When OpenSBI is started from an address not equal to the link address,
it is first relocated to the link address. Hart 0 performs the
relocation and notifies the other harts of its completion with the
_boot_status variable. It uses the copy of the variable relative to the
link address. This copy contains valid data only after relocation has
finished. The waiting harts will therefore read invalid data until
relocation has finished. This can cause them to continue execution too
early.
Fix this by using the _boot_status variable relative to the load address
while OpenSBI has not finished relocation.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
In order to prevent a possible null pointer dereference, return early if
either one of 'in' or 'data' is null.
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
In the last argument to sbi_memset() we essentially have the following
multiplication:
size_t = u16 * u16
Due to C's integer semantics, both u16's are implicitly converted to int
before the multiplication, which cannot hold all possible values of a
u16 * u16. If the multiplication overflows, the intermediate result will
be a negative number. On 64-bit platforms, this will be sign-extended to
a huge integer in the conversion to a u64 (aka size_t). Being the size
argument to sbi_memset(), this could potentially cause a large
out-of-bounds write. The solution is to manually cast one of the u16 to
a size_t, which will make it large enough to avoid the implicit
conversion and any overflow.
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
The error check 'plic_off < 0' does nothing, since plic_off is stored as
a u32. Fix this by changing it to an int, which matches the return type of
fdt_node_offset_by_compatible().
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
!(mipval && MIP_MSIP) simplifies to !mipval, which checks if the entire
variable is zero, not just a single bit. Fix this to use bitwise &
instead.
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
We should sbi_dprintf() instead of sbi_printf() for invalid CSRs
because we are forwarding invalid CSR access back to S-mode.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This patch introduces new sbi_dprintf() API for runtime debug
prints. The sbi_dprintf() will print to console for a given
HART only when SBI_SCRATCH_DEBUG_PRINTS option in enabled in
sbi_scratch for this HART.
We can now add debug prints using sbi_dprintf() at important
places in OpenSBI sources. These debug prints will only show
up when previous booting stage or compile time parameter sets
the SBI_SCRATCH_DEBUG_PRINTS option in scratch space.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
The boot status is currently hard-coded. Define some macros for it.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
We should expand the FDT size before any patching, otherwise it's
possible the "status" fix up might fail due to insufficient space.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
If core-0 have finished _fdt_reloc_done but any of other cores has not
yet left the loop in _wait_relocate_copy_done, they could never leave
the loop because _boot_status is not equal to 1.
Currently, we mandate 'F' and 'D' extension in riscv_fp.h so that
misaligned load/store emulation has access to FP registers.
The above is too restrictive and we should certainly allow compilation
for soft-FP toolchains and explicit PLATFORM_RISCV_ISA not having 'F'
and 'D' extensions.
This patch extends riscv_fp.h and misaligned load/store emulation to
allow compiling OpenSBI without FP support.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
There are several places in the source tree that have:
32bit, 32 bit, 64bit, 64 bit
Fix by using the conventional names with a hyphen.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Acked-by: Anup Patel <anup.patel@wdc.com>
At present the exact details of building 32-bit or 64-bit OpenSBI
images are missing in the docs. This adds the missing part.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Acked-by: Anup Patel <anup.patel@wdc.com>
Although it does not make a functional difference, both cpu_to_fdt32()
and fdt32_to_cpu() pass on to CPU_TO_FDT32, we should use cpu_to_fdt32()
to be semantically correct.
Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
Per device tree spec, the standard value string for the "status"
property of a cpu node is either "okay" or "disabled". "masked"
was once used but it is unfortunately a spec violation.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
The Linux kernel will maintain the device tree (DT) for HiFive Unleashed
from release v5.2-rc6. This DT is incompatible with previous DT
present for Microsemi expansion board in OpenSBI.
Since, OpenSBI will directly load the pre-built DTB from kernel now onwards,
no need to keep the out-of-date DT in openSBI. Remove this DT and
it's related documentation.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
When relocation is not required (i.e. _load_start == _link_start), we
can skip two stage wait for secondary HARTs. This means secondary HARTs
can skip the _wait_relocate_copy_done() loop and directly jump to the
_wait_for_boot_hart() loop when no relocation not required.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
With 5.2-rc6 release, Linux kernel hosts the DT for Unleashed board
which is incompatible with the default DT from FSBL.
Update the document to use the DT from kernel.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
Add version control of sbi_platform structure
- Add opensbi_version, this gives information of opensbi revision on
which the sbi_platform table was created.
- Add platform_version field in sbi_platform structure for platform
level version control.
Signed-off-by: Abner Chang <abner.chang@hpe.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
Move platform opensbi functions to sbi_platform_operations structure.
Both sbi_platform and sbi_platform_operations structures are maintained
by platform vendors.
Signed-off-by: Abner Chang <abner.chang@hpe.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
This patch adds support for Ariane platform.
