TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-RMM / tf-rmm / 037add6210cddb1d4fc1d02cc4ddffae9441aa1d / . / plat / host / host_cbmc / src / tb_common.c
blob: c9f786c20d002bbca9a14ebf4517ff4c07b395f2 [file] [log] [blame]
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]1/*
2 * SPDX-License-Identifier: BSD-3-Clause
3 * SPDX-FileCopyrightText: Copyright TF-RMM Contributors.
4 */
5
Mate Toth-Pala18676e2023-10-27 17:05:01 +0200[diff] [blame]6#include "granule.h"
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]7#include "host_defs.h"
8#include "host_utils.h"
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]9#include "measurement.h"
Javier Almansa Sobrino1e1781e2023-10-18 18:25:56 +0100[diff] [blame]10#include "s2tt.h"
Mate Toth-Pala18676e2023-10-27 17:05:01 +0200[diff] [blame]11#include "status.h"
12#include "string.h"
Mate Toth-Pala18676e2023-10-27 17:05:01 +0200[diff] [blame]13#include "tb_common.h"
14#include "tb_granules.h"
15#include "utils_def.h"
16
Soby Mathewbdd30ee2023-11-28 09:50:28 +0000[diff] [blame]17/* This array holds information on the injected granule's status in the GPT. */
18static enum granule_gpt granule_gpt_array[RMM_MAX_GRANULES];
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]19
20/* Declare a nondet function for registers information. */
21struct tb_regs nondet_tb_regs(void);
22
23struct tb_regs __tb_arb_regs(void)
24{
25 return nondet_tb_regs();
26}
27
28bool ResultEqual_2(unsigned int code, unsigned int expected)
29{
30 return code == expected;
31}
32
33/* TODO */
34bool ResultEqual_3(unsigned int code, unsigned int expected, unsigned int level)
35{
36 return true;
37}
38
39uint64_t Zeros(void)
40{
41 return UINT64_C(0);
42}
43
44bool __tb_arb_bool(void)
45{
46 return nondet_bool();
47}
48
49void __tb_lock_invariant(struct tb_lock_status *lock_status)
50{
51 /* TODO */
52}
53
54struct tb_lock_status __tb_lock_status(void)
55{
Mate Toth-Pala18676e2023-10-27 17:05:01 +0200[diff] [blame]56 struct tb_lock_status r = {0UL};
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]57 return r;
58}
59
60extern struct granule granules[RMM_MAX_GRANULES];
61bool used_granules_buffer[HOST_NR_GRANULES] = { 0 };
62
63bool valid_pa(uint64_t addr)
64{
65 /*
66 * NOTE: the explicit pointer to integer type cast is necessary, as CBMC
67 * check fails without it.
68 */
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]69 if (GRANULE_ALIGNED(addr) && (uint64_t)host_dram_buffer <= addr &&
70 addr < (uint64_t)host_dram_buffer + sizeof(host_dram_buffer)) {
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]71 /*
72 * Keep these assserts for sanitary check, there was situation
73 * these asserts fail possibly due to CBMC dislike type
74 * conversion between number and pointer
75 */
76 ASSERT(GRANULE_ALIGNED(addr), "internal: `_valid_pa`, addr in alignment");
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]77 ASSERT(addr >= (uint64_t)host_dram_buffer,
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]78 "internal: `_valid_pa`, addr in lower range");
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]79 ASSERT(addr < (uint64_t)host_dram_buffer + sizeof(host_dram_buffer),
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]80 "internal: `_valid_pa`, addr in upper range");
81 return true;
82 }
83 return false;
84}
85
86struct granule *pa_to_granule_metadata_ptr(uint64_t addr)
87{
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]88 uint64_t idx = (addr - (uint64_t)host_dram_buffer)/GRANULE_SIZE;
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]89
90 __ASSERT(idx >= 0, "internal: `_pa_to_granule_metadata_ptr`, addr is in lower range");
91 __ASSERT(idx < RMM_MAX_GRANULES,
92 "internal: `_pa_to_granule_metadata_ptr`, addr is in upper range");
93
94 return &granules[idx];
95}
96
Mate Toth-Pal70ae89d2024-01-11 13:47:28 +0100[diff] [blame]97void *granule_metadata_ptr_to_buffer_ptr(struct granule *g_ptr)
98{
99 if (!valid_granule_metadata_ptr(g_ptr)) {
100 return NULL;
101 }
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]102 return host_dram_buffer + (g_ptr - granules) * GRANULE_SIZE;
Mate Toth-Pal70ae89d2024-01-11 13:47:28 +0100[diff] [blame]103}
104
Mate Toth-Palc751c0d2023-11-14 16:56:41 +0100[diff] [blame]105uint64_t granule_metadata_ptr_to_pa(struct granule *g_ptr)
106{
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]107 return (uint64_t)host_dram_buffer + (g_ptr - granules) * GRANULE_SIZE;
Mate Toth-Palc751c0d2023-11-14 16:56:41 +0100[diff] [blame]108}
109
110void *pa_to_granule_buffer_ptr(uint64_t addr)
111{
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]112 __ASSERT((unsigned char *)addr - host_dram_buffer >= 0,
Mate Toth-Palc751c0d2023-11-14 16:56:41 +0100[diff] [blame]113 "internal: `_pa_to_granule_buffer_ptr`, addr is in lower range");
114 /*
115 * CBMC has difficulty doing an integer->object mapping, when the
116 * integer is the address of the expected object, and the integer is not
117 * derived from a pointer.
