Add fdt_add_reserved_memory() helper function

If a firmware component like TF-A reserves special memory regions for
its own or secure payload services, it should announce the location and
size of those regions to the non-secure world. This will avoid
disappointment when some rich OS tries to acccess this memory, which
will likely end in a crash.

The traditional way of advertising reserved memory using device tree is
using the special memreserve feature of the device tree blob (DTB).
However by definition those regions mentioned there do not prevent the
rich OS to map this memory, which may lead to speculative accesses to
this memory and hence spurious bus errors.

A safer way of carving out memory is to use the /reserved-memory node as
part of the normal DT structure. Besides being easier to setup, this
also defines an explicit "no-map" property to signify the secure-only
nature of certain memory regions, which avoids the rich OS to
accidentally step on it.

Add a helper function to allow platform ports to easily add a region.

Change-Id: I2b92676cf48fd3bdacda05b5c6b1c7952ebed68c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

diff --git a/common/fdt_fixup.c b/common/fdt_fixup.c
index 0ae0050c0fb6b650319613b385de0a2c14761dd0..8843404df1ec335c18a3b585c089ff4476de4076 100644 (file)
--- a/common/fdt_fixup.c
+++ b/common/fdt_fixup.c
@@ -9,6 +9,9 @@
  * payloads like BL32 and BL33 (and further down the boot chain).
  * This allows to easily add PSCI nodes, when the original DT does not have
  * it or advertises another method.
+ * Also it supports to add reserved memory nodes to describe memory that
+ * is used by the secure world, so that non-secure software avoids using
+ * that.
  */
 
 #include <string.h>
@@ -124,3 +127,30 @@ int dt_add_psci_cpu_enable_methods(void *fdt)
 
        return ret;
 }
+
+#define HIGH_BITS(x) ((sizeof(x) > 4) ? ((x) >> 32) : (typeof(x))0)
+
+int fdt_add_reserved_memory(void *dtb, const char *node_name,
+                           uintptr_t base, size_t size)
+{
+       int offs = fdt_path_offset(dtb, "/reserved-memory");
+       uint32_t addresses[3];
+
+       if (offs < 0) {                 /* create if not existing yet */
+               offs = fdt_add_subnode(dtb, 0, "reserved-memory");
+               if (offs < 0)
+                       return offs;
+               fdt_setprop_u32(dtb, offs, "#address-cells", 2);
+               fdt_setprop_u32(dtb, offs, "#size-cells", 1);
+               fdt_setprop(dtb, offs, "ranges", NULL, 0);
+       }
+
+       addresses[0] = cpu_to_fdt32(HIGH_BITS(base));
+       addresses[1] = cpu_to_fdt32(base & 0xffffffff);
+       addresses[2] = cpu_to_fdt32(size & 0xffffffff);
+       offs = fdt_add_subnode(dtb, offs, node_name);
+       fdt_setprop(dtb, offs, "no-map", NULL, 0);
+       fdt_setprop(dtb, offs, "reg", addresses, 12);
+
+       return 0;
+}

diff --git a/include/common/fdt_fixup.h b/include/common/fdt_fixup.h
index bb05bf5d09e6a34be2ae2e5a9ef9e5e2e7fb6f72..0248de9cf4a0d75ba63aec519d604f71f3fbbd4b 100644 (file)
--- a/include/common/fdt_fixup.h
+++ b/include/common/fdt_fixup.h
@@ -9,5 +9,7 @@
 
 int dt_add_psci_node(void *fdt);
 int dt_add_psci_cpu_enable_methods(void *fdt);
+int fdt_add_reserved_memory(void *dtb, const char *node_name,
+                           uintptr_t base, size_t size);
 
 #endif /* FDT_FIXUP_H */