TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 2145c218b27d63c10012ab205874317aee37b468 / . / src / manifest.c
blob: da25156b7429deb695bc7ae02309b1dac849d745 [file] [log] [blame]
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]1/*
2 * Copyright 2019 The Hafnium Authors.
3 *
Andrew Walbrane959ec12020-06-17 15:01:09 +0100[diff] [blame]4 * Use of this source code is governed by a BSD-style
5 * license that can be found in the LICENSE file or at
6 * https://opensource.org/licenses/BSD-3-Clause.
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]7 */
8
9#include "hf/manifest.h"
10
11#include "hf/addr.h"
12#include "hf/check.h"
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]13#include "hf/dlog.h"
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]14#include "hf/fdt.h"
15#include "hf/static_assert.h"
16#include "hf/std.h"
17
18#define TRY(expr) \
19 do { \
20 enum manifest_return_code ret_code = (expr); \
21 if (ret_code != MANIFEST_SUCCESS) { \
22 return ret_code; \
23 } \
24 } while (0)
25
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]26#define VM_ID_MAX (HF_VM_ID_OFFSET + MAX_VMS - 1)
27#define VM_ID_MAX_DIGITS (5)
28#define VM_NAME_EXTRA_CHARS (3) /* "vm" + number + '\0' */
29#define VM_NAME_MAX_SIZE (VM_ID_MAX_DIGITS + VM_NAME_EXTRA_CHARS)
30static_assert(VM_NAME_MAX_SIZE <= STRING_MAX_SIZE,
31 "VM name does not fit into a struct string.");
32static_assert(VM_ID_MAX <= 99999, "Insufficient VM_NAME_BUF_SIZE");
33static_assert(HF_TEE_VM_ID > VM_ID_MAX,
Andrew Walbran9daa57e2019-09-27 13:33:20 +0100[diff] [blame]34 "TrustZone VM ID clashes with normal VM range.");
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]35
Andrew Walbranb5ab43c2020-04-30 11:32:54 +0100[diff] [blame]36static inline size_t count_digits(ffa_vm_id_t vm_id)
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]37{
38 size_t digits = 0;
39
40 do {
41 digits++;
42 vm_id /= 10;
43 } while (vm_id);
44 return digits;
45}
46
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]47/**
48 * Generates a string with the two letters "vm" followed by an integer.
49 * Assumes `buf` is of size VM_NAME_BUF_SIZE.
50 */
Andrew Walbranb5ab43c2020-04-30 11:32:54 +0100[diff] [blame]51static void generate_vm_node_name(struct string *str, ffa_vm_id_t vm_id)
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]52{
53 static const char *digits = "0123456789";
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]54 size_t vm_id_digits = count_digits(vm_id);
55 char *base = str->data;
56 char *ptr = base + (VM_NAME_EXTRA_CHARS + vm_id_digits);
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]57
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]58 CHECK(vm_id_digits <= VM_ID_MAX_DIGITS);
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]59 *(--ptr) = '\0';
60 do {
61 *(--ptr) = digits[vm_id % 10];
62 vm_id /= 10;
63 } while (vm_id);
64 *(--ptr) = 'm';
65 *(--ptr) = 'v';
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]66 CHECK(ptr == base);
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]67}
68
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]69/**
Andrew Scullb2c3a242019-11-04 13:52:36 +0000[diff] [blame]70 * Read a boolean property: true if present; false if not. If present, the value
71 * of the property must be empty else it is considered malformed.
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]72 */
Andrew Scullb2c3a242019-11-04 13:52:36 +0000[diff] [blame]73static enum manifest_return_code read_bool(const struct fdt_node *node,
74 const char *property, bool *out)
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]75{
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]76 struct memiter data;
77 bool present = fdt_read_property(node, property, &data);
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]78
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]79 if (present && memiter_size(&data) != 0) {
Andrew Scullb2c3a242019-11-04 13:52:36 +0000[diff] [blame]80 return MANIFEST_ERROR_MALFORMED_BOOLEAN;
81 }
82
83 *out = present;
84 return MANIFEST_SUCCESS;
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]85}
86
Andrew Scull72b43c02019-09-18 13:53:45 +0100[diff] [blame]87static enum manifest_return_code read_string(const struct fdt_node *node,
David Brazdil136f2942019-09-23 14:11:03 +0100[diff] [blame]88 const char *property,
89 struct string *out)
Andrew Scull72b43c02019-09-18 13:53:45 +0100[diff] [blame]90{
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]91 struct memiter data;
