As-per RISC-V hypervisor v0.5 spec, we have new guest page faults
which need to be delegated to HS-mode.
Also, we can have bits in in MIDELEG and MEDELEG hardwired to 1
which means we need to fix the sainty check on these CSRs at the
end of delegate_traps() function.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
The break statement is missing in base extension function handling.
Fix the typo.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Xiang Wang <merle@hardenedlinux.org>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
On some platforms, misa may not be implemented. On such a platform,
reading misa will get 0. At this time, platform is required to
implement a non-standard function to detect the CPU's capabilities.
Therefore, this modification add interfaces for non-standard function.
The MXL field of misa is always at the highest two bits, whether it
is a 32-bit 64-bit or a 128-bit machine. Therefore, this modification
fixes the use of a fixed offset to detect the machine length.
Signed-off-by: Xiang Wang <merle@hardenedlinux.org>
Signed-off-by: Anup Patel <anup.patel@wdc.com>
The out_tcause and out_tval parameters are not sufficient for most
sbi_ecall functions because this will grow in-future when we support
RISC-V hypervisor v0.5 draft. We replace these parameters with out_trap
which is a pointer to struct sbi_trap_info.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
The unpriv APIs can be useful to external firmware and out-of-tree
platform support code.
This patch adds "sbi_" prefix to unpriv load/store APIs and rename
struct riscv_unpriv to struct sbi_trap_info everywhere. We also
place struct sbi_trap_info in sbi/sbi_trap.h so that we can use
it for sbi_trap_redirect() as well.
Overall, this patch will make naming of unpriv APIs consistent
with other OpenSBI APIs.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
We don't need to set VSSTATUS.MXR bit in get_insn() for
unpriv instruction read because MSTATUS.MXR bit applies
to both "Stage1" and "Stage2" page tables.
This also allows us to remove the "virt" parameter of
get_insn() function.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
We simplify struct unpriv_trap by removing ilen member. This
can be achieved by ensuring that at all unpriv load/store
instructions are 4 bytes long using GCC assembler option.
Additionally, this also reduces few instructions from unpriv
load/store functions.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
Building the date and time into the binary means the OpenSBI isn't
reproducible. We don't really need the time so let's remove it.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
SBI v0.2 specification allows vendor extensions and it should be
implemented in a independent of the core sbi library.
Introduce a single platform callback that will let platforms handle
all vendor extensions in platform specific code if they want.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
SBI v0.2 introduces a base specification which is mandatory to
implement for any SBI implementations that is not legacy.
Add support for the base extension.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
An ecall handler should only return error if valid SBI function
fails. Otherwise, it should succeed with appropriate error in a0.
Get rid of unnecessary setting of the temporary return variable to
zero for the cases where errors are not expected.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
Current SBI implementation is now considered as version 0.1 and will be
removed/replaced with newer extension/functions in future.
Rename the existing implementations accordingly to be in sync with the
specification.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Zong Li <zong.li@sifive.com>
If we are running on RISC-V emulator/simulator with large number of
HARTs where each HART is a regular thread under UNIX host then it is
possible that some of the secondary HARTs don't get chance to run and
sbi_hart_wake_coldboot_harts() is called before secondary HARTs call
sbi_hart_wait_for_coldboot(). In this situation, some of the secondary
HARTs will never come-out of coldboot wait loop.
To tackle this, we introduce a global flag coldboot_done which will
be protected by coldboot lock and it will be set by primary HART from
sbi_hart_wake_coldboot_harts() before waking-up secondary HARTs. We
also re-arrange acquire/release of coldboot lock to reduce further
chances of race-condition.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Nylon Chen<nylon7@andestech.com>
For platforms not having TIME CSR, we trap-n-emulate TIME CSR
read/write in OpenSBI. Same rationale applies to HTIMEDELTA CSR
as well so we trap-n-emulate HTIMEDELTA CSR for platforms not
having TIME CSR.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Current implementation of get_insn() is not suitable for reading
instruction from VS/VU mode because we have to set SSTATUS_MXR bit
in VSSTATUS CSR for reading instruction from VS/VU mode.
