forked from riscv-software-src/opensbi
-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add cycle & instret privilege mode filtering support #2
Open
KevinRSX
wants to merge
187
commits into
rivosinc:master
Choose a base branch
from
KevinRSX:dev/kaiwenx/smcntrpmf_upstream
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Add cycle & instret privilege mode filtering support #2
KevinRSX
wants to merge
187
commits into
rivosinc:master
from
KevinRSX:dev/kaiwenx/smcntrpmf_upstream
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We add an optional cold_boot_allowed() platform callback which allows platform support to decide which HARTs can do cold boot initialization. If this platform callback is not available then any HART can do cold boot initialization. Signed-off-by: Anup Patel <apatel@ventanamicro.com>
We add a generic platform override callback to allow platform specific selection of cold boot HART. Signed-off-by: Anup Patel <apatel@ventanamicro.com>
We add a generic platform override callback to allow platform specific firmware init. Signed-off-by: Wei Liang Lim <weiliang.lim@starfivetech.com> Reviewed-by: Chee Hong Ang <cheehong.ang@starfivetech.com> Reviewed-by: Jun Liang Tan <junliang.tan@starfivetech.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Add Starfive JH7110 platform implementation Signed-off-by: Wei Liang Lim <weiliang.lim@starfivetech.com> Reviewed-by: Chee Hong Ang <cheehong.ang@starfivetech.com> Reviewed-by: Jun Liang Tan <junliang.tan@starfivetech.com> Reviewed-by: Anup Patel <anup@brainfault.org>
'priv' argument of sbi_hsm_hart_start() and sbi_hsm_hart_suspend() may mislead people to think it stands for 'privilege mode', but it is not. Change it to 'arg1' to clearly indicate the a1 register. Signed-off-by: Bin Meng <bmeng@tinylab.org> Reviewed-by: Samuel Holland <samuel@sholland.org> Tested-by: Samuel Holland <samuel@sholland.org> Reviewed-by: Atish Patra <atishp@rivosinc.com> Reviewed-by: Anup Patel <anup@brainfault.org>
The RISC-V convention for the privilege mode is capital letter, like 'M-mode', instead of 'm-mode'. Signed-off-by: Bin Meng <bmeng@tinylab.org> Reviewed-by: Atish Patra <atishp@rivosinc.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Split the permissions for M-mode and SU-mode. This would help if different sections of OpenSBI need to be given different permissions and if M-mode has different permisssions than the SU-mode over a region. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org> Tested-by: Anup Patel <anup@brainfault.org>
Use the fine grained permisssion semantics for address validation of a given region. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org> Tested-by: Anup Patel <anup@brainfault.org>
Change the zero flag to M-mode R/W/X flag for the firmware region. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org> Tested-by: Anup Patel <anup@brainfault.org>
Use the fine grained permission bits to decide if the region permissions are to be enforced on all modes. Also use the new permission bits for deciding on R/W/X bits in pmpcfg register. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org> Tested-by: Anup Patel <anup@brainfault.org>
With the finer permission semantics, the region access permissions must be displayed separately for M and SU mode. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org> Tested-by: Anup Patel <anup@brainfault.org>
Use the newer SU-{R/W/X} flags for checking and assigning region permissions. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org> Tested-by: Anup Patel <anup@brainfault.org>
The M-mode regions can only be added to the root domain. The non-root domains shouldn't be able to add them from FDT. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org> Tested-by: Anup Patel <anup@brainfault.org>
Add the M-mode readable/writable flags to mmio regions of various drivers. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org> Tested-by: Anup Patel <anup@brainfault.org>
Updated the various permissions bits available for domains defined in DT node and restrictions on them. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org> Tested-by: Anup Patel <anup@brainfault.org>
The two referenced commits passed incorrect bounds to the PLIC save/ restore functions, causing out-of-bounds memory access. The functions expect "num" to be the 1-based number of interrupt sources, equivalent to the "riscv,ndev" devicetree property. Thus, "num" must be strictly smaller than the 0-based size of the array storing the register values. However, the referenced commits incorrectly passed in the unmodified size of the array as "num". Fix this by reducing PLIC_SOURCES (matching "riscv,ndev" on this platform), while keeping the same array sizes. Addresses-Coverity-ID: 1530251 ("Out-of-bounds access") Addresses-Coverity-ID: 1530252 ("Out-of-bounds access") Fixes: 8509e46 ("lib: utils/irqchip: plic: Ensure no out-of-bound access in priority save/restore helpers") Fixes: 9a2eeb4 ("lib: utils/irqchip: plic: Ensure no out-of-bound access in context save/restore helpers") Signed-off-by: Samuel Holland <samuel@sholland.org> Reviewed-by: Anup Patel <anup@brainfault.org>
Fix hyperlink due to the typo. Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Make use of generic warm-boot path when platform hart_stop callback returns SBI_ENOTSUPP, in case certain hart can not turn off its power domain, or it detects some error occured in power management unit, it can fall through warm-boot flow and wait for interrupt in sbi_hsm_hart_wait(). Also improves comment in sbi_hsm_hart_wait(). Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Atish Patra <atishp@rivosinc.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Provide __always_inline to sbi_types header. Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com> Reviewed-by: Anup Patel <anup@brainfault.org>
