Add cycle & instret privilege mode filtering support #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We add an optional cold_boot_allowed() platform callback which allows platform support to decide which HARTs can do cold boot initialization. If this platform callback is not available then any HART can do cold boot initialization. Signed-off-by: Anup Patel <[email protected]>
We add a generic platform override callback to allow platform specific selection of cold boot HART. Signed-off-by: Anup Patel <[email protected]>
We add a generic platform override callback to allow platform specific firmware init. Signed-off-by: Wei Liang Lim <[email protected]> Reviewed-by: Chee Hong Ang <[email protected]> Reviewed-by: Jun Liang Tan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Add Starfive JH7110 platform implementation Signed-off-by: Wei Liang Lim <[email protected]> Reviewed-by: Chee Hong Ang <[email protected]> Reviewed-by: Jun Liang Tan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
'priv' argument of sbi_hsm_hart_start() and sbi_hsm_hart_suspend() may mislead people to think it stands for 'privilege mode', but it is not. Change it to 'arg1' to clearly indicate the a1 register. Signed-off-by: Bin Meng <[email protected]> Reviewed-by: Samuel Holland <[email protected]> Tested-by: Samuel Holland <[email protected]> Reviewed-by: Atish Patra <[email protected]> Reviewed-by: Anup Patel <[email protected]>
The RISC-V convention for the privilege mode is capital letter, like 'M-mode', instead of 'm-mode'. Signed-off-by: Bin Meng <[email protected]> Reviewed-by: Atish Patra <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Split the permissions for M-mode and SU-mode. This would help if different sections of OpenSBI need to be given different permissions and if M-mode has different permisssions than the SU-mode over a region. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]> Tested-by: Anup Patel <[email protected]>
Use the fine grained permisssion semantics for address validation of a given region. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]> Tested-by: Anup Patel <[email protected]>
Change the zero flag to M-mode R/W/X flag for the firmware region. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]> Tested-by: Anup Patel <[email protected]>
Use the fine grained permission bits to decide if the region permissions are to be enforced on all modes. Also use the new permission bits for deciding on R/W/X bits in pmpcfg register. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]> Tested-by: Anup Patel <[email protected]>
With the finer permission semantics, the region access permissions must be displayed separately for M and SU mode. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]> Tested-by: Anup Patel <[email protected]>
Use the newer SU-{R/W/X} flags for checking and assigning region
permissions.
Signed-off-by: Himanshu Chauhan <[email protected]>
Reviewed-by: Anup Patel <[email protected]>
Tested-by: Anup Patel <[email protected]>
The M-mode regions can only be added to the root domain. The non-root domains shouldn't be able to add them from FDT. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]> Tested-by: Anup Patel <[email protected]>
Add the M-mode readable/writable flags to mmio regions of various drivers. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]> Tested-by: Anup Patel <[email protected]>
Updated the various permissions bits available for domains defined in DT node and restrictions on them. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]> Tested-by: Anup Patel <[email protected]>
The two referenced commits passed incorrect bounds to the PLIC save/
restore functions, causing out-of-bounds memory access. The functions
expect "num" to be the 1-based number of interrupt sources, equivalent
to the "riscv,ndev" devicetree property. Thus, "num" must be strictly
smaller than the 0-based size of the array storing the register values.
However, the referenced commits incorrectly passed in the unmodified
size of the array as "num". Fix this by reducing PLIC_SOURCES (matching
"riscv,ndev" on this platform), while keeping the same array sizes.
