1344f4b15SPeter Maydell /* 2344f4b15SPeter Maydell * ARM AHB5 TrustZone Memory Protection Controller emulation 3344f4b15SPeter Maydell * 4344f4b15SPeter Maydell * Copyright (c) 2018 Linaro Limited 5344f4b15SPeter Maydell * Written by Peter Maydell 6344f4b15SPeter Maydell * 7344f4b15SPeter Maydell * This program is free software; you can redistribute it and/or modify 8344f4b15SPeter Maydell * it under the terms of the GNU General Public License version 2 or 9344f4b15SPeter Maydell * (at your option) any later version. 10344f4b15SPeter Maydell */ 11344f4b15SPeter Maydell 12344f4b15SPeter Maydell #include "qemu/osdep.h" 13344f4b15SPeter Maydell #include "qemu/log.h" 140b8fa32fSMarkus Armbruster #include "qemu/module.h" 15344f4b15SPeter Maydell #include "qapi/error.h" 16344f4b15SPeter Maydell #include "trace.h" 17344f4b15SPeter Maydell #include "hw/sysbus.h" 18d6454270SMarkus Armbruster #include "migration/vmstate.h" 19344f4b15SPeter Maydell #include "hw/registerfields.h" 2064552b6bSMarkus Armbruster #include "hw/irq.h" 21344f4b15SPeter Maydell #include "hw/misc/tz-mpc.h" 22*a27bd6c7SMarkus Armbruster #include "hw/qdev-properties.h" 23344f4b15SPeter Maydell 24344f4b15SPeter Maydell /* Our IOMMU has two IOMMU indexes, one for secure transactions and one for 25344f4b15SPeter Maydell * non-secure transactions. 26344f4b15SPeter Maydell */ 27344f4b15SPeter Maydell enum { 28344f4b15SPeter Maydell IOMMU_IDX_S, 29344f4b15SPeter Maydell IOMMU_IDX_NS, 30344f4b15SPeter Maydell IOMMU_NUM_INDEXES, 31344f4b15SPeter Maydell }; 32344f4b15SPeter Maydell 33344f4b15SPeter Maydell /* Config registers */ 34344f4b15SPeter Maydell REG32(CTRL, 0x00) 35cdb60998SPeter Maydell FIELD(CTRL, SEC_RESP, 4, 1) 36cdb60998SPeter Maydell FIELD(CTRL, AUTOINC, 8, 1) 37cdb60998SPeter Maydell FIELD(CTRL, LOCKDOWN, 31, 1) 38344f4b15SPeter Maydell REG32(BLK_MAX, 0x10) 39344f4b15SPeter Maydell REG32(BLK_CFG, 0x14) 40344f4b15SPeter Maydell REG32(BLK_IDX, 0x18) 41344f4b15SPeter Maydell REG32(BLK_LUT, 0x1c) 42344f4b15SPeter Maydell REG32(INT_STAT, 0x20) 43cdb60998SPeter Maydell FIELD(INT_STAT, IRQ, 0, 1) 44344f4b15SPeter Maydell REG32(INT_CLEAR, 0x24) 45cdb60998SPeter Maydell FIELD(INT_CLEAR, IRQ, 0, 1) 46344f4b15SPeter Maydell REG32(INT_EN, 0x28) 47cdb60998SPeter Maydell FIELD(INT_EN, IRQ, 0, 1) 48344f4b15SPeter Maydell REG32(INT_INFO1, 0x2c) 49344f4b15SPeter Maydell REG32(INT_INFO2, 0x30) 5057c49a6eSPeter Maydell FIELD(INT_INFO2, HMASTER, 0, 16) 5157c49a6eSPeter Maydell FIELD(INT_INFO2, HNONSEC, 16, 1) 5257c49a6eSPeter Maydell FIELD(INT_INFO2, CFG_NS, 17, 1) 53344f4b15SPeter Maydell REG32(INT_SET, 0x34) 54cdb60998SPeter Maydell FIELD(INT_SET, IRQ, 0, 1) 55344f4b15SPeter Maydell REG32(PIDR4, 0xfd0) 56344f4b15SPeter Maydell REG32(PIDR5, 0xfd4) 57344f4b15SPeter Maydell REG32(PIDR6, 0xfd8) 58344f4b15SPeter Maydell REG32(PIDR7, 0xfdc) 59344f4b15SPeter Maydell REG32(PIDR0, 0xfe0) 60344f4b15SPeter Maydell REG32(PIDR1, 0xfe4) 61344f4b15SPeter Maydell REG32(PIDR2, 0xfe8) 62344f4b15SPeter Maydell REG32(PIDR3, 0xfec) 63344f4b15SPeter Maydell REG32(CIDR0, 0xff0) 64344f4b15SPeter Maydell REG32(CIDR1, 0xff4) 65344f4b15SPeter Maydell REG32(CIDR2, 0xff8) 66344f4b15SPeter Maydell REG32(CIDR3, 0xffc) 67344f4b15SPeter Maydell 68344f4b15SPeter Maydell static const uint8_t tz_mpc_idregs[] = { 69344f4b15SPeter Maydell 0x04, 0x00, 0x00, 0x00, 70344f4b15SPeter Maydell 0x60, 0xb8, 0x1b, 0x00, 71344f4b15SPeter Maydell 0x0d, 0xf0, 0x05, 0xb1, 72344f4b15SPeter Maydell }; 73344f4b15SPeter Maydell 74cdb60998SPeter Maydell static void tz_mpc_irq_update(TZMPC *s) 75cdb60998SPeter Maydell { 76cdb60998SPeter Maydell qemu_set_irq(s->irq, s->int_stat && s->int_en); 77cdb60998SPeter Maydell } 78cdb60998SPeter Maydell 79dd29d068SPeter Maydell static void tz_mpc_iommu_notify(TZMPC *s, uint32_t lutidx, 80dd29d068SPeter Maydell uint32_t oldlut, uint32_t newlut) 81dd29d068SPeter Maydell { 82dd29d068SPeter Maydell /* Called when the LUT word at lutidx has changed from oldlut to newlut; 83dd29d068SPeter Maydell * must call the IOMMU notifiers for the changed blocks. 