TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 07a69ab823592dc73724dc869f55c77c62fa45be / . / inc / hf / ffa_memory_internal.h
blob: c373ad74ff6615471577225f7fc69adb964505b6 [file] [log] [blame]
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]1/*
2 * Copyright 2022 The Hafnium Authors.
3 *
4 * Use of this source code is governed by a BSD-style
5 * license that can be found in the LICENSE file or at
6 * https://opensource.org/licenses/BSD-3-Clause.
7 */
8
9/**
10 * The maximum number of memory sharing handles which may be active at once. A
11 * DONATE handle is active from when it is sent to when it is retrieved; a SHARE
12 * or LEND handle is active from when it is sent to when it is reclaimed.
13 */
J-Alves460d36c2023-10-12 17:02:15 +0100[diff] [blame]14#pragma once
15
Karl Meakin07a69ab2025-02-07 14:53:19 +0000[diff] [blame^]16#include "hf/mm.h"
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]17#define MAX_MEM_SHARES 100
18
J-Alvesd15905d2023-02-20 11:52:37 +0000[diff] [blame]19#include <stdbool.h>
20#include <stdint.h>
21
22#include "hf/check.h"
23#include "hf/ffa_memory.h"
Karl Meakin84710f32023-10-12 15:14:49 +0100[diff] [blame]24#include "hf/ffa_v1_0.h"
J-Alvesd15905d2023-02-20 11:52:37 +0000[diff] [blame]25#include "hf/mpool.h"
26#include "hf/vm.h"
27
28#include "vmapi/hf/ffa.h"
29
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]30/**
31 * The maximum number of fragments into which a memory sharing message may be
32 * broken.
33 */
34#define MAX_FRAGMENTS 20
35
36static_assert(sizeof(struct ffa_memory_region_constituent) % 16 == 0,
37 "struct ffa_memory_region_constituent must be a multiple of 16 "
38 "bytes long.");
39static_assert(sizeof(struct ffa_composite_memory_region) % 16 == 0,
40 "struct ffa_composite_memory_region must be a multiple of 16 "
41 "bytes long.");
42static_assert(sizeof(struct ffa_memory_region_attributes) == 4,
43 "struct ffa_memory_region_attributes must be 4 bytes long.");
44static_assert(sizeof(struct ffa_memory_access) % 16 == 0,
45 "struct ffa_memory_access must be a multiple of 16 bytes long.");
46static_assert(sizeof(struct ffa_memory_region) % 16 == 0,
47 "struct ffa_memory_region must be a multiple of 16 bytes long.");
48static_assert(sizeof(struct ffa_mem_relinquish) % 16 == 0,
49 "struct ffa_mem_relinquish must be a multiple of 16 "
50 "bytes long.");
Karl Meakin95f0e602024-03-07 17:23:26 +0000[diff] [blame]51static_assert(sizeof((struct ffa_memory_region){0}.receiver_count) == 4,
Demi Marie Obenourd4677412023-02-03 20:35:12 -0500[diff] [blame]52 "struct ffa_memory_region::receiver_count must be 4 bytes long");
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]53
Karl Meakin0fd67292024-02-06 17:33:05 +0000[diff] [blame]54static_assert(sizeof(struct ffa_features_rxtx_map_params) == 4,
55 "struct ffa_features_rxtx_map_params must be 4 "
56 "bytes long");
57
Karl Meakin84710f32023-10-12 15:14:49 +0100[diff] [blame]58static_assert(sizeof(ffa_memory_access_permissions_t) == 1,
59 "ffa_memory_access_permissions_t must be 1 byte wide");
60static_assert(sizeof(ffa_memory_attributes_t) == 2,
61 "ffa_memory_attributes_t must be 2 bytes wide");
62static_assert(sizeof(ffa_memory_attributes_v1_0) == 1,
63 "ffa_memory_attributes_v1_0 must be 1 byte wide");
64
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]65struct ffa_memory_share_state {
66 /**
67 * The memory region being shared, or NULL if this share state is
68 * unallocated.
69 */
70 struct ffa_memory_region *memory_region;
71
72 struct ffa_memory_region_constituent *fragments[MAX_FRAGMENTS];
73
74 /** The number of constituents in each fragment. */
75 uint32_t fragment_constituent_counts[MAX_FRAGMENTS];
76
77 /**
78 * The number of valid elements in the `fragments` and
79 * `fragment_constituent_counts` arrays.
80 */
81 uint32_t fragment_count;
82
83 /**
84 * The FF-A function used for sharing the memory. Must be one of
85 * FFA_MEM_DONATE_32, FFA_MEM_LEND_32 or FFA_MEM_SHARE_32 if the
86 * share state is allocated, or 0.
87 */
88 uint32_t share_func;
89
90 /**
91 * The sender's original mode before invoking the FF-A function for
92 * sharing the memory.
93 * This is used to reset the original configuration when sender invokes
94 * FFA_MEM_RECLAIM_32.
95 */
Karl Meakin07a69ab2025-02-07 14:53:19 +0000[diff] [blame^]96 mm_mode_t sender_orig_mode;
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]97
98 /**
99 * True if all the fragments of this sharing request have been sent and
100 * Hafnium has updated the sender page table accordingly.
101 */
102 bool sending_complete;
103
104 /**
105 * How many fragments of the memory region each recipient has retrieved
106 * so far. The order of this array matches the order of the endpoint
107 * memory access descriptors in the memory region descriptor. Any
108 * entries beyond the receiver_count will always be 0.
109 */
110 uint32_t retrieved_fragment_count[MAX_MEM_SHARE_RECIPIENTS];
111
112 /**
113 * Field for the SPMC to keep track of how many fragments of the memory
114 * region the hypervisor has managed to retrieve, using a
115 * `hypervisor retrieve request`, as defined by FF-A v1.1 EAC0
116 * specification.