Addresses-Coverity-ID: 1530251 ("Out-of-bounds access")
Addresses-Coverity-ID: 1530252 ("Out-of-bounds access")
Fixes: 8509e46 ("lib: utils/irqchip: plic: Ensure no out-of-bound access in priority save/restore helpers")
Fixes: 9a2eeb4 ("lib: utils/irqchip: plic: Ensure no out-of-bound access in context save/restore helpers")
Signed-off-by: Samuel Holland <[email protected]>
Reviewed-by: Anup Patel <[email protected]>
Fix hyperlink due to the typo. Signed-off-by: Yu Chien Peter Lin <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Make use of generic warm-boot path when platform hart_stop callback returns SBI_ENOTSUPP, in case certain hart can not turn off its power domain, or it detects some error occured in power management unit, it can fall through warm-boot flow and wait for interrupt in sbi_hsm_hart_wait(). Also improves comment in sbi_hsm_hart_wait(). Signed-off-by: Yu Chien Peter Lin <[email protected]> Reviewed-by: Andrew Jones <[email protected]> Reviewed-by: Atish Patra <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Provide __always_inline to sbi_types header. Signed-off-by: Yu Chien Peter Lin <[email protected]> Reviewed-by: Anup Patel <[email protected]>
This patch adds atcsmu support for Andes AE350 platforms. The SMU provides system management capabilities, including clock, reset and power control based on power domain partitions. Signed-off-by: Yu Chien Peter Lin <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Add hart_start() and hart_stop() callbacks for the multi-core ae350
platform, it utilizes the ATCSMU to put the harts into power-gated
deep sleep mode. The programming sequence is stated as below:
1. Set the wakeup events to PCSm_WE
2. Set the sleep command to PCSm_CTL
3. Set the reset vector to HARTm_RESET_VECTOR_{LO|HI}
4. Write back and invalidate D-cache by executing the CCTL command L1D_WBINVAL_ALL
5. Disable I/D-cache by clearing mcache_ctl.{I|D}C_EN
6. Disable D-cache coherency by clearing mcache_ctl_.DC_COHEN
7. Wait for mcache_ctl.DC_COHSTA to be cleared to ensure the previous step is completed
8. Execute WFI
Signed-off-by: Yu Chien Peter Lin <[email protected]>
Reviewed-by: Anup Patel <[email protected]>
…csmu.h Reuse the smu related macros and function in atcsmu.h. Signed-off-by: Yu Chien Peter Lin <[email protected]> Reviewed-by: Anup Patel <[email protected]>
The commit 9e0ba09 introduced more fine grained permissions for memory regions and did not update the fdt_reserved_memory_fixup() function. As a result, the fdt_reserved_memory_fixup continued to use the older coarse permissions which causes the reserved memory node to be not inserted into the DT. To fix the above issue, we correct the flags used for memory region permission checks in the fdt_reserved_memory_fixup() function. Fixes: 9e0ba09 ("include: sbi: Fine grain the permissions for M and SU modes") Signed-off-by: Mayuresh Chitale <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Split the RO/RX and RW sections so that they can have independent pmp entries with required permissions. The split size is ensured to be a power-of-2 as required by pmp. _fw_rw_offset symbol marks the beginning of the data section. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Currently, the dynsym and reladyn sections are under RW data. They are moved to the Read-only/Executable region. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Add the RW section offset, provided by _fw_rw_offset symbol, to the scratch structure. This will be used to program separate pmp entry for RW section. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Print the RW section offset when firmware base and size is being printed. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Add two entries for firmware in the root domain: 1. TEXT: fw_start to _fw_rw_offset with RX permissions 2. DATA: _fw_rw_offset to fw_size with RW permissions These permissions are still not enforced from M-mode but lay the ground work for enforcing them for M-mode. SU-mode don't have any access to these regions. Sample output: Domain0 Region01 : 0x0000000080000000-0x000000008001ffff M: (R,X) S/U: () Domain0 Region02 : 0x0000000080020000-0x000000008003ffff M: (R,W) S/U: () Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
…oot domain Renesas RZ/Five RISC-V SoC has Instruction local memory and Data local memory (ILM & DLM) mapped between region 0x30000 - 0x4FFFF. When a virtual address falls within this range, the MMU doesn't trigger a page fault; it assumes the virtual address is a physical address which can cause undesired behaviours for statically linked applications/libraries. To avoid this, add the ILM/DLM memory regions to the root domain region of the PMPU with permissions set to 0x0 for S/U modes so that any access to these regions gets blocked and for M-mode we grant full access (R/W/X). Signed-off-by: Lad Prabhakar <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Since the availability and latency properties of CPU idle states depend on the specific SBI HSM implementation, it is appropriate that the idle states are added to the devicetree at runtime by that implementation. This helper function adds a platform-provided array of idle states to the devicetree, following the SBI idle state binding. Reviewed-by: Anup Patel <[email protected]> Signed-off-by: Samuel Holland <[email protected]>
Recently ratified Zihpm ISA extension covers all [m]hpm* CSRs so we add Zihpm as a HART ISA extension in OpenSBI. Signed-off-by: Anup Patel <[email protected]> Reviewed-by: Xiang W <[email protected]>
Let us follow alphabetical order for HART ISA extension so that it is simpler to maintain. Signed-off-by: Anup Patel <[email protected]> Reviewed-by: Xiang W <[email protected]>
The hart_pmu_get_allowed_bits() function detects implemented bits of mhpm counters so let us rename this function accordingly. Signed-off-by: Anup Patel <[email protected]> Reviewed-by: Xiang W <[email protected]>
