From d4167fea60c9a77b3c8814476a3ff4ef1cbaa3ed Mon Sep 17 00:00:00 2001 From: "nilesh.kale" Date: Fri, 16 May 2025 12:12:35 +0530 Subject: [PATCH] feat(esp_hw_support): Enabled support for memory region protection for H21 This commit enabled CPU region protection for ESP32H21. This alos updated strture for ESP32C6 and ESP32H2. --- .../port/esp32c6/cpu_region_protect.c | 67 +++--- .../port/esp32h2/cpu_region_protect.c | 73 +++---- .../port/esp32h21/cpu_region_protect.c | 190 +++++++++++++++++- tools/test_apps/system/panic/pytest_panic.py | 127 +++++++----- .../panic/sdkconfig.ci.memprot_esp32h21 | 8 + 5 files changed, 338 insertions(+), 127 deletions(-) create mode 100644 tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32h21 diff --git a/components/esp_hw_support/port/esp32c6/cpu_region_protect.c b/components/esp_hw_support/port/esp32c6/cpu_region_protect.c index 512fe08ae2..07411272b5 100644 --- a/components/esp_hw_support/port/esp32c6/cpu_region_protect.c +++ b/components/esp_hw_support/port/esp32c6/cpu_region_protect.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -142,27 +142,27 @@ void esp_cpu_configure_region_protection(void) // Anti-FI check that cpu is really in ocd mode ESP_FAULT_ASSERT(esp_cpu_dbgr_is_attached()); - // 5. IRAM and DRAM - const uint32_t pmpaddr5 = PMPADDR_NAPOT(SOC_IRAM_LOW, SOC_IRAM_HIGH); - PMP_ENTRY_SET(5, pmpaddr5, PMP_NAPOT | RWX); + // 3. IRAM and DRAM + const uint32_t pmpaddr3 = PMPADDR_NAPOT(SOC_IRAM_LOW, SOC_IRAM_HIGH); + PMP_ENTRY_SET(3, pmpaddr3, PMP_NAPOT | RWX); _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region"); } else { #if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD extern int _iram_text_end; - // 5. IRAM and DRAM + // 3. IRAM and DRAM /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits * Bootloader might have given extra permissions and those won't be cleared */ + PMP_ENTRY_CFG_RESET(3); + PMP_ENTRY_CFG_RESET(4); PMP_ENTRY_CFG_RESET(5); - PMP_ENTRY_CFG_RESET(6); - PMP_ENTRY_CFG_RESET(7); - PMP_ENTRY_SET(5, SOC_IRAM_LOW, NONE); - PMP_ENTRY_SET(6, (int)&_iram_text_end, PMP_TOR | RX); - PMP_ENTRY_SET(7, SOC_DRAM_HIGH, PMP_TOR | RW); + PMP_ENTRY_SET(3, SOC_IRAM_LOW, NONE); + PMP_ENTRY_SET(4, (int)&_iram_text_end, PMP_TOR | RX); + PMP_ENTRY_SET(5, SOC_DRAM_HIGH, PMP_TOR | RW); #else - // 5. IRAM and DRAM - const uint32_t pmpaddr5 = PMPADDR_NAPOT(SOC_IRAM_LOW, SOC_IRAM_HIGH); - PMP_ENTRY_SET(5, pmpaddr5, PMP_NAPOT | CONDITIONAL_RWX); + // 3. IRAM and DRAM + const uint32_t pmpaddr3 = PMPADDR_NAPOT(SOC_IRAM_LOW, SOC_IRAM_HIGH); + PMP_ENTRY_SET(3, pmpaddr3, PMP_NAPOT | CONDITIONAL_RWX); _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region"); #endif } @@ -175,49 +175,48 @@ void esp_cpu_configure_region_protection(void) const uint32_t drom_resv_end = ALIGN_UP_TO_MMU_PAGE_SIZE((uint32_t)(&_rodata_reserved_end)); // 4. I_Cache / D_Cache (flash) + PMP_ENTRY_CFG_RESET(6); + PMP_ENTRY_CFG_RESET(7); PMP_ENTRY_CFG_RESET(8); - PMP_ENTRY_CFG_RESET(9); - PMP_ENTRY_CFG_RESET(10); - PMP_ENTRY_SET(8, SOC_IROM_LOW, NONE); - PMP_ENTRY_SET(9, irom_resv_end, PMP_TOR | RX); - PMP_ENTRY_SET(10, drom_resv_end, PMP_TOR | R); + PMP_ENTRY_SET(6, SOC_IROM_LOW, NONE); + PMP_ENTRY_SET(7, irom_resv_end, PMP_TOR | RX); + PMP_ENTRY_SET(8, drom_resv_end, PMP_TOR | R); #else // 4. I_Cache / D_Cache (flash) - const uint32_t pmpaddr8 = PMPADDR_NAPOT(SOC_IROM_LOW, SOC_IROM_HIGH); - PMP_ENTRY_SET(8, pmpaddr8, PMP_NAPOT | CONDITIONAL_RX); + const uint32_t pmpaddr6 = PMPADDR_NAPOT(SOC_IROM_LOW, SOC_IROM_HIGH); + PMP_ENTRY_SET(6, pmpaddr6, PMP_NAPOT | CONDITIONAL_RX); _Static_assert(SOC_IROM_LOW < SOC_IROM_HIGH, "Invalid I/D_Cache region"); #endif - // 6. LP memory + // 5. LP memory #if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD extern int _rtc_text_start; extern int _rtc_text_end; /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits * Bootloader might have given extra permissions and those won't be cleared */ + PMP_ENTRY_CFG_RESET(9); + PMP_ENTRY_CFG_RESET(10); PMP_ENTRY_CFG_RESET(11); PMP_ENTRY_CFG_RESET(12); - PMP_ENTRY_CFG_RESET(13); - PMP_ENTRY_CFG_RESET(14); - PMP_ENTRY_SET(11, SOC_RTC_IRAM_LOW, NONE); + PMP_ENTRY_SET(9, SOC_RTC_IRAM_LOW, NONE); // First part of LP mem is reserved for ULP coprocessor #if CONFIG_ESP_SYSTEM_PMP_LP_CORE_RESERVE_MEM_EXECUTABLE - PMP_ENTRY_SET(12, (int)&_rtc_text_start, PMP_TOR | RWX); + PMP_ENTRY_SET(10, (int)&_rtc_text_start, PMP_TOR | RWX); #else - PMP_ENTRY_SET(12, (int)&_rtc_text_start, PMP_TOR | RW); + PMP_ENTRY_SET(10, (int)&_rtc_text_start, PMP_TOR | RW); #endif - PMP_ENTRY_SET(13, (int)&_rtc_text_end, PMP_TOR | RX); - PMP_ENTRY_SET(14, SOC_RTC_IRAM_HIGH, PMP_TOR | RW); + PMP_ENTRY_SET(11, (int)&_rtc_text_end, PMP_TOR | RX); + PMP_ENTRY_SET(12, SOC_RTC_IRAM_HIGH, PMP_TOR | RW); #else - const uint32_t pmpaddr11 = PMPADDR_NAPOT(SOC_RTC_IRAM_LOW, SOC_RTC_IRAM_HIGH); - PMP_ENTRY_SET(11, pmpaddr11, PMP_NAPOT | CONDITIONAL_RWX); + const uint32_t pmpaddr9 = PMPADDR_NAPOT(SOC_RTC_IRAM_LOW, SOC_RTC_IRAM_HIGH); + PMP_ENTRY_SET(9, pmpaddr9, PMP_NAPOT | CONDITIONAL_RWX); _Static_assert(SOC_RTC_IRAM_LOW < SOC_RTC_IRAM_HIGH, "Invalid RTC IRAM region"); #endif - - // 7. Peripheral addresses - const uint32_t pmpaddr15 = PMPADDR_NAPOT(SOC_PERIPHERAL_LOW, SOC_PERIPHERAL_HIGH); - PMP_ENTRY_SET(15, pmpaddr15, PMP_NAPOT | RW); + // 6. Peripheral addresses + const uint32_t pmpaddr13 = PMPADDR_NAPOT(SOC_PERIPHERAL_LOW, SOC_PERIPHERAL_HIGH); + PMP_ENTRY_SET(13, pmpaddr13, PMP_NAPOT | RW); _Static_assert(SOC_PERIPHERAL_LOW < SOC_PERIPHERAL_HIGH, "Invalid peripheral region"); } diff --git a/components/esp_hw_support/port/esp32h2/cpu_region_protect.c b/components/esp_hw_support/port/esp32h2/cpu_region_protect.c index 338f421378..de5a3acd1e 100644 --- a/components/esp_hw_support/port/esp32h2/cpu_region_protect.c +++ b/components/esp_hw_support/port/esp32h2/cpu_region_protect.c @@ -129,36 +129,36 @@ void esp_cpu_configure_region_protection(void) PMP_ENTRY_SET(0, pmpaddr0, PMP_NAPOT | RWX); _Static_assert(SOC_CPU_SUBSYSTEM_LOW < SOC_CPU_SUBSYSTEM_HIGH, "Invalid CPU subsystem region"); - // 2.1 I/D-ROM - PMP_ENTRY_SET(1, SOC_IROM_MASK_LOW, NONE); - PMP_ENTRY_SET(2, SOC_IROM_MASK_HIGH, PMP_TOR | RX); + // 2. I/D-ROM + const uint32_t pmpaddr1 = PMPADDR_NAPOT(SOC_IROM_MASK_LOW, SOC_IROM_MASK_HIGH); + PMP_ENTRY_SET(1, pmpaddr1, PMP_NAPOT | RX); _Static_assert(SOC_IROM_MASK_LOW < SOC_IROM_MASK_HIGH, "Invalid I/D-ROM region"); if (esp_cpu_dbgr_is_attached()) { // Anti-FI check that cpu is really in ocd mode ESP_FAULT_ASSERT(esp_cpu_dbgr_is_attached()); - // 5. IRAM and DRAM - PMP_ENTRY_SET(5, SOC_IRAM_LOW, NONE); - PMP_ENTRY_SET(6, SOC_IRAM_HIGH, PMP_TOR | RWX); + // 3. IRAM and DRAM + PMP_ENTRY_SET(2, SOC_IRAM_LOW, NONE); + PMP_ENTRY_SET(3, SOC_IRAM_HIGH, PMP_TOR | RWX); _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region"); } else { #if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD extern int _iram_text_end; - // 5. IRAM and DRAM + // 3. IRAM and DRAM /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits * Bootloader might have given extra permissions and those won't be cleared */ - PMP_ENTRY_CFG_RESET(5); - PMP_ENTRY_CFG_RESET(6); - PMP_ENTRY_CFG_RESET(7); - PMP_ENTRY_SET(5, SOC_IRAM_LOW, NONE); - PMP_ENTRY_SET(6, (int)&_iram_text_end, PMP_TOR | RX); - PMP_ENTRY_SET(7, SOC_DRAM_HIGH, PMP_TOR | RW); + PMP_ENTRY_CFG_RESET(2); + PMP_ENTRY_CFG_RESET(3); + PMP_ENTRY_CFG_RESET(4); + PMP_ENTRY_SET(2, SOC_IRAM_LOW, NONE); + PMP_ENTRY_SET(3, (int)&_iram_text_end, PMP_TOR | RX); + PMP_ENTRY_SET(4, SOC_DRAM_HIGH, PMP_TOR | RW); #else - // 5. IRAM and DRAM - PMP_ENTRY_SET(5, SOC_IRAM_LOW, CONDITIONAL_NONE); - PMP_ENTRY_SET(6, SOC_IRAM_HIGH, PMP_TOR | CONDITIONAL_RWX); + // 3. IRAM and DRAM + PMP_ENTRY_SET(2, SOC_IRAM_LOW, CONDITIONAL_NONE); + PMP_ENTRY_SET(3, SOC_IRAM_HIGH, PMP_TOR | CONDITIONAL_RWX); _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region"); #endif } @@ -171,39 +171,40 @@ void esp_cpu_configure_region_protection(void) const uint32_t drom_resv_end = ALIGN_UP_TO_MMU_PAGE_SIZE((uint32_t)(&_rodata_reserved_end)); // 4. I_Cache / D_Cache (flash) - PMP_ENTRY_CFG_RESET(8); - PMP_ENTRY_CFG_RESET(9); - PMP_ENTRY_CFG_RESET(10); - PMP_ENTRY_SET(8, SOC_IROM_LOW, NONE); - PMP_ENTRY_SET(9, irom_resv_end, PMP_TOR | RX); - PMP_ENTRY_SET(10, drom_resv_end, PMP_TOR | R); + PMP_ENTRY_CFG_RESET(5); + PMP_ENTRY_CFG_RESET(6); + PMP_ENTRY_CFG_RESET(7); + PMP_ENTRY_SET(5, SOC_IROM_LOW, NONE); + PMP_ENTRY_SET(6, irom_resv_end, PMP_TOR | RX); + PMP_ENTRY_SET(7, drom_resv_end, PMP_TOR | R); #else // 4. I_Cache / D_Cache (flash) - const uint32_t pmpaddr8 = PMPADDR_NAPOT(SOC_IROM_LOW, SOC_IROM_HIGH); - PMP_ENTRY_SET(8, pmpaddr8, PMP_NAPOT | CONDITIONAL_RX); + const uint32_t pmpaddr5 = PMPADDR_NAPOT(SOC_IROM_LOW, SOC_IROM_HIGH); + PMP_ENTRY_SET(5, pmpaddr5, PMP_NAPOT | CONDITIONAL_RX); _Static_assert(SOC_IROM_LOW < SOC_IROM_HIGH, "Invalid I/D_Cache region"); #endif - // 6. LP memory + // 5. LP memory #if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD extern int _rtc_text_end; /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits * Bootloader might have given extra permissions and those won't be cleared */ - PMP_ENTRY_CFG_RESET(11); - PMP_ENTRY_CFG_RESET(12); - PMP_ENTRY_CFG_RESET(13); - PMP_ENTRY_SET(11, SOC_RTC_IRAM_LOW, NONE); - PMP_ENTRY_SET(12, (int)&_rtc_text_end, PMP_TOR | RX); - PMP_ENTRY_SET(13, SOC_RTC_IRAM_HIGH, PMP_TOR | RW); + PMP_ENTRY_CFG_RESET(8); + PMP_ENTRY_CFG_RESET(9); + PMP_ENTRY_CFG_RESET(10); + PMP_ENTRY_SET(8, SOC_RTC_IRAM_LOW, NONE); + PMP_ENTRY_SET(9, (int)&_rtc_text_end, PMP_TOR | RX); + PMP_ENTRY_SET(10, SOC_RTC_IRAM_HIGH, PMP_TOR | RW); #else - const uint32_t pmpaddr11 = PMPADDR_NAPOT(SOC_RTC_IRAM_LOW, SOC_RTC_IRAM_HIGH); - PMP_ENTRY_SET(11, pmpaddr11, PMP_NAPOT | CONDITIONAL_RWX); + const uint32_t pmpaddr8 = PMPADDR_NAPOT(SOC_RTC_IRAM_LOW, SOC_RTC_IRAM_HIGH); + PMP_ENTRY_SET(8, pmpaddr8, PMP_NAPOT | CONDITIONAL_RWX); _Static_assert(SOC_RTC_IRAM_LOW < SOC_RTC_IRAM_HIGH, "Invalid RTC IRAM region"); #endif - // 7. Peripheral addresses - const uint32_t pmpaddr14 = PMPADDR_NAPOT(SOC_PERIPHERAL_LOW, SOC_PERIPHERAL_HIGH); - PMP_ENTRY_SET(14, pmpaddr14, PMP_NAPOT | RW); + // 6. Peripheral addresses + PMP_ENTRY_CFG_RESET(11); + const uint32_t pmpaddr11 = PMPADDR_NAPOT(SOC_PERIPHERAL_LOW, SOC_PERIPHERAL_HIGH); + PMP_ENTRY_SET(11, pmpaddr11, PMP_NAPOT | RW); _Static_assert(SOC_PERIPHERAL_LOW < SOC_PERIPHERAL_HIGH, "Invalid peripheral region"); } diff --git a/components/esp_hw_support/port/esp32h21/cpu_region_protect.c b/components/esp_hw_support/port/esp32h21/cpu_region_protect.c index 805873d714..ff2e82a166 100644 --- a/components/esp_hw_support/port/esp32h21/cpu_region_protect.c +++ b/components/esp_hw_support/port/esp32h21/cpu_region_protect.