118 * So instead of simply returning addr we need to tell CBMC that the
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]119 * object we are looking for is in the `host_dram_buffer` array, at an
Mate Toth-Palc751c0d2023-11-14 16:56:41 +0100[diff] [blame]120 * offset. To calculate the offset we can use `addr`, and the address of
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]121 * `host_dram_buffer`.
Mate Toth-Palc751c0d2023-11-14 16:56:41 +0100[diff] [blame]122 * For details see https://github.com/diffblue/cbmc/issues/8103
123 */
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]124 return (void *)host_dram_buffer + ((unsigned char *)addr - host_dram_buffer);
Mate Toth-Palc751c0d2023-11-14 16:56:41 +0100[diff] [blame]125}
126
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]127bool valid_granule_metadata_ptr(struct granule *p)
128{
129 return p >= granules
130 && p < granules + RMM_MAX_GRANULES;
131}
132
133/*
134 * Return the first index of `number` of unused continuous indice to both
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]135 * `granules` and `host_dram_buffer` arrays.
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]136 */
137size_t next_index(void)
138{
139 size_t index = nondet_size_t();
140
141 __ASSUME(unused_index(index));
142 if (!unused_index(index)) {
143 return -1;
144 }
145
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]146 return index;
147}
148
149bool unused_index(size_t index)
150{
151 if (index < HOST_NR_GRANULES && !used_granules_buffer[index]) {
152 return true;
153 }
154 return false;
155}
156
157void init_pa_page(const void *content, size_t size)
158{
159 unsigned long index = next_index();
160 unsigned long offset = index * GRANULE_SIZE;
161
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]162 (void)memcpy(host_dram_buffer + offset, content, size);
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]163 used_granules_buffer[index] = true;
164}
165
166struct granule *inject_granule_at(const struct granule *granule_metadata,
167 const void *src_page,
168 size_t src_size,
169 size_t index)
170{
171 size_t offset = index * GRANULE_SIZE;
172
AlexeiFedorov745499d2024-04-25 16:52:44 +0100[diff] [blame]173 if (granule_unlocked_state((struct granule *)granule_metadata) ==
174 GRANULE_STATE_NS) {
Mate Toth-Palc751c0d2023-11-14 16:56:41 +0100[diff] [blame]175 /* initialise the granules as either secure or non-secure */
176 granule_gpt_array[index] = nondet_bool() ? GPT_SECURE : GPT_NS;
177 } else {
178 granule_gpt_array[index] = GPT_REALM;
179 }
180
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]181 granules[index] = *granule_metadata;
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]182 (void)memcpy(host_dram_buffer + offset, src_page, src_size);
Mate Toth-Pal83a45bd2023-09-01 11:17:19 +0200[diff] [blame]183 used_granules_buffer[index] = true;
184 return &granules[index];
185}
186
187struct granule *inject_granule(const struct granule *granule_metadata,
188 const void *src_page,
189 size_t src_size)
190{
191 size_t index = next_index();
192
193 return inject_granule_at(granule_metadata, src_page, src_size, index);
194}
195
Soby Mathewbdd30ee2023-11-28 09:50:28 +0000[diff] [blame]196enum granule_gpt get_granule_gpt(uint64_t addr)
Mate Toth-Pala18676e2023-10-27 17:05:01 +0200[diff] [blame]197{
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]198 uint64_t idx = (addr - (uint64_t)host_dram_buffer)/GRANULE_SIZE;
Mate Toth-Pala18676e2023-10-27 17:05:01 +0200[diff] [blame]199
Soby Mathewbdd30ee2023-11-28 09:50:28 +0000[diff] [blame]200 return granule_gpt_array[idx];
Mate Toth-Pala18676e2023-10-27 17:05:01 +0200[diff] [blame]201}
202
Soby Mathewbdd30ee2023-11-28 09:50:28 +0000[diff] [blame]203void set_granule_gpt(uint64_t addr, enum granule_gpt granule_gpt)
Mate Toth-Pala18676e2023-10-27 17:05:01 +0200[diff] [blame]204{
AlexeiFedorov037add62024-10-30 15:53:05 +0000[diff] [blame^]205 uint64_t idx = (addr - (uint64_t)host_dram_buffer)/GRANULE_SIZE;
Mate Toth-Pala18676e2023-10-27 17:05:01 +0200[diff] [blame]206
Soby Mathewbdd30ee2023-11-28 09:50:28 +0000[diff] [blame]207 granule_gpt_array[idx] = granule_gpt;
Mate Toth-Pala18676e2023-10-27 17:05:01 +0200[diff] [blame]208}