…CSRs Fix Priv spec version typo in commit d4b563c ("lib: sbi: Remove MCOUNTEREN and SCOUNTEREN hart features"). At least Priv spec v1.11 is required for [m|s]counteren and mcountinhibit CSRs. Fixes: d4b563c ("lib: sbi: Remove MCOUNTEREN and SCOUNTEREN hart features") Signed-off-by: Ley Foon Tan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
The flags for print should be able to appear in any order. The previous code required the order to be fixed. Signed-off-by: Xiang W <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Left alignment and padding '0' should not exist at the same time, this patch skips padding. Signed-off-by: Xiang W <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Adds + flags for print, prefixing positive numbers with + when this flags is present Signed-off-by: Xiang W <[email protected]> Reviewed-by: Anup Patel <[email protected]>
The space flag is used to add a space before positive numbers, and apostrophe is used to print the thousand separator. Add code to ignore these two flags Signed-off-by: Xiang W <[email protected]> Reviewed-by: Anup Patel <[email protected]>
The information of sg/b/letbase can be obtained by the type character, simplifying the parameter by passing the type directly. Signed-off-by: Xiang W <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Add o type for print to print octal numbers Signed-off-by: Xiang W <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Fix two bug:
> printf("%#08x", 0x123); /* print 0000x123 */
> printf("%#x", 0); /* print 0x0 */
Signed-off-by: Xiang W <[email protected]>
Reviewed-by: Anup Patel <[email protected]>
When doing width = width - strlen(string) in prints there is no need to consider the case that witdh may be less than 0. This is because the code to do filling needs to be executed under the condition that width > 0. Signed-off-by: Xiang W <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Because *out needs to reserve a byte to hold '\0', no more characters should be added to the buffer when *out has one byte left, and the buffer size *out_len should not be modified. this patch prevents the correction of *out_len when *out_len is 1. Signed-off-by: Xiang W <[email protected]> Reviewed-by: Anup Patel <[email protected]>
A single scan of the format char may add multiple characters to the tbuf, causing a buffer overflow. You should check if tbuf is full in printc so that it does not cause a buffer overflow. Signed-off-by: Xiang W <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Fix special case: sbi_snprintf(out, out_len, ...) when out_len equal 1, The previous code will not fill the buffer with any char. Signed-off-by: Xiang W <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Currently, we see following compile error in the designeware GPIO driver
for RV32 systems:
lib/utils/gpio/fdt_gpio_designware.c:115:20: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
115 | chip->dr = (void *)addr + (bank * 0xc);
| ^
lib/utils/gpio/fdt_gpio_designware.c:116:21: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
116 | chip->ext = (void *)addr + (bank * 4) + 0x50;
We fix the above error using an explicit type-cast to 'unsigned long'.
Fixes: 7828eeb ("gpio/desginware: add Synopsys DesignWare APB GPIO support")
Signed-off-by: Anup Patel <[email protected]>
Reviewed-by: Xiang W <[email protected]>
KevinRSX
force-pushed
the
dev/kaiwenx/smcntrpmf_upstream
branch
2 times, most recently
from
0343e67 to
1a71428
Compare
- Add macros for Machine Security Configuration (mseccfg) CSR - Add macros to access/manipulate bits in msecfg CSR Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
- Add a function to disable a given PMP entry. - Add a function to check if a given entry is disabled. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Smepmp specification defines a truth table based on which the access is allowed to different modes. This patch adds different flags based on this truth table. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
- Add Smepmp as extension in sbi_hart_extensions enum - Return "smepmp" string for Smepmp extension from sbi_hart_extension_id2string Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
- Add function to parse ISA string in FDT. - Set Smepmp feature bit in extensions if "smepmp" string is found in ISA string. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Since pmp entries have implicit priority on index, previous entries will deny access to SU on M-mode region. Also, M-mode will not have access to SU region while previous entries will allow access to M-mode regions. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
Configure PMP at last when all other initializations have been done. Because if SMEPMP is detected, M-mode access to the S/U space will be rescinded. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
- If Smepmp is enabled, the access flags of an entry are determined based on truth table defined in Smepmp. - First PMP entry (index 0) is reserved. - Existing boot PMP entries start from index 1. - Since enabling Smepmp revokes the access privileges of the M-mode software on S/U-mode region, first PMP entry is used to map/unmap the shared memory between M and S/U-mode. This allows a temporary access window for the M-mode software to read/write to S/U-mode memory region. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
When Smepmp is enabled, M-mode will need to map/unmap the shared memory before it can read/write to it. This patch adds functions to create dynamic short-lived mappings. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
With Smepmp enabled, it is necessary for shared memory from S/U mode to be mapped/unmapped before and after read/write of the memory region. This patch maps the debug console shared memory before accessing it. Signed-off-by: Himanshu Chauhan <[email protected]> Reviewed-by: Anup Patel <[email protected]>
This adds the support for ISA extension smcntrpmf. Signed-off-by: Kaiwen Xue <[email protected]>
KevinRSX
force-pushed
the
dev/kaiwenx/smcntrpmf_upstream
branch
from
1a71428 to
de7cdbb
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch contains the support for ISA extension smcntrpmf.
(This rebases on upstream, so don't merge :)