TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / c56f9013d10c6a637ea1aa5b31c999c6f38350ab / . / inc / hf / ffa_memory_internal.h
blob: dac2c9455b5210479b277be15aca9e0f07427660 [file] [log] [blame]
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]1/*
2 * Copyright 2022 The Hafnium Authors.
3 *
4 * Use of this source code is governed by a BSD-style
5 * license that can be found in the LICENSE file or at
6 * https://opensource.org/licenses/BSD-3-Clause.
7 */
8
9/**
10 * The maximum number of memory sharing handles which may be active at once. A
11 * DONATE handle is active from when it is sent to when it is retrieved; a SHARE
12 * or LEND handle is active from when it is sent to when it is reclaimed.
13 */
14#define MAX_MEM_SHARES 100
15
J-Alvesd15905d2023-02-20 11:52:37 +0000[diff] [blame]16#include <stdbool.h>
17#include <stdint.h>
18
19#include "hf/check.h"
20#include "hf/ffa_memory.h"
21#include "hf/mpool.h"
22#include "hf/vm.h"
23
24#include "vmapi/hf/ffa.h"
25
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]26/**
27 * The maximum number of fragments into which a memory sharing message may be
28 * broken.
29 */
30#define MAX_FRAGMENTS 20
31
32static_assert(sizeof(struct ffa_memory_region_constituent) % 16 == 0,
33 "struct ffa_memory_region_constituent must be a multiple of 16 "
34 "bytes long.");
35static_assert(sizeof(struct ffa_composite_memory_region) % 16 == 0,
36 "struct ffa_composite_memory_region must be a multiple of 16 "
37 "bytes long.");
38static_assert(sizeof(struct ffa_memory_region_attributes) == 4,
39 "struct ffa_memory_region_attributes must be 4 bytes long.");
40static_assert(sizeof(struct ffa_memory_access) % 16 == 0,
41 "struct ffa_memory_access must be a multiple of 16 bytes long.");
42static_assert(sizeof(struct ffa_memory_region) % 16 == 0,
43 "struct ffa_memory_region must be a multiple of 16 bytes long.");
44static_assert(sizeof(struct ffa_mem_relinquish) % 16 == 0,
45 "struct ffa_mem_relinquish must be a multiple of 16 "
46 "bytes long.");
47
48struct ffa_memory_share_state {
49 /**
50 * The memory region being shared, or NULL if this share state is
51 * unallocated.
52 */
53 struct ffa_memory_region *memory_region;
54
55 struct ffa_memory_region_constituent *fragments[MAX_FRAGMENTS];
56
57 /** The number of constituents in each fragment. */
58 uint32_t fragment_constituent_counts[MAX_FRAGMENTS];
59
60 /**
61 * The number of valid elements in the `fragments` and
62 * `fragment_constituent_counts` arrays.
63 */
64 uint32_t fragment_count;
65
66 /**
67 * The FF-A function used for sharing the memory. Must be one of
68 * FFA_MEM_DONATE_32, FFA_MEM_LEND_32 or FFA_MEM_SHARE_32 if the
69 * share state is allocated, or 0.
70 */
71 uint32_t share_func;
72
73 /**
74 * The sender's original mode before invoking the FF-A function for
75 * sharing the memory.
76 * This is used to reset the original configuration when sender invokes
77 * FFA_MEM_RECLAIM_32.
78 */
79 uint32_t sender_orig_mode;
80
81 /**
82 * True if all the fragments of this sharing request have been sent and
83 * Hafnium has updated the sender page table accordingly.
84 */
85 bool sending_complete;
86
87 /**
88 * How many fragments of the memory region each recipient has retrieved
89 * so far. The order of this array matches the order of the endpoint
90 * memory access descriptors in the memory region descriptor. Any
91 * entries beyond the receiver_count will always be 0.
92 */
93 uint32_t retrieved_fragment_count[MAX_MEM_SHARE_RECIPIENTS];
94
95 /**
96 * Field for the SPMC to keep track of how many fragments of the memory
97 * region the hypervisor has managed to retrieve, using a
98 * `hypervisor retrieve request`, as defined by FF-A v1.1 EAC0
99 * specification.
100 */
101 uint32_t hypervisor_fragment_count;
102};
103
104/**
105 * Encapsulates the set of share states while the `share_states_lock` is held.
