aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJ-Alves <joao.alves@arm.com>2020-10-23 16:00:39 +0100
committerJ-Alves <joao.alves@arm.com>2020-10-27 19:43:15 +0000
commitf3a393cbf25c37cc7d6578aec1158a59edbfa922 (patch)
tree1d42897bea94e92ef99883fef2e9fdb10821f4b4
parent3ea46d1f29807b6b2ec05d86707fe4bac7e34765 (diff)
downloadtf-a-tests-f3a393cbf25c37cc7d6578aec1158a59edbfa922.tar.gz
SPM: memory sharing functions and structures
Added structures and functions for memory sharing operations: Structures are defined according to the FFA specification; the functions encompass structures initialization helpers. Signed-off-by: J-Alves <joao.alves@arm.com> Change-Id: Ic4e6adbf4e7085a2d62373ed823934c42f539d12
-rw-r--r--include/runtime_services/ffa_helpers.h317
-rw-r--r--tftf/tests/runtime_services/secure_service/ffa_helpers.c159
2 files changed, 476 insertions, 0 deletions
diff --git a/include/runtime_services/ffa_helpers.h b/include/runtime_services/ffa_helpers.h
index 05b06b1e..e81cd138 100644
--- a/include/runtime_services/ffa_helpers.h
+++ b/include/runtime_services/ffa_helpers.h
@@ -24,6 +24,9 @@ typedef unsigned short ffa_vm_id_t;
typedef unsigned short ffa_vm_count_t;
typedef unsigned short ffa_vcpu_count_t;
typedef uint32_t ffa_int_id_t;
+typedef uint64_t ffa_memory_handle_t;
+/** Flags to indicate properties of receivers during memory region retrieval. */
+typedef uint8_t ffa_memory_receiver_flags_t;
#ifndef __ASSEMBLY__
@@ -43,6 +46,320 @@ struct ffa_partition_info {
uint32_t properties;
};
+enum ffa_data_access {
+ FFA_DATA_ACCESS_NOT_SPECIFIED,
+ FFA_DATA_ACCESS_RO,
+ FFA_DATA_ACCESS_RW,
+ FFA_DATA_ACCESS_RESERVED,
+};
+
+enum ffa_instruction_access {
+ FFA_INSTRUCTION_ACCESS_NOT_SPECIFIED,
+ FFA_INSTRUCTION_ACCESS_NX,
+ FFA_INSTRUCTION_ACCESS_X,
+ FFA_INSTRUCTION_ACCESS_RESERVED,
+};
+
+enum ffa_memory_type {
+ FFA_MEMORY_NOT_SPECIFIED_MEM,
+ FFA_MEMORY_DEVICE_MEM,
+ FFA_MEMORY_NORMAL_MEM,
+};
+
+enum ffa_memory_cacheability {
+ FFA_MEMORY_CACHE_RESERVED = 0x0,
+ FFA_MEMORY_CACHE_NON_CACHEABLE = 0x1,
+ FFA_MEMORY_CACHE_RESERVED_1 = 0x2,
+ FFA_MEMORY_CACHE_WRITE_BACK = 0x3,
+ FFA_MEMORY_DEV_NGNRNE = 0x0,
+ FFA_MEMORY_DEV_NGNRE = 0x1,
+ FFA_MEMORY_DEV_NGRE = 0x2,
+ FFA_MEMORY_DEV_GRE = 0x3,
+};
+
+enum ffa_memory_shareability {
+ FFA_MEMORY_SHARE_NON_SHAREABLE,
+ FFA_MEMORY_SHARE_RESERVED,
+ FFA_MEMORY_OUTER_SHAREABLE,
+ FFA_MEMORY_INNER_SHAREABLE,
+};
+
+typedef uint8_t ffa_memory_access_permissions_t;
+
+/**
+ * This corresponds to table "Memory region attributes descriptor" of the FF-A
+ * 1.0 specification.
