hw/misc/tz-msc.c

   1 /*
   2  * ARM TrustZone master security controller emulation
   3  *
   4  * Copyright (c) 2018 Linaro Limited
   5  * Written by Peter Maydell
   6  *
   7  * This program is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License version 2 or
   9  * (at your option) any later version.
  10  */
  11
  12 #include "qemu/osdep.h"
  13 #include "qemu/log.h"
  14 #include "qapi/error.h"
  15 #include "trace.h"
  16 #include "hw/sysbus.h"
  17 #include "hw/registerfields.h"
  18 #include "hw/misc/tz-msc.h"
  19
  20 static void tz_msc_update_irq(TZMSC *s)
  21 {
  22     bool level = s->irq_status;
  23
  24     trace_tz_msc_update_irq(level);
  25     qemu_set_irq(s->irq, level);
  26 }
  27
  28 static void tz_msc_cfg_nonsec(void *opaque, int n, int level)
  29 {
  30     TZMSC *s = TZ_MSC(opaque);
  31
  32     trace_tz_msc_cfg_nonsec(level);
  33     s->cfg_nonsec = level;
  34 }
  35
  36 static void tz_msc_cfg_sec_resp(void *opaque, int n, int level)
  37 {
  38     TZMSC *s = TZ_MSC(opaque);
  39
  40     trace_tz_msc_cfg_sec_resp(level);
  41     s->cfg_sec_resp = level;
  42 }
  43
  44 static void tz_msc_irq_clear(void *opaque, int n, int level)
  45 {
  46     TZMSC *s = TZ_MSC(opaque);
  47
  48     trace_tz_msc_irq_clear(level);
  49
  50     s->irq_clear = level;
  51     if (level) {
  52         s->irq_status = false;
  53         tz_msc_update_irq(s);
  54     }
  55 }
  56
  57 /* The MSC may either block a transaction by aborting it, block a
  58  * transaction by making it RAZ/WI, allow it through with
  59  * MemTxAttrs indicating a secure transaction, or allow it with
  60  * MemTxAttrs indicating a non-secure transaction.
  61  */
  62 typedef enum MSCAction {
  63     MSCBlockAbort,
  64     MSCBlockRAZWI,
  65     MSCAllowSecure,
  66     MSCAllowNonSecure,
  67 } MSCAction;
  68
  69 static MSCAction tz_msc_check(TZMSC *s, hwaddr addr)
  70 {
  71     /*
  72      * Check whether to allow an access from the bus master, returning
  73      * an MSCAction indicating the required behaviour. If the transaction
  74      * is blocked, the caller must check cfg_sec_resp to determine
  75      * whether to abort or RAZ/WI the transaction.
  76      */
  77     IDAUInterfaceClass *iic = IDAU_INTERFACE_GET_CLASS(s->idau);
  78     IDAUInterface *ii = IDAU_INTERFACE(s->idau);
  79     bool idau_exempt = false, idau_ns = true, idau_nsc = true;
  80     int idau_region = IREGION_NOTVALID;
  81
  82     iic->check(ii, addr, &idau_region, &idau_exempt, &idau_ns, &idau_nsc);
  83
  84     if (idau_exempt) {
  85         /*
  86          * Uncheck region -- OK, transaction type depends on
  87          * whether bus master is configured as Secure or NonSecure
  88          */
  89         return s->cfg_nonsec ? MSCAllowNonSecure : MSCAllowSecure;
  90     }
  91
  92     if (idau_ns) {
  93         /* NonSecure region -- always forward as NS transaction */
  94         return MSCAllowNonSecure;
  95     }
  96
  97     if (!s->cfg_nonsec) {
  98         /* Access to Secure region by Secure bus master: OK */
  99         return MSCAllowSecure;
 100     }
 101
 102     /* Attempted access to Secure region by NS bus master: block */
 103     trace_tz_msc_access_blocked(addr);
 104     if (!s->cfg_sec_resp) {
 105         return MSCBlockRAZWI;
 106     }
 107
 108     /*
 109      * The TRM isn't clear on behaviour if irq_clear is high when a
 110      * transaction is blocked. We assume that the MSC behaves like the
 111      * PPC, where holding irq_clear high suppresses the interrupt.
