--- /dev/null
+/** @file\r
+ File managing the MMU for ARMv8 architecture in S-EL0\r
+\r
+ Copyright (c) 2017 - 2021, Arm Limited. All rights reserved.<BR>\r
+ Copyright (c) 2021, Linaro Limited\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+ @par Reference(s):\r
+ - [1] SPM based on the MM interface.\r
+ (https://trustedfirmware-a.readthedocs.io/en/latest/components/\r
+ secure-partition-manager-mm.html)\r
+ - [2] Arm Firmware Framework for Armv8-A, DEN0077A, version 1.0\r
+ (https://developer.arm.com/documentation/den0077/a)\r
+**/\r
+\r
+#include <Uefi.h>\r
+#include <IndustryStandard/ArmMmSvc.h>\r
+#include <IndustryStandard/ArmFfaSvc.h>\r
+\r
+#include <Library/ArmLib.h>\r
+#include <Library/ArmMmuLib.h>\r
+#include <Library/ArmSvcLib.h>\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/PcdLib.h>\r
+\r
+/** Send memory permission request to target.\r
+\r
+ @param [in, out] SvcArgs Pointer to SVC arguments to send. On\r
+ return it contains the response parameters.\r
+ @param [out] RetVal Pointer to return the response value.\r
+\r
+ @retval EFI_SUCCESS Request successfull.\r
+ @retval EFI_INVALID_PARAMETER A parameter is invalid.\r
+ @retval EFI_NOT_READY Callee is busy or not in a state to handle\r
+ this request.\r
+ @retval EFI_UNSUPPORTED This function is not implemented by the\r
+ callee.\r
+ @retval EFI_ABORTED Message target ran into an unexpected error\r
+ and has aborted.\r
+ @retval EFI_ACCESS_DENIED Access denied.\r
+ @retval EFI_OUT_OF_RESOURCES Out of memory to perform operation.\r
+**/\r
+STATIC\r
+EFI_STATUS\r
+SendMemoryPermissionRequest (\r
+ IN OUT ARM_SVC_ARGS *SvcArgs,\r
+ OUT INT32 *RetVal\r
+ )\r
+{\r
+ if ((SvcArgs == NULL) || (RetVal == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ ArmCallSvc (SvcArgs);\r
+ if (FeaturePcdGet (PcdFfaEnable)) {\r
+ // Get/Set memory attributes is an atomic call, with\r
+ // StandaloneMm at S-EL0 being the caller and the SPM\r
+ // core being the callee. Thus there won't be a\r
+ // FFA_INTERRUPT or FFA_SUCCESS response to the Direct\r
+ // Request sent above. This will have to be considered\r
+ // for other Direct Request calls which are not atomic\r
+ // We therefore check only for Direct Response by the\r
+ // callee.\r
+ if (SvcArgs->Arg0 == ARM_SVC_ID_FFA_MSG_SEND_DIRECT_RESP) {\r
+ // A Direct Response means FF-A success\r
+ // Now check the payload for errors\r
+ // The callee sends back the return value\r
+ // in Arg3\r
+ *RetVal = SvcArgs->Arg3;\r
+ } else {\r
+ // If Arg0 is not a Direct Response, that means we\r
+ // have an FF-A error. We need to check Arg2 for the\r
+ // FF-A error code.\r
+ // See [2], Table 10.8: FFA_ERROR encoding.\r
+ *RetVal = SvcArgs->Arg2;\r
+ switch (*RetVal) {\r
+ case ARM_FFA_SPM_RET_INVALID_PARAMETERS:\r
+ return EFI_INVALID_PARAMETER;\r
+\r
+ case ARM_FFA_SPM_RET_DENIED:\r
+ return EFI_ACCESS_DENIED;\r
+\r
+ case ARM_FFA_SPM_RET_NOT_SUPPORTED:\r
+ return EFI_UNSUPPORTED;\r
+\r
+ case ARM_FFA_SPM_RET_BUSY:\r
+ return EFI_NOT_READY;\r
+\r
+ case ARM_FFA_SPM_RET_ABORTED:\r
+ return EFI_ABORTED;\r
+\r
+ default:\r
+ // Undefined error code received.\r
+ ASSERT (0);\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ }\r
+ } else {\r
+ *RetVal = SvcArgs->Arg0;\r
+ }\r