+ */
+typedef uint8_t ffa_memory_attributes_t;
+
+#define FFA_DATA_ACCESS_OFFSET (0x0U)
+#define FFA_DATA_ACCESS_MASK ((0x3U) << FFA_DATA_ACCESS_OFFSET)
+
+#define FFA_INSTRUCTION_ACCESS_OFFSET (0x2U)
+#define FFA_INSTRUCTION_ACCESS_MASK ((0x3U) << FFA_INSTRUCTION_ACCESS_OFFSET)
+
+#define FFA_MEMORY_TYPE_OFFSET (0x4U)
+#define FFA_MEMORY_TYPE_MASK ((0x3U) << FFA_MEMORY_TYPE_OFFSET)
+
+#define FFA_MEMORY_CACHEABILITY_OFFSET (0x2U)
+#define FFA_MEMORY_CACHEABILITY_MASK ((0x3U) << FFA_MEMORY_CACHEABILITY_OFFSET)
+
+#define FFA_MEMORY_SHAREABILITY_OFFSET (0x0U)
+#define FFA_MEMORY_SHAREABILITY_MASK ((0x3U) << FFA_MEMORY_SHAREABILITY_OFFSET)
+
+#define ATTR_FUNCTION_SET(name, container_type, offset, mask) \
+ static inline void ffa_set_##name##_attr(container_type *attr, \
+ const enum ffa_##name perm) \
+ { \
+ *attr = (*attr & ~(mask)) | ((perm << offset) & mask); \
+ }
+
+#define ATTR_FUNCTION_GET(name, container_type, offset, mask) \
+ static inline enum ffa_##name ffa_get_##name##_attr( \
+ container_type attr) \
+ { \
+ return (enum ffa_##name)((attr & mask) >> offset); \
+ }
+
+ATTR_FUNCTION_SET(data_access, ffa_memory_access_permissions_t,
+ FFA_DATA_ACCESS_OFFSET, FFA_DATA_ACCESS_MASK)
+ATTR_FUNCTION_GET(data_access, ffa_memory_access_permissions_t,
+ FFA_DATA_ACCESS_OFFSET, FFA_DATA_ACCESS_MASK)
+
+ATTR_FUNCTION_SET(instruction_access, ffa_memory_access_permissions_t,
+ FFA_INSTRUCTION_ACCESS_OFFSET, FFA_INSTRUCTION_ACCESS_MASK)
+ATTR_FUNCTION_GET(instruction_access, ffa_memory_access_permissions_t,
+ FFA_INSTRUCTION_ACCESS_OFFSET, FFA_INSTRUCTION_ACCESS_MASK)
+
+ATTR_FUNCTION_SET(memory_type, ffa_memory_attributes_t, FFA_MEMORY_TYPE_OFFSET,
+ FFA_MEMORY_TYPE_MASK)
+ATTR_FUNCTION_GET(memory_type, ffa_memory_attributes_t, FFA_MEMORY_TYPE_OFFSET,
+ FFA_MEMORY_TYPE_MASK)
+
+ATTR_FUNCTION_SET(memory_cacheability, ffa_memory_attributes_t,
+ FFA_MEMORY_CACHEABILITY_OFFSET, FFA_MEMORY_CACHEABILITY_MASK)
+ATTR_FUNCTION_GET(memory_cacheability, ffa_memory_attributes_t,
+ FFA_MEMORY_CACHEABILITY_OFFSET, FFA_MEMORY_CACHEABILITY_MASK)
+
+ATTR_FUNCTION_SET(memory_shareability, ffa_memory_attributes_t,
+ FFA_MEMORY_SHAREABILITY_OFFSET, FFA_MEMORY_SHAREABILITY_MASK)
+ATTR_FUNCTION_GET(memory_shareability, ffa_memory_attributes_t,
+ FFA_MEMORY_SHAREABILITY_OFFSET, FFA_MEMORY_SHAREABILITY_MASK)
+
+#define FFA_MEMORY_HANDLE_ALLOCATOR_MASK \
+ ((ffa_memory_handle_t)(UINT64_C(1) << 63))
+#define FFA_MEMORY_HANDLE_ALLOCATOR_HYPERVISOR \
+ ((ffa_memory_handle_t)(UINT64_C(1) << 63))
+#define FFA_MEMORY_HANDLE_INVALID (~UINT64_C(0))
+
+/**
+ * A set of contiguous pages which is part of a memory region. This corresponds
+ * to table "Constituent memory region descriptor" of the FFA 1.0 specification.
