| 1 | /* |
|---|---|
| 2 | * ARM TrustZone peripheral protection controller emulation |
| 3 | * |
| 4 | * Copyright (c) 2018 Linaro Limited |
| 5 | * Written by Peter Maydell |
| 6 | * |
| 7 | * This program is free software; you can redistribute it and/or modify |
| 8 | * it under the terms of the GNU General Public License version 2 or |
| 9 | * (at your option) any later version. |
| 10 | */ |
| 11 | |
| 12 | #include "qemu/osdep.h" |
| 13 | #include "qemu/log.h" |
| 14 | #include "qemu/module.h" |
| 15 | #include "qapi/error.h" |
| 16 | #include "trace.h" |
| 17 | #include "hw/sysbus.h" |
| 18 | #include "migration/vmstate.h" |
| 19 | #include "hw/registerfields.h" |
| 20 | #include "hw/irq.h" |
| 21 | #include "hw/misc/tz-ppc.h" |
| 22 | #include "hw/qdev-properties.h" |
| 23 | |
| 24 | static void tz_ppc_update_irq(TZPPC *s) |
| 25 | { |
| 26 | bool level = s->irq_status && s->irq_enable; |
| 27 | |
| 28 | trace_tz_ppc_update_irq(level); |
| 29 | qemu_set_irq(s->irq, level); |
| 30 | } |
| 31 | |
| 32 | static void tz_ppc_cfg_nonsec(void *opaque, int n, int level) |
| 33 | { |
| 34 | TZPPC *s = TZ_PPC(opaque); |
| 35 | |
| 36 | assert(n < TZ_NUM_PORTS); |
| 37 | trace_tz_ppc_cfg_nonsec(n, level); |
| 38 | s->cfg_nonsec[n] = level; |
| 39 | } |
| 40 | |
| 41 | static void tz_ppc_cfg_ap(void *opaque, int n, int level) |
| 42 | { |
| 43 | TZPPC *s = TZ_PPC(opaque); |
| 44 | |
| 45 | assert(n < TZ_NUM_PORTS); |
| 46 | trace_tz_ppc_cfg_ap(n, level); |
| 47 | s->cfg_ap[n] = level; |
| 48 | } |
| 49 | |
| 50 | static void tz_ppc_cfg_sec_resp(void *opaque, int n, int level) |
| 51 | { |
| 52 | TZPPC *s = TZ_PPC(opaque); |
| 53 | |
| 54 | trace_tz_ppc_cfg_sec_resp(level); |
| 55 | s->cfg_sec_resp = level; |
| 56 | } |
| 57 | |
| 58 | static void tz_ppc_irq_enable(void *opaque, int n, int level) |
| 59 | { |
| 60 | TZPPC *s = TZ_PPC(opaque); |
| 61 | |
| 62 | trace_tz_ppc_irq_enable(level); |
| 63 | s->irq_enable = level; |
| 64 | tz_ppc_update_irq(s); |
| 65 | } |
| 66 | |
| 67 | static void tz_ppc_irq_clear(void *opaque, int n, int level) |
| 68 | { |
| 69 | TZPPC *s = TZ_PPC(opaque); |
| 70 | |
| 71 | trace_tz_ppc_irq_clear(level); |
| 72 | |
| 73 | s->irq_clear = level; |
| 74 | if (level) { |
| 75 | s->irq_status = false; |
| 76 | tz_ppc_update_irq(s); |
| 77 | } |
| 78 | } |
| 79 | |
| 80 | static bool tz_ppc_check(TZPPC *s, int n, MemTxAttrs attrs) |
| 81 | { |
| 82 | /* Check whether to allow an access to port n; return true if |
| 83 | * the check passes, and false if the transaction must be blocked. |
| 84 | * If the latter, the caller must check cfg_sec_resp to determine |
| 85 | * whether to abort or RAZ/WI the transaction. |
| 86 | * The checks are: |
| 87 | * + nonsec_mask suppresses any check of the secure attribute |