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -10,7 +10,193 @@ #include "esp_cpu.h" #include "esp_fault.h" +#ifdef BOOTLOADER_BUILD +// Without L bit set +#define CONDITIONAL_NONE 0x0 +#define CONDITIONAL_R PMP_R +#define CONDITIONAL_RX PMP_R | PMP_X +#define CONDITIONAL_RW PMP_R | PMP_W +#define CONDITIONAL_RWX PMP_R | PMP_W | PMP_X +#else +// With L bit set +#define CONDITIONAL_NONE NONE +#define CONDITIONAL_R R +#define CONDITIONAL_RX RX +#define CONDITIONAL_RW RW +#define CONDITIONAL_RWX RWX +#endif + +#define ALIGN_UP_TO_MMU_PAGE_SIZE(addr) (((addr) + (SOC_MMU_PAGE_SIZE) - 1) & ~((SOC_MMU_PAGE_SIZE) - 1)) +#define ALIGN_DOWN_TO_MMU_PAGE_SIZE(addr) ((addr) & ~((SOC_MMU_PAGE_SIZE) - 1)) + +static void esp_cpu_configure_invalid_regions(void) +{ + const unsigned PMA_NONE = PMA_L | PMA_EN; + __attribute__((unused)) const unsigned PMA_RW = PMA_L | PMA_EN | PMA_R | PMA_W; + __attribute__((unused)) const unsigned PMA_RX = PMA_L | PMA_EN | PMA_R | PMA_X; + __attribute__((unused)) const unsigned PMA_RWX = PMA_L | PMA_EN | PMA_R | PMA_W | PMA_X; + + // 1. Gap at bottom of address space + PMA_RESET_AND_ENTRY_SET_NAPOT(0, 0, SOC_CPU_SUBSYSTEM_LOW, PMA_NAPOT | PMA_NONE); + + // 2. Gap between CPU subsystem region & IROM + PMA_RESET_AND_ENTRY_SET_TOR(1, SOC_CPU_SUBSYSTEM_HIGH, PMA_NONE); + PMA_RESET_AND_ENTRY_SET_TOR(2, SOC_IROM_MASK_LOW, PMA_TOR | PMA_NONE); + + // 3. Gap between ROM & RAM + PMA_RESET_AND_ENTRY_SET_TOR(3, SOC_DROM_MASK_HIGH, PMA_NONE); + PMA_RESET_AND_ENTRY_SET_TOR(4, SOC_IRAM_LOW, PMA_TOR | PMA_NONE); + + // 4. Gap between DRAM and I_Cache + PMA_RESET_AND_ENTRY_SET_TOR(5, SOC_IRAM_HIGH, PMA_NONE); + PMA_RESET_AND_ENTRY_SET_TOR(6, SOC_IROM_LOW, PMA_TOR | PMA_NONE); + + // 5. Gap between D_Cache & LP_RAM + PMA_RESET_AND_ENTRY_SET_TOR(7, SOC_DROM_HIGH, PMA_NONE); + PMA_RESET_AND_ENTRY_SET_TOR(8, SOC_RTC_IRAM_LOW, PMA_TOR | PMA_NONE); + + // 6. Gap between LP memory & peripheral addresses + PMA_RESET_AND_ENTRY_SET_TOR(9, SOC_RTC_IRAM_HIGH, PMA_NONE); + PMA_RESET_AND_ENTRY_SET_TOR(10, SOC_PERIPHERAL_LOW, PMA_TOR | PMA_NONE); + + // 7. End of address space + PMA_RESET_AND_ENTRY_SET_TOR(11, SOC_PERIPHERAL_HIGH, PMA_NONE); + PMA_RESET_AND_ENTRY_SET_TOR(12, UINT32_MAX, PMA_TOR | PMA_NONE); +} + void esp_cpu_configure_region_protection(void) { - //TODO: [ESP32H21] IDF-11917 + /* Notes on implementation: + * + * 1) Note: ESP32-H21 CPU doesn't support overlapping PMP regions + * + * 2) ESP32-H21 supports 16 PMA regions so we use this feature to block all the invalid address ranges + * + * 3) We use combination of NAPOT (Naturally Aligned Power Of Two) and TOR (top of range) + * entries to map all the valid address space, bottom to top. This leaves us with some extra PMP entries + * which can be used to provide more granular access + * + * 4) Entries are grouped in order with some static asserts to try and verify everything is + * correct. + */ + + /* There are 4 configuration scenarios for SRAM + * + * 1. Bootloader build: + * - We cannot set the lock bit as we need to reconfigure it again for the application. + * We configure PMP to cover entire valid IRAM and DRAM range. + * + * 2. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT enabled + * - We split the SRAM into IRAM and DRAM such that IRAM region cannot be written to + * and DRAM region cannot be executed. We use _iram_text_end and _data_start markers to set the boundaries. + * We also lock these entries so the R/W/X permissions are enforced even for machine mode + * + * 3. Application build with CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT disabled + * - The IRAM-DRAM split is not enabled so we just need to ensure that access to only valid address ranges are successful + * so for that we set PMP to cover entire valid IRAM and DRAM region. + * We also lock these entries so the R/W/X permissions are enforced even for machine mode + * + * 4. CPU is in OCD debug mode + * - The IRAM-DRAM split is not enabled so that OpenOCD can write and execute from IRAM. + * We set PMP to cover entire valid IRAM and DRAM region. + * We also lock these entries so the R/W/X permissions are enforced even for machine mode + */ + const unsigned NONE = PMP_L; + __attribute__((unused)) const unsigned R = PMP_L | PMP_R; + const unsigned RW = PMP_L | PMP_R | PMP_W; + const unsigned RX = PMP_L | PMP_R | PMP_X; + const unsigned RWX = PMP_L | PMP_R | PMP_W | PMP_X; + + // + // Configure all the invalid address regions using PMA + // + esp_cpu_configure_invalid_regions(); + + // + // Configure all the valid address regions using PMP + // + + // 1. CPU Subsystem region - contains debug mode code and interrupt config registers + const uint32_t pmpaddr0 = PMPADDR_NAPOT(SOC_CPU_SUBSYSTEM_LOW, SOC_CPU_SUBSYSTEM_HIGH); + PMP_ENTRY_SET(0, pmpaddr0, PMP_NAPOT | RWX); + _Static_assert(SOC_CPU_SUBSYSTEM_LOW < SOC_CPU_SUBSYSTEM_HIGH, "Invalid CPU subsystem region"); + + // 2. I/D-ROM + const uint32_t pmpaddr1 = PMPADDR_NAPOT(SOC_IROM_MASK_LOW, SOC_IROM_MASK_HIGH); + PMP_ENTRY_SET(1, pmpaddr1, PMP_NAPOT | RX); + _Static_assert(SOC_IROM_MASK_LOW < SOC_IROM_MASK_HIGH, "Invalid I/D-ROM region"); + + if (esp_cpu_dbgr_is_attached()) { + // Anti-FI check that cpu is really in ocd mode + ESP_FAULT_ASSERT(esp_cpu_dbgr_is_attached()); + + // 3. IRAM and DRAM + PMP_ENTRY_SET(2, SOC_IRAM_LOW, NONE); + PMP_ENTRY_SET(3, SOC_IRAM_HIGH, PMP_TOR | RWX); + _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region"); + } else { +#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD + extern int _iram_text_end; + // 3. IRAM and DRAM + /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits + * Bootloader might have given extra permissions and those won't be cleared + */ + PMP_ENTRY_CFG_RESET(2); + PMP_ENTRY_CFG_RESET(3); + PMP_ENTRY_CFG_RESET(4); + PMP_ENTRY_SET(2, SOC_IRAM_LOW, NONE); + PMP_ENTRY_SET(3, (int)&_iram_text_end, PMP_TOR | RX); + PMP_ENTRY_SET(4, SOC_DRAM_HIGH, PMP_TOR | RW); +#else + // 3. IRAM and DRAM + PMP_ENTRY_SET(2, SOC_IRAM_LOW, CONDITIONAL_NONE); + PMP_ENTRY_SET(3, SOC_IRAM_HIGH, PMP_TOR | CONDITIONAL_RWX); + _Static_assert(SOC_IRAM_LOW < SOC_IRAM_HIGH, "Invalid RAM region"); +#endif + } + +#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD + extern int _instruction_reserved_end; + extern int _rodata_reserved_end; + + const uint32_t irom_resv_end = ALIGN_UP_TO_MMU_PAGE_SIZE((uint32_t)(&_instruction_reserved_end)); + const uint32_t drom_resv_end = ALIGN_UP_TO_MMU_PAGE_SIZE((uint32_t)(&_rodata_reserved_end)); + + // 4. I_Cache / D_Cache (flash) + PMP_ENTRY_CFG_RESET(5); + PMP_ENTRY_CFG_RESET(6); + PMP_ENTRY_CFG_RESET(7); + PMP_ENTRY_SET(5, SOC_IROM_LOW, NONE); + PMP_ENTRY_SET(6, irom_resv_end, PMP_TOR | RX); + PMP_ENTRY_SET(7, drom_resv_end, PMP_TOR | R); +#else + // 4. I_Cache / D_Cache (flash) + const uint32_t pmpaddr5 = PMPADDR_NAPOT(SOC_IROM_LOW, SOC_IROM_HIGH); + PMP_ENTRY_SET(5, pmpaddr5, PMP_NAPOT | CONDITIONAL_RX); + _Static_assert(SOC_IROM_LOW < SOC_IROM_HIGH, "Invalid I/D_Cache region"); +#endif + + // 5. LP memory +#if CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT && !BOOTLOADER_BUILD + extern int _rtc_text_end; + /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits + * Bootloader might have given extra permissions and those won't be cleared + */ + PMP_ENTRY_CFG_RESET(8); + PMP_ENTRY_CFG_RESET(9); + PMP_ENTRY_CFG_RESET(10); + PMP_ENTRY_SET(8, SOC_RTC_IRAM_LOW, NONE); + PMP_ENTRY_SET(9, (int)&_rtc_text_end, PMP_TOR | RX); + PMP_ENTRY_SET(10, SOC_RTC_IRAM_HIGH, PMP_TOR | RW); +#else + const uint32_t pmpaddr8 = PMPADDR_NAPOT(SOC_RTC_IRAM_LOW, SOC_RTC_IRAM_HIGH); + PMP_ENTRY_SET(8, pmpaddr8, PMP_NAPOT | CONDITIONAL_RWX); + _Static_assert(SOC_RTC_IRAM_LOW < SOC_RTC_IRAM_HIGH, "Invalid RTC IRAM region"); +#endif + + // 6. Peripheral addresses + PMP_ENTRY_CFG_RESET(11); + const uint32_t pmpaddr11 = PMPADDR_NAPOT(SOC_PERIPHERAL_LOW, SOC_PERIPHERAL_HIGH); + PMP_ENTRY_SET(11, pmpaddr11, PMP_NAPOT | RW); + _Static_assert(SOC_PERIPHERAL_LOW < SOC_PERIPHERAL_HIGH, "Invalid peripheral region"); } diff --git a/tools/test_apps/system/panic/pytest_panic.py b/tools/test_apps/system/panic/pytest_panic.py index a98bc8fdd5..76c77c076c 100644 --- a/tools/test_apps/system/panic/pytest_panic.py +++ b/tools/test_apps/system/panic/pytest_panic.py @@ -675,83 +675,86 @@ def test_panic_handler_crash1(dut: PanicTestDut, config: str, test_func_name: st ######################### # Memprot-related tests are supported only on targets with PMS/PMA peripheral; -# currently ESP32-S2, ESP32-C3, ESP32-C2, ESP32-H2, ESP32-C6, ESP32-P4, ESP32-C5 and ESP32-C61 are supported +# currently ESP32-S2, ESP32-C3, ESP32-C2, ESP32-H2, ESP32-H21, ESP32-C6, ESP32-P4, ESP32-C5 and ESP32-C61 are supported CONFIGS_MEMPROT_IDRAM = list( - itertools.chain( - itertools.product( - [ - 'memprot_esp32s2', - 'memprot_esp32c3', - 'memprot_esp32c2', - 'memprot_esp32c5', - 'memprot_esp32c61', - 'memprot_esp32h2', - 'memprot_esp32p4', - ], - ['esp32s2', 'esp32c3', 'esp32c2', 'esp32c5', 'esp32c61', 'esp32h2', 'esp32p4'], - ) + zip( + [ + 'memprot_esp32s2', + 'memprot_esp32c3', + 'memprot_esp32c2', + 'memprot_esp32c5', + 'memprot_esp32c61', + 'memprot_esp32h2', + 'memprot_esp32p4', + 'memprot_esp32h21', + ], + ['esp32s2', 'esp32c3', 'esp32c2', 'esp32c5', 'esp32c61', 'esp32h2', 'esp32p4', 'esp32h21'], ) ) -CONFIGS_MEMPROT_DCACHE = list(itertools.chain(itertools.product(['memprot_esp32s2'], ['esp32s2']))) +CONFIGS_MEMPROT_DCACHE = list(zip(['memprot_esp32s2'], ['esp32s2'])) CONFIGS_MEMPROT_RTC_FAST_MEM = list( - itertools.chain( - itertools.product( - [ - 'memprot_esp32s2', - 'memprot_esp32c3', - 'memprot_esp32c5', - 'memprot_esp32c6', - 'memprot_esp32h2', - 'memprot_esp32p4', - ], - ['esp32s2', 'esp32c3', 'esp32c5', 'esp32c6', 'esp32h2', 'esp32p4'], - ) + zip( + [ + 'memprot_esp32s2', + 'memprot_esp32c3', + 'memprot_esp32c5', + 'memprot_esp32c6', + 'memprot_esp32h2', + 'memprot_esp32p4', + 'memprot_esp32h21', + ], + ['esp32s2', 'esp32c3', 'esp32c5', 'esp32c6', 'esp32h2', 'esp32p4', 'esp32h21'], ) ) - -CONFIGS_MEMPROT_RTC_SLOW_MEM = list(itertools.chain(itertools.product(['memprot_esp32s2'], ['esp32s2']))) +CONFIGS_MEMPROT_RTC_SLOW_MEM = list(zip(['memprot_esp32s2'], ['esp32s2'])) CONFIGS_MEMPROT_FLASH_IDROM = list( - itertools.chain( - itertools.product( - ['memprot_esp32c5', 'memprot_esp32c6', 'memprot_esp32c61', 'memprot_esp32h2', 'memprot_esp32p4'], - ['esp32c5', 'esp32c6', 'esp32c61', 'esp32h2', 'esp32p4'], - ) + zip( + [ + 'memprot_esp32c5', + 'memprot_esp32c6', + 'memprot_esp32c61', + 'memprot_esp32h2', + 'memprot_esp32p4', + 