jenswi-linaro
commented
4 days ago Have you tried using CFG_WITH_LPAE?
Open yemiaobing opened 4 days ago
jenswi-linaro
commented
4 days ago Have you tried using CFG_WITH_LPAE?
etienne-lms
commented
4 days ago Note that physical address 0 is currently reserved in OP-TEE core as an invalid physical address identifier. If you really need OP-TEE to access this memory cell, either as secure memory or as non-secure memory, there are some implementation to modify.
yemiaobing
commented
3 days ago Have you tried using
CFG_WITH_LPAE?
No, I haven't tried LAPE. I changed the return value of the plat_get_aslr_seed function from 0 to 0x80000000, and enabled CFG_CORE_ASLR. The virtual address of the OP-TEE kernel will be added to the physical address by 0x80000000. 0x80000000 is greater than the user space virtual address of 32MiB, so OP-TEE can run. Is this solution correct? The virtual address mapping information printed after changing to 0x80000000 is as follows
D/TC:0 dump_mmap_table:850 type IDENTITY_MAP_RX va 0x00001000..0x00001fff pa 0x00001000..0x00001fff size 0x00001000 (smallpg)
D/TC:0 dump_mmap_table:850 type IO_SEC va 0x7b400000..0x7b4fffff pa 0xa2000000..0xa20fffff size 0x00100000 (pgdir) D/TC:0 dump_mmap_table:850 type IO_NSEC va 0x7b500000..0x7b5fffff pa 0x82800000..0x828fffff size 0x00100000 (pgdir) D/TC:0 dump_mmap_table:850 type TA_RAM va 0x7b600000..0x7bbfffff pa 0x00300000..0x008fffff size 0x00600000 (pgdir) D/TC:0 dump_mmap_table:850 type SHM_VASPACE va 0x7bd00000..0x7dcfffff pa 0x00000000..0x01ffffff size 0x02000000 (pgdir) D/TC:0 dump_mmap_table:850 type RES_VASPACE va 0x7de00000..0x7fdfffff pa 0x00000000..0x01ffffff size 0x02000000 (pgdir) D/TC:0 dump_mmap_table:850 type IO_SEC va 0x7ffba000..0x7ffd9fff pa 0x8ae00000..0x8ae1ffff size 0x00020000 (smallpg) D/TC:0 dump_mmap_table:850 type IO_SEC va 0x7ffda000..0x7ffddfff pa 0x8a800000..0x8a803fff size 0x00004000 (smallpg) D/TC:0 dump_mmap_table:850 type IO_SEC va 0x7ffde000..0x7fffefff pa 0x8a200000..0x8a220fff size 0x00021000 (smallpg) D/TC:0 dump_mmap_table:850 type IO_SEC va 0x7ffff000..0x7fffffff pa 0x89400000..0x89400fff size 0x00001000 (smallpg) D/TC:0 dump_mmap_table:850 type IO_SEC va 0x80000000..0x80000fff pa 0x8200c000..0x8200cfff size 0x00001000 (smallpg) D/TC:0 dump_mmap_table:850 type TEE_RAM_RX va 0x80001000..0x80087fff pa 0x00001000..0x00087fff size 0x00087000 (smallpg) D/TC:0 dump_mmap_table:850 type TEE_RAM_RW va 0x80088000..0x802fffff pa 0x00088000..0x002fffff size 0x00278000 (smallpg)
jenswi-linaro
commented
3 days ago The solution is more of a hack and may break if the aslr seed is treated differently.
jenswi-linaro
commented
3 days ago I noticed that IDENTITY_MAP_RX is inside the user space va range, I expected that some check would catch that.
yemiaobing
commented
3 days ago The solution is more of a hack and may break if the aslr seed is treated differently.
I can limit the ASLR seed to random addresses above 0x80000000
yemiaobing
commented
3 days ago I noticed that
IDENTITY_MAP_RXis inside the user space va range, I expected that some check would catch that.
Yes, I also found the print of "IDENTITY_MAP_RX". I don't know what the memory map "IDENTITY_MAP_RX" is used for, can you explain it to me? Thank you
Hi, I am trying to run OP-TEE on my Cortex-A7 chip. The physical address of the DRAM memory of this chip starts at 0. I set CFG_TEE_LOAD_ADDR to 0x100000 (1MiB). OP-TEE cannot start and panics in init_mem_map.
I found the reason for the crash, because the starting address of OP-TEE's kernel address space cannot be smaller than the user address space. The user address space is defined in the core_mmu_get_user_va_range function (core/arch/arm/mm/core_mmu_v7.c), which is 1MiB ~ 32MiB. The address of the kernel address space is mapped one by one to the physical address. Currently, I put OP-TEE at the physical address of 1MiB (CFG_TEE_LOAD_ADDR is equal to 0x100000), and an error is reported when 1MiB is less than 32MiB. Of course, I can put OP-TEE at the end of the physical memory (greater than 32MiB) to solve this problem. But I still want to ask, in this case, is there any way to make OP-TEE run at an address of 0~32MiB?