| 88 | * + otherwise, block if cfg_nonsec is 1 and transaction is secure, |
| 89 | * or if cfg_nonsec is 0 and transaction is non-secure |
| 90 | * + block if transaction is usermode and cfg_ap is 0 |
| 91 | */ |
| 92 | if ((attrs.secure == s->cfg_nonsec[n] && !(s->nonsec_mask & (1 << n))) || |
| 93 | (attrs.user && !s->cfg_ap[n])) { |
| 94 | /* Block the transaction. */ |
| 95 | if (!s->irq_clear) { |
| 96 | /* Note that holding irq_clear high suppresses interrupts */ |
| 97 | s->irq_status = true; |
| 98 | tz_ppc_update_irq(s); |
| 99 | } |
| 100 | return false; |
| 101 | } |
| 102 | return true; |
| 103 | } |
| 104 | |
| 105 | static MemTxResult tz_ppc_read(void *opaque, hwaddr addr, uint64_t *pdata, |
| 106 | unsigned size, MemTxAttrs attrs) |
| 107 | { |
| 108 | TZPPCPort *p = opaque; |
| 109 | TZPPC *s = p->ppc; |
| 110 | int n = p - s->port; |
| 111 | AddressSpace *as = &p->downstream_as; |
| 112 | uint64_t data; |
| 113 | MemTxResult res; |
| 114 | |
| 115 | if (!tz_ppc_check(s, n, attrs)) { |
| 116 | trace_tz_ppc_read_blocked(n, addr, attrs.secure, attrs.user); |
| 117 | if (s->cfg_sec_resp) { |
| 118 | return MEMTX_ERROR; |
| 119 | } else { |
| 120 | *pdata = 0; |
| 121 | return MEMTX_OK; |
| 122 | } |
| 123 | } |
| 124 | |
| 125 | switch (size) { |
| 126 | case 1: |
| 127 | data = address_space_ldub(as, addr, attrs, &res); |
| 128 | break; |
| 129 | case 2: |
| 130 | data = address_space_lduw_le(as, addr, attrs, &res); |
| 131 | break; |
| 132 | case 4: |
| 133 | data = address_space_ldl_le(as, addr, attrs, &res); |
| 134 | break; |
| 135 | case 8: |
| 136 | data = address_space_ldq_le(as, addr, attrs, &res); |
| 137 | break; |
| 138 | default: |
| 139 | g_assert_not_reached(); |
| 140 | } |
| 141 | *pdata = data; |
| 142 | return res; |
| 143 | } |
| 144 | |
| 145 | static MemTxResult tz_ppc_write(void *opaque, hwaddr addr, uint64_t val, |
| 146 | unsigned size, MemTxAttrs attrs) |
| 147 | { |
| 148 | TZPPCPort *p = opaque; |
| 149 | TZPPC *s = p->ppc; |
| 150 | AddressSpace *as = &p->downstream_as; |
| 151 | int n = p - s->port; |
| 152 | MemTxResult res; |
| 153 | |
| 154 | if (!tz_ppc_check(s, n, attrs)) { |
| 155 | trace_tz_ppc_write_blocked(n, addr, attrs.secure, attrs.user); |
| 156 | if (s->cfg_sec_resp) { |
| 157 | return MEMTX_ERROR; |
| 158 | } else { |
| 159 | return MEMTX_OK; |
| 160 | } |
| 161 | } |
| 162 | |
| 163 | switch (size) { |
| 164 | case 1: |
| 165 | address_space_stb(as, addr, val, attrs, &res); |
| 166 | break; |
| 167 | case 2: |
| 168 | address_space_stw_le(as, addr, val, attrs, &res); |
| 169 | break; |
| 170 | case 4: |
| 171 | address_space_stl_le(as, addr, val, attrs, &res); |
| 172 | break; |
| 173 | case 8: |
| 174 | address_space_stq_le(as, addr, val, attrs, &res); |
| 175 | break; |
| 176 | default: |
