[qemu.git] / hw / misc / tz-msc.c

/*
 * ARM TrustZone master security controller emulation
 *
 * Copyright (c) 2018 Linaro Limited
 * Written by Peter Maydell
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 or
 * (at your option) any later version.
 */

#include "qemu/osdep.h"
#include "qemu/log.h"
#include "qemu/module.h"
#include "qapi/error.h"
#include "trace.h"
#include "hw/sysbus.h"
#include "hw/registerfields.h"
#include "hw/irq.h"
#include "hw/misc/tz-msc.h"

static void tz_msc_update_irq(TZMSC *s)
{
    bool level = s->irq_status;

    trace_tz_msc_update_irq(level);
    qemu_set_irq(s->irq, level);
}

static void tz_msc_cfg_nonsec(void *opaque, int n, int level)
{
    TZMSC *s = TZ_MSC(opaque);

    trace_tz_msc_cfg_nonsec(level);
    s->cfg_nonsec = level;
}

static void tz_msc_cfg_sec_resp(void *opaque, int n, int level)
{
    TZMSC *s = TZ_MSC(opaque);

    trace_tz_msc_cfg_sec_resp(level);
    s->cfg_sec_resp = level;
}

static void tz_msc_irq_clear(void *opaque, int n, int level)
{
    TZMSC *s = TZ_MSC(opaque);

    trace_tz_msc_irq_clear(level);

    s->irq_clear = level;
    if (level) {
        s->irq_status = false;
        tz_msc_update_irq(s);
    }
}

/* The MSC may either block a transaction by aborting it, block a
 * transaction by making it RAZ/WI, allow it through with
 * MemTxAttrs indicating a secure transaction, or allow it with
 * MemTxAttrs indicating a non-secure transaction.
 */
typedef enum MSCAction {
    MSCBlockAbort,
    MSCBlockRAZWI,
    MSCAllowSecure,
    MSCAllowNonSecure,
} MSCAction;

static MSCAction tz_msc_check(TZMSC *s, hwaddr addr)
{
    /*
     * Check whether to allow an access from the bus master, returning
     * an MSCAction indicating the required behaviour. If the transaction
     * is blocked, the caller must check cfg_sec_resp to determine
     * whether to abort or RAZ/WI the transaction.
     */
    IDAUInterfaceClass *iic = IDAU_INTERFACE_GET_CLASS(s->idau);
    IDAUInterface *ii = IDAU_INTERFACE(s->idau);
    bool idau_exempt = false, idau_ns = true, idau_nsc = true;
    int idau_region = IREGION_NOTVALID;

    iic->check(ii, addr, &idau_region, &idau_exempt, &idau_ns, &idau_nsc);

    if (idau_exempt) {
        /*
         * Uncheck region -- OK, transaction type depends on
         * whether bus master is configured as Secure or NonSecure
         */
        return s->cfg_nonsec ? MSCAllowNonSecure : MSCAllowSecure;
    }

    if (idau_ns) {
        /* NonSecure region -- always forward as NS transaction */
        return MSCAllowNonSecure;
    }

    if (!s->cfg_nonsec) {
        /* Access to Secure region by Secure bus master: OK */
        return MSCAllowSecure;
    }

    /* Attempted access to Secure region by NS bus master: block */
    trace_tz_msc_access_blocked(addr);
    if (!s->cfg_sec_resp) {
        return MSCBlockRAZWI;
    }

    /*
     * The TRM isn't clear on behaviour if irq_clear is high when a
     * transaction is blocked. We assume that the MSC behaves like the
     * PPC, where holding irq_clear high suppresses the interrupt.
     */
    if (!s->irq_clear) {
        s->irq_status = true;
        tz_msc_update_irq(s);
    }
    return MSCBlockAbort;
}

static MemTxResult tz_msc_read(void *opaque, hwaddr addr, uint64_t *pdata,
                               unsigned size, MemTxAttrs attrs)
{
    TZMSC *s = opaque;
    AddressSpace *as = &s->downstream_as;
    uint64_t data;
    MemTxResult res;

