Distinguish between functions which modify the devicetree and those
which only extract information from it. Other than the iterators in
fdt_domain.c, this is a mechanical conversion.
Signed-off-by: Samuel Holland <samuel.holland@sifive.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
The diagram shown below illustrates the boot-flow involving OP-TEE OS
initialization.
(1)-----------+
| U-Boot SPL |
+------------+
|
v
(2)-------------------------------------------------------------+
| OpenSBI (fw_dynamic) |
| (4)------------------------+ |
| | optee dispatcher driver | |
+-----------------+-------^---------|-------+------------------+
M-mode | | |
---------+--[trusted domain]---+----.----+--[untrusted domain]-------
S-mode | (coldboot domain) | | |
v | | v
(3)---------------------------+ |(5)----------------------------+
| OP-TEE OS | | | U-Boot |
+----------------------------+ | +-----------------------------+
| |
| v
|(6)----------------------------+
| | Linux |
| +-----------------------------+
As OP-TEE OS has device-tree node fixups that need to be passed
through to the next boot stages, e.g. the reserved memory node:
reserved-memory {
#address-cells = <2>;
#size-cells = <2>;
ranges;
optee_core@f1000000 {
no-map;
reg = <0x0 0xf1000000 // OP-TEE OS base address
0x0 0x01000000>;
};
<...>
};
Instead of using 0x0 as the default value, allow identical next-arg1
to be used by non-coldboot domain (i.e., untrusted domain) when the
property is not provided.
Also, update the description of next-arg1 property in the document.
Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
- Completed TODO in `system_opcode_insn` to ensure CSR read/write
instruction handling.
- Refactored to use new macros `GET_RS1_NUM` and `GET_CSR_NUM`.
- Updated `GET_RM` macro and replaced hardcoded funct3 values with
constants (`CSRRW`, `CSRRS`, `CSRRC`, etc.).
- Removed redundant `GET_RM` from `riscv_fp.h`.
- Improved validation and error handling for CSR instructions.
This patch enhances the clarity and correctness of CSR handling
in `system_opcode_insn`.
Signed-off-by: Dongdong Zhang <zhangdongdong@eswincomputing.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
This change adds a simple implementation of sbi_aligned_alloc(), for future use
in allocating aligned memory for SMMTT tables.
Signed-off-by: Gregor Haas <gregorhaas1997@gmail.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
In the next commit, we'll add a new sbi_memalign() function. In order to
allocate aligned memory, we'll sometimes need to allocate from the middle of a
heap block, effectively splitting it in two. Allocating from the beginning of a
heap block in the nonaligned case more closely matches this behavior, reducing
the complexity of understanding the heap implementation.
Signed-off-by: Gregor Haas <gregorhaas1997@gmail.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
The upcoming SMMTT implementation will require some larger contiguous memory
regions for the memory tracking tables. We plan to specify the memory region
for these tables as a reserved-memory node in the device tree, and then
dynamically allocate individual tables out of this region. These changes to the
SBI heap allocator will allow us to explicitly create and allocate from a
dedicated heap tied to the table memory region.
Signed-off-by: Gregor Haas <gregorhaas1997@gmail.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
pmp_get() may return an error if the given entry, given by the caller
of is_pmp_entry_mapped(), is invalid. This results in the output
parameters for pmp_get() being uninitialized. To avoid using garbage
values, check the result and return early if necessary.
This issue is not being hit because at the moment
is_pmp_entry_mapped() is only being called from a single site with a
valid hardcoded value.
Signed-off-by: Carlos López <carlos.lopezr4096@gmail.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
The fwt_hart_state struct inciludes a flexible array member, so its
allocation size will be that of the struct itself, plus that of each
of the members in the array. When calculating this size, instead of
taking the size of the struct, the size of a pointer to it was taken,
which is incorrect. Luckily, this happenned to not produce memory
corruption because the size of the non-flexible members of the struct
is the same as the size of a pointer.
Signed-off-by: Carlos López <carlos.lopezr4096@gmail.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
In several dbtr functions, we first check that the dbtr trigger is not
NULL and that its state is what we expect. However, it only makes
sense to perform the second check if the dbtr trigger is not NULL.
Othwerwise we will dereference a NULL pointer. Thus, change the
condition so that it shortcuts to the first check if necessary.
Signed-off-by: Carlos López <carlos.lopezr4096@gmail.com>
Reviewed-By: Anup Patel <anup@brainfault.org>
The console device is registered by platform only in early_init()
callback so any prints before this point will be lost. Introduce an
early console buffer for caching prints before platform early_init().
