feat(cpu_region_protect): Enable basic memory protection for SPIRAM

components/esp_hw_support/port/esp32c5/cpu_region_protect.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -9,6 +9,9 @@
 #include "esp_cpu.h"
 #include "esp_fault.h"
 #include "esp32c5/rom/rom_layout.h"
+#if CONFIG_SPIRAM
+#include "esp_private/esp_psram_extram.h"
+#endif /* CONFIG_SPIRAM */
 
 #ifdef BOOTLOADER_BUILD
 // Without L bit set
@@ -26,6 +29,7 @@
 
 #define ALIGN_UP_TO_MMU_PAGE_SIZE(addr) (((addr) + (SOC_MMU_PAGE_SIZE) - 1) & ~((SOC_MMU_PAGE_SIZE) - 1))
 #define ALIGN_DOWN_TO_MMU_PAGE_SIZE(addr)  ((addr) & ~((SOC_MMU_PAGE_SIZE) - 1))
+#define ALIGN_UP(addr, align)  ((addr) & ~((align) - 1))
 
 static void esp_cpu_configure_invalid_regions(void)
 {
@@ -178,15 +182,60 @@ void esp_cpu_configure_region_protection(void)
     extern int _instruction_reserved_end;
     extern int _rodata_reserved_end;
 
-    const uint32_t irom_resv_end = ALIGN_UP_TO_MMU_PAGE_SIZE((uint32_t)(&_instruction_reserved_end));
-    const uint32_t drom_resv_end = ALIGN_UP_TO_MMU_PAGE_SIZE((uint32_t)(&_rodata_reserved_end));
+    const uint32_t page_aligned_irom_resv_end = ALIGN_UP_TO_MMU_PAGE_SIZE((uint32_t)(&_instruction_reserved_end));
+    __attribute__((unused)) const uint32_t page_aligned_drom_resv_end = ALIGN_UP_TO_MMU_PAGE_SIZE((uint32_t)(&_rodata_reserved_end));
 
     PMP_ENTRY_CFG_RESET(6);
+    PMP_ENTRY_SET(6, SOC_IROM_LOW, NONE);
+
+/**
+    Virtual space layout:
+
+    _________   <- SOC_IROM_LOW
+    |       |
+    |_______|   <- _instruction_reserved_end
+    |_______|   <- page_aligned_irom_resv_end
+    |       |
+    |_______|   <- _rodata_reserved_end
+    |_______|   <- page_aligned_drom_resv_end
+    |       |
+    |       |
+    |       |
+    |_______|   <- page_aligned_drom_resv_end + available_psram_heap
+    |       |
+    |       |
+    |       |
+    |       |
+    |_______|   <- SOC_DROM_HIGH
+
+    if CONFIG_SPIRAM_FETCH_INSTRUCTIONS: [_instruction_reserved_end, page_aligned_irom_resv_end) in heap (RW)
+    if CONFIG_SPIRAM_RODATA: [_rodata_reserved_end, page_aligned_drom_resv_end) in heap (RW)
+    if CONFIG_SPIRAM: [_rodata_reserved_end, page_aligned_drom_resv_end + available_psram_heap] in heap / reserved for mapping (RW)
+*/
+
     PMP_ENTRY_CFG_RESET(7);
     PMP_ENTRY_CFG_RESET(8);
-    PMP_ENTRY_SET(6, SOC_IROM_LOW, NONE);
-    PMP_ENTRY_SET(7, irom_resv_end, PMP_TOR | RX);
-    PMP_ENTRY_SET(8, drom_resv_end, PMP_TOR | R);
+    PMP_ENTRY_CFG_RESET(9);
+
+#if CONFIG_SPIRAM_FETCH_INSTRUCTIONS && CONFIG_SPIRAM_PRE_CONFIGURE_MEMORY_PROTECTION
+    PMP_ENTRY_SET(7, (uint32_t)(&_instruction_reserved_end), PMP_TOR | RX);
+    PMP_ENTRY_SET(8, page_aligned_irom_resv_end, PMP_TOR | RW);
+#else
+    PMP_ENTRY_SET(7, page_aligned_irom_resv_end, PMP_TOR | RX);
+    PMP_ENTRY_SET(8, page_aligned_irom_resv_end, NONE);
+#endif /* CONFIG_SPIRAM_FETCH_INSTRUCTIONS && CONFIG_SPIRAM_PRE_CONFIGURE_MEMORY_PROTECTION */
+
+#if CONFIG_SPIRAM_RODATA && CONFIG_SPIRAM_PRE_CONFIGURE_MEMORY_PROTECTION
+    PMP_ENTRY_SET(9, (uint32_t)(&_rodata_reserved_end), PMP_TOR | R);
+#else
+    PMP_ENTRY_SET(9, page_aligned_drom_resv_end, PMP_TOR | R);
+#endif /* CONFIG_SPIRAM_RODATA && CONFIG_SPIRAM_PRE_CONFIGURE_MEMORY_PROTECTION */
+
+#if CONFIG_SPIRAM_PRE_CONFIGURE_MEMORY_PROTECTION
+    size_t available_psram_heap = esp_psram_get_heap_size_to_protect();
+    PMP_ENTRY_CFG_RESET(10);
+    PMP_ENTRY_SET(10, ALIGN_UP(page_aligned_drom_resv_end + available_psram_heap, SOC_CPU_PMP_REGION_GRANULARITY), PMP_TOR | RW);
+#endif /* CONFIG_SPIRAM_PRE_CONFIGURE_MEMORY_PROTECTION */
 #else
     const uint32_t pmpaddr6 = PMPADDR_NAPOT(SOC_IROM_LOW, SOC_IROM_HIGH);
     // Add the W attribute in the case of PSRAM
@@ -201,29 +250,31 @@ void esp_cpu_configure_region_protection(void)
     /* Reset the corresponding PMP config because PMP_ENTRY_SET only sets the given bits
      * Bootloader might have given extra permissions and those won't be cleared
      */
-    PMP_ENTRY_CFG_RESET(9);
-    PMP_ENTRY_CFG_RESET(10);
     PMP_ENTRY_CFG_RESET(11);
     PMP_ENTRY_CFG_RESET(12);
-    PMP_ENTRY_SET(9, SOC_RTC_IRAM_LOW, NONE);
+    PMP_ENTRY_CFG_RESET(13);
+    PMP_ENTRY_CFG_RESET(14);
+
+    PMP_ENTRY_SET(11, SOC_RTC_IRAM_LOW, NONE);
 