This patch adds atcsmu support for Andes AE350 platforms. The SMU provides system management capabilities, including clock, reset and power control based on power domain partitions. Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Add hart_start() and hart_stop() callbacks for the multi-core ae350 platform, it utilizes the ATCSMU to put the harts into power-gated deep sleep mode. The programming sequence is stated as below: 1. Set the wakeup events to PCSm_WE 2. Set the sleep command to PCSm_CTL 3. Set the reset vector to HARTm_RESET_VECTOR_{LO|HI} 4. Write back and invalidate D-cache by executing the CCTL command L1D_WBINVAL_ALL 5. Disable I/D-cache by clearing mcache_ctl.{I|D}C_EN 6. Disable D-cache coherency by clearing mcache_ctl_.DC_COHEN 7. Wait for mcache_ctl.DC_COHSTA to be cleared to ensure the previous step is completed 8. Execute WFI Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com> Reviewed-by: Anup Patel <anup@brainfault.org>
…csmu.h Reuse the smu related macros and function in atcsmu.h. Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com> Reviewed-by: Anup Patel <anup@brainfault.org>
The commit 9e0ba09 introduced more fine grained permissions for memory regions and did not update the fdt_reserved_memory_fixup() function. As a result, the fdt_reserved_memory_fixup continued to use the older coarse permissions which causes the reserved memory node to be not inserted into the DT. To fix the above issue, we correct the flags used for memory region permission checks in the fdt_reserved_memory_fixup() function. Fixes: 9e0ba09 ("include: sbi: Fine grain the permissions for M and SU modes") Signed-off-by: Mayuresh Chitale <mchitale@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Split the RO/RX and RW sections so that they can have independent pmp entries with required permissions. The split size is ensured to be a power-of-2 as required by pmp. _fw_rw_offset symbol marks the beginning of the data section. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Currently, the dynsym and reladyn sections are under RW data. They are moved to the Read-only/Executable region. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Add the RW section offset, provided by _fw_rw_offset symbol, to the scratch structure. This will be used to program separate pmp entry for RW section. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Print the RW section offset when firmware base and size is being printed. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Add two entries for firmware in the root domain: 1. TEXT: fw_start to _fw_rw_offset with RX permissions 2. DATA: _fw_rw_offset to fw_size with RW permissions These permissions are still not enforced from M-mode but lay the ground work for enforcing them for M-mode. SU-mode don't have any access to these regions. Sample output: Domain0 Region01 : 0x0000000080000000-0x000000008001ffff M: (R,X) S/U: () Domain0 Region02 : 0x0000000080020000-0x000000008003ffff M: (R,W) S/U: () Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
…oot domain Renesas RZ/Five RISC-V SoC has Instruction local memory and Data local memory (ILM & DLM) mapped between region 0x30000 - 0x4FFFF. When a virtual address falls within this range, the MMU doesn't trigger a page fault; it assumes the virtual address is a physical address which can cause undesired behaviours for statically linked applications/libraries. To avoid this, add the ILM/DLM memory regions to the root domain region of the PMPU with permissions set to 0x0 for S/U modes so that any access to these regions gets blocked and for M-mode we grant full access (R/W/X). Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Since the availability and latency properties of CPU idle states depend on the specific SBI HSM implementation, it is appropriate that the idle states are added to the devicetree at runtime by that implementation. This helper function adds a platform-provided array of idle states to the devicetree, following the SBI idle state binding. Reviewed-by: Anup Patel <anup@brainfault.org> Signed-off-by: Samuel Holland <samuel@sholland.org>
Recently ratified Zihpm ISA extension covers all [m]hpm* CSRs so we add Zihpm as a HART ISA extension in OpenSBI. Signed-off-by: Anup Patel <apatel@ventanamicro.com> Reviewed-by: Xiang W <wxjstz@126.com>
Let us follow alphabetical order for HART ISA extension so that it is simpler to maintain. Signed-off-by: Anup Patel <apatel@ventanamicro.com> Reviewed-by: Xiang W <wxjstz@126.com>
The hart_pmu_get_allowed_bits() function detects implemented bits of mhpm counters so let us rename this function accordingly. Signed-off-by: Anup Patel <apatel@ventanamicro.com> Reviewed-by: Xiang W <wxjstz@126.com>
…CSRs Fix Priv spec version typo in commit d4b563c ("lib: sbi: Remove MCOUNTEREN and SCOUNTEREN hart features"). At least Priv spec v1.11 is required for [m|s]counteren and mcountinhibit CSRs. Fixes: d4b563c ("lib: sbi: Remove MCOUNTEREN and SCOUNTEREN hart features") Signed-off-by: Ley Foon Tan <leyfoon.tan@starfivetech.com> Reviewed-by: Anup Patel <anup@brainfault.org>
The flags for print should be able to appear in any order. The previous code required the order to be fixed. Signed-off-by: Xiang W <wxjstz@126.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Left alignment and padding '0' should not exist at the same time, this patch skips padding. Signed-off-by: Xiang W <wxjstz@126.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Adds + flags for print, prefixing positive numbers with + when this flags is present Signed-off-by: Xiang W <wxjstz@126.com> Reviewed-by: Anup Patel <anup@brainfault.org>