+\r
+ // Check error response from Callee.\r
+ if ((*RetVal & BIT31) != 0) {\r
+ // Bit 31 set means there is an error returned\r
+ // See [1], Section 13.5.5.1 MM_SP_MEMORY_ATTRIBUTES_GET_AARCH64 and\r
+ // Section 13.5.5.2 MM_SP_MEMORY_ATTRIBUTES_SET_AARCH64.\r
+ switch (*RetVal) {\r
+ case ARM_SVC_SPM_RET_NOT_SUPPORTED:\r
+ return EFI_UNSUPPORTED;\r
+\r
+ case ARM_SVC_SPM_RET_INVALID_PARAMS:\r
+ return EFI_INVALID_PARAMETER;\r
+\r
+ case ARM_SVC_SPM_RET_DENIED:\r
+ return EFI_ACCESS_DENIED;\r
+\r
+ case ARM_SVC_SPM_RET_NO_MEMORY:\r
+ return EFI_OUT_OF_RESOURCES;\r
+\r
+ default:\r
+ // Undefined error code received.\r
+ ASSERT (0);\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/** Request the permission attributes of a memory region from S-EL0.\r
+\r
+ @param [in] BaseAddress Base address for the memory region.\r
+ @param [out] MemoryAttributes Pointer to return the memory attributes.\r
+\r
+ @retval EFI_SUCCESS Request successfull.\r
+ @retval EFI_INVALID_PARAMETER A parameter is invalid.\r
+ @retval EFI_NOT_READY Callee is busy or not in a state to handle\r
+ this request.\r
+ @retval EFI_UNSUPPORTED This function is not implemented by the\r
+ callee.\r
+ @retval EFI_ABORTED Message target ran into an unexpected error\r
+ and has aborted.\r
+ @retval EFI_ACCESS_DENIED Access denied.\r
+ @retval EFI_OUT_OF_RESOURCES Out of memory to perform operation.\r
+**/\r
+STATIC\r
+EFI_STATUS\r
+GetMemoryPermissions (\r
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,\r
+ OUT UINT32 *MemoryAttributes\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ INT32 Ret;\r
+ ARM_SVC_ARGS SvcArgs;\r
+\r
+ if (MemoryAttributes == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ // Prepare the message parameters.\r
+ // See [1], Section 13.5.5.1 MM_SP_MEMORY_ATTRIBUTES_GET_AARCH64.\r
+ ZeroMem (&SvcArgs, sizeof (ARM_SVC_ARGS));\r
+ if (FeaturePcdGet (PcdFfaEnable)) {\r
+ // See [2], Section 10.2 FFA_MSG_SEND_DIRECT_REQ.\r
+ SvcArgs.Arg0 = ARM_SVC_ID_FFA_MSG_SEND_DIRECT_REQ;\r
+ SvcArgs.Arg1 = ARM_FFA_DESTINATION_ENDPOINT_ID;\r
+ SvcArgs.Arg2 = 0;\r
+ SvcArgs.Arg3 = ARM_SVC_ID_SP_GET_MEM_ATTRIBUTES;\r
+ SvcArgs.Arg4 = BaseAddress;\r
+ } else {\r
+ SvcArgs.Arg0 = ARM_SVC_ID_SP_GET_MEM_ATTRIBUTES;\r
+ SvcArgs.Arg1 = BaseAddress;\r
+ SvcArgs.Arg2 = 0;\r
+ SvcArgs.Arg3 = 0;\r
+ }\r
+\r
+ Status = SendMemoryPermissionRequest (&SvcArgs, &Ret);\r
+ if (EFI_ERROR (Status)) {\r
+ *MemoryAttributes = 0;\r
+ return Status;\r
+ }\r
+\r
+ *MemoryAttributes = Ret;\r
+ return Status;\r
+}\r
+\r
+/** Set the permission attributes of a memory region from S-EL0.\r
+\r
+ @param [in] BaseAddress Base address for the memory region.\r
+ @param [in] Length Length of the memory region.\r
+ @param [in] Permissions Memory access controls attributes.\r
+\r
+ @retval EFI_SUCCESS Request successfull.\r
+ @retval EFI_INVALID_PARAMETER A parameter is invalid.\r
+ @retval EFI_NOT_READY Callee is busy or not in a state to handle\r
+ this request.\r
+ @retval EFI_UNSUPPORTED This function is not implemented by the\r
+ callee.\r
+ @retval EFI_ABORTED Message target ran into an unexpected error\r
+ and has aborted.\r
+ @retval EFI_ACCESS_DENIED Access denied.\r
+ @retval EFI_OUT_OF_RESOURCES Out of memory to perform operation.\r