     // First part of LP mem is reserved for ULP coprocessor
 #if CONFIG_ESP_SYSTEM_PMP_LP_CORE_RESERVE_MEM_EXECUTABLE
-    PMP_ENTRY_SET(10, (int)&_rtc_text_start, PMP_TOR | RWX);
+    PMP_ENTRY_SET(12, (int)&_rtc_text_start, PMP_TOR | RWX);
 #else
-    PMP_ENTRY_SET(10, (int)&_rtc_text_start, PMP_TOR | RW);
+    PMP_ENTRY_SET(12, (int)&_rtc_text_start, PMP_TOR | RW);
 #endif
 
-    PMP_ENTRY_SET(11, (int)&_rtc_text_end, PMP_TOR | RX);
-    PMP_ENTRY_SET(12, SOC_RTC_IRAM_HIGH, PMP_TOR | RW);
+    PMP_ENTRY_SET(13, (int)&_rtc_text_end, PMP_TOR | RX);
+    PMP_ENTRY_SET(14, SOC_RTC_IRAM_HIGH, PMP_TOR | RW);
 #else
-    const uint32_t pmpaddr9 = PMPADDR_NAPOT(SOC_RTC_IRAM_LOW, SOC_RTC_IRAM_HIGH);
-    PMP_ENTRY_SET(9, pmpaddr9, PMP_NAPOT | CONDITIONAL_RWX);
+    const uint32_t pmpaddr11 = PMPADDR_NAPOT(SOC_RTC_IRAM_LOW, SOC_RTC_IRAM_HIGH);
+    PMP_ENTRY_SET(11, pmpaddr11, PMP_NAPOT | CONDITIONAL_RWX);
     _Static_assert(SOC_RTC_IRAM_LOW < SOC_RTC_IRAM_HIGH, "Invalid RTC IRAM region");
 #endif
 
     // 6. Peripheral addresses
-    const uint32_t pmpaddr13 = PMPADDR_NAPOT(SOC_PERIPHERAL_LOW, SOC_PERIPHERAL_HIGH);
-    PMP_ENTRY_SET(13, pmpaddr13, PMP_NAPOT | RW);
+    PMP_ENTRY_CFG_RESET(15);
+    const uint32_t pmpaddr15 = PMPADDR_NAPOT(SOC_PERIPHERAL_LOW, SOC_PERIPHERAL_HIGH);
+    PMP_ENTRY_SET(15, pmpaddr15, PMP_NAPOT | RW);
     _Static_assert(SOC_PERIPHERAL_LOW < SOC_PERIPHERAL_HIGH, "Invalid peripheral region");
 }