hw/misc/tz-msc.c

   1 /*
   2  * ARM TrustZone master security controller emulation
   3  *
   4  * Copyright (c) 2018 Linaro Limited
   5  * Written by Peter Maydell
   6  *
   7  * This program is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License version 2 or
   9  * (at your option) any later version.
  10  */
  11
  12 #include "qemu/osdep.h"
  13 #include "qemu/log.h"
  14 #include "qemu/module.h"
  15 #include "qapi/error.h"
  16 #include "trace.h"
  17 #include "hw/sysbus.h"
  18 #include "hw/registerfields.h"
  19 #include "hw/misc/tz-msc.h"
  20
  21 static void tz_msc_update_irq(TZMSC *s)
  22 {
  23     bool level = s->irq_status;
  24
  25     trace_tz_msc_update_irq(level);
  26     qemu_set_irq(s->irq, level);
  27 }
  28
  29 static void tz_msc_cfg_nonsec(void *opaque, int n, int level)
  30 {
  31     TZMSC *s = TZ_MSC(opaque);
  32
  33     trace_tz_msc_cfg_nonsec(level);
  34     s->cfg_nonsec = level;
  35 }
  36
  37 static void tz_msc_cfg_sec_resp(void *opaque, int n, int level)
  38 {
  39     TZMSC *s = TZ_MSC(opaque);
  40
  41     trace_tz_msc_cfg_sec_resp(level);
  42     s->cfg_sec_resp = level;
  43 }
  44
  45 static void tz_msc_irq_clear(void *opaque, int n, int level)
  46 {
  47     TZMSC *s = TZ_MSC(opaque);
  48
  49     trace_tz_msc_irq_clear(level);
  50
  51     s->irq_clear = level;
  52     if (level) {
  53         s->irq_status = false;
  54         tz_msc_update_irq(s);
  55     }
  56 }
  57
  58 /* The MSC may either block a transaction by aborting it, block a
  59  * transaction by making it RAZ/WI, allow it through with
  60  * MemTxAttrs indicating a secure transaction, or allow it with
  61  * MemTxAttrs indicating a non-secure transaction.
  62  */
  63 typedef enum MSCAction {
  64     MSCBlockAbort,
  65     MSCBlockRAZWI,
  66     MSCAllowSecure,
  67     MSCAllowNonSecure,
  68 } MSCAction;
  69
  70 static MSCAction tz_msc_check(TZMSC *s, hwaddr addr)
  71 {
  72     /*
  73      * Check whether to allow an access from the bus master, returning
  74      * an MSCAction indicating the required behaviour. If the transaction
  75      * is blocked, the caller must check cfg_sec_resp to determine
  76      * whether to abort or RAZ/WI the transaction.
  77      */
  78     IDAUInterfaceClass *iic = IDAU_INTERFACE_GET_CLASS(s->idau);
  79     IDAUInterface *ii = IDAU_INTERFACE(s->idau);
  80     bool idau_exempt = false, idau_ns = true, idau_nsc = true;
  81     int idau_region = IREGION_NOTVALID;
  82
  83     iic->check(ii, addr, &idau_region, &idau_exempt, &idau_ns, &idau_nsc);
  84
  85     if (idau_exempt) {
  86         /*
  87          * Uncheck region -- OK, transaction type depends on
  88          * whether bus master is configured as Secure or NonSecure
  89          */
  90         return s->cfg_nonsec ? MSCAllowNonSecure : MSCAllowSecure;
  91     }
  92
  93     if (idau_ns) {
  94         /* NonSecure region -- always forward as NS transaction */
  95         return MSCAllowNonSecure;
  96     }
  97
  98     if (!s->cfg_nonsec) {
  99         /* Access to Secure region by Secure bus master: OK */
 100         return MSCAllowSecure;
 101     }
 102
 103     /* Attempted access to Secure region by NS bus master: block */
 104     trace_tz_msc_access_blocked(addr);
 105     if (!s->cfg_sec_resp) {
 106         return MSCBlockRAZWI;
 107     }
 108
 109     /*
 110      * The TRM isn't clear on behaviour if irq_clear is high when a
 111      * transaction is blocked. We assume that the MSC behaves like the
 112      * PPC, where holding irq_clear high suppresses the interrupt.