'memprot_esp32h21', + ], + ['esp32c5', 'esp32c6', 'esp32c61', 'esp32h2', 'esp32p4', 'esp32h21'], ) ) CONFIGS_MEMPROT_SPIRAM_XIP_IROM_ALIGNMENT_HEAP = list( - itertools.chain( - itertools.product( - ['memprot_spiram_xip_esp32c5', 'memprot_spiram_xip_esp32c61', 'memprot_spiram_xip_esp32p4'], - ['esp32c5', 'esp32c61', 'esp32p4'], - ) + zip( + ['memprot_spiram_xip_esp32c5', 'memprot_spiram_xip_esp32c61', 'memprot_spiram_xip_esp32p4'], + ['esp32c5', 'esp32c61', 'esp32p4'], ) ) CONFIGS_MEMPROT_SPIRAM_XIP_DROM_ALIGNMENT_HEAP = list( - itertools.chain( - itertools.product( - [ - 'memprot_spiram_xip_esp32s3', - 'memprot_spiram_xip_esp32c5', - 'memprot_spiram_xip_esp32c61', - 'memprot_spiram_xip_esp32p4', - ], - ['esp32s3', 'esp32c5', 'esp32c61', 'esp32p4'], - ) + zip( + [ + 'memprot_spiram_xip_esp32s3', + 'memprot_spiram_xip_esp32c5', + 'memprot_spiram_xip_esp32c61', + 'memprot_spiram_xip_esp32p4', + ], + ['esp32s3', 'esp32c5', 'esp32c61', 'esp32p4'], ) ) CONFIGS_MEMPROT_INVALID_REGION_PROTECTION_USING_PMA = list( - itertools.chain( - itertools.product( - ['memprot_esp32c5', 'memprot_esp32c6', 'memprot_esp32c61', 'memprot_esp32h2', 'memprot_esp32p4'], - ['esp32c5', 'esp32c6', 'esp32c61', 'esp32h2', 'esp32p4'], - ) + zip( + [ + 'memprot_esp32c5', + 'memprot_esp32c6', + 'memprot_esp32c61', + 'memprot_esp32h2', + 'memprot_esp32p4', + 'memprot_esp32h21', + ], + ['esp32c5', 'esp32c6', 'esp32c61', 'esp32h2', 'esp32p4', 'esp32h21'], ) ) @@ -778,6 +781,7 @@ def test_dcache_write_violation(dut: PanicTestDut, test_func_name: str) -> None: @pytest.mark.generic +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_IDRAM, indirect=['config', 'target']) def test_iram_reg1_write_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) @@ -798,6 +802,7 @@ def test_iram_reg1_write_violation(dut: PanicTestDut, test_func_name: str) -> No @pytest.mark.generic +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_IDRAM, indirect=['config', 'target']) def test_iram_reg2_write_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) @@ -823,6 +828,7 @@ def test_iram_reg2_write_violation(dut: PanicTestDut, test_func_name: str) -> No @pytest.mark.generic +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_IDRAM, indirect=['config', 'target']) def test_iram_reg3_write_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) @@ -850,6 +856,7 @@ def test_iram_reg3_write_violation(dut: PanicTestDut, test_func_name: str) -> No # TODO: IDF-6820: ESP32-S2 -> Fix incorrect panic reason: Unhandled debug exception @pytest.mark.generic @pytest.mark.xfail('config.getvalue("target") == "esp32s2"', reason='Incorrect panic reason may be observed', run=False) +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_IDRAM, indirect=['config', 'target']) def test_iram_reg4_write_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) @@ -879,6 +886,7 @@ def test_iram_reg4_write_violation(dut: PanicTestDut, test_func_name: str) -> No @pytest.mark.xfail( 'config.getvalue("target") == "esp32s2"', reason='Multiple panic reasons for the same test may surface', run=False ) +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_IDRAM, indirect=['config', 'target']) def test_dram_reg1_execute_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) @@ -901,6 +909,7 @@ def test_dram_reg1_execute_violation(dut: PanicTestDut, test_func_name: str) -> @pytest.mark.xfail( 'config.getvalue("target") == "esp32s2"', reason='Multiple panic reasons for the same test may surface', run=False ) +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_IDRAM, indirect=['config', 