Initial implementation of the Arm TZ-ASC driver
Adds the `Tzc` struct, which uses `safe_mmio` to manipulate the
registers of the Arm TZ-ASC component. The structure directly exposes
general purposes registers, and other wrappers for failure and region
registers.
Signed-off-by: Ludovic Mermod <ludovic.mermod@arm.com>
Change-Id: Ife2757e62634c634da0d4efabe3171a29245f386
diff --git a/src/fail.rs b/src/fail.rs
new file mode 100644
index 0000000..3aafdd9
--- /dev/null
+++ b/src/fail.rs
@@ -0,0 +1,258 @@
+// SPDX-FileCopyrightText: Copyright The arm-tzc Contributors.
+// SPDX-License-Identifier: MIT OR Apache-2.0
+use safe_mmio::{SharedMmioPointer, field_shared, fields::ReadPure};
+use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout};
+
+use crate::utils::{concatenate_address_parts, extract_bits, get_bit};
+
+#[derive(Debug, Clone, Copy, Eq, FromBytes, Immutable, IntoBytes, KnownLayout, PartialEq)]
+/// Each filter unit has a fail control register which contains the control status information of
+/// the first access that failed a region permission check in the associated filter unit. This
+/// occurs even if the [`ActionRegister`][crate::ActionRegister] is set to not drive the interrupt
+/// signal.
+///
+/// The first failing access is defined as the first permission failure in the associated filter
+/// unit after one of the following occurs:
+///
+/// - Reset.
+/// - The last clearance of an interrupt using the
+/// [`InterruptClearRegister`][crate::InterruptClearRegister].
+#[repr(transparent)]
+pub struct FailControlRegister(u32);
+
+#[derive(Clone, Copy, Debug, Eq, PartialEq)]
+/// See [`FailControlRegister::direction`].
+pub enum FailAccessDirection {
+ /// Attempted access was a read.
+ Read,
+ /// Attempted access was a write.
+ Write,
+}
+
+impl FailControlRegister {
+ /// If a region permission check fails or a region overlap occurs, this field indicates whether
+ /// the failed access was a read or write access attempt.
+ ///
+ /// You must clear the associated interrupt status before this field can return the direction of
+ /// accesses of subsequent permission checks or region overlap failures.
+ ///
+ /// If the status flag for the filter unit in the
+ /// [`InterruptStatusRegister`][crate::InterruptStatusRegister] is already set, new region
+ /// permission check failures in the same filter unit do not update the associated fail status
+ /// group of registers.
+ pub const fn direction(&self) -> FailAccessDirection {
+ if get_bit(self.0, 24) {
+ FailAccessDirection::Write
+ } else {
+ FailAccessDirection::Read
+ }
+ }
+
+ /// If a region permission check fails or a region overlap occurs, this field indicates whether
+ /// it was a Secure (`false`) or Non-secure (`true`) access attempt.
+ ///
+ /// You must clear the associated interrupt status before this field can return the direction of
+ /// accesses of subsequent permission checks or region overlap failures.
+ ///
+ /// If the status flag for the filter unit in the
+ /// [`InterruptStatusRegister`][crate::InterruptStatusRegister] is already set, new region
+ /// permission check failures in the same filter unit do not update the associated fail status
+ /// group of registers.
+ pub const fn non_secure(&self) -> bool {
+ get_bit(self.0, 21)
+ }
+
+ /// If a region permission check fails or a region overlap occurs, this field indicates whether
+ /// it was a privileged (`true`) or unprivileged (`false`) access attempt.
+ ///
+ /// You must clear the associated interrupt status before this field can return the direction of
+ /// accesses of subsequent permission checks or region overlap failures.
+ ///
+ /// If the status flag for the filter unit in the
+ /// [`InterruptStatusRegister`][crate::InterruptStatusRegister] is already set, new region
+ /// permission check failures in the same filter unit do not update the associated fail status
+ /// group of registers.
+ pub const fn privileged(&self) -> bool {
+ get_bit(self.0, 20)
+ }
+}
+
+#[derive(Debug, Clone, Copy, Eq, FromBytes, Immutable, IntoBytes, KnownLayout, PartialEq)]
+/// Each filter unit has a fail id register which contains the master ACE-Lite ARID or AWID of the
+/// first access that failed a region permission check in the associated filter unit. This occurs
+/// even if the [`ActionRegister`][crate::ActionRegister] is set to not drive the interrupt signal.