 113      */
 114     if (!s->irq_clear) {
 115         s->irq_status = true;
 116         tz_msc_update_irq(s);
 117     }
 118     return MSCBlockAbort;
 119 }
 120
 121 static MemTxResult tz_msc_read(void *opaque, hwaddr addr, uint64_t *pdata,
 122                                unsigned size, MemTxAttrs attrs)
 123 {
 124     TZMSC *s = opaque;
 125     AddressSpace *as = &s->downstream_as;
 126     uint64_t data;
 127     MemTxResult res;
 128
 129     switch (tz_msc_check(s, addr)) {
 130     case MSCBlockAbort:
 131         return MEMTX_ERROR;
 132     case MSCBlockRAZWI:
 133         *pdata = 0;
 134         return MEMTX_OK;
 135     case MSCAllowSecure:
 136         attrs.secure = 1;
 137         attrs.unspecified = 0;
 138         break;
 139     case MSCAllowNonSecure:
 140         attrs.secure = 0;
 141         attrs.unspecified = 0;
 142         break;
 143     }
 144
 145     switch (size) {
 146     case 1:
 147         data = address_space_ldub(as, addr, attrs, &res);
 148         break;
 149     case 2:
 150         data = address_space_lduw_le(as, addr, attrs, &res);
 151         break;
 152     case 4:
 153         data = address_space_ldl_le(as, addr, attrs, &res);
 154         break;
 155     case 8:
 156         data = address_space_ldq_le(as, addr, attrs, &res);
 157         break;
 158     default:
 159         g_assert_not_reached();
 160     }
 161     *pdata = data;
 162     return res;
 163 }
 164
 165 static MemTxResult tz_msc_write(void *opaque, hwaddr addr, uint64_t val,
 166                                 unsigned size, MemTxAttrs attrs)
 167 {
 168     TZMSC *s = opaque;
 169     AddressSpace *as = &s->downstream_as;
 170     MemTxResult res;
 171
 172     switch (tz_msc_check(s, addr)) {
 173     case MSCBlockAbort:
 174         return MEMTX_ERROR;
 175     case MSCBlockRAZWI:
 176         return MEMTX_OK;
 177     case MSCAllowSecure:
 178         attrs.secure = 1;
 179         attrs.unspecified = 0;
 180         break;
 181     case MSCAllowNonSecure:
 182         attrs.secure = 0;
 183         attrs.unspecified = 0;
 184         break;
 185     }
 186
 187     switch (size) {
 188     case 1:
 189         address_space_stb(as, addr, val, attrs, &res);
 190         break;
 191     case 2:
 192         address_space_stw_le(as, addr, val, attrs, &res);
 193         break;
 194     case 4:
 195         address_space_stl_le(as, addr, val, attrs, &res);
 196         break;
 197     case 8:
 198         address_space_stq_le(as, addr, val, attrs, &res);
 199         break;
 200     default:
 201         g_assert_not_reached();
 202     }
 203     return res;
 204 }
 205
 206 static const MemoryRegionOps tz_msc_ops = {
 207     .read_with_attrs = tz_msc_read,
 208     .write_with_attrs = tz_msc_write,
 209     .endianness = DEVICE_LITTLE_ENDIAN,
 210 };
 211
 212 static void tz_msc_reset(DeviceState *dev)
 213 {
 214     TZMSC *s = TZ_MSC(dev);
 215
 216     trace_tz_msc_reset();
 217     s->cfg_sec_resp = false;
 218     s->cfg_nonsec = false;
 219     s->irq_clear = 0;
 220     s->irq_status = 0;
 221 }
 222
 223 static void tz_msc_init(Object *obj)
 224 {
 225     DeviceState *dev = DEVICE(obj);
 226     TZMSC *s = TZ_MSC(obj);
 227
 228     qdev_init_gpio_in_named(dev, tz_msc_cfg_nonsec, "cfg_nonsec", 1);
 229     qdev_init_gpio_in_named(dev, tz_msc_cfg_sec_resp, "cfg_sec_resp", 1);
 230     qdev_init_gpio_in_named(dev, tz_msc_irq_clear, "irq_clear", 1);
 231     qdev_init_gpio_out_named(dev, &s->irq, "irq", 1);
 232 }
 233
 234 static void tz_msc_realize(DeviceState *dev, Error **errp)
 235 {
 236     Object *obj = OBJECT(dev);
 237     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 238     TZMSC *s = TZ_MSC(dev);
 239     const char *name = "tz-msc-downstream";
 240     uint64_t size;
 241
 242     /*
 243      * We can't create the upstream end of the port until realize,
 244      * as we don't know the size of the MR used as the downstream until then.
