TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / arm-firmware-crates / arm-tzc.git / be75da815f00fa75713cbd7ddd0bdfd2221e39b3 / . / src / fail.rs
blob: 3aafdd9f8d6cf09dd83fefd9894319929e7c1131 [file] [log] [blame]
// SPDX-FileCopyrightText: Copyright The arm-tzc Contributors.
// SPDX-License-Identifier: MIT OR Apache-2.0
use safe_mmio::{SharedMmioPointer, field_shared, fields::ReadPure};
use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout};
use crate::utils::{concatenate_address_parts, extract_bits, get_bit};
#[derive(Debug, Clone, Copy, Eq, FromBytes, Immutable, IntoBytes, KnownLayout, PartialEq)]
/// Each filter unit has a fail control register which contains the control status information of
/// the first access that failed a region permission check in the associated filter unit. This
/// occurs even if the [`ActionRegister`][crate::ActionRegister] is set to not drive the interrupt
/// signal.
///
/// The first failing access is defined as the first permission failure in the associated filter
/// unit after one of the following occurs:
///
/// - Reset.
/// - The last clearance of an interrupt using the
/// [`InterruptClearRegister`][crate::InterruptClearRegister].
#[repr(transparent)]
pub struct FailControlRegister(u32);
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
/// See [`FailControlRegister::direction`].
pub enum FailAccessDirection {
/// Attempted access was a read.
Read,
/// Attempted access was a write.
Write,
}
impl FailControlRegister {
/// If a region permission check fails or a region overlap occurs, this field indicates whether
/// the failed access was a read or write access attempt.
///
/// You must clear the associated interrupt status before this field can return the direction of
/// accesses of subsequent permission checks or region overlap failures.
///
/// If the status flag for the filter unit in the
/// [`InterruptStatusRegister`][crate::InterruptStatusRegister] is already set, new region
/// permission check failures in the same filter unit do not update the associated fail status
/// group of registers.
pub const fn direction(&self) -> FailAccessDirection {
if get_bit(self.0, 24) {
FailAccessDirection::Write
} else {
FailAccessDirection::Read
}
}
/// If a region permission check fails or a region overlap occurs, this field indicates whether
/// it was a Secure (`false`) or Non-secure (`true`) access attempt.
///
/// You must clear the associated interrupt status before this field can return the direction of
/// accesses of subsequent permission checks or region overlap failures.
///
/// If the status flag for the filter unit in the
/// [`InterruptStatusRegister`][crate::InterruptStatusRegister] is already set, new region
/// permission check failures in the same filter unit do not update the associated fail status
/// group of registers.
pub const fn non_secure(&self) -> bool {
get_bit(self.0, 21)
}
/// If a region permission check fails or a region overlap occurs, this field indicates whether
/// it was a privileged (`true`) or unprivileged (`false`) access attempt.
///
/// You must clear the associated interrupt status before this field can return the direction of
/// accesses of subsequent permission checks or region overlap failures.
///
/// If the status flag for the filter unit in the
/// [`InterruptStatusRegister`][crate::InterruptStatusRegister] is already set, new region
/// permission check failures in the same filter unit do not update the associated fail status
/// group of registers.
pub const fn privileged(&self) -> bool {
get_bit(self.0, 20)
}
}
#[derive(Debug, Clone, Copy, Eq, FromBytes, Immutable, IntoBytes, KnownLayout, PartialEq)]
/// Each filter unit has a fail id register which contains the master ACE-Lite ARID or AWID of the
/// first access that failed a region permission check in the associated filter unit. This occurs
/// even if the [`ActionRegister`][crate::ActionRegister] is set to not drive the interrupt signal.
///
/// The first failing access is defined as the first permission failure in the associated filter
/// unit after one of the following occurs:
///
/// - Reset.
/// - The last clearance of an interrupt using the
/// [`InterruptClearRegister`][crate::InterruptClearRegister].
#[repr(transparent)]
pub struct FailIDRegister(u32);
impl FailIDRegister {
/// If a region permission check fails or a region overlap occurs, this field returns the VN
/// number of the first failed access, from either ARVNET<x> or AWVNET<x> as
/// appropriate. If the status flag for the filter unit in the
/// [`InterruptStatusRegister`][crate::InterruptStatusRegister] already set, new region
/// permission check failures in the same filter unit do not update the associated fail status
/// group of registers.
pub const fn vnet(&self) -> u32 {
extract_bits(self.0, 27, 24)
}
/// If a region permission check fails or a region overlap occurs, this field returns the
/// ACE-Lite ID values of the first failed access.
///
/// If the status flag for the filter unit in the
/// [`InterruptStatusRegister`][crate::InterruptStatusRegister] is already set, new region
/// permission check failures in the same filter unit do not update the associated fail status
/// group of registers.
pub const fn id(&self) -> u32 {
// TODO: use AID_WIDTH - 1 as upper bound.
extract_bits(self.0, 23, 0)
}
}
#[derive(Debug, Clone, Eq, FromBytes, Immutable, IntoBytes, KnownLayout, PartialEq)]
#[repr(C, align(4))]
pub(crate) struct FailRegisters {
/// 0x020 + (0x10 * x): Fail address low register.
fail_address_low: ReadPure<u32>,
/// 0x024 + (0x10 * x): Fail address high register.
fail_address_high: ReadPure<u32>,
/// 0x028 + (0x10 * x): Fail control register.
fail_control: ReadPure<FailControlRegister>,
/// 0x02C + (0x10 * x): Fail ID register.
fail_id: ReadPure<FailIDRegister>, /* TODO: size depends on configuration: https://developer.arm.com/documentation/ddi0504/c/programmers-model/register-summary?lang=en, footnote d. */
}
/// Wrapper structure to allow reading registers detailing the last failure of a filter unit. See
/// also [`Tzc::fail`][crate::Tzc::filter_failure].
pub struct TzcFail<'regs> {
pub(crate) regs: SharedMmioPointer<'regs, FailRegisters>,
}
impl<'a> TzcFail<'a> {
/// Returns the address of the first access that failed a region permission check in the
/// associated filter unit. This occurs even if the [`ActionRegister`][crate::ActionRegister] is
/// set to not drive the interrupt signal. See Action register.
