[qemu.git] / hw / misc / tz-msc.c

/*
 * ARM TrustZone master security controller emulation
 *
 * Copyright (c) 2018 Linaro Limited
 * Written by Peter Maydell
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 or
 * (at your option) any later version.
 */

#include "qemu/osdep.h"
#include "qemu/log.h"
#include "qapi/error.h"
#include "trace.h"
#include "hw/sysbus.h"
#include "hw/registerfields.h"
#include "hw/misc/tz-msc.h"

static void tz_msc_update_irq(TZMSC *s)
{
    bool level = s->irq_status;

    trace_tz_msc_update_irq(level);
    qemu_set_irq(s->irq, level);
}

static void tz_msc_cfg_nonsec(void *opaque, int n, int level)
{
    TZMSC *s = TZ_MSC(opaque);

    trace_tz_msc_cfg_nonsec(level);
    s->cfg_nonsec = level;
}

static void tz_msc_cfg_sec_resp(void *opaque, int n, int level)
{
    TZMSC *s = TZ_MSC(opaque);

    trace_tz_msc_cfg_sec_resp(level);
    s->cfg_sec_resp = level;
}

static void tz_msc_irq_clear(void *opaque, int n, int level)
{
    TZMSC *s = TZ_MSC(opaque);

    trace_tz_msc_irq_clear(level);

    s->irq_clear = level;
    if (level) {
        s->irq_status = false;
        tz_msc_update_irq(s);
    }
}

/* The MSC may either block a transaction by aborting it, block a
 * transaction by making it RAZ/WI, allow it through with
 * MemTxAttrs indicating a secure transaction, or allow it with
 * MemTxAttrs indicating a non-secure transaction.
 */
typedef enum MSCAction {
    MSCBlockAbort,
    MSCBlockRAZWI,
    MSCAllowSecure,
    MSCAllowNonSecure,
} MSCAction;

static MSCAction tz_msc_check(TZMSC *s, hwaddr addr)
{
    /*
     * Check whether to allow an access from the bus master, returning
     * an MSCAction indicating the required behaviour. If the transaction
     * is blocked, the caller must check cfg_sec_resp to determine
     * whether to abort or RAZ/WI the transaction.
     */
    IDAUInterfaceClass *iic = IDAU_INTERFACE_GET_CLASS(s->idau);
    IDAUInterface *ii = IDAU_INTERFACE(s->idau);
    bool idau_exempt = false, idau_ns = true, idau_nsc = true;
    int idau_region = IREGION_NOTVALID;

    iic->check(ii, addr, &idau_region, &idau_exempt, &idau_ns, &idau_nsc);

    if (idau_exempt) {
        /*
         * Uncheck region -- OK, transaction type depends on
         * whether bus master is configured as Secure or NonSecure
         */
        return s->cfg_nonsec ? MSCAllowNonSecure : MSCAllowSecure;
    }

    if (idau_ns) {
        /* NonSecure region -- always forward as NS transaction */
        return MSCAllowNonSecure;
    }

    if (!s->cfg_nonsec) {
        /* Access to Secure region by Secure bus master: OK */
        return MSCAllowSecure;
    }

    /* Attempted access to Secure region by NS bus master: block */
    trace_tz_msc_access_blocked(addr);
    if (!s->cfg_sec_resp) {
        return MSCBlockRAZWI;
    }

    /*
     * The TRM isn't clear on behaviour if irq_clear is high when a
     * transaction is blocked. We assume that the MSC behaves like the
     * PPC, where holding irq_clear high suppresses the interrupt.
     */
    if (!s->irq_clear) {
        s->irq_status = true;
        tz_msc_update_irq(s);
    }
    return MSCBlockAbort;
}

static MemTxResult tz_msc_read(void *opaque, hwaddr addr, uint64_t *pdata,
                               unsigned size, MemTxAttrs attrs)
{
    TZMSC *s = opaque;
    AddressSpace *as = &s->downstream_as;
    uint64_t data;
    MemTxResult res;

