[U-Boot] [PATCH 5/6] ARM: extend non-secure switch to also go into HYP mode

Christoffer Dall christoffer.dall at linaro.org
Fri May 31 07:43:13 CEST 2013 

On Mon, May 06, 2013 at 03:17:49PM +0200, Andre Przywara wrote:
> For the KVM and XEN hypervisors to be usable, we need to enter the
> kernel in HYP mode. Now that we already are in non-secure state,
> HYP mode switching is within short reach.
> 
> While doing the non-secure switch, we have to enable the HVC
> instruction and setup the HYP mode HVBAR (while still secure).
> 
> The actual switch is done by dropping back from a HYP mode handler
> without actually leaving HYP mode, so we introduce a new handler
> routine in the exception vector table.
> 
> In the assembly switching routine - which we rename to hyp_gic_switch
> on the way - we save and restore the banked LR and SP registers
> around the hypercall to do the actual HYP mode switch.
> 
> The C routine first checks whether we are in HYP mode already and
> also whether the virtualization extensions are available. It also
> checks whether the HYP mode switch was finally successful.
> The bootm command part only adds and adjusts some error reporting.
> 
> Signed-off-by: Andre Przywara <andre.przywara at linaro.org>
> ---
>  arch/arm/cpu/armv7/start.S   | 34 +++++++++++++++++++++++-----------
>  arch/arm/include/asm/armv7.h |  4 ++--
>  arch/arm/lib/bootm.c         | 12 +++++++++---
>  arch/arm/lib/virt-v7.c       | 22 +++++++++++++++-------
>  4 files changed, 49 insertions(+), 23 deletions(-)
> 
> diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S
> index 02234c7..921e9d9 100644
> --- a/arch/arm/cpu/armv7/start.S
> +++ b/arch/arm/cpu/armv7/start.S
> @@ -41,7 +41,7 @@ _start: b	reset
>  	ldr	pc, _software_interrupt
>  	ldr	pc, _prefetch_abort
>  	ldr	pc, _data_abort
> -	ldr	pc, _not_used
> +	ldr	pc, _hyp_trap
>  	ldr	pc, _irq
>  	ldr	pc, _fiq
>  #ifdef CONFIG_SPL_BUILD
> @@ -49,7 +49,7 @@ _undefined_instruction: .word _undefined_instruction
>  _software_interrupt:	.word _software_interrupt
>  _prefetch_abort:	.word _prefetch_abort
>  _data_abort:		.word _data_abort
> -_not_used:		.word _not_used
> +_hyp_trap:		.word _hyp_trap
>  _irq:			.word _irq
>  _fiq:			.word _fiq
>  _pad:			.word 0x12345678 /* now 16*4=64 */
> @@ -58,7 +58,7 @@ _undefined_instruction: .word undefined_instruction
>  _software_interrupt:	.word software_interrupt
>  _prefetch_abort:	.word prefetch_abort
>  _data_abort:		.word data_abort
> -_not_used:		.word not_used
> +_hyp_trap:		.word hyp_trap
>  _irq:			.word irq
>  _fiq:			.word fiq
>  _pad:			.word 0x12345678 /* now 16*4=64 */
> @@ -513,12 +513,18 @@ software_interrupt:
>  	mrc	p15, 0, r1, c1, c1, 0		@ read SCR
>  	bic	r1, r1, #0x07f
>  	orr	r1, r1, #0x31			@ enable NS, AW, FW
> +	mrc	p15, 0, r0, c0, c1, 1		@ check for Virt ext
> +	and	r0, r0, #0xf000
> +	cmp	r0, #0x1000

you can just do ands r0, r0 ,#0xf000 and change the orreq below to orrne

> +	orreq	r1, r1, #0x100			@ allow HVC instruction
>  
>  	mrc	p15, 0, r0, c12, c0, 0		@ save secure copy of VBAR
>  	mcr	p15, 0, r1, c1, c1, 0		@ write SCR, switch to non-sec
>  	isb
>  	mcr	p15, 0, r0, c12, c0, 0		@ write non-secure copy of VBAR
>  
> +	mcreq	p15, 4, r0, c12, c0, 0		@ write HYP mode HVBAR
> +

