]>
Commit | Line | Data |
---|---|---|
211e701d PM |
1 | /* |
2 | * ARM TrustZone master security controller emulation | |
3 | * | |
4 | * Copyright (c) 2018 Linaro Limited | |
5 | * Written by Peter Maydell | |
6 | * | |
7 | * This program is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License version 2 or | |
9 | * (at your option) any later version. | |
10 | */ | |
11 | ||
12 | #include "qemu/osdep.h" | |
13 | #include "qemu/log.h" | |
0b8fa32f | 14 | #include "qemu/module.h" |
211e701d PM |
15 | #include "qapi/error.h" |
16 | #include "trace.h" | |
17 | #include "hw/sysbus.h" | |
d6454270 | 18 | #include "migration/vmstate.h" |
211e701d | 19 | #include "hw/registerfields.h" |
64552b6b | 20 | #include "hw/irq.h" |
211e701d | 21 | #include "hw/misc/tz-msc.h" |
a27bd6c7 | 22 | #include "hw/qdev-properties.h" |
211e701d PM |
23 | |
24 | static void tz_msc_update_irq(TZMSC *s) | |
25 | { | |
26 | bool level = s->irq_status; | |
27 | ||
28 | trace_tz_msc_update_irq(level); | |
29 | qemu_set_irq(s->irq, level); | |
30 | } | |
31 | ||
32 | static void tz_msc_cfg_nonsec(void *opaque, int n, int level) | |
33 | { | |
34 | TZMSC *s = TZ_MSC(opaque); | |
35 | ||
36 | trace_tz_msc_cfg_nonsec(level); | |
37 | s->cfg_nonsec = level; | |
38 | } | |
39 | ||
40 | static void tz_msc_cfg_sec_resp(void *opaque, int n, int level) | |
41 | { | |
42 | TZMSC *s = TZ_MSC(opaque); | |
43 | ||
44 | trace_tz_msc_cfg_sec_resp(level); | |
45 | s->cfg_sec_resp = level; | |
46 | } | |
47 | ||
48 | static void tz_msc_irq_clear(void *opaque, int n, int level) | |
49 | { | |
50 | TZMSC *s = TZ_MSC(opaque); | |
51 | ||
52 | trace_tz_msc_irq_clear(level); | |
53 | ||
54 | s->irq_clear = level; | |
55 | if (level) { | |
56 | s->irq_status = false; | |
57 | tz_msc_update_irq(s); | |
58 | } | |
59 | } | |
60 | ||
61 | /* The MSC may either block a transaction by aborting it, block a | |
62 | * transaction by making it RAZ/WI, allow it through with | |
63 | * MemTxAttrs indicating a secure transaction, or allow it with | |
64 | * MemTxAttrs indicating a non-secure transaction. | |
65 | */ | |
66 | typedef enum MSCAction { | |
67 | MSCBlockAbort, | |
68 | MSCBlockRAZWI, | |
69 | MSCAllowSecure, | |
70 | MSCAllowNonSecure, | |
71 | } MSCAction; | |
72 | ||
73 | static MSCAction tz_msc_check(TZMSC *s, hwaddr addr) | |
74 | { | |
75 | /* | |
76 | * Check whether to allow an access from the bus master, returning | |
77 | * an MSCAction indicating the required behaviour. If the transaction | |
78 | * is blocked, the caller must check cfg_sec_resp to determine | |
79 | * whether to abort or RAZ/WI the transaction. | |
80 | */ | |
81 | IDAUInterfaceClass *iic = IDAU_INTERFACE_GET_CLASS(s->idau); | |
82 | IDAUInterface *ii = IDAU_INTERFACE(s->idau); | |
83 | bool idau_exempt = false, idau_ns = true, idau_nsc = true; | |
84 | int idau_region = IREGION_NOTVALID; | |
85 | ||
86 | iic->check(ii, addr, &idau_region, &idau_exempt, &idau_ns, &idau_nsc); | |
87 | ||
88 | if (idau_exempt) { | |
89 | /* | |
90 | * Uncheck region -- OK, transaction type depends on | |
91 | * whether bus master is configured as Secure or NonSecure | |
92 | */ | |
93 | return s->cfg_nonsec ? MSCAllowNonSecure : MSCAllowSecure; | |
94 | } | |
95 | ||
96 | if (idau_ns) { | |
97 | /* NonSecure region -- always forward as NS transaction */ | |
98 | return MSCAllowNonSecure; | |
99 | } | |
100 | ||
101 | if (!s->cfg_nonsec) { | |