    switch (tz_msc_check(s, addr)) {
    case MSCBlockAbort:
        return MEMTX_ERROR;
    case MSCBlockRAZWI:
        *pdata = 0;
        return MEMTX_OK;
    case MSCAllowSecure:
        attrs.secure = 1;
        attrs.unspecified = 0;
        break;
    case MSCAllowNonSecure:
        attrs.secure = 0;
        attrs.unspecified = 0;
        break;
    }

    switch (size) {
    case 1:
        data = address_space_ldub(as, addr, attrs, &res);
        break;
    case 2:
        data = address_space_lduw_le(as, addr, attrs, &res);
        break;
    case 4:
        data = address_space_ldl_le(as, addr, attrs, &res);
        break;
    case 8:
        data = address_space_ldq_le(as, addr, attrs, &res);
        break;
    default:
        g_assert_not_reached();
    }
    *pdata = data;
    return res;
}

static MemTxResult tz_msc_write(void *opaque, hwaddr addr, uint64_t val,
                                unsigned size, MemTxAttrs attrs)
{
    TZMSC *s = opaque;
    AddressSpace *as = &s->downstream_as;
    MemTxResult res;

    switch (tz_msc_check(s, addr)) {
    case MSCBlockAbort:
        return MEMTX_ERROR;
    case MSCBlockRAZWI:
        return MEMTX_OK;
    case MSCAllowSecure:
        attrs.secure = 1;
        attrs.unspecified = 0;
        break;
    case MSCAllowNonSecure:
        attrs.secure = 0;
        attrs.unspecified = 0;
        break;
    }

    switch (size) {
    case 1:
        address_space_stb(as, addr, val, attrs, &res);
        break;
    case 2:
        address_space_stw_le(as, addr, val, attrs, &res);
        break;
    case 4:
        address_space_stl_le(as, addr, val, attrs, &res);
        break;
    case 8:
        address_space_stq_le(as, addr, val, attrs, &res);
        break;
    default:
        g_assert_not_reached();
    }
    return res;
}

static const MemoryRegionOps tz_msc_ops = {
    .read_with_attrs = tz_msc_read,
    .write_with_attrs = tz_msc_write,
    .endianness = DEVICE_LITTLE_ENDIAN,
};

static void tz_msc_reset(DeviceState *dev)
{
    TZMSC *s = TZ_MSC(dev);

    trace_tz_msc_reset();
    s->cfg_sec_resp = false;
    s->cfg_nonsec = false;
    s->irq_clear = 0;
    s->irq_status = 0;
}

static void tz_msc_init(Object *obj)
{
    DeviceState *dev = DEVICE(obj);
    TZMSC *s = TZ_MSC(obj);

    qdev_init_gpio_in_named(dev, tz_msc_cfg_nonsec, "cfg_nonsec", 1);
    qdev_init_gpio_in_named(dev, tz_msc_cfg_sec_resp, "cfg_sec_resp", 1);
    qdev_init_gpio_in_named(dev, tz_msc_irq_clear, "irq_clear", 1);
    qdev_init_gpio_out_named(dev, &s->irq, "irq", 1);
}

static void tz_msc_realize(DeviceState *dev, Error **errp)
{
    Object *obj = OBJECT(dev);
    SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
    TZMSC *s = TZ_MSC(dev);
    const char *name = "tz-msc-downstream";
    uint64_t size;

    /*
     * We can't create the upstream end of the port until realize,
     * as we don't know the size of the MR used as the downstream until then.
     * We insist on having a downstream, to avoid complicating the
     * code with handling the "don't know how big this is" case. It's easy
     * enough for the user to create an unimplemented_device as downstream
     * if they have nothing else to plug into this.
     */
    if (!s->downstream) {
        error_setg(errp, "MSC 'downstream' link not set");
        return;
    }
    if (!s->idau) {
        error_setg(errp, "MSC 'idau' link not set");
        return;
    }

    size = memory_region_size(s->downstream);
    address_space_init(&s->downstream_as, s->downstream, name);
    memory_region_init_io(&s->upstream, obj, &tz_msc_ops, s, name, size);
    sysbus_init_mmio(sbd, &s->upstream);
}