| 177 | g_assert_not_reached(); |
| 178 | } |
| 179 | return res; |
| 180 | } |
| 181 | |
| 182 | static const MemoryRegionOps tz_ppc_ops = { |
| 183 | .read_with_attrs = tz_ppc_read, |
| 184 | .write_with_attrs = tz_ppc_write, |
| 185 | .endianness = DEVICE_LITTLE_ENDIAN, |
| 186 | }; |
| 187 | |
| 188 | static bool tz_ppc_dummy_accepts(void *opaque, hwaddr addr, |
| 189 | unsigned size, bool is_write, |
| 190 | MemTxAttrs attrs) |
| 191 | { |
| 192 | /* |
| 193 | * Board code should never map the upstream end of an unused port, |
| 194 | * so we should never try to make a memory access to it. |
| 195 | */ |
| 196 | g_assert_not_reached(); |
| 197 | } |
| 198 | |
| 199 | static const MemoryRegionOps tz_ppc_dummy_ops = { |
| 200 | .valid.accepts = tz_ppc_dummy_accepts, |
| 201 | }; |
| 202 | |
| 203 | static void tz_ppc_reset(DeviceState *dev) |
| 204 | { |
| 205 | TZPPC *s = TZ_PPC(dev); |
| 206 | |
| 207 | trace_tz_ppc_reset(); |
| 208 | s->cfg_sec_resp = false; |
| 209 | memset(s->cfg_nonsec, 0, sizeof(s->cfg_nonsec)); |
| 210 | memset(s->cfg_ap, 0, sizeof(s->cfg_ap)); |
| 211 | } |
| 212 | |
| 213 | static void tz_ppc_init(Object *obj) |
| 214 | { |
| 215 | DeviceState *dev = DEVICE(obj); |
| 216 | TZPPC *s = TZ_PPC(obj); |
| 217 | |
| 218 | qdev_init_gpio_in_named(dev, tz_ppc_cfg_nonsec, "cfg_nonsec", TZ_NUM_PORTS); |
| 219 | qdev_init_gpio_in_named(dev, tz_ppc_cfg_ap, "cfg_ap", TZ_NUM_PORTS); |
| 220 | qdev_init_gpio_in_named(dev, tz_ppc_cfg_sec_resp, "cfg_sec_resp", 1); |
| 221 | qdev_init_gpio_in_named(dev, tz_ppc_irq_enable, "irq_enable", 1); |
| 222 | qdev_init_gpio_in_named(dev, tz_ppc_irq_clear, "irq_clear", 1); |
| 223 | qdev_init_gpio_out_named(dev, &s->irq, "irq", 1); |
| 224 | } |
| 225 | |
| 226 | static void tz_ppc_realize(DeviceState *dev, Error **errp) |
| 227 | { |
| 228 | Object *obj = OBJECT(dev); |
| 229 | SysBusDevice *sbd = SYS_BUS_DEVICE(dev); |
| 230 | TZPPC *s = TZ_PPC(dev); |
| 231 | int i; |
| 232 | int max_port = 0; |
| 233 | |
| 234 | /* We can't create the upstream end of the port until realize, |
| 235 | * as we don't know the size of the MR used as the downstream until then. |
| 236 | */ |
| 237 | for (i = 0; i < TZ_NUM_PORTS; i++) { |
| 238 | if (s->port[i].downstream) { |
| 239 | max_port = i; |
| 240 | } |
| 241 | } |
| 242 | |
| 243 | for (i = 0; i <= max_port; i++) { |
| 244 | TZPPCPort *port = &s->port[i]; |
| 245 | char *name; |
| 246 | uint64_t size; |
| 247 | |
| 248 | if (!port->downstream) { |
| 249 | /* |
| 250 | * Create dummy sysbus MMIO region so the sysbus region |
| 251 | * numbering doesn't get out of sync with the port numbers. |
| 252 | * The size is entirely arbitrary. |
| 253 | */ |
| 254 | name = g_strdup_printf("tz-ppc-dummy-port[%d]", i); |
| 255 | memory_region_init_io(&port->upstream, obj, &tz_ppc_dummy_ops, |