Andrew Scull72b43c02019-09-18 13:53:45 +0100[diff] [blame]92
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]93 if (!fdt_read_property(node, property, &data)) {
Andrew Scull72b43c02019-09-18 13:53:45 +0100[diff] [blame]94 return MANIFEST_ERROR_PROPERTY_NOT_FOUND;
95 }
96
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]97 switch (string_init(out, &data)) {
David Brazdil136f2942019-09-23 14:11:03 +0100[diff] [blame]98 case STRING_SUCCESS:
99 return MANIFEST_SUCCESS;
100 case STRING_ERROR_INVALID_INPUT:
101 return MANIFEST_ERROR_MALFORMED_STRING;
102 case STRING_ERROR_TOO_LONG:
103 return MANIFEST_ERROR_STRING_TOO_LONG;
104 }
Andrew Scull72b43c02019-09-18 13:53:45 +0100[diff] [blame]105}
106
107static enum manifest_return_code read_optional_string(
David Brazdil136f2942019-09-23 14:11:03 +0100[diff] [blame]108 const struct fdt_node *node, const char *property, struct string *out)
Andrew Scull72b43c02019-09-18 13:53:45 +0100[diff] [blame]109{
David Brazdil136f2942019-09-23 14:11:03 +0100[diff] [blame]110 enum manifest_return_code ret;
Andrew Scull72b43c02019-09-18 13:53:45 +0100[diff] [blame]111
David Brazdil136f2942019-09-23 14:11:03 +0100[diff] [blame]112 ret = read_string(node, property, out);
113 if (ret == MANIFEST_ERROR_PROPERTY_NOT_FOUND) {
114 string_init_empty(out);
115 ret = MANIFEST_SUCCESS;
Andrew Scull72b43c02019-09-18 13:53:45 +0100[diff] [blame]116 }
David Brazdil136f2942019-09-23 14:11:03 +0100[diff] [blame]117 return ret;
Andrew Scull72b43c02019-09-18 13:53:45 +0100[diff] [blame]118}
119
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]120static enum manifest_return_code read_uint64(const struct fdt_node *node,
121 const char *property,
122 uint64_t *out)
123{
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]124 struct memiter data;
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]125
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]126 if (!fdt_read_property(node, property, &data)) {
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]127 return MANIFEST_ERROR_PROPERTY_NOT_FOUND;
128 }
129
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]130 if (!fdt_parse_number(&data, memiter_size(&data), out)) {
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]131 return MANIFEST_ERROR_MALFORMED_INTEGER;
132 }
133
134 return MANIFEST_SUCCESS;
135}
136
David Brazdil080ee312020-02-25 15:30:30 -0800[diff] [blame]137static enum manifest_return_code read_optional_uint64(
138 const struct fdt_node *node, const char *property,
139 uint64_t default_value, uint64_t *out)
140{
141 enum manifest_return_code ret;
142
143 ret = read_uint64(node, property, out);
144 if (ret == MANIFEST_ERROR_PROPERTY_NOT_FOUND) {
145 *out = default_value;
146 return MANIFEST_SUCCESS;
147 }
148 return ret;
149}
150
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]151static enum manifest_return_code read_uint32(const struct fdt_node *node,
152 const char *property,
153 uint32_t *out)
154{
155 uint64_t value;
156
157 TRY(read_uint64(node, property, &value));
158
159 if (value > UINT32_MAX) {
160 return MANIFEST_ERROR_INTEGER_OVERFLOW;
161 }
162
163 *out = (uint32_t)value;
164 return MANIFEST_SUCCESS;
165}
166
Manish Pandeye68e7932020-04-23 15:29:28 +0100[diff] [blame]167static enum manifest_return_code read_optional_uint32(
168 const struct fdt_node *node, const char *property,
169 uint32_t default_value, uint32_t *out)
170{
171 enum manifest_return_code ret;
172
173 ret = read_uint32(node, property, out);
174 if (ret == MANIFEST_ERROR_PROPERTY_NOT_FOUND) {
175 *out = default_value;
176 return MANIFEST_SUCCESS;
177 }
178 return ret;
179}
180
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]181static enum manifest_return_code read_uint16(const struct fdt_node *node,
182 const char *property,
183 uint16_t *out)
184{
185 uint64_t value;
186
187 TRY(read_uint64(node, property, &value));
188
189 if (value > UINT16_MAX) {
190 return MANIFEST_ERROR_INTEGER_OVERFLOW;
191 }
192
193 *out = (uint16_t)value;
194 return MANIFEST_SUCCESS;
195}
196
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]197static enum manifest_return_code read_uint8(const struct fdt_node *node,
198 const char *property, uint8_t *out)
199{
200 uint64_t value;
201
202 TRY(read_uint64(node, property, &value));
203
204 if (value > UINT8_MAX) {
205 return MANIFEST_ERROR_INTEGER_OVERFLOW;
206 }
207
208 *out = (uint8_t)value;
209 return MANIFEST_SUCCESS;
210}
211
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]212struct uint32list_iter {
