1 | /* |
2 | * ARM TrustZone peripheral protection controller emulation |
3 | * |
4 | * Copyright (c) 2018 Linaro Limited |
5 | * Written by Peter Maydell |
6 | * |
7 | * This program is free software; you can redistribute it and/or modify |
8 | * it under the terms of the GNU General Public License version 2 or |
9 | * (at your option) any later version. |
10 | */ |
11 | |
12 | #include "qemu/osdep.h" |
13 | #include "qemu/log.h" |
14 | #include "qemu/module.h" |
15 | #include "qapi/error.h" |
16 | #include "trace.h" |
17 | #include "hw/sysbus.h" |
18 | #include "migration/vmstate.h" |
19 | #include "hw/registerfields.h" |
20 | #include "hw/irq.h" |
21 | #include "hw/misc/tz-ppc.h" |
22 | #include "hw/qdev-properties.h" |
23 | |
24 | static void tz_ppc_update_irq(TZPPC *s) |
25 | { |
26 | bool level = s->irq_status && s->irq_enable; |
27 | |
28 | trace_tz_ppc_update_irq(level); |
29 | qemu_set_irq(s->irq, level); |
30 | } |
31 | |
32 | static void tz_ppc_cfg_nonsec(void *opaque, int n, int level) |
33 | { |
34 | TZPPC *s = TZ_PPC(opaque); |
35 | |
36 | assert(n < TZ_NUM_PORTS); |
37 | trace_tz_ppc_cfg_nonsec(n, level); |
38 | s->cfg_nonsec[n] = level; |
39 | } |
40 | |
41 | static void tz_ppc_cfg_ap(void *opaque, int n, int level) |
42 | { |
43 | TZPPC *s = TZ_PPC(opaque); |
44 | |
45 | assert(n < TZ_NUM_PORTS); |
46 | trace_tz_ppc_cfg_ap(n, level); |
47 | s->cfg_ap[n] = level; |
48 | } |
49 | |
50 | static void tz_ppc_cfg_sec_resp(void *opaque, int n, int level) |
51 | { |
52 | TZPPC *s = TZ_PPC(opaque); |
53 | |
54 | trace_tz_ppc_cfg_sec_resp(level); |
55 | s->cfg_sec_resp = level; |
56 | } |
57 | |
58 | static void tz_ppc_irq_enable(void *opaque, int n, int level) |
59 | { |
60 | TZPPC *s = TZ_PPC(opaque); |
61 | |
62 | trace_tz_ppc_irq_enable(level); |
63 | s->irq_enable = level; |
64 | tz_ppc_update_irq(s); |
65 | } |
66 | |
67 | static void tz_ppc_irq_clear(void *opaque, int n, int level) |
68 | { |
69 | TZPPC *s = TZ_PPC(opaque); |
70 | |
71 | trace_tz_ppc_irq_clear(level); |
72 | |
73 | s->irq_clear = level; |
74 | if (level) { |
75 | s->irq_status = false; |
76 | tz_ppc_update_irq(s); |
77 | } |
78 | } |
79 | |
80 | static bool tz_ppc_check(TZPPC *s, int n, MemTxAttrs attrs) |
81 | { |
82 | /* Check whether to allow an access to port n; return true if |
83 | * the check passes, and false if the transaction must be blocked. |
84 | * If the latter, the caller must check cfg_sec_resp to determine |
85 | * whether to abort or RAZ/WI the transaction. |
86 | * The checks are: |
87 | * + nonsec_mask suppresses any check of the secure attribute |
88 | * + otherwise, block if cfg_nonsec is 1 and transaction is secure, |
89 | * or if cfg_nonsec is 0 and transaction is non-secure |
90 | * + block if transaction is usermode and cfg_ap is 0 |
91 | */ |
92 | if ((attrs.secure == s->cfg_nonsec[n] && !(s->nonsec_mask & (1 << n))) || |
93 | (attrs.user && !s->cfg_ap[n])) { |
94 | /* Block the transaction. */ |
95 | if (!s->irq_clear) { |
96 | /* Note that holding irq_clear high suppresses interrupts */ |
97 | s->irq_status = true; |
98 | tz_ppc_update_irq(s); |
99 | } |
100 | return false; |
101 | } |
102 | return true; |
103 | } |
104 | |
105 | static MemTxResult tz_ppc_read(void *opaque, hwaddr addr, uint64_t *pdata, |
106 | unsigned size, MemTxAttrs attrs) |
107 | { |
108 | TZPPCPort *p = opaque; |
109 | TZPPC *s = p->ppc; |
110 | int n = p - s->port; |
111 | AddressSpace *as = &p->downstream_as; |