+///
+/// The first failing access is defined as the first permission failure in the associated filter
+/// unit after one of the following occurs:
+///
+/// - Reset.
+/// - The last clearance of an interrupt using the
+/// [`InterruptClearRegister`][crate::InterruptClearRegister].
+#[repr(transparent)]
+pub struct FailIDRegister(u32);
+
+impl FailIDRegister {
+ /// If a region permission check fails or a region overlap occurs, this field returns the VN
+ /// number of the first failed access, from either ARVNET<x> or AWVNET<x> as
+ /// appropriate. If the status flag for the filter unit in the
+ /// [`InterruptStatusRegister`][crate::InterruptStatusRegister] already set, new region
+ /// permission check failures in the same filter unit do not update the associated fail status
+ /// group of registers.
+ pub const fn vnet(&self) -> u32 {
+ extract_bits(self.0, 27, 24)
+ }
+
+ /// If a region permission check fails or a region overlap occurs, this field returns the
+ /// ACE-Lite ID values of the first failed access.
+ ///
+ /// If the status flag for the filter unit in the
+ /// [`InterruptStatusRegister`][crate::InterruptStatusRegister] is already set, new region
+ /// permission check failures in the same filter unit do not update the associated fail status
+ /// group of registers.
+ pub const fn id(&self) -> u32 {
+ // TODO: use AID_WIDTH - 1 as upper bound.
+ extract_bits(self.0, 23, 0)
+ }
+}
+
+#[derive(Debug, Clone, Eq, FromBytes, Immutable, IntoBytes, KnownLayout, PartialEq)]
+#[repr(C, align(4))]
+pub(crate) struct FailRegisters {
+ /// 0x020 + (0x10 * x): Fail address low register.
+ fail_address_low: ReadPure<u32>,
+ /// 0x024 + (0x10 * x): Fail address high register.
+ fail_address_high: ReadPure<u32>,
+ /// 0x028 + (0x10 * x): Fail control register.
+ fail_control: ReadPure<FailControlRegister>,
+ /// 0x02C + (0x10 * x): Fail ID register.
+ fail_id: ReadPure<FailIDRegister>, /* TODO: size depends on configuration: https://developer.arm.com/documentation/ddi0504/c/programmers-model/register-summary?lang=en, footnote d. */
+}
+/// Wrapper structure to allow reading registers detailing the last failure of a filter unit. See
+/// also [`Tzc::fail`][crate::Tzc::filter_failure].
+pub struct TzcFail<'regs> {
+ pub(crate) regs: SharedMmioPointer<'regs, FailRegisters>,
+}
+
+impl<'a> TzcFail<'a> {
+ /// Returns the address of the first access that failed a region permission check in the
+ /// associated filter unit. This occurs even if the [`ActionRegister`][crate::ActionRegister] is
+ /// set to not drive the interrupt signal. See Action register.
+ ///
+ /// The first failing access is defined as the first permission failure in the associated filter
+ /// unit after one of the following occurs:
+ /// - Reset.
+ /// - The last clearance of an interrupt using the
+ /// [`InterruptClearRegister`][crate::InterruptClearRegister].
+ pub fn fail_address(&self) -> u64 {
+ concatenate_address_parts(
+ field_shared!(self.regs, fail_address_low).read(),
+ field_shared!(self.regs, fail_address_high).read(),
+ )
+ }
+
+ /// Returns the [`FailControlRegister`] of this filter.
+ pub fn fail_control(&self) -> FailControlRegister {
+ field_shared!(self.regs, fail_control).read()
+ }
+
+ /// Returns the [`FailIDRegister`] of this filter.
+ pub fn fail_id(&self) -> FailIDRegister {
+ field_shared!(self.regs, fail_id).read()
+ }
+}
+
+#[cfg(test)]
+mod tests {
+ use crate::{tests::FakeTZCRegisters, *};
+
+ #[test]
+ fn fail_oob() {
+ let mut regs = FakeTZCRegisters::new();
+ regs.reg_write(0x008, 0b0000_0000_0000_0010_0000_0000_0000_0000);
+ let tzc = regs.tzc_for_test();
+
+ assert!(tzc.filter_failure(2).is_none());
+ assert!(tzc.filter_failure(3).is_none());
+ assert!(tzc.filter_failure(4).is_none());
+ assert!(tzc.filter_failure(18).is_none());
+ }
+
+ #[test]
+ pub fn fail_address() {
+ let mut regs = FakeTZCRegisters::new();
+ regs.reg_write(0x000, 0b0000_0011_0000_0000_0010_1111_0000_1000);
+ for i in 0..4 {
+ regs.reg_write(0x020 + i * 0x10, 0xabcd_0000);
+ regs.reg_write(0x024 + i * 0x10, 0xfc00 | i as u32);
+ }
+
+ let tzc = regs.tzc_for_test();
+
+ for i in 0..4 {
+ assert_eq!(
+ tzc.filter_failure(i).unwrap().fail_address(),
+ 0xfc00_abcd_0000 | ((i as u64) << 32),
+ );
+ }
+ }
+
+ #[test]
+ fn fail_control() {
+ let mut regs = FakeTZCRegisters::new();
+ regs.reg_write(0x000, 0b0000_0011_0000_0000_0010_1111_0000_1000);
+ regs.reg_write(0x028, 0b0000_0001_0010_0000_0000_0000_0000_0000);
+ regs.reg_write(0x038, 0b0000_0000_0011_0000_0000_0000_0000_0000);
+ regs.reg_write(0x048, 0b0000_0001_0000_0000_0000_0000_0000_0000);
+ regs.reg_write(0x058, 0b0000_0000_0001_0000_0000_0000_0000_0000);
+ let tzc = regs.tzc_for_test();
+
+ let fc0 = tzc.filter_failure(0).unwrap().fail_control();
+ let fc1 = tzc.filter_failure(1).unwrap().fail_control();
+ let fc2 = tzc.filter_failure(2).unwrap().fail_control();
+ let fc3 = tzc.filter_failure(3).unwrap().fail_control();
+
+ assert_eq!(fc0.direction(), FailAccessDirection::Write);
+ assert!(!fc0.privileged());
+ assert!(fc0.non_secure());
+
+ assert_eq!(fc1.direction(), FailAccessDirection::Read);
+ assert!(fc1.privileged());
+ assert!(fc1.non_secure());
+
+ assert_eq!(fc2.direction(), FailAccessDirection::Write);
+ assert!(!fc2.privileged());
+ assert!(!fc2.non_secure());
+
+ assert_eq!(fc3.direction(), FailAccessDirection::Read);
+ assert!(fc3.privileged());
+ assert!(!fc3.non_secure());
+ }
+
+ #[test]
+ fn fail_id() {
+ let mut regs = FakeTZCRegisters::new();
+ regs.reg_write(0x000, 0b0000_0011_0000_0000_0010_1111_0000_1000);
+ regs.reg_write(0x02C, 0x05_00_be_ef);
+ regs.reg_write(0x03C, 0x02_de_ad_00);
+ regs.reg_write(0x04C, 0x08_ab_cd_ef);
+ regs.reg_write(0x05C, 0x0f_fe_d0_af);
+ let tzc = regs.tzc_for_test();
+
+ let fid0 = tzc.filter_failure(0).unwrap().fail_id();
+ let fid1 = tzc.filter_failure(1).unwrap().fail_id();
+ let fid2 = tzc.filter_failure(2).unwrap().fail_id();
+ let fid3 = tzc.filter_failure(3).unwrap().fail_id();
+
+ assert_eq!(fid0.vnet(), 5);
+ assert_eq!(fid0.id(), 0xbeef);
+
+ assert_eq!(fid1.vnet(), 2);
+ assert_eq!(fid1.id(), 0xdead00);
+
+ assert_eq!(fid2.vnet(), 8);
+ assert_eq!(fid2.id(), 0xabcdef);
+
+ assert_eq!(fid3.vnet(), 15);
+ assert_eq!(fid3.id(), 0xfed0af);
+ }
+}