[thirdparty/qemu.git] / hw / misc / tz-msc.c

/*
 * ARM TrustZone master security controller emulation
 *
 * Copyright (c) 2018 Linaro Limited
 * Written by Peter Maydell
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 or
 * (at your option) any later version.
 */

#include "qemu/osdep.h"
#include "qemu/log.h"
#include "qemu/module.h"
#include "qapi/error.h"
#include "trace.h"
#include "hw/sysbus.h"
#include "hw/registerfields.h"
#include "hw/misc/tz-msc.h"

static void tz_msc_update_irq(TZMSC *s)
{
    bool level = s->irq_status;

    trace_tz_msc_update_irq(level);
    qemu_set_irq(s->irq, level);
}

static void tz_msc_cfg_nonsec(void *opaque, int n, int level)
{
    TZMSC *s = TZ_MSC(opaque);

    trace_tz_msc_cfg_nonsec(level);
    s->cfg_nonsec = level;
}

static void tz_msc_cfg_sec_resp(void *opaque, int n, int level)
{
    TZMSC *s = TZ_MSC(opaque);

    trace_tz_msc_cfg_sec_resp(level);
    s->cfg_sec_resp = level;
}

static void tz_msc_irq_clear(void *opaque, int n, int level)
{
    TZMSC *s = TZ_MSC(opaque);

    trace_tz_msc_irq_clear(level);

    s->irq_clear = level;
    if (level) {
        s->irq_status = false;
        tz_msc_update_irq(s);
    }
}

/* The MSC may either block a transaction by aborting it, block a
 * transaction by making it RAZ/WI, allow it through with
 * MemTxAttrs indicating a secure transaction, or allow it with
 * MemTxAttrs indicating a non-secure transaction.
 */
typedef enum MSCAction {
    MSCBlockAbort,
    MSCBlockRAZWI,
    MSCAllowSecure,
    MSCAllowNonSecure,
} MSCAction;

static MSCAction tz_msc_check(TZMSC *s, hwaddr addr)
{
    /*
     * Check whether to allow an access from the bus master, returning
     * an MSCAction indicating the required behaviour. If the transaction
     * is blocked, the caller must check cfg_sec_resp to determine
     * whether to abort or RAZ/WI the transaction.
     */
    IDAUInterfaceClass *iic = IDAU_INTERFACE_GET_CLASS(s->idau);
    IDAUInterface *ii = IDAU_INTERFACE(s->idau);
    bool idau_exempt = false, idau_ns = true, idau_nsc = true;
    int idau_region = IREGION_NOTVALID;

    iic->check(ii, addr, &idau_region, &idau_exempt, &idau_ns, &idau_nsc);

    if (idau_exempt) {
        /*
         * Uncheck region -- OK, transaction type depends on
         * whether bus master is configured as Secure or NonSecure
         */
        return s->cfg_nonsec ? MSCAllowNonSecure : MSCAllowSecure;
    }

    if (idau_ns) {
        /* NonSecure region -- always forward as NS transaction */
        return MSCAllowNonSecure;
    }

    if (!s->cfg_nonsec) {
        /* Access to Secure region by Secure bus master: OK */
        return MSCAllowSecure;
    }

    /* Attempted access to Secure region by NS bus master: block */
    trace_tz_msc_access_blocked(addr);
    if (!s->cfg_sec_resp) {
        return MSCBlockRAZWI;
    }

    /*
     * The TRM isn't clear on behaviour if irq_clear is high when a
     * transaction is blocked. We assume that the MSC behaves like the
     * PPC, where holding irq_clear high suppresses the interrupt.
     */
    if (!s->irq_clear) {
        s->irq_status = true;
        tz_msc_update_irq(s);
    }
    return MSCBlockAbort;
}

static MemTxResult tz_msc_read(void *opaque, hwaddr addr, uint64_t *pdata,
                               unsigned size, MemTxAttrs attrs)
{
    TZMSC *s = opaque;
    AddressSpace *as = &s->downstream_as;
    uint64_t data;
    MemTxResult res;