+ */
+struct ffa_memory_region_constituent {
+ /**
+ * The base IPA of the constituent memory region, aligned to 4 kiB page
+ * size granularity.
+ */
+ void *address;
+ /** The number of 4 kiB pages in the constituent memory region. */
+ uint32_t page_count;
+ /** Reserved field, must be 0. */
+ uint32_t reserved;
+};
+
+/**
+ * A set of pages comprising a memory region. This corresponds to table
+ * "Composite memory region descriptor" of the FFA 1.0 specification.
+ */
+struct ffa_composite_memory_region {
+ /**
+ * The total number of 4 kiB pages included in this memory region. This
+ * must be equal to the sum of page counts specified in each
+ * `ffa_memory_region_constituent`.
+ */
+ uint32_t page_count;
+ /**
+ * The number of constituents (`ffa_memory_region_constituent`)
+ * included in this memory region range.
+ */
+ uint32_t constituent_count;
+ /** Reserved field, must be 0. */
+ uint64_t reserved_0;
+ /** An array of `constituent_count` memory region constituents. */
+ struct ffa_memory_region_constituent constituents[];
+};
+
+/**
+ * This corresponds to table "Memory access permissions descriptor" of the FFA
+ * 1.0 specification.
+ */
+struct ffa_memory_region_attributes {
+ /** The ID of the VM to which the memory is being given or shared. */
+ ffa_vm_id_t receiver;
+ /**
+ * The permissions with which the memory region should be mapped in the
+ * receiver's page table.
+ */
+ ffa_memory_access_permissions_t permissions;
+ /**
+ * Flags used during FFA_MEM_RETRIEVE_REQ and FFA_MEM_RETRIEVE_RESP
+ * for memory regions with multiple borrowers.
+ */
+ ffa_memory_receiver_flags_t flags;
+};
+
+/** Flags to control the behaviour of a memory sharing transaction. */
+typedef uint32_t ffa_memory_region_flags_t;
+
+/**
+ * Clear memory region contents after unmapping it from the sender and before
+ * mapping it for any receiver.
+ */
+#define FFA_MEMORY_REGION_FLAG_CLEAR 0x1U
+
+/**
+ * Whether the hypervisor may time slice the memory sharing or retrieval
+ * operation.
+ */
+#define FFA_MEMORY_REGION_FLAG_TIME_SLICE 0x2U
+
+/**
+ * Whether the hypervisor should clear the memory region after the receiver
+ * relinquishes it or is aborted.
+ */
+#define FFA_MEMORY_REGION_FLAG_CLEAR_RELINQUISH 0x4U
+
+#define FFA_MEMORY_REGION_TRANSACTION_TYPE_MASK ((0x3U) << 3)
+#define FFA_MEMORY_REGION_TRANSACTION_TYPE_UNSPECIFIED ((0x0U) << 3)
+#define FFA_MEMORY_REGION_TRANSACTION_TYPE_SHARE ((0x1U) << 3)
+#define FFA_MEMORY_REGION_TRANSACTION_TYPE_LEND ((0x2U) << 3)
+#define FFA_MEMORY_REGION_TRANSACTION_TYPE_DONATE ((0x3U) << 3)
+
+/**
+ * This corresponds to table "Endpoint memory access descriptor" of the FFA 1.0
+ * specification.
+ */
+struct ffa_memory_access {
+ struct ffa_memory_region_attributes receiver_permissions;
+ /**
+ * Offset in bytes from the start of the outer `ffa_memory_region` to
+ * an `ffa_composite_memory_region` struct.