    switch (tz_msc_check(s, addr)) {
    case MSCBlockAbort:
        return MEMTX_ERROR;
    case MSCBlockRAZWI:
        *pdata = 0;
        return MEMTX_OK;
    case MSCAllowSecure:
        attrs.secure = 1;
        attrs.unspecified = 0;
        break;
    case MSCAllowNonSecure:
        attrs.secure = 0;
        attrs.unspecified = 0;
        break;
    }

    switch (size) {
    case 1:
        data = address_space_ldub(as, addr, attrs, &res);
        break;
    case 2:
        data = address_space_lduw_le(as, addr, attrs, &res);
        break;
    case 4:
        data = address_space_ldl_le(as, addr, attrs, &res);
        break;
    case 8:
        data = address_space_ldq_le(as, addr, attrs, &res);
        break;
    default:
        g_assert_not_reached();
    }
    *pdata = data;
    return res;
}

static MemTxResult tz_msc_write(void *opaque, hwaddr addr, uint64_t val,
                                unsigned size, MemTxAttrs attrs)
{
    TZMSC *s = opaque;
    AddressSpace *as = &s->downstream_as;
    MemTxResult res;

    switch (tz_msc_check(s, addr)) {
    case MSCBlockAbort:
        return MEMTX_ERROR;
    case MSCBlockRAZWI:
        return MEMTX_OK;
    case MSCAllowSecure:
        attrs.secure = 1;
        attrs.unspecified = 0;
        break;
    case MSCAllowNonSecure:
        attrs.secure = 0;
        attrs.unspecified = 0;
        break;
    }

    switch (size) {
    case 1:
        address_space_stb(as, addr, val, attrs, &res);
        break;
    case 2:
        address_space_stw_le(as, addr, val, attrs, &res);
        break;
    case 4:
        address_space_stl_le(as, addr, val, attrs, &res);
        break;
    case 8:
        address_space_stq_le(as, addr, val, attrs, &res);
        break;
    default:
        g_assert_not_reached();
    }
    return res;
}

static const MemoryRegionOps tz_msc_ops = {
    .read_with_attrs = tz_msc_read,
    .write_with_attrs = tz_msc_write,
    .endianness = DEVICE_LITTLE_ENDIAN,
};

static void tz_msc_reset(DeviceState *dev)
{
    TZMSC *s = TZ_MSC(dev);

    trace_tz_msc_reset();
    s->cfg_sec_resp = false;
    s->cfg_nonsec = false;
    s->irq_clear = 0;
    s->irq_status = 0;
}

static void tz_msc_init(Object *obj)
{
    DeviceState *dev = DEVICE(obj);
    TZMSC *s = TZ_MSC(obj);

    qdev_init_gpio_in_named(dev, tz_msc_cfg_nonsec, "cfg_nonsec", 1);
    qdev_init_gpio_in_named(dev, tz_msc_cfg_sec_resp, "cfg_sec_resp", 1);
    qdev_init_gpio_in_named(dev, tz_msc_irq_clear, "irq_clear", 1);
    qdev_init_gpio_out_named(dev, &s->irq, "irq", 1);
}

static void tz_msc_realize(DeviceState *dev, Error **errp)
{
    Object *obj = OBJECT(dev);
    SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
    TZMSC *s = TZ_MSC(dev);
    const char *name = "tz-msc-downstream";
    uint64_t size;

    /*
     * We can't create the upstream end of the port until realize,
     * as we don't know the size of the MR used as the downstream until then.
     * We insist on having a downstream, to avoid complicating the
     * code with handling the "don't know how big this is" case. It's easy
     * enough for the user to create an unimplemented_device as downstream
     * if they have nothing else to plug into this.
     */
    if (!s->downstream) {
        error_setg(errp, "MSC 'downstream' link not set");
        return;
    }
    if (!s->idau) {
        error_setg(errp, "MSC 'idau' link not set");
        return;
    }

    size = memory_region_size(s->downstream);
    address_space_init(&s->downstream_as, s->downstream, name);
    memory_region_init_io(&s->upstream, obj, &tz_msc_ops, s, name, size);
    sysbus_init_mmio(sbd, &s->upstream);
}

