From patchwork Mon Oct 19 12:54:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anup Patel X-Patchwork-Id: 1384284 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=wdc.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=1djZeV2O; dkim=permerror header.d=wdc.com header.i=@wdc.com header.a=rsa-sha1 header.s=dkim.wdc.com header.b=UZ5Hf67W; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=sharedspace.onmicrosoft.com header.i=@sharedspace.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-sharedspace-onmicrosoft-com header.b=Cb7NIx5E; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CFGvn2nTYz9sTr for ; Mon, 19 Oct 2020 23:55:49 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=KR7xMVYHFHWHNg+LiWcE4eidVw92S/NMXp3D65tpV0w=; b=1djZeV2O9XGMyndSs0WB643oF PqW5O4Awg2ZuaRZR1YCyIvj8Sjkgg8IiBPCn28pnw33mTwT8ZiOTPJxvFegC7qqGDv2g1wVL2U0eX zDcsLe0ljL7zEM74y29EiX8ZP3NSR9B2bbra70xbXYza7t+lskU1cL3epCOyBmUpPtcmjXZgMuyLA 6TG6WMKlK0My/lOeYP5+O71ao9zhMygKKIsIE8SJcz+mMRF/ZspLnfoSL57A3qSSlpdJmwLPqGQ/1 qeszDOT41LhyShBlg7qejJifffepfpNXhD5D7wkrSEJhEGGVUjuPDE8GNos9z/bgXYpBti5iSjVO0 DD1dNaKcw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kUUhS-0004vo-EV; Mon, 19 Oct 2020 12:55:42 +0000 Received: from esa2.hgst.iphmx.com ([68.232.143.124]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kUUhP-0004rH-E2 for opensbi@lists.infradead.org; Mon, 19 Oct 2020 12:55:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wdc.com; i=@wdc.com; q=dns/txt; s=dkim.wdc.com; t=1603112812; x=1634648812; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=F+36TD7awyV0qChBQq+LrpAvOcEo5SHHM/c0CzmIRsY=; b=UZ5Hf67W3Cr6oaeGqREJ/hrMzpSPEs7iXL/YWFtLoGEKNDiRRVWJZW+o Rm6O341AM+D6Adk8SPY/bEs88Ek4O5y2/pYkmIpHNb636glYV1PiI9en1 35hFFjuenjM4QxjjivYlI6fmHj0JYcMD4NtPct3PfO4gGyZYUbVOCwAp2 f64IDz8sORD/u1g0VewT2I2kuXZFQkrjzLvgN0cqNkb7MjaXC1kEf0TMy bU9/SBid2cL2xAZLMFpe38aH7VbEITnJQNLxGTTcZh9ILtRknoEVIr8e2 unpv9bjcNC2Z/rA8+3I+2XTnl1moIgewlzgro5sFimb7tyaGN+/O3oJn0 g==; IronPort-SDR: x3jRs98mqSlPwAl9KqG04KIpLRH1VGm2RD3cApobowUuTK1Soo4lehnr331SJ1vfnC9xePQaoz g7R5Qk3PyApf0OkRrO3ZLNIm6mBXAJmI6yL4N2iLQz/bwy1wcHA9qg0qlw9l1TPU9eW4re9na3 ZKTrMqdQ7ydYMw9CCsBPM+fckxW4oY5EpK750GapcVU1y+QscNiOWMFKnxkN/YVcvi/mCeZh72 piDEJExooljoUoZ/UxNvL4zwaj9agKmT206snCYKvTyu8e+QCpBxqa+MLgypPfJmdz6G0d0Zhe aLc= X-IronPort-AV: E=Sophos;i="5.77,394,1596470400"; d="scan'208";a="253808610" Received: from mail-cys01nam02lp2055.outbound.protection.outlook.com (HELO NAM02-CY1-obe.outbound.protection.outlook.com) ([104.47.37.55]) by ob1.hgst.iphmx.com with ESMTP; 19 Oct 2020 21:06:51 +0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=inB89ppr/eDe5ZB/MGuj80rQxncEEbKk8HXOQtxM12z/l4l/eaKi1vdfwzVoL/snedQyK0K+MYxBwXhgFWACaOKNAcT6kVNqhm9V61+Xt2f4if4PEgd94Oj2o6NRYG6TYlBgC9HPPpp2TgEBrN7g1YigFeTs9UTpDc/SHBSWFbWtiaXQ+t98iHdKhgfvnkKkWq/eJX9h67aROsWr1w2KMEaK53kVCWP4l6S/abnJXFBRdOoaCAr79V8W2C0AYhfsxc2FAr/l0hdx6QLHSK8JPzTAjlcwwaX4lE4KdLc5r1i1bCFFu2ARYp0K/mQyJPHf4yBvj+9qZ53y5Li8u25vCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T0stP7K+rn+rpWF/sp2YpxGd79arsTW1P8DFJ2tGS8c=; b=ZF1NnIsWC5pTX2mEONy06bfVjF/Msx/n51Xl9L7wHh/H9EuvFXxrH3gVkI3EJeSAi6INIJxMSnaDzQ66xBxYcg2bHNbQ2jda4OVdp2VyW9dIRJ7PPWfQQpBEqzPRXr1TIT6aTtyzdYmzegcXd1VHA1x+3MVkn1HgOs36MLuUfz4iebxWL6HzaeXsKxRRY/iPaJbXWmd/sV/NaLJxFW9LX5OH9MAu1xYvQ/khzOxG3dq/MdWiKsupIgF0O+iR1mgYYZ0EGQ5QQ7enOHPIZDqKa4L36aDdKWGMlKfrVb+ky1Sxp4YWpUnq9tkU9J9iuzqFhVHr135vsyJESqKs/GPPSg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=wdc.com; dmarc=pass action=none header.from=wdc.com; dkim=pass header.d=wdc.