213 struct memiter mem_it;
214};
215
216static enum manifest_return_code read_optional_uint32list(
217 const struct fdt_node *node, const char *property,
218 struct uint32list_iter *out)
219{
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]220 struct memiter data;
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]221
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]222 if (!fdt_read_property(node, property, &data)) {
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]223 memiter_init(&out->mem_it, NULL, 0);
224 return MANIFEST_SUCCESS;
225 }
226
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]227 if ((memiter_size(&data) % sizeof(uint32_t)) != 0) {
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]228 return MANIFEST_ERROR_MALFORMED_INTEGER_LIST;
229 }
230
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]231 out->mem_it = data;
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]232 return MANIFEST_SUCCESS;
233}
234
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]235static bool uint32list_has_next(const struct uint32list_iter *list)
236{
237 return memiter_size(&list->mem_it) > 0;
238}
239
David Brazdil5ea99462020-03-25 13:01:47 +0000[diff] [blame]240static enum manifest_return_code uint32list_get_next(
241 struct uint32list_iter *list, uint32_t *out)
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]242{
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]243 uint64_t num;
244
245 CHECK(uint32list_has_next(list));
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]246 if (!fdt_parse_number(&list->mem_it, sizeof(uint32_t), &num)) {
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]247 return MANIFEST_ERROR_MALFORMED_INTEGER;
248 }
249
David Brazdil5ea99462020-03-25 13:01:47 +0000[diff] [blame]250 *out = (uint32_t)num;
251 return MANIFEST_SUCCESS;
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]252}
253
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]254static enum manifest_return_code parse_vm_common(const struct fdt_node *node,
255 struct manifest_vm *vm,
256 ffa_vm_id_t vm_id)
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]257{
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]258 struct uint32list_iter smcs;
David Brazdil5ea99462020-03-25 13:01:47 +0000[diff] [blame]259 size_t idx;
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]260
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]261 TRY(read_bool(node, "is_ffa_partition", &vm->is_ffa_partition));
262
David Brazdil136f2942019-09-23 14:11:03 +0100[diff] [blame]263 TRY(read_string(node, "debug_name", &vm->debug_name));
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]264
265 TRY(read_optional_uint32list(node, "smc_whitelist", &smcs));
266 while (uint32list_has_next(&smcs) &&
267 vm->smc_whitelist.smc_count < MAX_SMCS) {
David Brazdil5ea99462020-03-25 13:01:47 +0000[diff] [blame]268 idx = vm->smc_whitelist.smc_count++;
269 TRY(uint32list_get_next(&smcs, &vm->smc_whitelist.smcs[idx]));
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]270 }
271
272 if (uint32list_has_next(&smcs)) {
Andrew Walbran17eebf92020-02-05 16:35:49 +0000[diff] [blame]273 dlog_warning("%s SMC whitelist too long.\n", vm->debug_name);
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]274 }
275
Andrew Scullb2c3a242019-11-04 13:52:36 +0000[diff] [blame]276 TRY(read_bool(node, "smc_whitelist_permissive",
277 &vm->smc_whitelist.permissive));
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]278
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]279 if (vm_id != HF_PRIMARY_VM_ID) {
280 TRY(read_uint64(node, "mem_size", &vm->secondary.mem_size));
281 TRY(read_uint16(node, "vcpu_count", &vm->secondary.vcpu_count));
Fuad Tabba50469e02020-06-30 15:14:28 +0100[diff] [blame]282 TRY(read_optional_string(node, "fdt_filename",
283 &vm->secondary.fdt_filename));
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]284 }
285
286 return MANIFEST_SUCCESS;
287}
288
289static enum manifest_return_code parse_vm(struct fdt_node *node,
290 struct manifest_vm *vm,
291 ffa_vm_id_t vm_id)
292{
293 TRY(read_optional_string(node, "kernel_filename",
294 &vm->kernel_filename));
295
David Brazdile6f83222019-09-23 14:47:37 +0100[diff] [blame]296 if (vm_id == HF_PRIMARY_VM_ID) {
297 TRY(read_optional_string(node, "ramdisk_filename",
298 &vm->primary.ramdisk_filename));
David Brazdil080ee312020-02-25 15:30:30 -0800[diff] [blame]299 TRY(read_optional_uint64(node, "boot_address",