106 */
107struct share_states_locked {
108 struct ffa_memory_share_state *share_states;
109};
110
111bool allocate_share_state(struct share_states_locked share_states,
112 uint32_t share_func,
113 struct ffa_memory_region *memory_region,
114 uint32_t fragment_length, ffa_memory_handle_t handle,
115 struct ffa_memory_share_state **share_state_ret);
116struct share_states_locked share_states_lock(void);
117void share_states_unlock(struct share_states_locked *share_states);
J-Alvesfdd29272022-07-19 13:16:31 +0100[diff] [blame]118void share_state_free(struct share_states_locked share_states,
119 struct ffa_memory_share_state *share_state,
120 struct mpool *page_pool);
121uint32_t share_state_next_fragment_offset(
122 struct share_states_locked share_states,
123 struct ffa_memory_share_state *share_state);
124/** Checks whether the given share state has been fully sent. */
125bool share_state_sending_complete(struct share_states_locked share_states,
126 struct ffa_memory_share_state *share_state);
J-Alves66652252022-07-06 09:49:51 +0100[diff] [blame]127void dump_share_states(void);
128
129/**
130 * Return the offset to the first constituent within the
131 * `ffa_composite_memory_region` for the given receiver from an
132 * `ffa_memory_region`. The caller must check that the receiver_index is within
133 * bounds, and that it has a composite memory region offset.
134 */
135static inline uint32_t ffa_composite_constituent_offset(
136 struct ffa_memory_region *memory_region, uint32_t receiver_index)
137{
138 CHECK(receiver_index < memory_region->receiver_count);
139 CHECK(memory_region->receivers[receiver_index]
140 .composite_memory_region_offset != 0);
141
142 return memory_region->receivers[receiver_index]
143 .composite_memory_region_offset +
144 sizeof(struct ffa_composite_memory_region);
145}
146
147struct ffa_value ffa_memory_send_validate(
148 struct vm_locked from_locked, struct ffa_memory_region *memory_region,
149 uint32_t memory_share_length, uint32_t fragment_length,
150 uint32_t share_func);
151struct ffa_value ffa_send_check_update(
152 struct vm_locked from_locked,
153 struct ffa_memory_region_constituent **fragments,
154 uint32_t *fragment_constituent_counts, uint32_t fragment_count,
155 uint32_t share_func, struct ffa_memory_access *receivers,
156 uint32_t receivers_count, struct mpool *page_pool, bool clear,
157 uint32_t *orig_from_mode_ret);
J-Alvesfdd29272022-07-19 13:16:31 +0100[diff] [blame]158struct ffa_value ffa_memory_send_complete(
159 struct vm_locked from_locked, struct share_states_locked share_states,
160 struct ffa_memory_share_state *share_state, struct mpool *page_pool,
161 uint32_t *orig_from_mode_ret);
162struct ffa_value ffa_memory_send_continue_validate(
163 struct share_states_locked share_states, ffa_memory_handle_t handle,
164 struct ffa_memory_share_state **share_state_ret, ffa_vm_id_t from_vm_id,
165 struct mpool *page_pool);
J-Alvesfc19b372022-07-06 12:17:35 +0100[diff] [blame]166struct ffa_value ffa_retrieve_check_transition(
167 struct vm_locked to, uint32_t share_func,
168 struct ffa_memory_region_constituent **fragments,
169 uint32_t *fragment_constituent_counts, uint32_t fragment_count,
170 uint32_t memory_to_attributes, uint32_t *to_mode);
J-Alvesb5084cf2022-07-06 14:20:12 +0100[diff] [blame]171struct ffa_value ffa_retrieve_check_update(
172 struct vm_locked to_locked, ffa_vm_id_t from_id,
173 struct ffa_memory_region_constituent **fragments,
174 uint32_t *fragment_constituent_counts, uint32_t fragment_count,
175 uint32_t memory_to_attributes, uint32_t share_func, bool clear,
176 struct mpool *page_pool);
J-Alvesfdd29272022-07-19 13:16:31 +0100[diff] [blame]177uint32_t ffa_memory_region_get_receiver(struct ffa_memory_region *memory_region,
178 ffa_vm_id_t receiver);
179bool ffa_region_group_identity_map(
180 struct vm_locked vm_locked,
181 struct ffa_memory_region_constituent **fragments,
182 const uint32_t *fragment_constituent_counts, uint32_t fragment_count,
183 uint32_t mode, struct mpool *ppool, bool commit);
184bool memory_region_receivers_from_other_world(
185 struct ffa_memory_region *memory_region);