static const VMStateDescription tz_msc_vmstate = {
    .name = "tz-msc",
    .version_id = 1,
    .minimum_version_id = 1,
    .fields = (VMStateField[]) {
        VMSTATE_BOOL(cfg_nonsec, TZMSC),
        VMSTATE_BOOL(cfg_sec_resp, TZMSC),
        VMSTATE_BOOL(irq_clear, TZMSC),
        VMSTATE_BOOL(irq_status, TZMSC),
        VMSTATE_END_OF_LIST()
    }
};

static Property tz_msc_properties[] = {
    DEFINE_PROP_LINK("downstream", TZMSC, downstream,
                     TYPE_MEMORY_REGION, MemoryRegion *),
    DEFINE_PROP_LINK("idau", TZMSC, idau,
                     TYPE_IDAU_INTERFACE, IDAUInterface *),
    DEFINE_PROP_END_OF_LIST(),
};

static void tz_msc_class_init(ObjectClass *klass, void *data)
{
    DeviceClass *dc = DEVICE_CLASS(klass);

    dc->realize = tz_msc_realize;
    dc->vmsd = &tz_msc_vmstate;
    dc->reset = tz_msc_reset;
    dc->props = tz_msc_properties;
}

static const TypeInfo tz_msc_info = {
    .name = TYPE_TZ_MSC,
    .parent = TYPE_SYS_BUS_DEVICE,
    .instance_size = sizeof(TZMSC),
    .instance_init = tz_msc_init,
    .class_init = tz_msc_class_init,
};

static void tz_msc_register_types(void)
{
    type_register_static(&tz_msc_info);
}