    switch (tz_msc_check(s, addr)) {
    case MSCBlockAbort:
        return MEMTX_ERROR;
    case MSCBlockRAZWI:
        *pdata = 0;
        return MEMTX_OK;
    case MSCAllowSecure:
        attrs.secure = 1;
        attrs.unspecified = 0;
        break;
    case MSCAllowNonSecure:
        attrs.secure = 0;
        attrs.unspecified = 0;
        break;
    }

    switch (size) {
    case 1:
        data = address_space_ldub(as, addr, attrs, &res);
        break;
    case 2:
        data = address_space_lduw_le(as, addr, attrs, &res);
        break;
    case 4:
        data = address_space_ldl_le(as, addr, attrs, &res);
        break;
    case 8:
        data = address_space_ldq_le(as, addr, attrs, &res);
        break;
    default:
        g_assert_not_reached();
    }
    *pdata = data;
    return res;
}

static MemTxResult tz_msc_write(void *opaque, hwaddr addr, uint64_t val,
                                unsigned size, MemTxAttrs attrs)
{
    TZMSC *s = opaque;
    AddressSpace *as = &s->downstream_as;
    MemTxResult res;

    switch (tz_msc_check(s, addr)) {
    case MSCBlockAbort:
        return MEMTX_ERROR;
    case MSCBlockRAZWI:
        return MEMTX_OK;
    case MSCAllowSecure:
        attrs.secure = 1;
        attrs.unspecified = 0;
        break;
    case MSCAllowNonSecure:
        attrs.secure = 0;
        attrs.unspecified = 0;
        break;
    }

    switch (size) {
    case 1:
        address_space_stb(as, addr, val, attrs, &res);
        break;
    case 2:
        address_space_stw_le(as, addr, val, attrs, &res);
        break;
    case 4:
        address_space_stl_le(as, addr, val, attrs, &res);
        break;
    case 8:
        address_space_stq_le(as, addr, val, attrs, &res);
        break;
    default:
        g_assert_not_reached();
    }
    return res;
}

static const MemoryRegionOps tz_msc_ops = {
    .read_with_attrs = tz_msc_read,
    .write_with_attrs = tz_msc_write,
    .endianness = DEVICE_LITTLE_ENDIAN,
};

static void tz_msc_reset(DeviceState *dev)
{
    TZMSC *s = TZ_MSC(dev);

    trace_tz_msc_reset();
    s->cfg_sec_resp = false;
    s->cfg_nonsec = false;
    s->irq_clear = 0;
    s->irq_status = 0;
}

static void tz_msc_init(Object *obj)
{
    DeviceState *dev = DEVICE(obj);
    TZMSC *s = TZ_MSC(obj);

    qdev_init_gpio_in_named(dev, tz_msc_cfg_nonsec, "cfg_nonsec", 1);
    qdev_init_gpio_in_named(dev, tz_msc_cfg_sec_resp, "cfg_sec_resp", 1);
    qdev_init_gpio_in_named(dev, tz_msc_irq_clear, "irq_clear", 1);
    qdev_init_gpio_out_named(dev, &s->irq, "irq", 1);
}

static void tz_msc_realize(DeviceState *dev, Error **errp)
{
    Object *obj = OBJECT(dev);
    SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
    TZMSC *s = TZ_MSC(dev);
    const char *name = "tz-msc-downstream";
    uint64_t size;

    /*
     * We can't create the upstream end of the port until realize,
     * as we don't know the size of the MR used as the downstream until then.
     * We insist on having a downstream, to avoid complicating the
     * code with handling the "don't know how big this is" case. It's easy
     * enough for the user to create an unimplemented_device as downstream
     * if they have nothing else to plug into this.
     */
    if (!s->downstream) {
        error_setg(errp, "MSC 'downstream' link not set");
        return;
    }
    if (!s->idau) {
        error_setg(errp, "MSC 'idau' link not set");
        return;
    }

    size = memory_region_size(s->downstream);
    address_space_init(&s->downstream_as, s->downstream, name);
    memory_region_init_io(&s->upstream, obj, &tz_msc_ops, s, name, size);
    sysbus_init_mmio(sbd, &s->upstream);
}