static const VMStateDescription tz_msc_vmstate = {
    .name = "tz-msc",
    .version_id = 1,
    .minimum_version_id = 1,
    .fields = (VMStateField[]) {
        VMSTATE_BOOL(cfg_nonsec, TZMSC),
        VMSTATE_BOOL(cfg_sec_resp, TZMSC),
        VMSTATE_BOOL(irq_clear, TZMSC),
        VMSTATE_BOOL(irq_status, TZMSC),
        VMSTATE_END_OF_LIST()
    }
};

static Property tz_msc_properties[] = {
    DEFINE_PROP_LINK("downstream", TZMSC, downstream,
                     TYPE_MEMORY_REGION, MemoryRegion *),
    DEFINE_PROP_LINK("idau", TZMSC, idau,
                     TYPE_IDAU_INTERFACE, IDAUInterface *),
    DEFINE_PROP_END_OF_LIST(),
};

static void tz_msc_class_init(ObjectClass *klass, void *data)
{
    DeviceClass *dc = DEVICE_CLASS(klass);

    dc->realize = tz_msc_realize;
    dc->vmsd = &tz_msc_vmstate;
    dc->reset = tz_msc_reset;
    dc->props = tz_msc_properties;
}

static const TypeInfo tz_msc_info = {
    .name = TYPE_TZ_MSC,
    .parent = TYPE_SYS_BUS_DEVICE,
    .instance_size = sizeof(TZMSC),
    .instance_init = tz_msc_init,
    .class_init = tz_msc_class_init,
};

static void tz_msc_register_types(void)
{
    type_register_static(&tz_msc_info);
}

