| J-Alves | 6665225 | 2022-07-06 09:49:51 +0100 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2022 The Hafnium Authors. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style |
| 5 | * license that can be found in the LICENSE file or at |
| 6 | * https://opensource.org/licenses/BSD-3-Clause. |
| 7 | */ |
| 8 | |
| 9 | /** |
| 10 | * The maximum number of memory sharing handles which may be active at once. A |
| 11 | * DONATE handle is active from when it is sent to when it is retrieved; a SHARE |
| 12 | * or LEND handle is active from when it is sent to when it is reclaimed. |
| 13 | */ |
| 14 | #define MAX_MEM_SHARES 100 |
| 15 | |
| J-Alves | d15905d | 2023-02-20 11:52:37 +0000 | [diff] [blame] | 16 | #include <stdbool.h> |
| 17 | #include <stdint.h> |
| 18 | |
| 19 | #include "hf/check.h" |
| 20 | #include "hf/ffa_memory.h" |
| 21 | #include "hf/mpool.h" |
| 22 | #include "hf/vm.h" |
| 23 | |
| 24 | #include "vmapi/hf/ffa.h" |
| 25 | |
| J-Alves | 6665225 | 2022-07-06 09:49:51 +0100 | [diff] [blame] | 26 | /** |
| 27 | * The maximum number of fragments into which a memory sharing message may be |
| 28 | * broken. |
| 29 | */ |
| 30 | #define MAX_FRAGMENTS 20 |
| 31 | |
| 32 | static_assert(sizeof(struct ffa_memory_region_constituent) % 16 == 0, |
| 33 | "struct ffa_memory_region_constituent must be a multiple of 16 " |
| 34 | "bytes long."); |
| 35 | static_assert(sizeof(struct ffa_composite_memory_region) % 16 == 0, |
| 36 | "struct ffa_composite_memory_region must be a multiple of 16 " |
| 37 | "bytes long."); |
| 38 | static_assert(sizeof(struct ffa_memory_region_attributes) == 4, |
| 39 | "struct ffa_memory_region_attributes must be 4 bytes long."); |
| 40 | static_assert(sizeof(struct ffa_memory_access) % 16 == 0, |
| 41 | "struct ffa_memory_access must be a multiple of 16 bytes long."); |
| 42 | static_assert(sizeof(struct ffa_memory_region) % 16 == 0, |
| 43 | "struct ffa_memory_region must be a multiple of 16 bytes long."); |
| 44 | static_assert(sizeof(struct ffa_mem_relinquish) % 16 == 0, |
| 45 | "struct ffa_mem_relinquish must be a multiple of 16 " |
| 46 | "bytes long."); |
| Demi Marie Obenour | d467741 | 2023-02-03 20:35:12 -0500 | [diff] [blame] | 47 | static_assert(sizeof(((struct ffa_memory_region){0}).receiver_count == 4), |
| 48 | "struct ffa_memory_region::receiver_count must be 4 bytes long"); |
| J-Alves | 6665225 | 2022-07-06 09:49:51 +0100 | [diff] [blame] | 49 | |
| 50 | struct ffa_memory_share_state { |
| 51 | /** |
| 52 | * The memory region being shared, or NULL if this share state is |
| 53 | * unallocated. |
| 54 | */ |
| 55 | struct ffa_memory_region *memory_region; |
| 56 | |
| 57 | struct ffa_memory_region_constituent *fragments[MAX_FRAGMENTS]; |
| 58 | |
| 59 | /** The number of constituents in each fragment. */ |
| 60 | uint32_t fragment_constituent_counts[MAX_FRAGMENTS]; |
| 61 | |
| 62 | /** |
| 63 | * The number of valid elements in the `fragments` and |
| 64 | * `fragment_constituent_counts` arrays. |
| 65 | */ |
| 66 | uint32_t fragment_count; |
| 67 | |
| 68 | /** |
| 69 | * The FF-A function used for sharing the memory. Must be one of |
| 70 | * FFA_MEM_DONATE_32, FFA_MEM_LEND_32 or FFA_MEM_SHARE_32 if the |
| 71 | * share state is allocated, or 0. |
| 72 | */ |