102 | /* Access to Secure region by Secure bus master: OK */ | |
103 | return MSCAllowSecure; | |
104 | } | |
105 | ||
106 | /* Attempted access to Secure region by NS bus master: block */ | |
107 | trace_tz_msc_access_blocked(addr); | |
108 | if (!s->cfg_sec_resp) { | |
109 | return MSCBlockRAZWI; | |
110 | } | |
111 | ||
112 | /* | |
113 | * The TRM isn't clear on behaviour if irq_clear is high when a | |
114 | * transaction is blocked. We assume that the MSC behaves like the | |
115 | * PPC, where holding irq_clear high suppresses the interrupt. | |
116 | */ | |
117 | if (!s->irq_clear) { | |
118 | s->irq_status = true; | |
119 | tz_msc_update_irq(s); | |
120 | } | |
121 | return MSCBlockAbort; | |
122 | } | |
123 | ||
124 | static MemTxResult tz_msc_read(void *opaque, hwaddr addr, uint64_t *pdata, | |
125 | unsigned size, MemTxAttrs attrs) | |
126 | { | |
127 | TZMSC *s = opaque; | |
128 | AddressSpace *as = &s->downstream_as; | |
129 | uint64_t data; | |
130 | MemTxResult res; | |
131 | ||
132 | switch (tz_msc_check(s, addr)) { | |
133 | case MSCBlockAbort: | |
134 | return MEMTX_ERROR; | |
135 | case MSCBlockRAZWI: | |
136 | *pdata = 0; | |
137 | return MEMTX_OK; | |
138 | case MSCAllowSecure: | |
139 | attrs.secure = 1; | |
140 | attrs.unspecified = 0; | |
141 | break; | |
142 | case MSCAllowNonSecure: | |
143 | attrs.secure = 0; | |
144 | attrs.unspecified = 0; | |
145 | break; | |
146 | } | |
147 | ||
148 | switch (size) { | |
149 | case 1: | |
150 | data = address_space_ldub(as, addr, attrs, &res); | |
151 | break; | |
152 | case 2: | |
153 | data = address_space_lduw_le(as, addr, attrs, &res); | |
154 | break; | |
155 | case 4: | |
156 | data = address_space_ldl_le(as, addr, attrs, &res); | |
157 | break; | |
158 | case 8: | |
159 | data = address_space_ldq_le(as, addr, attrs, &res); | |
160 | break; | |
161 | default: | |
162 | g_assert_not_reached(); | |
163 | } | |
164 | *pdata = data; | |
165 | return res; | |
166 | } | |
167 | ||
168 | static MemTxResult tz_msc_write(void *opaque, hwaddr addr, uint64_t val, | |
169 | unsigned size, MemTxAttrs attrs) | |
170 | { | |
171 | TZMSC *s = opaque; | |
172 | AddressSpace *as = &s->downstream_as; | |
173 | MemTxResult res; | |
174 | ||
175 | switch (tz_msc_check(s, addr)) { | |
176 | case MSCBlockAbort: | |
177 | return MEMTX_ERROR; | |
178 | case MSCBlockRAZWI: | |
179 | return MEMTX_OK; | |
180 | case MSCAllowSecure: | |
181 | attrs.secure = 1; | |
182 | attrs.unspecified = 0; | |
183 | break; | |
184 | case MSCAllowNonSecure: | |
185 | attrs.secure = 0; | |
186 | attrs.unspecified = 0; | |
187 | break; | |
188 | } | |
189 | ||
190 | switch (size) { | |
191 | case 1: | |
192 | address_space_stb(as, addr, val, attrs, &res); | |
193 | break; | |
194 | case 2: | |
195 | address_space_stw_le(as, addr, val, attrs, &res); | |
196 | break; | |
197 | case 4: | |
198 | address_space_stl_le(as, addr, val, attrs, &res); | |
199 | break; | |
200 | case 8: | |
201 | address_space_stq_le(as, addr, val, attrs, &res); | |
202 | break; | |
203 | default: | |
204 | g_assert_not_reached(); | |
205 | } | |
206 | return res; | |
207 | } | |
208 | ||
209 | static const MemoryRegionOps tz_msc_ops = { | |
210 | .read_with_attrs = tz_msc_read, | |
211 | .write_with_attrs = tz_msc_write, | |
212 | .endianness = DEVICE_LITTLE_ENDIAN, | |
213 | }; | |
214 | ||
215 | static void tz_msc_reset(DeviceState *dev) | |
216 | { | |
217 | TZMSC *s = TZ_MSC(dev); | |
218 | ||