112 | uint64_t data; |
113 | MemTxResult res; |
114 | |
115 | if (!tz_ppc_check(s, n, attrs)) { |
116 | trace_tz_ppc_read_blocked(n, addr, attrs.secure, attrs.user); |
117 | if (s->cfg_sec_resp) { |
118 | return MEMTX_ERROR; |
119 | } else { |
120 | *pdata = 0; |
121 | return MEMTX_OK; |
122 | } |
123 | } |
124 | |
125 | switch (size) { |
126 | case 1: |
127 | data = address_space_ldub(as, addr, attrs, &res); |
128 | break; |
129 | case 2: |
130 | data = address_space_lduw_le(as, addr, attrs, &res); |
131 | break; |
132 | case 4: |
133 | data = address_space_ldl_le(as, addr, attrs, &res); |
134 | break; |
135 | case 8: |
136 | data = address_space_ldq_le(as, addr, attrs, &res); |
137 | break; |
138 | default: |
139 | g_assert_not_reached(); |
140 | } |
141 | *pdata = data; |
142 | return res; |
143 | } |
144 | |
145 | static MemTxResult tz_ppc_write(void *opaque, hwaddr addr, uint64_t val, |
146 | unsigned size, MemTxAttrs attrs) |
147 | { |
148 | TZPPCPort *p = opaque; |
149 | TZPPC *s = p->ppc; |
150 | AddressSpace *as = &p->downstream_as; |
151 | int n = p - s->port; |
152 | MemTxResult res; |
153 | |
154 | if (!tz_ppc_check(s, n, attrs)) { |
155 | trace_tz_ppc_write_blocked(n, addr, attrs.secure, attrs.user); |
156 | if (s->cfg_sec_resp) { |
157 | return MEMTX_ERROR; |
158 | } else { |
159 | return MEMTX_OK; |
160 | } |
161 | } |
162 | |
163 | switch (size) { |
164 | case 1: |
165 | address_space_stb(as, addr, val, attrs, &res); |
166 | break; |
167 | case 2: |
168 | address_space_stw_le(as, addr, val, attrs, &res); |
169 | break; |
170 | case 4: |
171 | address_space_stl_le(as, addr, val, attrs, &res); |
172 | break; |
173 | case 8: |
174 | address_space_stq_le(as, addr, val, attrs, &res); |
175 | break; |
176 | default: |
177 | g_assert_not_reached(); |
178 | } |
179 | return res; |
180 | } |
181 | |
182 | static const MemoryRegionOps tz_ppc_ops = { |
183 | .read_with_attrs = tz_ppc_read, |
184 | .write_with_attrs = tz_ppc_write, |
185 | .endianness = DEVICE_LITTLE_ENDIAN, |
186 | }; |
187 | |
188 | static bool tz_ppc_dummy_accepts(void *opaque, hwaddr addr, |
189 | unsigned size, bool is_write, |
190 | MemTxAttrs attrs) |
191 | { |
192 | /* |
193 | * Board code should never map the upstream end of an unused port, |
194 | * so we should never try to make a memory access to it. |
195 | */ |
196 | g_assert_not_reached(); |
197 | } |
198 | |
199 | static const MemoryRegionOps tz_ppc_dummy_ops = { |
200 | .valid.accepts = tz_ppc_dummy_accepts, |
201 | }; |
202 | |
203 | static void tz_ppc_reset(DeviceState *dev) |
204 | { |
205 | TZPPC *s = TZ_PPC(dev); |
206 | |
207 | trace_tz_ppc_reset(); |
208 | s->cfg_sec_resp = false; |
209 | memset(s->cfg_nonsec, 0, sizeof(s->cfg_nonsec)); |
210 | memset(s->cfg_ap, 0, sizeof(s->cfg_ap)); |
211 | } |
212 | |
213 | static void tz_ppc_init(Object *obj) |
214 | { |
215 | DeviceState *dev = DEVICE(obj); |
216 | TZPPC *s = TZ_PPC(obj); |
217 | |
218 | qdev_init_gpio_in_named(dev, tz_ppc_cfg_nonsec, "cfg_nonsec" , TZ_NUM_PORTS); |
219 | qdev_init_gpio_in_named(dev, tz_ppc_cfg_ap, "cfg_ap" , TZ_NUM_PORTS); |
220 | qdev_init_gpio_in_named(dev, tz_ppc_cfg_sec_resp, "cfg_sec_resp" , 1); |
221 | qdev_init_gpio_in_named(dev, tz_ppc_irq_enable, "irq_enable" , 1); |
222 | qdev_init_gpio_in_named(dev, tz_ppc_irq_clear, "irq_clear" , 1); |
223 | qdev_init_gpio_out_named(dev, &s->irq, "irq" , 1); |
224 | } |
225 | |
226 | static void tz_ppc_realize(DeviceState *dev, Error **errp) |