| 73 | uint32_t share_func; |
| 74 | |
| 75 | /** |
| 76 | * The sender's original mode before invoking the FF-A function for |
| 77 | * sharing the memory. |
| 78 | * This is used to reset the original configuration when sender invokes |
| 79 | * FFA_MEM_RECLAIM_32. |
| 80 | */ |
| 81 | uint32_t sender_orig_mode; |
| 82 | |
| 83 | /** |
| 84 | * True if all the fragments of this sharing request have been sent and |
| 85 | * Hafnium has updated the sender page table accordingly. |
| 86 | */ |
| 87 | bool sending_complete; |
| 88 | |
| 89 | /** |
| 90 | * How many fragments of the memory region each recipient has retrieved |
| 91 | * so far. The order of this array matches the order of the endpoint |
| 92 | * memory access descriptors in the memory region descriptor. Any |
| 93 | * entries beyond the receiver_count will always be 0. |
| 94 | */ |
| 95 | uint32_t retrieved_fragment_count[MAX_MEM_SHARE_RECIPIENTS]; |
| 96 | |
| J-Alves | 3c5b207 | 2022-11-21 12:45:40 +0000 | [diff] [blame^] | 97 | /* |
| 98 | * This is set when one of the receivers has requested that the page is |
| 99 | * cleared after relinquish. This is reset when the memory is cleared. |
| 100 | * In a multi-receiver case this is when all receivers relinquish the |
| 101 | * memory. |
| 102 | */ |
| 103 | bool clear_after_relinquish; |
| 104 | |
| J-Alves | 6665225 | 2022-07-06 09:49:51 +0100 | [diff] [blame] | 105 | /** |
| 106 | * Field for the SPMC to keep track of how many fragments of the memory |
| 107 | * region the hypervisor has managed to retrieve, using a |
| 108 | * `hypervisor retrieve request`, as defined by FF-A v1.1 EAC0 |
| 109 | * specification. |
| 110 | */ |
| 111 | uint32_t hypervisor_fragment_count; |
| 112 | }; |
| 113 | |
| 114 | /** |
| 115 | * Encapsulates the set of share states while the `share_states_lock` is held. |
| 116 | */ |
| 117 | struct share_states_locked { |
| 118 | struct ffa_memory_share_state *share_states; |
| 119 | }; |
| 120 | |
| 121 | bool allocate_share_state(struct share_states_locked share_states, |
| 122 | uint32_t share_func, |
| 123 | struct ffa_memory_region *memory_region, |
| 124 | uint32_t fragment_length, ffa_memory_handle_t handle, |
| 125 | struct ffa_memory_share_state **share_state_ret); |
| 126 | struct share_states_locked share_states_lock(void); |
| 127 | void share_states_unlock(struct share_states_locked *share_states); |
| J-Alves | fdd2927 | 2022-07-19 13:16:31 +0100 | [diff] [blame] | 128 | void share_state_free(struct share_states_locked share_states, |
| 129 | struct ffa_memory_share_state *share_state, |
| 130 | struct mpool *page_pool); |
| 131 | uint32_t share_state_next_fragment_offset( |
| 132 | struct share_states_locked share_states, |
| 133 | struct ffa_memory_share_state *share_state); |
| 134 | /** Checks whether the given share state has been fully sent. */ |
| 135 | bool share_state_sending_complete(struct share_states_locked share_states, |
| 136 | struct ffa_memory_share_state *share_state); |
| J-Alves | 6665225 | 2022-07-06 09:49:51 +0100 | [diff] [blame] | 137 | void dump_share_states(void); |
| 138 | |
| 139 | /** |
| 140 | * Return the offset to the first constituent within the |
| 141 | * `ffa_composite_memory_region` for the given receiver from an |