219 | trace_tz_msc_reset(); | |
220 | s->cfg_sec_resp = false; | |
221 | s->cfg_nonsec = false; | |
222 | s->irq_clear = 0; | |
223 | s->irq_status = 0; | |
224 | } | |
225 | ||
226 | static void tz_msc_init(Object *obj) | |
227 | { | |
228 | DeviceState *dev = DEVICE(obj); | |
229 | TZMSC *s = TZ_MSC(obj); | |
230 | ||
231 | qdev_init_gpio_in_named(dev, tz_msc_cfg_nonsec, "cfg_nonsec", 1); | |
232 | qdev_init_gpio_in_named(dev, tz_msc_cfg_sec_resp, "cfg_sec_resp", 1); | |
233 | qdev_init_gpio_in_named(dev, tz_msc_irq_clear, "irq_clear", 1); | |
234 | qdev_init_gpio_out_named(dev, &s->irq, "irq", 1); | |
235 | } | |
236 | ||
237 | static void tz_msc_realize(DeviceState *dev, Error **errp) | |
238 | { | |
239 | Object *obj = OBJECT(dev); | |
240 | SysBusDevice *sbd = SYS_BUS_DEVICE(dev); | |
241 | TZMSC *s = TZ_MSC(dev); | |
242 | const char *name = "tz-msc-downstream"; | |
243 | uint64_t size; | |
244 | ||
245 | /* | |
246 | * We can't create the upstream end of the port until realize, | |
247 | * as we don't know the size of the MR used as the downstream until then. | |
248 | * We insist on having a downstream, to avoid complicating the | |
249 | * code with handling the "don't know how big this is" case. It's easy | |
250 | * enough for the user to create an unimplemented_device as downstream | |
251 | * if they have nothing else to plug into this. | |
252 | */ | |
253 | if (!s->downstream) { | |
254 | error_setg(errp, "MSC 'downstream' link not set"); | |
255 | return; | |
256 | } | |
257 | if (!s->idau) { | |
258 | error_setg(errp, "MSC 'idau' link not set"); | |
259 | return; | |
260 | } | |
261 | ||
262 | size = memory_region_size(s->downstream); | |
263 | address_space_init(&s->downstream_as, s->downstream, name); | |
264 | memory_region_init_io(&s->upstream, obj, &tz_msc_ops, s, name, size); | |
265 | sysbus_init_mmio(sbd, &s->upstream); | |
266 | } | |
267 | ||
268 | static const VMStateDescription tz_msc_vmstate = { | |
269 | .name = "tz-msc", | |
270 | .version_id = 1, | |
271 | .minimum_version_id = 1, | |
272 | .fields = (VMStateField[]) { | |
273 | VMSTATE_BOOL(cfg_nonsec, TZMSC), | |
274 | VMSTATE_BOOL(cfg_sec_resp, TZMSC), | |
275 | VMSTATE_BOOL(irq_clear, TZMSC), | |
276 | VMSTATE_BOOL(irq_status, TZMSC), | |
277 | VMSTATE_END_OF_LIST() | |
278 | } | |
279 | }; | |
280 | ||
281 | static Property tz_msc_properties[] = { | |
282 | DEFINE_PROP_LINK("downstream", TZMSC, downstream, | |
283 | TYPE_MEMORY_REGION, MemoryRegion *), | |
284 | DEFINE_PROP_LINK("idau", TZMSC, idau, | |
285 | TYPE_IDAU_INTERFACE, IDAUInterface *), | |
286 | DEFINE_PROP_END_OF_LIST(), | |
287 | }; | |
288 | ||
289 | static void tz_msc_class_init(ObjectClass *klass, void *data) | |
290 | { | |
291 | DeviceClass *dc = DEVICE_CLASS(klass); | |
292 | ||
293 | dc->realize = tz_msc_realize; | |
294 | dc->vmsd = &tz_msc_vmstate; | |
295 | dc->reset = tz_msc_reset; | |
4f67d30b | 296 | device_class_set_props(dc, tz_msc_properties); |
211e701d PM |
297 | } |
298 | ||
299 | static const TypeInfo tz_msc_info = { | |
300 | .name = TYPE_TZ_MSC, | |
301 | .parent = TYPE_SYS_BUS_DEVICE, | |
302 | .instance_size = sizeof(TZMSC), | |
303 | .instance_init = tz_msc_init, | |
304 | .class_init = tz_msc_class_init, | |
305 | }; | |
306 | ||
307 | static void tz_msc_register_types(void) | |
308 | { | |
309 | type_register_static(&tz_msc_info); | |
310 | } | |
311 | ||
312 | type_init(tz_msc_register_types); |