static const VMStateDescription tz_msc_vmstate = {
    .name = "tz-msc",
    .version_id = 1,
    .minimum_version_id = 1,
    .fields = (VMStateField[]) {
        VMSTATE_BOOL(cfg_nonsec, TZMSC),
        VMSTATE_BOOL(cfg_sec_resp, TZMSC),
        VMSTATE_BOOL(irq_clear, TZMSC),
        VMSTATE_BOOL(irq_status, TZMSC),
        VMSTATE_END_OF_LIST()
    }
};

static Property tz_msc_properties[] = {
    DEFINE_PROP_LINK("downstream", TZMSC, downstream,
                     TYPE_MEMORY_REGION, MemoryRegion *),
    DEFINE_PROP_LINK("idau", TZMSC, idau,
                     TYPE_IDAU_INTERFACE, IDAUInterface *),
    DEFINE_PROP_END_OF_LIST(),
};

static void tz_msc_class_init(ObjectClass *klass, void *data)
{
    DeviceClass *dc = DEVICE_CLASS(klass);

    dc->realize = tz_msc_realize;
    dc->vmsd = &tz_msc_vmstate;
    dc->reset = tz_msc_reset;
    dc->props = tz_msc_properties;
}

static const TypeInfo tz_msc_info = {
    .name = TYPE_TZ_MSC,
    .parent = TYPE_SYS_BUS_DEVICE,
    .instance_size = sizeof(TZMSC),
    .instance_init = tz_msc_init,
    .class_init = tz_msc_class_init,
};

static void tz_msc_register_types(void)
{
    type_register_static(&tz_msc_info);
}