84dd29d068SPeter Maydell */ 85dd29d068SPeter Maydell IOMMUTLBEntry entry = { 86dd29d068SPeter Maydell .addr_mask = s->blocksize - 1, 87dd29d068SPeter Maydell }; 88dd29d068SPeter Maydell hwaddr addr = lutidx * s->blocksize * 32; 89dd29d068SPeter Maydell int i; 90dd29d068SPeter Maydell 91dd29d068SPeter Maydell for (i = 0; i < 32; i++, addr += s->blocksize) { 92dd29d068SPeter Maydell bool block_is_ns; 93dd29d068SPeter Maydell 94dd29d068SPeter Maydell if (!((oldlut ^ newlut) & (1 << i))) { 95dd29d068SPeter Maydell continue; 96dd29d068SPeter Maydell } 97dd29d068SPeter Maydell /* This changes the mappings for both the S and the NS space, 98dd29d068SPeter Maydell * so we need to do four notifies: an UNMAP then a MAP for each. 99dd29d068SPeter Maydell */ 100dd29d068SPeter Maydell block_is_ns = newlut & (1 << i); 101dd29d068SPeter Maydell 102dd29d068SPeter Maydell trace_tz_mpc_iommu_notify(addr); 103dd29d068SPeter Maydell entry.iova = addr; 104dd29d068SPeter Maydell entry.translated_addr = addr; 105dd29d068SPeter Maydell 106dd29d068SPeter Maydell entry.perm = IOMMU_NONE; 107dd29d068SPeter Maydell memory_region_notify_iommu(&s->upstream, IOMMU_IDX_S, entry); 108dd29d068SPeter Maydell memory_region_notify_iommu(&s->upstream, IOMMU_IDX_NS, entry); 109dd29d068SPeter Maydell 110dd29d068SPeter Maydell entry.perm = IOMMU_RW; 111dd29d068SPeter Maydell if (block_is_ns) { 112dd29d068SPeter Maydell entry.target_as = &s->blocked_io_as; 113dd29d068SPeter Maydell } else { 114dd29d068SPeter Maydell entry.target_as = &s->downstream_as; 115dd29d068SPeter Maydell } 116dd29d068SPeter Maydell memory_region_notify_iommu(&s->upstream, IOMMU_IDX_S, entry); 117dd29d068SPeter Maydell if (block_is_ns) { 118dd29d068SPeter Maydell entry.target_as = &s->downstream_as; 119dd29d068SPeter Maydell } else { 120dd29d068SPeter Maydell entry.target_as = &s->blocked_io_as; 121dd29d068SPeter Maydell } 122dd29d068SPeter Maydell memory_region_notify_iommu(&s->upstream, IOMMU_IDX_NS, entry); 123dd29d068SPeter Maydell } 124dd29d068SPeter Maydell } 125dd29d068SPeter Maydell 126cdb60998SPeter Maydell static void tz_mpc_autoinc_idx(TZMPC *s, unsigned access_size) 127cdb60998SPeter Maydell { 128cdb60998SPeter Maydell /* Auto-increment BLK_IDX if necessary */ 129cdb60998SPeter Maydell if (access_size == 4 && (s->ctrl & R_CTRL_AUTOINC_MASK)) { 130cdb60998SPeter Maydell s->blk_idx++; 131cdb60998SPeter Maydell s->blk_idx %= s->blk_max; 132cdb60998SPeter Maydell } 133cdb60998SPeter Maydell } 134cdb60998SPeter Maydell 135344f4b15SPeter Maydell static MemTxResult tz_mpc_reg_read(void *opaque, hwaddr addr, 136344f4b15SPeter Maydell uint64_t *pdata, 137344f4b15SPeter Maydell unsigned size, MemTxAttrs attrs) 138344f4b15SPeter Maydell { 139cdb60998SPeter Maydell TZMPC *s = TZ_MPC(opaque); 140344f4b15SPeter Maydell uint64_t r; 141344f4b15SPeter Maydell uint32_t offset = addr & ~0x3; 142344f4b15SPeter Maydell 143344f4b15SPeter Maydell if (!attrs.secure && offset < A_PIDR4) { 144344f4b15SPeter Maydell /* NS accesses can only see the ID registers */ 145344f4b15SPeter Maydell qemu_log_mask(LOG_GUEST_ERROR, 146344f4b15SPeter Maydell "TZ MPC register read: NS access to offset 0x%x\n", 147344f4b15SPeter Maydell offset); 148344f4b15SPeter Maydell r = 0; 149344f4b15SPeter Maydell goto read_out; 150344f4b15SPeter Maydell } 151344f4b15SPeter Maydell 152344f4b15SPeter Maydell switch (offset) { 153cdb60998SPeter Maydell case A_CTRL: 154cdb60998SPeter Maydell r = s->ctrl; 155cdb60998SPeter Maydell break; 156cdb60998SPeter Maydell case A_BLK_MAX: 157619d54a8SPeter Maydell r = s->blk_max - 1; 158cdb60998SPeter Maydell break; 159cdb60998SPeter Maydell case A_BLK_CFG: 160cdb60998SPeter Maydell /* We are never in "init in progress state", so this just indicates 161cdb60998SPeter Maydell * the block size. s->blocksize == (1 << BLK_CFG + 5), so 162cdb60998SPeter Maydell * BLK_CFG == ctz32(s->blocksize) - 5 163cdb60998SPeter Maydell */ 164cdb60998SPeter Maydell r = ctz32(s->blocksize) - 5; 165cdb60998SPeter Maydell break; 166cdb60998SPeter Maydell case A_BLK_IDX: 167cdb60998SPeter Maydell r = s->blk_idx; 168cdb60998SPeter Maydell break; 169cdb60998SPeter Maydell case A_BLK_LUT: 170cdb60998SPeter Maydell r = s->blk_lut[s->blk_idx]; 171cdb60998SPeter Maydell tz_mpc_autoinc_idx(s, size); 172cdb60998SPeter Maydell break; 173cdb60998SPeter Maydell case A_INT_STAT: 174cdb60998SPeter Maydell r = s->int_stat; 175cdb60998SPeter Maydell break; 176cdb60998SPeter Maydell case A_INT_EN: 177cdb60998SPeter Maydell r = s->int_en; 178cdb60998SPeter Maydell break; 179cdb60998SPeter Maydell case A_INT_INFO1: 180cdb60998SPeter Maydell r = s->int_info1; 181cdb60998SPeter Maydell break; 182cdb60998SPeter Maydell case A_INT_INFO2: 183cdb60998SPeter Maydell r = s->int_info2; 184cdb60998SPeter Maydell break; 185344f4b15SPeter Maydell case A_PIDR4: 186344f4b15SPeter Maydell case A_PIDR5: 187344f4b15SPeter Maydell case A_PIDR6: 188344f4b15SPeter Maydell case A_PIDR7: 189344f4b15SPeter Maydell case A_PIDR0: 190344f4b15SPeter Maydell case A_PIDR1: 191344f4b15SPeter Maydell case A_PIDR2: 192344f4b15SPeter Maydell case A_PIDR3: 193344f4b15SPeter Maydell case A_CIDR0: 194344f4b15SPeter Maydell case A_CIDR1: 195344f4b15SPeter Maydell case A_CIDR2: 196344f4b15SPeter Maydell case A_CIDR3: 197344f4b15SPeter Maydell r = tz_mpc_idregs[(offset - A_PIDR4) / 4]; 198344f4b15SPeter Maydell break; 199344f4b15SPeter Maydell case A_INT_CLEAR: 200344f4b15SPeter Maydell case A_INT_SET: 201344f4b15SPeter Maydell qemu_log_mask(LOG_GUEST_ERROR, 202344f4b15SPeter Maydell "TZ MPC register read: write-only offset 0x%x\n", 203344f4b15SPeter Maydell offset); 204344f4b15SPeter Maydell r = 0; 205344f4b15SPeter Maydell break; 206344f4b15SPeter Maydell default: 207344f4b15SPeter Maydell qemu_log_mask(LOG_GUEST_ERROR, 208344f4b15SPeter Maydell "TZ MPC register read: bad offset 0x%x\n", offset); 209344f4b15SPeter Maydell r = 0; 210344f4b15SPeter Maydell break; 211344f4b15SPeter Maydell } 212344f4b15SPeter Maydell 213344f4b15SPeter Maydell if (size != 4) { 214344f4b15SPeter Maydell /* None of our registers are read-sensitive (except BLK_LUT, 215344f4b15SPeter Maydell * which can special case the "size not 4" case), so just 216344f4b15SPeter Maydell * pull the right bytes out of the word read result. 217344f4b15SPeter Maydell */ 218344f4b15SPeter Maydell r = extract32(r, (addr & 3) * 8, size * 8); 219344f4b15SPeter Maydell } 220344f4b15SPeter Maydell 221344f4b15SPeter Maydell read_out: 222344f4b15SPeter Maydell trace_tz_mpc_reg_read(addr, r, size); 223344f4b15SPeter Maydell *pdata = r; 224344f4b15SPeter Maydell return MEMTX_OK; 225344f4b15SPeter Maydell } 226344f4b15SPeter Maydell 227344f4b15SPeter Maydell static MemTxResult tz_mpc_reg_write(void *opaque, hwaddr addr, 228344f4b15SPeter Maydell uint64_t value, 229344f4b15SPeter Maydell unsigned size, MemTxAttrs attrs) 230344f4b15SPeter Maydell { 231cdb60998SPeter Maydell TZMPC *s = TZ_MPC(opaque); 232344f4b15SPeter Maydell uint32_t offset = addr & ~0x3; 233344f4b15SPeter Maydell 234344f4b15SPeter Maydell trace_tz_mpc_reg_write(addr, value, size); 235344f4b15SPeter Maydell 236344f4b15SPeter Maydell if (!attrs.secure && offset < A_PIDR4) { 237344f4b15SPeter Maydell /* NS accesses can only see the ID registers */ 238344f4b15SPeter Maydell qemu_log_mask(LOG_GUEST_ERROR, 239344f4b15SPeter Maydell "TZ MPC register write: NS access to offset 0x%x\n", 240344f4b15SPeter Maydell offset); 241344f4b15SPeter Maydell return MEMTX_OK; 242344f4b15SPeter Maydell } 243344f4b15SPeter Maydell 244344f4b15SPeter Maydell if (size != 4) { 245344f4b15SPeter Maydell /* Expand the byte or halfword write to a full word size. 246344f4b15SPeter Maydell * In most cases we can do this with zeroes; the exceptions 247344f4b15SPeter Maydell * are CTRL, BLK_IDX and BLK_LUT. 248344f4b15SPeter Maydell */ 249344f4b15SPeter Maydell uint32_t oldval; 250344f4b15SPeter Maydell 251344f4b15SPeter Maydell switch (offset) { 252cdb60998SPeter Maydell case A_CTRL: 