300 MANIFEST_INVALID_ADDRESS,
301 &vm->primary.boot_address));
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]302 }
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]303
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]304 return MANIFEST_SUCCESS;
305}
306
Manish Pandey6542f5c2020-04-27 14:37:46 +0100[diff] [blame]307static enum manifest_return_code parse_ffa_memory_region_node(
Manish Pandeyfa1f2912020-05-05 12:57:01 +0100[diff] [blame]308 struct fdt_node *mem_node, struct memory_region *mem_regions,
Manish Pandey2145c212020-05-01 16:04:22 +0100[diff] [blame^]309 uint8_t *count, struct rx_tx *rxtx)
Manish Pandey6542f5c2020-04-27 14:37:46 +0100[diff] [blame]310{
Manish Pandeyfa1f2912020-05-05 12:57:01 +0100[diff] [blame]311 uint32_t phandle;
Manish Pandey2145c212020-05-01 16:04:22 +0100[diff] [blame^]312 uint8_t i = 0;
Manish Pandey6542f5c2020-04-27 14:37:46 +0100[diff] [blame]313
314 dlog_verbose(" Partition memory regions\n");
315
316 if (!fdt_is_compatible(mem_node, "arm,ffa-manifest-memory-regions")) {
317 return MANIFEST_ERROR_NOT_COMPATIBLE;
318 }
319
320 if (!fdt_first_child(mem_node)) {
321 return MANIFEST_ERROR_MEMORY_REGION_NODE_EMPTY;
322 }
323
324 do {
325 dlog_verbose(" Memory Region[%u]\n", i);
326
327 TRY(read_optional_string(mem_node, "description",
328 &mem_regions[i].name));
329 dlog_verbose(" Name: %s\n",
330 string_data(&mem_regions[i].name));
331
332 TRY(read_optional_uint64(mem_node, "base-address",
333 MANIFEST_INVALID_ADDRESS,
334 &mem_regions[i].base_address));
335 dlog_verbose(" Base address: %#x\n",
336 mem_regions[i].base_address);
337
338 TRY(read_uint32(mem_node, "pages-count",
339 &mem_regions[i].page_count));
340 dlog_verbose(" Pages_count: %u\n",
341 mem_regions[i].page_count);
342
343 TRY(read_uint32(mem_node, "attributes",
344 &mem_regions[i].attributes));
345 mem_regions[i].attributes &= MM_PERM_MASK;
346 dlog_verbose(" Attributes: %u\n",
347 mem_regions[i].attributes);
Manish Pandeyfa1f2912020-05-05 12:57:01 +0100[diff] [blame]348
349 TRY(read_optional_uint32(mem_node, "phandle",
350 (uint32_t)MANIFEST_INVALID_ADDRESS,
351 &phandle));
352 if (phandle == rxtx->rx_phandle) {
353 dlog_verbose(" Assigned as RX buffer\n");
354 rxtx->rx_buffer = &mem_regions[i];
355 } else if (phandle == rxtx->tx_phandle) {
356 dlog_verbose(" Assigned as TX buffer\n");
357 rxtx->tx_buffer = &mem_regions[i];
358 }
359
Manish Pandey6542f5c2020-04-27 14:37:46 +0100[diff] [blame]360 i++;
361 } while (fdt_next_sibling(mem_node) && (i < SP_MAX_MEMORY_REGIONS));
362
Manish Pandey2145c212020-05-01 16:04:22 +0100[diff] [blame^]363 *count = i;
Manish Pandey6542f5c2020-04-27 14:37:46 +0100[diff] [blame]364
365 return MANIFEST_SUCCESS;
366}
367
Manish Pandeye68e7932020-04-23 15:29:28 +0100[diff] [blame]368static enum manifest_return_code parse_ffa_device_region_node(
Manish Pandey2145c212020-05-01 16:04:22 +0100[diff] [blame^]369 struct fdt_node *dev_node, struct device_region *dev_regions,
370 uint8_t *count)
Manish Pandeye68e7932020-04-23 15:29:28 +0100[diff] [blame]371{
372 struct uint32list_iter list;
Manish Pandey2145c212020-05-01 16:04:22 +0100[diff] [blame^]373 uint8_t i = 0;
374 uint8_t j = 0;
Manish Pandeye68e7932020-04-23 15:29:28 +0100[diff] [blame]375
376 dlog_verbose(" Partition Device Regions\n");
377
378 if (!fdt_is_compatible(dev_node, "arm,ffa-manifest-device-regions")) {
379 return MANIFEST_ERROR_NOT_COMPATIBLE;
380 }
381
382 if (!fdt_first_child(dev_node)) {
383 return MANIFEST_ERROR_DEVICE_REGION_NODE_EMPTY;
384 }
385
386 do {
387 dlog_verbose(" Device Region[%u]\n", i);
388
389 TRY(read_optional_string(dev_node, "description",
390 &dev_regions[i].name));
391 dlog_verbose(" Name: %s\n",
392 string_data(&dev_regions[i].name));
393
394 TRY(read_uint64(dev_node, "base-address",
395 &dev_regions[i].base_address));
396 dlog_verbose(" Base address: %#x\n",
397 dev_regions[i].base_address);
398
399 TRY(read_uint32(dev_node, "pages-count",
400 &dev_regions[i].page_count));
401 dlog_verbose(" Pages_count: %u\n",
402 dev_regions[i].page_count);
403
404 TRY(read_uint32(dev_node, "attributes",
405 &dev_regions[i].attributes));
406 dev_regions[i].attributes =
407 (dev_regions[i].attributes & MM_PERM_MASK) | MM_MODE_D;
408 dlog_verbose(" Attributes: %u\n",
409 dev_regions[i].attributes);
410
411 TRY(read_optional_uint32list(dev_node, "interrupts", &list));
412 dlog_verbose(" Interrupt List:\n");
413 j = 0;
414 while (uint32list_has_next(&list) &&
415 j < SP_MAX_INTERRUPTS_PER_DEVICE) {