| 142 | * `ffa_memory_region`. The caller must check that the receiver_index is within |
| 143 | * bounds, and that it has a composite memory region offset. |
| 144 | */ |
| 145 | static inline uint32_t ffa_composite_constituent_offset( |
| 146 | struct ffa_memory_region *memory_region, uint32_t receiver_index) |
| 147 | { |
| 148 | CHECK(receiver_index < memory_region->receiver_count); |
| 149 | CHECK(memory_region->receivers[receiver_index] |
| 150 | .composite_memory_region_offset != 0); |
| 151 | |
| 152 | return memory_region->receivers[receiver_index] |
| 153 | .composite_memory_region_offset + |
| 154 | sizeof(struct ffa_composite_memory_region); |
| 155 | } |
| 156 | |
| 157 | struct ffa_value ffa_memory_send_validate( |
| 158 | struct vm_locked from_locked, struct ffa_memory_region *memory_region, |
| 159 | uint32_t memory_share_length, uint32_t fragment_length, |
| 160 | uint32_t share_func); |
| 161 | struct ffa_value ffa_send_check_update( |
| 162 | struct vm_locked from_locked, |
| 163 | struct ffa_memory_region_constituent **fragments, |
| 164 | uint32_t *fragment_constituent_counts, uint32_t fragment_count, |
| 165 | uint32_t share_func, struct ffa_memory_access *receivers, |
| 166 | uint32_t receivers_count, struct mpool *page_pool, bool clear, |
| 167 | uint32_t *orig_from_mode_ret); |
| J-Alves | fdd2927 | 2022-07-19 13:16:31 +0100 | [diff] [blame] | 168 | struct ffa_value ffa_memory_send_complete( |
| 169 | struct vm_locked from_locked, struct share_states_locked share_states, |
| 170 | struct ffa_memory_share_state *share_state, struct mpool *page_pool, |
| 171 | uint32_t *orig_from_mode_ret); |
| 172 | struct ffa_value ffa_memory_send_continue_validate( |
| 173 | struct share_states_locked share_states, ffa_memory_handle_t handle, |
| 174 | struct ffa_memory_share_state **share_state_ret, ffa_vm_id_t from_vm_id, |
| 175 | struct mpool *page_pool); |
| J-Alves | fc19b37 | 2022-07-06 12:17:35 +0100 | [diff] [blame] | 176 | struct ffa_value ffa_retrieve_check_transition( |
| 177 | struct vm_locked to, uint32_t share_func, |
| 178 | struct ffa_memory_region_constituent **fragments, |
| 179 | uint32_t *fragment_constituent_counts, uint32_t fragment_count, |
| 180 | uint32_t memory_to_attributes, uint32_t *to_mode); |
| J-Alves | b5084cf | 2022-07-06 14:20:12 +0100 | [diff] [blame] | 181 | struct ffa_value ffa_retrieve_check_update( |
| 182 | struct vm_locked to_locked, ffa_vm_id_t from_id, |
| 183 | struct ffa_memory_region_constituent **fragments, |
| 184 | uint32_t *fragment_constituent_counts, uint32_t fragment_count, |
| 185 | uint32_t memory_to_attributes, uint32_t share_func, bool clear, |
| 186 | struct mpool *page_pool); |
| J-Alves | fdd2927 | 2022-07-19 13:16:31 +0100 | [diff] [blame] | 187 | uint32_t ffa_memory_region_get_receiver(struct ffa_memory_region *memory_region, |
| 188 | ffa_vm_id_t receiver); |
| 189 | bool ffa_region_group_identity_map( |
| 190 | struct vm_locked vm_locked, |
| 191 | struct ffa_memory_region_constituent **fragments, |
| 192 | const uint32_t *fragment_constituent_counts, uint32_t fragment_count, |
| 193 | uint32_t mode, struct mpool *ppool, bool commit); |
| 194 | bool memory_region_receivers_from_other_world( |
| 195 | struct ffa_memory_region *memory_region); |