct tee_mmap_region) * (*last - pos));
903 (*last)++;
904 memset(mmap + pos, 0, sizeof(mmap[0]));
905 mmap[pos].type = MEM_AREA_PAGER_VASPACE;
906 mmap[pos].va = 0;
907 mmap[pos].size = size;
908 mmap[pos].region_size = SMALL_PAGE_SIZE;
909 mmap[pos].attr = core_mmu_type_to_attr(MEM_AREA_PAGER_VASPACE);
910 }
911
check_sec_nsec_mem_config(void)912 static void check_sec_nsec_mem_config(void)
913 {
914 size_t n = 0;
915
916 for (n = 0; n < ARRAY_SIZE(secure_only); n++) {
917 if (pbuf_intersects(nsec_shared, secure_only[n].paddr,
918 secure_only[n].size))
919 panic("Invalid memory access config: sec/nsec");
920 }
921 }
922
collect_mem_ranges(struct tee_mmap_region * memory_map,size_t num_elems)923 static size_t collect_mem_ranges(struct tee_mmap_region *memory_map,
924 size_t num_elems)
925 {
926 const struct core_mmu_phys_mem *mem = NULL;
927 size_t last = 0;
928
929 for (mem = phys_mem_map_begin; mem < phys_mem_map_end; mem++) {
930 struct core_mmu_phys_mem m = *mem;
931
932 /* Discard null size entries */
933 if (!m.size)
934 continue;
935
936 /* Only unmapped virtual range may have a null phys addr */
937 assert(m.addr || !core_mmu_type_to_attr(m.type));
938
939 add_phys_mem(memory_map, num_elems, &m, &last);
940 }
941
942 if (IS_ENABLED(CFG_SECURE_DATA_PATH))
943 verify_special_mem_areas(memory_map, num_elems,
944 phys_sdp_mem_begin,
945 phys_sdp_mem_end, "SDP");
946
947 add_va_space(memory_map, num_elems, MEM_AREA_RES_VASPACE,
948 CFG_RESERVED_VASPACE_SIZE, &last);
949
950 add_va_space(memory_map, num_elems, MEM_AREA_SHM_VASPACE,
951 SHM_VASPACE_SIZE, &last);
952
953 memory_map[last].type = MEM_AREA_END;
954
955 return last;
956 }
957
assign_mem_granularity(struct tee_mmap_region * memory_map)958 static void assign_mem_granularity(struct tee_mmap_region *memory_map)
959 {
960 struct tee_mmap_region *map = NULL;
961
962 /*
963 * Assign region sizes, note that MEM_AREA_TEE_RAM always uses
964 * SMALL_PAGE_SIZE.
965 */
966 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) {
967 paddr_t mask = map->pa | map->size;
968
969 if (!(mask & CORE_MMU_PGDIR_MASK))
970 map->region_size = CORE_MMU_PGDIR_SIZE;
971 else if (!(mask & SMALL_PAGE_MASK))
972 map->region_size = SMALL_PAGE_SIZE;
973 else
974 panic("Impossible memory alignment");
975
976 if (map_is_tee_ram(map))
977 map->region_size = SMALL_PAGE_SIZE;
978 }
979 }
980
place_tee_ram_at_top(paddr_t paddr)981 static bool place_tee_ram_at_top(paddr_t paddr)
982 {
983 return paddr > BIT64(core_mmu_get_va_width()) / 2;
984 }
985
986 /*
987 * MMU arch driver shall override this function if it helps
988 * optimizing the memory footprint of the address translation tables.
989 */
core_mmu_prefer_tee_ram_at_top(paddr_t paddr)990 bool __weak core_mmu_prefer_tee_ram_at_top(paddr_t paddr)
991 {
992 return place_tee_ram_at_top(paddr);
993 }
994
assign_mem_va_dir(vaddr_t tee_ram_va,struct tee_mmap_region * memory_map,bool tee_ram_at_top)995 static bool assign_mem_va_dir(vaddr_t tee_ram_va,
996 struct tee_mmap_region *memory_map,
997 bool tee_ram_at_top)
998 {
999 struct tee_mmap_region *map = NULL;
1000 vaddr_t va = 0;
1001 bool va_is_secure = true;
1002
1003 /*
1004 * tee_ram_va might equals 0 when CFG_CORE_ASLR=y.
1005 * 0 is by design an invalid va, so return false directly.
1006 */
1007 if (!tee_ram_va)
1008 return false;
1009
1010 /* Clear eventual previous assignments */
1011 for (map = memory_map; !core_mmap_is_end_of_table(map); map++)
1012 map->va = 0;
1013
1014 /*
1015 * TEE RAM regions are always aligned with region_size.
1016 *
1017 * Note that MEM_AREA_PAGER_VASPACE also counts as TEE RAM here
1018 * since it handles virtual memory which covers the part of the ELF
1019 * that cannot fit directly into memory.
1020 */
1021 va = tee_ram_va;
1022 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) {
1023 if (map_is_tee_ram(map) ||
1024 map->type == MEM_AREA_PAGER_VASPACE) {
1025 assert(!(va & (map->region_size - 1)));
1026 assert(!(map->size & (map->region_size - 1)));
1027 map->va = va;
1028 if (ADD_OVERFLOW(va, map->size, &va))
1029 return false;
1030 if (va >= BIT64(core_mmu_get_va_width()))
1031 return false;
1032 }
1033 }
1034
1035 if (tee_ram_at_top) {
1036 /*
1037 * Map non-tee ram regions at addresses lower than the tee
1038 * ram region.
1039 */
1040 va = tee_ram_va;
1041 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) {
1042 map->attr = core_mmu_type_to_attr(map->type);
1043 if (map->va)
1044 continue;
1045
1046 if (!IS_ENABLED(CFG_WITH_LPAE) &&
1047 va_is_secure != map_is_secure(map)) {
1048 va_is_secure = !va_is_secure;
1049 va = ROUNDDOWN(va, CORE_MMU_PGDIR_SIZE);
1050 }
1051
1052 if (SUB_OVERFLOW(va, map->size, &va))
1053 return false;
1054 va = ROUNDDOWN(va, map->region_size);
1055 /*
1056 * Make sure that va is aligned with pa for
1057 * efficient pgdir mapping. Basically pa &
1058 * pgdir_mask should be == va & pgdir_mask
1059 */
1060 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) {
1061 if (SUB_OVERFLOW(va, CORE_MMU_PGDIR_SIZE, &va))
1062 return false;
1063 va += (map->pa - va) & CORE_MMU_PGDIR_MASK;
1064 }
1065 map->va = va;
1066 }
1067 } else {
1068 /*
1069 * Map non-tee ram regions at addresses higher than the tee
1070 * ram region.
1071 */
1072 for (map = memory_map; !core_mmap_is_end_of_table(map); map++) {
1073 map->attr = core_mmu_type_to_attr(map->type);
1074 if (map->va)
1075 continue;
1076
1077 if (!IS_ENABLED(CFG_WITH_LPAE) &&
1078 va_is_secure != map_is_secure(map)) {
1079 va_is_secure = !va_is_secure;
1080 if (ROUNDUP_OVERFLOW(va, CORE_MMU_PGDIR_SIZE,
1081 &va))
1082 return false;
1083 }
1084
1085 if (ROUNDUP_OVERFLOW(va, map->region_size, &va))
1086 return false;
1087 /*
1088 * Make sure that va is aligned with pa for
1089 * efficient pgdir mapping. Basically pa &
1090 * pgdir_mask should be == va & pgdir_mask
1091 */
1092 if (map->size > 2 * CORE_MMU_PGDIR_SIZE) {
1093 vaddr_t offs = (map->pa - va) &
1094 CORE_MMU_PGDIR_MASK;
1095
1096 if (ADD_OVERFLOW(va, offs, &va))
1097 return false;
1098 }
1099
1100 map->va = va;
1101 if (ADD_OVERFLOW(va, map->size, &va))
1102 return false;
1103 if (va >= BIT64(core_mmu_get_va_width()))
1104 return false;
1105 }
1106 }
1107
1108 return true;
1109 }
1110
assign_mem_va(vaddr_t tee_ram_va,struct tee_mmap_region * memory_map)1111 static bool assign_mem_va(vaddr_t tee_ram_va,
1112 struct tee_mmap_region *memory_map)
1113 {
1114 bool tee_ram_at_top = place_tee_ram_at_top(tee_ram_va);
1115
1116 /*
1117 * Check that we're not overlapping with the user VA range.