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sharedspace.onmicrosoft.com; s=selector2-sharedspace-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T0stP7K+rn+rpWF/sp2YpxGd79arsTW1P8DFJ2tGS8c=; b=Cb7NIx5ESNHb32Cm+Oxjob9jEw8f3v7hieUSV+xYQODbY3cNNIMDjENPPEOZJN02zT8eqGj8m8x/hrFSW6fGmD7Eo20EreLbpQGbIQcQo7odYuUxaZUS7ScoukPLQN7FfjqOyRpHcPj/+cHakooTS5qMKz4jBeUd2aMGhosh2ZU= Authentication-Results: wdc.com; dkim=none (message not signed) header.d=none;wdc.com; dmarc=none action=none header.from=wdc.com; Received: from DM6PR04MB6201.namprd04.prod.outlook.com (2603:10b6:5:127::32) by DM6PR04MB5548.namprd04.prod.outlook.com (2603:10b6:5:12a::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.27; Mon, 19 Oct 2020 12:55:37 +0000 Received: from DM6PR04MB6201.namprd04.prod.outlook.com ([fe80::d035:e2c6:c11:51dd]) by DM6PR04MB6201.namprd04.prod.outlook.com ([fe80::d035:e2c6:c11:51dd%6]) with mapi id 15.20.3477.028; Mon, 19 Oct 2020 12:55:37 +0000 From: Anup Patel To: Atish Patra , Alistair Francis Subject: [PATCH v3 06/16] lib: sbi: Add initial domain support Date: Mon, 19 Oct 2020 18:24:43 +0530 Message-Id: <20201019125453.2460105-7-anup.patel@wdc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201019125453.2460105-1-anup.patel@wdc.com> References: <20201019125453.2460105-1-anup.patel@wdc.com> X-Originating-IP: [122.172.253.92] X-ClientProxiedBy: MAXPR0101CA0060.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a00:e::22) To DM6PR04MB6201.namprd04.prod.outlook.com (2603:10b6:5:127::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from wdc.com (122.172.253.92) by MAXPR0101CA0060.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a00:e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21 via Frontend Transport; Mon, 19 Oct 2020 12:55:35 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: ff86d16c-8b02-408b-0e8e-08d8742e468e X-MS-TrafficTypeDiagnostic: DM6PR04MB5548: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: WDCIPOUTBOUND: EOP-TRUE X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qRsFv53qITgE954yNRMHnz+659ZajfaLYMpC9KTop7zaxLhbRrH/IKNg8eYT7TeGDGcViUDxLqAAHWj0UU5z+Ou9Z2UmaYI7KSPKZl+T9QZYjIfejqFCZ5VPi0U6tUQnAOVyTn/fyS9kxxGEbEKC+6VPfbFimA95bdoxasUaFKYCpJQp4zBoWvLbpcpS3H1BudfbPx9Sco7HLrXGVJ4izLT5Gkm1J2VBjhkuBnAEqinbOloYEHU4KoD6CbPonkBfqy9idpRnJID4UjhrckJQbM2UwgL8z0HJF1g6/uzjrA45J/nxvv9kNyP5+A/YUm1HMrM2K/mO3hNoN9MyVispbA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR04MB6201.namprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(136003)(396003)(376002)(346002)(39860400002)(6636002)(55016002)(6666004)(8886007)(66946007)(66476007)(8936002)(8676002)(66556008)(2906002)(86362001)(44832011)(83380400001)(2616005)(956004)(16526019)(5660300002)(186003)(54906003)(110136005)(52116002)(7696005)(55236004)(1076003)(4326008)(478600001)(316002)(36756003)(26005)(30864003); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: igKn+Ak2HjjpCrh013e4KFMH4KlVfSBvVew1Gz+3JHIUExw7bqr3dXH340h346OIkQo4B1IluZppfoe+IifBnJaGcsh+xp6trhX4nv1vDzHONa6V8TREUDvgohPvcO4NYE/O1jDf/hiWAxnIFT/bZ+bu+krcJBLYdgRXMRrDl83DR7UAu7MjjKYoIAdjzCaeTqx0XqvNUAFZumf2GK8wc9DIvPLgjKpR7yuQ3Hj8KcHZ9RfEt7yldcD0YPrwxsHKqu8GFDJ/cQNvIN64HCQ2THloDB/v05E+N3rtS82heN0rnV1iPBTIWGWQQQJqofo+rpDTZpkqpyTFUt5fG+nbqPb73MeRgasaIgjjl56tNh2GAb0EQW/BeOl0F02pXFgpeyuBRK70ZlUIa36jJ37anYZSaVndXQCUWYM2JPFD/F+tQbGE0/ycGTIogkAKnFkEa4MV2wiIlvI+IYt6ZGTQt5LYF1m7DM66R0+lfglsxwRAyWRfYSAPgretehJrTvu1eyzRdY6BU0XoOksORzD0I1BpViYo/NCOttyKTRWyybZorIeA+FeOYwxACThdReVtY9aziDs802vhqfs58H2IQWmXfa3+g+avyGz03/m3YYFOSWSfEOvKOTaxEaoy84+zQVX9WYUXsUQdlZHeJUwFDA== X-OriginatorOrg: wdc.com X-MS-Exchange-CrossTenant-Network-Message-Id: ff86d16c-8b02-408b-0e8e-08d8742e468e X-MS-Exchange-CrossTenant-AuthSource: DM6PR04MB6201.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Oct 2020 12:55:37.6925 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: b61c8803-16f3-4c35-9b17-6f65f441df86 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 08Hi8cZtlaZdhCaHoq+EGYHqMcJzAos9FFM+bw8sooTGq0P3Y9X5hsiR3kjqAYSaelj65O8wVirr7BRzRlsGGA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR04MB5548 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201019_085539_800689_01DB3239 X-CRM114-Status: GOOD ( 29.57 ) X-Spam-Score: -2.5 (--) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-2.5 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [68.232.143.124 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay X-BeenThere: opensbi@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Anup Patel , Anup Patel , opensbi@lists.infradead.org Sender: "opensbi" Errors-To: opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org An OpenSBI domain is a logical entity representing a set of HARTs and a set of memory regions for these HARTs. The OpenSBI domains support will allow OpenSBI platforms and previous booting stage (i.e. U-Boot SPL, Coreboot, etc) to partition a system into multiple domains where each domain will run it's own software. For inter-domain isolation, OpenSBI will eventually use various HW features such as PMP, ePMP, IOPMP, SiFive shield, etc but initial implementation only use HW PMP support. This patch provides initial implementation of OpenSBI domains where we have a root/default domain and OpenSBI platforms can provide non-root/custom domains using domain_get() callback. Signed-off-by: Anup Patel Reviewed-by: Alistair Francis Reviewed-by: Atish Patra --- include/sbi/sbi_domain.h | 147 ++++++++++++++ include/sbi/sbi_platform.h | 20 ++ lib/sbi/objects.mk | 1 + lib/sbi/sbi_domain.c | 380 +++++++++++++++++++++++++++++++++++++ lib/sbi/sbi_init.c | 20 ++ 5 files changed, 568 insertions(+) create mode 100644 include/sbi/sbi_domain.h create mode 100644 lib/sbi/sbi_domain.c diff --git a/include/sbi/sbi_domain.h b/include/sbi/sbi_domain.h new file mode 100644 index 0000000..4bb08dc --- /dev/null +++ b/include/sbi/sbi_domain.h @@ -0,0 +1,147 @@ +/* + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2020 Western Digital Corporation or its affiliates. + * + * Authors: + * Anup Patel + */ + +#ifndef __SBI_DOMAIN_H__ +#define __SBI_DOMAIN_H__ + +#include +#include + +struct sbi_scratch; + +/** Domain access types */ +enum sbi_domain_access { + SBI_DOMAIN_READ = (1UL << 0), + SBI_DOMAIN_WRITE = (1UL << 1), + SBI_DOMAIN_EXECUTE = (1UL << 2), + SBI_DOMAIN_MMIO = (1UL << 3) +}; + +/** Representation of OpenSBI domain memory region */ +struct sbi_domain_memregion { + /** + * Size of memory region