nit: s/HYP mode//

>  	movs	pc, lr
>  
>  	.align	5
> @@ -534,10 +540,9 @@ data_abort:
>  	bl	do_data_abort
>  
>  	.align	5
> -not_used:
> -	get_bad_stack
> -	bad_save_user_regs
> -	bl	do_not_used
> +hyp_trap:
> +	.byte 0x00, 0xe3, 0x0e, 0xe1		@ mrs lr, elr_hyp

do we really need to support this on assemblers that old?

> +	mov pc, lr
>  
>  #ifdef CONFIG_USE_IRQ
>  
> @@ -574,21 +579,21 @@ fiq:
>  #endif /* CONFIG_SPL_BUILD */
>  
>  #ifdef CONFIG_ARMV7_VIRT
> -/* Routine to initialize GIC CPU interface and switch to nonsecure state.
> - * Will be executed directly by secondary CPUs after coming out of
> +/* Routine to initialize GIC CPU interface, switch to nonsecure and to HYP
> + * mode. Will be executed directly by secondary CPUs after coming out of

So now this routine does three different things in different context at
once, why?

>   * WFI, or can be called directly by C code for CPU 0.
>   * Those two paths mandate to not use any stack and to only use registers
>   * r0-r3 to comply with both the C ABI and the requirement of SMP startup
>   * code.
>   */
> -.globl _nonsec_gic_switch
> +.globl _hyp_gic_switch
>  .globl _smp_pen
>  _smp_pen:
>  	mrs	r0, cpsr
>  	orr	r0, r0, #0xc0
>  	msr	cpsr, r0			@ disable interrupts
>  	mov	lr, #0				@ clear LR to mark secondary
> -_nonsec_gic_switch:
> +_hyp_gic_switch:
>  	mrc	p15, 4, r2, c15, c0, 0		@ r2 = PERIPHBASE
>  	add	r3, r2, #0x1000			@ GIC dist i/f offset
>  	mvn	r1, #0
> @@ -628,6 +633,13 @@ _nonsec_gic_switch:
>  	add	r2, r2, #0x1000			@ GIC dist i/f offset
>  	str	r1, [r2]			@ allow private interrupts
>  
> +	mov	r2, lr
> +	mov	r1, sp
> +	.byte 0x70, 0x00, 0x40, 0xe1		@ hvc #0
> +	isb

again, I'm doubtful this isb is necessary when you just did an exception
return.

