lib: sbi: Extend sbi_hsm_hart_start() for domains

The sbi_hsm_hart_start() should consider the domain under which we
are trying to start the HART. This will help ensure that HART A can
start HART B only if both HARTs A and B belong to the same domain.

We also have a special case when we bring-up boot HART of non-root
domains in sbi_domain_finalize() where we should skip domain checks
in sbi_hsm_hart_start(). To achieve this, sbi_hsm_hart_start() should
do domain checks only when domain parameter is non-NULL.

This patch extends sbi_hsm_hart_start() as-per above.

Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>

3 files changed, 16 insertions, 13 deletions

diff --git a/lib/sbi/sbi_domain.c b/lib/sbi/sbi_domain.c
index 86dfefd..9bde5fb 100644
--- a/lib/sbi/sbi_domain.c
+++ b/lib/sbi/sbi_domain.c
@@ -324,8 +324,10 @@ int sbi_domain_finalize(struct sbi_scratch *scratch, u32 cold_hartid)
 			scratch->next_mode = dom->next_mode;
 			scratch->next_arg1 = dom->next_arg1;
 		} else {
-			rc = sbi_hsm_hart_start(scratch, dhart, dom->next_addr,
-					dom->next_mode, dom->next_arg1);
+			rc = sbi_hsm_hart_start(scratch, NULL, dhart,
+						dom->next_addr,
+						dom->next_mode,
+						dom->next_arg1);
 			if (rc)
 				return rc;
 		}
diff --git a/lib/sbi/sbi_ecall_hsm.c b/lib/sbi/sbi_ecall_hsm.c
index 3698a41..376740c 100644
--- a/lib/sbi/sbi_ecall_hsm.c
+++ b/lib/sbi/sbi_ecall_hsm.c
@@ -28,8 +28,8 @@ static int sbi_ecall_hsm_handler(unsigned long extid, unsigned long funcid,
 	case SBI_EXT_HSM_HART_START:
 		smode = csr_read(CSR_MSTATUS);
 		smode = (smode & MSTATUS_MPP) >> MSTATUS_MPP_SHIFT;
-		ret = sbi_hsm_hart_start(scratch, args[0], args[1],
-					 smode, args[2]);
+		ret = sbi_hsm_hart_start(scratch, sbi_domain_thishart_ptr(),
+					 args[0], args[1], smode, args[2]);
 		break;
 	case SBI_EXT_HSM_HART_STOP:
 		ret = sbi_hsm_hart_stop(scratch, TRUE);
diff --git a/lib/sbi/sbi_hsm.c b/lib/sbi/sbi_hsm.c
index 65e7f3d..8121efb 100644
--- a/lib/sbi/sbi_hsm.c
+++ b/lib/sbi/sbi_hsm.c
@@ -205,17 +205,23 @@ fail_exit:
 	sbi_hart_hang();
 }
 
-int sbi_hsm_hart_start(struct sbi_scratch *scratch, u32 hartid,
-		       ulong saddr, ulong smode, ulong priv)
+int sbi_hsm_hart_start(struct sbi_scratch *scratch,
+		       const struct sbi_domain *dom,
+		       u32 hartid, ulong saddr, ulong smode, ulong priv)
 {
-	int rc;
 	unsigned long init_count;
 	unsigned int hstate;
 	struct sbi_scratch *rscratch;
 	struct sbi_hsm_data *hdata;
 	const struct sbi_platform *plat = sbi_platform_ptr(scratch);
 
-	if (smode != PRV_M && smode != PRV_S && smode != PRV_U)
+	/* For now, we only allow start mode to be S-mode or U-mode. */
+	if (smode != PRV_S && smode != PRV_U)
+		return SBI_EINVAL;
+	if (dom && !sbi_domain_is_assigned_hart(dom, hartid))
+		return SBI_EINVAL;
+	if (dom && !sbi_domain_check_addr(dom, saddr, smode,
+					  SBI_DOMAIN_EXECUTE))
 		return SBI_EINVAL;
 
 	rscratch = sbi_hartid_to_scratch(hartid);
@@ -234,11 +240,6 @@ int sbi_hsm_hart_start(struct sbi_scratch *scratch, u32 hartid,
 	if (hstate != SBI_HART_STOPPED)
 		return SBI_EINVAL;
 
-	rc = sbi_hart_pmp_check_addr(scratch, saddr, smode, PMP_X);
-	if (rc)
-		return rc;
-	//TODO: We also need to check saddr for valid physical address as well.
-
 	init_count = sbi_init_count(hartid);
 	rscratch->next_arg1 = priv;
 	rscratch->next_addr = saddr;