 112      */
 113     if (!s->irq_clear) {
 114         s->irq_status = true;
 115         tz_msc_update_irq(s);
 116     }
 117     return MSCBlockAbort;
 118 }
 119
 120 static MemTxResult tz_msc_read(void *opaque, hwaddr addr, uint64_t *pdata,
 121                                unsigned size, MemTxAttrs attrs)
 122 {
 123     TZMSC *s = opaque;
 124     AddressSpace *as = &s->downstream_as;
 125     uint64_t data;
 126     MemTxResult res;
 127
 128     switch (tz_msc_check(s, addr)) {
 129     case MSCBlockAbort:
 130         return MEMTX_ERROR;
 131     case MSCBlockRAZWI:
 132         *pdata = 0;
 133         return MEMTX_OK;
 134     case MSCAllowSecure:
 135         attrs.secure = 1;
 136         attrs.unspecified = 0;
 137         break;
 138     case MSCAllowNonSecure:
 139         attrs.secure = 0;
 140         attrs.unspecified = 0;
 141         break;
 142     }
 143
 144     switch (size) {
 145     case 1:
 146         data = address_space_ldub(as, addr, attrs, &res);
 147         break;
 148     case 2:
 149         data = address_space_lduw_le(as, addr, attrs, &res);
 150         break;
 151     case 4:
 152         data = address_space_ldl_le(as, addr, attrs, &res);
 153         break;
 154     case 8:
 155         data = address_space_ldq_le(as, addr, attrs, &res);
 156         break;
 157     default:
 158         g_assert_not_reached();
 159     }
 160     *pdata = data;
 161     return res;
 162 }
 163
 164 static MemTxResult tz_msc_write(void *opaque, hwaddr addr, uint64_t val,
 165                                 unsigned size, MemTxAttrs attrs)
 166 {
 167     TZMSC *s = opaque;
 168     AddressSpace *as = &s->downstream_as;
 169     MemTxResult res;
 170
 171     switch (tz_msc_check(s, addr)) {
 172     case MSCBlockAbort:
 173         return MEMTX_ERROR;
 174     case MSCBlockRAZWI:
 175         return MEMTX_OK;
 176     case MSCAllowSecure:
 177         attrs.secure = 1;
 178         attrs.unspecified = 0;
 179         break;
 180     case MSCAllowNonSecure:
 181         attrs.secure = 0;
 182         attrs.unspecified = 0;
 183         break;
 184     }
 185
 186     switch (size) {
 187     case 1:
 188         address_space_stb(as, addr, val, attrs, &res);
 189         break;
 190     case 2:
 191         address_space_stw_le(as, addr, val, attrs, &res);
 192         break;
 193     case 4:
 194         address_space_stl_le(as, addr, val, attrs, &res);
 195         break;
 196     case 8:
 197         address_space_stq_le(as, addr, val, attrs, &res);
 198         break;
 199     default:
 200         g_assert_not_reached();
 201     }
 202     return res;
 203 }
 204
 205 static const MemoryRegionOps tz_msc_ops = {
 206     .read_with_attrs = tz_msc_read,
 207     .write_with_attrs = tz_msc_write,
 208     .endianness = DEVICE_LITTLE_ENDIAN,
 209 };
 210
 211 static void tz_msc_reset(DeviceState *dev)
 212 {
 213     TZMSC *s = TZ_MSC(dev);
 214
 215     trace_tz_msc_reset();
 216     s->cfg_sec_resp = false;
 217     s->cfg_nonsec = false;
 218     s->irq_clear = 0;
 219     s->irq_status = 0;
 220 }
 221
 222 static void tz_msc_init(Object *obj)
 223 {
 224     DeviceState *dev = DEVICE(obj);
 225     TZMSC *s = TZ_MSC(obj);
 226
 227     qdev_init_gpio_in_named(dev, tz_msc_cfg_nonsec, "cfg_nonsec", 1);
 228     qdev_init_gpio_in_named(dev, tz_msc_cfg_sec_resp, "cfg_sec_resp", 1);
 229     qdev_init_gpio_in_named(dev, tz_msc_irq_clear, "irq_clear", 1);
 230     qdev_init_gpio_out_named(dev, &s->irq, "irq", 1);
 231 }
 232
 233 static void tz_msc_realize(DeviceState *dev, Error **errp)
 234 {
 235     Object *obj = OBJECT(dev);
 236     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 237     TZMSC *s = TZ_MSC(dev);
 238     const char *name = "tz-msc-downstream";
 239     uint64_t size;
 240
 241     /*
 242      * We can't create the upstream end of the port until realize,
 243      * as we don't know the size of the MR used as the downstream until then.
 244      * We insist on having a downstream, to avoid complicating the
 245      * code with handling the "don't know how big this is" case. It's easy
 246      * enough for the user to create an unimplemented_device as downstream
 247      * if they have nothing else to plug into this.
 248      */
 249     if (!s->downstream) {
 250         error_setg(errp, "MSC 'downstream' link not set");
 251         return;
 252     }
 253     if (!s->idau) {
 254         error_setg(errp, "MSC 'idau' link not set");
 255         return;
 256     }
 257
 258     size = memory_region_size(s->downstream);
 259     address_space_init(&s->downstream_as, s->downstream, name);
 260     memory_region_init_io(&s->upstream, obj, &tz_msc_ops, s, name, size);
 261     sysbus_init_mmio(sbd, &s->upstream);
 262 }
 263
 264 static const VMStateDescription tz_msc_vmstate = {
 265     .name = "tz-msc",
 266     .version_id = 1,
 267     .minimum_version_id = 1,
 268     .fields = (VMStateField[]) {
 269         VMSTATE_BOOL(cfg_nonsec, TZMSC),
 270         VMSTATE_BOOL(cfg_sec_resp, TZMSC),
 271         VMSTATE_BOOL(irq_clear, TZMSC),
 272         VMSTATE_BOOL(irq_status, TZMSC),
 273         VMSTATE_END_OF_LIST()
 274     }
 275 };
 276
 277 static Property tz_msc_properties[] = {
 278     DEFINE_PROP_LINK("downstream", TZMSC, downstream,
 279                      TYPE_MEMORY_REGION, MemoryRegion *),
 280     DEFINE_PROP_LINK("idau", TZMSC, idau,
 281                      TYPE_IDAU_INTERFACE, IDAUInterface *),
 282     DEFINE_PROP_END_OF_LIST(),
 283 };
 284
 285 static void tz_msc_class_init(ObjectClass *klass, void *data)
 286 {
 287     DeviceClass *dc = DEVICE_CLASS(klass);
 288
 289     dc->realize = tz_msc_realize;
 290     dc->vmsd = &tz_msc_vmstate;
 291     dc->reset = tz_msc_reset;
 292     dc->props = tz_msc_properties;
 293 }
 294
 295 static const TypeInfo tz_msc_info = {
 296     .name = TYPE_TZ_MSC,
 297     .parent = TYPE_SYS_BUS_DEVICE,
 298     .instance_size = sizeof(TZMSC),
 299     .instance_init = tz_msc_init,
 300     .class_init = tz_msc_class_init,
 301 };
 302
 303 static void tz_msc_register_types(void)
 304 {
 305     type_register_static(&tz_msc_info);
 306 }
 307
 308 type_init(tz_msc_register_types);