commit 95c3a27efab69d4f99f9732def45401aef69ffe3
author Raghu Krishnamurthy <raghu.ncstate@icloud.com> Fri Feb 26 18:09:41 2021 -0800
committer Olivier Deprez <olivier.deprez@arm.com> Fri Sep 17 10:49:44 2021 +0200
tree bdcb9d2977970eff28e26d829e4be6c3f5e0d1e9
parent 5a13c34b2ad3b975b473fd60258de60ea8fe2b14

VHE: Make api_vm_configure_pages el0 partition aware

Update api_vm_configure_pages to map rxtx buffers as accesible from user
mode and as a non-global mapping.

Change-Id: I431b0317e6c5a074eb11d93cc1e12f07efefaf37
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>

src/api.c

diff --git a/src/api.c b/src/api.c
index 5533c9b..369e40b 100644
--- a/src/api.c
+++ b/src/api.c
@@ -991,16 +991,24 @@
 	}
 
 	/* Take memory ownership away from the VM and mark as shared. */
-	if (!vm_identity_map(
-		    vm_locked, pa_send_begin, pa_send_end,
-		    MM_MODE_UNOWNED | MM_MODE_SHARED | MM_MODE_R | MM_MODE_W,
-		    local_page_pool, NULL)) {
+	uint32_t mode =
+		MM_MODE_UNOWNED | MM_MODE_SHARED | MM_MODE_R | MM_MODE_W;
+	if (vm_locked.vm->el0_partition) {
+		mode |= MM_MODE_USER | MM_MODE_NG;
+	}
+
+	if (!vm_identity_map(vm_locked, pa_send_begin, pa_send_end, mode,
+			     local_page_pool, NULL)) {
 		ret = ffa_error(FFA_NO_MEMORY);
 		goto out;
 	}
 
-	if (!vm_identity_map(vm_locked, pa_recv_begin, pa_recv_end,
-			     MM_MODE_UNOWNED | MM_MODE_SHARED | MM_MODE_R,
+	mode = MM_MODE_UNOWNED | MM_MODE_SHARED | MM_MODE_R;
+	if (vm_locked.vm->el0_partition) {
+		mode |= MM_MODE_USER | MM_MODE_NG;
+	}
+
+	if (!vm_identity_map(vm_locked, pa_recv_begin, pa_recv_end, mode,
 			     local_page_pool, NULL)) {
 		/* TODO: partial defrag of failed range. */
 		/* Recover any memory consumed in failed mapping. */
@@ -1011,6 +1019,21 @@
 	/* Get extra send/recv pages mapping attributes for the given VM ID. */
 	extra_attributes = arch_mm_extra_attributes_from_vm(vm_locked.vm->id);
 
+	/*
+	 * For EL0 partitions, since both the partition and the hypervisor code
+	 * use the EL2&0 translation regime, it is critical to mark the mappings
+	 * of the send and recv buffers as non-global in the TLB. For one, if we
+	 * dont mark it as non-global, it would cause TLB conflicts since there
+	 * would be an identity mapping with non-global attribute in the
+	 * partitions page tables, but another identity mapping in the
+	 * hypervisor page tables with the global attribute. The other issue is
+	 * one of security, we dont want other partitions to be able to access
+	 * other partitions buffers through cached translations.
+	 */
+	if (vm_locked.vm->el0_partition) {
+		extra_attributes |= MM_MODE_NG;
+	}
+
 	if (!api_vm_configure_stage1(mm_stage1_locked, vm_locked, pa_send_begin,
 				     pa_send_end, pa_recv_begin, pa_recv_end,
 				     extra_attributes, local_page_pool)) {