type_init(tz_msc_register_types);
Commit	Line	Data
211e701d PM	1	/*
	2	* ARM TrustZone master security controller emulation
	3	*
	4	* Copyright (c) 2018 Linaro Limited
	5	* Written by Peter Maydell
	6	*
	7	* This program is free software; you can redistribute it and/or modify
	8	* it under the terms of the GNU General Public License version 2 or
	9	* (at your option) any later version.
	10	*/
	11
	12	#include "qemu/osdep.h"
	13	#include "qemu/log.h"
0b8fa32f	14	#include "qemu/module.h"
211e701d PM	15	#include "qapi/error.h"
	16	#include "trace.h"
	17	#include "hw/sysbus.h"
	18	#include "hw/registerfields.h"
64552b6b	19	#include "hw/irq.h"
211e701d PM	20	#include "hw/misc/tz-msc.h"
	21
	22	static void tz_msc_update_irq(TZMSC *s)
	23	{
	24	bool level = s->irq_status;
	25
	26	trace_tz_msc_update_irq(level);
	27	qemu_set_irq(s->irq, level);
	28	}
	29
	30	static void tz_msc_cfg_nonsec(void *opaque, int n, int level)
	31	{
	32	TZMSC *s = TZ_MSC(opaque);
	33
	34	trace_tz_msc_cfg_nonsec(level);
	35	s->cfg_nonsec = level;
	36	}
	37
	38	static void tz_msc_cfg_sec_resp(void *opaque, int n, int level)
	39	{
	40	TZMSC *s = TZ_MSC(opaque);
	41
	42	trace_tz_msc_cfg_sec_resp(level);
	43	s->cfg_sec_resp = level;
	44	}
	45
	46	static void tz_msc_irq_clear(void *opaque, int n, int level)
	47	{
	48	TZMSC *s = TZ_MSC(opaque);
	49
	50	trace_tz_msc_irq_clear(level);
	51
	52	s->irq_clear = level;
	53	if (level) {
	54	s->irq_status = false;
	55	tz_msc_update_irq(s);
	56	}
	57	}
	58
	59	/* The MSC may either block a transaction by aborting it, block a
	60	* transaction by making it RAZ/WI, allow it through with
	61	* MemTxAttrs indicating a secure transaction, or allow it with
	62	* MemTxAttrs indicating a non-secure transaction.
	63	*/
	64	typedef enum MSCAction {
	65	MSCBlockAbort,
	66	MSCBlockRAZWI,
	67	MSCAllowSecure,
	68	MSCAllowNonSecure,
	69	} MSCAction;
	70
	71	static MSCAction tz_msc_check(TZMSC *s, hwaddr addr)
	72	{
	73	/*
	74	* Check whether to allow an access from the bus master, returning
	75	* an MSCAction indicating the required behaviour. If the transaction
	76	* is blocked, the caller must check cfg_sec_resp to determine
	77	* whether to abort or RAZ/WI the transaction.
	78	*/
	79	IDAUInterfaceClass *iic = IDAU_INTERFACE_GET_CLASS(s->idau);
	80	IDAUInterface *ii = IDAU_INTERFACE(s->idau);
	81	bool idau_exempt = false, idau_ns = true, idau_nsc = true;
	82	int idau_region = IREGION_NOTVALID;
	83
84	iic->check(ii, addr, &idau_region, &idau_exempt, &idau_ns, &idau_nsc);
85
86	if (idau_exempt) {
87	/*
88	* Uncheck region -- OK, transaction type depends on
89	* whether bus master is configured as Secure or NonSecure
90	*/
91	return s->cfg_nonsec ? MSCAllowNonSecure : MSCAllowSecure;
92	}
93
94	if (idau_ns) {
95	/* NonSecure region -- always forward as NS transaction */
96	return MSCAllowNonSecure;
97	}
98
99	if (!s->cfg_nonsec) {
100	/* Access to Secure region by Secure bus master: OK */
101	return MSCAllowSecure;
102	}
103
104	/* Attempted access to Secure region by NS bus master: block */
105	trace_tz_msc_access_blocked(addr);
106	if (!s->cfg_sec_resp) {
107	return MSCBlockRAZWI;
108	}
109
110	/*
111	* The TRM isn't clear on behaviour if irq_clear is high when a
112	* transaction is blocked. We assume that the MSC behaves like the
113	* PPC, where holding irq_clear high suppresses the interrupt.
114	*/
115	if (!s->irq_clear) {
116	s->irq_status = true;
117	tz_msc_update_irq(s);
118	}
119	return MSCBlockAbort;
120	}
121
122	static MemTxResult tz_msc_read(void opaque, hwaddr addr, uint64_t pdata,
123	unsigned size, MemTxAttrs attrs)
124	{
125	TZMSC *s = opaque;
126	AddressSpace *as = &s->downstream_as;
127	uint64_t data;
128	MemTxResult res;
129
130	switch (tz_msc_check(s, addr)) {
131	case MSCBlockAbort:
132	return MEMTX_ERROR;
133	case MSCBlockRAZWI:
134	*pdata = 0;
135	return MEMTX_OK;
136	case MSCAllowSecure:
137	attrs.secure = 1;
138	attrs.unspecified = 0;
139	break;
140	case MSCAllowNonSecure:
141	attrs.secure = 0;
142	attrs.unspecified = 0;
143	break;
144	}
145
146	switch (size) {
147	case 1:
148	data = address_space_ldub(as, addr, attrs, &res);
149	break;
150	case 2:
151	data = address_space_lduw_le(as, addr, attrs, &res);
152	break;
153	case 4:
154	data = address_space_ldl_le(as, addr, attrs, &res);
