From patchwork Wed Jul 12 04:34:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Himanshu Chauhan X-Patchwork-Id: 1806594 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=NRZxLhGu; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ventanamicro.com header.i=@ventanamicro.com header.a=rsa-sha256 header.s=google header.b=GViF8/gw; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R14fc1Dhqz20b9 for ; Wed, 12 Jul 2023 14:35:20 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=dSx5M6h4jHhGBE0vPs/V8XcNOwMhNIMb5UmFl5ZnroQ=; b=NRZxLhGuPSEweA dfsOYetrFf7o6LkAWuyJhEUcF+gN+u1jyoRq2sGzlrGdwk7r/YNSohuDJoy3WHSE8GBWv8zBrBprM mhv5TImjT6oFExSzgv5iCxsfZwBcRwLV/eUUHBKKBxOD0JVjOVxnFWqZWX+ojpoSKZzSmo9HWQcqP NdMx4Klo3NQhMx8PjyT0SmM07FhDVQNHCG9WTjHZwI9RTjjOduSeJzlg75I5ZHJUOrrzMihypaJtO 6Z4FabdWwYET0Rjv/RjuLKfKX7zBFuc0xg8nTWpVZqwl692YbVMMtZV8AvvpBPDNWN1qhrOxJZznP +b5hcigcUr7rilgzafsw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qJRZB-00GUwK-0a; Wed, 12 Jul 2023 04:35:05 +0000 Received: from mail-pg1-x52e.google.com ([2607:f8b0:4864:20::52e]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qJRZ7-00GUst-2L for opensbi@lists.infradead.org; Wed, 12 Jul 2023 04:35:03 +0000 Received: by mail-pg1-x52e.google.com with SMTP id 41be03b00d2f7-55acbe0c7e4so536222a12.0 for ; Tue, 11 Jul 2023 21:35:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ventanamicro.com; s=google; t=1689136500; x=1689741300; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4QeLOMAisRZ0w8/L4Zo++tyRZ+BYyNk00WOOyfsyshs=; b=GViF8/gwLQm4JJvCcN6ic6kupVOivslVbjTORtM0DWkYqG2hqPjfV8Pv/7//n5HjaJ bVFIY+8rKcxf68/d1pPYxGLrEvideIbXHYwZiYJALgcKPWElQvtT+SH1itWc0CRPWCKw N9jTqRN0Atl/Uas1oPmGRMHKIN/9cWtJePcuJMinGgIPmTgIL0yHbutwSjocbsuQwHBj FXHLgd7d2jcAxFpyF2rAk1kXARXBowyw2AtBxh6U31us+3c1GMoj8xytAPX8/rseVnRy Frz/B4dtkxDG6Yt4tYaAttkSpw7OpQso0rBEdk+gz55tzGtXyETrzS7/0oa0dqQWpRcB banQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689136500; x=1689741300; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4QeLOMAisRZ0w8/L4Zo++tyRZ+BYyNk00WOOyfsyshs=; b=luBuayERZ+FTwsLnlqAhyaloaVfV2aLmF6fb+54z1chmyVSbSoMZ3md2D3EEkP6q4l 8FEUVwMq8pzg9SfKJPaPmZPNz4RA2g98/ZVUC0X7F9kh3MY5Yl9m2XR9JuohxaM/edbV LrvcFNtxAo46yC66zzPXRjWFp28R9/5AuAKQ2CjwBtiZRyLdgBzMdV5k/j0KC8BiKPv4 wq3BudJAEysGEnuWbs/NHA0KeRTbL3FTT50aHzgzHOgxP2mbwsXsJlqSewV3bN+W+9vR h2We0Bf3xgWWvWfwsZ2o+ViHQjutSzb240er5SDXuRF2hRIiUgf7pp8Xpb3B5i/kuCb/ UF1w== X-Gm-Message-State: ABy/qLb+WRhVMP1KS4mYSwNGlH9gVqnQYQRsO9G/zDqo4TYpdXZDgXXf xccGaDy4UCObpZQBBJoYrBeFoo1lkyMiRAi8sJY= X-Google-Smtp-Source: APBJJlGS5DOurGWF3lmgJT5tKNQ4mqpv38J8HjyXwqPN2nnp2MaSKcHKErIWcFhXt/GFJeWoYVJKiw== X-Received: by 2002:a17:90b:1c0c:b0:262:f76d:b29c with SMTP id oc12-20020a17090b1c0c00b00262f76db29cmr18917004pjb.2.1689136499881; Tue, 11 Jul 2023 21:34:59 -0700 (PDT) Received: from saptrishi.. ([2409:40f2:101d:c560:cb32:f5f5:1d86:260a]) by smtp.gmail.com with ESMTPSA id ix13-20020a170902f80d00b001b896686c78sm2806152plb.66.2023.07.11.21.34.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Jul 2023 21:34:59 -0700 (PDT) From: Himanshu Chauhan To: opensbi@lists.infradead.org Cc: Himanshu Chauhan Subject: [PATCH v3 07/10] lib: sbi: Add support for Smepmp Date: Wed, 12 Jul 2023 10:04:33 +0530 Message-Id: <20230712043436.100548-8-hchauhan@ventanamicro.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230712043436.100548-1-hchauhan@ventanamicro.com> References: <20230706104928.3391947-1-hchauhan@ventanamicro.com> <20230712043436.100548-1-hchauhan@ventanamicro.