|  | /* | 
|  | * ARM TrustZone peripheral protection controller emulation | 
|  | * | 
|  | * Copyright (c) 2018 Linaro Limited | 
|  | * Written by Peter Maydell | 
|  | * | 
|  | * This program is free software; you can redistribute it and/or modify | 
|  | * it under the terms of the GNU General Public License version 2 or | 
|  | * (at your option) any later version. | 
|  | */ | 
|  |  | 
|  | #include "qemu/osdep.h" | 
|  | #include "qemu/log.h" | 
|  | #include "qemu/module.h" | 
|  | #include "qapi/error.h" | 
|  | #include "trace.h" | 
|  | #include "hw/sysbus.h" | 
|  | #include "migration/vmstate.h" | 
|  | #include "hw/registerfields.h" | 
|  | #include "hw/irq.h" | 
|  | #include "hw/misc/tz-ppc.h" | 
|  | #include "hw/qdev-properties.h" | 
|  |  | 
|  | static void tz_ppc_update_irq(TZPPC *s) | 
|  | { | 
|  | bool level = s->irq_status && s->irq_enable; | 
|  |  | 
|  | trace_tz_ppc_update_irq(level); | 
|  | qemu_set_irq(s->irq, level); | 
|  | } | 
|  |  | 
|  | static void tz_ppc_cfg_nonsec(void *opaque, int n, int level) | 
|  | { | 
|  | TZPPC *s = TZ_PPC(opaque); | 
|  |  | 
|  | assert(n < TZ_NUM_PORTS); | 
|  | trace_tz_ppc_cfg_nonsec(n, level); | 
|  | s->cfg_nonsec[n] = level; | 
|  | } | 
|  |  | 
|  | static void tz_ppc_cfg_ap(void *opaque, int n, int level) | 
|  | { | 
|  | TZPPC *s = TZ_PPC(opaque); | 
|  |  | 
|  | assert(n < TZ_NUM_PORTS); | 
|  | trace_tz_ppc_cfg_ap(n, level); | 
|  | s->cfg_ap[n] = level; | 
|  | } | 
|  |  | 
|  | static void tz_ppc_cfg_sec_resp(void *opaque, int n, int level) | 
|  | { | 
|  | TZPPC *s = TZ_PPC(opaque); | 
|  |  | 
|  | trace_tz_ppc_cfg_sec_resp(level); | 
|  | s->cfg_sec_resp = level; | 
|  | } | 
|  |  | 
|  | static void tz_ppc_irq_enable(void *opaque, int n, int level) | 
|  | { | 
|  | TZPPC *s = TZ_PPC(opaque); | 
|  |  | 
|  | trace_tz_ppc_irq_enable(level); | 
|  | s->irq_enable = level; | 
|  | tz_ppc_update_irq(s); | 
|  | } | 
|  |  | 
|  | static void tz_ppc_irq_clear(void *opaque, int n, int level) | 
|  | { | 
|  | TZPPC *s = TZ_PPC(opaque); | 
|  |  | 
|  | trace_tz_ppc_irq_clear(level); | 
|  |  | 
|  | s->irq_clear = level; | 
|  | if (level) { | 
|  | s->irq_status = false; | 
|  | tz_ppc_update_irq(s); | 
|  | } | 
|  | } | 
|  |  | 
|  | static bool tz_ppc_check(TZPPC *s, int n, MemTxAttrs attrs) | 
|  | { | 
|  | /* Check whether to allow an access to port n; return true if | 
|  | * the check passes, and false if the transaction must be blocked. | 
|  | * If the latter, the caller must check cfg_sec_resp to determine | 
|  | * whether to abort or RAZ/WI the transaction. | 
|  | * The checks are: | 
|  | *  + nonsec_mask suppresses any check of the secure attribute | 
|  | *  + otherwise, block if cfg_nonsec is 1 and transaction is secure, | 
