From: Christoffer Dall <christoffer.dall@linaro.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 5/6] ARM: extend non-secure switch to also go into HYP mode
Date: Thu, 30 May 2013 22:43:13 -0700 [thread overview]
Message-ID: <20130531054313.GE3189@ubuntu> (raw)
In-Reply-To: <1367846270-1827-6-git-send-email-andre.przywara@linaro.org>
On Mon, May 06, 2013 at 03:17:49PM +0200, Andre Przywara wrote:
> For the KVM and XEN hypervisors to be usable, we need to enter the
> kernel in HYP mode. Now that we already are in non-secure state,
> HYP mode switching is within short reach.
>
> While doing the non-secure switch, we have to enable the HVC
> instruction and setup the HYP mode HVBAR (while still secure).
>
> The actual switch is done by dropping back from a HYP mode handler
> without actually leaving HYP mode, so we introduce a new handler
> routine in the exception vector table.
>
> In the assembly switching routine - which we rename to hyp_gic_switch
> on the way - we save and restore the banked LR and SP registers
> around the hypercall to do the actual HYP mode switch.
>
> The C routine first checks whether we are in HYP mode already and
> also whether the virtualization extensions are available. It also
> checks whether the HYP mode switch was finally successful.
> The bootm command part only adds and adjusts some error reporting.
>
> Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
> ---
> arch/arm/cpu/armv7/start.S | 34 +++++++++++++++++++++++-----------
> arch/arm/include/asm/armv7.h | 4 ++--
> arch/arm/lib/bootm.c | 12 +++++++++---
> arch/arm/lib/virt-v7.c | 22 +++++++++++++++-------
> 4 files changed, 49 insertions(+), 23 deletions(-)
>
> diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S
> index 02234c7..921e9d9 100644
> --- a/arch/arm/cpu/armv7/start.S
> +++ b/arch/arm/cpu/armv7/start.S
> @@ -41,7 +41,7 @@ _start: b reset
> ldr pc, _software_interrupt
> ldr pc, _prefetch_abort
> ldr pc, _data_abort
> - ldr pc, _not_used
> + ldr pc, _hyp_trap
> ldr pc, _irq
> ldr pc, _fiq
> #ifdef CONFIG_SPL_BUILD
> @@ -49,7 +49,7 @@ _undefined_instruction: .word _undefined_instruction
> _software_interrupt: .word _software_interrupt
> _prefetch_abort: .word _prefetch_abort
> _data_abort: .word _data_abort
> -_not_used: .word _not_used
> +_hyp_trap: .word _hyp_trap
> _irq: .word _irq
> _fiq: .word _fiq
> _pad: .word 0x12345678 /* now 16*4=64 */
> @@ -58,7 +58,7 @@ _undefined_instruction: .word undefined_instruction
> _software_interrupt: .word software_interrupt
> _prefetch_abort: .word prefetch_abort
> _data_abort: .word data_abort
> -_not_used: .word not_used
> +_hyp_trap: .word hyp_trap
> _irq: .word irq
> _fiq: .word fiq
> _pad: .word 0x12345678 /* now 16*4=64 */
> @@ -513,12 +513,18 @@ software_interrupt:
> mrc p15, 0, r1, c1, c1, 0 @ read SCR
> bic r1, r1, #0x07f
> orr r1, r1, #0x31 @ enable NS, AW, FW
> + mrc p15, 0, r0, c0, c1, 1 @ check for Virt ext
> + and r0, r0, #0xf000
> + cmp r0, #0x1000
you can just do ands r0, r0 ,#0xf000 and change the orreq below to orrne
> + orreq r1, r1, #0x100 @ allow HVC instruction
>
> mrc p15, 0, r0, c12, c0, 0 @ save secure copy of VBAR
> mcr p15, 0, r1, c1, c1, 0 @ write SCR, switch to non-sec
> isb
> mcr p15, 0, r0, c12, c0, 0 @ write non-secure copy of VBAR
>
> + mcreq p15, 4, r0, c12, c0, 0 @ write HYP mode HVBAR
> +
nit: s/HYP mode//
> movs pc, lr
>
> .align 5
> @@ -534,10 +540,9 @@ data_abort:
> bl do_data_abort
>
> .align 5
> -not_used:
> - get_bad_stack
> - bad_save_user_regs
> - bl do_not_used
> +hyp_trap:
> + .byte 0x00, 0xe3, 0x0e, 0xe1 @ mrs lr, elr_hyp
do we really need to support this on assemblers that old?
> + mov pc, lr
>
> #ifdef CONFIG_USE_IRQ
>
> @@ -574,21 +579,21 @@ fiq:
> #endif /* CONFIG_SPL_BUILD */
>
> #ifdef CONFIG_ARMV7_VIRT
> -/* Routine to initialize GIC CPU interface and switch to nonsecure state.