+ */
+ uint32_t composite_memory_region_offset;
+ uint64_t reserved_0;
+};
+
+/**
+ * Information about a set of pages which are being shared. This corresponds to
+ * table "Lend, donate or share memory transaction descriptor" of the FFA
+ * 1.0 specification. Note that it is also used for retrieve requests and
+ * responses.
+ */
+struct ffa_memory_region {
+ /**
+ * The ID of the VM which originally sent the memory region, i.e. the
+ * owner.
+ */
+ ffa_vm_id_t sender;
+ ffa_memory_attributes_t attributes;
+ /** Reserved field, must be 0. */
+ uint8_t reserved_0;
+ /** Flags to control behaviour of the transaction. */
+ ffa_memory_region_flags_t flags;
+ ffa_memory_handle_t handle;
+ /**
+ * An implementation defined value associated with the receiver and the
+ * memory region.
+ */
+ uint64_t tag;
+ /** Reserved field, must be 0. */
+ uint32_t reserved_1;
+ /**
+ * The number of `ffa_memory_access` entries included in this
+ * transaction.
+ */
+ uint32_t receiver_count;
+ /**
+ * An array of `attribute_count` endpoint memory access descriptors.
+ * Each one specifies a memory region offset, an endpoint and the
+ * attributes with which this memory region should be mapped in that
+ * endpoint's page table.
+ */
+ struct ffa_memory_access receivers[];
+};
+
+/**
+ * Descriptor used for FFA_MEM_RELINQUISH requests. This corresponds to table
+ * "Descriptor to relinquish a memory region" of the FFA 1.0 specification.
+ */
+struct ffa_mem_relinquish {
+ ffa_memory_handle_t handle;
+ ffa_memory_region_flags_t flags;
+ uint32_t endpoint_count;
+ ffa_vm_id_t endpoints[];
+};
+
+static inline ffa_memory_handle_t ffa_assemble_handle(uint32_t h1, uint32_t h2)
+{
+ return (uint64_t)h1 | (uint64_t)h2 << 32;
+}
+
+static inline ffa_memory_handle_t ffa_mem_success_handle(smc_ret_values r)
+{
+ return ffa_assemble_handle(r.ret2, r.ret3);
+}
+
+/**
+ * Gets the `ffa_composite_memory_region` for the given receiver from an
+ * `ffa_memory_region`, or NULL if it is not valid.
+ */
+static inline struct ffa_composite_memory_region *
+ffa_memory_region_get_composite(struct ffa_memory_region *memory_region,
+ uint32_t receiver_index)
+{
+ uint32_t offset = memory_region->receivers[receiver_index]
+ .composite_memory_region_offset;
+
+ if (offset == 0) {
+ return NULL;
+ }
+
+ return (struct ffa_composite_memory_region *)((uint8_t *)memory_region +
+ offset);
+}
+
+static inline uint32_t ffa_mem_relinquish_init(
+ struct ffa_mem_relinquish *relinquish_request,
+ ffa_memory_handle_t handle, ffa_memory_region_flags_t flags,
+ ffa_vm_id_t sender)
+{
+ relinquish_request->handle = handle;
+ relinquish_request->flags = flags;
+ relinquish_request->endpoint_count = 1;
+ relinquish_request->endpoints[0] = sender;
+ return sizeof(struct ffa_mem_relinquish) + sizeof(ffa_vm_id_t);
+}
+
+uint32_t ffa_memory_retrieve_request_init(
+ struct ffa_memory_region *memory_region, ffa_memory_handle_t handle,
+ ffa_vm_id_t sender, ffa_vm_id_t receiver, uint32_t tag,
+ ffa_memory_region_flags_t flags, enum ffa_data_access data_access,
+ enum ffa_instruction_access instruction_access,
+ enum ffa_memory_type type, enum ffa_memory_cacheability cacheability,
+ enum ffa_memory_shareability shareability);
+
+uint32_t ffa_memory_region_init(
+ struct ffa_memory_region *memory_region, size_t memory_region_max_size,
+ ffa_vm_id_t sender, ffa_vm_id_t receiver,
+ const struct ffa_memory_region_constituent constituents[],
+ uint32_t constituent_count, uint32_t tag,
+ ffa_memory_region_flags_t flags, enum ffa_data_access data_access,
+ enum ffa_instruction_access instruction_access,
+ enum ffa_memory_type type, enum ffa_memory_cacheability cacheability,
+ enum ffa_memory_shareability shareability, uint32_t *total_length,
+ uint32_t *fragment_length);
+
/*
* TODO: In the future this file should be placed in a common folder, and not
* under tftf. The functions in this file are also used by SPs for SPM tests.