type_init(tz_msc_register_types);
Commit	Line	Data
211e701d PM	1	/*
	2	* ARM TrustZone master security controller emulation
	3	*
	4	* Copyright (c) 2018 Linaro Limited
	5	* Written by Peter Maydell
	6	*
	7	* This program is free software; you can redistribute it and/or modify
	8	* it under the terms of the GNU General Public License version 2 or
	9	* (at your option) any later version.
	10	*/
	11
	12	#include "qemu/osdep.h"
	13	#include "qemu/log.h"
	14	#include "qapi/error.h"
	15	#include "trace.h"
	16	#include "hw/sysbus.h"
	17	#include "hw/registerfields.h"
	18	#include "hw/misc/tz-msc.h"
	19
	20	static void tz_msc_update_irq(TZMSC *s)
	21	{
	22	bool level = s->irq_status;
	23
	24	trace_tz_msc_update_irq(level);
	25	qemu_set_irq(s->irq, level);
	26	}
	27
	28	static void tz_msc_cfg_nonsec(void *opaque, int n, int level)
	29	{
	30	TZMSC *s = TZ_MSC(opaque);
	31
	32	trace_tz_msc_cfg_nonsec(level);
	33	s->cfg_nonsec = level;
	34	}
	35
	36	static void tz_msc_cfg_sec_resp(void *opaque, int n, int level)
	37	{
	38	TZMSC *s = TZ_MSC(opaque);
	39
	40	trace_tz_msc_cfg_sec_resp(level);
	41	s->cfg_sec_resp = level;
	42	}
	43
	44	static void tz_msc_irq_clear(void *opaque, int n, int level)
	45	{
	46	TZMSC *s = TZ_MSC(opaque);
	47
	48	trace_tz_msc_irq_clear(level);
	49
	50	s->irq_clear = level;
	51	if (level) {
	52	s->irq_status = false;
	53	tz_msc_update_irq(s);
	54	}
	55	}
	56
	57	/* The MSC may either block a transaction by aborting it, block a
	58	* transaction by making it RAZ/WI, allow it through with
	59	* MemTxAttrs indicating a secure transaction, or allow it with
	60	* MemTxAttrs indicating a non-secure transaction.
	61	*/
	62	typedef enum MSCAction {
	63	MSCBlockAbort,
	64	MSCBlockRAZWI,
65	MSCAllowSecure,
66	MSCAllowNonSecure,
67	} MSCAction;
68
69	static MSCAction tz_msc_check(TZMSC *s, hwaddr addr)
70	{
71	/*
72	* Check whether to allow an access from the bus master, returning
73	* an MSCAction indicating the required behaviour. If the transaction
74	* is blocked, the caller must check cfg_sec_resp to determine
75	* whether to abort or RAZ/WI the transaction.
76	*/
77	IDAUInterfaceClass *iic = IDAU_INTERFACE_GET_CLASS(s->idau);
78	IDAUInterface *ii = IDAU_INTERFACE(s->idau);
79	bool idau_exempt = false, idau_ns = true, idau_nsc = true;
80	int idau_region = IREGION_NOTVALID;
81
82	iic->check(ii, addr, &idau_region, &idau_exempt, &idau_ns, &idau_nsc);
83
84	if (idau_exempt) {
85	/*
86	* Uncheck region -- OK, transaction type depends on
87	* whether bus master is configured as Secure or NonSecure
88	*/
89	return s->cfg_nonsec ? MSCAllowNonSecure : MSCAllowSecure;
90	}
91
92	if (idau_ns) {
93	/* NonSecure region -- always forward as NS transaction */
94	return MSCAllowNonSecure;
95	}
96
97	if (!s->cfg_nonsec) {
98	/* Access to Secure region by Secure bus master: OK */
99	return MSCAllowSecure;
100	}
101
102	/* Attempted access to Secure region by NS bus master: block */
103	trace_tz_msc_access_blocked(addr);
104	if (!s->cfg_sec_resp) {
105	return MSCBlockRAZWI;
106	}
107
108	/*
109	* The TRM isn't clear on behaviour if irq_clear is high when a
110	* transaction is blocked. We assume that the MSC behaves like the
111	* PPC, where holding irq_clear high suppresses the interrupt.
112	*/
113	if (!s->irq_clear) {
114	s->irq_status = true;
115	tz_msc_update_irq(s);
116	}
117	return MSCBlockAbort;
118	}
119
120	static MemTxResult tz_msc_read(void opaque, hwaddr addr, uint64_t pdata,
121	unsigned size, MemTxAttrs attrs)
122	{
123	TZMSC *s = opaque;
124	AddressSpace *as = &s->downstream_as;
125	uint64_t data;
126	MemTxResult res;
127
128	switch (tz_msc_check(s, addr)) {
129	case MSCBlockAbort:
130	return MEMTX_ERROR;
131	case MSCBlockRAZWI:
132	*pdata = 0;
133	return MEMTX_OK;
134	case MSCAllowSecure:
135	attrs.secure = 1;
136	attrs.unspecified = 0;
137	break;
138	case MSCAllowNonSecure:
139	attrs.secure = 0;
140	attrs.unspecified = 0;
141	break;
142	}
143
144	switch (size) {
145	case 1:
146	data = address_space_ldub(as, addr, attrs, &res);
147	break;
148	case 2:
149	data = address_space_lduw_le(as, addr, attrs, &res);
150	break;
151	case 4:
152	data = address_space_ldl_le(as, addr, attrs, &res);
153	break;
154	case 8:
