From ea2ccb65615f8e50d6002c6b0de33691c00aae9d Mon Sep 17 00:00:00 2001 From: Joe Komlodi Date: Thu, 21 Jan 2021 16:18:53 -0800 Subject: [PATCH 1/3] target/microblaze: Add use-non-secure property This property is used to control the security of the following interfaces on MicroBlaze: M_AXI_DP - data interface M_AXI_IP - instruction interface M_AXI_DC - dcache interface M_AXI_IC - icache interface It works by enabling or disabling the use of the non_secure[3:0] signals. Interfaces and their corresponding values are taken from: https://www.xilinx.com/support/documentation/sw_manuals/xilinx2020_2/ug984-vivado-microblaze-ref.pdf page 153. Signed-off-by: Joe Komlodi Reviewed-by: Edgar E. Iglesias Tested-by: Edgar E. Iglesias Message-Id: <1611274735-303873-2-git-send-email-komlodi@xilinx.com> Signed-off-by: Edgar E. Iglesias --- target/microblaze/cpu.c | 46 +++++++++++++++++++++++++++++++++++++++++ target/microblaze/cpu.h | 11 ++++++++++ 2 files changed, 57 insertions(+) diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c index c8e754cfb1..accfb23a4f 100644 --- a/target/microblaze/cpu.c +++ b/target/microblaze/cpu.c @@ -98,6 +98,38 @@ static bool mb_cpu_has_work(CPUState *cs) } #ifndef CONFIG_USER_ONLY +static void mb_cpu_ns_axi_dp(void *opaque, int irq, int level) +{ + MicroBlazeCPU *cpu = opaque; + bool en = cpu->cfg.use_non_secure & USE_NON_SECURE_M_AXI_DP_MASK; + + cpu->ns_axi_dp = level & en; +} + +static void mb_cpu_ns_axi_ip(void *opaque, int irq, int level) +{ + MicroBlazeCPU *cpu = opaque; + bool en = cpu->cfg.use_non_secure & USE_NON_SECURE_M_AXI_IP_MASK; + + cpu->ns_axi_ip = level & en; +} + +static void mb_cpu_ns_axi_dc(void *opaque, int irq, int level) +{ + MicroBlazeCPU *cpu = opaque; + bool en = cpu->cfg.use_non_secure & USE_NON_SECURE_M_AXI_DC_MASK; + + cpu->ns_axi_dc = level & en; +} + +static void mb_cpu_ns_axi_ic(void *opaque, int irq, int level) +{ + MicroBlazeCPU *cpu = opaque; + bool en = cpu->cfg.use_non_secure & USE_NON_SECURE_M_AXI_IC_MASK; + + cpu->ns_axi_ic = level & en; +} + static void microblaze_cpu_set_irq(void *opaque, int irq, int level) { MicroBlazeCPU *cpu = opaque; @@ -248,6 +280,10 @@ static void mb_cpu_initfn(Object *obj) #ifndef CONFIG_USER_ONLY /* Inbound IRQ and FIR lines */ qdev_init_gpio_in(DEVICE(cpu), microblaze_cpu_set_irq, 2); + qdev_init_gpio_in_named(DEVICE(cpu), mb_cpu_ns_axi_dp, "ns_axi_dp", 1); + qdev_init_gpio_in_named(DEVICE(cpu), mb_cpu_ns_axi_ip, "ns_axi_ip", 1); + qdev_init_gpio_in_named(DEVICE(cpu), mb_cpu_ns_axi_dc, "ns_axi_dc", 1); + qdev_init_gpio_in_named(DEVICE(cpu), mb_cpu_ns_axi_ic, "ns_axi_ic", 1); #endif } @@ -277,6 +313,16 @@ static Property mb_properties[] = { DEFINE_PROP_BOOL("use-msr-instr", MicroBlazeCPU, cfg.use_msr_instr, true), DEFINE_PROP_BOOL("use-pcmp-instr", MicroBlazeCPU, cfg.use_pcmp_instr, true), DEFINE_PROP_BOOL("use-mmu", MicroBlazeCPU, cfg.use_mmu, true), + /* + * use-non-secure enables/disables the use of the non_secure[3:0] signals. + * It is a bitfield where 1 = non-secure for the following bits and their + * corresponding interfaces: + * 0x1 - M_AXI_DP + * 0x2 - M_AXI_IP + * 0x4 - M_AXI_DC + * 0x8 - M_AXI_IC + */ + DEFINE_PROP_UINT8("use-non-secure", MicroBlazeCPU, cfg.use_non_secure, 