blob: 3aafdd9f8d6cf09dd83fefd9894319929e7c1131 [file] [log] [blame]
Ludovic Mermodbe75da82025-09-17 11:13:28 +02001// SPDX-FileCopyrightText: Copyright The arm-tzc Contributors.
2// SPDX-License-Identifier: MIT OR Apache-2.0
3use safe_mmio::{SharedMmioPointer, field_shared, fields::ReadPure};
4use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout};
5
6use crate::utils::{concatenate_address_parts, extract_bits, get_bit};
7
8#[derive(Debug, Clone, Copy, Eq, FromBytes, Immutable, IntoBytes, KnownLayout, PartialEq)]
9/// Each filter unit has a fail control register which contains the control status information of
10/// the first access that failed a region permission check in the associated filter unit. This
11/// occurs even if the [`ActionRegister`][crate::ActionRegister] is set to not drive the interrupt
12/// signal.
13///
14/// The first failing access is defined as the first permission failure in the associated filter
15/// unit after one of the following occurs:
16///
17/// - Reset.
18/// - The last clearance of an interrupt using the
19/// [`InterruptClearRegister`][crate::InterruptClearRegister].
20#[repr(transparent)]
21pub struct FailControlRegister(u32);
22
23#[derive(Clone, Copy, Debug, Eq, PartialEq)]
24/// See [`FailControlRegister::direction`].
25pub enum FailAccessDirection {
26 /// Attempted access was a read.
27 Read,
28 /// Attempted access was a write.
29 Write,
30}
31
32impl FailControlRegister {
33 /// If a region permission check fails or a region overlap occurs, this field indicates whether
34 /// the failed access was a read or write access attempt.
35 ///
36 /// You must clear the associated interrupt status before this field can return the direction of
37 /// accesses of subsequent permission checks or region overlap failures.
38 ///
39 /// If the status flag for the filter unit in the
40 /// [`InterruptStatusRegister`][crate::InterruptStatusRegister] is already set, new region
41 /// permission check failures in the same filter unit do not update the associated fail status
42 /// group of registers.
43 pub const fn direction(&self) -> FailAccessDirection {
44 if get_bit(self.0, 24) {
45 FailAccessDirection::Write
46 } else {
47 FailAccessDirection::Read
48 }
49 }
50
51 /// If a region permission check fails or a region overlap occurs, this field indicates whether
52 /// it was a Secure (`false`) or Non-secure (`true`) access attempt.
53 ///
54 /// You must clear the associated interrupt status before this field can return the direction of
55 /// accesses of subsequent permission checks or region overlap failures.
56 ///
57 /// If the status flag for the filter unit in the
58 /// [`InterruptStatusRegister`][crate::InterruptStatusRegister] is already set, new region
59 /// permission check failures in the same filter unit do not update the associated fail status
60 /// group of registers.
61 pub const fn non_secure(&self) -> bool {
62 get_bit(self.0, 21)
63 }
64
65 /// If a region permission check fails or a region overlap occurs, this field indicates whether
66 /// it was a privileged (`true`) or unprivileged (`false`) access attempt.
67 ///
68 /// You must clear the associated interrupt status before this field can return the direction of
69 /// accesses of subsequent permission checks or region overlap failures.
70 ///
71 /// If the status flag for the filter unit in the
72 /// [`InterruptStatusRegister`][crate::InterruptStatusRegister] is already set, new region
73 /// permission check failures in the same filter unit do not update the associated fail status
74 /// group of registers.
75 pub const fn privileged(&self) -> bool {
76 get_bit(self.0, 20)
77 }
78}
79
80#[derive(Debug, Clone, Copy, Eq, FromBytes, Immutable, IntoBytes, KnownLayout, PartialEq)]
81/// Each filter unit has a fail id register which contains the master ACE-Lite ARID or AWID of the
82/// first access that failed a region permission check in the associated filter unit. This occurs
83/// even if the [`ActionRegister`][crate::ActionRegister] is set to not drive the interrupt signal.
84///
85/// The first failing access is defined as the first permission failure in the associated filter
86/// unit after one of the following occurs:
87///
88/// - Reset.
