From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.1270.1689086240976003632 for ; Tue, 11 Jul 2023 07:37:21 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: nishant.sharma@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E04BD1FB; Tue, 11 Jul 2023 07:38:02 -0700 (PDT) Received: from usa.arm.com (iss-desktop02.cambridge.arm.com [10.1.196.79]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id C24B13F740; Tue, 11 Jul 2023 07:37:19 -0700 (PDT) From: "Nishant Sharma" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Sami Mujawar , Thomas Abraham , Sayanta Pattanayak , Achin Gupta Subject: [edk2-platforms][PATCH V1 06/20] ArmPkg: Add support for FFA_MEM_PERM_GET/SET ABIs Date: Tue, 11 Jul 2023 15:36:44 +0100 Message-Id: <20230711143658.781597-7-nishant.sharma@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230711143658.781597-1-nishant.sharma@arm.com> References: <20230711143658.781597-1-nishant.sharma@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Achin Gupta This patch uses the FFA_MEM_PERM_GET/SET ABIs to tweak the permissions of= a set of pages if FF-A v1.1 and above is supported by the SPMC. For FF-A v1= .0 the previous method through FFA_MSG_SEND_DIRECT_REQ/RESP is used. Signed-off-by: Achin Gupta Signed-off-by: Nishant Sharma --- ArmPkg/Include/IndustryStandard/ArmFfaSvc.h | 2 + ArmPkg/Library/StandaloneMmMmuLib/ArmMmuStandaloneMmLib.c | 132 ++++++++= +++++++++--- 2 files changed, 120 insertions(+), 14 deletions(-) diff --git a/ArmPkg/Include/IndustryStandard/ArmFfaSvc.h b/ArmPkg/Include= /IndustryStandard/ArmFfaSvc.h index c80d783fad3f..7987678c996e 100644 --- a/ArmPkg/Include/IndustryStandard/ArmFfaSvc.h +++ b/ArmPkg/Include/IndustryStandard/ArmFfaSvc.h @@ -23,6 +23,8 @@ #define ARM_SVC_ID_FFA_MSG_SEND_DIRECT_RESP_AARCH64 0xC4000070 #define ARM_SVC_ID_FFA_SUCCESS_AARCH32 0x84000061 #define ARM_SVC_ID_FFA_SUCCESS_AARCH64 0xC4000061 +#define ARM_SVC_ID_FFA_MEM_PERM_SET_AARCH32 0x84000089 +#define ARM_SVC_ID_FFA_MEM_PERM_GET_AARCH32 0x84000088 #define ARM_SVC_ID_FFA_ERROR_AARCH32 0x84000060 #define ARM_SVC_ID_FFA_ERROR_AARCH64 0xC4000060 #define ARM_SVC_ID_FFA_MSG_WAIT_AARCH32 0x8400006B diff --git a/ArmPkg/Library/StandaloneMmMmuLib/ArmMmuStandaloneMmLib.c b/= ArmPkg/Library/StandaloneMmMmuLib/ArmMmuStandaloneMmLib.c index 1a41a289ef17..76ef214bcb85 100644 --- a/ArmPkg/Library/StandaloneMmMmuLib/ArmMmuStandaloneMmLib.c +++ b/ArmPkg/Library/StandaloneMmMmuLib/ArmMmuStandaloneMmLib.c @@ -25,6 +25,66 @@ #include #include =20 + +/** + Utility function to determine whether ABIs in FF-A v1.1 to set and get + memory permissions