416 TRY(uint32list_get_next(
417 &list, &dev_regions[i].interrupts[j].id));
418 if (uint32list_has_next(&list)) {
419 TRY(uint32list_get_next(&list,
420 &dev_regions[i]
421 .interrupts[j]
422 .attributes));
423 } else {
424 return MANIFEST_ERROR_MALFORMED_INTEGER_LIST;
425 }
426
427 dlog_verbose(" ID = %u, attributes = %u\n",
428 dev_regions[i].interrupts[j].id,
429 dev_regions[i].interrupts[j].attributes);
430 j++;
431 }
432 if (j == 0) {
433 dlog_verbose(" Empty\n");
434 }
435
436 TRY(read_optional_uint32(dev_node, "smmu-id",
437 (uint32_t)MANIFEST_INVALID_ADDRESS,
438 &dev_regions[i].smmu_id));
439 dlog_verbose(" smmu-id: %u\n", dev_regions[i].smmu_id);
440
441 TRY(read_optional_uint32list(dev_node, "stream-ids", &list));
442 dlog_verbose(" Stream IDs assigned:\n");
443
444 j = 0;
445 while (uint32list_has_next(&list) &&
446 j < SP_MAX_STREAMS_PER_DEVICE) {
447 TRY(uint32list_get_next(&list,
448 &dev_regions[i].stream_ids[j]));
449 dlog_verbose(" %u\n",
450 dev_regions[i].stream_ids[j]);
451 j++;
452 }
453 if (j == 0) {
454 dlog_verbose(" None\n");
455 }
456
457 TRY(read_bool(dev_node, "exclusive-access",
458 &dev_regions[i].exclusive_access));
459 dlog_verbose(" Exclusive_access: %d\n",
460 dev_regions[i].exclusive_access);
461
462 i++;
463 } while (fdt_next_sibling(dev_node) && (i < SP_MAX_DEVICE_REGIONS));
464
Manish Pandey2145c212020-05-01 16:04:22 +0100[diff] [blame^]465 *count = i;
Manish Pandeye68e7932020-04-23 15:29:28 +0100[diff] [blame]466
467 return MANIFEST_SUCCESS;
468}
469
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]470static enum manifest_return_code parse_ffa_manifest(struct fdt *fdt,
471 struct manifest_vm *vm)
472{
473 unsigned int i = 0;
474 struct uint32list_iter uuid;
475 uint32_t uuid_word;
476 struct fdt_node root;
477 struct fdt_node ffa_node;
478 struct string rxtx_node_name = STRING_INIT("rx_tx-info");
Manish Pandey6542f5c2020-04-27 14:37:46 +0100[diff] [blame]479 struct string mem_region_node_name = STRING_INIT("memory-regions");
Manish Pandeye68e7932020-04-23 15:29:28 +0100[diff] [blame]480 struct string dev_region_node_name = STRING_INIT("device-regions");
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]481
482 if (!fdt_find_node(fdt, "/", &root)) {
483 return MANIFEST_ERROR_NO_ROOT_NODE;
484 }
485
486 /* Check "compatible" property. */
487 if (!fdt_is_compatible(&root, "arm,ffa-manifest-1.0")) {
488 return MANIFEST_ERROR_NOT_COMPATIBLE;
489 }
490
491 TRY(read_uint32(&root, "ffa-version", &vm->sp.ffa_version));
492 dlog_verbose(" SP expected FF-A version %d.%d\n",
493 vm->sp.ffa_version >> 16, vm->sp.ffa_version & 0xffff);
494
495 TRY(read_optional_uint32list(&root, "uuid", &uuid));
496
497 while (uint32list_has_next(&uuid) && i < 4) {
498 TRY(uint32list_get_next(&uuid, &uuid_word));
Fuad Tabbae4efcc32020-07-16 15:37:27 +0100[diff] [blame]499 vm->sp.uuid.uuid[i] = uuid_word;
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]500 i++;
501 }
Fuad Tabba952401e2020-07-24 10:43:40 +0100[diff] [blame]502 dlog_verbose(" SP UUID %#x-%x-%x_%x\n", vm->sp.uuid.uuid[0],
503 vm->sp.uuid.uuid[1], vm->sp.uuid.uuid[2],
504 vm->sp.uuid.uuid[3]);
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]505
506 TRY(read_uint16(&root, "execution-ctx-count",
507 &vm->sp.execution_ctx_count));
508 dlog_verbose(" SP number of execution context %d\n",
509 vm->sp.execution_ctx_count);
510
511 TRY(read_uint8(&root, "exception-level",
512 (uint8_t *)&vm->sp.run_time_el));
513 dlog_verbose(" SP run-time EL %d\n", vm->sp.run_time_el);
514
515 TRY(read_uint8(&root, "execution-state",
516 (uint8_t *)&vm->sp.execution_state));
517 dlog_verbose(" SP execution state %d\n", vm->sp.execution_state);
518
519 TRY(read_uint64(&root, "load-address", &vm->sp.load_addr));
520 dlog_verbose(" SP load address %#x\n", vm->sp.load_addr);
521
522 TRY(read_uint64(&root, "entrypoint-offset", &vm->sp.ep_offset));
523 dlog_verbose(" SP entry point offset %#x\n", vm->sp.ep_offset);
524
525 TRY(read_uint8(&root, "xlat-granule", (uint8_t *)&vm->sp.xlat_granule));
526 dlog_verbose(" SP translation granule %d\n", vm->sp.xlat_granule);
527
528 ffa_node = root;
529 if (fdt_find_child(&ffa_node, &rxtx_node_name)) {
530 if (!fdt_is_compatible(&ffa_node,
531 "arm,ffa-manifest-rx_tx-buffer")) {
532 return MANIFEST_ERROR_NOT_COMPATIBLE;
533 }
534
Manish Pandeyfa1f2912020-05-05 12:57:01 +0100[diff] [blame]535 /*
536 * Read only phandles for now, it will be used to update buffers
537 * while parsing memory regions.