This patch extends get_insn() to read instruction from VS/VU mode.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The WFI will trap as illegal instruction trap when executed
in VS/VU mode so we just forward/redirect it to HS-mode so
that hypervisor can deal with it appropriately.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
When hypervisor extension is available, we can get traps from VS/VU
modes. We should be able to force redirect some of these traps to
HS-mode. In other words, we should be able forward traps from VS/VU
mode to HS-mode using sbi_trap_redirect() hence this patch.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This patch extends sbi_hart_switch_mode() to support entering
VS/VU modes when hypervisor extension is available.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
When hypervisor extension is available, we only handle hypervisor
ecalls coming from HS-mode and we let hypervisor handle ecalls coming
from VS-mode.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
The machine-level MSIP bits are written by accesses to memory-mapped
control registers. Only use CSR instruction for SSIP and USIP.
There is no effect that using CSR instruction to write MSIP when testing
on unleashed board and QEMU.
Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
Currently, the tlb range flush threshold is fixed and set to 4k for
all platforms. However, it should be platform specific as it completely
depends upon how platform actually implements sfence instruction.
Define a platform feature that allows every individual platform to set
different values. If a platform doesn't define it, just use a page size as
the threshold.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
Currently, we upgrade to a full tlb flush only If a tlb flush request
size is greater than the threshold. This is done as sfence in RISC-V
can only flush 4KB at a time. Doing a large number of flushes page by
page impacts the performance. It is better to do a full tlbflush if the
request size is at least equal to the threshold size.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
If compiler supports riscv atomic instructions, we should
use them instead of legacy gcc built-in macros
__sync_lock_test_and_set in atomic exchange functions.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
To read 64bit time in 32 bit we have to read lower & upper half
separately and 'or' them together. However, upper half time may
have changed by the time we read lower half. Thus, the resultant
64 bit time may not be accurate.
Consider lower half time value only if upper half time value has
not changed.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
OpenSBI includes a version, but that is only updated when tagged. For
users that are using the git releases we instead end up with an
ambiguous version number, which makes it hard to figure out what
everyone is using. This patch checks for a git directory and prints out
the result of `git describe`, which is a mix of pretty and unambiguous.
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
OpenSBI manages outstanding TLB flush requests by queueing
them in a fifo synchronously. An ipi sync which uses an
atomic operation on MMIO address is no longer required.
Remove the ipi sync method from platform header and all usage.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
Linux kernel expects tlb flush SBI call to be completely synchronous i.e.
the SBI call should only return once corresponding *fence* instruction is
executed.
OpenSBI manages the outstanding TLB flush requests by keeping them in a
per hart based fifo. However, there are few corner cases that may lead to
race conditions while updating the fifo.
Currently, the caller hart waits for IPI acknowledgement via clint
address which is not a very good method as synchronization on MMIO may not
be supported in every platform. Moreover, the waiter doesn't have any way of
identifying if the IPI is received for specific tlb flush request or any
other IPI. This may lead to unpredictable behavior in supervisor/user space.
Fix this by waiting on individual fifo entries rather than MMIO address.
Currently, a relaxed loop is being used because wfi again involves MMIO write
which would be slower compared to relaxed loop. To avoid deadlock, fifo
is processed every time a hart loops for fifo enqueue or fifo sync to consume
the tlb flush requests sent by other harts.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Signed-off-by: Atish Patra <atish.patra@wdc.com>
We can get a page/access trap when doing unpriv load/store in
get_insn() function because on a SMP system Linux swapper running
on HART A can unmap pages from page table used by HART B.
To tackle this we extend get_insn() implementation so that if
we get trap in get_insn() then we redirect it to S-mode as fetch
page/access fault.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
In order to prevent a possible null pointer dereference, return early if
either one of 'in' or 'data' is null.
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
In the last argument to sbi_memset() we essentially have the following
multiplication:
size_t = u16 * u16
Due to C's integer semantics, both u16's are implicitly converted to int
before the multiplication, which cannot hold all possible values of a
u16 * u16. If the multiplication overflows, the intermediate result will
be a negative number. On 64-bit platforms, this will be sign-extended to
a huge integer in the conversion to a u64 (aka size_t). Being the size
argument to sbi_memset(), this could potentially cause a large
out-of-bounds write. The solution is to manually cast one of the u16 to
a size_t, which will make it large enough to avoid the implicit
conversion and any overflow.
