From: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Greg Bellows <greg.bellows@linaro.org>,
qemu-devel@nongnu.org, patches@linaro.org
Subject: Re: [Qemu-devel] [PATCH v4 10/17] hw/intc/arm_gic: Restrict priority view
Date: Tue, 5 May 2015 11:31:31 +1000 [thread overview]
Message-ID: <20150505013131.GK10142@toto> (raw)
In-Reply-To: <1430502643-25909-11-git-send-email-peter.maydell@linaro.org>
On Fri, May 01, 2015 at 06:50:36PM +0100, Peter Maydell wrote:
> From: Fabian Aggeler <aggelerf@ethz.ch>
>
> GICs with Security Extensions restrict the non-secure view of the
> interrupt priority and priority mask registers.
>
> Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch>
> Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
> Message-id: 1429113742-8371-15-git-send-email-greg.bellows@linaro.org
> [PMM: minor code tweaks; fixed missing masking in gic_set_priority_mask
> and gic_set_priority]
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
> ---
> hw/intc/arm_gic.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++----
> hw/intc/arm_gic_kvm.c | 2 +-
> hw/intc/gic_internal.h | 3 ++-
> 3 files changed, 61 insertions(+), 7 deletions(-)
>
> diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
> index e3bbe9e..7c0ddc8 100644
> --- a/hw/intc/arm_gic.c
> +++ b/hw/intc/arm_gic.c
> @@ -233,8 +233,16 @@ uint32_t gic_acknowledge_irq(GICState *s, int cpu)
> return ret;
> }
>
> -void gic_set_priority(GICState *s, int cpu, int irq, uint8_t val)
> +void gic_set_priority(GICState *s, int cpu, int irq, uint8_t val,
> + MemTxAttrs attrs)
> {
> + if (s->security_extn && !attrs.secure) {
> + if (!GIC_TEST_GROUP(irq, (1 << cpu))) {
> + return; /* Ignore Non-secure access of Group0 IRQ */
> + }
> + val = 0x80 | (val >> 1); /* Non-secure view */
> + }
> +
> if (irq < GIC_INTERNAL) {
> s->priority1[irq][cpu] = val;
> } else {
> @@ -242,6 +250,51 @@ void gic_set_priority(GICState *s, int cpu, int irq, uint8_t val)
> }
> }
>
> +static uint32_t gic_get_priority(GICState *s, int cpu, int irq,
> + MemTxAttrs attrs)
> +{
> + uint32_t prio = GIC_GET_PRIORITY(irq, cpu);
> +
> + if (s->security_extn && !attrs.secure) {
> + if (!GIC_TEST_GROUP(irq, (1 << cpu))) {
> + return 0; /* Non-secure access cannot read priority of Group0 IRQ */
> + }
> + prio = (prio << 1) & 0xff; /* Non-secure view */
> + }
> + return prio;
> +}
> +
> +static void gic_set_priority_mask(GICState *s, int cpu, uint8_t pmask,
> + MemTxAttrs attrs)
> +{
> + if (s->security_extn && !attrs.secure) {
> + if (s->priority_mask[cpu] & 0x80) {
> + /* Priority Mask in upper half */
> + pmask = 0x80 | (pmask >> 1);
> + } else {
> + /* Non-secure write ignored if priority mask is in lower half */
> + return;
> + }
> + }
> + s->priority_mask[cpu] = pmask;
> +}
> +
> +static uint32_t gic_get_priority_mask(GICState *s, int cpu, MemTxAttrs attrs)
> +{
> + uint32_t pmask = s->priority_mask[cpu];
> +
> + if (s->security_extn && !attrs.secure) {
> + if (pmask & 0x80) {
> + /* Priority Mask in upper half, return Non-secure view */
> + pmask = (pmask << 1) & 0xff;
> + } else {
> + /* Priority Mask in lower half, RAZ */
> + pmask = 0;
> + }
> + }
> + return pmask;
> +}
> +
> static uint32_t gic_get_cpu_control(GICState *s, int cpu, MemTxAttrs attrs)
> {
> uint32_t ret = s->cpu_ctlr[cpu];
> @@ -451,7 +504,7 @@ static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
> irq = (offset - 0x400) + GIC_BASE_IRQ;
> if (irq >= s->num_irq)
> goto bad_reg;
> - res = GIC_GET_PRIORITY(irq, cpu);
> + res = gic_get_priority(s, cpu, irq, attrs);
> } else if (offset < 0xc00) {
> /* Interrupt CPU Target. */
> if (s->num_cpu == 1 && s->revision != REV_11MPCORE) {
> @@ -669,7 +722,7 @@ static void gic_dist_writeb(void *opaque, hwaddr offset,
> irq = (offset - 0x400) + GIC_BASE_IRQ;
> if (irq >= s->num_irq)
> goto bad_reg;
> - gic_set_priority(s, cpu, irq, value);
> + gic_set_priority(s, cpu, irq, value, attrs);
> } else if (offset < 0xc00) {
> /* Interrupt CPU Target. RAZ/WI on uniprocessor GICs, with the
> * annoying exception of the 11MPCore's GIC.
> @@ -820,7 +873,7 @@ static MemTxResult gic_cpu_read(GICState *s, int cpu, int offset,
> *data = gic_get_cpu_control(s, cpu, attrs);
> break;
> case 0x04: /* Priority mask */
> - *data = s->priority_mask[cpu];
> + *data = gic_get_priority_mask(s, cpu, attrs);
> break;
> case 0x08: /* Binary Point */
> if (s->security_extn && !attrs.secure) {
> @@ -870,7 +923,7 @@ static MemTxResult gic_cpu_write(GICState *s, int cpu, int offset,
> gic_set_cpu_control(s, cpu, value, attrs);
> break;
> case 0x04: /* Priority mask */
> - s->priority_mask[cpu] = (value & 0xff);
> + gic_set_priority_mask(s, cpu, value, attrs);
> break;
> case 0x08: /* Binary Point */
> if (s->security_extn && !attrs.secure) {
> diff --git a/hw/intc/arm_gic_kvm.c b/hw/intc/arm_gic_kvm.c
> index c5a2f81..54f18df 100644
> --- a/hw/intc/arm_gic_kvm.c
> +++ b/hw/intc/arm_gic_kvm.c
> @@ -251,7 +251,7 @@ static void translate_priority(GICState *s, int irq, int cpu,
> if (to_kernel) {
> *field = GIC_GET_PRIORITY(irq, cpu) & 0xff;
> } else {
> - gic_set_priority(s, cpu, irq, *field & 0xff);
> + gic_set_priority(s, cpu, irq, *field & 0xff, MEMTXATTRS_UNSPECIFIED);
> }
> }
>
> diff --git a/hw/intc/gic_internal.h b/hw/intc/gic_internal.h
> index 81c764c..119fb81 100644
> --- a/hw/intc/gic_internal.h
> +++ b/hw/intc/gic_internal.h
> @@ -82,7 +82,8 @@ uint32_t gic_acknowledge_irq(GICState *s, int cpu);
> void gic_complete_irq(GICState *s, int cpu, int irq);
> void gic_update(GICState *s);
> void gic_init_irqs_and_distributor(GICState *s);
> -void gic_set_priority(GICState *s, int cpu, int irq, uint8_t val);
> +void gic_set_priority(GICState *s, int cpu, int irq, uint8_t val,
> + MemTxAttrs attrs);
>
> static inline bool gic_test_pending(GICState *s, int irq, int cm)
> {
> --
> 1.9.1
>
next prev parent reply other threads:[~2015-05-05 1:35 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-01 17:50 [Qemu-devel] [PATCH v4 00/17] arm_gic: Add security and grouping support Peter Maydell
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 01/17] hw/intc/arm_gic: Create outbound FIQ lines Peter Maydell
2015-05-05 0:11 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 02/17] hw/intc/arm_gic: Add Security Extensions property Peter Maydell
2015-05-05 0:19 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 03/17] hw/intc/arm_gic: Switch to read/write callbacks with tx attributes Peter Maydell
2015-05-05 0:31 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 04/17] hw/intc/arm_gic: Add Interrupt Group Registers Peter Maydell
2015-05-05 0:55 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 05/17] hw/intc/arm_gic_kvm.c: Save and restore GICD_IGROUPRn state Peter Maydell
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 06/17] hw/intc/arm_gic: Make ICDDCR/GICD_CTLR banked Peter Maydell
2015-05-05 1:03 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 07/17] hw/intc/arm_gic: Make ICCBPR/GICC_BPR banked Peter Maydell
2015-05-05 1:06 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 08/17] hw/intc/arm_gic: Make ICCICR/GICC_CTLR banked Peter Maydell
2015-05-05 1:12 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 09/17] hw/intc/arm_gic: Implement Non-secure view of RPR Peter Maydell
2015-05-05 1:35 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 10/17] hw/intc/arm_gic: Restrict priority view Peter Maydell
2015-05-05 1:31 ` Edgar E. Iglesias [this message]
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 11/17] hw/intc/arm_gic: Handle grouping for GICC_HPPIR Peter Maydell
2015-05-05 1:43 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 12/17] hw/intc/arm_gic: Change behavior of EOIR writes Peter Maydell
2015-05-05 1:49 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 13/17] hw/intc/arm_gic: Change behavior of IAR writes Peter Maydell
2015-05-05 1:52 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 14/17] hw/intc/arm_gic: Add grouping support to gic_update() Peter Maydell
2015-05-05 1:57 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 15/17] hw/arm/virt.c: Wire FIQ between CPU <> GIC Peter Maydell
2015-05-05 1:58 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 16/17] hw/arm/vexpress.c: " Peter Maydell
2015-05-05 1:59 ` Edgar E. Iglesias
2015-05-01 17:50 ` [Qemu-devel] [PATCH v4 17/17] hw/arm/highbank.c: " Peter Maydell
2015-05-05 2:08 ` [Qemu-devel] [PATCH v4 00/17] arm_gic: Add security and grouping support Edgar E. Iglesias
2015-05-05 9:21 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150505013131.GK10142@toto \
--to=edgar.iglesias@gmail.com \
--cc=greg.bellows@linaro.org \
--cc=patches@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).