> +	mov	sp, r1
> +	mov	lr, r2
> +
>  	cmp	lr, #0
>  	movne	pc, lr				@ CPU 0 to return
>  						@ all others: go to sleep
> diff --git a/arch/arm/include/asm/armv7.h b/arch/arm/include/asm/armv7.h
> index 296dc92..17bb497 100644
> --- a/arch/arm/include/asm/armv7.h
> +++ b/arch/arm/include/asm/armv7.h
> @@ -75,11 +75,11 @@ void v7_outer_cache_flush_range(u32 start, u32 end);
>  void v7_outer_cache_inval_range(u32 start, u32 end);
>  
>  #ifdef CONFIG_ARMV7_VIRT
> -int armv7_switch_nonsec(void);
> +int armv7_switch_hyp(void);
>  
>  /* defined in cpu/armv7/start.S */
>  void _smp_pen(void);
> -void _nonsec_gic_switch(void);
> +void _hyp_gic_switch(void);
>  #endif /* CONFIG_ARMV7_VIRT */
>  
>  #endif
> diff --git a/arch/arm/lib/bootm.c b/arch/arm/lib/bootm.c
> index a3d3aae..552ba59 100644
> --- a/arch/arm/lib/bootm.c
> +++ b/arch/arm/lib/bootm.c
> @@ -324,12 +324,15 @@ static void boot_prep_linux(bootm_headers_t *images)
>  #endif /* all tags */
>  	}
>  #ifdef CONFIG_ARMV7_VIRT
> -	switch (armv7_switch_nonsec()) {
> +	switch (armv7_switch_hyp()) {
>  	case 0:
> -		debug("entered non-secure state\n");
> +		debug("entered HYP mode\n");
> +		break;
> +	case 1:
> +		debug("CPU already in HYP mode\n");
>  		break;
>  	case 2:
> -		printf("HYP mode: Security extensions not implemented.\n");
> +		printf("HYP mode: Virtualization extensions not implemented.\n");
>  		break;
>  	case 3:
>  		printf("HYP mode: CPU not supported (must be Cortex-A15 or A7).\n");
> @@ -337,6 +340,9 @@ static void boot_prep_linux(bootm_headers_t *images)
>  	case 4:
>  		printf("HYP mode: PERIPHBASE is above 4 GB, cannot access this.\n");
>  		break;
> +	case 5:
> +		printf("HYP mode: switch not successful.\n");
> +		break;
>  	}
>  #endif
>  }
> diff --git a/arch/arm/lib/virt-v7.c b/arch/arm/lib/virt-v7.c
> index 0248010..3883463 100644
> --- a/arch/arm/lib/virt-v7.c
> +++ b/arch/arm/lib/virt-v7.c
> @@ -3,6 +3,7 @@
>   * Andre Przywara, Linaro
>   *
>   * routines to push ARMv7 processors from secure into non-secure state
> + * and from non-secure SVC into HYP mode
>   * needed to enable ARMv7 virtualization for current hypervisors
>   *
>   * See file CREDITS for list of people who contributed to this
> @@ -43,16 +44,20 @@ static inline unsigned int read_cpsr(void)
>  	return reg;
>  }
>  
> -int armv7_switch_nonsec(void)
> +int armv7_switch_hyp(void)
>  {
>  	unsigned int reg;
>  	volatile unsigned int *gicdptr;
>  	unsigned itlinesnr, i;
>  	unsigned int *sysflags;
>  
> -	/* check whether the CPU supports the security extensions */
> +	/* check whether we are in HYP mode already */
> +	if ((read_cpsr() & 0x1F) == 0x1a)
> +		return 1;
> +
> +	/* check whether the CPU supports the virtualization extensions */
>  	asm("mrc p15, 0, %0, c0, c1, 1\n" : "=r"(reg));
> -	if ((reg & 0xF0) == 0)
> +	if ((reg & 0xF000) != 0x1000)
>  		return 2;
>  
>  	/* the timer frequency for the generic timer needs to be
> @@ -73,8 +78,8 @@ int armv7_switch_nonsec(void)
>  	 */
>  
>  	/* check whether we are an Cortex-A15 or A7.
> -	 * The actual non-secure switch should work with all CPUs supporting
> -	 * the security extension, but we need the GIC address,
> +	 * The actual HYP switch should work with all CPUs supporting
> +	 * the virtualization extension, but we need the GIC address,
>  	 * which we know only for sure for those two CPUs.
>  	 */
>  	asm("mrc p15, 0, %0, c0, c0, 0\n" : "=r"(reg));
> @@ -113,8 +118,11 @@ int armv7_switch_nonsec(void)
>  	sysflags[0] = (uintptr_t)_smp_pen;
>  	gicdptr[GICD_SGIR / 4] = 1U << 24;
>  
> -	/* call the non-sec switching code on this CPU also */
> -	_nonsec_gic_switch();
> +	/* call the HYP switching code on this CPU also */
> +	_hyp_gic_switch();
> +
> +	if ((read_cpsr() & 0x1F) != 0x1a)
> +		return 5;

this is really a fatal crash right? We probably don't want to try and
proceed with boot at this point.

>  
>  	return 0;
>  }
> -- 
> 1.7.12.1
>

More information about the U-Boot mailing list