diff --git a/tftf/tests/runtime_services/secure_service/ffa_helpers.c b/tftf/tests/runtime_services/secure_service/ffa_helpers.c
index 5690f421..a17b01a9 100644
--- a/tftf/tests/runtime_services/secure_service/ffa_helpers.c
+++ b/tftf/tests/runtime_services/secure_service/ffa_helpers.c
@@ -155,6 +155,165 @@ bool check_spmc_execution_level(void)
return (is_optee_spmc_criteria == 2U);
}
+/**
+ * Initialises the header of the given `ffa_memory_region`, not including the
+ * composite memory region offset.
+ */
+static void ffa_memory_region_init_header(
+ struct ffa_memory_region *memory_region, ffa_vm_id_t sender,
+ ffa_memory_attributes_t attributes, ffa_memory_region_flags_t flags,
+ ffa_memory_handle_t handle, uint32_t tag, ffa_vm_id_t receiver,
+ ffa_memory_access_permissions_t permissions)
+{
+ memory_region->sender = sender;
+ memory_region->attributes = attributes;
+ memory_region->reserved_0 = 0;
+ memory_region->flags = flags;
+ memory_region->handle = handle;
+ memory_region->tag = tag;
+ memory_region->reserved_1 = 0;
+ memory_region->receiver_count = 1;
+ memory_region->receivers[0].receiver_permissions.receiver = receiver;
+ memory_region->receivers[0].receiver_permissions.permissions =
+ permissions;
+ memory_region->receivers[0].receiver_permissions.flags = 0;
+ memory_region->receivers[0].reserved_0 = 0;
+}
+
+/**
+ * Initialises the given `ffa_memory_region` and copies as many as possible of
+ * the given constituents to it.
+ *
+ * Returns the number of constituents remaining which wouldn't fit, and (via
+ * return parameters) the size in bytes of the first fragment of data copied to
+ * `memory_region` (attributes, constituents and memory region header size), and
+ * the total size of the memory sharing message including all constituents.
+ */
+uint32_t ffa_memory_region_init(
+ struct ffa_memory_region *memory_region, size_t memory_region_max_size,
+ ffa_vm_id_t sender, ffa_vm_id_t receiver,
+ const struct ffa_memory_region_constituent constituents[],
+ uint32_t constituent_count, uint32_t tag,
+ ffa_memory_region_flags_t flags, enum ffa_data_access data_access,
+ enum ffa_instruction_access instruction_access,
+ enum ffa_memory_type type, enum ffa_memory_cacheability cacheability,
+ enum ffa_memory_shareability shareability, uint32_t *total_length,
+ uint32_t *fragment_length)
+{
+ ffa_memory_access_permissions_t permissions = 0;
+ ffa_memory_attributes_t attributes = 0;
+ struct ffa_composite_memory_region *composite_memory_region;
+ uint32_t fragment_max_constituents;
+ uint32_t count_to_copy;
+ uint32_t i;
+ uint32_t constituents_offset;
+
+ /* Set memory region's permissions. */
+ ffa_set_data_access_attr(&permissions, data_access);
+ ffa_set_instruction_access_attr(&permissions, instruction_access);
+
+ /* Set memory region's page attributes. */
+ ffa_set_memory_type_attr(&attributes, type);
+ ffa_set_memory_cacheability_attr(&attributes, cacheability);
+ ffa_set_memory_shareability_attr(&attributes, shareability);
+
+ ffa_memory_region_init_header(memory_region, sender, attributes, flags,
+ 0, tag, receiver, permissions);
+ /*
+ * Note that `sizeof(struct_ffa_memory_region)` and `sizeof(struct
+ * ffa_memory_access)` must both be multiples of 16 (as verified by the
+ * asserts in `ffa_memory.c`, so it is guaranteed that the offset we
+ * calculate here is aligned to a 64-bit boundary and so 64-bit values
+ * can be copied without alignment faults.
