GitLab

The long descriptor page table format doesn't support RISC OS access
privilege 1 (user RX, privileged RWX). Previously we were downgrading
this to AP 0 (user RWX, privielged RWX), which obviously weakens the
security of the memory. However now that we have an AbortTrap
implementation, we can map the memory as "user none, privileged RWX" and
provide user read support via AbortTrap's instruction decode & execute
logic.

There's no support for executing usermode code from the memory, but the
compatibility issues caused by that are likely to be minimal.

Runtime selection between long descriptor and short descriptor page
table format is now possible (with the decision based on whether the HAL
registers any high RAM or not). The main source changes are as follows:

* LongDesc and ShortDesc switches are in hdr.Options to control what
kernel variant is built
* PTOp and PTWhich macros introduced in hdr.ARMops to allow for
invocation of functions / code blocks which are specific to the page
table format. If the kernel is being built with only one page table
format enabled, PTOp is just a BL instruction, ensuring there's no
performance loss compared to the old code.
* _LongDesc and _ShortDesc suffixes added to various function names, to
allow both versions of the function to be included at once if runtime
selection is enabled
* Most of the kernel / MMU initialisation code in s.HAL is now encased
in a big WHILE loop, allowing it to be duplicated if runtime switching
is enabled (easier than adding dynamic branches all over the place, and
only costs a few KB of ROM/RAM)
* Some more functions (notably AccessPhysicalAddress,
ReleasePhysicalAddress, and MapInIO) have been moved to s.ShortDesc /
s.LongDesc since they were already 90% specific to page table format

These use a page block with a 64bit address fields (matching OS_Memory
64). The page list(s) contain the full list of pages involved in the
operation, unlike the 32bit PagesUnsafe / PagesSafe calls, which only
list pages which have 32bit addresses. The kernel issues the service
calls in the following order:

1. Service_PagesUnsafe64
2. Service_PagesUnsafe
3. Service_PagesSafe
4. Service_PagesSafe64

Since only one PagesUnsafe operation can occur at a time, a program
which supports both service calls can safely ignore the PagesUnsafe /
PagesSafe calls if a PagesUnsafe64 operation is in progress (the
PagesUnsafe call will only list a subset of the pages from the
PagesUnsafe64 call). The 32bit PagesUnsafe / PagesSafe calls will be
skipped if no 32bit pages are being replaced.

The addition of these calls means that NeedsSpecificPages DAs (and PMPs)
can now request pages which have large physical addresses.

Note that the page replacement logic now has the restriction that pages
which have 32bit physical addresses can only be replaced by other pages
which have 32bit physical addresses. This is necessary to ensure that
users of the old 32bit APIs see the page replacement take place. However
it does mean that programs will be unable to claim pages of low RAM
which are in use if there are not enough free low RAM pages in the free
pool.

A future optimisation would be to update the service calls so that they
don't list required pages which are in the free pool; if all the
required pages are in the free pool this would allow the service calls
(and FIQ claiming) to be skipped completely.

This changes PhysRamTable to store the address of each RAM bank in terms
of (4KB) pages instead of bytes, effectively allowing it to support a 44
bit physical address space. This means that (when the long descriptor
page table format is used) the OS can now make use of memory located
outside the lower 4GB of the physical address space. However some
public APIs still need extending to allow for all operations to be
supported on high RAM (e.g. OS_Memory logical to physical address
lookups)

OS_Memory 12 (RecommendPage) has been extended to allow R4-R7 to be used
to specify a (64bit) physical address range which the recommended pages
must lie within. For backwards compatibility this defaults to 0-4GB.

This adds initial support for the "long descriptor" MMU page table
format, which allows the CPU to (flexibly) use a 40-bit physical address
space.

There are still some features that need fixing (e.g. RISCOS_MapInIO
flags), and the OS doesn't yet support RAM above the 32bit limit, but
this set of changes is enough to allow for working ROMs to be produced.

Also, move MMUControlSoftCopy initialisation out of ClearWkspRAM, since
it's unrelated to whether the HAL has cleared the RAM or not.

In preparation for the addition of long descriptor page table support,
start moving low-level page table routines into their own file
(s.ShortDesc) so that we can add a corresponding long descriptor
implementation in the future.

* logical_to_physical, MakePageTablesCacheable,
MakePageTablesNonCacheable, AllocateBackingLevel2, AMB_movepagesin_L2PT,
AMB_movecacheablepagesout_L2PT, AMB_moveuncacheablepagesout_L2PT
routines, and PageNumToL2PT macros, all moved to s.ShortDesc with no
changes.
* Add new UpdateL1PTForPageReplacement routine (by splitting some code
out of s.ChangeDyn)