alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

esp32c6: Enable IRAM-DRAM split using PMP

Browse Source
This commit is contained in:
Sachin Parekh 2022-11-22 19:25:24 +05:30
parent 7b1bbd59eb
commit 7af998d23f
5 changed files with 196 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

197
components/esp_hw_support/cpu.c
View File

@ -289,6 +289,44 @@ void esp_cpu_intr_get_desc(int core_id, int intr_num, esp_cpu_intr_desc_t *intr_
*
* ------------------------------------------------------------------------------------------------------------------ */
#if SOC_CPU_HAS_PMA
static void esp_cpu_configure_invalid_regions(void)
{
const unsigned PMA_NONE = PMA_EN;
__attribute__((unused)) const unsigned PMA_RW = PMA_EN | PMA_R | PMA_W;
__attribute__((unused)) const unsigned PMA_RX = PMA_EN | PMA_R | PMA_X;
__attribute__((unused)) const unsigned PMA_RWX = PMA_EN | PMA_R | PMA_W | PMA_X;
// 1. Gap at bottom of address space
PMA_ENTRY_SET_TOR(0, SOC_DEBUG_LOW, PMA_TOR | PMA_NONE);
// 2. Gap between debug region & IROM
PMA_ENTRY_SET_TOR(1, SOC_DEBUG_HIGH, PMA_NONE);
PMA_ENTRY_SET_TOR(2, SOC_IROM_MASK_LOW, PMA_TOR | PMA_NONE);
// 3. Gap between ROM & RAM
PMA_ENTRY_SET_TOR(3, SOC_DROM_MASK_HIGH, PMA_NONE);
PMA_ENTRY_SET_TOR(4, SOC_IRAM_LOW, PMA_TOR | PMA_NONE);
// 4. Gap between DRAM and I_Cache
PMA_ENTRY_SET_TOR(5, SOC_IRAM_HIGH, PMA_NONE);
PMA_ENTRY_SET_TOR(6, SOC_IROM_LOW, PMA_TOR | PMA_NONE);
// 5. Gap between D_Cache & LP_RAM
PMA_ENTRY_SET_TOR(7, SOC_DROM_HIGH, PMA_NONE);
PMA_ENTRY_SET_TOR(8, SOC_RTC_IRAM_LOW, PMA_TOR | PMA_NONE);
// 6. Gap between LP memory & peripheral addresses
PMA_ENTRY_SET_TOR(9, SOC_RTC_IRAM_HIGH, PMA_NONE);
PMA_ENTRY_SET_TOR(10, SOC_PERIPHERAL_LOW, PMA_TOR | PMA_NONE);
// 7. End of address space
PMA_ENTRY_SET_TOR(11, SOC_PERIPHERAL_HIGH, PMA_NONE);
PMA_ENTRY_SET_TOR(12, UINT32_MAX, PMA_TOR | PMA_NONE);
}
#endif
#if CONFIG_IDF_TARGET_ESP32 || CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
void esp_cpu_configure_region_protection(void)
{
@ -522,85 +560,138 @@ void esp_cpu_configure_region_protection(void)
PMP_ENTRY_CFG_SET(14, NONE);
PMP_ENTRY_CFG_SET(15, PMP_TOR | NONE);
}
#elif CONFIG_IDF_TARGET_ESP32C6 // TODO: IDF-5642
#elif CONFIG_IDF_TARGET_ESP32C6
#ifdef BOOTLOADER_BUILD
// Without L bit set
#define CONDITIONAL_NONE 0x0
#define CONDITIONAL_RX PMP_R | PMP_X
#define CONDITIONAL_RW PMP_R | PMP_W
#define CONDITIONAL_RWX PMP_R | PMP_W | PMP_X
#else
// With L bit set
#define CONDITIONAL_NONE PMP_NONE
#define CONDITIONAL_RX PMP_RX
#define CONDITIONAL_RW PMP_RW
#define CONDITIONAL_RWX PMP_RWX
#endif
void esp_cpu_configure_region_protection(void)
{
/* Notes on implementation:
*
* 1) Note: ESP32-C6 CPU doesn't support overlapping PMP regions
*
* 2) Therefore, we use TOR (top of range) entries to map the whole address
* space, bottom to top.
* 2) ESP32-C6 supports 16 PMA regions so we use this feature to block all the invalid address ranges
*
* 3) There are not enough entries to describe all the memory regions 100% accurately.
* 3) We use combination of NAPOT (Naturally Aligned Power Of Two) and TOR (top of range)
* entries to map all the valid address space, bottom to top. This leaves us with some extra PMP entries