For crashes before platform early_init(), users can simply dump the
contents of the console_early_buffer[] string using a debugger. The
relative address of the console_early_buffer[] string can be found
using following two commands:
CONSOLE_EARLY_FIFO_ADDR=`${CROSS_COMPILE}objdump -D \
build/platform/generic/firmware/fw_dynamic.elf | \
grep "<console_early_fifo>:" | awk '{print $1}'`
${CROSS_COMPILE}objdump -R build/platform/generic/firmware/fw_dynamic.elf | \
grep $CONSOLE_EARLY_FIFO_ADDR | awk '{print $3}'
Signed-off-by: Anup Patel <apatel@ventanamicro.com>
Reviewed-By: Himanshu Chauhan <hchauhan@ventanamicro.com>
Extend sbi_fifo_enqueue() to allow forceful queueing by droping
data from the tail.
Signed-off-by: Anup Patel <apatel@ventanamicro.com>
Reviewed-By: Himanshu Chauhan <hchauhan@ventanamicro.com>
Don't use sbi_memcpy() for basic data types in fifo enqueue/dequeue
instead use direct type-cast and assignment.
Signed-off-by: Anup Patel <apatel@ventanamicro.com>
Reviewed-By: Himanshu Chauhan <hchauhan@ventanamicro.com>
Now that all platforms have been updated to initialize serial console
device in early_init(), the sbi_console_init() and console_init()
platform callback are redundant hence remove them.
Signed-off-by: Anup Patel <apatel@ventanamicro.com>
Reviewed-By: Himanshu Chauhan <hchauhan@ventanamicro.com>
Attempting to access the menvcfg CSR raises an illegal instruction
exception on hardware which implements Sm1p11 or older.
Fixes: e9ee9678ba ("lib: sbi: fwft: add support for SBI_FWFT_PTE_AD_HW_UPDATING")
Signed-off-by: Samuel Holland <samuel.holland@sifive.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
A new property has been added, with an extensive rationale at [1], that
can be used in place of "riscv,isa" to indicate what extensions are
supported by a given platform that is a list of strings rather than a
single string. There are some differences between the new property,
"riscv,isa-extensions" and the incumbent "riscv,isa" - chief among them
for the sake of parsing being the list of strings, as opposed to a
string. Another advantage is strictly defined meanings for each string
in a dt-binding, rather than deriving meaning from RVI standards. This
may likely to some divergence over time, but, at least for now, there's
no relevant differences between the two for an M-Mode program.
Add support for the new property in OpenSBI, prioritising it, before
falling back to the, now deprecated, "riscv,isa" property if it is not
present.
Link: https://lore.kernel.org/all/20230702-eats-scorebook-c951f170d29f@spud/ [1]
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
This patch introduces a new math test suite to the SBI unit
tests. The changes include:
* Updating lib/sbi/tests/objects.mk to include
math_test_suite and sbi_math_test.o.
* Adding a new file lib/sbi/tests/sbi_math_test.c which
contains tests for log2roundup function using various cases.
The addition of this test suite ensures that mathematical
functions are verified and work as expected.
Signed-off-by: Dongdong Zhang <zhangdongdong@eswincomputing.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
This patch improves the readability of the SBI unit test
output by adding color-coded status messages.
Adding ANSI color codes for green (pass) and red (fail)
in sbi_unit_test.c.
Now, the test results will be displayed in green for passed
tests and red for failed tests, making it easier to quickly
distinguish between them.
Signed-off-by: Dongdong Zhang <zhangdongdong@eswincomputing.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Illegal CSR accesses from lower privilege modes are delegated to S-mode
and do not necessarily indicate a bug. Supervisor software may want to
emulate some CSRs, or may intentionally disable access to certain
existing CSRs, and thus will expect traps when those CSRs are accessed.
For example, Linux disables sstatus.VS by default in order to detect
when userspace first accesses vector register state; this includes the
CSRs defined by the V extesion. As a result, if the first vector
instruction in a process is a CSR access, OpenSBI will log the illegal
instruction exception, even though there is no unexpected or erroneous
behavior occurring.
Since the illegal instruction exception is delegated to S-mode, S-mode
software should be responsible for reporting the exception, not OpenSBI.