1118 */
1119 if (IS_ENABLED(CFG_WITH_LPAE)) {
1120 /*
1121 * User VA range is supposed to be defined after these
1122 * mappings have been established.
1123 */
1124 assert(!core_mmu_user_va_range_is_defined());
1125 } else {
1126 vaddr_t user_va_base = 0;
1127 size_t user_va_size = 0;
1128
1129 assert(core_mmu_user_va_range_is_defined());
1130 core_mmu_get_user_va_range(&user_va_base, &user_va_size);
1131 if (tee_ram_va < (user_va_base + user_va_size))
1132 return false;
1133 }
1134
1135 if (IS_ENABLED(CFG_WITH_PAGER)) {
1136 bool prefered_dir = core_mmu_prefer_tee_ram_at_top(tee_ram_va);
1137
1138 /* Try whole mapping covered by a single base xlat entry */
1139 if (prefered_dir != tee_ram_at_top &&
1140 assign_mem_va_dir(tee_ram_va, memory_map, prefered_dir))
1141 return true;
1142 }
1143
1144 return assign_mem_va_dir(tee_ram_va, memory_map, tee_ram_at_top);
1145 }
1146
cmp_init_mem_map(const void * a,const void * b)1147 static int cmp_init_mem_map(const void *a, const void *b)
1148 {
1149 const struct tee_mmap_region *mm_a = a;
1150 const struct tee_mmap_region *mm_b = b;
1151 int rc = 0;
1152
1153 rc = CMP_TRILEAN(mm_a->region_size, mm_b->region_size);
1154 if (!rc)
1155 rc = CMP_TRILEAN(mm_a->pa, mm_b->pa);
1156 /*
1157 * 32bit MMU descriptors cannot mix secure and non-secure mapping in
1158 * the same level2 table. Hence sort secure mapping from non-secure
1159 * mapping.
1160 */
1161 if (!rc && !IS_ENABLED(CFG_WITH_LPAE))
1162 rc = CMP_TRILEAN(map_is_secure(mm_a), map_is_secure(mm_b));
1163
1164 return rc;
1165 }
1166
mem_map_add_id_map(struct tee_mmap_region * memory_map,size_t num_elems,size_t * last,vaddr_t id_map_start,vaddr_t id_map_end)1167 static bool mem_map_add_id_map(struct tee_mmap_region *memory_map,
1168 size_t num_elems, size_t *last,
1169 vaddr_t id_map_start, vaddr_t id_map_end)
1170 {
1171 struct tee_mmap_region *map = NULL;
1172 vaddr_t start = ROUNDDOWN(id_map_start, SMALL_PAGE_SIZE);
1173 vaddr_t end = ROUNDUP(id_map_end, SMALL_PAGE_SIZE);
1174 size_t len = end - start;
1175
1176 if (*last >= num_elems - 1) {
1177 EMSG("Out of entries (%zu) in memory map", num_elems);
1178 panic();
1179 }
1180
1181 for (map = memory_map; !core_mmap_is_end_of_table(map); map++)
1182 if (core_is_buffer_intersect(map->va, map->size, start, len))
1183 return false;
1184
1185 *map = (struct tee_mmap_region){
1186 .type = MEM_AREA_IDENTITY_MAP_RX,
1187 /*
1188 * Could use CORE_MMU_PGDIR_SIZE to potentially save a
1189 * translation table, at the increased risk of clashes with
1190 * the rest of the memory map.
1191 */
1192 .region_size = SMALL_PAGE_SIZE,
1193 .pa = start,
1194 .va = start,
1195 .size = len,
1196 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX),
1197 };
1198
1199 (*last)++;
1200
1201 return true;
1202 }
1203
init_mem_map(struct tee_mmap_region * memory_map,size_t num_elems,unsigned long seed)1204 static unsigned long init_mem_map(struct tee_mmap_region *memory_map,
1205 size_t num_elems, unsigned long seed)
1206 {
1207 /*
1208 * @id_map_start and @id_map_end describes a physical memory range
1209 * that must be mapped Read-Only eXecutable at identical virtual
1210 * addresses.
1211 */
1212 vaddr_t id_map_start = (vaddr_t)__identity_map_init_start;
1213 vaddr_t id_map_end = (vaddr_t)__identity_map_init_end;
1214 unsigned long offs = 0;
1215 size_t last = 0;
1216
1217 last = collect_mem_ranges(memory_map, num_elems);
1218 assign_mem_granularity(memory_map);
1219
1220 /*
1221 * To ease mapping and lower use of xlat tables, sort mapping
1222 * description moving small-page regions after the pgdir regions.
1223 */
1224 qsort(memory_map, last, sizeof(struct tee_mmap_region),
1225 cmp_init_mem_map);
1226
1227 add_pager_vaspace(memory_map, num_elems, &last);
1228 if (IS_ENABLED(CFG_CORE_ASLR) && seed) {
1229 vaddr_t base_addr = TEE_RAM_START + seed;
1230 const unsigned int va_width = core_mmu_get_va_width();
1231 const vaddr_t va_mask = GENMASK_64(va_width - 1,
1232 SMALL_PAGE_SHIFT);
1233 vaddr_t ba = base_addr;
1234 size_t n = 0;
1235
1236 for (n = 0; n < 3; n++) {
1237 if (n)
1238 ba = base_addr ^ BIT64(va_width - n);
1239 ba &= va_mask;
1240 if (assign_mem_va(ba, memory_map) &&
1241 mem_map_add_id_map(memory_map, num_elems, &last,
1242 id_map_start, id_map_end)) {
1243 offs = ba - TEE_RAM_START;
1244 DMSG("Mapping core at %#"PRIxVA" offs %#lx",
1245 ba, offs);
1246 goto out;
1247 } else {
1248 DMSG("Failed to map core at %#"PRIxVA, ba);
1249 }
1250 }
1251 EMSG("Failed to map core with seed %#lx", seed);
1252 }
1253
1254 if (!assign_mem_va(TEE_RAM_START, memory_map))
1255 panic();
1256
1257 out:
1258 qsort(memory_map, last, sizeof(struct tee_mmap_region),
1259 cmp_mmap_by_lower_va);
1260
1261 dump_mmap_table(memory_map);
1262
1263 return offs;
1264 }
1265
check_mem_map(struct tee_mmap_region * map)1266 static void check_mem_map(struct tee_mmap_region *map)
1267 {
1268 struct tee_mmap_region *m = NULL;
1269
1270 for (m = map; !core_mmap_is_end_of_table(m); m++) {
1271 switch (m->type) {
1272 case MEM_AREA_TEE_RAM:
1273 case MEM_AREA_TEE_RAM_RX:
1274 case MEM_AREA_TEE_RAM_RO:
1275 case MEM_AREA_TEE_RAM_RW:
1276 case MEM_AREA_INIT_RAM_RX:
1277 case MEM_AREA_INIT_RAM_RO:
1278 case MEM_AREA_NEX_RAM_RW:
1279 case MEM_AREA_NEX_RAM_RO:
1280 case MEM_AREA_IDENTITY_MAP_RX:
1281 if (!pbuf_is_inside(secure_only, m->pa, m->size))
1282 panic("TEE_RAM can't fit in secure_only");
1283 break;
1284 case MEM_AREA_TA_RAM:
1285 if (!pbuf_is_inside(secure_only, m->pa, m->size))
1286 panic("TA_RAM can't fit in secure_only");
1287 break;
1288 case MEM_AREA_NSEC_SHM:
1289 if (!pbuf_is_inside(nsec_shared, m->pa, m->size))
1290 panic("NS_SHM can't fit in nsec_shared");
1291 break;
1292 case MEM_AREA_SEC_RAM_OVERALL:
1293 case MEM_AREA_TEE_COHERENT:
1294 case MEM_AREA_TEE_ASAN:
1295 case MEM_AREA_IO_SEC:
1296 case MEM_AREA_IO_NSEC:
1297 case MEM_AREA_EXT_DT:
1298 case MEM_AREA_RAM_SEC:
1299 case MEM_AREA_RAM_NSEC:
1300 case MEM_AREA_RES_VASPACE:
1301 case MEM_AREA_SHM_VASPACE:
1302 case MEM_AREA_PAGER_VASPACE:
1303 break;
1304 default:
1305 EMSG("Uhandled memtype %d", m->type);
1306 panic();
1307 }
1308 }
1309 }
1310
get_tmp_mmap(void)1311 static struct tee_mmap_region *get_tmp_mmap(void)
1312 {
1313 struct tee_mmap_region *tmp_mmap = (void *)__heap1_start;
1314
1315 #ifdef CFG_WITH_PAGER
1316 if (__heap1_end - __heap1_start < (ptrdiff_t)sizeof(static_memory_map))
1317 tmp_mmap = (void *)__heap2_start;
1318 #endif
1319
1320 memset(tmp_mmap, 0, sizeof(static_memory_map));
1321
1322 return tmp_mmap;
1323 }
1324
1325 /*
1326 * core_init_mmu_map() - init tee core default memory mapping
1327 *
1328 * This routine sets the static default TEE core mapping. If @seed is > 0
1329 * and configured with CFG_CORE_ASLR it will map tee core at a location
1330 * based on the seed and return the offset from the link address.