538 */
539 TRY(read_uint32(&ffa_node, "rx-buffer",
540 &vm->sp.rxtx.rx_phandle));
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]541
Manish Pandeyfa1f2912020-05-05 12:57:01 +0100[diff] [blame]542 TRY(read_uint32(&ffa_node, "tx-buffer",
543 &vm->sp.rxtx.tx_phandle));
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]544
Manish Pandeyfa1f2912020-05-05 12:57:01 +0100[diff] [blame]545 vm->sp.rxtx.available = true;
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]546 }
547
548 TRY(read_uint8(&root, "messaging-method",
549 (uint8_t *)&vm->sp.messaging_method));
550 dlog_verbose(" SP messaging method %d\n", vm->sp.messaging_method);
551
Manish Pandey6542f5c2020-04-27 14:37:46 +0100[diff] [blame]552 /* Parse memory-regions */
553 ffa_node = root;
554 if (fdt_find_child(&ffa_node, &mem_region_node_name)) {
Manish Pandeyfa1f2912020-05-05 12:57:01 +0100[diff] [blame]555 TRY(parse_ffa_memory_region_node(&ffa_node, vm->sp.mem_regions,
Manish Pandey2145c212020-05-01 16:04:22 +0100[diff] [blame^]556 &vm->sp.mem_region_count,
Manish Pandeyfa1f2912020-05-05 12:57:01 +0100[diff] [blame]557 &vm->sp.rxtx));
Manish Pandey6542f5c2020-04-27 14:37:46 +0100[diff] [blame]558 }
Manish Pandey2145c212020-05-01 16:04:22 +0100[diff] [blame^]559 dlog_verbose(" Total %u memory regions found\n",
560 vm->sp.mem_region_count);
Manish Pandey6542f5c2020-04-27 14:37:46 +0100[diff] [blame]561
Manish Pandeye68e7932020-04-23 15:29:28 +0100[diff] [blame]562 /* Parse Device-regions */
563 ffa_node = root;
564 if (fdt_find_child(&ffa_node, &dev_region_node_name)) {
Manish Pandey2145c212020-05-01 16:04:22 +0100[diff] [blame^]565 TRY(parse_ffa_device_region_node(&ffa_node, vm->sp.dev_regions,
566 &vm->sp.dev_region_count));
Manish Pandeye68e7932020-04-23 15:29:28 +0100[diff] [blame]567 }
Manish Pandey2145c212020-05-01 16:04:22 +0100[diff] [blame^]568 dlog_verbose(" Total %u device regions found\n",
569 vm->sp.dev_region_count);
Manish Pandeye68e7932020-04-23 15:29:28 +0100[diff] [blame]570
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]571 return MANIFEST_SUCCESS;
572}
573
574static enum manifest_return_code sanity_check_ffa_manifest(
575 struct manifest_vm *vm)
576{
577 uint16_t ffa_version_major;
578 uint16_t ffa_version_minor;
579 enum manifest_return_code ret_code = MANIFEST_SUCCESS;
580 const char *error_string = "specified in manifest is unsupported";
581
582 /* ensure that the SPM version is compatible */
583 ffa_version_major =
584 (vm->sp.ffa_version & 0xffff0000) >> FFA_VERSION_MAJOR_OFFSET;
585 ffa_version_minor = vm->sp.ffa_version & 0xffff;
586
587 if (ffa_version_major != FFA_VERSION_MAJOR ||
588 ffa_version_minor > FFA_VERSION_MINOR) {
589 dlog_error("FF-A partition manifest version %s: %d.%d\n",
590 error_string, ffa_version_major, ffa_version_minor);
591 ret_code = MANIFEST_ERROR_NOT_COMPATIBLE;
592 }
593
594 if (vm->sp.xlat_granule != PAGE_4KB) {
595 dlog_error("Translation granule %s: %d\n", error_string,
596 vm->sp.xlat_granule);
597 ret_code = MANIFEST_ERROR_NOT_COMPATIBLE;
598 }
599
600 if (vm->sp.execution_state != AARCH64) {
601 dlog_error("Execution state %s: %d\n", error_string,
602 vm->sp.execution_state);
603 ret_code = MANIFEST_ERROR_NOT_COMPATIBLE;
604 }
605
606 if (vm->sp.run_time_el != EL1 && vm->sp.run_time_el != S_EL1) {
607 dlog_error("Exception level %s: %d\n", error_string,
608 vm->sp.run_time_el);
609 ret_code = MANIFEST_ERROR_NOT_COMPATIBLE;
610 }
611
612 if (vm->sp.messaging_method != INDIRECT_MESSAGING) {
613 dlog_error("Messaging method %s: %x\n", error_string,
614 vm->sp.messaging_method);
615 ret_code = MANIFEST_ERROR_NOT_COMPATIBLE;
616 }
617
618 return ret_code;
619}
620
621static enum manifest_return_code parse_ffa_partition_package(
622 struct mm_stage1_locked stage1_locked, struct fdt_node *node,
623 struct manifest_vm *vm, ffa_vm_id_t vm_id, struct mpool *ppool)
624{
625 enum manifest_return_code ret = MANIFEST_ERROR_NOT_COMPATIBLE;
626 uintpaddr_t sp_pkg_addr;
627 paddr_t sp_pkg_start;
628 paddr_t sp_pkg_end;
629 struct sp_pkg_header *sp_pkg;
630 size_t sp_header_dtb_size;
631 paddr_t sp_dtb_addr;
632 struct fdt sp_fdt;
633
634 /*
635 * This must have been hinted as being an FF-A partition,
636 * return straight with failure if this is not the case.
