Commit Graph

111 Commits

Author SHA1 Message Date
Adrian-Ken Rueegsegger
03929b3cc9 hw_x86_64: Add 64-bit user code and data segments to GDT
The new entries specify a 64-bit code segment with DPL 3 at index 3 and a
64-bit data segment with DPL 3 at index 4.

These segments are needed for transitioning to user mode.
2015-03-27 11:53:19 +01:00
Adrian-Ken Rueegsegger
51d515c77f hw_x86_64: Explicitly set up segment selectors during boot 2015-03-27 11:53:18 +01:00
Adrian-Ken Rueegsegger
65de09c7a6 hw_x86_64: Reserve space for client context pointer
A pointer to the client context is placed in the mt_client_context_ptr area.
It is used to pass the current client context to the lowlevel mode-switching
assembly code.
2015-03-27 11:53:18 +01:00
Adrian-Ken Rueegsegger
4417fe6201 hw_x86_64: Implementation of IA-32e paging
IA-32e paging translates 48-bit linear addresses to 52-bit physical
addresses. Translation structures are hierarchical and four levels deep.
The current implementation supports regular 4KB and 1 GB and 2 MB large
page mappings.

Memory typing is not yet implemented since the encoded type bits depend
on the active page attribute table (PAT)*.

For detailed information refer to Intel SDM Vol. 3A, section 4.5.

* The default PAT after power up does not allow the encoding of the
  write-combining memory type, see Intel SDM Vol. 3A, section 11.12.4.
* Add common IA-32e paging descriptor type:
    The type represents a table entry and encompasses all fields shared by
    paging structure entries of all four levels (PML4, PDPT, PD and PT).
* Simplify PT entry type by using common descriptor:
    Differing fields are the physical address, the global flag and the memory
    type flags.
* Simplify directory entry type by using common descriptor:
    Page directory entries (PDPT and PD) have an additional 'page size' field
    that specifies if the entry references a next level paging structure or
    represents a large page mapping.
* Simplify PML4 entry type by using common descriptor
    Top-level paging structure entries (PML4) do not have a 'pat' flag and the
    memory type is specified by the 'pwt' and 'pcd' fields only.
* Implement access right merging for directory paging entries
    The access rights for translations are determined by the U/S, R/W and XD
    flags. Paging structure entries that reference other tables must provide
    the superset of rights required for all entries of the referenced table.
    Thus merge access rights of new mappings into existing directory entries to
    grant additional rights if needed.
* Add cr3 register definition:
    The control register 3 is used to set the current page-directory base
    register.
* Add cr3 variable to x86_64 Cpu Context
    The variable designates the address of the top-level paging structure.
* Return current cr3 value as translation table base
* Set context cr3 value on translation table assignment
* Implement switch to virtual mode in kernel
    Activate translation table in init_virt_kernel function by updating the
    cr3 register.
* Ignore accessed and dirty flags when comparing existing table entries
    These flags can be set by the MMU and must be disregarded.
2015-03-27 11:53:18 +01:00
Reto Buerki
c7cadf52a6 hw_x86_64: setup ISR and IDT
* Add isr.s assembler file:
    The file declares an array of Interrupt Service Routines (ISR) to handle
    the exception vectors from 0 to 19, see Intel SDM Vol. 3A, section
    6.3.1.
* Add Idt class:
  * The class Genode::Idt represents an Interrupt Descriptor Table as
    specified by Intel SDM Vol. 3A, section 6.10.
  * The setup function initializes the IDT with 20 entries using the ISR
    array defined in the isr.s assembly file.
* Setup and load IDT in Genode::Cpu ctor:
    The Idt::setup function is only executed once on the BSP.
* Declare ISRs for interrupts 20-255
* Set IDT size to 256
2015-03-27 11:53:18 +01:00
Reto Buerki
6e0f1a4466 hw_x86_64: Adjust size of _mt_master_context
The CPU state in IA-32e mode consists of 20 64-bit registers.
2015-03-27 11:53:18 +01:00
Reto Buerki
0f624cdde7 hw_x86_64: Perform indirect long jump to 64-bit code 2015-03-27 11:53:18 +01:00
Reto Buerki
15d0e86592 hw_x86_64: Load Global Descriptor Table register 2015-03-27 11:53:17 +01:00
Reto Buerki
27191b17ce hw_x86_64: Declare Global Descriptor Table (GDT) in .data
The table specifies a 64-bit code segment descriptor at index 1, a
64-bit data segment descriptor at index 2 and a task segment descriptor
at index 3.
2015-03-27 11:53:17 +01:00
Reto Buerki
59bba7624f hw_x86_64: Set system control flags of cr0 register
Enable paging, write protection, caching and native FPU error reporting,
see Intel SDM Vol. 3A, section 2.5.
2015-03-27 11:53:17 +01:00
Reto Buerki
032fc3b190 hw_x86_64: Enable IA-32e mode and execute-disable
Set bits 8 (LME) and 11 (NXE) in the IA32_EFER MSR to enable IA-32e mode
and execute-disable.
2015-03-27 11:53:17 +01:00
Reto Buerki
d23cd7e5ff hw_x86_64: Load initial pagetable address into cr3 2015-03-27 11:53:17 +01:00
Reto Buerki
bafb893a70 hw_x86_64: Declare initial pagetables in .data segment
The table specifies the initial identity mapping for the memory region
from 2 MiB to 4 MiB using one 2 MiB mapping.
2015-03-27 11:53:17 +01:00
Reto Buerki
be430b9648 hw_x86_64: Enable Physical Address Extension (PAE)
This is a prerequisite for IA-32e mode.
2015-03-27 11:53:16 +01:00
Adrian-Ken Rueegsegger
3ad0f06b06 hw: Drop unnecessary include in pd.h 2015-03-27 11:53:16 +01:00
Norman Feske
a974726e26 hw: skeleton for building on x86_64
This patch contains the initial code needed to build and bootstrap the
base-hw kernel on x86 64-bit platforms. It gets stuck earlier
because the binary contains 64-bit instructions, but it is started in
32-bit mode. The initial setup of page tables and switch to long mode is
still missing from the crt0 code.
2015-03-27 11:53:16 +01:00
Stefan Kalkowski
381711dbea hw: extend warning messages to ease debugging
To ease debugging without the need to tweak the kernel every time, and to
support userland developers with useful information this commit extends several
warnings and errors printed by the kernel/core by which thread/application
caused the problem, and what exactly failed.

Fix #1382
Fix #1406
2015-03-27 11:53:13 +01:00
Martin Stein
ff6595f150 hw: enable destruction of IRQ sessions
Implement the missing Irq_session_component destructor.

Fix #1460
2015-03-27 11:53:13 +01:00
Alexander Boettcher
1f8fad8fa1 base: refactor signal_transmitter::submit
Move it to platform specific .cc file, so that it may get re-implemented
platform specifically if needed.

Issue #1446
2015-03-19 09:32:52 +01:00
Martin Stein
d312f840bd hw: error message on unmap on broken RM clients
In the past, unmap sometimes occured on RM clients that have no thread,
PD, or translation table assigned. However, this shouldn't be the
case anymore.

Fixes #504
2015-03-19 08:57:20 +01:00
Stefan Kalkowski
657646e76e hw: adjust core bootstrap to fit generic process
* Introduce hw-specific crt0 for core that calls e.g.: init_main_thread
* re-map core's main thread UTCB to fit the right context area location
* switch core's main thread's stack to fit the right context area location

Fix #1440
2015-03-19 08:57:19 +01:00
Reto Buerki
ebfe3d8ff0 hw: Use mtc_size from Cpu class for mtc::SIZE
This decouples the size of the mode transition control region from the
minimal mapping size of the page tables implementation. Rather, the CPU
architecture is able to specify the actual size.

Rationale: For x86_64, we need the mtc region to span two pages in order
to store all the tables required to perform the mode switch.
2015-03-13 12:17:28 +01:00
Reto Buerki
32521cfd71 hw: Declare mtc_size constant in arm/cpu_support.h
This constant specifies the size of the mode transition control region.
2015-03-13 12:17:28 +01:00
Martin Stein
9737b5d966 tz_vmm: support USB-Armory board
For the USB-Armory, we use a newer version of Linux (3.18) as for the
i.MX53-QSB. The main difference is, that the newer Linux uses a DTB instead of
ATAGs.

Fixes #1422
2015-02-27 11:48:35 +01:00
Martin Stein
be392b3bf9 hw: support USB-Armory board
The USB Armory is almost the same as the i.MX53-QSB but it uses only
one of the two RAM banks available in i.MX53. Furthermore we use the USB
Armory only with Trustzone enabled.

Ref #1422
2015-02-27 11:48:35 +01:00
Stefan Kalkowski
7582396e9c hw_arndale: enable ARM virtualization extensions
* enables world-switch using ARM virtualization extensions
* split TrustZone and virtualization extensions hardly from platforms,
  where it is not used
* extend 'Vm_session' interface to enable configuration of guest-physical memory
* introduce VM destruction syscall
* add virtual machine monitor for hw_arndale that emulates a simplified version
  of ARM's Versatile Express Cortex A15 board for a Linux guest OS

Fixes #1405
2015-02-27 11:48:05 +01:00
Stefan Kalkowski
07c8d1652e hw_arndale: setup ARM hypervisor mode
To enable support of hardware virtualization for ARM on the Arndale board,
the cpu needs to be prepared to enter the non-secure mode, as long as it does
not already run in it. Therefore, especially the interrupt controller and
some TrustZone specific system registers need to be prepared. Moreover,
the exception vector for the hypervisor needs to be set up properly, before
booting normally in the supervisor mode of the non-secure world.

Ref #1405
2015-02-27 11:48:05 +01:00
Stefan Kalkowski
8e2b4d6f45 hw: extend kernel interrupt class
The generalization of interrupt objects in the kernel and the use of
C++ polymorphism instead of explicitely checking for special interrupts
within generic code (Cpu_job::_interrupt) enables the registration of
additional interrupts used by the kernel, which are needed for specific
aspects added to the kernel, like ARM hardware virtualization interrupts.

* Introduce generic base class for interrupt objects handled by the kernel
* Derive an interrupt class for those handled by the user-land
* Implement IPI-specific interrupt class
* Implement timer interrupts using the new generic base class

Ref #1405
2015-02-27 11:43:56 +01:00
Stefan Kalkowski
0836726df2 hw: use one IRQ for all cpus to send IPIs
Until now, one distinct software generated IRQ per cpu was used to
send signals between cpus. As ARM's GIC has 16 software generated
IRQs only, and they need to be partitioned between secure/non-secure
TrustZone world as well as virtual and non-virtual worlds, we should
save them.

Ref #1405
2015-02-27 11:43:56 +01:00
Stefan Kalkowski
a40932a324 hw: refactor irq controllers
* name irq controller memory mapped I/O regions consistently
  in board descriptions
* move irq controller and timer memory mapped I/O region descriptions
  from cpu class to board class
* eliminate artificial distinction between flavors of ARM's GIC
* factor cpu local initialization out of ARM's GIC interface description,
  which is needed if the GIC is initialized differently e.g. for TrustZone

Ref #1405
2015-02-27 11:43:56 +01:00
Martin Stein
3a40c27c26 hw_vea9x4: quickfix slow RAM access
Setting the ACTLR.SMP bit also without SMP support fastens RAM access
significantly. A proper solution would implement SMP support which must enable
the bit anyway.

Fixes #1353
2015-02-17 14:18:16 +01:00
Alexander Boettcher
95ff5ba11d base: support range restriction in allocator
Issue #696
2015-02-16 13:40:38 +01:00
Stefan Kalkowski
322be1b4fb hw: LPAE for Cortex a15 (fix #1387) 2015-02-16 13:40:37 +01:00
Stefan Kalkowski
21fd2fc582 hw: introduce ARM LPAE extension (ref #1387)
This patch adds support for the Large Physical Address Space Extension
for ARM v7.
2015-02-16 13:40:37 +01:00
Stefan Kalkowski
102444b82b hw: remove pointless, wasted memory in pd object
(ref #1387)
2015-02-16 13:40:37 +01:00
Stefan Kalkowski
34f169293f hw: fix page table handling of core (ref #1387)
There might be more then one nested slab allocation.
2015-02-16 13:40:37 +01:00
Martin Stein
5dea0b40aa hw: don't use ARM CPU-state stuff in generic code
Fixes #1404
2015-02-16 13:40:36 +01:00
Martin Stein
63f8a38b5a hw: default boot-modules vpath is generic
Ref #1404
2015-02-16 13:40:36 +01:00
Norman Feske
cb579ec8d7 hw: minor 64-bit fixes 2015-02-16 13:40:36 +01:00
Stefan Kalkowski
a3abf74d1e hw: remove code duplication related to Exynos5 SoC
Fixes #1396
2015-02-16 13:40:36 +01:00
Josef Söntgen
c706b1c0a7 run: modularize run tool 2015-01-26 12:28:40 +01:00
Stefan Kalkowski
901bff813d imx31: remove platform completely (fix #1360) 2015-01-12 14:24:15 +01:00
Martin Stein
9a4a0448be hw vea9x4: remove trustzone support
When building Genode for VEA9X4 as micro-hypervisor protected by the ARM
TrustZone hardware we ran into limitations regarding our basic daily
testing routines. The most significant is that, when speaking about RAM
partitioning, the only available options are to configure the whole SRAM
to be secure and the whole DDR-RAM to be non-secure or vice versa. The
SRAM however provides only 32 MB which isn't enough for both a
representative non-secure guest OS or a secure Genode that is still
capable of passing our basic tests. This initiated our decision to
remove the VEA9X4 TrustZone-support.

Fixes #1351
2015-01-08 13:28:42 +01:00
Martin Stein
be7d5b4827 hw: use context-area base that is ok for VEA9X4-TZ
On VEA9X4-TZ, the context-area overlaps with the virtual area of the
text, data and bss. However, we can't simply change the link address as
the core image (used physically respectively 1:1 mapped) needs to be in
this particular RAM-region as it is the only one that can be protected
against a VM. Thus I've moved the context area to a place where it
shouldn't disturb any HW-platform.

Fixes #1337
2015-01-07 10:41:22 +01:00
Martin Stein
e63092f1dd hw & cortex_a9: fix scheduling-timer speed
The estimation of the input clock of the Cortex A9 Private Timer module
was pretty miserable at every Cortex A9 board.

Fixes #1341
2015-01-06 15:22:07 +01:00
Martin Stein
ba321c20d1 hw vea9x4: let userland timer SP804 0/1 be secure
Declaring the SP804 0/1 module and its interrupt to be non-secure prevents the
secure Genode from receiving the interrupt and hence the timer driver in the
secure Genode doesn't work.

Fixes #1340
2015-01-06 15:16:02 +01:00
Martin Stein
659f6ff5c8 hw_vea9x4: quickfix for missing SMP awareness
This fix configures TTBRs and translation-table descriptors as if we would use
SMP although we don't to circumvent problems with UP-configurations.
This fix should be superseded later by full SMP support for the VEA9X4.

ref #1312
2014-12-19 13:58:49 +01:00
Martin Stein
d31492040c hw: fix race on pager-object dissolve
The HW-kernel, in contrast to other kernels, provides a direct reference
to the pager object with the fault signal that is send to the pager
activation. When accessing this reference directly we may fall into the
time span where the root parent-entrypoint of the faulter has alredy
dissolved the pager object from the pager entrypoint, but not yet
silenced the according signal context.  To avoid this we issue an
additional 'lookup_and_lock' with the received pager object. This isn't
optimal as we don't need the potentially cost-intensive lookup but only the
synchronization.

Fixes #1311.
Fixes #1332.
2014-12-19 13:58:48 +01:00
Martin Stein
d704563453 hw: helping on IPC
On base-hw, each thread owns exactly one scheduling context for its
whole lifetime. However, introducing helping on IPC, a thread might get
executed on scheduling contexts that it doesn't own. Figuratively
spoken, the IPC-helping relation spans trees between threads. These
trees are identical to those of the IPC relation between threads. The
root of such a tree is executed on all scheduling contexts in the tree.
All other threads in the tree are not executed on any scheduling context
as long as they remain in this position. Consequently, the ready-state
of all scheduling contexts in an IPC-helping tree always equals the
state of the root context.

fix #1102
2014-12-19 13:58:47 +01:00
Martin Stein
6370b6880a hw: rename Thread::State SCHEDULED in ACTIVE
As soon as helping is used, a thread may also be in a blocking state when its
scheduling context is ready. Hence, the state designation SCHEDULED for an active
thread would be pretty misleading.

ref #1102
2014-12-19 13:58:47 +01:00