1331 *
1332 * If an error happened: core_init_mmu_map is expected to panic.
1333 *
1334 * Note: this function is weak just to make it possible to exclude it from
1335 * the unpaged area.
1336 */
core_init_mmu_map(unsigned long seed,struct core_mmu_config * cfg)1337 void __weak core_init_mmu_map(unsigned long seed, struct core_mmu_config *cfg)
1338 {
1339 #ifndef CFG_VIRTUALIZATION
1340 vaddr_t start = ROUNDDOWN((vaddr_t)__nozi_start, SMALL_PAGE_SIZE);
1341 #else
1342 vaddr_t start = ROUNDDOWN((vaddr_t)__vcore_nex_rw_start,
1343 SMALL_PAGE_SIZE);
1344 #endif
1345 vaddr_t len = ROUNDUP((vaddr_t)__nozi_end, SMALL_PAGE_SIZE) - start;
1346 struct tee_mmap_region *tmp_mmap = get_tmp_mmap();
1347 unsigned long offs = 0;
1348
1349 check_sec_nsec_mem_config();
1350
1351 /*
1352 * Add a entry covering the translation tables which will be
1353 * involved in some virt_to_phys() and phys_to_virt() conversions.
1354 */
1355 static_memory_map[0] = (struct tee_mmap_region){
1356 .type = MEM_AREA_TEE_RAM,
1357 .region_size = SMALL_PAGE_SIZE,
1358 .pa = start,
1359 .va = start,
1360 .size = len,
1361 .attr = core_mmu_type_to_attr(MEM_AREA_IDENTITY_MAP_RX),
1362 };
1363
1364 COMPILE_TIME_ASSERT(CFG_MMAP_REGIONS >= 13);
1365 offs = init_mem_map(tmp_mmap, ARRAY_SIZE(static_memory_map), seed);
1366
1367 check_mem_map(tmp_mmap);
1368 core_init_mmu(tmp_mmap);
1369 dump_xlat_table(0x0, CORE_MMU_BASE_TABLE_LEVEL);
1370 core_init_mmu_regs(cfg);
1371 cfg->load_offset = offs;
1372 memcpy(static_memory_map, tmp_mmap, sizeof(static_memory_map));
1373 }
1374
core_mmu_mattr_is_ok(uint32_t mattr)1375 bool core_mmu_mattr_is_ok(uint32_t mattr)
1376 {
1377 /*
1378 * Keep in sync with core_mmu_lpae.c:mattr_to_desc and
1379 * core_mmu_v7.c:mattr_to_texcb
1380 */
1381
1382 switch ((mattr >> TEE_MATTR_MEM_TYPE_SHIFT) & TEE_MATTR_MEM_TYPE_MASK) {
1383 case TEE_MATTR_MEM_TYPE_DEV:
1384 case TEE_MATTR_MEM_TYPE_STRONGLY_O:
1385 case TEE_MATTR_MEM_TYPE_CACHED:
1386 case TEE_MATTR_MEM_TYPE_TAGGED:
1387 return true;
1388 default:
1389 return false;
1390 }
1391 }
1392
1393 /*
1394 * test attributes of target physical buffer
1395 *
1396 * Flags: pbuf_is(SECURE, NOT_SECURE, RAM, IOMEM, KEYVAULT).
1397 *
1398 */
core_pbuf_is(uint32_t attr,paddr_t pbuf,size_t len)1399 bool core_pbuf_is(uint32_t attr, paddr_t pbuf, size_t len)
1400 {
1401 struct tee_mmap_region *map;
1402
1403 /* Empty buffers complies with anything */
1404 if (len == 0)
1405 return true;
1406
1407 switch (attr) {
1408 case CORE_MEM_SEC:
1409 return pbuf_is_inside(secure_only, pbuf, len);
1410 case CORE_MEM_NON_SEC:
1411 return pbuf_is_inside(nsec_shared, pbuf, len) ||
1412 pbuf_is_nsec_ddr(pbuf, len);
1413 case CORE_MEM_TEE_RAM:
1414 return core_is_buffer_inside(pbuf, len, TEE_RAM_START,
1415 TEE_RAM_PH_SIZE);
1416 case CORE_MEM_TA_RAM:
1417 return core_is_buffer_inside(pbuf, len, TA_RAM_START,
1418 TA_RAM_SIZE);
1419 #ifdef CFG_CORE_RESERVED_SHM
1420 case CORE_MEM_NSEC_SHM:
1421 return core_is_buffer_inside(pbuf, len, TEE_SHMEM_START,
1422 TEE_SHMEM_SIZE);
1423 #endif
1424 case CORE_MEM_SDP_MEM:
1425 return pbuf_is_sdp_mem(pbuf, len);
1426 case CORE_MEM_CACHED:
1427 map = find_map_by_pa(pbuf);
1428 if (!map || !pbuf_inside_map_area(pbuf, len, map))
1429 return false;
1430 return mattr_is_cached(map->attr);
1431 default:
1432 return false;
1433 }
1434 }
1435
1436 /* test attributes of target virtual buffer (in core mapping) */
core_vbuf_is(uint32_t attr,const void * vbuf,size_t len)1437 bool core_vbuf_is(uint32_t attr, const void *vbuf, size_t len)
1438 {
1439 paddr_t p;
1440
1441 /* Empty buffers complies with anything */
1442 if (len == 0)
1443 return true;
1444
1445 p = virt_to_phys((void *)vbuf);
1446 if (!p)
1447 return false;
1448
1449 return core_pbuf_is(attr, p, len);
1450 }
1451
1452 /* core_va2pa - teecore exported service */
core_va2pa_helper(void * va,paddr_t * pa)1453 static int __maybe_unused core_va2pa_helper(void *va, paddr_t *pa)
1454 {
1455 struct tee_mmap_region *map;
1456
1457 map = find_map_by_va(va);
1458 if (!va_is_in_map(map, (vaddr_t)va))
1459 return -1;
1460
1461 /*
1462 * We can calculate PA for static map. Virtual address ranges
1463 * reserved to core dynamic mapping return a 'match' (return 0;)
1464 * together with an invalid null physical address.