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230711_213501_771704_278D61BC X-CRM114-Status: GOOD ( 25.88 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: - If Smepmp is enabled, the access flags of an entry are determined based on truth table defined in Smepmp. - First PMP entry (index 0) is reserved. - Existing boot PMP entries start from index 1. - S [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:52e listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: opensbi@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "opensbi" Errors-To: opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org - If Smepmp is enabled, the access flags of an entry are determined based on truth table defined in Smepmp. - First PMP entry (index 0) is reserved. - Existing boot PMP entries start from index 1. - Since enabling Smepmp revokes the access privileges of the M-mode software on S/U-mode region, first PMP entry is used to map/unmap the shared memory between M and S/U-mode. This allows a temporary access window for the M-mode software to read/write to S/U-mode memory region. Signed-off-by: Himanshu Chauhan Reviewed-by: Anup Patel --- include/sbi/sbi_hart.h | 15 +++++ lib/sbi/sbi_hart.c | 132 +++++++++++++++++++++++++++++++++++------ 2 files changed, 128 insertions(+), 19 deletions(-) diff --git a/include/sbi/sbi_hart.h b/include/sbi/sbi_hart.h index 8b0e896..1b78343 100644 --- a/include/sbi/sbi_hart.h +++ b/include/sbi/sbi_hart.h @@ -45,6 +45,21 @@ enum sbi_hart_extensions { SBI_HART_EXT_MAX, }; +/* + * Smepmp enforces access boundaries between M-mode and + * S/U-mode. When it is enabled, the PMPs are programmed + * such that M-mode doesn't have access to S/U-mode memory. + * + * To give M-mode R/W access to the shared memory between M and + * S/U-mode, first entry is reserved. It is disabled at boot. + * When shared memory access is required, the physical address + * should be programmed into the first PMP entry with R/W + * permissions to the M-mode. Once the work is done, it should be + * unmapped. sbi_hart_map_saddr/sbi_hart_unmap_saddr function + * pair should be used to map/unmap the shared memory. + */ +#define SBI_SMEPMP_RESV_ENTRY 0 + struct sbi_hart_features { bool detected; int priv_version; diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c index 4dfa170..c816f80 100644 --- a/lib/sbi/sbi_hart.c +++ b/lib/sbi/sbi_hart.c @@ -284,11 +284,75 @@ unsigned int sbi_hart_mhpm_bits(struct sbi_scratch *scratch) return hfeatures->mhpm_bits; } +/* + * Returns Smepmp flags for a given domain and region based on permissions. + */ +unsigned int sbi_hart_get_smepmp_flags(struct sbi_scratch *scratch, + struct sbi_domain *dom, + struct sbi_domain_memregion *reg) +{ + unsigned int pmp_flags = 0; + + if (SBI_DOMAIN_MEMREGION_IS_SHARED(reg->flags)) { + /* Read only for both M and SU modes */ + if (SBI_DOMAIN_MEMREGION_IS_SUR_MR(reg->flags)) + pmp_flags = (PMP_R | PMP_W | PMP_X); + + /* Execute for SU but Read/Execute for M mode */ + else if (SBI_DOMAIN_MEMREGION_IS_SUX_MRX(reg->flags)) + /* locked region */ + pmp_flags = (PMP_L | PMP_W | PMP_X); + + /* Execute only for both M and SU modes */ + else if (SBI_DOMAIN_MEMREGION_IS_SUX_MX(reg->flags)) + pmp_flags = (PMP_L | PMP_W); + + /* Read/Write for both M and SU modes */ + else if (SBI_DOMAIN_MEMREGION_IS_SURW_MRW(reg->flags)) + pmp_flags = (PMP_W | PMP_X); + + /* Read only for SU mode but Read/Write for M mode */ + else if (SBI_DOMAIN_MEMREGION_IS_SUR_MRW(reg->flags)) + pmp_flags = (PMP_W); + } else if (SBI_DOMAIN_MEMREGION_M_ONLY_ACCESS(reg->flags)) { + /* + * When smepmp is supported and used, M region cannot have RWX + * permissions on any region. + */ + if ((reg->flags & SBI_DOMAIN_MEMREGION_M_ACCESS_MASK) + == SBI_DOMAIN_MEMREGION_M_RWX) { + sbi_printf("%s: M-mode only regions cannot have" + "RWX