hw/misc/tz-msc.c

   1 /*
   2  * ARM TrustZone master security controller emulation
   3  *
   4  * Copyright (c) 2018 Linaro Limited
   5  * Written by Peter Maydell
   6  *
   7  * This program is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License version 2 or
   9  * (at your option) any later version.
  10  */
  11
  12 #include "qemu/osdep.h"
  13 #include "qemu/log.h"
  14 #include "qemu/module.h"
  15 #include "qapi/error.h"
  16 #include "trace.h"
  17 #include "hw/sysbus.h"
  18 #include "migration/vmstate.h"
  19 #include "hw/registerfields.h"
  20 #include "hw/irq.h"
  21 #include "hw/misc/tz-msc.h"
  22 #include "hw/qdev-properties.h"
  23
  24 static void tz_msc_update_irq(TZMSC *s)
  25 {
  26     bool level = s->irq_status;
  27
  28     trace_tz_msc_update_irq(level);
  29     qemu_set_irq(s->irq, level);
  30 }
  31
  32 static void tz_msc_cfg_nonsec(void *opaque, int n, int level)
  33 {
  34     TZMSC *s = TZ_MSC(opaque);
  35
  36     trace_tz_msc_cfg_nonsec(level);
  37     s->cfg_nonsec = level;
  38 }
  39
  40 static void tz_msc_cfg_sec_resp(void *opaque, int n, int level)
  41 {
  42     TZMSC *s = TZ_MSC(opaque);
  43
  44     trace_tz_msc_cfg_sec_resp(level);
  45     s->cfg_sec_resp = level;
  46 }
  47
  48 static void tz_msc_irq_clear(void *opaque, int n, int level)
  49 {
  50     TZMSC *s = TZ_MSC(opaque);
  51
  52     trace_tz_msc_irq_clear(level);
  53
  54     s->irq_clear = level;
  55     if (level) {
  56         s->irq_status = false;
  57         tz_msc_update_irq(s);
  58     }
  59 }
  60
  61 /* The MSC may either block a transaction by aborting it, block a
  62  * transaction by making it RAZ/WI, allow it through with
  63  * MemTxAttrs indicating a secure transaction, or allow it with
  64  * MemTxAttrs indicating a non-secure transaction.
  65  */
  66 typedef enum MSCAction {
  67     MSCBlockAbort,
  68     MSCBlockRAZWI,
  69     MSCAllowSecure,
  70     MSCAllowNonSecure,
  71 } MSCAction;
  72
  73 static MSCAction tz_msc_check(TZMSC *s, hwaddr addr)
  74 {
  75     /*
  76      * Check whether to allow an access from the bus master, returning
  77      * an MSCAction indicating the required behaviour. If the transaction
  78      * is blocked, the caller must check cfg_sec_resp to determine
  79      * whether to abort or RAZ/WI the transaction.
  80      */
  81     IDAUInterfaceClass *iic = IDAU_INTERFACE_GET_CLASS(s->idau);
  82     IDAUInterface *ii = IDAU_INTERFACE(s->idau);
  83     bool idau_exempt = false, idau_ns = true, idau_nsc = true;
  84     int idau_region = IREGION_NOTVALID;
  85
  86     iic->check(ii, addr, &idau_region, &idau_exempt, &idau_ns, &idau_nsc);
  87
  88     if (idau_exempt) {
  89         /*
  90          * Uncheck region -- OK, transaction type depends on
  91          * whether bus master is configured as Secure or NonSecure
  92          */
  93         return s->cfg_nonsec ? MSCAllowNonSecure : MSCAllowSecure;
  94     }
  95
  96     if (idau_ns) {
  97         /* NonSecure region -- always forward as NS transaction */
  98         return MSCAllowNonSecure;
  99     }
 100
 101     if (!s->cfg_nonsec) {
 102         /* Access to Secure region by Secure bus master: OK */
 103         return MSCAllowSecure;
 104     }
 105
 106     /* Attempted access to Secure region by NS bus master: block */
 107     trace_tz_msc_access_blocked(addr);
 108     if (!s->cfg_sec_resp) {
 109         return MSCBlockRAZWI;
 110     }
 111
 112     /*
 113      * The TRM isn't clear on behaviour if irq_clear is high when a
 114      * transaction is blocked. We assume that the MSC behaves like the
 115      * PPC, where holding irq_clear high suppresses the interrupt.