can be used. Ideally, this should be invoked once i= n the + library constructor and set a flag that can be used at runtime. Howeve= r, the + StMM Core invokes this library before constructors are called and befo= re the + StMM image itself is relocated. + + @retval EFI_SUCCESS The availability of ABIs was correctly determi= ned. + @retval Other value Software stack is misconfigured. + +**/ +STATIC +BOOLEAN +UseFfaMemPermAbis ( + VOID + ) +{ + ARM_SVC_ARGS SvcArgs; + UINT32 SpmcFfaVersion; + STATIC UINT16 SpmcMajorVer =3D 0; + STATIC UINT16 SpmcMinorVer =3D 0; + + // Use prefetched version info. if either is not 0, then the version i= s + // already fetched. + if ((SpmcMajorVer | SpmcMinorVer) !=3D 0) { + return (SpmcMajorVer =3D=3D SPM_MAJOR_VERSION_FFA) && (SpmcMinorVer = >=3D SPM_MINOR_VERSION_FFA); + } + + // Nothing to do if FF-A has not be enabled + if (FixedPcdGet32 (PcdFfaEnable) =3D=3D 0) { + return FALSE; + } + + // Prepare the message parameters. + ZeroMem (&SvcArgs, sizeof (ARM_SVC_ARGS)); + SvcArgs.Arg0 =3D ARM_SVC_ID_FFA_VERSION_AARCH32; + SvcArgs.Arg1 =3D FFA_VERSION_COMPILED; + + // Invoke the ABI + ArmCallSvc (&SvcArgs); + + // Check if FF-A is supported and what version + SpmcFfaVersion =3D SvcArgs.Arg0; + + // Damn! FF-A is not supported at all even though we specified v1.0 as= our + // version. However, the feature flag has been turned on. This is a + // misconfigured software stack. So, return an error and assert in a d= ebug build. + if (SpmcFfaVersion =3D=3D ARM_FFA_SPM_RET_NOT_SUPPORTED) { + ASSERT (0); + return FALSE; + } + + SpmcMajorVer =3D (SpmcFfaVersion >> FFA_VERSION_MAJOR_SHIFT) & FFA_VER= SION_MAJOR_MASK; + SpmcMinorVer =3D (SpmcFfaVersion >> FFA_VERSION_MINOR_SHIFT) & FFA_VER= SION_MINOR_MASK; + + return (SpmcMajorVer =3D=3D SPM_MAJOR_VERSION_FFA) && (SpmcMinorVer >=3D= SPM_MINOR_VERSION_FFA); +} + + /** Send memory permission request to target. =20 @param [in, out] SvcArgs Pointer to SVC arguments to send. On @@ -55,6 +115,36 @@ SendMemoryPermissionRequest ( =20 ArmCallSvc (SvcArgs); if (FixedPcdGet32 (PcdFfaEnable) !=3D 0) { + + // Check if FF-A memory permission ABIs were used. + if (UseFfaMemPermAbis()) { + switch (SvcArgs->Arg0) { + + case ARM_SVC_ID_FFA_ERROR_AARCH32: + case ARM_SVC_ID_FFA_ERROR_AARCH64: + switch (SvcArgs->Arg2) { + case ARM_FFA_SPM_RET_INVALID_PARAMETERS: + return EFI_INVALID_PARAMETER; + case ARM_FFA_SPM_RET_NOT_SUPPORTED: + return EFI_UNSUPPORTED; + default: + // Undefined error code received. + ASSERT (0); + return EFI_INVALID_PARAMETER; + } + + case ARM_SVC_ID_FFA_SUCCESS_AARCH32: + case