155	data = address_space_ldq_le(as, addr, attrs, &res);
156	break;
157	default:
158	g_assert_not_reached();
159	}
160	*pdata = data;
161	return res;
162	}
163
164	static MemTxResult tz_msc_write(void *opaque, hwaddr addr, uint64_t val,
165	unsigned size, MemTxAttrs attrs)
166	{
167	TZMSC *s = opaque;
168	AddressSpace *as = &s->downstream_as;
169	MemTxResult res;
170
171	switch (tz_msc_check(s, addr)) {
172	case MSCBlockAbort:
173	return MEMTX_ERROR;
174	case MSCBlockRAZWI:
175	return MEMTX_OK;
176	case MSCAllowSecure:
177	attrs.secure = 1;
178	attrs.unspecified = 0;
179	break;
180	case MSCAllowNonSecure:
181	attrs.secure = 0;
182	attrs.unspecified = 0;
183	break;
184	}
185
186	switch (size) {
187	case 1:
188	address_space_stb(as, addr, val, attrs, &res);
189	break;
190	case 2:
191	address_space_stw_le(as, addr, val, attrs, &res);
192	break;
193	case 4:
194	address_space_stl_le(as, addr, val, attrs, &res);
195	break;
196	case 8:
197	address_space_stq_le(as, addr, val, attrs, &res);
198	break;
199	default:
200	g_assert_not_reached();
201	}
202	return res;
203	}
204
205	static const MemoryRegionOps tz_msc_ops = {
206	.read_with_attrs = tz_msc_read,
207	.write_with_attrs = tz_msc_write,
208	.endianness = DEVICE_LITTLE_ENDIAN,
209	};
210
211	static void tz_msc_reset(DeviceState *dev)
212	{
213	TZMSC *s = TZ_MSC(dev);
214
215	trace_tz_msc_reset();
216	s->cfg_sec_resp = false;
217	s->cfg_nonsec = false;
218	s->irq_clear = 0;
219	s->irq_status = 0;
220	}
221
222	static void tz_msc_init(Object *obj)
223	{
224	DeviceState *dev = DEVICE(obj);
225	TZMSC *s = TZ_MSC(obj);
226
227	qdev_init_gpio_in_named(dev, tz_msc_cfg_nonsec, "cfg_nonsec", 1);
228	qdev_init_gpio_in_named(dev, tz_msc_cfg_sec_resp, "cfg_sec_resp", 1);
229	qdev_init_gpio_in_named(dev, tz_msc_irq_clear, "irq_clear", 1);
230	qdev_init_gpio_out_named(dev, &s->irq, "irq", 1);
231	}
232
233	static void tz_msc_realize(DeviceState dev, Error *errp)
234	{
235	Object *obj = OBJECT(dev);
236	SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
237	TZMSC *s = TZ_MSC(dev);
238	const char *name = "tz-msc-downstream";
239	uint64_t size;
240
241	/*
242	* We can't create the upstream end of the port until realize,
243	* as we don't know the size of the MR used as the downstream until then.
244	* We insist on having a downstream, to avoid complicating the
245	* code with handling the "don't know how big this is" case. It's easy
246	* enough for the user to create an unimplemented_device as downstream
247	* if they have nothing else to plug into this.
248	*/
249	if (!s->downstream) {
250	error_setg(errp, "MSC 'downstream' link not set");
251	return;
252	}
253	if (!s->idau) {
254	error_setg(errp, "MSC 'idau' link not set");
255	return;
256	}
257
258	size = memory_region_size(s->downstream);
259	address_space_init(&s->downstream_as, s->downstream, name);
260	memory_region_init_io(&s->upstream, obj, &tz_msc_ops, s, name, size);
261	sysbus_init_mmio(sbd, &s->upstream);
262	}
263
264	static const VMStateDescription tz_msc_vmstate = {
265	.name = "tz-msc",
266	.version_id = 1,
267	.minimum_version_id = 1,
268	.fields = (VMStateField[]) {
269	VMSTATE_BOOL(cfg_nonsec, TZMSC),
270	VMSTATE_BOOL(cfg_sec_resp, TZMSC),
271	VMSTATE_BOOL(irq_clear, TZMSC),
272	VMSTATE_BOOL(irq_status, TZMSC),
273	VMSTATE_END_OF_LIST()
274	}
275	};
276
277	static Property tz_msc_properties[] = {
278	DEFINE_PROP_LINK("downstream", TZMSC, downstream,
279	TYPE_MEMORY_REGION, MemoryRegion *),
280	DEFINE_PROP_LINK("idau", TZMSC, idau,
281	TYPE_IDAU_INTERFACE, IDAUInterface *),
282	DEFINE_PROP_END_OF_LIST(),
283	};
284
285	static void tz_msc_class_init(ObjectClass klass, void data)
286	{
287	DeviceClass *dc = DEVICE_CLASS(klass);
288
289	dc->realize = tz_msc_realize;
290	dc->vmsd = &tz_msc_vmstate;
291	dc->reset = tz_msc_reset;
292	dc->props = tz_msc_properties;
293	}
294
295	static const TypeInfo tz_msc_info = {
296	.name = TYPE_TZ_MSC,
297	.parent = TYPE_SYS_BUS_DEVICE,
298	.instance_size = sizeof(TZMSC),
299	.instance_init = tz_msc_init,
300	.class_init = tz_msc_class_init,
301	};
302
303	static void tz_msc_register_types(void)
304	{
305	type_register_static(&tz_msc_info);
306	}
307
308	type_init(tz_msc_register_types);