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
The error check 'plic_off < 0' does nothing, since plic_off is stored as
a u32. Fix this by changing it to an int, which matches the return type of
fdt_node_offset_by_compatible().
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
!(mipval && MIP_MSIP) simplifies to !mipval, which checks if the entire
variable is zero, not just a single bit. Fix this to use bitwise &
instead.
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
We should sbi_dprintf() instead of sbi_printf() for invalid CSRs
because we are forwarding invalid CSR access back to S-mode.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This patch introduces new sbi_dprintf() API for runtime debug
prints. The sbi_dprintf() will print to console for a given
HART only when SBI_SCRATCH_DEBUG_PRINTS option in enabled in
sbi_scratch for this HART.
We can now add debug prints using sbi_dprintf() at important
places in OpenSBI sources. These debug prints will only show
up when previous booting stage or compile time parameter sets
the SBI_SCRATCH_DEBUG_PRINTS option in scratch space.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Currently, we mandate 'F' and 'D' extension in riscv_fp.h so that
misaligned load/store emulation has access to FP registers.
The above is too restrictive and we should certainly allow compilation
for soft-FP toolchains and explicit PLATFORM_RISCV_ISA not having 'F'
and 'D' extensions.
This patch extends riscv_fp.h and misaligned load/store emulation to
allow compiling OpenSBI without FP support.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Although it does not make a functional difference, both cpu_to_fdt32()
and fdt32_to_cpu() pass on to CPU_TO_FDT32, we should use cpu_to_fdt32()
to be semantically correct.
Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
tinyfdt.c was originally added to provide a minimal implementation of
fdt parsing. However, we have already included libfdt in OpenSBI for
more complicated operations.
Remove tinfdt and replace its functiolity using libfdt.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
The drivers and libfdt are built as libsbiutils.a
instead of libplatsbi.a.
libsbiutils.a are not built per platform specific. Thus,
enable all drivers by default.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
All string functions are part of libsbi. It makes more sense
to rename them to sbi_string.x as the libsbi can be linked
with external libraries that can have similar implementation.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
Currently, platform/common contains platform/non-platform specific
common minimal drivers and libraries. This is helpful is all platforms
are built within opensbi framework.
Move them to lib/utils so that any external platform code also can
reuse the minimalistic drivers or other common libraries.
This patch doesn't introduce any functional changes.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
libsbi needs some of the custom libc functions. It should be directly
included in libsbi instead of platform specific libraries.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Acked-by: Anup Patel <anup.patel@wdc.com>
The unpriv load/store instruction from M-mode can cause page/access
fault to M-mode if S-mode page table did not have mappings OR it did
not have PMP access permission.
To tackle this, we redirect trap back to S-mode if unpriv load/store
instruction traps in M-mode.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
This patch adds per-HART trap info pointer which can be used to
communicate trap information to sbi_trap_handler().
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
Currently, the unprivilege load/store functions are inline functions.
We will be extending these functions to track whether a page/access
fault occurs when we execute unprivilege load/store instruction.
To make things simpler and debugable, we reduce number of places which
can potentially generate a page/access fault by making all unprivilege
load/store functions as regular (non-inline) functions.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
This patch factor-out TLB management from IPI management to separate
sources sbi_tlb.c and sbi_tlb.h.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
We have extra space above scratch space (sbi_scratch) which we are
currently using to manage per-HART IPI data and TLB request management.
In future, more parts of OpenSBI will use the extra scratch space so
it will become difficult to manage extra scratch space using just
defines and macros.
This patch adds a simple brain-dead allocator to manage extra scratch
space. This allocator never expects anything to be free-ed hence it
keeps incrementing to next allocation offset until it runs-out of space.
In future, we can have more sophisticated allocator which will allow
us to re-claim free-ed space and also allows us to track owner of
allocated space.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