as power of 2 + * It has to be minimum 3 and maximum __riscv_xlen + */ + unsigned long order; + /** + * Base address of memory region + * It must be 2^order aligned address + */ + unsigned long base; + /** Flags representing memory region attributes */ +#define SBI_DOMAIN_MEMREGION_READABLE (1UL << 0) +#define SBI_DOMAIN_MEMREGION_WRITEABLE (1UL << 1) +#define SBI_DOMAIN_MEMREGION_EXECUTABLE (1UL << 2) +#define SBI_DOMAIN_MEMREGION_MMIO (1UL << 3) +#define SBI_DOMAIN_MEMREGION_MMODE (1UL << 4) + unsigned long flags; +}; + +/** Maximum number of domains */ +#define SBI_DOMAIN_MAX_INDEX 32 + +/** Representation of OpenSBI domain */ +struct sbi_domain { + /** + * Logical index of this domain + * Note: This set by sbi_domain_finalize() in the coldboot path + */ + u32 index; + /** + * HARTs assigned to this domain + * Note: This set by sbi_domain_init() and sbi_domain_finalize() + * in the coldboot path + */ + struct sbi_hartmask assigned_harts; + /** Name of this domain */ + char name[64]; + /** Possible HARTs in this domain */ + const struct sbi_hartmask *possible_harts; + /** Array of memory regions terminated by a region with order zero */ + struct sbi_domain_memregion *regions; + /** HART id of the HART booting this domain */ + u32 boot_hartid; + /** Arg1 (or 'a1' register) of next booting stage for this domain */ + unsigned long next_arg1; + /** Address of next booting stage for this domain */ + unsigned long next_addr; + /** Privilege mode of next booting stage for this domain */ + unsigned long next_mode; + /** Is domain allowed to reset the system */ + bool system_reset_allowed; +}; + +/** HART id to domain table */ +extern struct sbi_domain *hartid_to_domain_table[]; + +/** Get pointer to sbi_domain from HART id */ +#define sbi_hartid_to_domain(__hartid) \ + hartid_to_domain_table[__hartid] + +/** Get pointer to sbi_domain for current HART */ +#define sbi_domain_thishart_ptr() \ + sbi_hartid_to_domain(current_hartid()) + +/** Index to domain table */ +extern struct sbi_domain *domidx_to_domain_table[]; + +/** Get pointer to sbi_domain from index */ +#define sbi_index_to_domain(__index) \ + domidx_to_domain_table[__index] + +/** Iterate over each domain */ +#define sbi_domain_for_each(__i, __d) \ + for ((__i) = 0; ((__d) = sbi_index_to_domain(__i)); (__i)++) + +/** Iterate over each memory region of a domain */ +#define sbi_domain_for_each_memregion(__d, __r) \ + for ((__r) = (__d)->regions; (__r)->order; (__r)++) + +/** + * Check whether given HART is assigned to specified domain + * @param dom pointer to domain + * @param hartid the HART ID + * @return TRUE if HART is assigned to domain otherwise FALSE + */ +bool sbi_domain_is_assigned_hart(const struct sbi_domain *dom, u32 hartid); + +/** + * Get ulong assigned HART mask for given domain and HART base ID + * @param dom pointer to domain + * @param hbase the HART base ID + * @return ulong possible HART mask + * Note: the return ulong mask will be set to zero on failure. + */ +ulong sbi_domain_get_assigned_hartmask(const struct sbi_domain *dom, + ulong hbase); + +/** Initialize a domain memory region as firmware region */ +void sbi_domain_memregion_initfw(struct sbi_domain_memregion *reg); + +/** + * Check whether we can access specified address for given mode and + * memory region flags under a domain + * @param dom pointer to domain + * @param addr the address to be checked + * @param mode the privilege mode of access + * @param access_flags bitmask of domain access types (enum sbi_domain_access) + * @return TRUE if access allowed otherwise FALSE + */ +bool sbi_domain_check_addr(const struct sbi_domain *dom, + unsigned long addr, unsigned long mode, + unsigned long access_flags); + +/** Finalize domain tables and startup non-root domains */ +int sbi_domain_finalize(struct sbi_scratch *scratch, u32 cold_hartid); + +/** Initialize domains */ +int sbi_domain_init(struct sbi_scratch *scratch, u32 cold_hartid); + +#endif diff --git a/include/sbi/sbi_platform.h b/include/sbi/sbi_platform.h index f2c3237..e1355d8 100644 --- a/include/sbi/sbi_platform.h +++ b/include/sbi/sbi_platform.h @@ -44,6 +44,7 @@ #include #include +struct sbi_domain; struct sbi_trap_info; /** Possible feature flags of a platform */ @@ -89,6 +90,9 @@ struct sbi_platform_operations { */ int (*misa_get_xlen)(void); + /** Get domain pointer for given HART id */ + struct sbi_domain *(*domain_get)(u32 hartid); + /** Write a character to the platform console output */ void (*console_putc)(char ch); /** Read a character from the platform console input */ @@ -447,6 +451,22 @@ static inline int sbi_platform_misa_xlen(const struct sbi_platform *plat) return -1; } +/** + * Get domain pointer for given HART + * + * @param plat pointer to struct sbi_platform + * @param hartid shorthand letter for CPU extensions + * + * @return non-NULL domain pointer on success and NULL on failure + */ +static inline struct sbi_domain *sbi_platform_domain_get( + const struct sbi_platform *plat, u32 hartid) +{ + if (plat && sbi_platform_ops(plat)->domain_get) + return sbi_platform_ops(plat)->domain_get(hartid); + return NULL; +} + /** * Write a character to the platform console output * diff --git a/lib/sbi/objects.mk b/lib/sbi/objects.mk index fa808a0..6f2c06f 100644 --- a/lib/sbi/objects.mk +++ b/lib/sbi/objects.mk @@ -15,6 +15,7 @@ libsbi-objs-y += riscv_locks.o libsbi-objs-y += sbi_bitmap.o libsbi-objs-y += sbi_bitops.o libsbi-objs-y += sbi_console.o +libsbi-objs-y += sbi_domain.o libsbi-objs-y += sbi_ecall.o libsbi-objs-y += sbi_ecall_base.o libsbi-objs-y += sbi_ecall_hsm.o diff --git a/lib/sbi/sbi_domain.c b/lib/sbi/sbi_domain.c new file mode 100644 index 0000000..ed0053f --- /dev/null +++ b/lib/sbi/sbi_domain.c @@ -0,0 +1,380 @@ +/* + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2020 Western Digital Corporation or its affiliates. + * + * Authors: + * Anup Patel + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +struct sbi_domain *hartid_to_domain_table[SBI_HARTMASK_MAX_BITS] = { 0 }; +struct sbi_domain *domidx_to_domain_table[SBI_DOMAIN_MAX_INDEX] = { 0 }; + +static u32 domain_count = 0; + +static struct sbi_hartmask root_hmask = { 0 }; + +#define ROOT_FW_REGION 0 +#define ROOT_ALL_REGION 1 +#define ROOT_END_REGION 2 +static struct sbi_domain_memregion root_memregs[ROOT_END_REGION + 1] = { 0 }; + +static struct sbi_domain root = { + .name = "root", + .possible_harts = &root_hmask, + .regions = root_memregs, + .system_reset_allowed = TRUE, +}; + +bool sbi_domain_is_assigned_hart(const struct sbi_domain *dom, u32 hartid) +{ + if (dom) + return sbi_hartmask_test_hart(hartid, &dom->assigned_harts); + + return