117 */
118 uint32_t hypervisor_fragment_count;
J-Alves460d36c2023-10-12 17:02:15 +0100[diff] [blame]119
120 /*
121 * Record whether memory has been protected through the platform
122 * specific means. Used for linking map action on memory send to memory
123 * action on reclaim. I.e. if as a result of memory lend/donate the
124 * memory has been protected, this will be used to reset memory's state,
125 * by unprotecting on reclaim when the sender reestablishes its
126 * ownership and exclusive access.
127 */
128 bool memory_protected;
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]129};
130
131/**
J-Alves0a83dc22023-05-05 09:50:37 +0100[diff] [blame]132 * Actions that can be taken by function `ffa_region_group_identity_map`.
133 */
134enum ffa_map_action {
J-Alves69cdfd92024-04-26 11:40:59 +0100[diff] [blame]135 MAP_ACTION_NONE,
J-Alves0a83dc22023-05-05 09:50:37 +0100[diff] [blame]136 MAP_ACTION_CHECK,
137 MAP_ACTION_CHECK_PROTECT,
138 MAP_ACTION_COMMIT,
139 MAP_ACTION_COMMIT_UNPROTECT,
140 MAP_ACTION_MAX,
141};
142
143/**
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]144 * Encapsulates the set of share states while the `share_states_lock` is held.
145 */
146struct share_states_locked {
147 struct ffa_memory_share_state *share_states;
148};
149
Karl Meakin52cdfe72023-06-30 14:49:10 +0100[diff] [blame]150struct ffa_memory_share_state *allocate_share_state(
151 struct share_states_locked share_states, uint32_t share_func,
152 struct ffa_memory_region *memory_region, uint32_t fragment_length,
153 ffa_memory_handle_t handle);
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]154struct share_states_locked share_states_lock(void);
155void share_states_unlock(struct share_states_locked *share_states);
Karl Meakin4a2854a2023-06-30 16:26:52 +0100[diff] [blame]156struct ffa_memory_share_state *get_share_state(
157 struct share_states_locked share_states, ffa_memory_handle_t handle);
J-Alvesfdd29272022-07-19 13:16:31 +0100[diff] [blame]158void share_state_free(struct share_states_locked share_states,
159 struct ffa_memory_share_state *share_state,
160 struct mpool *page_pool);
161uint32_t share_state_next_fragment_offset(
162 struct share_states_locked share_states,
163 struct ffa_memory_share_state *share_state);
164/** Checks whether the given share state has been fully sent. */
165bool share_state_sending_complete(struct share_states_locked share_states,
166 struct ffa_memory_share_state *share_state);
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]167void dump_share_states(void);
168
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]169struct ffa_value ffa_memory_send_validate(
170 struct vm_locked from_locked, struct ffa_memory_region *memory_region,
171 uint32_t memory_share_length, uint32_t fragment_length,
172 uint32_t share_func);
J-Alvesfdd29272022-07-19 13:16:31 +0100[diff] [blame]173struct ffa_value ffa_memory_send_complete(
174 struct vm_locked from_locked, struct share_states_locked share_states,
175 struct ffa_memory_share_state *share_state, struct mpool *page_pool,
Karl Meakin07a69ab2025-02-07 14:53:19 +0000[diff] [blame^]176 mm_mode_t *orig_from_mode_ret);
J-Alvesfdd29272022-07-19 13:16:31 +0100[diff] [blame]177struct ffa_value ffa_memory_send_continue_validate(
178 struct share_states_locked share_states, ffa_memory_handle_t handle,
J-Alves19e20cf2023-08-02 12:48:55 +0100[diff] [blame]179 struct ffa_memory_share_state **share_state_ret, ffa_id_t from_vm_id,
J-Alvesfdd29272022-07-19 13:16:31 +0100[diff] [blame]180 struct mpool *page_pool);
J-Alvesfd206052023-05-22 16:45:00 +0100[diff] [blame]181
J-Alvesb5084cf2022-07-06 14:20:12 +0100[diff] [blame]182struct ffa_value ffa_retrieve_check_update(
J-Alves26483382023-04-20 12:01:49 +0100[diff] [blame]183 struct vm_locked to_locked,
J-Alvesb5084cf2022-07-06 14:20:12 +0100[diff] [blame]184 struct ffa_memory_region_constituent **fragments,
185 uint32_t *fragment_constituent_counts, uint32_t fragment_count,
Karl Meakin07a69ab2025-02-07 14:53:19 +0000[diff] [blame^]186 mm_mode_t sender_orig_mode, uint32_t share_func, bool clear,
187 struct mpool *page_pool, mm_mode_t *response_mode,
J-Alves460d36c2023-10-12 17:02:15 +0100[diff] [blame]188 bool memory_protected);
J-Alvescf6253e2024-01-03 13:48:48 +0000[diff] [blame]189struct ffa_value ffa_region_group_identity_map(
J-Alvesfdd29272022-07-19 13:16:31 +0100[diff] [blame]190 struct vm_locked vm_locked,
191 struct ffa_memory_region_constituent **fragments,
192 const uint32_t *fragment_constituent_counts, uint32_t fragment_count,
Karl Meakin07a69ab2025-02-07 14:53:19 +0000[diff] [blame^]193 mm_mode_t mode, struct mpool *ppool, enum ffa_map_action action,
J-Alvescf6253e2024-01-03 13:48:48 +0000[diff] [blame]194 bool *memory_protected);
J-Alvesfdd29272022-07-19 13:16:31 +0100[diff] [blame]195bool memory_region_receivers_from_other_world(
196 struct ffa_memory_region *memory_region);