0), DEFINE_PROP_BOOL("dcache-writeback", MicroBlazeCPU, cfg.dcache_writeback, false), DEFINE_PROP_BOOL("endianness", MicroBlazeCPU, cfg.endi, false), diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h index c1c264199f..199cfb02d6 100644 --- a/target/microblaze/cpu.h +++ b/target/microblaze/cpu.h @@ -233,6 +233,12 @@ typedef struct CPUMBState CPUMBState; #define TARGET_INSN_START_EXTRA_WORDS 1 +/* use-non-secure property masks */ +#define USE_NON_SECURE_M_AXI_DP_MASK 0x1 +#define USE_NON_SECURE_M_AXI_IP_MASK 0x2 +#define USE_NON_SECURE_M_AXI_DC_MASK 0x4 +#define USE_NON_SECURE_M_AXI_IC_MASK 0x8 + struct CPUMBState { uint32_t bvalue; /* TCG temporary, only valid during a TB */ uint32_t btarget; /* Full resolved branch destination */ @@ -316,6 +322,7 @@ typedef struct { bool use_msr_instr; bool use_pcmp_instr; bool use_mmu; + uint8_t use_non_secure; bool dcache_writeback; bool endi; bool dopb_bus_exception; @@ -337,6 +344,10 @@ struct MicroBlazeCPU { CPUState parent_obj; /*< public >*/ + bool ns_axi_dp; + bool ns_axi_ip; + bool ns_axi_dc; + bool ns_axi_ic; CPUNegativeOffsetState neg; CPUMBState env; From 671a0a1265aeecae6775a8c7b8d6a5ede8a7ad32 Mon Sep 17 00:00:00 2001 From: Joe Komlodi Date: Thu, 21 Jan 2021 16:18:54 -0800 Subject: [PATCH 2/3] target/microblaze: use MMUAccessType instead of int in mmu_translate Using MMUAccessType makes it more clear what the variable's use is. No functional change. Signed-off-by: Joe Komlodi Reviewed-by: Richard Henderson Reviewed-by: Edgar E. Iglesias Tested-by: Edgar E. Iglesias Message-Id: <1611274735-303873-3-git-send-email-komlodi@xilinx.com> Signed-off-by: Edgar E. Iglesias --- target/microblaze/mmu.c | 2 +- target/microblaze/mmu.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/target/microblaze/mmu.c b/target/microblaze/mmu.c index 1e426963ba..cc40f275ea 100644 --- a/target/microblaze/mmu.c +++ b/target/microblaze/mmu.c @@ -74,7 +74,7 @@ static void mmu_change_pid(CPUMBState *env, unsigned int newpid) /* rw - 0 = read, 1 = write, 2 = fetch. */ unsigned int mmu_translate(MicroBlazeCPU *cpu, MicroBlazeMMULookup *lu, - target_ulong vaddr, int rw, int mmu_idx) + target_ulong vaddr, MMUAccessType rw, int mmu_idx) { MicroBlazeMMU *mmu = &cpu->env.mmu; unsigned int i, hit = 0; diff --git a/target/microblaze/mmu.h b/target/microblaze/mmu.h index 09e4075739..b6b4b9ad60 100644 --- a/target/microblaze/mmu.h +++ b/target/microblaze/mmu.h @@ -84,7 +84,7 @@ typedef struct { } MicroBlazeMMULookup; unsigned int mmu_translate(MicroBlazeCPU *cpu, MicroBlazeMMULookup *lu, - target_ulong vaddr, int rw, int mmu_idx); + target_ulong vaddr, MMUAccessType rw, int mmu_idx); uint32_t mmu_read(CPUMBState *env, bool ea, uint32_t rn); void mmu_write(CPUMBState *env, bool ea, uint32_t rn, uint32_t v); void mmu_init(MicroBlazeMMU *mmu); From 43a9ede1efd12d297278d017ce7df7130672e15d Mon Sep 17 00:00:00 2001 From: Joe Komlodi Date: Thu, 21 Jan 2021 16:18:55 -0800 Subject: [PATCH 3/3] target/microblaze: Add security attributes on memory transactions Using the cfg.use_non_secure bitfield and the MMU access type, we can determine if the access should be secure or not. Signed-off-by: Joe Komlodi Reviewed-by: Edgar E. Iglesias Tested-by: Edgar E. Iglesias Message-Id: <1611274735-303873-4-git-send-email-komlodi@xilinx.com> Signed-off-by: Edgar E. Iglesias --- target/microblaze/cpu.c | 2 +- target/microblaze/cpu.h | 3 ++- target/microblaze/helper.c | 26 +++++++++++++++++++++++--- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c index accfb23a4f..d5e8bfe11f 100644 --- a/target/microblaze/cpu.c +++ b/target/microblaze/cpu.c @@ -375,7 +375,7 @@ static void mb_cpu_class_init(ObjectClass *oc, void *data) cc->tlb_fill = mb_cpu_tlb_fill; #ifndef CONFIG_USER_ONLY cc->do_transaction_failed = mb_cpu_transaction_failed; - cc->get_phys_page_debug = mb_cpu_get_phys_page_debug; + cc->get_phys_page_attrs_debug = mb_cpu_get_phys_page_attrs_debug; dc->vmsd = &vmstate_mb_cpu; #endif device_class_set_props(dc, mb_properties); diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h index 199cfb02d6..e4bba8a755 100644 --- a/target/microblaze/cpu.h +++ b/target/microblaze/cpu.h @@ -361,7 +361,8 @@ void mb_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr, MMUAccessType access_type, int mmu_idx, uintptr_t retaddr); void mb_cpu_dump_state(CPUState *cpu, FILE *f, int flags); -hwaddr mb_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr); +hwaddr mb_cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr, + MemTxAttrs *attrs); int mb_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg); int mb_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg); diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c index cda14a14be..20dbd67313 100644 --- a/target/microblaze/helper.c +++ b/target/microblaze/helper.c @@ -46,6 +46,16 @@ bool mb_cpu_tlb_fill(CPUState *cs, vaddr address, int size, #else /* !CONFIG_USER_ONLY */ +static bool mb_cpu_access_is_secure(MicroBlazeCPU *cpu, + MMUAccessType access_type) +{ + if (access_type == MMU_INST_FETCH) { + return !cpu->ns_axi_ip; + } else { + return !cpu->ns_axi_dp; + } +} + bool mb_cpu_tlb_fill(CPUState *cs, vaddr address, int size, MMUAccessType access_type, int mmu_idx, bool probe, uintptr_t retaddr) @@ -55,12 +65,16 @@ bool mb_cpu_tlb_fill(CPUState *cs, vaddr address, int size, MicroBlazeMMULookup lu; unsigned int hit; int prot; + MemTxAttrs attrs = {}; + + attrs.secure = mb_cpu_access_is_secure(cpu, access_type); if (mmu_idx == MMU_NOMMU_IDX) { /* MMU disabled or not available. */ address &= TARGET_PAGE_MASK; prot = PAGE_BITS; - tlb_set_page(cs, address, address, prot, mmu_idx, TARGET_PAGE_SIZE); + tlb_set_page_with_attrs(cs, address, address, attrs, prot, mmu_idx, + TARGET_PAGE_SIZE); return true; } @@ -71,7 +85,8 @@ bool mb_cpu_tlb_fill(CPUState *cs, vaddr address, int size, qemu_log_mask(CPU_LOG_MMU, "MMU map mmu=%d v=%x p=%x prot=%x\n", mmu_idx, vaddr, paddr, lu.prot); - tlb_set_page(cs, vaddr, paddr, lu.prot, mmu_idx, TARGET_PAGE_SIZE); + tlb_set_page_with_attrs(cs, vaddr, paddr, attrs, lu.prot, mmu_idx, + TARGET_PAGE_SIZE); return true; } @@ -230,7 +245,8 @@ void mb_cpu_do_interrupt(CPUState *cs) } } -hwaddr mb_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) +hwaddr mb_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr, + MemTxAttrs *attrs) { MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs); CPUMBState *env = &cpu->env; @@ -239,6 +255,10 @@ hwaddr mb_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) int mmu_idx = cpu_mmu_index(env, false); unsigned int hit; + /* Caller doesn't initialize */ + *attrs = (MemTxAttrs) {}; + attrs->secure = mb_cpu_access_is_secure(cpu, MMU_DATA_LOAD); + if (mmu_idx != MMU_NOMMU_IDX) { hit = mmu_translate(cpu, &lu, addr, 0, 0); if (hit) {