+ */
+ memory_region->receivers[0].composite_memory_region_offset =
+ sizeof(struct ffa_memory_region) +
+ memory_region->receiver_count *
+ sizeof(struct ffa_memory_access);
+
+ composite_memory_region =
+ ffa_memory_region_get_composite(memory_region, 0);
+ composite_memory_region->page_count = 0;
+ composite_memory_region->constituent_count = constituent_count;
+ composite_memory_region->reserved_0 = 0;
+
+ constituents_offset =
+ memory_region->receivers[0].composite_memory_region_offset +
+ sizeof(struct ffa_composite_memory_region);
+ fragment_max_constituents =
+ (memory_region_max_size - constituents_offset) /
+ sizeof(struct ffa_memory_region_constituent);
+
+ count_to_copy = constituent_count;
+ if (count_to_copy > fragment_max_constituents) {
+ count_to_copy = fragment_max_constituents;
+ }
+
+ for (i = 0; i < constituent_count; ++i) {
+ if (i < count_to_copy) {
+ composite_memory_region->constituents[i] =
+ constituents[i];
+ }
+ composite_memory_region->page_count +=
+ constituents[i].page_count;
+ }
+
+ if (total_length != NULL) {
+ *total_length =
+ constituents_offset +
+ composite_memory_region->constituent_count *
+ sizeof(struct ffa_memory_region_constituent);
+ }
+ if (fragment_length != NULL) {
+ *fragment_length =
+ constituents_offset +
+ count_to_copy *
+ sizeof(struct ffa_memory_region_constituent);
+ }
+
+ return composite_memory_region->constituent_count - count_to_copy;
+}
+
+/**
+ * Initialises the given `ffa_memory_region` to be used for an
+ * `FFA_MEM_RETRIEVE_REQ` by the receiver of a memory transaction.
+ *
+ * Returns the size of the message written.
+ */
+uint32_t ffa_memory_retrieve_request_init(
+ struct ffa_memory_region *memory_region, ffa_memory_handle_t handle,
+ ffa_vm_id_t sender, ffa_vm_id_t receiver, uint32_t tag,
+ ffa_memory_region_flags_t flags, enum ffa_data_access data_access,
+ enum ffa_instruction_access instruction_access,
+ enum ffa_memory_type type, enum ffa_memory_cacheability cacheability,
+ enum ffa_memory_shareability shareability)
+{
+ ffa_memory_access_permissions_t permissions = 0;
+ ffa_memory_attributes_t attributes = 0;
+
+ /* Set memory region's permissions. */
+ ffa_set_data_access_attr(&permissions, data_access);
+ ffa_set_instruction_access_attr(&permissions, instruction_access);
+
+ /* Set memory region's page attributes. */
+ ffa_set_memory_type_attr(&attributes, type);
+ ffa_set_memory_cacheability_attr(&attributes, cacheability);
+ ffa_set_memory_shareability_attr(&attributes, shareability);
+
+ ffa_memory_region_init_header(memory_region, sender, attributes, flags,
+ handle, tag, receiver, permissions);
+ /*
+ * Offset 0 in this case means that the hypervisor should allocate the
+ * address ranges. This is the only configuration supported by Hafnium,
+ * as it enforces 1:1 mappings in the stage 2 page tables.
+ */
+ memory_region->receivers[0].composite_memory_region_offset = 0;
+ memory_region->receivers[0].reserved_0 = 0;
+
+ return sizeof(struct ffa_memory_region) +
+ memory_region->receiver_count * sizeof(struct ffa_memory_access);
+}
+
/*
* FFA Version ABI helper.
* Version fields: