Fiasco.oc & trustzone
adam at os.inf.tu-dresden.de
Sat Sep 15 00:34:29 CEST 2012
On Fri Sep 14, 2012 at 12:37:41 +0400, Nikolay Golikov wrote:
> 2012/9/14 Adam Lackorzynski <adam at os.inf.tu-dresden.de>:
> > On Thu Sep 13, 2012 at 13:09:52 +0400, Nikolay Golikov wrote:
> >> Yes, I found it. Is that tested on real hw? If I understand correctly,
> >> it shouldn't work. Because it use l4sigma0_map_iomem for mapping
> >> memory region to vmm's address space.
> > It assumes a different approach for getting memory to the ns side.
> > Initially bootstrap is configured to only uses a part of the memory so
> > that the other part can be used for the ns side. From the point of view
> > of the vmm this is 'iomem' because it's not ram. However, getting ram
> > for the vmm shall also work via a dataspace.
> Now I get strange error:
> In bootstrap I define region for ns ram as Region::Arch.
> SIGMA0: Dump of all resource maps
> But on
> int err = l4sigma0_map_iomem(_sigma0.cap(), Ram_base, Ram_base, size, 1);
> (Ram_base = 0x80000000, size = 0x4000000)
> I have an error:
> TZ-VMM | L4Re[rm]: unhandled read page fault @8858a820 pc=8858a820
> TZ-VMM | L4Re: unhandled exception: pc=0x8858a820
> Before it mapping for aisptz works normally:
> l4sigma0_map_iomem(_sigma0.cap(), _base, _base, AISPTZ_SIZE, 1)
> (_base = 0x53F00000)
In your l4sigma0_map_iomem calls you are doing identity mappings, i.e.
you must make sure that the address space in your task is free from
0x80000000 - 0xbffffff and 0x53F00000 - 0x53F00000 + AISPTZ_SIZE - 1
The latter is likely to be free by luck, however, from 2gb to 3gb
there's for example the stack of your program, which you destroy by
doing the sigma0-map call. Consequently the program misbehaves, here
with a page-fault.
For getting access to device registers io should be used, for example via
l4io_request_iomem(). Mapping device registers cached is probably also
not wanted. In your case doing some special with l4sigma0_map_iomem, you
must reserve free space in your virtual address space via
l4re_rm_reserve_area / L4Re::Rm::reserve_area and map the memory to the
location returned by reserve_area.
Adam adam at os.inf.tu-dresden.de
More information about the l4-hackers