155	break;
156	case 8:
157	data = address_space_ldq_le(as, addr, attrs, &res);
158	break;
159	default:
160	g_assert_not_reached();
161	}
162	*pdata = data;
163	return res;
164	}
165
166	static MemTxResult tz_msc_write(void *opaque, hwaddr addr, uint64_t val,
167	unsigned size, MemTxAttrs attrs)
168	{
169	TZMSC *s = opaque;
170	AddressSpace *as = &s->downstream_as;
171	MemTxResult res;
172
173	switch (tz_msc_check(s, addr)) {
174	case MSCBlockAbort:
175	return MEMTX_ERROR;
176	case MSCBlockRAZWI:
177	return MEMTX_OK;
178	case MSCAllowSecure:
179	attrs.secure = 1;
180	attrs.unspecified = 0;
181	break;
182	case MSCAllowNonSecure:
183	attrs.secure = 0;
184	attrs.unspecified = 0;
185	break;
186	}
187
188	switch (size) {
189	case 1:
190	address_space_stb(as, addr, val, attrs, &res);
191	break;
192	case 2:
193	address_space_stw_le(as, addr, val, attrs, &res);
194	break;
195	case 4:
196	address_space_stl_le(as, addr, val, attrs, &res);
197	break;
198	case 8:
199	address_space_stq_le(as, addr, val, attrs, &res);
200	break;
201	default:
202	g_assert_not_reached();
203	}
204	return res;
205	}
206
207	static const MemoryRegionOps tz_msc_ops = {
208	.read_with_attrs = tz_msc_read,
209	.write_with_attrs = tz_msc_write,
210	.endianness = DEVICE_LITTLE_ENDIAN,
211	};
212
213	static void tz_msc_reset(DeviceState *dev)
214	{
215	TZMSC *s = TZ_MSC(dev);
216
217	trace_tz_msc_reset();
218	s->cfg_sec_resp = false;
219	s->cfg_nonsec = false;
220	s->irq_clear = 0;
221	s->irq_status = 0;
222	}
223
224	static void tz_msc_init(Object *obj)
225	{
226	DeviceState *dev = DEVICE(obj);
227	TZMSC *s = TZ_MSC(obj);
228
229	qdev_init_gpio_in_named(dev, tz_msc_cfg_nonsec, "cfg_nonsec", 1);
230	qdev_init_gpio_in_named(dev, tz_msc_cfg_sec_resp, "cfg_sec_resp", 1);
231	qdev_init_gpio_in_named(dev, tz_msc_irq_clear, "irq_clear", 1);
232	qdev_init_gpio_out_named(dev, &s->irq, "irq", 1);
233	}
234
235	static void tz_msc_realize(DeviceState dev, Error *errp)
236	{
237	Object *obj = OBJECT(dev);
238	SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
239	TZMSC *s = TZ_MSC(dev);
240	const char *name = "tz-msc-downstream";
241	uint64_t size;
242
243	/*
244	* We can't create the upstream end of the port until realize,
245	* as we don't know the size of the MR used as the downstream until then.
246	* We insist on having a downstream, to avoid complicating the
247	* code with handling the "don't know how big this is" case. It's easy
248	* enough for the user to create an unimplemented_device as downstream
249	* if they have nothing else to plug into this.
250	*/
251	if (!s->downstream) {
252	error_setg(errp, "MSC 'downstream' link not set");
253	return;
254	}
255	if (!s->idau) {
256	error_setg(errp, "MSC 'idau' link not set");
257	return;
258	}
259
260	size = memory_region_size(s->downstream);
261	address_space_init(&s->downstream_as, s->downstream, name);
262	memory_region_init_io(&s->upstream, obj, &tz_msc_ops, s, name, size);
263	sysbus_init_mmio(sbd, &s->upstream);
264	}
265
266	static const VMStateDescription tz_msc_vmstate = {
267	.name = "tz-msc",
268	.version_id = 1,
269	.minimum_version_id = 1,
270	.fields = (VMStateField[]) {
271	VMSTATE_BOOL(cfg_nonsec, TZMSC),
272	VMSTATE_BOOL(cfg_sec_resp, TZMSC),
273	VMSTATE_BOOL(irq_clear, TZMSC),
274	VMSTATE_BOOL(irq_status, TZMSC),
275	VMSTATE_END_OF_LIST()
276	}
277	};
278
279	static Property tz_msc_properties[] = {
280	DEFINE_PROP_LINK("downstream", TZMSC, downstream,
281	TYPE_MEMORY_REGION, MemoryRegion *),
282	DEFINE_PROP_LINK("idau", TZMSC, idau,
283	TYPE_IDAU_INTERFACE, IDAUInterface *),
284	DEFINE_PROP_END_OF_LIST(),
285	};
286
287	static void tz_msc_class_init(ObjectClass klass, void data)
288	{
289	DeviceClass *dc = DEVICE_CLASS(klass);
290
291	dc->realize = tz_msc_realize;
292	dc->vmsd = &tz_msc_vmstate;
293	dc->reset = tz_msc_reset;
294	dc->props = tz_msc_properties;
295	}
296
297	static const TypeInfo tz_msc_info = {
298	.name = TYPE_TZ_MSC,
299	.parent = TYPE_SYS_BUS_DEVICE,
300	.instance_size = sizeof(TZMSC),
301	.instance_init = tz_msc_init,
302	.class_init = tz_msc_class_init,
303	};
304
305	static void tz_msc_register_types(void)
306	{
307	type_register_static(&tz_msc_info);
308	}
309
310	type_init(tz_msc_register_types);