permissions\n", __func__); + return 0; + } + + /* M-mode only access regions are always locked */ + pmp_flags |= PMP_L; + + if (reg->flags & SBI_DOMAIN_MEMREGION_M_READABLE) + pmp_flags |= PMP_R; + if (reg->flags & SBI_DOMAIN_MEMREGION_M_WRITABLE) + pmp_flags |= PMP_W; + if (reg->flags & SBI_DOMAIN_MEMREGION_M_EXECUTABLE) + pmp_flags |= PMP_X; + } else if (SBI_DOMAIN_MEMREGION_SU_ONLY_ACCESS(reg->flags)) { + if (reg->flags & SBI_DOMAIN_MEMREGION_SU_READABLE) + pmp_flags |= PMP_R; + if (reg->flags & SBI_DOMAIN_MEMREGION_SU_WRITABLE) + pmp_flags |= PMP_W; + if (reg->flags & SBI_DOMAIN_MEMREGION_SU_EXECUTABLE) + pmp_flags |= PMP_X; + } + + return pmp_flags; +} + int sbi_hart_pmp_configure(struct sbi_scratch *scratch) { struct sbi_domain_memregion *reg; struct sbi_domain *dom = sbi_domain_thishart_ptr(); - unsigned int pmp_idx = 0, pmp_flags, pmp_bits, pmp_gran_log2; + unsigned int pmp_idx = 0; + unsigned int pmp_flags, pmp_bits, pmp_gran_log2; unsigned int pmp_count = sbi_hart_pmp_count(scratch); unsigned long pmp_addr = 0, pmp_addr_max = 0; @@ -299,36 +363,66 @@ int sbi_hart_pmp_configure(struct sbi_scratch *scratch) pmp_bits = sbi_hart_pmp_addrbits(scratch) - 1; pmp_addr_max = (1UL << pmp_bits) | ((1UL << pmp_bits) - 1); + if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SMEPMP)) { + /* Reserve first entry for dynamic shared mappings */ + pmp_idx = SBI_SMEPMP_RESV_ENTRY + 1; + + /* + * Set the RLB now so that, we can write to entries + * even if some entries are locked. + */ + csr_write(CSR_MSECCFG, MSECCFG_RLB); + + /* Disable the reserved entry */ + pmp_disable(SBI_SMEPMP_RESV_ENTRY); + } + sbi_domain_for_each_memregion(dom, reg) { if (pmp_count <= pmp_idx) break; pmp_flags = 0; - /* - * If permissions are to be enforced for all modes on this - * region, the lock bit should be set. - */ - if (reg->flags & SBI_DOMAIN_MEMREGION_ENF_PERMISSIONS) - pmp_flags |= PMP_L; - - if (reg->flags & SBI_DOMAIN_MEMREGION_SU_READABLE) - pmp_flags |= PMP_R; - if (reg->flags & SBI_DOMAIN_MEMREGION_SU_WRITABLE) - pmp_flags |= PMP_W; - if (reg->flags & SBI_DOMAIN_MEMREGION_SU_EXECUTABLE) - pmp_flags |= PMP_X; + if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SMEPMP)) { + pmp_flags = sbi_hart_get_smepmp_flags(scratch, dom, reg); + + if (pmp_flags == 0) + return 0; + } else { + /* + * If permissions are to be enforced for all modes on + * this region, the lock bit should be set. + */ + if (reg->flags & SBI_DOMAIN_MEMREGION_ENF_PERMISSIONS) + pmp_flags |= PMP_L; + + if (reg->flags & SBI_DOMAIN_MEMREGION_SU_READABLE) + pmp_flags |= PMP_R; + if (reg->flags & SBI_DOMAIN_MEMREGION_SU_WRITABLE) + pmp_flags |= PMP_W; + if (reg->flags & SBI_DOMAIN_MEMREGION_SU_EXECUTABLE) + pmp_flags |= PMP_X; + } pmp_addr = reg->base >> PMP_SHIFT; - if (pmp_gran_log2 <= reg->order && pmp_addr < pmp_addr_max) + if (pmp_gran_log2 <= reg->order && pmp_addr < pmp_addr_max) { pmp_set(pmp_idx++, pmp_flags, reg->base, reg->order); - else { - sbi_printf("Can not configure pmp for domain %s", dom->name); - sbi_printf(" because memory region address %lx or size %lx is not in range\n", - reg->base, reg->order); + } else { + sbi_printf("Can not configure pmp for domain %s because" + " memory region address 0x%lx or size 0x%lx " + "is not in range.\n", dom->name, reg->base, + reg->order); } } + if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SMEPMP)) { + /* + * All entries are programmed. Enable MML bit. + * Keep the RLB bit so that dynamic mappings can be done. + */ + csr_write(CSR_MSECCFG, (MSECCFG_RLB | MSECCFG_MML)); + } + /* * As per section 3.7.2 of privileged specification v1.12, * virtual address translations can be speculatively performed