|  | *    or if cfg_nonsec is 0 and transaction is non-secure | 
|  | *  + block if transaction is usermode and cfg_ap is 0 | 
|  | */ | 
|  | if ((attrs.secure == s->cfg_nonsec[n] && !(s->nonsec_mask & (1 << n))) || | 
|  | (attrs.user && !s->cfg_ap[n])) { | 
|  | /* Block the transaction. */ | 
|  | if (!s->irq_clear) { | 
|  | /* Note that holding irq_clear high suppresses interrupts */ | 
|  | s->irq_status = true; | 
|  | tz_ppc_update_irq(s); | 
|  | } | 
|  | return false; | 
|  | } | 
|  | return true; | 
|  | } | 
|  |  | 
|  | static MemTxResult tz_ppc_read(void *opaque, hwaddr addr, uint64_t *pdata, | 
|  | unsigned size, MemTxAttrs attrs) | 
|  | { | 
|  | TZPPCPort *p = opaque; | 
|  | TZPPC *s = p->ppc; | 
|  | int n = p - s->port; | 
|  | AddressSpace *as = &p->downstream_as; | 
|  | uint64_t data; | 
|  | MemTxResult res; | 
|  |  | 
|  | if (!tz_ppc_check(s, n, attrs)) { | 
|  | trace_tz_ppc_read_blocked(n, addr, attrs.secure, attrs.user); | 
|  | if (s->cfg_sec_resp) { | 
|  | return MEMTX_ERROR; | 
|  | } else { | 
|  | *pdata = 0; | 
|  | return MEMTX_OK; | 
|  | } | 
|  | } | 
|  |  | 
|  | switch (size) { | 
|  | case 1: | 
|  | data = address_space_ldub(as, addr, attrs, &res); | 
|  | break; | 
|  | case 2: | 
|  | data = address_space_lduw_le(as, addr, attrs, &res); | 
|  | break; | 
|  | case 4: | 
|  | data = address_space_ldl_le(as, addr, attrs, &res); | 
|  | break; | 
|  | case 8: | 
|  | data = address_space_ldq_le(as, addr, attrs, &res); | 
|  | break; | 
|  | default: | 
|  | g_assert_not_reached(); | 
|  | } | 
|  | *pdata = data; | 
|  | return res; | 
|  | } | 
|  |  | 
|  | static MemTxResult tz_ppc_write(void *opaque, hwaddr addr, uint64_t val, | 
|  | unsigned size, MemTxAttrs attrs) | 
|  | { | 
|  | TZPPCPort *p = opaque; | 
|  | TZPPC *s = p->ppc; | 
|  | AddressSpace *as = &p->downstream_as; | 
|  | int n = p - s->port; | 
|  | MemTxResult res; | 
|  |  | 
|  | if (!tz_ppc_check(s, n, attrs)) { | 
|  | trace_tz_ppc_write_blocked(n, addr, attrs.secure, attrs.user); | 
|  | if (s->cfg_sec_resp) { | 
|  | return MEMTX_ERROR; | 
|  | } else { | 
|  | return MEMTX_OK; | 
|  | } | 
|  | } | 
|  |  | 
|  | switch (size) { | 
|  | case 1: | 
|  | address_space_stb(as, addr, val, attrs, &res); | 
|  | break; | 
|  | case 2: | 
|  | address_space_stw_le(as, addr, val, attrs, &res); | 
|  | break; | 
|  | case 4: | 
|  | address_space_stl_le(as, addr, val, attrs, &res); | 
|  | break; | 
|  | case 8: | 
|  | address_space_stq_le(as, addr, val, attrs, &res); | 
|  | break; | 
|  | default: | 
|  | g_assert_not_reached(); | 
|  | } | 
|  | return res; | 
|  | } | 
|  |  | 
|  | static const MemoryRegionOps tz_ppc_ops = { | 
|  | .read_with_attrs = tz_ppc_read, | 