637 */
638 if (!vm->is_ffa_partition) {
639 return MANIFEST_ERROR_NOT_COMPATIBLE;
640 }
641
642 TRY(read_uint64(node, "load_address", &sp_pkg_addr));
643 if (!is_aligned(sp_pkg_addr, PAGE_SIZE)) {
644 return MANIFEST_ERROR_NOT_COMPATIBLE;
645 }
646
647 /* Map top of SP package as a single page to extract the header */
648 sp_pkg_start = pa_init(sp_pkg_addr);
649 sp_pkg_end = pa_add(sp_pkg_start, PAGE_SIZE);
650 sp_pkg = mm_identity_map(stage1_locked, sp_pkg_start,
651 pa_add(sp_pkg_start, PAGE_SIZE), MM_MODE_R,
652 ppool);
653 CHECK(sp_pkg != NULL);
654
655 dlog_verbose("SP package load address %#x\n", sp_pkg_addr);
656
657 if (sp_pkg->magic != SP_PKG_HEADER_MAGIC) {
658 dlog_error("Invalid SP package magic.\n");
659 goto exit_unmap;
660 }
661
662 if (sp_pkg->version != SP_PKG_HEADER_VERSION) {
663 dlog_error("Invalid SP package version.\n");
664 goto exit_unmap;
665 }
666
667 /* Expect SP DTB to immediately follow header */
668 if (sp_pkg->pm_offset != sizeof(struct sp_pkg_header)) {
669 dlog_error("Invalid SP package manifest offset.\n");
670 goto exit_unmap;
671 }
672
673 sp_header_dtb_size = align_up(
674 sp_pkg->pm_size + sizeof(struct sp_pkg_header), PAGE_SIZE);
675 if ((vm_id != HF_PRIMARY_VM_ID) &&
676 (sp_header_dtb_size >= vm->secondary.mem_size)) {
677 dlog_error("Invalid SP package header or DT size.\n");
678 goto exit_unmap;
679 }
680
681 if (sp_header_dtb_size > PAGE_SIZE) {
682 /* Map remainder of header + DTB */
683 sp_pkg_end = pa_add(sp_pkg_start, sp_header_dtb_size);
684
685 sp_pkg = mm_identity_map(stage1_locked, sp_pkg_start,
686 sp_pkg_end, MM_MODE_R, ppool);
687 CHECK(sp_pkg != NULL);
688 }
689
690 sp_dtb_addr = pa_add(sp_pkg_start, sp_pkg->pm_offset);
691 if (!fdt_init_from_ptr(&sp_fdt, (void *)sp_dtb_addr.pa,
692 sp_pkg->pm_size)) {
693 dlog_error("FDT failed validation.\n");
694 goto exit_unmap;
695 }
696
697 ret = parse_ffa_manifest(&sp_fdt, vm);
698 if (ret != MANIFEST_SUCCESS) {
699 goto exit_unmap;
700 }
701
702 ret = sanity_check_ffa_manifest(vm);
703
704exit_unmap:
705 CHECK(mm_unmap(stage1_locked, sp_pkg_start, sp_pkg_end, ppool));
706
707 return ret;
708}
709
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]710/**
711 * Parse manifest from FDT.
712 */
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]713enum manifest_return_code manifest_init(struct mm_stage1_locked stage1_locked,
714 struct manifest *manifest,
715 struct memiter *manifest_fdt,
716 struct mpool *ppool)
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]717{
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]718 struct string vm_name;
719 struct fdt fdt;
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]720 struct fdt_node hyp_node;
721 size_t i = 0;
722 bool found_primary_vm = false;
723
724 memset_s(manifest, sizeof(*manifest), 0, sizeof(*manifest));
725
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]726 if (!fdt_init_from_memiter(&fdt, manifest_fdt)) {
727 return MANIFEST_ERROR_FILE_SIZE; /* TODO */
David Brazdila2358d42020-01-27 18:51:38 +0000[diff] [blame]728 }
729
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]730 /* Find hypervisor node. */
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]731 if (!fdt_find_node(&fdt, "/hypervisor", &hyp_node)) {
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]732 return MANIFEST_ERROR_NO_HYPERVISOR_FDT_NODE;
733 }
734
David Brazdil74e9c3b2019-08-28 11:09:08 +0100[diff] [blame]735 /* Check "compatible" property. */
David Brazdilf4925382020-03-25 13:33:51 +0000[diff] [blame]736 if (!fdt_is_compatible(&hyp_node, "hafnium,hafnium")) {
David Brazdil74e9c3b2019-08-28 11:09:08 +0100[diff] [blame]737 return MANIFEST_ERROR_NOT_COMPATIBLE;
738 }
739
Andrew Walbranb5ab43c2020-04-30 11:32:54 +0100[diff] [blame]740 TRY(read_bool(&hyp_node, "ffa_tee", &manifest->ffa_tee_enabled));
Andrew Walbran41a49d82020-01-10 17:46:38 +0000[diff] [blame]741
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]742 /* Iterate over reserved VM IDs and check no such nodes exist. */
743 for (i = 0; i < HF_VM_ID_OFFSET; i++) {
Andrew Walbranb5ab43c2020-04-30 11:32:54 +0100[diff] [blame]744 ffa_vm_id_t vm_id = (ffa_vm_id_t)i;
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]745 struct fdt_node vm_node = hyp_node;