 116      */
 117     if (!s->irq_clear) {
 118         s->irq_status = true;
 119         tz_msc_update_irq(s);
 120     }
 121     return MSCBlockAbort;
 122 }
 123
 124 static MemTxResult tz_msc_read(void *opaque, hwaddr addr, uint64_t *pdata,
 125                                unsigned size, MemTxAttrs attrs)
 126 {
 127     TZMSC *s = opaque;
 128     AddressSpace *as = &s->downstream_as;
 129     uint64_t data;
 130     MemTxResult res;
 131
 132     switch (tz_msc_check(s, addr)) {
 133     case MSCBlockAbort:
 134         return MEMTX_ERROR;
 135     case MSCBlockRAZWI:
 136         *pdata = 0;
 137         return MEMTX_OK;
 138     case MSCAllowSecure:
 139         attrs.secure = 1;
 140         attrs.unspecified = 0;
 141         break;
 142     case MSCAllowNonSecure:
 143         attrs.secure = 0;
 144         attrs.unspecified = 0;
 145         break;
 146     }
 147
 148     switch (size) {
 149     case 1:
 150         data = address_space_ldub(as, addr, attrs, &res);
 151         break;
 152     case 2:
 153         data = address_space_lduw_le(as, addr, attrs, &res);
 154         break;
 155     case 4:
 156         data = address_space_ldl_le(as, addr, attrs, &res);
 157         break;
 158     case 8:
 159         data = address_space_ldq_le(as, addr, attrs, &res);
 160         break;
 161     default:
 162         g_assert_not_reached();
 163     }
 164     *pdata = data;
 165     return res;
 166 }
 167
 168 static MemTxResult tz_msc_write(void *opaque, hwaddr addr, uint64_t val,
 169                                 unsigned size, MemTxAttrs attrs)
 170 {
 171     TZMSC *s = opaque;
 172     AddressSpace *as = &s->downstream_as;
 173     MemTxResult res;
 174
 175     switch (tz_msc_check(s, addr)) {
 176     case MSCBlockAbort:
 177         return MEMTX_ERROR;
 178     case MSCBlockRAZWI:
 179         return MEMTX_OK;
 180     case MSCAllowSecure:
 181         attrs.secure = 1;
 182         attrs.unspecified = 0;
 183         break;
 184     case MSCAllowNonSecure:
 185         attrs.secure = 0;
 186         attrs.unspecified = 0;
 187         break;
 188     }
 189
 190     switch (size) {
 191     case 1:
 192         address_space_stb(as, addr, val, attrs, &res);
 193         break;
 194     case 2:
 195         address_space_stw_le(as, addr, val, attrs, &res);
 196         break;
 197     case 4:
 198         address_space_stl_le(as, addr, val, attrs, &res);
 199         break;
 200     case 8:
 201         address_space_stq_le(as, addr, val, attrs, &res);
 202         break;
 203     default:
 204         g_assert_not_reached();
 205     }
 206     return res;
 207 }
 208
 209 static const MemoryRegionOps tz_msc_ops = {
 210     .read_with_attrs = tz_msc_read,
 211     .write_with_attrs = tz_msc_write,
 212     .endianness = DEVICE_LITTLE_ENDIAN,
 213 };
 214
 215 static void tz_msc_reset(DeviceState *dev)
 216 {
 217     TZMSC *s = TZ_MSC(dev);
 218
 219     trace_tz_msc_reset();
 220     s->cfg_sec_resp = false;
 221     s->cfg_nonsec = false;
 222     s->irq_clear = 0;
 223     s->irq_status = 0;
 224 }
 225