227 | { |
228 | Object *obj = OBJECT(dev); |
229 | SysBusDevice *sbd = SYS_BUS_DEVICE(dev); |
230 | TZPPC *s = TZ_PPC(dev); |
231 | int i; |
232 | int max_port = 0; |
233 | |
234 | /* We can't create the upstream end of the port until realize, |
235 | * as we don't know the size of the MR used as the downstream until then. |
236 | */ |
237 | for (i = 0; i < TZ_NUM_PORTS; i++) { |
238 | if (s->port[i].downstream) { |
239 | max_port = i; |
240 | } |
241 | } |
242 | |
243 | for (i = 0; i <= max_port; i++) { |
244 | TZPPCPort *port = &s->port[i]; |
245 | char *name; |
246 | uint64_t size; |
247 | |
248 | if (!port->downstream) { |
249 | /* |
250 | * Create dummy sysbus MMIO region so the sysbus region |
251 | * numbering doesn't get out of sync with the port numbers. |
252 | * The size is entirely arbitrary. |
253 | */ |
254 | name = g_strdup_printf("tz-ppc-dummy-port[%d]" , i); |
255 | memory_region_init_io(&port->upstream, obj, &tz_ppc_dummy_ops, |
256 | port, name, 0x10000); |
257 | sysbus_init_mmio(sbd, &port->upstream); |
258 | g_free(name); |
259 | continue; |
260 | } |
261 | |
262 | name = g_strdup_printf("tz-ppc-port[%d]" , i); |
263 | |
264 | port->ppc = s; |
265 | address_space_init(&port->downstream_as, port->downstream, name); |
266 | |
267 | size = memory_region_size(port->downstream); |
268 | memory_region_init_io(&port->upstream, obj, &tz_ppc_ops, |
269 | port, name, size); |
270 | sysbus_init_mmio(sbd, &port->upstream); |
271 | g_free(name); |
272 | } |
273 | } |
274 | |
275 | static const VMStateDescription tz_ppc_vmstate = { |
276 | .name = "tz-ppc" , |
277 | .version_id = 1, |
278 | .minimum_version_id = 1, |
279 | .fields = (VMStateField[]) { |
280 | VMSTATE_BOOL_ARRAY(cfg_nonsec, TZPPC, 16), |
281 | VMSTATE_BOOL_ARRAY(cfg_ap, TZPPC, 16), |
282 | VMSTATE_BOOL(cfg_sec_resp, TZPPC), |
283 | VMSTATE_BOOL(irq_enable, TZPPC), |
284 | VMSTATE_BOOL(irq_clear, TZPPC), |
285 | VMSTATE_BOOL(irq_status, TZPPC), |
286 | VMSTATE_END_OF_LIST() |
287 | } |
288 | }; |
289 | |
290 | #define DEFINE_PORT(N) \ |
291 | DEFINE_PROP_LINK("port[" #N "]", TZPPC, port[N].downstream, \ |
292 | TYPE_MEMORY_REGION, MemoryRegion *) |
293 | |
294 | static Property tz_ppc_properties[] = { |
295 | DEFINE_PROP_UINT32("NONSEC_MASK" , TZPPC, nonsec_mask, 0), |
296 | DEFINE_PORT(0), |
297 | DEFINE_PORT(1), |
298 | DEFINE_PORT(2), |
299 | DEFINE_PORT(3), |
300 | DEFINE_PORT(4), |
301 | DEFINE_PORT(5), |
302 | DEFINE_PORT(6), |
303 | DEFINE_PORT(7), |
304 | DEFINE_PORT(8), |
305 | DEFINE_PORT(9), |
306 | DEFINE_PORT(10), |
307 | DEFINE_PORT(11), |
308 | DEFINE_PORT(12), |
309 | DEFINE_PORT(13), |
310 | DEFINE_PORT(14), |
311 | DEFINE_PORT(15), |
312 | DEFINE_PROP_END_OF_LIST(), |
313 | }; |
314 | |
315 | static void tz_ppc_class_init(ObjectClass *klass, void *data) |
316 | { |
317 | DeviceClass *dc = DEVICE_CLASS(klass); |
318 | |
319 | dc->realize = tz_ppc_realize; |
320 | dc->vmsd = &tz_ppc_vmstate; |
321 | dc->reset = tz_ppc_reset; |
322 | dc->props = tz_ppc_properties; |
323 | } |
324 | |
325 | static const TypeInfo tz_ppc_info = { |
326 | .name = TYPE_TZ_PPC, |
327 | .parent = TYPE_SYS_BUS_DEVICE, |
328 | .instance_size = sizeof(TZPPC), |
329 | .instance_init = tz_ppc_init, |
330 | .class_init = tz_ppc_class_init, |
331 | }; |
332 | |
333 | static void tz_ppc_register_types(void) |
334 | { |
335 | type_register_static(&tz_ppc_info); |
336 | } |
337 | |
338 | type_init(tz_ppc_register_types); |
339 | |