'target']) def test_dram_reg2_execute_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) @@ -918,6 +927,7 @@ def test_dram_reg2_execute_violation(dut: PanicTestDut, test_func_name: str) -> @pytest.mark.generic +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_RTC_FAST_MEM, indirect=['config', 'target']) def test_rtc_fast_reg1_execute_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) @@ -927,9 +937,10 @@ def test_rtc_fast_reg1_execute_violation(dut: PanicTestDut, test_func_name: str) @pytest.mark.generic @pytest.mark.skipif( - 'config.getvalue("target") in ["esp32c5", "esp32c6", "esp32h2", "esp32p4"]', + 'config.getvalue("target") in ["esp32c5", "esp32c6", "esp32h2", "esp32p4", "esp32h21"]', reason='Not a violation condition, no PMS peripheral case', ) +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_RTC_FAST_MEM, indirect=['config', 'target']) def test_rtc_fast_reg2_execute_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) @@ -954,6 +965,7 @@ def test_rtc_fast_reg2_execute_violation(dut: PanicTestDut, test_func_name: str) @pytest.mark.xfail( 'config.getvalue("target") == "esp32s2"', reason='Multiple panic reasons for the same test may surface', run=False ) +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_RTC_FAST_MEM, indirect=['config', 'target']) def test_rtc_fast_reg3_execute_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) @@ -1001,6 +1013,7 @@ def test_rtc_slow_reg2_execute_violation(dut: PanicTestDut, test_func_name: str) @pytest.mark.generic +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_FLASH_IDROM, indirect=['config', 'target']) def test_irom_reg_write_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) @@ -1010,6 +1023,7 @@ def test_irom_reg_write_violation(dut: PanicTestDut, test_func_name: str) -> Non @pytest.mark.generic +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_FLASH_IDROM, indirect=['config', 'target']) def test_drom_reg_write_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) @@ -1019,6 +1033,7 @@ def test_drom_reg_write_violation(dut: PanicTestDut, test_func_name: str) -> Non @pytest.mark.generic +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_FLASH_IDROM, indirect=['config', 'target']) def test_drom_reg_execute_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) @@ -1055,6 +1070,7 @@ def test_spiram_xip_drom_alignment_reg_execute_violation(dut: PanicTestDut, test @pytest.mark.generic +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_INVALID_REGION_PROTECTION_USING_PMA, indirect=['config', 'target']) def test_invalid_memory_region_write_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) @@ -1064,6 +1080,7 @@ def test_invalid_memory_region_write_violation(dut: PanicTestDut, test_func_name @pytest.mark.generic +@pytest.mark.temp_skip_ci(targets=['esp32h21'], reason='lack of runners') @idf_parametrize('config, target', CONFIGS_MEMPROT_INVALID_REGION_PROTECTION_USING_PMA, indirect=['config', 'target']) def test_invalid_memory_region_execute_violation(dut: PanicTestDut, test_func_name: str) -> None: dut.run_test_func(test_func_name) diff --git a/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32h21 b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32h21 new file mode 100644 index 0000000000..6e34382e3a --- /dev/null +++ b/tools/test_apps/system/panic/sdkconfig.ci.memprot_esp32h21 @@ -0,0 +1,8 @@ +# Restricting to ESP32H21 +CONFIG_IDF_TARGET="esp32h21" + +# Enabling memory protection +CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=y + +# Enable memprot test +CONFIG_TEST_MEMPROT=y