|  | .write_with_attrs = tz_ppc_write, | 
|  | .endianness = DEVICE_LITTLE_ENDIAN, | 
|  | }; | 
|  |  | 
|  | static bool tz_ppc_dummy_accepts(void *opaque, hwaddr addr, | 
|  | unsigned size, bool is_write, | 
|  | MemTxAttrs attrs) | 
|  | { | 
|  | /* | 
|  | * Board code should never map the upstream end of an unused port, | 
|  | * so we should never try to make a memory access to it. | 
|  | */ | 
|  | g_assert_not_reached(); | 
|  | } | 
|  |  | 
|  | static uint64_t tz_ppc_dummy_read(void *opaque, hwaddr addr, unsigned size) | 
|  | { | 
|  | g_assert_not_reached(); | 
|  | } | 
|  |  | 
|  | static void tz_ppc_dummy_write(void *opaque, hwaddr addr, | 
|  | uint64_t data, unsigned size) | 
|  | { | 
|  | g_assert_not_reached(); | 
|  | } | 
|  |  | 
|  | static const MemoryRegionOps tz_ppc_dummy_ops = { | 
|  | /* define r/w methods to avoid assert failure in memory_region_init_io */ | 
|  | .read = tz_ppc_dummy_read, | 
|  | .write = tz_ppc_dummy_write, | 
|  | .valid.accepts = tz_ppc_dummy_accepts, | 
|  | }; | 
|  |  | 
|  | static void tz_ppc_reset(DeviceState *dev) | 
|  | { | 
|  | TZPPC *s = TZ_PPC(dev); | 
|  |  | 
|  | trace_tz_ppc_reset(); | 
|  | s->cfg_sec_resp = false; | 
|  | memset(s->cfg_nonsec, 0, sizeof(s->cfg_nonsec)); | 
|  | memset(s->cfg_ap, 0, sizeof(s->cfg_ap)); | 
|  | } | 
|  |  | 
|  | static void tz_ppc_init(Object *obj) | 
|  | { | 
|  | DeviceState *dev = DEVICE(obj); | 
|  | TZPPC *s = TZ_PPC(obj); | 
|  |  | 
|  | qdev_init_gpio_in_named(dev, tz_ppc_cfg_nonsec, "cfg_nonsec", TZ_NUM_PORTS); | 
|  | qdev_init_gpio_in_named(dev, tz_ppc_cfg_ap, "cfg_ap", TZ_NUM_PORTS); | 
|  | qdev_init_gpio_in_named(dev, tz_ppc_cfg_sec_resp, "cfg_sec_resp", 1); | 
|  | qdev_init_gpio_in_named(dev, tz_ppc_irq_enable, "irq_enable", 1); | 
|  | qdev_init_gpio_in_named(dev, tz_ppc_irq_clear, "irq_clear", 1); | 
|  | qdev_init_gpio_out_named(dev, &s->irq, "irq", 1); | 
|  | } | 
|  |  | 
|  | static void tz_ppc_realize(DeviceState *dev, Error **errp) | 
|  | { | 
|  | Object *obj = OBJECT(dev); | 
|  | SysBusDevice *sbd = SYS_BUS_DEVICE(dev); | 
|  | TZPPC *s = TZ_PPC(dev); | 
|  | int i; | 
|  | int max_port = 0; | 
|  |  | 
|  | /* We can't create the upstream end of the port until realize, | 
|  | * as we don't know the size of the MR used as the downstream until then. | 
|  | */ | 
|  | for (i = 0; i < TZ_NUM_PORTS; i++) { | 
|  | if (s->port[i].downstream) { | 
|  | max_port = i; | 
|  | } | 
|  | } | 
|  |  | 
|  | for (i = 0; i <= max_port; i++) { | 
|  | TZPPCPort *port = &s->port[i]; | 
|  | char *name; | 
|  | uint64_t size; | 
|  |  | 
|  | if (!port->downstream) { | 
|  | /* | 
|  | * Create dummy sysbus MMIO region so the sysbus region | 
|  | * numbering doesn't get out of sync with the port numbers. | 