* which can be used to provide more granular access
*
* 4) This means some gaps (invalid memory) are accessible. Priority for extending regions
* to cover gaps is to extend read-only or read-execute regions or read-only regions only
* (executing unmapped addresses should always fault with invalid instruction, read-only means
* stores will correctly fault even if reads may return some invalid value.)
*
* 5) Entries are grouped in order with some static asserts to try and verify everything is
* 4) Entries are grouped in order with some static asserts to try and verify everything is
* correct.
*/
const unsigned NONE = PMP_L | PMP_TOR;
const unsigned RW = PMP_L | PMP_TOR | PMP_R | PMP_W;
const unsigned RX = PMP_L | PMP_TOR | PMP_R | PMP_X;
const unsigned RWX = PMP_L | PMP_TOR | PMP_R | PMP_W | PMP_X;
// 1. Gap at bottom of address space
PMP_ENTRY_SET(0, SOC_DEBUG_LOW, NONE);
/* There are 4 configuration scenarios for SRAM
*
* 1. Bootloader build:
* - We cannot set the lock bit as we need to reconfigure it again for the application.
* We configure PMP to cover entire valid IRAM and DRAM range.
*
* 2. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT enabled
* - We split the SRAM into IRAM and DRAM such that IRAM region cannot be written to
* and DRAM region cannot be executed. We use _iram_end and _data_start markers to set the boundaries.
* We also lock these entries so the R/W/X permissions are enforced even for machine mode
*
* 3. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT disabled
* - The IRAM-DRAM split is not enabled so we just need to ensure that access to only valid address ranges are successful
* so for that we set PMP to cover entire valid IRAM and DRAM region.
* We also lock these entries so the R/W/X permissions are enforced even for machine mode
*
* 4. CPU is in OCD debug mode
* - The IRAM-DRAM split is not enabled so that OpenOCD can write and execute from IRAM.
* We set PMP to cover entire valid IRAM and DRAM region.
* We also lock these entries so the R/W/X permissions are enforced even for machine mode
*/
const unsigned PMP_NONE = PMP_L;
const unsigned PMP_RW = PMP_L | PMP_R | PMP_W;
const unsigned PMP_RX = PMP_L | PMP_R | PMP_X;
const unsigned PMP_RWX = PMP_L | PMP_R | PMP_W | PMP_X;
// 2. Debug region
PMP_ENTRY_SET(1, SOC_DEBUG_HIGH, RWX);
//
// Configure all the invalid address regions using PMA
//
esp_cpu_configure_invalid_regions();
//
// Configure all the valid address regions using PMP
//
// 1. Debug region
const uint32_t pmpaddr0 = PMPADDR_NAPOT(SOC_DEBUG_LOW, SOC_DEBUG_HIGH);
PMP_ENTRY_SET(0, pmpaddr0, PMP_NAPOT | PMP_RWX);
_Static_assert(SOC_DEBUG_LOW < SOC_DEBUG_HIGH, "Invalid CPU debug region");
// 3. Gap between debug region & IROM
PMP_ENTRY_SET(2, SOC_IROM_MASK_LOW, NONE);
_Static_assert(SOC_DEBUG_HIGH < SOC_IROM_MASK_LOW, "Invalid PMP entry order");
// 2.1 I-ROM
PMP_ENTRY_SET(1, SOC_IROM_MASK_LOW, PMP_NONE);
PMP_ENTRY_SET(2, SOC_IROM_MASK_HIGH, PMP_TOR | PMP_RX);
_Static_assert(SOC_IROM_MASK_LOW < SOC_IROM_MASK_HIGH, "Invalid I-ROM region");
// 4. ROM
PMP_ENTRY_SET(3, SOC_DROM_MASK_HIGH, RX);
_Static_assert(SOC_IROM_MASK_LOW < SOC_DROM_MASK_HIGH, "Invalid ROM region");
// 2.2 D-ROM
PMP_ENTRY_SET(3, SOC_DROM_MASK_LOW, PMP_NONE);
