diff options
author | Daisuke Nojiri <dnojiri@google.com> | 2013-04-02 17:49:59 -0700 |
---|---|---|
committer | Daisuke Nojiri <dnojiri@google.com> | 2013-09-05 19:06:27 +0000 |
commit | 748154d55f10f260502eb19bdb81298878543329 (patch) | |
tree | f4550d9601398e70e8f9fbda71c7b6af357a0371 /core | |
parent | b0d559a918c8c83dcdb2d57c468b3c50268b2b5f (diff) | |
download | chrome-ec-748154d55f10f260502eb19bdb81298878543329.tar.gz |
Introducing MPU module for Cortex-M3
Preventing instruction fetch from RAM for Link except iram.text, which is used
for hibernation. Stm32 on Snow does not support MPU.
Tested on Link using commands 'crash nxtext/nxdata/nxstack', which run code from
.iram.text, .data section, and the stack, respectively:
...
RAM locked. Exclusion 20005980-200059a0
...
> crash nxtext
Running from 20005984
> crash nxdata
=== PROCESS EXCEPTION: 04 ====== xPSR: 61000000 ===
r0 :00000000 r1 :0000dff2 r2 :00000005 r3 :0000086d
r4 :00000000 r5 :00000032 r6 :2000544c r7 :00000000
r8 :00000000 r9 :20005456 r10:00000000 r11:00000000
r12:20005961 sp :20002748 lr :000008d7 pc :20005960
Instruction access violation
mmfs = 1, shcsr = 70001, hfsr = 0, dfsr = 0
=========== Process Stack Contents ===========
200027b0: 0000086d 00000002 0000d504 00009f27
200027c0: 2000544c 20005452 00000000 00000000
200027d0: 00000000 00000000 00000000 00000000
200027e0: 00000000 00000000 00000000 00000cbb
Rebooting...
> crash nxstack
=== PROCESS EXCEPTION: 04 ====== xPSR: 20000200 ===
r0 :00000070 r1 :00000047 r2 :00000000 r3 :200027a8
r4 :00000000 r5 :00000001 r6 :2000544c r7 :00000000
r8 :00000000 r9 :20005456 r10:00000000 r11:00000000
r12:00000002 sp :20002740 lr :00000913 pc :200027ac
Instruction access violation
mmfs = 1, shcsr = 70001, hfsr = 0, dfsr = 0
=========== Process Stack Contents ===========
200027ac: 00000070 00000047 00000002 0000d57c
200027bc: 00009f9f 2000544c 20005452 00000000
200027cc: 00000000 00000000 00000000 00000000
200027dc: 00000000 00000000 00000000 00000000
Rebooting...
BUG=chrome-os-partner:16904
BRANCH=master
TEST=stated above
Change-Id: I7c6593c527f29609442f33550f9d16755f32297c
Signed-off-by: Daisuke Nojiri <dnojiri@google.com>
Reviewed-on: https://chromium-review.googlesource.com/51337
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'core')
-rw-r--r-- | core/cortex-m/build.mk | 1 | ||||
-rw-r--r-- | core/cortex-m/ec.lds.S | 11 | ||||
-rw-r--r-- | core/cortex-m/include/mpu.h | 84 | ||||
-rw-r--r-- | core/cortex-m/mpu.c | 121 |
4 files changed, 217 insertions, 0 deletions
diff --git a/core/cortex-m/build.mk b/core/cortex-m/build.mk index 5a7877bd02..5f036bc522 100644 --- a/core/cortex-m/build.mk +++ b/core/cortex-m/build.mk @@ -16,3 +16,4 @@ CFLAGS_CPU+=$(CFLAGS_FPU-y) core-y=cpu.o init.o panic.o switch.o task.o timer.o core-$(CONFIG_WATCHDOG)+=watchdog.o +core-$(CONFIG_MPU)+=mpu.o diff --git a/core/cortex-m/ec.lds.S b/core/cortex-m/ec.lds.S index 115310bc28..6d858abd15 100644 --- a/core/cortex-m/ec.lds.S +++ b/core/cortex-m/ec.lds.S @@ -162,9 +162,20 @@ SECTIONS __data_start = .; *(.data.tasks) *(.data) +#ifdef CONFIG_MPU + /* It has to be aligned by 32 bytes to be a valid MPU region. */ + . = ALIGN(32); + __iram_text_start = .; +#else . = ALIGN(4); +#endif *(.iram.text) +#ifdef CONFIG_MPU + . = ALIGN(32); + __iram_text_end = .; +#else . = ALIGN(4); +#endif __data_end = .; /* Shared memory buffer must be at the end of preallocated RAM, so it diff --git a/core/cortex-m/include/mpu.h b/core/cortex-m/include/mpu.h new file mode 100644 index 0000000000..c3a632aff7 --- /dev/null +++ b/core/cortex-m/include/mpu.h @@ -0,0 +1,84 @@ +/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +/* MPU module for Cortex-M3 */ + +#ifndef __CROS_EC_MPU_H +#define __CROS_EC_MPU_H + +#include "common.h" + +#define MPU_TYPE REG32(0xe000ed90) +#define MPU_CTRL REG32(0xe000ed94) +#define MPU_NUMBER REG32(0xe000ed98) +#define MPU_BASE REG32(0xe000ed9c) +#define MPU_SIZE REG16(0xe000eda0) +#define MPU_ATTR REG16(0xe000eda2) + +#define MPU_CTRL_PRIVDEFEN (1 << 2) +#define MPU_CTRL_HFNMIENA (1 << 1) +#define MPU_CTRL_ENABLE (1 << 0) +#define MPU_ATTR_NX (1 << 12) +#define MPU_ATTR_NOACCESS (0 << 8) +#define MPU_ATTR_FULLACCESS (3 << 8) +/* Suggested in table 3-6 of Stellaris LM4F232H5QC Datasheet and table 38 of + * STM32F10xxx Cortex-M3 programming