We needed to enable PLIC interrupts early(like on BBL) due to some issue of the design.
Otherwise, Linux would not get any external interrupts.
Signed-off-by: Panagiotis Peristerakis <perister@ics.forth.gr>
The old code may corrupt the code of the waiting hart hence this patch
keeps waiting HART within relocation code range at time of relocation.
Signed-off-by: Xiang W <wxjstz@126.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
tinyfdt.c was originally added to provide a minimal implementation of
fdt parsing. However, we have already included libfdt in OpenSBI for
more complicated operations.
Remove tinfdt and replace its functiolity using libfdt.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
The drivers and libfdt are built as libsbiutils.a
instead of libplatsbi.a.
libsbiutils.a are not built per platform specific. Thus,
enable all drivers by default.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
All string functions are part of libsbi. It makes more sense
to rename them to sbi_string.x as the libsbi can be linked
with external libraries that can have similar implementation.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
Currently, platform/common contains platform/non-platform specific
common minimal drivers and libraries. This is helpful is all platforms
are built within opensbi framework.
Move them to lib/utils so that any external platform code also can
reuse the minimalistic drivers or other common libraries.
This patch doesn't introduce any functional changes.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
libsbi needs some of the custom libc functions. It should be directly
included in libsbi instead of platform specific libraries.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
This patch extends relocation to handle overlapping load and link
addresses.
The updated relocation will work fine in most cases except when the
relocate copy loop itself falls in overlapping load and link addresses.
Signed-off-by: Xiang W <wxjstz@126.com>
Signed-off-by: Anup Patel <anup.patel@wdc.com>
This patch extends fw_base to relocate to link address whenever
firmware load address is not equal to link address.
The relocation will not work when load start to load end overlap
link start to link end.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Tested-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
The linker sections .sdata and .sbss are missing from the linker script
fw_base.ldS. Add them to the .data and .bss sections.
On current builds, most variables are in the .sbss section. They are not
correctly initialized to zero, because they are not within the
boundaries indicated by _bss_start and _bss_end. Currently, this does
not cause any issues, however with relocation support lock-ups may occur
due to incorrectly initialized lock variables.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Acked-by: Anup Patel <anup.patel@wdc.com>
Since QEMU commit 8b1d0714bfdd
"riscv: sifive_u: Allow up to 4 CPUs to be created",
the maximum number of hart for sifive_u is 4.
Change our hart count to match that.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
The unpriv load/store instruction from M-mode can cause page/access
fault to M-mode if S-mode page table did not have mappings OR it did
not have PMP access permission.
To tackle this, we redirect trap back to S-mode if unpriv load/store
instruction traps in M-mode.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
This patch adds per-HART trap info pointer which can be used to
communicate trap information to sbi_trap_handler().
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
Currently, the unprivilege load/store functions are inline functions.
We will be extending these functions to track whether a page/access
fault occurs when we execute unprivilege load/store instruction.
To make things simpler and debugable, we reduce number of places which
can potentially generate a page/access fault by making all unprivilege
load/store functions as regular (non-inline) functions.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
This patch factor-out TLB management from IPI management to separate
sources sbi_tlb.c and sbi_tlb.h.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
We have extra space above scratch space (sbi_scratch) which we are
currently using to manage per-HART IPI data and TLB request management.
In future, more parts of OpenSBI will use the extra scratch space so
it will become difficult to manage extra scratch space using just
defines and macros.
This patch adds a simple brain-dead allocator to manage extra scratch
space. This allocator never expects anything to be free-ed hence it
keeps incrementing to next allocation offset until it runs-out of space.
In future, we can have more sophisticated allocator which will allow
us to re-claim free-ed space and also allows us to track owner of
allocated space.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
On latest Linux kernel (i.e. 5.2-rc1), we get large TLB flush
request for user space addresses (typically, start=x and end=-1).
This is caused by Linux kernel commit a21344dfc6 ("riscv: fix
sbi_remote_sfence_vma{,_asid}").
It's not practical to execute large number of sfence instructions
for a large TLB flush range because it takes too much time and
eventually causes CPU stall in Linux kernel.
This patch addresses above issue by upgrading TLB flush range to
TLB flush all whenever TLB flush range is greater than 1GB.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
This patch enables FW_DYNAMIC option (i.e. dynamic firmware) for
all appropriate/applicable platforms.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
This patch provides first-cut implementation of fw_dynamic firmware.
As compared to fw_jump and fw_payload, the fw_dynamic obtains next
address, next mode and OpenSBI options from struct fw_dynamic_info.
The previous booting stage can create struct fw_dynamic_info in memory
and pass address of struct fw_dynamic_info in 'a2' register. Also, the
struct fw_dynamic_info has versioning as well so changes to the struct
fw_dynamic_info can be done in a backward compatible manner.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