type_init(tz_msc_register_types);
Commit	Line	Data
211e701d PM	1	/*
	2	* ARM TrustZone master security controller emulation
	3	*
	4	* Copyright (c) 2018 Linaro Limited
	5	* Written by Peter Maydell
	6	*
	7	* This program is free software; you can redistribute it and/or modify
	8	* it under the terms of the GNU General Public License version 2 or
	9	* (at your option) any later version.
	10	*/
	11
	12	#include "qemu/osdep.h"
	13	#include "qemu/log.h"
0b8fa32f	14	#include "qemu/module.h"
211e701d PM	15	#include "qapi/error.h"
	16	#include "trace.h"
	17	#include "hw/sysbus.h"
	18	#include "hw/registerfields.h"
	19	#include "hw/misc/tz-msc.h"
	20
	21	static void tz_msc_update_irq(TZMSC *s)
	22	{
	23	bool level = s->irq_status;
	24
	25	trace_tz_msc_update_irq(level);
	26	qemu_set_irq(s->irq, level);
	27	}
	28
	29	static void tz_msc_cfg_nonsec(void *opaque, int n, int level)
	30	{
	31	TZMSC *s = TZ_MSC(opaque);
	32
	33	trace_tz_msc_cfg_nonsec(level);
	34	s->cfg_nonsec = level;
	35	}
	36
	37	static void tz_msc_cfg_sec_resp(void *opaque, int n, int level)
	38	{
	39	TZMSC *s = TZ_MSC(opaque);
	40
	41	trace_tz_msc_cfg_sec_resp(level);
	42	s->cfg_sec_resp = level;
	43	}
	44
	45	static void tz_msc_irq_clear(void *opaque, int n, int level)
	46	{
	47	TZMSC *s = TZ_MSC(opaque);
	48
	49	trace_tz_msc_irq_clear(level);
	50
	51	s->irq_clear = level;
	52	if (level) {
	53	s->irq_status = false;
	54	tz_msc_update_irq(s);
	55	}
	56	}
	57
	58	/* The MSC may either block a transaction by aborting it, block a
	59	* transaction by making it RAZ/WI, allow it through with
	60	* MemTxAttrs indicating a secure transaction, or allow it with
	61	* MemTxAttrs indicating a non-secure transaction.
	62	*/
	63	typedef enum MSCAction {
	64	MSCBlockAbort,
	65	MSCBlockRAZWI,
	66	MSCAllowSecure,
	67	MSCAllowNonSecure,
	68	} MSCAction;
	69
	70	static MSCAction tz_msc_check(TZMSC *s, hwaddr addr)
	71	{
	72	/*
	73	* Check whether to allow an access from the bus master, returning
	74	* an MSCAction indicating the required behaviour. If the transaction
	75	* is blocked, the caller must check cfg_sec_resp to determine
	76	* whether to abort or RAZ/WI the transaction.
	77	*/
	78	IDAUInterfaceClass *iic = IDAU_INTERFACE_GET_CLASS(s->idau);
79	IDAUInterface *ii = IDAU_INTERFACE(s->idau);
80	bool idau_exempt = false, idau_ns = true, idau_nsc = true;
81	int idau_region = IREGION_NOTVALID;
82
83	iic->check(ii, addr, &idau_region, &idau_exempt, &idau_ns, &idau_nsc);
84
85	if (idau_exempt) {
86	/*
87	* Uncheck region -- OK, transaction type depends on
88	* whether bus master is configured as Secure or NonSecure
89	*/
90	return s->cfg_nonsec ? MSCAllowNonSecure : MSCAllowSecure;
91	}
92
93	if (idau_ns) {
94	/* NonSecure region -- always forward as NS transaction */
95	return MSCAllowNonSecure;
96	}
97
98	if (!s->cfg_nonsec) {
99	/* Access to Secure region by Secure bus master: OK */
100	return MSCAllowSecure;
101	}
102
103	/* Attempted access to Secure region by NS bus master: block */
104	trace_tz_msc_access_blocked(addr);
105	if (!s->cfg_sec_resp) {
106	return MSCBlockRAZWI;
107	}
108
109	/*
110	* The TRM isn't clear on behaviour if irq_clear is high when a
111	* transaction is blocked. We assume that the MSC behaves like the
112	* PPC, where holding irq_clear high suppresses the interrupt.
113	*/
114	if (!s->irq_clear) {
115	s->irq_status = true;
116	tz_msc_update_irq(s);
117	}
118	return MSCBlockAbort;
119	}
120
121	static MemTxResult tz_msc_read(void opaque, hwaddr addr, uint64_t pdata,
122	unsigned size, MemTxAttrs attrs)
123	{
124	TZMSC *s = opaque;
125	AddressSpace *as = &s->downstream_as;
126	uint64_t data;
127	MemTxResult res;
128
129	switch (tz_msc_check(s, addr)) {
130	case MSCBlockAbort:
131	return MEMTX_ERROR;
132	case MSCBlockRAZWI:
133	*pdata = 0;
134	return MEMTX_OK;
135	case MSCAllowSecure:
136	attrs.secure = 1;
137	attrs.unspecified = 0;
138	break;
139	case MSCAllowNonSecure:
140	attrs.secure = 0;
141	attrs.unspecified = 0;
142	break;
143	}
144
145	switch (size) {
146	case 1:
147	data = address_space_ldub(as, addr, attrs, &res);
148	break;
149	case 2:
150	data = address_space_lduw_le(as, addr, attrs, &res);
151	break;
152	case 4:
153	data = address_space_ldl_le(as, addr, attrs, &res);