253cdb60998SPeter Maydell oldval = s->ctrl; 254cdb60998SPeter Maydell break; 255cdb60998SPeter Maydell case A_BLK_IDX: 256cdb60998SPeter Maydell oldval = s->blk_idx; 257cdb60998SPeter Maydell break; 258cdb60998SPeter Maydell case A_BLK_LUT: 259cdb60998SPeter Maydell oldval = s->blk_lut[s->blk_idx]; 260cdb60998SPeter Maydell break; 261344f4b15SPeter Maydell default: 262344f4b15SPeter Maydell oldval = 0; 263344f4b15SPeter Maydell break; 264344f4b15SPeter Maydell } 265344f4b15SPeter Maydell value = deposit32(oldval, (addr & 3) * 8, size * 8, value); 266344f4b15SPeter Maydell } 267344f4b15SPeter Maydell 268cdb60998SPeter Maydell if ((s->ctrl & R_CTRL_LOCKDOWN_MASK) && 269cdb60998SPeter Maydell (offset == A_CTRL || offset == A_BLK_LUT || offset == A_INT_EN)) { 270cdb60998SPeter Maydell /* Lockdown mode makes these three registers read-only, and 271cdb60998SPeter Maydell * the only way out of it is to reset the device. 272cdb60998SPeter Maydell */ 273cdb60998SPeter Maydell qemu_log_mask(LOG_GUEST_ERROR, "TZ MPC register write to offset 0x%x " 274cdb60998SPeter Maydell "while MPC is in lockdown mode\n", offset); 275cdb60998SPeter Maydell return MEMTX_OK; 276cdb60998SPeter Maydell } 277cdb60998SPeter Maydell 278344f4b15SPeter Maydell switch (offset) { 279cdb60998SPeter Maydell case A_CTRL: 280cdb60998SPeter Maydell /* We don't implement the 'data gating' feature so all other bits 281cdb60998SPeter Maydell * are reserved and we make them RAZ/WI. 282cdb60998SPeter Maydell */ 283cdb60998SPeter Maydell s->ctrl = value & (R_CTRL_SEC_RESP_MASK | 284cdb60998SPeter Maydell R_CTRL_AUTOINC_MASK | 285cdb60998SPeter Maydell R_CTRL_LOCKDOWN_MASK); 286cdb60998SPeter Maydell break; 287cdb60998SPeter Maydell case A_BLK_IDX: 288cdb60998SPeter Maydell s->blk_idx = value % s->blk_max; 289cdb60998SPeter Maydell break; 290cdb60998SPeter Maydell case A_BLK_LUT: 291dd29d068SPeter Maydell tz_mpc_iommu_notify(s, s->blk_idx, s->blk_lut[s->blk_idx], value); 292cdb60998SPeter Maydell s->blk_lut[s->blk_idx] = value; 293cdb60998SPeter Maydell tz_mpc_autoinc_idx(s, size); 294cdb60998SPeter Maydell break; 295cdb60998SPeter Maydell case A_INT_CLEAR: 296cdb60998SPeter Maydell if (value & R_INT_CLEAR_IRQ_MASK) { 297cdb60998SPeter Maydell s->int_stat = 0; 298cdb60998SPeter Maydell tz_mpc_irq_update(s); 299cdb60998SPeter Maydell } 300cdb60998SPeter Maydell break; 301cdb60998SPeter Maydell case A_INT_EN: 302cdb60998SPeter Maydell s->int_en = value & R_INT_EN_IRQ_MASK; 303cdb60998SPeter Maydell tz_mpc_irq_update(s); 304cdb60998SPeter Maydell break; 305cdb60998SPeter Maydell case A_INT_SET: 306cdb60998SPeter Maydell if (value & R_INT_SET_IRQ_MASK) { 307cdb60998SPeter Maydell s->int_stat = R_INT_STAT_IRQ_MASK; 308cdb60998SPeter Maydell tz_mpc_irq_update(s); 309cdb60998SPeter Maydell } 310cdb60998SPeter Maydell break; 311344f4b15SPeter Maydell case A_PIDR4: 312344f4b15SPeter Maydell case A_PIDR5: 313344f4b15SPeter Maydell case A_PIDR6: 314344f4b15SPeter Maydell case A_PIDR7: 315344f4b15SPeter Maydell case A_PIDR0: 316344f4b15SPeter Maydell case A_PIDR1: 317344f4b15SPeter Maydell case A_PIDR2: 318344f4b15SPeter Maydell case A_PIDR3: 319344f4b15SPeter Maydell case A_CIDR0: 320344f4b15SPeter Maydell case A_CIDR1: 321344f4b15SPeter Maydell case A_CIDR2: 322344f4b15SPeter Maydell case A_CIDR3: 323344f4b15SPeter Maydell qemu_log_mask(LOG_GUEST_ERROR, 324344f4b15SPeter Maydell "TZ MPC register write: read-only offset 0x%x\n", offset); 325344f4b15SPeter Maydell break; 326344f4b15SPeter Maydell default: 327344f4b15SPeter Maydell qemu_log_mask(LOG_GUEST_ERROR, 328344f4b15SPeter Maydell "TZ MPC register write: bad offset 0x%x\n", offset); 329344f4b15SPeter Maydell break; 330344f4b15SPeter Maydell } 331344f4b15SPeter Maydell 332344f4b15SPeter Maydell return MEMTX_OK; 333344f4b15SPeter Maydell } 334344f4b15SPeter Maydell 335344f4b15SPeter Maydell static const MemoryRegionOps tz_mpc_reg_ops = { 336344f4b15SPeter Maydell .read_with_attrs = tz_mpc_reg_read, 337344f4b15SPeter Maydell .write_with_attrs = tz_mpc_reg_write, 338344f4b15SPeter Maydell .endianness = DEVICE_LITTLE_ENDIAN, 339344f4b15SPeter Maydell .valid.min_access_size = 1, 340344f4b15SPeter Maydell .valid.max_access_size = 4, 341344f4b15SPeter Maydell .impl.min_access_size = 1, 342344f4b15SPeter Maydell .impl.max_access_size = 4, 343344f4b15SPeter Maydell }; 344344f4b15SPeter Maydell 34557c49a6eSPeter Maydell static inline bool tz_mpc_cfg_ns(TZMPC *s, hwaddr addr) 34657c49a6eSPeter Maydell { 34757c49a6eSPeter Maydell /* Return the cfg_ns bit from the LUT for the specified address */ 34857c49a6eSPeter Maydell hwaddr blknum = addr / s->blocksize; 34957c49a6eSPeter Maydell hwaddr blkword = blknum / 32; 35057c49a6eSPeter Maydell uint32_t blkbit = 1U << (blknum % 32); 35157c49a6eSPeter Maydell 35257c49a6eSPeter Maydell /* This would imply the address was larger than the size we 35357c49a6eSPeter Maydell * defined this memory region to be, so it can't happen. 35457c49a6eSPeter Maydell */ 35557c49a6eSPeter Maydell assert(blkword < s->blk_max); 35657c49a6eSPeter Maydell return s->blk_lut[blkword] & blkbit; 35757c49a6eSPeter Maydell } 35857c49a6eSPeter Maydell 35957c49a6eSPeter Maydell static MemTxResult tz_mpc_handle_block(TZMPC *s, hwaddr addr, MemTxAttrs attrs) 36057c49a6eSPeter Maydell { 36157c49a6eSPeter Maydell /* Handle a blocked transaction: raise IRQ, capture info, etc */ 36257c49a6eSPeter Maydell if (!s->int_stat) { 36357c49a6eSPeter Maydell /* First blocked transfer: capture information into INT_INFO1 and 36457c49a6eSPeter Maydell * INT_INFO2. Subsequent transfers are still blocked but don't 36557c49a6eSPeter Maydell * capture information until the guest clears the interrupt. 36657c49a6eSPeter Maydell */ 36757c49a6eSPeter Maydell 36857c49a6eSPeter Maydell s->int_info1 = addr; 36957c49a6eSPeter Maydell s->int_info2 = 0; 37057c49a6eSPeter Maydell s->int_info2 = FIELD_DP32(s->int_info2, INT_INFO2, HMASTER, 37157c49a6eSPeter Maydell attrs.requester_id & 0xffff); 37257c49a6eSPeter Maydell s->int_info2 = FIELD_DP32(s->int_info2, INT_INFO2, HNONSEC, 37357c49a6eSPeter Maydell ~attrs.secure); 37457c49a6eSPeter Maydell s->int_info2 = FIELD_DP32(s->int_info2, INT_INFO2, CFG_NS, 37557c49a6eSPeter Maydell tz_mpc_cfg_ns(s, addr)); 37657c49a6eSPeter Maydell s->int_stat |= R_INT_STAT_IRQ_MASK; 37757c49a6eSPeter Maydell tz_mpc_irq_update(s); 37857c49a6eSPeter Maydell } 37957c49a6eSPeter Maydell 38057c49a6eSPeter Maydell /* Generate bus error if desired; otherwise RAZ/WI */ 38157c49a6eSPeter Maydell return (s->ctrl & R_CTRL_SEC_RESP_MASK) ? MEMTX_ERROR : MEMTX_OK; 38257c49a6eSPeter Maydell } 38357c49a6eSPeter Maydell 384344f4b15SPeter Maydell /* Accesses only reach these read and write functions if the MPC is 385344f4b15SPeter Maydell * blocking them; non-blocked accesses go directly to the downstream 386344f4b15SPeter Maydell * memory region without passing through this code. 387344f4b15SPeter Maydell */ 388344f4b15SPeter Maydell static MemTxResult tz_mpc_mem_blocked_read(void *opaque, hwaddr addr, 389344f4b15SPeter Maydell uint64_t *pdata, 390344f4b15SPeter Maydell unsigned size, MemTxAttrs attrs) 391344f4b15SPeter Maydell { 39257c49a6eSPeter Maydell TZMPC *s = TZ_MPC(opaque); 39357c49a6eSPeter Maydell 394344f4b15SPeter Maydell trace_tz_mpc_mem_blocked_read(addr, size, attrs.secure); 395344f4b15SPeter Maydell 396344f4b15SPeter Maydell *pdata = 0; 39757c49a6eSPeter Maydell return tz_mpc_handle_block(s, addr, attrs); 398344f4b15SPeter Maydell } 399344f4b15SPeter Maydell 400344f4b15SPeter Maydell static MemTxResult tz_mpc_mem_blocked_write(void *opaque, hwaddr addr, 401344f4b15SPeter Maydell uint64_t value, 402344f4b15SPeter Maydell unsigned size, MemTxAttrs attrs) 403344f4b15SPeter Maydell { 40457c49a6eSPeter Maydell TZMPC *s = TZ_MPC(opaque); 40557c49a6eSPeter Maydell 406344f4b15SPeter Maydell trace_tz_mpc_mem_blocked_write(addr, value, size, attrs.secure); 407344f4b15SPeter Maydell 40857c49a6eSPeter Maydell return tz_mpc_handle_block(s, addr, attrs); 409344f4b15SPeter Maydell } 