manual for internal sram. */ +#define MPU_ATTR_INTERNALSRAM 6 + +/** + * Configure a region + * + * region: Number of the region to update + * addr: Base address of the region + * size: Size of the region in bytes + * attr: Attribute of the region. Current value will be overwritten if enable + * is set. + * enable: Enables the region if non zero. Otherwise, disables the region. + * + * Returns EC_SUCCESS on success or EC_ERROR_INVAL if a parameter is invalid. + */ +int mpu_config_region(uint8_t region, uint32_t addr, uint32_t size, + uint16_t attr, uint8_t enable); + +/** + * Set a region non-executable. + * + * region: number of the region + * addr: base address of the region + * size: size of the region in bytes + */ +int mpu_nx_region(uint8_t region, uint32_t addr, uint32_t size); + +/** + * Enable MPU */ +void mpu_enable(void); + +/** + * Returns the value of MPU type register + * + * Bit fields: + * [15:8] Number of the data regions implemented or 0 if MPU is not present. + * [1] 0: unified (no distinction between instruction and data) + * 1: separated + */ +uint32_t mpu_get_type(void); + +/* Location of iram.text */ +extern char __iram_text_start; +extern char __iram_text_end; + +/** + * Lock down RAM + */ +int mpu_protect_ram(void); + +/** + * Initialize MPU. + * It disables all regions if MPU is implemented. Otherwise, returns + * EC_ERROR_UNIMPLEMENTED. + */ +int mpu_pre_init(void); + +#endif /* __CROS_EC_MPU_H */ diff --git a/core/cortex-m/mpu.c b/core/cortex-m/mpu.c new file mode 100644 index 0000000000..23d434d7e6 --- /dev/null +++ b/core/cortex-m/mpu.c @@ -0,0 +1,121 @@ +/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +/* MPU module for Chrome EC */ + +#include "mpu.h" +#include "console.h" +#include "registers.h" +#include "task.h" +#include "util.h" + +/** + * Update a memory region. + * + * region: number of the region to update + * addr: base address of the region + * size_bit: size of the region in power of two. + * attr: attribute of the region. Current value will be overwritten if enable + * is set. + * enable: enables the region if non zero. Otherwise, disables the region. + * + * Based on 3.1.4.1 'Updating an MPU Region' of Stellaris LM4F232H5QC Datasheet + */ +static void mpu_update_region(uint8_t region, uint32_t addr, uint8_t size_bit, + uint16_t attr, uint8_t enable) +{ + asm volatile("isb; dsb;"); + + MPU_NUMBER = region; + MPU_SIZE &= ~1; /* Disable */ + if (enable) { + MPU_BASE = addr; + MPU_ATTR = attr; + MPU_SIZE = (size_bit - 1) << 1 | 1; /* Enable */ + } + + asm volatile("isb; dsb;"); +} + +int mpu_config_region(uint8_t region, uint32_t addr, uint32_t size, + uint16_t attr, uint8_t enable) +{ + int size_bit = 0; + + if (!size) + return -EC_ERROR_INVAL; + while (!(size & 1)) { + size_bit++; + size >>= 1; + } + /* Region size must be a power of 2 (size == 0) and equal or larger than + * 32 (size_bit >= 5) */ + if (size > 1 || size_bit < 5) + return -EC_ERROR_INVAL; + + mpu_update_region(region, addr, size_bit, attr, enable); + + return EC_SUCCESS; +} + +int mpu_nx_region(uint8_t region, uint32_t addr, uint32_t size) +{ + return mpu_config_region( + region, addr, size, + MPU_ATTR_NX | MPU_ATTR_FULLACCESS | MPU_ATTR_INTERNALSRAM, 1); +} + +void mpu_enable(void) +{ + MPU_CTRL |= MPU_CTRL_PRIVDEFEN | MPU_CTRL_HFNMIENA | MPU_CTRL_ENABLE; +} + +void mpu_disable(void) +{ + MPU_CTRL &= ~(MPU_CTRL_PRIVDEFEN | MPU_CTRL_HFNMIENA | MPU_CTRL_ENABLE); +} + +uint32_t mpu_get_type(void) +{ + return MPU_TYPE; +} + +/** + * Prevent code from running on RAM. + * We need to allow execution from iram.text. Using higher region# allows us to + * do 'whitelisting' (lock down all then create exceptions). + */ +int mpu_protect_ram(void) +{ + int ret; + + ret = mpu_nx_region(0, CONFIG_RAM_BASE, CONFIG_RAM_SIZE); + if (ret != EC_SUCCESS) + return ret; + + ret = mpu_config_region( + 7, (uint32_t)&__iram_text_start, + (uint32_t)(&__iram_text_end - &__iram_text_start), + MPU_ATTR_FULLACCESS | MPU_ATTR_INTERNALSRAM, 1); + + return ret; +} + +int mpu_pre_init(void) +{ + int i; + + if (mpu_get_type() != 0x00000800) + return EC_ERROR_UNIMPLEMENTED; + + mpu_disable(); + for (i = 0; i < 8; ++i) { + mpu_config_region( + i, CONFIG_RAM_BASE, CONFIG_RAM_SIZE, + MPU_ATTR_FULLACCESS | MPU_ATTR_INTERNALSRAM, 0); + } + + return EC_SUCCESS; +} |