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]746
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]747 generate_vm_node_name(&vm_name, vm_id);
748 if (fdt_find_child(&vm_node, &vm_name)) {
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]749 return MANIFEST_ERROR_RESERVED_VM_ID;
750 }
751 }
752
753 /* Iterate over VM nodes until we find one that does not exist. */
754 for (i = 0; i <= MAX_VMS; ++i) {
Andrew Walbranb5ab43c2020-04-30 11:32:54 +0100[diff] [blame]755 ffa_vm_id_t vm_id = HF_VM_ID_OFFSET + i;
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]756 struct fdt_node vm_node = hyp_node;
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]757
David Brazdilb856be62020-03-25 10:14:55 +0000[diff] [blame]758 generate_vm_node_name(&vm_name, vm_id);
759 if (!fdt_find_child(&vm_node, &vm_name)) {
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]760 break;
761 }
762
763 if (i == MAX_VMS) {
764 return MANIFEST_ERROR_TOO_MANY_VMS;
765 }
766
767 if (vm_id == HF_PRIMARY_VM_ID) {
768 CHECK(found_primary_vm == false); /* sanity check */
769 found_primary_vm = true;
770 }
771
David Brazdil0251b942019-09-10 15:59:50 +0100[diff] [blame]772 manifest->vm_count = i + 1;
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]773
774 TRY(parse_vm_common(&vm_node, &manifest->vm[i], vm_id));
775
776 if (manifest->vm[i].is_ffa_partition) {
777 TRY(parse_ffa_partition_package(stage1_locked, &vm_node,
778 &manifest->vm[i], vm_id,
779 ppool));
780 } else {
781 TRY(parse_vm(&vm_node, &manifest->vm[i], vm_id));
782 }
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]783 }
784
785 if (!found_primary_vm) {
786 return MANIFEST_ERROR_NO_PRIMARY_VM;
787 }
788
789 return MANIFEST_SUCCESS;
790}
791
792const char *manifest_strerror(enum manifest_return_code ret_code)
793{
794 switch (ret_code) {
795 case MANIFEST_SUCCESS:
796 return "Success";
David Brazdila2358d42020-01-27 18:51:38 +0000[diff] [blame]797 case MANIFEST_ERROR_FILE_SIZE:
798 return "Total size in header does not match file size";
Olivier Deprez62d99e32020-01-09 15:58:07 +0100[diff] [blame]799 case MANIFEST_ERROR_MALFORMED_DTB:
800 return "Malformed device tree blob";
David Brazdila2358d42020-01-27 18:51:38 +0000[diff] [blame]801 case MANIFEST_ERROR_NO_ROOT_NODE:
802 return "Could not find root node in manifest";
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]803 case MANIFEST_ERROR_NO_HYPERVISOR_FDT_NODE:
804 return "Could not find \"hypervisor\" node in manifest";
David Brazdil74e9c3b2019-08-28 11:09:08 +0100[diff] [blame]805 case MANIFEST_ERROR_NOT_COMPATIBLE:
806 return "Hypervisor manifest entry not compatible with Hafnium";
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]807 case MANIFEST_ERROR_RESERVED_VM_ID:
808 return "Manifest defines a VM with a reserved ID";
809 case MANIFEST_ERROR_NO_PRIMARY_VM:
810 return "Manifest does not contain a primary VM entry";
811 case MANIFEST_ERROR_TOO_MANY_VMS:
812 return "Manifest specifies more VMs than Hafnium has "
813 "statically allocated space for";
814 case MANIFEST_ERROR_PROPERTY_NOT_FOUND:
815 return "Property not found";
816 case MANIFEST_ERROR_MALFORMED_STRING:
817 return "Malformed string property";
David Brazdil0dbb41f2019-09-09 18:03:35 +0100[diff] [blame]818 case MANIFEST_ERROR_STRING_TOO_LONG:
819 return "String too long";
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]820 case MANIFEST_ERROR_MALFORMED_INTEGER:
821 return "Malformed integer property";
822 case MANIFEST_ERROR_INTEGER_OVERFLOW:
823 return "Integer overflow";
Andrew Scullae9962e2019-10-03 16:51:16 +0100[diff] [blame]824 case MANIFEST_ERROR_MALFORMED_INTEGER_LIST:
825 return "Malformed integer list property";
Andrew Scullb2c3a242019-11-04 13:52:36 +0000[diff] [blame]826 case MANIFEST_ERROR_MALFORMED_BOOLEAN:
827 return "Malformed boolean property";
Manish Pandey6542f5c2020-04-27 14:37:46 +0100[diff] [blame]828 case MANIFEST_ERROR_MEMORY_REGION_NODE_EMPTY:
829 return "Memory-region node should have at least one entry";
Manish Pandeye68e7932020-04-23 15:29:28 +0100[diff] [blame]830 case MANIFEST_ERROR_DEVICE_REGION_NODE_EMPTY:
831 return "Device-region node should have at least one entry";
David Brazdil7a462ec2019-08-15 12:27:47 +0100[diff] [blame]832 }
833
834 panic("Unexpected manifest return code.");
835}