 245      * We insist on having a downstream, to avoid complicating the
 246      * code with handling the "don't know how big this is" case. It's easy
 247      * enough for the user to create an unimplemented_device as downstream
 248      * if they have nothing else to plug into this.
 249      */
 250     if (!s->downstream) {
 251         error_setg(errp, "MSC 'downstream' link not set");
 252         return;
 253     }
 254     if (!s->idau) {
 255         error_setg(errp, "MSC 'idau' link not set");
 256         return;
 257     }
 258
 259     size = memory_region_size(s->downstream);
 260     address_space_init(&s->downstream_as, s->downstream, name);
 261     memory_region_init_io(&s->upstream, obj, &tz_msc_ops, s, name, size);
 262     sysbus_init_mmio(sbd, &s->upstream);
 263 }
 264
 265 static const VMStateDescription tz_msc_vmstate = {
 266     .name = "tz-msc",
 267     .version_id = 1,
 268     .minimum_version_id = 1,
 269     .fields = (VMStateField[]) {
 270         VMSTATE_BOOL(cfg_nonsec, TZMSC),
 271         VMSTATE_BOOL(cfg_sec_resp, TZMSC),
 272         VMSTATE_BOOL(irq_clear, TZMSC),
 273         VMSTATE_BOOL(irq_status, TZMSC),
 274         VMSTATE_END_OF_LIST()
 275     }
 276 };
 277
 278 static Property tz_msc_properties[] = {
 279     DEFINE_PROP_LINK("downstream", TZMSC, downstream,
 280                      TYPE_MEMORY_REGION, MemoryRegion *),
 281     DEFINE_PROP_LINK("idau", TZMSC, idau,
 282                      TYPE_IDAU_INTERFACE, IDAUInterface *),
 283     DEFINE_PROP_END_OF_LIST(),
 284 };
 285
 286 static void tz_msc_class_init(ObjectClass *klass, void *data)
 287 {
 288     DeviceClass *dc = DEVICE_CLASS(klass);
 289
 290     dc->realize = tz_msc_realize;
 291     dc->vmsd = &tz_msc_vmstate;
 292     dc->reset = tz_msc_reset;
 293     dc->props = tz_msc_properties;
 294 }
 295
 296 static const TypeInfo tz_msc_info = {
 297     .name = TYPE_TZ_MSC,
 298     .parent = TYPE_SYS_BUS_DEVICE,
 299     .instance_size = sizeof(TZMSC),
 300     .instance_init = tz_msc_init,
 301     .class_init = tz_msc_class_init,
 302 };
 303
 304 static void tz_msc_register_types(void)
 305 {
 306     type_register_static(&tz_msc_info);
 307 }
 308
 309 type_init(tz_msc_register_types);