154	break;
155	case 8:
156	data = address_space_ldq_le(as, addr, attrs, &res);
157	break;
158	default:
159	g_assert_not_reached();
160	}
161	*pdata = data;
162	return res;
163	}
164
165	static MemTxResult tz_msc_write(void *opaque, hwaddr addr, uint64_t val,
166	unsigned size, MemTxAttrs attrs)
167	{
168	TZMSC *s = opaque;
169	AddressSpace *as = &s->downstream_as;
170	MemTxResult res;
171
172	switch (tz_msc_check(s, addr)) {
173	case MSCBlockAbort:
174	return MEMTX_ERROR;
175	case MSCBlockRAZWI:
176	return MEMTX_OK;
177	case MSCAllowSecure:
178	attrs.secure = 1;
179	attrs.unspecified = 0;
180	break;
181	case MSCAllowNonSecure:
182	attrs.secure = 0;
183	attrs.unspecified = 0;
184	break;
185	}
186
187	switch (size) {
188	case 1:
189	address_space_stb(as, addr, val, attrs, &res);
190	break;
191	case 2:
192	address_space_stw_le(as, addr, val, attrs, &res);
193	break;
194	case 4:
195	address_space_stl_le(as, addr, val, attrs, &res);
196	break;
197	case 8:
198	address_space_stq_le(as, addr, val, attrs, &res);
199	break;
200	default:
201	g_assert_not_reached();
202	}
203	return res;
204	}
205
206	static const MemoryRegionOps tz_msc_ops = {
207	.read_with_attrs = tz_msc_read,
208	.write_with_attrs = tz_msc_write,
209	.endianness = DEVICE_LITTLE_ENDIAN,
210	};
211
212	static void tz_msc_reset(DeviceState *dev)
213	{
214	TZMSC *s = TZ_MSC(dev);
215
216	trace_tz_msc_reset();
217	s->cfg_sec_resp = false;
218	s->cfg_nonsec = false;
219	s->irq_clear = 0;
220	s->irq_status = 0;
221	}
222
223	static void tz_msc_init(Object *obj)
224	{
225	DeviceState *dev = DEVICE(obj);
226	TZMSC *s = TZ_MSC(obj);
227
228	qdev_init_gpio_in_named(dev, tz_msc_cfg_nonsec, "cfg_nonsec", 1);
229	qdev_init_gpio_in_named(dev, tz_msc_cfg_sec_resp, "cfg_sec_resp", 1);
230	qdev_init_gpio_in_named(dev, tz_msc_irq_clear, "irq_clear", 1);
231	qdev_init_gpio_out_named(dev, &s->irq, "irq", 1);
232	}
233
234	static void tz_msc_realize(DeviceState dev, Error *errp)
235	{
236	Object *obj = OBJECT(dev);
237	SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
238	TZMSC *s = TZ_MSC(dev);
239	const char *name = "tz-msc-downstream";
240	uint64_t size;
241
242	/*
243	* We can't create the upstream end of the port until realize,
244	* as we don't know the size of the MR used as the downstream until then.
245	* We insist on having a downstream, to avoid complicating the
246	* code with handling the "don't know how big this is" case. It's easy
247	* enough for the user to create an unimplemented_device as downstream
248	* if they have nothing else to plug into this.
249	*/
250	if (!s->downstream) {
251	error_setg(errp, "MSC 'downstream' link not set");
252	return;
253	}
254	if (!s->idau) {
255	error_setg(errp, "MSC 'idau' link not set");
256	return;
257	}
258
259	size = memory_region_size(s->downstream);
260	address_space_init(&s->downstream_as, s->downstream, name);
261	memory_region_init_io(&s->upstream, obj, &tz_msc_ops, s, name, size);
262	sysbus_init_mmio(sbd, &s->upstream);
263	}
264
265	static const VMStateDescription tz_msc_vmstate = {
266	.name = "tz-msc",
267	.version_id = 1,
268	.minimum_version_id = 1,
269	.fields = (VMStateField[]) {
270	VMSTATE_BOOL(cfg_nonsec, TZMSC),
271	VMSTATE_BOOL(cfg_sec_resp, TZMSC),
272	VMSTATE_BOOL(irq_clear, TZMSC),
273	VMSTATE_BOOL(irq_status, TZMSC),
274	VMSTATE_END_OF_LIST()
275	}
276	};
277
278	static Property tz_msc_properties[] = {
279	DEFINE_PROP_LINK("downstream", TZMSC, downstream,
280	TYPE_MEMORY_REGION, MemoryRegion *),
281	DEFINE_PROP_LINK("idau", TZMSC, idau,
282	TYPE_IDAU_INTERFACE, IDAUInterface *),
283	DEFINE_PROP_END_OF_LIST(),
284	};
285
286	static void tz_msc_class_init(ObjectClass klass, void data)
287	{
288	DeviceClass *dc = DEVICE_CLASS(klass);
289
290	dc->realize = tz_msc_realize;
291	dc->vmsd = &tz_msc_vmstate;
292	dc->reset = tz_msc_reset;
293	dc->props = tz_msc_properties;
294	}
295
296	static const TypeInfo tz_msc_info = {
297	.name = TYPE_TZ_MSC,
298	.parent = TYPE_SYS_BUS_DEVICE,
299	.instance_size = sizeof(TZMSC),
300	.instance_init = tz_msc_init,
301	.class_init = tz_msc_class_init,
302	};
303
304	static void tz_msc_register_types(void)
305	{
306	type_register_static(&tz_msc_info);
307	}
308
309	type_init(tz_msc_register_types);