> - * Will be executed directly by secondary CPUs after coming out of
> +/* Routine to initialize GIC CPU interface, switch to nonsecure and to HYP
> + * mode. Will be executed directly by secondary CPUs after coming out of
So now this routine does three different things in different context at
once, why?
> * WFI, or can be called directly by C code for CPU 0.
> * Those two paths mandate to not use any stack and to only use registers
> * r0-r3 to comply with both the C ABI and the requirement of SMP startup
> * code.
> */
> -.globl _nonsec_gic_switch
> +.globl _hyp_gic_switch
> .globl _smp_pen
> _smp_pen:
> mrs r0, cpsr
> orr r0, r0, #0xc0
> msr cpsr, r0 @ disable interrupts
> mov lr, #0 @ clear LR to mark secondary
> -_nonsec_gic_switch:
> +_hyp_gic_switch:
> mrc p15, 4, r2, c15, c0, 0 @ r2 = PERIPHBASE
> add r3, r2, #0x1000 @ GIC dist i/f offset
> mvn r1, #0
> @@ -628,6 +633,13 @@ _nonsec_gic_switch:
> add r2, r2, #0x1000 @ GIC dist i/f offset
> str r1, [r2] @ allow private interrupts
>
> + mov r2, lr
> + mov r1, sp
> + .byte 0x70, 0x00, 0x40, 0xe1 @ hvc #0
> + isb
again, I'm doubtful this isb is necessary when you just did an exception
return.
> + mov sp, r1
> + mov lr, r2
> +
> cmp lr, #0
> movne pc, lr @ CPU 0 to return
> @ all others: go to sleep
> diff --git a/arch/arm/include/asm/armv7.h b/arch/arm/include/asm/armv7.h
> index 296dc92..17bb497 100644
> --- a/arch/arm/include/asm/armv7.h
> +++ b/arch/arm/include/asm/armv7.h
> @@ -75,11 +75,11 @@ void v7_outer_cache_flush_range(u32 start, u32 end);
> void v7_outer_cache_inval_range(u32 start, u32 end);
>
> #ifdef CONFIG_ARMV7_VIRT
> -int armv7_switch_nonsec(void);
> +int armv7_switch_hyp(void);
>
> /* defined in cpu/armv7/start.S */
> void _smp_pen(void);
> -void _nonsec_gic_switch(void);
> +void _hyp_gic_switch(void);
> #endif /* CONFIG_ARMV7_VIRT */
>
> #endif
> diff --git a/arch/arm/lib/bootm.c b/arch/arm/lib/bootm.c
> index a3d3aae..552ba59 100644
> --- a/arch/arm/lib/bootm.c
> +++ b/arch/arm/lib/bootm.c
> @@ -324,12 +324,15 @@ static void boot_prep_linux(bootm_headers_t *images)
> #endif /* all tags */
> }
> #ifdef CONFIG_ARMV7_VIRT
> - switch (armv7_switch_nonsec()) {
> + switch (armv7_switch_hyp()) {
> case 0:
> - debug("entered non-secure state\n");
> + debug("entered HYP mode\n");
> + break;
> + case 1:
> + debug("CPU already in HYP mode\n");
> break;
> case 2:
> - printf("HYP mode: Security extensions not implemented.\n");
> + printf("HYP mode: Virtualization extensions not implemented.\n");
> break;
> case 3:
> printf("HYP mode: CPU not supported (must be Cortex-A15 or A7).\n");
> @@ -337,6 +340,9 @@ static void boot_prep_linux(bootm_headers_t *images)
> case 4:
> printf("HYP mode: PERIPHBASE is above 4 GB, cannot access this.\n");
> break;
> + case 5:
> + printf("HYP mode: switch not successful.\n");
> + break;
> }
> #endif
> }
> diff --git a/arch/arm/lib/virt-v7.c b/arch/arm/lib/virt-v7.c
> index 0248010..3883463 100644
> --- a/arch/arm/lib/virt-v7.c
> +++ b/arch/arm/lib/virt-v7.c
> @@ -3,6 +3,7 @@
> * Andre Przywara, Linaro
> *
> * routines to push ARMv7 processors from secure into non-secure state
> + * and from non-secure SVC into HYP mode
> * needed to enable ARMv7 virtualization for current hypervisors
> *
> * See file CREDITS for list of people who contributed to this
> @@ -43,16 +44,20 @@ static inline unsigned int read_cpsr(void)
> return reg;
> }
>
> -int armv7_switch_nonsec(void)
> +int armv7_switch_hyp(void)
> {
> unsigned int reg;
> volatile unsigned int *gicdptr;
> unsigned itlinesnr, i;
> unsigned int *sysflags;
>
> - /* check whether the CPU supports the security extensions */
> + /* check whether we are in HYP mode already */
> + if ((read_cpsr() & 0x1F) == 0x1a)
> + return 1;
> +
> + /* check whether the CPU supports the virtualization extensions */
> asm("mrc p15, 0, %0, c0, c1, 1\n" : "=r"(reg));
> - if ((reg & 0xF0) == 0)
> + if ((reg & 0xF000) != 0x1000)
> return 2;
>
> /* the timer frequency for the generic timer needs to be
> @@ -73,8 +78,8 @@ int armv7_switch_nonsec(void)
> */
>
> /* check whether we are an Cortex-A15 or A7.
> - * The actual non-secure switch should work with all CPUs supporting
> - * the security extension, but we need the GIC address,
> + * The actual HYP switch should work with all CPUs supporting
> + * the virtualization extension, but we need the GIC address,
> * which we know only for sure for those two CPUs.
> */
> asm("mrc p15, 0, %0, c0, c0, 0\n" : "=r"(reg));
> @@ -113,8 +118,11 @@ int armv7_switch_nonsec(void)
> sysflags[0] = (uintptr_t)_smp_pen;
> gicdptr[GICD_SGIR / 4] = 1U << 24;
>
> - /* call the non-sec switching code on this CPU also */
> - _nonsec_gic_switch();
> + /* call the HYP switching code on this CPU also */
> + _hyp_gic_switch();
> +
> + if ((read_cpsr() & 0x1F) != 0x1a)
> + return 5;
this is really a fatal crash right? We probably don't want to try and
proceed with boot at this point.
>
> return 0;
> }
> --
> 1.7.12.1
>
next prev parent reply other threads:[~2013-05-31 5:43 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-06 13:17 [U-Boot] [PATCH 0/6] ARMv7: Add HYP mode switching support Andre Przywara
2013-05-06 13:17 ` [U-Boot] [PATCH 1/6] ARM: add secure monitor handler to switch to non-secure state Andre Przywara
2013-05-23 10:52 ` Albert ARIBAUD
2013-05-23 12:14 ` Marc Zyngier
2013-05-23 12:34 ` Albert ARIBAUD
2013-05-23 12:40 ` Albert ARIBAUD
2013-05-23 12:41 ` Albert ARIBAUD
2013-05-23 13:00 ` Peter Maydell
2013-05-23 14:08 ` Albert ARIBAUD
2013-05-23 14:47 ` Albert ARIBAUD
2013-05-26 22:42 ` Andre Przywara
2013-05-31 1:02 ` Christoffer Dall
2013-05-31 9:23 ` Andre Przywara
2013-05-31 17:21 ` Albert ARIBAUD
2013-05-31 23:50 ` Christoffer Dall
2013-06-01 10:06 ` Albert ARIBAUD
2013-06-01 10:11 ` Albert ARIBAUD
2013-05-06 13:17 ` [U-Boot] [PATCH 2/6] ARM: add assembly routine " Andre Przywara
2013-05-31 3:04 ` Christoffer Dall
2013-05-31 9:26 ` Andre Przywara
2013-05-31 23:50 ` Christoffer Dall
2013-05-06 13:17 ` [U-Boot] [PATCH 3/6] ARM: switch to non-secure state during bootm execution Andre Przywara
2013-05-31 5:10 ` Christoffer Dall
2013-05-31 9:30 ` Andre Przywara
2013-05-31 23:50 ` Christoffer Dall
2013-05-06 13:17 ` [U-Boot] [PATCH 4/6] ARM: add SMP support for non-secure switch Andre Przywara
2013-05-31 5:32 ` Christoffer Dall
2013-05-31 9:32 ` Andre Przywara
2013-05-31 23:51 ` Christoffer Dall
2013-06-07 11:00 ` TigerLiu at viatech.com.cn
2013-05-06 13:17 ` [U-Boot] [PATCH 5/6] ARM: extend non-secure switch to also go into HYP mode Andre Przywara
2013-05-09 18:56 ` Tom Rini
2013-05-31 5:43 ` Christoffer Dall [this message]
2013-05-31 9:34 ` Andre Przywara
2013-05-31 23:51 ` Christoffer Dall
2013-05-06 13:17 ` [U-Boot] [PATCH 6/6] ARM: VExpress: enable ARMv7 virt support for VExpress A15 Andre Przywara
2013-05-23 10:52 ` [U-Boot] [PATCH 0/6] ARMv7: Add HYP mode switching support Albert ARIBAUD
2013-05-26 22:51 ` Andre Przywara
2013-05-31 6:11 ` Christoffer Dall
2013-05-31 6:36 ` Andre Przywara
2013-05-31 23:49 ` Christoffer Dall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130531054313.GE3189@ubuntu \
--to=christoffer.dall@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox