Add PMP infrastructure and management structures

HeatCrab · HeatCrab · commit a333affbb03f · 2025-10-28T10:18:52.000+08:00
Introduces RISC-V Physical Memory Protection (PMP) support for
hardware-enforced memory isolation.

TOR mode is adopted as the addressing scheme for its flexibility in
supporting arbitrary address ranges without alignment requirements,
simplifying region management for task stacks of varying sizes.

Adds CSR definitions for PMP registers, permission encodings, and
hardware constants. Provides structures for region configuration and
state tracking, with priority-based management to handle the 16-region
hardware limit. Includes error codes and functions for region
configuration and access verification.
diff --git a/arch/riscv/csr.h b/arch/riscv/csr.h
@@ -179,3 +179,82 @@
 
 /* Machine Scratch Register - For temporary storage during traps */
 #define CSR_MSCRATCH 0x340
+
+/* PMP Address Registers (pmpaddr0-pmpaddr15) - 16 regions maximum
+ * In TOR (Top-of-Range) mode, these define the upper boundary of each region.
+ * The lower boundary is defined by the previous region's upper boundary.
+ */
+#define CSR_PMPADDR0 0x3b0
+#define CSR_PMPADDR1 0x3b1
+#define CSR_PMPADDR2 0x3b2
+#define CSR_PMPADDR3 0x3b3
+#define CSR_PMPADDR4 0x3b4
+#define CSR_PMPADDR5 0x3b5
+#define CSR_PMPADDR6 0x3b6
+#define CSR_PMPADDR7 0x3b7
+#define CSR_PMPADDR8 0x3b8
+#define CSR_PMPADDR9 0x3b9
+#define CSR_PMPADDR10 0x3ba
+#define CSR_PMPADDR11 0x3bb
+#define CSR_PMPADDR12 0x3bc
+#define CSR_PMPADDR13 0x3bd
+#define CSR_PMPADDR14 0x3be
+#define CSR_PMPADDR15 0x3bf
+
+/* PMP Configuration Registers (pmpcfg0-pmpcfg3)
+ * Each configuration register controls 4 PMP regions (on RV32).
+ * pmpcfg0 controls pmpaddr0-3, pmpcfg1 controls pmpaddr4-7, etc.
+ */
+#define CSR_PMPCFG0 0x3a0
+#define CSR_PMPCFG1 0x3a1
+#define CSR_PMPCFG2 0x3a2
+#define CSR_PMPCFG3 0x3a3
+
+/* PMP Configuration Field Bits (8 bits per region within pmpcfg)
+ * Layout in each byte of pmpcfg:
+ * Bit 7:     L (Lock) - Locks this region until hardware reset
+ * Bits 6-5:  Reserved
+ * Bits 4-3:  A (Address Matching Mode)
+ * Bit 2:     X (Execute permission)
+ * Bit 1:     W (Write permission)
+ * Bit 0:     R (Read permission)
+ */
+
+/* Lock bit: Prevents further modification of this region */
+#define PMPCFG_L (1U << 7)
+
+/* Address Matching Mode (bits 3-4)
+ * Choose TOR mode for no alignment requirements on region sizes, and support
+ * for arbitrary address ranges.
+*/
+#define PMPCFG_A_SHIFT 3
+#define PMPCFG_A_MASK (0x3U << PMPCFG_A_SHIFT)
+#define PMPCFG_A_OFF (0x0U << PMPCFG_A_SHIFT)  /* Null region (disabled) */
+#define PMPCFG_A_TOR (0x1U << PMPCFG_A_SHIFT)  /* Top-of-Range mode */
+
+/* Permission bits */
+#define PMPCFG_X (1U << 2) /* Execute permission */
+#define PMPCFG_W (1U << 1) /* Write permission */
+#define PMPCFG_R (1U << 0) /* Read permission */
+
+/* Common permission combinations */
+#define PMPCFG_PERM_NONE (0x0U)                           /* No access */
+#define PMPCFG_PERM_R (PMPCFG_R)                          /* Read-only */
+#define PMPCFG_PERM_RW (PMPCFG_R | PMPCFG_W)              /* Read-Write */
+#define PMPCFG_PERM_X (PMPCFG_X)                          /* Execute-only */
+#define PMPCFG_PERM_RX (PMPCFG_R | PMPCFG_X)              /* Read-Execute */
+#define PMPCFG_PERM_RWX (PMPCFG_R | PMPCFG_W | PMPCFG_X)  /* All access */
+
+/* Utility macros for PMP configuration manipulation */
+
+/* Extract PMP address matching mode */
+#define PMPCFG_GET_A(cfg) (((cfg) & PMPCFG_A_MASK) >> PMPCFG_A_SHIFT)
+
+/* Extract permission bits from configuration byte */
+#define PMPCFG_GET_PERM(cfg) ((cfg) & (PMPCFG_R | PMPCFG_W | PMPCFG_X))
+
+/* Check if region is locked */
+#define PMPCFG_IS_LOCKED(cfg) (((cfg) & PMPCFG_L) != 0)
+
+/* Check if region is enabled (address mode is not OFF) */
+#define PMPCFG_IS_ENABLED(cfg) (PMPCFG_GET_A(cfg) != PMPCFG_A_OFF)
diff --git a/arch/riscv/hal.h b/arch/riscv/hal.h
@@ -110,3 +110,8 @@ void hal_cpu_idle(void);
 
 /* Default stack size for new tasks if not otherwise specified */
 #define DEFAULT_STACK_SIZE 4096
+
+/* Physical Memory Protection (PMP) region limit constants */
+#define PMP_MAX_REGIONS 16     /* RISC-V supports 16 PMP regions */
+#define PMP_TOR_PAIRS 8        /* In TOR mode, 16 regions = 8 pairs (uses 2 addrs each) */
+#define MIN_PMP_REGION_SIZE 4  /* Minimum addressable size in TOR mode (4 bytes) */
diff --git a/arch/riscv/pmp.h b/arch/riscv/pmp.h
@@ -0,0 +1,88 @@
+/* RISC-V Physical Memory Protection (PMP) Hardware Layer
+ *
+ * Low-level interface to RISC-V PMP using TOR (Top-of-Range) mode for
+ * flexible region management without alignment constraints.
+ */
+
+#pragma once
+
+#include <types.h>
+
+/* PMP Region Priority Levels (lower value = higher priority)
+ *
+ * Used for eviction decisions when hardware PMP regions are exhausted.
+ */
+typedef enum {
+    PMP_PRIORITY_KERNEL = 0,
+    PMP_PRIORITY_STACK = 1,
+    PMP_PRIORITY_SHARED = 2,
+    PMP_PRIORITY_TEMPORARY = 3,
+    PMP_PRIORITY_COUNT = 4
+} pmp_priority_t;
+
+/* PMP Region Configuration */
+typedef struct {
+    uint32_t addr_start;     /* Start address (inclusive) */
+    uint32_t addr_end;       /* End address (exclusive, written to pmpaddr) */
+    uint8_t permissions;     /* R/W/X bits (PMPCFG_R | PMPCFG_W | PMPCFG_X) */
+    pmp_priority_t priority; /* Eviction priority */
+    uint8_t region_id;       /* Hardware region index (0-15) */
+    uint8_t locked;          /* Lock bit (cannot modify until reset) */
+} pmp_region_t;
+
+/* PMP Global State */
+typedef struct {
+    pmp_region_t regions[PMP_MAX_REGIONS]; /* Shadow of hardware config */
+    uint8_t region_count;                  /* Active region count */
+    uint8_t next_region_idx;               /* Next free region index */
+    uint32_t initialized;                  /* Initialization flag */
+} pmp_config_t;
+
+/* PMP Management Functions */
+
+/* Initializes the PMP hardware and configuration state.
+ * @config : Pointer to pmp_config_t structure to be initialized.
+ * Returns 0 on success, or negative error code on failure.
+ */
+int32_t pmp_init(pmp_config_t *config);
+
+/* Configures a single PMP region in TOR mode.
+ * @config : Pointer to PMP configuration state
+ * @region : Pointer to pmp_region_t structure with desired configuration
+ * Returns 0 on success, or negative error code on failure.
+ */
+int32_t pmp_set_region(pmp_config_t *config, const pmp_region_t *region);
+
+/* Reads the current configuration of a PMP region.
+ * @config : Pointer to PMP configuration state
+ * @region_idx : Index of the region to read (0-15)
+ * @region : Pointer to pmp_region_t to store the result
+ * Returns 0 on success, or negative error code on failure.
+ */
+int32_t pmp_get_region(const pmp_config_t *config, uint8_t region_idx,
+                       pmp_region_t *region);
+
+/* Disables a PMP region.
+ * @config : Pointer to PMP configuration state
+ * @region_idx : Index of the region to disable (0-15)
+ * Returns 0 on success, or negative error code on failure.
+ */
+int32_t pmp_disable_region(pmp_config_t *config, uint8_t region_idx);
+
+/* Locks a PMP region to prevent further modification.
+ * @config : Pointer to PMP configuration state
+ * @region_idx : Index of the region to lock (0-15)
+ * Returns 0 on success, or negative error code on failure.
+ */
+int32_t pmp_lock_region(pmp_config_t *config, uint8_t region_idx);
+
+/* Verifies that a memory access is allowed by the current PMP configuration.
+ * @config : Pointer to PMP configuration state
+ * @addr : Address to check
+ * @size : Size of the access in bytes
+ * @is_write : 1 for write access, 0 for read access
+ * @is_execute : 1 for execute access, 0 for data access
+ * Returns 1 if access is allowed, 0 if denied, or negative error code.
+ */
+int32_t pmp_check_access(const pmp_config_t *config, uint32_t addr,
+                         uint32_t size, uint8_t is_write, uint8_t is_execute);
diff --git a/include/private/error.h b/include/private/error.h
@@ -29,6 +29,14 @@ enum {
     ERR_STACK_CHECK, /* Stack overflow or corruption detected */
     ERR_HEAP_CORRUPT, /* Heap corruption or invalid free detected */
 
+    /* PMP Configuration Errors */
+    ERR_PMP_INVALID_REGION, /* Invalid PMP region parameters */
+    ERR_PMP_NO_REGIONS,     /* No free PMP regions available */
+    ERR_PMP_LOCKED,         /* Region is locked by higher priority */
+    ERR_PMP_SIZE_MISMATCH,  /* Size doesn't meet alignment requirements */
+    ERR_PMP_ADDR_RANGE,     /* Address range is invalid */
+    ERR_PMP_NOT_INIT,       /* PMP not initialized */
+
     /* IPC and Synchronization Errors */
     ERR_PIPE_ALLOC,    /* Pipe allocation failed */
     ERR_PIPE_DEALLOC,  /* Pipe deallocation failed */