1465 */
1466 if (map->pa)
1467 *pa = map->pa + (vaddr_t)va - map->va;
1468 else
1469 *pa = 0;
1470
1471 return 0;
1472 }
1473
map_pa2va(struct tee_mmap_region * map,paddr_t pa,size_t len)1474 static void *map_pa2va(struct tee_mmap_region *map, paddr_t pa, size_t len)
1475 {
1476 if (!pa_is_in_map(map, pa, len))
1477 return NULL;
1478
1479 return (void *)(vaddr_t)(map->va + pa - map->pa);
1480 }
1481
1482 /*
1483 * teecore gets some memory area definitions
1484 */
core_mmu_get_mem_by_type(unsigned int type,vaddr_t * s,vaddr_t * e)1485 void core_mmu_get_mem_by_type(unsigned int type, vaddr_t *s, vaddr_t *e)
1486 {
1487 struct tee_mmap_region *map = find_map_by_type(type);
1488
1489 if (map) {
1490 *s = map->va;
1491 *e = map->va + map->size;
1492 } else {
1493 *s = 0;
1494 *e = 0;
1495 }
1496 }
1497
core_mmu_get_type_by_pa(paddr_t pa)1498 enum teecore_memtypes core_mmu_get_type_by_pa(paddr_t pa)
1499 {
1500 struct tee_mmap_region *map = find_map_by_pa(pa);
1501
1502 if (!map)
1503 return MEM_AREA_MAXTYPE;
1504 return map->type;
1505 }
1506
core_mmu_set_entry(struct core_mmu_table_info * tbl_info,unsigned int idx,paddr_t pa,uint32_t attr)1507 void core_mmu_set_entry(struct core_mmu_table_info *tbl_info, unsigned int idx,
1508 paddr_t pa, uint32_t attr)
1509 {
1510 assert(idx < tbl_info->num_entries);
1511 core_mmu_set_entry_primitive(tbl_info->table, tbl_info->level,
1512 idx, pa, attr);
1513 }
1514
core_mmu_get_entry(struct core_mmu_table_info * tbl_info,unsigned int idx,paddr_t * pa,uint32_t * attr)1515 void core_mmu_get_entry(struct core_mmu_table_info *tbl_info, unsigned int idx,
1516 paddr_t *pa, uint32_t *attr)
1517 {
1518 assert(idx < tbl_info->num_entries);
1519 core_mmu_get_entry_primitive(tbl_info->table, tbl_info->level,
1520 idx, pa, attr);
1521 }
1522
clear_region(struct core_mmu_table_info * tbl_info,struct tee_mmap_region * region)1523 static void clear_region(struct core_mmu_table_info *tbl_info,
1524 struct tee_mmap_region *region)
1525 {
1526 unsigned int end = 0;
1527 unsigned int idx = 0;
1528
1529 /* va, len and pa should be block aligned */
1530 assert(!core_mmu_get_block_offset(tbl_info, region->va));
1531 assert(!core_mmu_get_block_offset(tbl_info, region->size));
1532 assert(!core_mmu_get_block_offset(tbl_info, region->pa));
1533
1534 idx = core_mmu_va2idx(tbl_info, region->va);
1535 end = core_mmu_va2idx(tbl_info, region->va + region->size);
1536
1537 while (idx < end) {
1538 core_mmu_set_entry(tbl_info, idx, 0, 0);
1539 idx++;
1540 }
1541 }
1542
set_region(struct core_mmu_table_info * tbl_info,struct tee_mmap_region * region)1543 static void set_region(struct core_mmu_table_info *tbl_info,
1544 struct tee_mmap_region *region)
1545 {
1546 unsigned int end;
1547 unsigned int idx;
1548 paddr_t pa;
1549
1550 /* va, len and pa should be block aligned */
1551 assert(!core_mmu_get_block_offset(tbl_info, region->va));
1552 assert(!core_mmu_get_block_offset(tbl_info, region->size));
1553 assert(!core_mmu_get_block_offset(tbl_info, region->pa));
1554
1555 idx = core_mmu_va2idx(tbl_info, region->va);
1556 end = core_mmu_va2idx(tbl_info, region->va + region->size);
1557 pa = region->pa;
1558
1559 while (idx < end) {
1560 core_mmu_set_entry(tbl_info, idx, pa, region->attr);
1561 idx++;
1562 pa += BIT64(tbl_info->shift);
1563 }
1564 }
1565
set_pg_region(struct core_mmu_table_info * dir_info,struct vm_region * region,struct pgt ** pgt,struct core_mmu_table_info * pg_info)1566 static void set_pg_region(struct core_mmu_table_info *dir_info,
1567 struct vm_region *region, struct pgt **pgt,
1568 struct core_mmu_table_info *pg_info)
1569 {
1570 struct tee_mmap_region r = {
1571 .va = region->va,
1572 .size = region->size,
1573 .attr = region->attr,
1574 };
1575 vaddr_t end = r.va + r.size;
1576 uint32_t pgt_attr = (r.attr & TEE_MATTR_SECURE) | TEE_MATTR_TABLE;
1577
1578 while (r.va < end) {
1579 if (!pg_info->table ||
1580 r.va >= (pg_info->va_base + CORE_MMU_PGDIR_SIZE)) {
1581 /*
1582 * We're assigning a new translation table.
1583 */
1584 unsigned int idx;
1585
1586 /* Virtual addresses must grow */
1587 assert(r.va > pg_info->va_base);
1588
1589 idx = core_mmu_va2idx(dir_info, r.va);
1590 pg_info->va_base = core_mmu_idx2va(dir_info, idx);
1591
1592 /*
1593 * Advance pgt to va_base, note that we may need to
1594 * skip multiple page tables if there are large
1595 * holes in the vm map.