+**/\r
+STATIC\r
+EFI_STATUS\r
+RequestMemoryPermissionChange (\r
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINT64 Length,\r
+ IN UINT32 Permissions\r
+ )\r
+{\r
+ INT32 Ret;\r
+ ARM_SVC_ARGS SvcArgs;\r
+\r
+ // Prepare the message parameters.\r
+ // See [1], Section 13.5.5.2 MM_SP_MEMORY_ATTRIBUTES_SET_AARCH64.\r
+ ZeroMem (&SvcArgs, sizeof (ARM_SVC_ARGS));\r
+ if (FeaturePcdGet (PcdFfaEnable)) {\r
+ // See [2], Section 10.2 FFA_MSG_SEND_DIRECT_REQ.\r
+ SvcArgs.Arg0 = ARM_SVC_ID_FFA_MSG_SEND_DIRECT_REQ;\r
+ SvcArgs.Arg1 = ARM_FFA_DESTINATION_ENDPOINT_ID;\r
+ SvcArgs.Arg2 = 0;\r
+ SvcArgs.Arg3 = ARM_SVC_ID_SP_SET_MEM_ATTRIBUTES;\r
+ SvcArgs.Arg4 = BaseAddress;\r
+ SvcArgs.Arg5 = EFI_SIZE_TO_PAGES (Length);\r
+ SvcArgs.Arg6 = Permissions;\r
+ } else {\r
+ SvcArgs.Arg0 = ARM_SVC_ID_SP_SET_MEM_ATTRIBUTES;\r
+ SvcArgs.Arg1 = BaseAddress;\r
+ SvcArgs.Arg2 = EFI_SIZE_TO_PAGES (Length);\r
+ SvcArgs.Arg3 = Permissions;\r
+ }\r
+\r
+ return SendMemoryPermissionRequest (&SvcArgs, &Ret);\r
+}\r
+\r
+EFI_STATUS\r
+ArmSetMemoryRegionNoExec (\r
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINT64 Length\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINT32 MemoryAttributes;\r
+ UINT32 CodePermission;\r
+\r
+ Status = GetMemoryPermissions (BaseAddress, &MemoryAttributes);\r
+ if (!EFI_ERROR (Status)) {\r
+ CodePermission = SET_MEM_ATTR_CODE_PERM_XN << SET_MEM_ATTR_CODE_PERM_SHIFT;\r
+ return RequestMemoryPermissionChange (\r
+ BaseAddress,\r
+ Length,\r
+ MemoryAttributes | CodePermission\r
+ );\r
+ }\r
+ return Status;\r
+}\r
+\r
+EFI_STATUS\r
+ArmClearMemoryRegionNoExec (\r
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINT64 Length\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINT32 MemoryAttributes;\r
+ UINT32 CodePermission;\r
+\r
+ Status = GetMemoryPermissions (BaseAddress, &MemoryAttributes);\r
+ if (!EFI_ERROR (Status)) {\r
+ CodePermission = SET_MEM_ATTR_CODE_PERM_XN << SET_MEM_ATTR_CODE_PERM_SHIFT;\r
+ return RequestMemoryPermissionChange (\r
+ BaseAddress,\r
+ Length,\r
+ MemoryAttributes & ~CodePermission\r
+ );\r
+ }\r
+ return Status;\r
+}\r
+\r
+EFI_STATUS\r
+ArmSetMemoryRegionReadOnly (\r
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINT64 Length\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINT32 MemoryAttributes;\r
+ UINT32 DataPermission;\r
+\r
+ Status = GetMemoryPermissions (BaseAddress, &MemoryAttributes);\r
+ if (!EFI_ERROR (Status)) {\r
+ DataPermission = SET_MEM_ATTR_DATA_PERM_RO << SET_MEM_ATTR_DATA_PERM_SHIFT;\r
+ return RequestMemoryPermissionChange (\r
+ BaseAddress,\r
+ Length,\r
+ MemoryAttributes | DataPermission\r
+ );\r
+ }\r
+ return Status;\r
+}\r
+\r
+EFI_STATUS\r
+ArmClearMemoryRegionReadOnly (\r
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINT64 Length\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINT32 MemoryAttributes;\r
+ UINT32 PermissionRequest;\r
+\r
+ Status = GetMemoryPermissions (BaseAddress, &MemoryAttributes);\r
+ if (!EFI_ERROR (Status)) {\r
+ PermissionRequest = SET_MEM_ATTR_MAKE_PERM_REQUEST (SET_MEM_ATTR_DATA_PERM_RW,\r
+ MemoryAttributes);\r
+ return RequestMemoryPermissionChange (\r
+ BaseAddress,\r
+ Length,\r
+ PermissionRequest\r
+ );\r
+ }\r
+ return Status;\r
+}\r