1 /*
2  * Copyright (c) 2022, Google, Inc. All rights reserved
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining
5  * a copy of this software and associated documentation files
6  * (the "Software"), to deal in the Software without restriction,
7  * including without limitation the rights to use, copy, modify, merge,
8  * publish, distribute, sublicense, and/or sell copies of the Software,
9  * and to permit persons to whom the Software is furnished to do so,
10  * subject to the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
18  * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
19  * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
20  * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
21  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
22  */
23 
24 #include <arch/arm64/sregs.h>
25 #include <arch/arm64.h>
26 #include <arch/pan.h>
27 #include <inttypes.h>
28 #include <lk/init.h>
29 #include <stdio.h>
30 
arm64_pan_support_level(void)31 static uint8_t arm64_pan_support_level(void) {
32     uint64_t v = ARM64_READ_SYSREG(id_aa64mmfr1_el1);
33     return ((v >> ID_AA64MMFR1_EL1_PAN_SHIFT) & ID_AA64MMFR1_EL1_PAN_MASK);
34 }
35 
arm64_pan_init(uint level)36 static void arm64_pan_init(uint level) {
37     const uint8_t pan_support = arm64_pan_support_level();
38 
39     if (pan_support != ID_AA64MMFR1_EL1_PAN_NOT_SUPPORTED) {
40         uint64_t sctlr_el1;
41 
42         arm64_enable_pan();
43 
44         /* clear SPAN bit in SCTLR_EL1 - exceptions to EL1 set PSTATE.PAN */
45         sctlr_el1 = ARM64_READ_SYSREG(SCTLR_EL1);
46         sctlr_el1 &= ~(1ull << SCTLR_EL1_SPAN_SHIFT);
47 
48         /* set EPAN if PAN3 supported - don't allocate cache for speculative
49          * accesses which would generate a Permission fault if not speculative.
50          */
51         if (pan_support == ID_AA64MMFR1_EL1_PAN3_SUPPORTED) {
52             sctlr_el1 |= 1ull << SCTLR_EL1_EPAN_SHIFT;
53         }
54 
55         ARM64_WRITE_SYSREG(SCTLR_EL1, sctlr_el1);
56     }
57 }
58 
LK_INIT_HOOK_FLAGS(arm64_pan_init,arm64_pan_init,LK_INIT_LEVEL_ARCH,LK_INIT_FLAG_ALL_CPUS)59 LK_INIT_HOOK_FLAGS(arm64_pan_init,
60                    arm64_pan_init,
61                    LK_INIT_LEVEL_ARCH,
62                    LK_INIT_FLAG_ALL_CPUS)
63 
64 bool arm64_pan_supported(void) {
65     return arm64_pan_support_level() != ID_AA64MMFR1_EL1_PAN_NOT_SUPPORTED;
66 }
67 
arm64_pan_enabled(void)68 bool arm64_pan_enabled(void) {
69     /* Only access PAN sysreg if supported to avoid UNDEFINED */
70     return arm64_pan_supported() &&
71            ((ARM64_READ_SYSREG(PAN) >> PAN_PAN_SHIFT) & PAN_PAN_MASK) != 0;
72 }
73 
arm64_disable_pan(void)74 void arm64_disable_pan(void) {
75     if (arm64_pan_supported()) {
76         uint64_t pan = ARM64_READ_SYSREG(PAN);
77         pan &= ~(1ull << PAN_PAN_SHIFT);
78         ARM64_WRITE_SYSREG(PAN, pan);
79     }
80 }
81 
arm64_enable_pan(void)82 void arm64_enable_pan(void) {
83     if (arm64_pan_supported()) {
84         uint64_t pan = ARM64_READ_SYSREG(PAN);
85         pan |= 1ull << PAN_PAN_SHIFT;
86         ARM64_WRITE_SYSREG(PAN, pan);
87     }
88 }
89