1596 */
1597 while ((*pgt)->vabase < pg_info->va_base) {
1598 *pgt = SLIST_NEXT(*pgt, link);
1599 /* We should have allocated enough */
1600 assert(*pgt);
1601 }
1602 assert((*pgt)->vabase == pg_info->va_base);
1603 pg_info->table = (*pgt)->tbl;
1604
1605 core_mmu_set_entry(dir_info, idx,
1606 virt_to_phys(pg_info->table),
1607 pgt_attr);
1608 }
1609
1610 r.size = MIN(CORE_MMU_PGDIR_SIZE - (r.va - pg_info->va_base),
1611 end - r.va);
1612
1613 if (!(*pgt)->populated && !mobj_is_paged(region->mobj)) {
1614 size_t granule = BIT(pg_info->shift);
1615 size_t offset = r.va - region->va + region->offset;
1616
1617 r.size = MIN(r.size,
1618 mobj_get_phys_granule(region->mobj));
1619 r.size = ROUNDUP(r.size, SMALL_PAGE_SIZE);
1620
1621 if (mobj_get_pa(region->mobj, offset, granule,
1622 &r.pa) != TEE_SUCCESS)
1623 panic("Failed to get PA of unpaged mobj");
1624 set_region(pg_info, &r);
1625 }
1626 r.va += r.size;
1627 }
1628 }
1629
can_map_at_level(paddr_t paddr,vaddr_t vaddr,size_t size_left,paddr_t block_size,struct tee_mmap_region * mm __maybe_unused)1630 static bool can_map_at_level(paddr_t paddr, vaddr_t vaddr,
1631 size_t size_left, paddr_t block_size,
1632 struct tee_mmap_region *mm __maybe_unused)
1633 {
1634 /* VA and PA are aligned to block size at current level */
1635 if ((vaddr | paddr) & (block_size - 1))
1636 return false;
1637
1638 /* Remainder fits into block at current level */
1639 if (size_left < block_size)
1640 return false;
1641
1642 #ifdef CFG_WITH_PAGER
1643 /*
1644 * If pager is enabled, we need to map tee ram
1645 * regions with small pages only
1646 */
1647 if (map_is_tee_ram(mm) && block_size != SMALL_PAGE_SIZE)
1648 return false;
1649 #endif
1650
1651 return true;
1652 }
1653
core_mmu_map_region(struct mmu_partition * prtn,struct tee_mmap_region * mm)1654 void core_mmu_map_region(struct mmu_partition *prtn, struct tee_mmap_region *mm)
1655 {
1656 struct core_mmu_table_info tbl_info;
1657 unsigned int idx;
1658 vaddr_t vaddr = mm->va;
1659 paddr_t paddr = mm->pa;
1660 ssize_t size_left = mm->size;
1661 unsigned int level;
1662 bool table_found;
1663 uint32_t old_attr;
1664
1665 assert(!((vaddr | paddr) & SMALL_PAGE_MASK));
1666
1667 while (size_left > 0) {
1668 level = CORE_MMU_BASE_TABLE_LEVEL;
1669
1670 while (true) {
1671 paddr_t block_size = 0;
1672
1673 assert(level <= CORE_MMU_PGDIR_LEVEL);
1674
1675 table_found = core_mmu_find_table(prtn, vaddr, level,
1676 &tbl_info);
1677 if (!table_found)
1678 panic("can't find table for mapping");
1679
1680 block_size = BIT64(tbl_info.shift);
1681
1682 idx = core_mmu_va2idx(&tbl_info, vaddr);
1683 if (!can_map_at_level(paddr, vaddr, size_left,
1684 block_size, mm)) {
1685 bool secure = mm->attr & TEE_MATTR_SECURE;
1686
1687 /*
1688 * This part of the region can't be mapped at
1689 * this level. Need to go deeper.
1690 */
1691 if (!core_mmu_entry_to_finer_grained(&tbl_info,
1692 idx,
1693 secure))
1694 panic("Can't divide MMU entry");
1695 level++;
1696 continue;
1697 }
1698
1699 /* We can map part of the region at current level */
1700 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr);
1701 if (old_attr)
1702 panic("Page is already mapped");
1703
1704 core_mmu_set_entry(&tbl_info, idx, paddr, mm->attr);
1705 paddr += block_size;
1706 vaddr += block_size;
1707 size_left -= block_size;
1708
1709 break;
1710 }
1711 }
1712 }
1713
core_mmu_map_pages(vaddr_t vstart,paddr_t * pages,size_t num_pages,enum teecore_memtypes memtype)1714 TEE_Result core_mmu_map_pages(vaddr_t vstart, paddr_t *pages, size_t num_pages,
1715 enum teecore_memtypes memtype)
1716 {
1717 TEE_Result ret;
1718 struct core_mmu_table_info tbl_info;
1719 struct tee_mmap_region *mm;
1720 unsigned int idx;
1721 uint32_t old_attr;
1722 uint32_t exceptions;
1723 vaddr_t vaddr = vstart;
1724 size_t i;
1725 bool secure;
1726
1727 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX));
1728
1729 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE;
1730
1731 if (vaddr & SMALL_PAGE_MASK)
1732 return TEE_ERROR_BAD_PARAMETERS;
1733
1734 exceptions = mmu_lock();
1735
1736 mm = find_map_by_va((void *)vaddr);
1737 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1))
1738 panic("VA does not belong to any known mm region");
1739
1740 if (!core_mmu_is_dynamic_vaspace(mm))
1741 panic("Trying to map into static region");
1742
1743 for (i = 0; i < num_pages; i++) {
1744 if (pages[i] & SMALL_PAGE_MASK) {
1745 ret = TEE_ERROR_BAD_PARAMETERS;
1746 goto err;
1747 }
1748
1749 while (true) {
1750 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX,
1751 &tbl_info))
1752 panic("Can't find pagetable for vaddr ");
1753
1754 idx = core_mmu_va2idx(&tbl_info, vaddr);
1755 if (tbl_info.shift == SMALL_PAGE_SHIFT)
1756 break;
1757
1758 /* This is supertable. Need to divide it. */
1759 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx,
1760 secure))
1761 panic("Failed to spread pgdir on small tables");
1762 }
1763
1764 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr);
1765 if (old_attr)
1766 panic("Page is already mapped");
1767
1768 core_mmu_set_entry(&tbl_info, idx, pages[i],
1769 core_mmu_type_to_attr(memtype));
1770 vaddr += SMALL_PAGE_SIZE;
1771 }
1772
1773 /*
1774 * Make sure all the changes to translation tables are visible
1775 * before returning. TLB doesn't need to be invalidated as we are
1776 * guaranteed that there's no valid mapping in this range.
1777 */
1778 core_mmu_table_write_barrier();
1779 mmu_unlock(exceptions);
1780
1781 return TEE_SUCCESS;
1782 err:
1783 mmu_unlock(exceptions);
1784
1785 if (i)
1786 core_mmu_unmap_pages(vstart, i);
1787
1788 return ret;
1789 }
1790
core_mmu_map_contiguous_pages(vaddr_t vstart,paddr_t pstart,size_t num_pages,enum teecore_memtypes memtype)1791 TEE_Result core_mmu_map_contiguous_pages(vaddr_t vstart, paddr_t pstart,
1792 size_t num_pages,
1793 enum teecore_memtypes memtype)
1794 {
1795 struct core_mmu_table_info tbl_info = { };
1796 struct tee_mmap_region *mm = NULL;
1797 unsigned int idx = 0;
1798 uint32_t old_attr = 0;
1799 uint32_t exceptions = 0;
1800 vaddr_t vaddr = vstart;
1801 paddr_t paddr = pstart;
1802 size_t i = 0;
1803 bool secure = false;
1804
1805 assert(!(core_mmu_type_to_attr(memtype) & TEE_MATTR_PX));
1806
1807 secure = core_mmu_type_to_attr(memtype) & TEE_MATTR_SECURE;
1808
1809 if ((vaddr | paddr) & SMALL_PAGE_MASK)
1810 return TEE_ERROR_BAD_PARAMETERS;
1811
1812 exceptions = mmu_lock();
1813
1814 mm = find_map_by_va((void *)vaddr);
1815 if (!mm || !va_is_in_map(mm, vaddr + num_pages * SMALL_PAGE_SIZE - 1))
1816 panic("VA does not belong to any known mm region");
1817
1818 if (!core_mmu_is_dynamic_vaspace(mm))
1819 panic("Trying to map into static region");
1820
1821 for (i = 0; i < num_pages; i++) {
1822 while (true) {
1823 if (!core_mmu_find_table(NULL, vaddr, UINT_MAX,
1824 &tbl_info))
1825 panic("Can't find pagetable for vaddr ");
1826
1827 idx = core_mmu_va2idx(&tbl_info, vaddr);
1828 if (tbl_info.shift == SMALL_PAGE_SHIFT)
1829 break;
1830
1831 /* This is supertable. Need to divide it. */
1832 if (!core_mmu_entry_to_finer_grained(&tbl_info, idx,
1833 secure))
1834 panic("Failed to spread pgdir on small tables");
1835 }
1836
1837 core_mmu_get_entry(&tbl_info, idx, NULL, &old_attr);
1838 if (old_attr)
1839 panic("Page is already mapped");
1840
1841 core_mmu_set_entry(&tbl_info, idx, paddr,
1842 core_mmu_type_to_attr(memtype));
1843 paddr += SMALL_PAGE_SIZE;
1844 vaddr += SMALL_PAGE_SIZE;
1845 }
1846
1847 /*
1848 * Make sure all the changes to translation tables are visible
1849 * before returning. TLB doesn't need to be invalidated as we are
1850 * guaranteed that there's no valid mapping in this range.