FALSE; +} + +ulong sbi_domain_get_assigned_hartmask(const struct sbi_domain *dom, + ulong hbase) +{ + ulong ret, bword, boff; + + if (!dom) + return 0; + + bword = BIT_WORD(hbase); + boff = BIT_WORD_OFFSET(hbase); + + ret = sbi_hartmask_bits(&dom->assigned_harts)[bword++] >> boff; + if (boff && bword < BIT_WORD(SBI_HARTMASK_MAX_BITS)) { + ret |= (sbi_hartmask_bits(&dom->assigned_harts)[bword] & + (BIT(boff) - 1UL)) << (BITS_PER_LONG - boff); + } + + return ret; +} + +void sbi_domain_memregion_initfw(struct sbi_domain_memregion *reg) +{ + if (!reg) + return; + + sbi_memcpy(reg, &root_memregs[ROOT_FW_REGION], sizeof(*reg)); +} + +bool sbi_domain_check_addr(const struct sbi_domain *dom, + unsigned long addr, unsigned long mode, + unsigned long access_flags) +{ + bool mmio = FALSE; + struct sbi_domain_memregion *reg; + unsigned long rstart, rend, rflags, rwx = 0; + + if (!dom) + return FALSE; + + if (access_flags & SBI_DOMAIN_READ) + rwx |= SBI_DOMAIN_MEMREGION_READABLE; + if (access_flags & SBI_DOMAIN_WRITE) + rwx |= SBI_DOMAIN_MEMREGION_WRITEABLE; + if (access_flags & SBI_DOMAIN_EXECUTE) + rwx |= SBI_DOMAIN_MEMREGION_EXECUTABLE; + if (access_flags & SBI_DOMAIN_MMIO) + mmio = TRUE; + + sbi_domain_for_each_memregion(dom, reg) { + rflags = reg->flags; + if (mode == PRV_M && !(rflags & SBI_DOMAIN_MEMREGION_MMODE)) + continue; + + rstart = reg->base; + rend = (reg->order < __riscv_xlen) ? + rstart + ((1UL << reg->order) - 1) : -1UL; + if (rstart <= addr && addr <= rend) { + if ((mmio && !(rflags & SBI_DOMAIN_MEMREGION_MMIO)) || + (!mmio && (rflags & SBI_DOMAIN_MEMREGION_MMIO))) + return FALSE; + return ((rflags & rwx) == rwx) ? TRUE : FALSE; + } + } + + return (mode == PRV_M) ? TRUE : FALSE; +} + +/* Check if region comply with constraints */ +static bool is_region_valid(const struct sbi_domain_memregion *reg) +{ + if (reg->order < 3 || __riscv_xlen < reg->order) + return FALSE; + + if (reg->base & (BIT(reg->order) - 1)) + return FALSE; + + return TRUE; +} + +/** Check if regionA is sub-region of regionB */ +static bool is_region_subset(const struct sbi_domain_memregion *regA, + const struct sbi_domain_memregion *regB) +{ + ulong regA_start = regA->base; + ulong regA_end = regA->base + (BIT(regA->order) - 1); + ulong regB_start = regB->base; + ulong regB_end = regB->base + (BIT(regA->order) - 1); + + if ((regB_start <= regA_start) && + (regA_start < regB_end) && + (regB_start < regA_end) && + (regA_end <= regB_end)) + return TRUE; + + return FALSE; +} + +/** Check if regionA conflicts regionB */ +static bool is_region_conflict(const struct sbi_domain_memregion *regA, + const struct sbi_domain_memregion *regB) +{ + if ((is_region_subset(regA, regB) || is_region_subset(regB, regA)) && + regA->flags == regB->flags) + return TRUE; + + return FALSE; +} + +/** Check if regionA should be placed before regionB */ +static bool is_region_before(const struct sbi_domain_memregion *regA, + const struct sbi_domain_memregion *regB) +{ + if (regA->order < regB->order) + return TRUE; + + if ((regA->order == regB->order) && + (regA->base < regB->base)) + return TRUE; + + return FALSE; +} + +static int sanitize_domain(const struct sbi_platform *plat, + struct sbi_domain *dom) +{ + u32 i, j, count; + bool have_fw_reg; + struct sbi_domain_memregion treg, *reg, *reg1; + + /* Check possible HARTs */ + if (!dom->possible_harts) + return SBI_EINVAL; + sbi_hartmask_for_each_hart(i, dom->possible_harts) { + if (sbi_platform_hart_invalid(plat, i)) + return SBI_EINVAL; + }; + + /* Check memory regions */ + if (!dom->regions) + return SBI_EINVAL; + sbi_domain_for_each_memregion(dom, reg) { + if (!is_region_valid(reg)) + return SBI_EINVAL; + } + + /* Count memory regions and check presence of firmware region */ + count = 0; + have_fw_reg = FALSE; + sbi_domain_for_each_memregion(dom, reg) { + if (reg->order == root_memregs[ROOT_FW_REGION].order && + reg->base == root_memregs[ROOT_FW_REGION].base && + reg->flags == root_memregs[ROOT_FW_REGION].flags) + have_fw_reg = TRUE; + count++; + } + if (!have_fw_reg) + return SBI_EINVAL; + + /* Sort the memory regions */ + for (i = 0; i < (count - 1); i++) { + reg = &dom->regions[i]; + for (j = i + 1; j < count; j++) { + reg1 = &dom->regions[j]; + + if (is_region_conflict(reg1, reg)) + return SBI_EINVAL; + + if (!is_region_before(reg1, reg)) + continue; + + sbi_memcpy(&treg, reg1, sizeof(treg)); + sbi_memcpy(reg1, reg, sizeof(treg)); + sbi_memcpy(reg, &treg, sizeof(treg)); + } + } + + /* + * We don't need to check boot HART id of domain because if boot + * HART id is not possible/assigned to this domain then it won't + * be started at boot-time by sbi_domain_finalize(). + */ + + /* + * Check next mode + * + * We only allow next mode to be S-mode or U-mode.so that we can + * protect M-mode context and enforce checks on memory accesses. + */ + if (dom->next_mode != PRV_S && + dom->next_mode != PRV_U) + return SBI_EINVAL; + + /* Check next address and next mode*/ + if (!sbi_domain_check_addr(dom, dom->next_addr, dom->next_mode, + SBI_DOMAIN_EXECUTE)) + return SBI_EINVAL; + + return 0; +} + +int sbi_domain_finalize(struct sbi_scratch *scratch, u32 cold_hartid) +{ + int rc; + u32 i, j, dhart; + bool dom_exists; + struct sbi_domain *dom, *tdom; + const struct sbi_platform *plat = sbi_platform_ptr(scratch); + + /* Discover domains */ + for (i = 0; i < SBI_HARTMASK_MAX_BITS; i++) { + /* Ignore invalid HART */ + if (sbi_platform_hart_invalid(plat, i)) + continue; + + /* Get domain assigned to HART */ + dom = sbi_platform_domain_get(plat, i); + if (!dom) + continue; + + /* Check if domain already discovered */ + dom_exists = FALSE; + sbi_domain_for_each(j, tdom) { + if (tdom == dom) { + dom_exists = TRUE; + break; + } + } + + /* Newly discovered domain */ + if (!dom_exists) { + /* + * Ensure that we have room for Domain Index to + * HART ID mapping + */ + if (domain_count <= SBI_DOMAIN_MAX_INDEX) + return SBI_ENOSPC; + + /* Sanitize discovered domain */ + rc = sanitize_domain(plat, dom); + if (rc) + return rc; + + /* Assign index to domain */ + dom->index = domain_count++; + domidx_to_domain_table[dom->index] = dom; + + /* Clear assigned HARTs of domain */ + sbi_hartmask_clear_all(&dom->assigned_harts); + } + + /* Assign domain to HART if HART is a possible HART */ + if (sbi_hartmask_test_hart(i, dom->possible_harts)) { + tdom = hartid_to_domain_table[i]; + if (tdom) + sbi_hartmask_clear_hart(i, + &tdom->assigned_harts); + hartid_to_domain_table[i] = dom; + sbi_hartmask_set_hart(i, &dom->assigned_harts); + } + } + + /* Startup boot HART of domains */ + sbi_domain_for_each(i, dom) { + /* Domain boot HART */ + dhart = dom->boot_hartid; + + /* Ignore if boot HART not possible for this domain */ + if (!sbi_hartmask_test_hart(i, dom->possible_harts)) + continue; + + /* Ignore if boot HART assigned different domain */ + if (sbi_hartid_to_domain(dhart) != dom || + !sbi_hartmask_test_hart(i, &dom->assigned_harts)) + continue; + + /* Startup boot HART of domain */ + if (dhart == cold_hartid) { + scratch->next_addr = dom->next_addr; + scratch->next_mode = dom->next_mode; + scratch->next_arg1 = dom->next_arg1; + } else { + rc = sbi_hsm_hart_start(scratch, dhart, dom->next_addr, + dom->next_mode, dom->next_arg1); + if (rc) + return rc; + } + } + + return 0; +} + +int sbi_domain_init(struct sbi_scratch *scratch, u32 cold_hartid) +{ + u32 i; + const struct sbi_platform *plat = sbi_platform_ptr(scratch); + + /* Root domain firmware memory region */ + root_memregs[ROOT_FW_REGION].order = log2roundup(scratch->fw_size); + root_memregs[ROOT_FW_REGION].base = scratch->fw_start & + ~((1UL << root_memregs[0].order) - 1UL); + root_memregs[ROOT_FW_REGION].flags = 0; + + /* Root domain allow everything memory region */ + root_memregs[ROOT_ALL_REGION].order = __riscv_xlen; + root_memregs[ROOT_ALL_REGION].base = 0; + root_memregs[ROOT_ALL_REGION].flags = (SBI_DOMAIN_MEMREGION_READABLE | + SBI_DOMAIN_MEMREGION_WRITEABLE | + SBI_DOMAIN_MEMREGION_EXECUTABLE); + + /* Root domain memory region end */ + root_memregs[ROOT_END_REGION].order = 0; + + /* Root domain boot HART id is same as coldboot HART id */ + root.boot_hartid = cold_hartid; + + /* Root domain next booting stage details */ + root.next_arg1 = scratch->next_arg1; + root.next_addr = scratch->next_addr; + root.next_mode = scratch->next_mode; + + /* Select root domain for all valid HARTs */ + for (i = 0; i < SBI_HARTMASK_MAX_BITS; i++) { + if (sbi_platform_hart_invalid(plat, i)) + continue; + sbi_hartmask_set_hart(i, &root_hmask); + hartid_to_domain_table[i] = &root; + sbi_hartmask_set_hart(i, &root.assigned_harts); + } + + /* Set root domain index */ + root.index = domain_count++; + domidx_to_domain_table[root.index] = &root; + + return 0; +} diff --git a/lib/sbi/sbi_init.c b/lib/sbi/sbi_init.c index 5cedb15..406cb3f 100644 --- a/lib/sbi/sbi_init.c +++ b/lib/sbi/sbi_init.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -169,6 +170,11 @@ static void __noreturn init_coldboot(struct sbi_scratch *scratch, u32 hartid) if (rc) sbi_hart_hang(); + /* Note: This has to be second thing in coldboot init sequence */ + rc = sbi_domain_init(scratch, hartid); + if (rc) + sbi_hart_hang(); + init_count_offset = sbi_scratch_alloc_offset(__SIZEOF_POINTER__, "INIT_COUNT"); if (!init_count_offset) @@ -210,10 +216,24 @@ static void __noreturn init_coldboot(struct sbi_scratch *scratch, u32 hartid) if (rc) sbi_hart_hang(); + /* + * Note: Finalize domains after HSM initialization so that we + * can startup non-root domains. + * Note: Finalize domains before HART PMP configuration so + * that we use correct domain for configuring PMP. + */ + rc = sbi_domain_finalize(scratch, hartid); + if (rc) + sbi_hart_hang(); + rc = sbi_hart_pmp_configure(scratch); if (rc) sbi_hart_hang(); + /* + * Note: Platform final initialization should be last so that + * it sees correct domain assignment and PMP configuration. + */ rc = sbi_platform_final_init(plat, TRUE); if (rc) sbi_hart_hang();