PMP_ENTRY_SET(4, SOC_DROM_MASK_HIGH, PMP_TOR | PMP_R);
_Static_assert(SOC_DROM_MASK_LOW < SOC_DROM_MASK_HIGH, "Invalid D-ROM region");
// 5. Gap between ROM & RAM
PMP_ENTRY_SET(4, SOC_IRAM_LOW, NONE);
_Static_assert(SOC_DROM_MASK_HIGH < SOC_IRAM_LOW, "Invalid PMP entry order");
if (esp_cpu_dbgr_is_attached()) {
// Anti-FI check that cpu is really in ocd mode
ESP_FAULT_ASSERT(esp_cpu_dbgr_is_attached());
// 6. RAM
PMP_ENTRY_SET(5, SOC_IRAM_HIGH, RWX);
_Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region");
// 5. IRAM and DRAM
const uint32_t pmpaddr5 = PMPADDR_NAPOT(SOC_IRAM_LOW, SOC_IRAM_HIGH);
PMP_ENTRY_SET(5, pmpaddr5, PMP_NAPOT | PMP_RWX);
_Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region");
} else {
#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
extern int _iram_end;
// 5. IRAM and DRAM
PMP_ENTRY_SET(5, SOC_IRAM_LOW, PMP_NONE);
PMP_ENTRY_SET(6, (int)&_iram_end, PMP_TOR | PMP_RX);
PMP_ENTRY_SET(7, SOC_DRAM_HIGH, PMP_TOR | PMP_RW);
#else
// 5. IRAM and DRAM
const uint32_t pmpaddr5 = PMPADDR_NAPOT(SOC_IRAM_LOW, SOC_IRAM_HIGH);
PMP_ENTRY_SET(5, pmpaddr5, PMP_NAPOT | CONDITIONAL_RWX);
_Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region");
#endif
}
// 7. Gap between DRAM and I_Cache
PMP_ENTRY_SET(6, SOC_IROM_LOW, NONE);
_Static_assert(SOC_IRAM_HIGH < SOC_IROM_LOW, "Invalid PMP entry order");
// 8. I_Cache (flash)
PMP_ENTRY_SET(7, SOC_IROM_HIGH, RWX);
// 4. I_Cache (flash)
const uint32_t pmpaddr8 = PMPADDR_NAPOT(SOC_IROM_LOW, SOC_IROM_HIGH);
PMP_ENTRY_SET(8, pmpaddr8, PMP_NAPOT | PMP_RX);
_Static_assert(SOC_IROM_LOW < SOC_IROM_HIGH, "Invalid I_Cache region");
// 9. D_Cache (flash)
PMP_ENTRY_SET(8, SOC_DROM_HIGH, RW);
// 5. D_Cache (flash)
const uint32_t pmpaddr9 = PMPADDR_NAPOT(SOC_DROM_LOW, SOC_DROM_HIGH);
PMP_ENTRY_SET(9, pmpaddr9, PMP_NAPOT | PMP_R);
_Static_assert(SOC_DROM_LOW < SOC_DROM_HIGH, "Invalid D_Cache region");
// 10. Gap between D_Cache & LP_RAM
PMP_ENTRY_SET(9, SOC_RTC_IRAM_LOW, NONE);
_Static_assert(SOC_DROM_HIGH < SOC_RTC_IRAM_LOW, "Invalid PMP entry order");
// 16. LP memory
PMP_ENTRY_SET(10, SOC_RTC_IRAM_HIGH, RWX);
// 6. LP memory
#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD
extern int _rtc_text_end;
PMP_ENTRY_SET(10, SOC_RTC_IRAM_LOW, PMP_NONE);
PMP_ENTRY_SET(11, (int)&_rtc_text_end, PMP_TOR | PMP_RX);
PMP_ENTRY_SET(12, SOC_RTC_IRAM_HIGH, PMP_TOR | PMP_RW);
#else
const uint32_t pmpaddr10 = PMPADDR_NAPOT(SOC_RTC_IRAM_LOW, SOC_RTC_IRAM_HIGH);
PMP_ENTRY_SET(10, pmpaddr10, PMP_NAPOT | CONDITIONAL_RWX);
_Static_assert(SOC_RTC_IRAM_LOW < SOC_RTC_IRAM_HIGH, "Invalid RTC IRAM region");
#endif
// 17. Gap between LP memory & peripheral addresses
PMP_ENTRY_SET(11, SOC_PERIPHERAL_LOW, NONE);
_Static_assert(SOC_RTC_IRAM_HIGH < SOC_PERIPHERAL_LOW, "Invalid PMP entry order");
// 18. Peripheral addresses
PMP_ENTRY_SET(12, SOC_PERIPHERAL_HIGH, RW);
// 7. Peripheral addresses
const uint32_t pmpaddr13 = PMPADDR_NAPOT(SOC_PERIPHERAL_LOW, SOC_PERIPHERAL_HIGH);
PMP_ENTRY_SET(13, pmpaddr13, PMP_NAPOT | PMP_RW);
_Static_assert(SOC_PERIPHERAL_LOW < SOC_PERIPHERAL_HIGH, "Invalid peripheral region");
// 19. End of address space
PMP_ENTRY_SET(13, UINT32_MAX, NONE); // all but last 4 bytes
PMP_ENTRY_SET(14, UINT32_MAX, PMP_L | PMP_NA4); // last 4 bytes
}
#endif