1851 */
1852 core_mmu_table_write_barrier();
1853 mmu_unlock(exceptions);
1854
1855 return TEE_SUCCESS;
1856 }
1857
core_mmu_unmap_pages(vaddr_t vstart,size_t num_pages)1858 void core_mmu_unmap_pages(vaddr_t vstart, size_t num_pages)
1859 {
1860 struct core_mmu_table_info tbl_info;
1861 struct tee_mmap_region *mm;
1862 size_t i;
1863 unsigned int idx;
1864 uint32_t exceptions;
1865
1866 exceptions = mmu_lock();
1867
1868 mm = find_map_by_va((void *)vstart);
1869 if (!mm || !va_is_in_map(mm, vstart + num_pages * SMALL_PAGE_SIZE - 1))
1870 panic("VA does not belong to any known mm region");
1871
1872 if (!core_mmu_is_dynamic_vaspace(mm))
1873 panic("Trying to unmap static region");
1874
1875 for (i = 0; i < num_pages; i++, vstart += SMALL_PAGE_SIZE) {
1876 if (!core_mmu_find_table(NULL, vstart, UINT_MAX, &tbl_info))
1877 panic("Can't find pagetable");
1878
1879 if (tbl_info.shift != SMALL_PAGE_SHIFT)
1880 panic("Invalid pagetable level");
1881
1882 idx = core_mmu_va2idx(&tbl_info, vstart);
1883 core_mmu_set_entry(&tbl_info, idx, 0, 0);
1884 }
1885 tlbi_all();
1886
1887 mmu_unlock(exceptions);
1888 }
1889
core_mmu_populate_user_map(struct core_mmu_table_info * dir_info,struct user_mode_ctx * uctx)1890 void core_mmu_populate_user_map(struct core_mmu_table_info *dir_info,
1891 struct user_mode_ctx *uctx)
1892 {
1893 struct core_mmu_table_info pg_info = { };
1894 struct pgt_cache *pgt_cache = &uctx->pgt_cache;
1895 struct pgt *pgt = NULL;
1896 struct pgt *p = NULL;
1897 struct vm_region *r = NULL;
1898
1899 if (TAILQ_EMPTY(&uctx->vm_info.regions))
1900 return; /* Nothing to map */
1901
1902 /*
1903 * Allocate all page tables in advance.
1904 */
1905 pgt_get_all(uctx);
1906 pgt = SLIST_FIRST(pgt_cache);
1907
1908 core_mmu_set_info_table(&pg_info, dir_info->level + 1, 0, NULL);
1909
1910 TAILQ_FOREACH(r, &uctx->vm_info.regions, link)
1911 set_pg_region(dir_info, r, &pgt, &pg_info);
1912 /* Record that the translation tables now are populated. */
1913 SLIST_FOREACH(p, pgt_cache, link) {
1914 p->populated = true;
1915 if (p == pgt)
1916 break;
1917 }
1918 assert(p == pgt);
1919 }
1920
core_mmu_remove_mapping(enum teecore_memtypes type,void * addr,size_t len)1921 TEE_Result core_mmu_remove_mapping(enum teecore_memtypes type, void *addr,
1922 size_t len)
1923 {
1924 struct core_mmu_table_info tbl_info = { };
1925 struct tee_mmap_region *res_map = NULL;
1926 struct tee_mmap_region *map = NULL;
1927 paddr_t pa = virt_to_phys(addr);
1928 size_t granule = 0;
1929 ptrdiff_t i = 0;
1930 paddr_t p = 0;
1931 size_t l = 0;
1932
1933 map = find_map_by_type_and_pa(type, pa, len);
1934 if (!map)
1935 return TEE_ERROR_GENERIC;
1936
1937 res_map = find_map_by_type(MEM_AREA_RES_VASPACE);
1938 if (!res_map)
1939 return TEE_ERROR_GENERIC;
1940 if (!core_mmu_find_table(NULL, res_map->va, UINT_MAX, &tbl_info))
1941 return TEE_ERROR_GENERIC;
1942 granule = BIT(tbl_info.shift);
1943
1944 if (map < static_memory_map ||
1945 map >= static_memory_map + ARRAY_SIZE(static_memory_map))
1946 return TEE_ERROR_GENERIC;
1947 i = map - static_memory_map;
1948
1949 /* Check that we have a full match */
1950 p = ROUNDDOWN(pa, granule);
1951 l = ROUNDUP(len + pa - p, granule);
1952 if (map->pa != p || map->size != l)
1953 return TEE_ERROR_GENERIC;
1954
1955 clear_region(&tbl_info, map);
1956 tlbi_all();
1957
1958 /* If possible remove the va range from res_map */
1959 if (res_map->va - map->size == map->va) {
1960 res_map->va -= map->size;
1961 res_map->size += map->size;
1962 }
1963
1964 /* Remove the entry. */
1965 memmove(map, map + 1,
1966 (ARRAY_SIZE(static_memory_map) - i - 1) * sizeof(*map));
1967
1968 /* Clear the last new entry in case it was used */
1969 memset(static_memory_map + ARRAY_SIZE(static_memory_map) - 1,
1970 0, sizeof(*map));
1971
1972 return TEE_SUCCESS;
1973 }
1974
1975 struct tee_mmap_region *
core_mmu_find_mapping_exclusive(enum teecore_memtypes type,size_t len)1976 core_mmu_find_mapping_exclusive(enum teecore_memtypes type, size_t len)
1977 {
1978 struct tee_mmap_region *map = NULL;
1979 struct tee_mmap_region *map_found = NULL;
1980
1981 if (!len)
1982 return NULL;
1983
1984 for (map = get_memory_map(); !core_mmap_is_end_of_table(map); map++) {
1985 if (map->type != type)
1986 continue;
1987
1988 if (map_found)
1989 return NULL;
1990
1991 map_found = map;
1992 }
1993
1994 if (!map_found || map_found->size < len)
1995 return NULL;
1996
1997 return map_found;
1998 }
1999
core_mmu_add_mapping(enum teecore_memtypes type,paddr_t addr,size_t len)2000 void *core_mmu_add_mapping(enum teecore_memtypes type, paddr_t addr, size_t len)
2001 {
2002 struct core_mmu_table_info tbl_info;
2003 struct tee_mmap_region *map;
2004 size_t n;
2005 size_t granule;
2006 paddr_t p;
2007 size_t l;
2008
2009 if (!len)
2010 return NULL;
2011
2012 if (!core_mmu_check_end_pa(addr, len))
2013 return NULL;
2014
2015 /* Check if the memory is already mapped */
2016 map = find_map_by_type_and_pa(type, addr, len);
2017 if (map && pbuf_inside_map_area(addr, len, map))
2018 return (void *)(vaddr_t)(map->va + addr - map->pa);
2019
2020 /* Find the reserved va space used for late mappings */
2021 map = find_map_by_type(MEM_AREA_RES_VASPACE);
2022 if (!map)
2023 return NULL;
2024
2025 if (!core_mmu_find_table(NULL, map->va, UINT_MAX, &tbl_info))
2026 return NULL;
2027
2028 granule = BIT64(tbl_info.shift);
2029 p = ROUNDDOWN(addr, granule);
2030 l = ROUNDUP(len + addr - p, granule);
2031
2032 /* Ban overflowing virtual addresses */
2033 if (map->size < l)
2034 return NULL;
2035
2036 /*
2037 * Something is wrong, we can't fit the va range into the selected
2038 * table. The reserved va range is possibly missaligned with
2039 * granule.
2040 */
2041 if (core_mmu_va2idx(&tbl_info, map->va + len) >= tbl_info.num_entries)
2042 return NULL;
2043
2044 /* Find end of the memory map */
2045 n = 0;
2046 while (!core_mmap_is_end_of_table(static_memory_map + n))
2047 n++;
2048
2049 if (n < (ARRAY_SIZE(static_memory_map) - 1)) {
2050 /* There's room for another entry */
2051 static_memory_map[n].va = map->va;
2052 static_memory_map[n].size = l;
2053 static_memory_map[n + 1].type = MEM_AREA_END;
2054 map->va += l;
2055 map->size -= l;
2056 map = static_memory_map + n;
2057 } else {
2058 /*
2059 * There isn't room for another entry, steal the reserved
2060 * entry as it's not useful for anything else any longer.
2061 */
2062 map->size = l;
2063 }
2064 map->type = type;
2065 map->region_size = granule;
2066 map->attr = core_mmu_type_to_attr(type);
2067 map->pa = p;
2068
2069 set_region(&tbl_info, map);
2070
2071 /* Make sure the new entry is visible before continuing. */
2072 core_mmu_table_write_barrier();
2073
2074 return (void *)(vaddr_t)(map->va + addr - map->pa);
2075 }
2076
2077 #ifdef CFG_WITH_PAGER
get_linear_map_end_va(void)2078 static vaddr_t get_linear_map_end_va(void)
2079 {
2080 /* this is synced with the generic linker file kern.ld.S */
2081 return (vaddr_t)__heap2_end;
2082 }
2083
get_linear_map_end_pa(void)2084 static paddr_t get_linear_map_end_pa(void)
2085 {
2086 return get_linear_map_end_va() - VCORE_START_VA + TEE_LOAD_ADDR;
2087 }
2088 #endif
2089
2090 #if defined(CFG_TEE_CORE_DEBUG)
check_pa_matches_va(void * va,paddr_t pa)2091 static void check_pa_matches_va(void *va, paddr_t pa)
2092 {
2093 TEE_Result res = TEE_ERROR_GENERIC;
2094 vaddr_t v = (vaddr_t)va;
2095 paddr_t p = 0;
2096 struct core_mmu_table_info ti __maybe_unused = { };
2097
2098 if (core_mmu_user_va_range_is_defined()) {
2099 vaddr_t user_va_base = 0;
2100 size_t user_va_size = 0;
2101
2102 core_mmu_get_user_va_range(&user_va_base, &user_va_size);
2103 if (v >= user_va_base &&
2104 v <= (user_va_base - 1 + user_va_size)) {
2105 if (!core_mmu_user_mapping_is_active()) {
2106 if (pa)
2107 panic("issue in linear address space");
2108 return;
2109 }
2110
2111 res = vm_va2pa(to_user_mode_ctx(thread_get_tsd()->ctx),
2112 va, &p);
2113 if (res == TEE_ERROR_NOT_SUPPORTED)
2114 return;
2115 if (res == TEE_SUCCESS && pa != p)
2116 panic("bad pa");
2117 if (res != TEE_SUCCESS && pa)
2118 panic("false pa");
2119 return;
2120 }
2121 }
2122 #ifdef CFG_WITH_PAGER
2123 if (is_unpaged(va)) {
2124 if (v - boot_mmu_config.load_offset != pa)
2125 panic("issue in linear address space");
2126 return;
2127 }
2128
2129 if (tee_pager_get_table_info(v, &ti)) {
2130 uint32_t a;
2131
2132 /*
2133 * Lookups in the page table managed by the pager is
2134 * dangerous for addresses in the paged area as those pages
2135 * changes all the time. But some ranges are safe,
2136 * rw-locked areas when the page is populated for instance.
2137 */
2138 core_mmu_get_entry(&ti, core_mmu_va2idx(&ti, v), &p, &a);
2139 if (a & TEE_MATTR_VALID_BLOCK) {
2140 paddr_t mask = BIT64(ti.shift) - 1;
2141
2142 p |= v & mask;
2143 if (pa != p)
2144 panic();
2145 } else {
2146 if (pa)
2147 panic();
2148 }
2149 return;
2150 }
2151 #endif
2152
2153 if (!core_va2pa_helper(va, &p)) {
2154 /* Verfiy only the static mapping (case non null phys addr) */
2155 if (p && pa != p) {
2156 DMSG("va %p maps 0x%" PRIxPA ", expect 0x%" PRIxPA,
2157 va, p, pa);
2158 panic();
2159 }
2160 } else {
2161 if (pa) {
2162 DMSG("va %p unmapped, expect 0x%" PRIxPA, va, pa);
2163 panic();
2164 }
2165 }
2166 }
2167 #else
check_pa_matches_va(void * va __unused,paddr_t pa __unused)2168 static void check_pa_matches_va(void *va __unused, paddr_t pa __unused)
2169 {
2170 }
2171 #endif
2172
virt_to_phys(void * va)2173 paddr_t virt_to_phys(void *va)
2174 {
2175 paddr_t pa = 0;
2176
2177 if (!arch_va2pa_helper(va, &pa))
2178 pa = 0;
2179 check_pa_matches_va(va, pa);
2180 return pa;
2181 }
2182
2183 #if defined(CFG_TEE_CORE_DEBUG)
check_va_matches_pa(paddr_t pa,void * va)2184 static void check_va_matches_pa(paddr_t pa, void *va)
2185 {
2186 paddr_t p = 0;
2187
2188 if (!va)
2189 return;
2190
2191 p = virt_to_phys(va);
2192 if (p != pa) {
2193 DMSG("va %p maps 0x%" PRIxPA " expect 0x%" PRIxPA, va, p, pa);
2194 panic();
2195 }
2196 }
2197 #else
check_va_matches_pa(paddr_t pa __unused,void * va __unused)2198 static void check_va_matches_pa(paddr_t pa __unused, void *va __unused)
2199 {
2200 }
2201 #endif
2202
phys_to_virt_ts_vaspace(paddr_t pa,size_t len)2203 static void *phys_to_virt_ts_vaspace(paddr_t pa, size_t len)
2204 {
2205 if (!core_mmu_user_mapping_is_active())
2206 return NULL;
2207
2208 return vm_pa2va(to_user_mode_ctx(thread_get_tsd()->ctx), pa, len);
2209 }
2210
2211 #ifdef CFG_WITH_PAGER
phys_to_virt_tee_ram(paddr_t pa,size_t len)2212 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len)
2213 {
2214 paddr_t end_pa = 0;
2215
2216 if (SUB_OVERFLOW(len, 1, &end_pa) || ADD_OVERFLOW(pa, end_pa, &end_pa))
2217 return NULL;
2218
2219 if (pa >= TEE_LOAD_ADDR && pa < get_linear_map_end_pa()) {
2220 if (end_pa > get_linear_map_end_pa())
2221 return NULL;
2222 return (void *)(vaddr_t)(pa + boot_mmu_config.load_offset);
2223 }
2224
2225 return tee_pager_phys_to_virt(pa, len);
2226 }
2227 #else
phys_to_virt_tee_ram(paddr_t pa,size_t len)2228 static void *phys_to_virt_tee_ram(paddr_t pa, size_t len)
2229 {
2230 struct tee_mmap_region *mmap = NULL;
2231
2232 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM, pa, len);
2233 if (!mmap)
2234 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RW, pa, len);
2235 if (!mmap)
2236 mmap = find_map_by_type_and_pa(MEM_AREA_NEX_RAM_RO, pa, len);
2237 if (!mmap)
2238 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RW, pa, len);
2239 if (!mmap)
2240 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RO, pa, len);
2241 if (!mmap)
2242 mmap = find_map_by_type_and_pa(MEM_AREA_TEE_RAM_RX, pa, len);
2243 /*
2244 * Note that MEM_AREA_INIT_RAM_RO and MEM_AREA_INIT_RAM_RX are only
2245 * used with pager and not needed here.