| 256 | port, name, 0x10000); |
| 257 | sysbus_init_mmio(sbd, &port->upstream); |
| 258 | g_free(name); |
| 259 | continue; |
| 260 | } |
| 261 | |
| 262 | name = g_strdup_printf("tz-ppc-port[%d]", i); |
| 263 | |
| 264 | port->ppc = s; |
| 265 | address_space_init(&port->downstream_as, port->downstream, name); |
| 266 | |
| 267 | size = memory_region_size(port->downstream); |
| 268 | memory_region_init_io(&port->upstream, obj, &tz_ppc_ops, |
| 269 | port, name, size); |
| 270 | sysbus_init_mmio(sbd, &port->upstream); |
| 271 | g_free(name); |
| 272 | } |
| 273 | } |
| 274 | |
| 275 | static const VMStateDescription tz_ppc_vmstate = { |
| 276 | .name = "tz-ppc", |
| 277 | .version_id = 1, |
| 278 | .minimum_version_id = 1, |
| 279 | .fields = (VMStateField[]) { |
| 280 | VMSTATE_BOOL_ARRAY(cfg_nonsec, TZPPC, 16), |
| 281 | VMSTATE_BOOL_ARRAY(cfg_ap, TZPPC, 16), |
| 282 | VMSTATE_BOOL(cfg_sec_resp, TZPPC), |
| 283 | VMSTATE_BOOL(irq_enable, TZPPC), |
| 284 | VMSTATE_BOOL(irq_clear, TZPPC), |
| 285 | VMSTATE_BOOL(irq_status, TZPPC), |
| 286 | VMSTATE_END_OF_LIST() |
| 287 | } |
| 288 | }; |
| 289 | |
| 290 | #define DEFINE_PORT(N) \ |
| 291 | DEFINE_PROP_LINK("port[" #N "]", TZPPC, port[N].downstream, \ |
| 292 | TYPE_MEMORY_REGION, MemoryRegion *) |
| 293 | |
| 294 | static Property tz_ppc_properties[] = { |
| 295 | DEFINE_PROP_UINT32("NONSEC_MASK", TZPPC, nonsec_mask, 0), |
| 296 | DEFINE_PORT(0), |
| 297 | DEFINE_PORT(1), |
| 298 | DEFINE_PORT(2), |
| 299 | DEFINE_PORT(3), |
| 300 | DEFINE_PORT(4), |
| 301 | DEFINE_PORT(5), |
| 302 | DEFINE_PORT(6), |
| 303 | DEFINE_PORT(7), |
| 304 | DEFINE_PORT(8), |
| 305 | DEFINE_PORT(9), |
| 306 | DEFINE_PORT(10), |
| 307 | DEFINE_PORT(11), |
| 308 | DEFINE_PORT(12), |
| 309 | DEFINE_PORT(13), |
| 310 | DEFINE_PORT(14), |
| 311 | DEFINE_PORT(15), |
| 312 | DEFINE_PROP_END_OF_LIST(), |
| 313 | }; |
| 314 | |
| 315 | static void tz_ppc_class_init(ObjectClass *klass, void *data) |
| 316 | { |
| 317 | DeviceClass *dc = DEVICE_CLASS(klass); |
| 318 | |
| 319 | dc->realize = tz_ppc_realize; |
| 320 | dc->vmsd = &tz_ppc_vmstate; |
| 321 | dc->reset = tz_ppc_reset; |
| 322 | dc->props = tz_ppc_properties; |
| 323 | } |
| 324 | |
| 325 | static const TypeInfo tz_ppc_info = { |
| 326 | .name = TYPE_TZ_PPC, |
| 327 | .parent = TYPE_SYS_BUS_DEVICE, |
| 328 | .instance_size = sizeof(TZPPC), |
| 329 | .instance_init = tz_ppc_init, |
| 330 | .class_init = tz_ppc_class_init, |
| 331 | }; |
| 332 | |
| 333 | static void tz_ppc_register_types(void) |
| 334 | { |
| 335 | type_register_static(&tz_ppc_info); |
| 336 | } |
| 337 | |
| 338 | type_init(tz_ppc_register_types); |
| 339 |
Generated on 2019-Sep-06 from project qemu revision 4.1.50
Powered by 
Code Browser 2.1
Generator usage only permitted with license.