9
components/esp_hw_support/port/esp32c6/esp_memprot.c
View File

@ -1,9 +0,0 @@
/*
* SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
// TODO: IDF-5684
// ESP32C6 has no memory permission management mechanism based on dividing lines,
// TEE-based implementation can be added here

41
components/riscv/include/riscv/csr.h
View File

@ -38,6 +38,47 @@ extern "C" {
#include "encoding.h"
#include "esp_assert.h"
/********************************************************
Physical Memory Attributes (PMA) register fields
(privileged spec)
********************************************************/
/********************************************************
PMA CSR and TOR & NAPOT macros
********************************************************/
#define CSR_PMACFG0 0xBC0
#define CSR_PMAADDR0 0xBD0
#define PMA_EN BIT(0)
#define PMA_R BIT(4)
#define PMA_W BIT(3)
#define PMA_X BIT(2)
#define PMA_L BIT(29)
#define PMA_SHIFT 2
#define PMA_TOR 0x40000000
#define PMA_NA4 0x80000000
#define PMA_NAPOT 0xC0000000
#define PMA_NONCACHEABLE BIT(27)
#define PMA_WRITETHROUGH BIT(26)
#define PMA_WRITEMISSNOALLOC BIT(25)
#define PMA_READMISSNOALLOC BIT(24)
#define PMA_ENTRY_SET_TOR(ENTRY, ADDR, CFG) \
do { \
RV_WRITE_CSR((CSR_PMAADDR0) + (ENTRY), (ADDR) >> (PMA_SHIFT)); \
RV_WRITE_CSR((CSR_PMACFG0) + (ENTRY), CFG); \
} while (0)
#define PMA_ENTRY_SET_NAPOT(ENTRY, ADDR, SIZE, CFG) \
do { \
ESP_STATIC_ASSERT(__builtin_popcount((SIZE)) == 1, "Size must be a power of 2"); \
ESP_STATIC_ASSERT((ADDR) % ((SIZE)) == 0, "Addr must be aligned to size"); \
RV_WRITE_CSR((CSR_PMAADDR0) + (ENTRY), ((ADDR) | ((SIZE >> 1) - 1)) >> 2); \
RV_WRITE_CSR((CSR_PMACFG0) + (ENTRY), CFG); \
} while (0)
/********************************************************
Physical Memory Protection (PMP) register fields
(privileged spec)

16
components/soc/esp32c6/include/soc/Kconfig.soc_caps.in
View File

@ -223,6 +223,14 @@ config SOC_CPU_WATCHPOINT_SIZE
hex
default 0x80000000
config SOC_CPU_HAS_PMA
bool
default y
config SOC_CPU_IDRAM_SPLIT_USING_PMP
bool
default y
config SOC_MMU_PAGE_SIZE_CONFIGURABLE
bool
default y
@ -791,14 +799,6 @@ config SOC_FLASH_ENCRYPTION_XTS_AES_128
bool
default y
config SOC_MEMPROT_CPU_PREFETCH_PAD_SIZE
int
default 16
config SOC_MEMPROT_MEM_ALIGN_SIZE
int
default 512
config SOC_UART_NUM
int
default 2

8
components/soc/esp32c6/include/soc/soc_caps.h
View File

@ -57,7 +57,6 @@
#define SOC_ECC_SUPPORTED 1
#define SOC_FLASH_ENC_SUPPORTED 1
#define SOC_SECURE_BOOT_SUPPORTED 1
// #define SOC_MEMPROT_SUPPORTED 1 // TODO: IDF-5684
/*-------------------------- XTAL CAPS ---------------------------------------*/
#define SOC_XTAL_SUPPORT_40M 1
@ -121,6 +120,9 @@
#define SOC_CPU_WATCHPOINTS_NUM 4
#define SOC_CPU_WATCHPOINT_SIZE 0x80000000 // bytes
#define SOC_CPU_HAS_PMA 1
#define SOC_CPU_IDRAM_SPLIT_USING_PMP 1
// TODO: IDF-5339 (Copy from esp32c3, need check)
/*-------------------------- MMU CAPS ----------------------------------------*/
#define SOC_MMU_PAGE_SIZE_CONFIGURABLE (1)
@ -218,7 +220,6 @@
/*-------------------------- MMU CAPS ----------------------------------------*/
#define SOC_MMU_DI_VADDR_SHARED (1) /*!< D/I vaddr are shared */
// TODO: IDF-5684 (Copy from esp32c3, need check)
/*-------------------------- MPU CAPS ----------------------------------------*/
#define SOC_MPU_CONFIGURABLE_REGIONS_SUPPORTED 0
#define SOC_MPU_MIN_REGION_SIZE 0x20000000U
@ -384,10 +385,7 @@
#define SOC_FLASH_ENCRYPTION_XTS_AES 1
#define SOC_FLASH_ENCRYPTION_XTS_AES_128 1
// TODO: IDF-5684 (Copy from esp32c3, need check)
/*-------------------------- MEMPROT CAPS ------------------------------------*/
#define SOC_MEMPROT_CPU_PREFETCH_PAD_SIZE 16
#define SOC_MEMPROT_MEM_ALIGN_SIZE 512
// TODO: IDF-5338 (Copy from esp32c3, need check)
/*-------------------------- UART CAPS ---------------------------------------*/