ARM_SVC_ID_FFA_SUCCESS_AARCH64: + *RetVal =3D SvcArgs->Arg2; + return EFI_SUCCESS; + + default: + // Undefined error code received. + ASSERT (0); + return EFI_INVALID_PARAMETER; + } + } + // Get/Set memory attributes is an atomic call, with // StandaloneMm at S-EL0 being the caller and the SPM // core being the callee. Thus there won't be a @@ -164,12 +254,18 @@ GetMemoryPermissions ( // See [1], Section 13.5.5.1 MM_SP_MEMORY_ATTRIBUTES_GET_AARCH64. ZeroMem (&SvcArgs, sizeof (ARM_SVC_ARGS)); if (FixedPcdGet32 (PcdFfaEnable) !=3D 0) { - // See [2], Section 10.2 FFA_MSG_SEND_DIRECT_REQ. - SvcArgs.Arg0 =3D ARM_SVC_ID_FFA_MSG_SEND_DIRECT_REQ; - SvcArgs.Arg1 =3D ARM_FFA_DESTINATION_ENDPOINT_ID; - SvcArgs.Arg2 =3D 0; - SvcArgs.Arg3 =3D ARM_SVC_ID_SP_GET_MEM_ATTRIBUTES; - SvcArgs.Arg4 =3D BaseAddress; + // Check if FF-A memory permission ABIs can be used. + if (UseFfaMemPermAbis()) { + SvcArgs.Arg0 =3D ARM_SVC_ID_FFA_MEM_PERM_GET_AARCH32; + SvcArgs.Arg1 =3D BaseAddress; + } else { + // See [2], Section 10.2 FFA_MSG_SEND_DIRECT_REQ. + SvcArgs.Arg0 =3D ARM_SVC_ID_FFA_MSG_SEND_DIRECT_REQ; + SvcArgs.Arg1 =3D ARM_FFA_DESTINATION_ENDPOINT_ID; + SvcArgs.Arg2 =3D 0; + SvcArgs.Arg3 =3D ARM_SVC_ID_SP_GET_MEM_ATTRIBUTES; + SvcArgs.Arg4 =3D BaseAddress; + } } else { SvcArgs.Arg0 =3D ARM_SVC_ID_SP_GET_MEM_ATTRIBUTES; SvcArgs.Arg1 =3D BaseAddress; @@ -219,14 +315,22 @@ RequestMemoryPermissionChange ( // See [1], Section 13.5.5.2 MM_SP_MEMORY_ATTRIBUTES_SET_AARCH64. ZeroMem (&SvcArgs, sizeof (ARM_SVC_ARGS)); if (FixedPcdGet32 (PcdFfaEnable) !=3D 0) { - // See [2], Section 10.2 FFA_MSG_SEND_DIRECT_REQ. - SvcArgs.Arg0 =3D ARM_SVC_ID_FFA_MSG_SEND_DIRECT_REQ; - SvcArgs.Arg1 =3D ARM_FFA_DESTINATION_ENDPOINT_ID; - SvcArgs.Arg2 =3D 0; - SvcArgs.Arg3 =3D ARM_SVC_ID_SP_SET_MEM_ATTRIBUTES; - SvcArgs.Arg4 =3D BaseAddress; - SvcArgs.Arg5 =3D EFI_SIZE_TO_PAGES (Length); - SvcArgs.Arg6 =3D Permissions; + // Check if FF-A memory permission ABIs can be used. + if (UseFfaMemPermAbis()) { + SvcArgs.Arg0 =3D ARM_SVC_ID_FFA_MEM_PERM_SET_AARCH32; + SvcArgs.Arg1 =3D BaseAddress; + SvcArgs.Arg2 =3D EFI_SIZE_TO_PAGES (Length); + SvcArgs.Arg3 =3D Permissions; + } else { + // See [2], Section 10.2 FFA_MSG_SEND_DIRECT_REQ. + SvcArgs.Arg0 =3D ARM_SVC_ID_FFA_MSG_SEND_DIRECT_REQ; + SvcArgs.Arg1 =3D ARM_FFA_DESTINATION_ENDPOINT_ID; + SvcArgs.Arg2 =3D 0; + SvcArgs.Arg3 =3D ARM_SVC_ID_SP_SET_MEM_ATTRIBUTES; + SvcArgs.Arg4 =3D BaseAddress; + SvcArgs.Arg5 =3D EFI_SIZE_TO_PAGES (Length); + SvcArgs.Arg6 =3D Permissions; + } } else { SvcArgs.Arg0 =3D ARM_SVC_ID_SP_SET_MEM_ATTRIBUTES; SvcArgs.Arg1 =3D BaseAddress; --=20 2.34.1