410344f4b15SPeter Maydell 411344f4b15SPeter Maydell static const MemoryRegionOps tz_mpc_mem_blocked_ops = { 412344f4b15SPeter Maydell .read_with_attrs = tz_mpc_mem_blocked_read, 413344f4b15SPeter Maydell .write_with_attrs = tz_mpc_mem_blocked_write, 414344f4b15SPeter Maydell .endianness = DEVICE_LITTLE_ENDIAN, 415344f4b15SPeter Maydell .valid.min_access_size = 1, 416344f4b15SPeter Maydell .valid.max_access_size = 8, 417344f4b15SPeter Maydell .impl.min_access_size = 1, 418344f4b15SPeter Maydell .impl.max_access_size = 8, 419344f4b15SPeter Maydell }; 420344f4b15SPeter Maydell 421344f4b15SPeter Maydell static IOMMUTLBEntry tz_mpc_translate(IOMMUMemoryRegion *iommu, 422344f4b15SPeter Maydell hwaddr addr, IOMMUAccessFlags flags, 423344f4b15SPeter Maydell int iommu_idx) 424344f4b15SPeter Maydell { 425344f4b15SPeter Maydell TZMPC *s = TZ_MPC(container_of(iommu, TZMPC, upstream)); 426344f4b15SPeter Maydell bool ok; 427344f4b15SPeter Maydell 428344f4b15SPeter Maydell IOMMUTLBEntry ret = { 429344f4b15SPeter Maydell .iova = addr & ~(s->blocksize - 1), 430344f4b15SPeter Maydell .translated_addr = addr & ~(s->blocksize - 1), 431344f4b15SPeter Maydell .addr_mask = s->blocksize - 1, 432344f4b15SPeter Maydell .perm = IOMMU_RW, 433344f4b15SPeter Maydell }; 434344f4b15SPeter Maydell 435344f4b15SPeter Maydell /* Look at the per-block configuration for this address, and 436344f4b15SPeter Maydell * return a TLB entry directing the transaction at either 437344f4b15SPeter Maydell * downstream_as or blocked_io_as, as appropriate. 438dd29d068SPeter Maydell * If the LUT cfg_ns bit is 1, only non-secure transactions 439dd29d068SPeter Maydell * may pass. If the bit is 0, only secure transactions may pass. 440344f4b15SPeter Maydell */ 441dd29d068SPeter Maydell ok = tz_mpc_cfg_ns(s, addr) == (iommu_idx == IOMMU_IDX_NS); 442344f4b15SPeter Maydell 443344f4b15SPeter Maydell trace_tz_mpc_translate(addr, flags, 444344f4b15SPeter Maydell iommu_idx == IOMMU_IDX_S ? "S" : "NS", 445344f4b15SPeter Maydell ok ? "pass" : "block"); 446344f4b15SPeter Maydell 447344f4b15SPeter Maydell ret.target_as = ok ? &s->downstream_as : &s->blocked_io_as; 448344f4b15SPeter Maydell return ret; 449344f4b15SPeter Maydell } 450344f4b15SPeter Maydell 451344f4b15SPeter Maydell static int tz_mpc_attrs_to_index(IOMMUMemoryRegion *iommu, MemTxAttrs attrs) 452344f4b15SPeter Maydell { 453344f4b15SPeter Maydell /* We treat unspecified attributes like secure. Transactions with 454344f4b15SPeter Maydell * unspecified attributes come from places like 4553c8133f9SPeter Maydell * rom_reset() for initial image load, and we want 456344f4b15SPeter Maydell * those to pass through the from-reset "everything is secure" config. 457344f4b15SPeter Maydell * All the real during-emulation transactions from the CPU will 458344f4b15SPeter Maydell * specify attributes. 459344f4b15SPeter Maydell */ 460344f4b15SPeter Maydell return (attrs.unspecified || attrs.secure) ? IOMMU_IDX_S : IOMMU_IDX_NS; 461344f4b15SPeter Maydell } 462344f4b15SPeter Maydell 463344f4b15SPeter Maydell static int tz_mpc_num_indexes(IOMMUMemoryRegion *iommu) 464344f4b15SPeter Maydell { 465344f4b15SPeter Maydell return IOMMU_NUM_INDEXES; 466344f4b15SPeter Maydell } 467344f4b15SPeter Maydell 468344f4b15SPeter Maydell static void tz_mpc_reset(DeviceState *dev) 469344f4b15SPeter Maydell { 470cdb60998SPeter Maydell TZMPC *s = TZ_MPC(dev); 471cdb60998SPeter Maydell 472cdb60998SPeter Maydell s->ctrl = 0x00000100; 473cdb60998SPeter Maydell s->blk_idx = 0; 474cdb60998SPeter Maydell s->int_stat = 0; 475cdb60998SPeter Maydell s->int_en = 1; 476cdb60998SPeter Maydell s->int_info1 = 0; 477cdb60998SPeter Maydell s->int_info2 = 0; 478cdb60998SPeter Maydell 479cdb60998SPeter Maydell memset(s->blk_lut, 0, s->blk_max * sizeof(uint32_t)); 480344f4b15SPeter Maydell } 481344f4b15SPeter Maydell 482344f4b15SPeter Maydell static void tz_mpc_init(Object *obj) 483344f4b15SPeter Maydell { 484344f4b15SPeter Maydell DeviceState *dev = DEVICE(obj); 485344f4b15SPeter Maydell TZMPC *s = TZ_MPC(obj); 486344f4b15SPeter Maydell 487344f4b15SPeter Maydell qdev_init_gpio_out_named(dev, &s->irq, "irq", 1); 488344f4b15SPeter Maydell } 489344f4b15SPeter Maydell 490344f4b15SPeter Maydell static void tz_mpc_realize(DeviceState *dev, Error **errp) 491344f4b15SPeter Maydell { 492344f4b15SPeter Maydell Object *obj = OBJECT(dev); 493344f4b15SPeter Maydell SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 494344f4b15SPeter Maydell TZMPC *s = TZ_MPC(dev); 495344f4b15SPeter Maydell uint64_t size; 496344f4b15SPeter Maydell 497344f4b15SPeter Maydell /* We can't create the upstream end of the port until realize, 498344f4b15SPeter Maydell * as we don't know the size of the MR used as the downstream until then. 499344f4b15SPeter Maydell * We insist on having a downstream, to avoid complicating the code 500344f4b15SPeter Maydell * with handling the "don't know how big this is" case. It's easy 501344f4b15SPeter Maydell * enough for the user to create an unimplemented_device as downstream 502344f4b15SPeter Maydell * if they have nothing else to plug into this. 503344f4b15SPeter Maydell */ 504344f4b15SPeter Maydell if (!s->downstream) { 505344f4b15SPeter Maydell error_setg(errp, "MPC 'downstream' link not set"); 506344f4b15SPeter Maydell return; 507344f4b15SPeter Maydell } 508344f4b15SPeter Maydell 509344f4b15SPeter Maydell size = memory_region_size(s->downstream); 510344f4b15SPeter Maydell 511344f4b15SPeter Maydell memory_region_init_iommu(&s->upstream, sizeof(s->upstream), 512344f4b15SPeter Maydell TYPE_TZ_MPC_IOMMU_MEMORY_REGION, 513344f4b15SPeter Maydell obj, "tz-mpc-upstream", size); 514344f4b15SPeter Maydell 515344f4b15SPeter Maydell /* In real hardware the block size is configurable. In QEMU we could 516344f4b15SPeter Maydell * make it configurable but will need it to be at least as big as the 517344f4b15SPeter Maydell * target page size so we can execute out of the resulting MRs. Guest 518344f4b15SPeter Maydell * software is supposed to check the block size using the BLK_CFG 519344f4b15SPeter Maydell * register, so make it fixed at the page size. 520344f4b15SPeter Maydell */ 521344f4b15SPeter Maydell s->blocksize = memory_region_iommu_get_min_page_size(&s->upstream); 522344f4b15SPeter Maydell if (size % s->blocksize != 0) { 523344f4b15SPeter Maydell error_setg(errp, 524344f4b15SPeter Maydell "MPC 'downstream' size %" PRId64 525344f4b15SPeter Maydell " is not a multiple of %" HWADDR_PRIx " bytes", 526344f4b15SPeter Maydell size, s->blocksize); 527344f4b15SPeter Maydell object_unref(OBJECT(&s->upstream)); 528344f4b15SPeter Maydell return; 529344f4b15SPeter Maydell } 530344f4b15SPeter Maydell 531344f4b15SPeter Maydell /* BLK_MAX is the max value of BLK_IDX, which indexes an array of 32-bit 532344f4b15SPeter Maydell * words, each bit of which indicates one block. 533344f4b15SPeter Maydell */ 534344f4b15SPeter Maydell s->blk_max = DIV_ROUND_UP(size / s->blocksize, 32); 535344f4b15SPeter Maydell 536344f4b15SPeter Maydell memory_region_init_io(&s->regmr, obj, &tz_mpc_reg_ops, 537344f4b15SPeter Maydell s, "tz-mpc-regs", 0x1000); 538344f4b15SPeter Maydell sysbus_init_mmio(sbd, &s->regmr); 539344f4b15SPeter Maydell 540344f4b15SPeter Maydell sysbus_init_mmio(sbd, MEMORY_REGION(&s->upstream)); 541344f4b15SPeter Maydell 542344f4b15SPeter Maydell /* This memory region is not exposed to users of this device as a 543344f4b15SPeter Maydell * sysbus MMIO region, but is instead used internally as something 544344f4b15SPeter Maydell * that our IOMMU translate function might direct accesses to. 545344f4b15SPeter Maydell */ 546344f4b15SPeter Maydell memory_region_init_io(&s->blocked_io, obj, &tz_mpc_mem_blocked_ops, 547344f4b15SPeter Maydell s, "tz-mpc-blocked-io", size); 548344f4b15SPeter Maydell 549344f4b15SPeter Maydell address_space_init(&s->downstream_as, s->downstream, 550344f4b15SPeter Maydell "tz-mpc-downstream"); 551344f4b15SPeter Maydell address_space_init(&s->blocked_io_as, &s->blocked_io, 552344f4b15SPeter Maydell "tz-mpc-blocked-io"); 553cdb60998SPeter Maydell 554218fe5ceSPeter Maydell s->blk_lut = g_new0(uint32_t, s->blk_max); 555cdb60998SPeter Maydell } 556cdb60998SPeter Maydell 557cdb60998SPeter Maydell static int tz_mpc_post_load(void *opaque, int version_id) 558cdb60998SPeter Maydell { 559cdb60998SPeter Maydell TZMPC *s = TZ_MPC(opaque); 560cdb60998SPeter Maydell 561cdb60998SPeter Maydell /* Check the incoming data doesn't point blk_idx off the end of blk_lut. */ 562cdb60998SPeter Maydell if (s->blk_idx >= s->blk_max) { 563cdb60998SPeter Maydell return -1; 564cdb60998SPeter Maydell } 565cdb60998SPeter Maydell return 0; 566344f4b15SPeter Maydell } 567344f4b15SPeter Maydell 568344f4b15SPeter Maydell static const VMStateDescription tz_mpc_vmstate = { 569344f4b15SPeter Maydell .name = "tz-mpc", 570344f4b15SPeter Maydell .version_id = 1, 571344f4b15SPeter Maydell .minimum_version_id = 1, 572cdb60998SPeter Maydell .post_load = tz_mpc_post_load, 573344f4b15SPeter Maydell .fields = (VMStateField[]) { 574cdb60998SPeter Maydell VMSTATE_UINT32(ctrl, TZMPC), 575cdb60998SPeter Maydell VMSTATE_UINT32(blk_idx, TZMPC), 576cdb60998SPeter Maydell VMSTATE_UINT32(int_stat, TZMPC), 577cdb60998SPeter Maydell VMSTATE_UINT32(int_en, TZMPC), 578cdb60998SPeter Maydell VMSTATE_UINT32(int_info1, TZMPC), 579cdb60998SPeter Maydell VMSTATE_UINT32(int_info2, TZMPC), 580cdb60998SPeter Maydell VMSTATE_VARRAY_UINT32(blk_lut, TZMPC, blk_max, 581cdb60998SPeter Maydell 0, vmstate_info_uint32, uint32_t), 582344f4b15SPeter Maydell VMSTATE_END_OF_LIST() 583344f4b15SPeter Maydell } 584344f4b15SPeter Maydell }; 585344f4b15SPeter Maydell 586344f4b15SPeter Maydell static Property tz_mpc_properties[] = { 587344f4b15SPeter Maydell DEFINE_PROP_LINK("downstream", TZMPC, downstream, 588344f4b15SPeter Maydell TYPE_MEMORY_REGION, MemoryRegion *), 589344f4b15SPeter Maydell DEFINE_PROP_END_OF_LIST(), 590344f4b15SPeter Maydell }; 591344f4b15SPeter Maydell 592344f4b15SPeter Maydell static void tz_mpc_class_init(ObjectClass *klass, void *data) 593344f4b15SPeter Maydell { 594344f4b15SPeter Maydell DeviceClass *dc = DEVICE_CLASS(klass); 595344f4b15SPeter Maydell 596344f4b15SPeter Maydell dc->realize = tz_mpc_realize; 597344f4b15SPeter Maydell dc->vmsd = &tz_mpc_vmstate; 598344f4b15SPeter Maydell dc->reset = tz_mpc_reset; 599344f4b15SPeter Maydell dc->props = tz_mpc_properties; 600344f4b15SPeter Maydell } 601344f4b15SPeter Maydell 602344f4b15SPeter Maydell static const TypeInfo tz_mpc_info = { 603344f4b15SPeter Maydell .name = TYPE_TZ_MPC, 604344f4b15SPeter Maydell .parent = TYPE_SYS_BUS_DEVICE, 605344f4b15SPeter Maydell .instance_size = sizeof(TZMPC), 606344f4b15SPeter Maydell .instance_init = tz_mpc_init, 607344f4b15SPeter Maydell .class_init = tz_mpc_class_init, 608344f4b15SPeter Maydell }; 609344f4b15SPeter Maydell 610344f4b15SPeter Maydell static void tz_mpc_iommu_memory_region_class_init(ObjectClass *klass, 611344f4b15SPeter Maydell void *data) 612344f4b15SPeter Maydell { 613344f4b15SPeter Maydell IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass); 614344f4b15SPeter Maydell 615344f4b15SPeter Maydell imrc->translate = tz_mpc_translate; 616344f4b15SPeter Maydell imrc->attrs_to_index = tz_mpc_attrs_to_index; 617344f4b15SPeter Maydell imrc->num_indexes = tz_mpc_num_indexes; 618344f4b15SPeter Maydell } 619344f4b15SPeter Maydell 620344f4b15SPeter Maydell static const TypeInfo tz_mpc_iommu_memory_region_info = { 621344f4b15SPeter Maydell .name = TYPE_TZ_MPC_IOMMU_MEMORY_REGION, 622344f4b15SPeter Maydell .parent = TYPE_IOMMU_MEMORY_REGION, 623344f4b15SPeter Maydell .class_init = tz_mpc_iommu_memory_region_class_init, 624344f4b15SPeter Maydell }; 625344f4b15SPeter Maydell 626344f4b15SPeter Maydell static void tz_mpc_register_types(void) 627344f4b15SPeter Maydell { 628344f4b15SPeter Maydell type_register_static(&tz_mpc_info); 629344f4b15SPeter Maydell type_register_static(&tz_mpc_iommu_memory_region_info); 630344f4b15SPeter Maydell } 631344f4b15SPeter Maydell 632344f4b15SPeter Maydell type_init(tz_mpc_register_types); 633