Without this patch, user-level programs have the ability to
map in the core-local interrupt controller on RISC-V platforms
which contains the memory-mapped registers for the core-local
timer the kernel uses. This is a level of privilege that
user-level programs should not have. Writing to the `mtime`
register is possible which can then affect the timer interrupts
are delivered to the kernel.
Signed-off-by: Ivan-Velickovic <i.velickovic@unsw.edu.au>
The memory mapping for the timer only uses 1K on AllwinnerA20, but
the minimum device mapping is 4K in seL4. Other devices within this
4K page (CCU and PIO) cannot be accessed in the userland.
Replace the kernel timer with the ARM generic timer on AllwinnerA20,
and remove the implementation for AllwinnerA20 specific timer in the
kernel. So we should have user access to those devices now.
Signed-off-by: Luca (Wei) Chen <wei@cvluca.com>
The platform was the original verification target of seL4 over 10 years
ago and by now there doesn't appear to be any ways to obtain new
hardware.
Currently, the KZM platform is the only ARMv6 platform and supporting it
requires a few work-arounds for emulating mechanisms that newer hardware
supports. Removing this platform also implies removing armv6 support
soon.
Signed-off-by: Kent McLeod <kent@kry10.com>
RISC-V defines the concept of a PLIC, but leaves the details open. The
driver is for the PLIC of the SiFive U54/U74 SOC, which is used on
the HiFive Unleashed/Unmatched and Polarfire board.
Signed-off-by: Axel Heider <axel.heider@hensoldt-cyber.de>
CMake treats any text output that is generated by tools during the
configuration phase as important if it isn't part of a message(STATUS)
command. Output generated by hardware_gen.py often shows up as warnings
about device tree properties that are usually uninformative. Resolving
some of the warning conditions removes these messages for most
platforms.
- Setting kernel_size in hardware.yml to 0x1000 to handle cases where
the kernel only needs the first page of a device that has a
device-tree definition larger than that.
- Remove status print about each Interrupt processed as it's usually not
useful information.
- Only process IRQs for a selected kernel device if the rule for that
device has any interrupt queries. This prevents warnings for IRQ
controllers that the script doesn't know how to process when it
doesn't need to.
Signed-off-by: Kent McLeod <kent@kry10.com>
Add support the i.MX low-power UART. This is available on
chipsets such as i.MX8QXP.
Note: This is a preliminary patch in advance of providing
full support for the i.MX8QXP platform.
Note: getchar is not implemented (current) for this platform.
Signed-off-by: Ben Leslie <benno@brkawy.com>
For 64-bit, this adds a 2nd-level page table for mapping devices using
2MiB frames instead of 1GiB frames.
The boot mapping and hardware header generator have also been fixed to
correctly report the number of large frames needed for devices rather
than only reporting the first. The frame size is also specified
correctly (rather than assuming mapping with 4KiB frames).
This likely fixes an issue whereby only the first 4KiB frame of a device
was reserved but the remaining region of that kernel device could be
mapped at user level.
Signed-off-by: Curtis Millar <curtis.millar@data61.csiro.au>
Fix tk1 smmu cmake config variables.
Fix platforn_gen for tk1.
Add separate hardware.yml for tk1.
Signed-off-by: Oliver Scott <Oliver.Scott@data61.csiro.au>
This commit also converts our own copyright headers to directly use
SPDX, but leaves all other copyright header intact, only adding the
SPDX ident. As far as possible this commit also merges multiple
Data61 copyright statements/headers into one for consistency.
Added support for reading and writing additional virtual timer
registers for vcpu hw read and write accesses. These include the
compare value register (CNTV_CVAL) and offset register (CNTV_OFF),
each represented as two 32 bit (high and low) registers on aarch32 and
as single 64 bit registers on aarch64.
Added support for explicitly saving and restoring the virtual
timer registers when the vcpu is enabled and disabled. This
ensures when the vcpu is switched in and out, the virtual timer
registers are restored to a state that is consistent to when
it was last run.
By default the CNTVOFF register will be updated by the kernel to
accumulate the time the VCPU is not running. From the guest this will
result in the VCNT register not increasing when the VCPU is suspended.
This behavior can be turned off by disabling the
KernelArmVtimerUpdateVOffset config option.
- we're going to switch to mapping the whole address space, excluding
parts used by the kernel, to userspace. We trust the root server anyway,
so giving it extra (possibly invalid) MMIO space just simplifies stuff
on the kernel end.
- drop the hacky true/false/null 'user' flag in favour of a saner
true/false one.
- remove support for 'default' regions. By default we will pass unused
regions through to userspace.
- use gpt, so we can have overflow and compare interrupts at the same
time (epit only allows compare)
- set the gpt to use the ipg_highfreq timer, as the standard ipg is too
low and breaks the timer calculations
The kernel device IRQs and Frame mappings generated by this script will
only come from nodes specified in the seL4,kernel-devices property of
the chosen node. Previously these devices were inferred by the script
but this led to false matching and didn't support easily overriding
which devices to match under different configurations or across
different platforms.
Explicitly specifying which devices from the device tree will be used in
the kernel makes it easier to check which devices the kernel is actually
using and makes it easier to change on a per platform or per
configuration basis.
The DTS compilation was arm platforms only. Moving it to the top level
config file, making it available to RISCV platforms. The generated files
are almost identical with minor differences. A new argument(--arch) is
added to the hardware_gen.py for the differences.
Have added a drivers/serial folder to kernel, where all serial drivers
will be kept. The point is to have the the dts parsed and generate cmake
to include the right uart.c file prefixed with the compatibility.
Have removed all io.c from plat and includes from plat/config.cmake and
updated CHANGES file.
This change fixes support for instances where we have
multiple kernel devices in the same page, or kernel devices
which aren't at page-aligned addresses.
Also use seL4_UserTop to pick the right address to start
putting the kernel device pages.
This adds support for extracting interrupt numbers from DTS
to the hardware header file generator, so that the majority
of the per-platform interrupt listings can be removed.
This change adds infrastructure to automatically generate the
physBase macro, the avail_p_regs array, and the dev_p_regs array
based on a device tree. Platforms can opt-in to using this
by adding DTS files to the KernelDTSList variable.
The Python script uses the hardware.yml file to determine which
devices in the device tree are of interest to the kernel and should
be hidden from userspace and instead mapped into the kernel. Note that
currently the kernel mappings are not (yet) generated, however most
of the infrastructure needed to make that happen is present.