2246 */
2247 return map_pa2va(mmap, pa, len);
2248 }
2249 #endif
2250
phys_to_virt(paddr_t pa,enum teecore_memtypes m,size_t len)2251 void *phys_to_virt(paddr_t pa, enum teecore_memtypes m, size_t len)
2252 {
2253 void *va = NULL;
2254
2255 switch (m) {
2256 case MEM_AREA_TS_VASPACE:
2257 va = phys_to_virt_ts_vaspace(pa, len);
2258 break;
2259 case MEM_AREA_TEE_RAM:
2260 case MEM_AREA_TEE_RAM_RX:
2261 case MEM_AREA_TEE_RAM_RO:
2262 case MEM_AREA_TEE_RAM_RW:
2263 case MEM_AREA_NEX_RAM_RO:
2264 case MEM_AREA_NEX_RAM_RW:
2265 va = phys_to_virt_tee_ram(pa, len);
2266 break;
2267 case MEM_AREA_SHM_VASPACE:
2268 /* Find VA from PA in dynamic SHM is not yet supported */
2269 va = NULL;
2270 break;
2271 default:
2272 va = map_pa2va(find_map_by_type_and_pa(m, pa, len), pa, len);
2273 }
2274 if (m != MEM_AREA_SEC_RAM_OVERALL)
2275 check_va_matches_pa(pa, va);
2276 return va;
2277 }
2278
phys_to_virt_io(paddr_t pa,size_t len)2279 void *phys_to_virt_io(paddr_t pa, size_t len)
2280 {
2281 struct tee_mmap_region *map = NULL;
2282 void *va = NULL;
2283
2284 map = find_map_by_type_and_pa(MEM_AREA_IO_SEC, pa, len);
2285 if (!map)
2286 map = find_map_by_type_and_pa(MEM_AREA_IO_NSEC, pa, len);
2287 if (!map)
2288 return NULL;
2289 va = map_pa2va(map, pa, len);
2290 check_va_matches_pa(pa, va);
2291 return va;
2292 }
2293
core_mmu_get_va(paddr_t pa,enum teecore_memtypes type,size_t len)2294 vaddr_t core_mmu_get_va(paddr_t pa, enum teecore_memtypes type, size_t len)
2295 {
2296 if (cpu_mmu_enabled())
2297 return (vaddr_t)phys_to_virt(pa, type, len);
2298
2299 return (vaddr_t)pa;
2300 }
2301
2302 #ifdef CFG_WITH_PAGER
is_unpaged(void * va)2303 bool is_unpaged(void *va)
2304 {
2305 vaddr_t v = (vaddr_t)va;
2306
2307 return v >= VCORE_START_VA && v < get_linear_map_end_va();
2308 }
2309 #else
is_unpaged(void * va __unused)2310 bool is_unpaged(void *va __unused)
2311 {
2312 return true;
2313 }
2314 #endif
2315
core_mmu_init_virtualization(void)2316 void core_mmu_init_virtualization(void)
2317 {
2318 virt_init_memory(static_memory_map);
2319 }
2320
io_pa_or_va(struct io_pa_va * p,size_t len)2321 vaddr_t io_pa_or_va(struct io_pa_va *p, size_t len)
2322 {
2323 assert(p->pa);
2324 if (cpu_mmu_enabled()) {
2325 if (!p->va)
2326 p->va = (vaddr_t)phys_to_virt_io(p->pa, len);
2327 assert(p->va);
2328 return p->va;
2329 }
2330 return p->pa;
2331 }
2332
io_pa_or_va_secure(struct io_pa_va * p,size_t len)2333 vaddr_t io_pa_or_va_secure(struct io_pa_va *p, size_t len)
2334 {
2335 assert(p->pa);
2336 if (cpu_mmu_enabled()) {
2337 if (!p->va)
2338 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_SEC,
2339 len);
2340 assert(p->va);
2341 return p->va;
2342 }
2343 return p->pa;
2344 }
2345
io_pa_or_va_nsec(struct io_pa_va * p,size_t len)2346 vaddr_t io_pa_or_va_nsec(struct io_pa_va *p, size_t len)
2347 {
2348 assert(p->pa);
2349 if (cpu_mmu_enabled()) {
2350 if (!p->va)
2351 p->va = (vaddr_t)phys_to_virt(p->pa, MEM_AREA_IO_NSEC,
2352 len);
2353 assert(p->va);
2354 return p->va;
2355 }
2356 return p->pa;
2357 }
2358
2359 #ifdef CFG_CORE_RESERVED_SHM
teecore_init_pub_ram(void)2360 static TEE_Result teecore_init_pub_ram(void)
2361 {
2362 vaddr_t s = 0;
2363 vaddr_t e = 0;
2364
2365 /* get virtual addr/size of NSec shared mem allocated from teecore */
2366 core_mmu_get_mem_by_type(MEM_AREA_NSEC_SHM, &s, &e);
2367
2368 if (s >= e || s & SMALL_PAGE_MASK || e & SMALL_PAGE_MASK)
2369 panic("invalid PUB RAM");
2370
2371 /* extra check: we could rely on core_mmu_get_mem_by_type() */
2372 if (!tee_vbuf_is_non_sec(s, e - s))
2373 panic("PUB RAM is not non-secure");
2374
2375 #ifdef CFG_PL310
2376 /* Allocate statically the l2cc mutex */
2377 tee_l2cc_store_mutex_boot_pa(virt_to_phys((void *)s));
2378 s += sizeof(uint32_t); /* size of a pl310 mutex */
2379 s = ROUNDUP(s, SMALL_PAGE_SIZE); /* keep required alignment */
2380 #endif
2381
2382 default_nsec_shm_paddr = virt_to_phys((void *)s);
2383 default_nsec_shm_size = e - s;
2384
2385 return TEE_SUCCESS;
2386 }
2387 early_init(teecore_init_pub_ram);
2388 #endif /*CFG_CORE_RESERVED_SHM*/
2389
core_mmu_init_ta_ram(void)2390 void core_mmu_init_ta_ram(void)
2391 {
2392 vaddr_t s = 0;
2393 vaddr_t e = 0;
2394 paddr_t ps = 0;
2395 size_t size = 0;
2396
2397 /*
2398 * Get virtual addr/size of RAM where TA are loaded/executedNSec
2399 * shared mem allocated from teecore.
2400 */
2401 if (IS_ENABLED(CFG_VIRTUALIZATION))
2402 virt_get_ta_ram(&s, &e);
2403 else
2404 core_mmu_get_mem_by_type(MEM_AREA_TA_RAM, &s, &e);
2405
2406 ps = virt_to_phys((void *)s);
2407 size = e - s;
2408
2409 if (!ps || (ps & CORE_MMU_USER_CODE_MASK) ||
2410 !size || (size & CORE_MMU_USER_CODE_MASK))
2411 panic("invalid TA RAM");
2412
2413 /* extra check: we could rely on core_mmu_get_mem_by_type() */
2414 if (!tee_pbuf_is_sec(ps, size))
2415 panic("TA RAM is not secure");
2416
2417 if (!tee_mm_is_empty(&tee_mm_sec_ddr))
2418 panic("TA RAM pool is not empty");
2419
2420 /* remove previous config and init TA ddr memory pool */
2421 tee_mm_final(&tee_mm_sec_ddr);
2422 tee_mm_init(&tee_mm_sec_ddr, ps, size, CORE_MMU_USER_CODE_SHIFT,
2423 TEE_MM_POOL_NO_FLAGS);
2424 }
2425