Signed-off-by: Samuel Holland <samuel.holland@sifive.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Current Debug Trigger SBI extension proposal suggests to activate
shmem area and obtain its physical address from S-mode software
in the following way:
: If both `shmem_phys_lo` and `shmem_phys_hi` parameters are not
: all-ones bitwise then `shmem_phys_lo` specifies the lower XLEN
: bits and `shmem_phys_hi` specifies the upper XLEN bits of the
: shared memory physical base address. The `shmem_phys_lo` MUST
: be `(XLEN / 8)` byte aligned and the size of shared memory is
: assumed to be `trig_max * (XLEN / 2)` bytes.
For more details see the current version of the proposal:
- https://lists.riscv.org/g/tech-debug/message/1302
On the other hand, on RV32, the M-mode can only access the first 4GB of
the physical address space because M-mode does not have MMU to access
full 34-bit physical address space. Similarly, on RV64, the M-mode can
only access memory addressed by 64 bits.
This commit checks shmem address in function sbi_dbtr_setup_shmem
to make sure that shmem_phys_hi part of the valid address is zero.
Besides, the macro DBTR_SHMEM_MAKE_PHYS is updated to take into
account only low XLEN part.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Reviewed-by: Himanshu Chauhan <hchauhan@ventanamicro.com>
Error code returned by the ecall handles should use the defines from
sbi_ecall_interface.h rather than sbi_error.h.
Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
As stated by the spec and pointed out by Andrew Jones, the value passed
for MISALIGNED_EXC_DELEG and PTE_AD_HW_UPDATING should be either 0 or 1.
Add check for these values and return SBI_EINVAL if not.
Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
The SBI FWFT extension defines a set of function that can be called
to control the configuration of some platform features (misaligned
trap delegation, etc). This patch implements sbi_fwft_set() and
sbi_fwft_get() as defined in the specification [1].
Link: https://lists.riscv.org/g/tech-prs/message/924 [1]
Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Add support for SBI_FWFT_PTE_AD_HW_UPDATING based on SVADU presence.
Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Add support for SBI_FWFT_MISALIGNED_EXC_DELEG withing FWFT support. This
support allows to delegate misaligned accesses traps.
Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Add support for Svade and Svadu extensions. When both are present in the
device tree, the M-mode firmware should select the Svade extension
to comply with the RVA23 profile, which mandates Svade and lists Svadu as
an optional extension.
Signed-off-by: Yong-Xuan Wang <yongxuan.wang@sifive.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
When used to read characters from the terminal (e.g., when the SBI
console is used via ecall from linux with `console=hvc0`), we must
acknowledge receipt of each character to "pop" it off the LiteUART
hardware queue, and allow the next character to be made available.
Fixes: 52af6e4b ("lib: utils: Add LiteX UART support")
Suggested-by: Dolu1990 <charles.papon.90@gmail.com>
Signed-off-by: Gabriel Somlo <gsomlo@gmail.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
In DT, multiple reset devices may use the same driver, and they
may have different priorities. If rc is returned after the first
initialization, the highest priority device may be lost.
Fixes: a73ff043e9 (lib: utils/reset: Fix fdt_reset to search for more dt nodes)
Signed-off-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
If there are multiple dt nodes, the previous code only tries to match
the first one, which may lose initialization.
Signed-off-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
When the dt node has a status property and the value is not ok or
okay, skip initializing reset.
Signed-off-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
If there are multiple dt nodes, the previous code only tries to match
the first one, which may lose initialization.
Signed-off-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
When the dt node has a status property and the value is not ok or
okay, skip initializing serial.
Signed-off-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
When the dt node has a status property and the value is not ok or
okay, skip initializing irqchip.
Signed-off-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
When the dt node has a status property and the value is not ok or
okay, skip initializing timer.
Signed-off-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
When the dt node has a status property and the value is not ok or
okay, skip initializing ipi.
Signed-off-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
During Linux AIA driver review, the APLIC DT property for interrupt
delegation was renamed to "riscv,delegation" so let's use the new DT
property name and fallback to old DT property name if the new DT
property name is not available.
Fixes: 34612193af ("lib: utils/irqchip: Add FDT based driver for APLIC")
Signed-off-by: Anup Patel <apatel@ventanamicro.com>
"gpio-poweroff" and "gpio-restart" always set gpio to high to
active the function, but some chips need a low signal to active.
Fortunately, it can be achieved by setting GPIO_FLAG_ACTIVE_LOW
for the gpio. Implement this flag support for the gpio library
so the gpio reset can function well.
Signed-off-by: Inochi Amaoto <inochiama@outlook.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