|  | * The size is entirely arbitrary. | 
|  | */ | 
|  | name = g_strdup_printf("tz-ppc-dummy-port[%d]", i); | 
|  | memory_region_init_io(&port->upstream, obj, &tz_ppc_dummy_ops, | 
|  | port, name, 0x10000); | 
|  | sysbus_init_mmio(sbd, &port->upstream); | 
|  | g_free(name); | 
|  | continue; | 
|  | } | 
|  |  | 
|  | name = g_strdup_printf("tz-ppc-port[%d]", i); | 
|  |  | 
|  | port->ppc = s; | 
|  | address_space_init(&port->downstream_as, port->downstream, name); | 
|  |  | 
|  | size = memory_region_size(port->downstream); | 
|  | memory_region_init_io(&port->upstream, obj, &tz_ppc_ops, | 
|  | port, name, size); | 
|  | sysbus_init_mmio(sbd, &port->upstream); | 
|  | g_free(name); | 
|  | } | 
|  | } | 
|  |  | 
|  | static const VMStateDescription tz_ppc_vmstate = { | 
|  | .name = "tz-ppc", | 
|  | .version_id = 1, | 
|  | .minimum_version_id = 1, | 
|  | .fields = (const VMStateField[]) { | 
|  | VMSTATE_BOOL_ARRAY(cfg_nonsec, TZPPC, 16), | 
|  | VMSTATE_BOOL_ARRAY(cfg_ap, TZPPC, 16), | 
|  | VMSTATE_BOOL(cfg_sec_resp, TZPPC), | 
|  | VMSTATE_BOOL(irq_enable, TZPPC), | 
|  | VMSTATE_BOOL(irq_clear, TZPPC), | 
|  | VMSTATE_BOOL(irq_status, TZPPC), | 
|  | VMSTATE_END_OF_LIST() | 
|  | } | 
|  | }; | 
|  |  | 
|  | #define DEFINE_PORT(N)                                          \ | 
|  | DEFINE_PROP_LINK("port[" #N "]", TZPPC, port[N].downstream, \ | 
|  | TYPE_MEMORY_REGION, MemoryRegion *) | 
|  |  | 
|  | static Property tz_ppc_properties[] = { | 
|  | DEFINE_PROP_UINT32("NONSEC_MASK", TZPPC, nonsec_mask, 0), | 
|  | DEFINE_PORT(0), | 
|  | DEFINE_PORT(1), | 
|  | DEFINE_PORT(2), | 
|  | DEFINE_PORT(3), | 
|  | DEFINE_PORT(4), | 
|  | DEFINE_PORT(5), | 
|  | DEFINE_PORT(6), | 
|  | DEFINE_PORT(7), | 
|  | DEFINE_PORT(8), | 
|  | DEFINE_PORT(9), | 
|  | DEFINE_PORT(10), | 
|  | DEFINE_PORT(11), | 
|  | DEFINE_PORT(12), | 
|  | DEFINE_PORT(13), | 
|  | DEFINE_PORT(14), | 
|  | DEFINE_PORT(15), | 
|  | DEFINE_PROP_END_OF_LIST(), | 
|  | }; | 
|  |  | 
|  | static void tz_ppc_class_init(ObjectClass *klass, void *data) | 
|  | { | 
|  | DeviceClass *dc = DEVICE_CLASS(klass); | 
|  |  | 
|  | dc->realize = tz_ppc_realize; | 
|  | dc->vmsd = &tz_ppc_vmstate; | 
|  | dc->reset = tz_ppc_reset; | 
|  | device_class_set_props(dc, tz_ppc_properties); | 
|  | } | 
|  |  | 
|  | static const TypeInfo tz_ppc_info = { | 
|  | .name = TYPE_TZ_PPC, | 
|  | .parent = TYPE_SYS_BUS_DEVICE, | 
|  | .instance_size = sizeof(TZPPC), | 
|  | .instance_init = tz_ppc_init, | 
|  | .class_init = tz_ppc_class_init, | 
|  | }; | 
|  |  | 
|  | static void tz_ppc_register_types(void) | 
|  | { | 
|  | type_register_static(&tz_ppc_info); | 
|  | } | 
|  |  | 
|  | type_init(tz_ppc_register_types); |