///
/// The first failing access is defined as the first permission failure in the associated filter
/// unit after one of the following occurs:
/// - Reset.
/// - The last clearance of an interrupt using the
/// [`InterruptClearRegister`][crate::InterruptClearRegister].
pub fn fail_address(&self) -> u64 {
concatenate_address_parts(
field_shared!(self.regs, fail_address_low).read(),
field_shared!(self.regs, fail_address_high).read(),
)
}
/// Returns the [`FailControlRegister`] of this filter.
pub fn fail_control(&self) -> FailControlRegister {
field_shared!(self.regs, fail_control).read()
}
/// Returns the [`FailIDRegister`] of this filter.
pub fn fail_id(&self) -> FailIDRegister {
field_shared!(self.regs, fail_id).read()
}
}
#[cfg(test)]
mod tests {
use crate::{tests::FakeTZCRegisters, *};
#[test]
fn fail_oob() {
let mut regs = FakeTZCRegisters::new();
regs.reg_write(0x008, 0b0000_0000_0000_0010_0000_0000_0000_0000);
let tzc = regs.tzc_for_test();
assert!(tzc.filter_failure(2).is_none());
assert!(tzc.filter_failure(3).is_none());
assert!(tzc.filter_failure(4).is_none());
assert!(tzc.filter_failure(18).is_none());
}
#[test]
pub fn fail_address() {
let mut regs = FakeTZCRegisters::new();
regs.reg_write(0x000, 0b0000_0011_0000_0000_0010_1111_0000_1000);
for i in 0..4 {
regs.reg_write(0x020 + i * 0x10, 0xabcd_0000);
regs.reg_write(0x024 + i * 0x10, 0xfc00 | i as u32);
}
let tzc = regs.tzc_for_test();
for i in 0..4 {
assert_eq!(
tzc.filter_failure(i).unwrap().fail_address(),
0xfc00_abcd_0000 | ((i as u64) << 32),
);
}
}
#[test]
fn fail_control() {
let mut regs = FakeTZCRegisters::new();
regs.reg_write(0x000, 0b0000_0011_0000_0000_0010_1111_0000_1000);
regs.reg_write(0x028, 0b0000_0001_0010_0000_0000_0000_0000_0000);
regs.reg_write(0x038, 0b0000_0000_0011_0000_0000_0000_0000_0000);
regs.reg_write(0x048, 0b0000_0001_0000_0000_0000_0000_0000_0000);
regs.reg_write(0x058, 0b0000_0000_0001_0000_0000_0000_0000_0000);
let tzc = regs.tzc_for_test();
let fc0 = tzc.filter_failure(0).unwrap().fail_control();
let fc1 = tzc.filter_failure(1).unwrap().fail_control();
let fc2 = tzc.filter_failure(2).unwrap().fail_control();
let fc3 = tzc.filter_failure(3).unwrap().fail_control();
assert_eq!(fc0.direction(), FailAccessDirection::Write);
assert!(!fc0.privileged());
assert!(fc0.non_secure());
assert_eq!(fc1.direction(), FailAccessDirection::Read);
assert!(fc1.privileged());
assert!(fc1.non_secure());
assert_eq!(fc2.direction(), FailAccessDirection::Write);
assert!(!fc2.privileged());
assert!(!fc2.non_secure());
assert_eq!(fc3.direction(), FailAccessDirection::Read);
assert!(fc3.privileged());
assert!(!fc3.non_secure());
}
#[test]
fn fail_id() {
let mut regs = FakeTZCRegisters::new();
regs.reg_write(0x000, 0b0000_0011_0000_0000_0010_1111_0000_1000);
regs.reg_write(0x02C, 0x05_00_be_ef);
regs.reg_write(0x03C, 0x02_de_ad_00);
regs.reg_write(0x04C, 0x08_ab_cd_ef);
regs.reg_write(0x05C, 0x0f_fe_d0_af);
let tzc = regs.tzc_for_test();
let fid0 = tzc.filter_failure(0).unwrap().fail_id();
let fid1 = tzc.filter_failure(1).unwrap().fail_id();
let fid2 = tzc.filter_failure(2).unwrap().fail_id();
let fid3 = tzc.filter_failure(3).unwrap().fail_id();
assert_eq!(fid0.vnet(), 5);
assert_eq!(fid0.id(), 0xbeef);
assert_eq!(fid1.vnet(), 2);
assert_eq!(fid1.id(), 0xdead00);
assert_eq!(fid2.vnet(), 8);
assert_eq!(fid2.id(), 0xabcdef);
assert_eq!(fid3.vnet(), 15);
assert_eq!(fid3.id(), 0xfed0af);
}
}