The space flag is used to add a space before positive numbers, and apostrophe is used to print the thousand separator. Add code to ignore these two flags Signed-off-by: Xiang W <wxjstz@126.com> Reviewed-by: Anup Patel <anup@brainfault.org>
The information of sg/b/letbase can be obtained by the type character, simplifying the parameter by passing the type directly. Signed-off-by: Xiang W <wxjstz@126.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Add o type for print to print octal numbers Signed-off-by: Xiang W <wxjstz@126.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Fix two bug: > printf("%#08x", 0x123); /* print 0000x123 */ > printf("%#x", 0); /* print 0x0 */ Signed-off-by: Xiang W <wxjstz@126.com> Reviewed-by: Anup Patel <anup@brainfault.org>
When doing width = width - strlen(string) in prints there is no need to consider the case that witdh may be less than 0. This is because the code to do filling needs to be executed under the condition that width > 0. Signed-off-by: Xiang W <wxjstz@126.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Because *out needs to reserve a byte to hold '\0', no more characters should be added to the buffer when *out has one byte left, and the buffer size *out_len should not be modified. this patch prevents the correction of *out_len when *out_len is 1. Signed-off-by: Xiang W <wxjstz@126.com> Reviewed-by: Anup Patel <anup@brainfault.org>
A single scan of the format char may add multiple characters to the tbuf, causing a buffer overflow. You should check if tbuf is full in printc so that it does not cause a buffer overflow. Signed-off-by: Xiang W <wxjstz@126.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Fix special case: sbi_snprintf(out, out_len, ...) when out_len equal 1, The previous code will not fill the buffer with any char. Signed-off-by: Xiang W <wxjstz@126.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Currently, we see following compile error in the designeware GPIO driver for RV32 systems: lib/utils/gpio/fdt_gpio_designware.c:115:20: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] 115 | chip->dr = (void *)addr + (bank * 0xc); | ^ lib/utils/gpio/fdt_gpio_designware.c:116:21: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] 116 | chip->ext = (void *)addr + (bank * 4) + 0x50; We fix the above error using an explicit type-cast to 'unsigned long'. Fixes: 7828eeb ("gpio/desginware: add Synopsys DesignWare APB GPIO support") Signed-off-by: Anup Patel <apatel@ventanamicro.com> Reviewed-by: Xiang W <wxjstz@126.com>
KevinRSX
force-pushed
the
dev/kaiwenx/smcntrpmf_upstream
branch
2 times, most recently
from
July 12, 2023 22:58
0343e67
to
1a71428
Compare
- Add macros for Machine Security Configuration (mseccfg) CSR - Add macros to access/manipulate bits in msecfg CSR Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
- Add a function to disable a given PMP entry. - Add a function to check if a given entry is disabled. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Smepmp specification defines a truth table based on which the access is allowed to different modes. This patch adds different flags based on this truth table. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
- Add Smepmp as extension in sbi_hart_extensions enum - Return "smepmp" string for Smepmp extension from sbi_hart_extension_id2string Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
- Add function to parse ISA string in FDT. - Set Smepmp feature bit in extensions if "smepmp" string is found in ISA string. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Since pmp entries have implicit priority on index, previous entries will deny access to SU on M-mode region. Also, M-mode will not have access to SU region while previous entries will allow access to M-mode regions. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
Configure PMP at last when all other initializations have been done. Because if SMEPMP is detected, M-mode access to the S/U space will be rescinded. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
- If Smepmp is enabled, the access flags of an entry are determined based on truth table defined in Smepmp. - First PMP entry (index 0) is reserved. - Existing boot PMP entries start from index 1. - Since enabling Smepmp revokes the access privileges of the M-mode software on S/U-mode region, first PMP entry is used to map/unmap the shared memory between M and S/U-mode. This allows a temporary access window for the M-mode software to read/write to S/U-mode memory region. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
When Smepmp is enabled, M-mode will need to map/unmap the shared memory before it can read/write to it. This patch adds functions to create dynamic short-lived mappings. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
With Smepmp enabled, it is necessary for shared memory from S/U mode to be mapped/unmapped before and after read/write of the memory region. This patch maps the debug console shared memory before accessing it. Signed-off-by: Himanshu Chauhan <hchauhan@ventanamicro.com> Reviewed-by: Anup Patel <anup@brainfault.org>
This adds the support for ISA extension smcntrpmf. Signed-off-by: Kaiwen Xue <kaiwenx@rivosinc.com>
KevinRSX
force-pushed
the
dev/kaiwenx/smcntrpmf_upstream
branch
from
July 17, 2023 22:21
1a71428
to
de7cdbb
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch contains the support for ISA extension smcntrpmf.
(This rebases on upstream, so don't merge :)