 226 static void tz_msc_init(Object *obj)
 227 {
 228     DeviceState *dev = DEVICE(obj);
 229     TZMSC *s = TZ_MSC(obj);
 230
 231     qdev_init_gpio_in_named(dev, tz_msc_cfg_nonsec, "cfg_nonsec", 1);
 232     qdev_init_gpio_in_named(dev, tz_msc_cfg_sec_resp, "cfg_sec_resp", 1);
 233     qdev_init_gpio_in_named(dev, tz_msc_irq_clear, "irq_clear", 1);
 234     qdev_init_gpio_out_named(dev, &s->irq, "irq", 1);
 235 }
 236
 237 static void tz_msc_realize(DeviceState *dev, Error **errp)
 238 {
 239     Object *obj = OBJECT(dev);
 240     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 241     TZMSC *s = TZ_MSC(dev);
 242     const char *name = "tz-msc-downstream";
 243     uint64_t size;
 244
 245     /*
 246      * We can't create the upstream end of the port until realize,
 247      * as we don't know the size of the MR used as the downstream until then.
 248      * We insist on having a downstream, to avoid complicating the
 249      * code with handling the "don't know how big this is" case. It's easy
 250      * enough for the user to create an unimplemented_device as downstream
 251      * if they have nothing else to plug into this.
 252      */
 253     if (!s->downstream) {
 254         error_setg(errp, "MSC 'downstream' link not set");
 255         return;
 256     }
 257     if (!s->idau) {
 258         error_setg(errp, "MSC 'idau' link not set");
 259         return;
 260     }
 261
 262     size = memory_region_size(s->downstream);
 263     address_space_init(&s->downstream_as, s->downstream, name);
 264     memory_region_init_io(&s->upstream, obj, &tz_msc_ops, s, name, size);
 265     sysbus_init_mmio(sbd, &s->upstream);
 266 }
 267
 268 static const VMStateDescription tz_msc_vmstate = {
 269     .name = "tz-msc",
 270     .version_id = 1,
 271     .minimum_version_id = 1,
 272     .fields = (VMStateField[]) {
 273         VMSTATE_BOOL(cfg_nonsec, TZMSC),
 274         VMSTATE_BOOL(cfg_sec_resp, TZMSC),
 275         VMSTATE_BOOL(irq_clear, TZMSC),
 276         VMSTATE_BOOL(irq_status, TZMSC),
 277         VMSTATE_END_OF_LIST()
 278     }
 279 };
 280
 281 static Property tz_msc_properties[] = {
 282     DEFINE_PROP_LINK("downstream", TZMSC, downstream,
 283                      TYPE_MEMORY_REGION, MemoryRegion *),
 284     DEFINE_PROP_LINK("idau", TZMSC, idau,
 285                      TYPE_IDAU_INTERFACE, IDAUInterface *),
 286     DEFINE_PROP_END_OF_LIST(),
 287 };
 288
 289 static void tz_msc_class_init(ObjectClass *klass, void *data)
 290 {
 291     DeviceClass *dc = DEVICE_CLASS(klass);
 292
 293     dc->realize = tz_msc_realize;
 294     dc->vmsd = &tz_msc_vmstate;
 295     dc->reset = tz_msc_reset;
 296     device_class_set_props(dc, tz_msc_properties);
 297 }
 298
 299 static const TypeInfo tz_msc_info = {
 300     .name = TYPE_TZ_MSC,
 301     .parent = TYPE_SYS_BUS_DEVICE,
 302     .instance_size = sizeof(TZMSC),
 303     .instance_init = tz_msc_init,
 304     .class_init = tz_msc_class_init,
 305 };
 306
 307 static void tz_msc_register_types(void)
 308 {
 309     type_register_static(&tz_msc_info);
 310 }
 311
 312 type_init(tz_msc_register_types);