89/// - The last clearance of an interrupt using the
90/// [`InterruptClearRegister`][crate::InterruptClearRegister].
91#[repr(transparent)]
92pub struct FailIDRegister(u32);
93
94impl FailIDRegister {
95 /// If a region permission check fails or a region overlap occurs, this field returns the VN
96 /// number of the first failed access, from either ARVNET<x> or AWVNET<x> as
97 /// appropriate. If the status flag for the filter unit in the
98 /// [`InterruptStatusRegister`][crate::InterruptStatusRegister] already set, new region
99 /// permission check failures in the same filter unit do not update the associated fail status
100 /// group of registers.
101 pub const fn vnet(&self) -> u32 {
102 extract_bits(self.0, 27, 24)
103 }
104
105 /// If a region permission check fails or a region overlap occurs, this field returns the
106 /// ACE-Lite ID values of the first failed access.
107 ///
108 /// If the status flag for the filter unit in the
109 /// [`InterruptStatusRegister`][crate::InterruptStatusRegister] is already set, new region
110 /// permission check failures in the same filter unit do not update the associated fail status
111 /// group of registers.
112 pub const fn id(&self) -> u32 {
113 // TODO: use AID_WIDTH - 1 as upper bound.
114 extract_bits(self.0, 23, 0)
115 }
116}
117
118#[derive(Debug, Clone, Eq, FromBytes, Immutable, IntoBytes, KnownLayout, PartialEq)]
119#[repr(C, align(4))]
120pub(crate) struct FailRegisters {
121 /// 0x020 + (0x10 * x): Fail address low register.
122 fail_address_low: ReadPure<u32>,
123 /// 0x024 + (0x10 * x): Fail address high register.
124 fail_address_high: ReadPure<u32>,
125 /// 0x028 + (0x10 * x): Fail control register.
126 fail_control: ReadPure<FailControlRegister>,
127 /// 0x02C + (0x10 * x): Fail ID register.
128 fail_id: ReadPure<FailIDRegister>, /* TODO: size depends on configuration: https://developer.arm.com/documentation/ddi0504/c/programmers-model/register-summary?lang=en, footnote d. */
129}
130/// Wrapper structure to allow reading registers detailing the last failure of a filter unit. See
131/// also [`Tzc::fail`][crate::Tzc::filter_failure].
132pub struct TzcFail<'regs> {
133 pub(crate) regs: SharedMmioPointer<'regs, FailRegisters>,
134}
135
136impl<'a> TzcFail<'a> {
137 /// Returns the address of the first access that failed a region permission check in the
138 /// associated filter unit. This occurs even if the [`ActionRegister`][crate::ActionRegister] is
139 /// set to not drive the interrupt signal. See Action register.
140 ///
141 /// The first failing access is defined as the first permission failure in the associated filter
142 /// unit after one of the following occurs:
143 /// - Reset.
144 /// - The last clearance of an interrupt using the
145 /// [`InterruptClearRegister`][crate::InterruptClearRegister].
146 pub fn fail_address(&self) -> u64 {
147 concatenate_address_parts(
148 field_shared!(self.regs, fail_address_low).read(),
149 field_shared!(self.regs, fail_address_high).read(),
150 )
151 }
152
153 /// Returns the [`FailControlRegister`] of this filter.
154 pub fn fail_control(&self) -> FailControlRegister {
155 field_shared!(self.regs, fail_control).read()
156 }
157
158 /// Returns the [`FailIDRegister`] of this filter.
159 pub fn fail_id(&self) -> FailIDRegister {
160 field_shared!(self.regs, fail_id).read()
161 }
162}
163
164#[cfg(test)]
165mod tests {
166 use crate::{tests::FakeTZCRegisters, *};
167
168 #[test]
169 fn fail_oob() {
170 let mut regs = FakeTZCRegisters::new();
171 regs.reg_write(0x008, 0b0000_0000_0000_0010_0000_0000_0000_0000);
172 let tzc = regs.tzc_for_test();
173
174 assert!(tzc.filter_failure(2).is_none());
175 assert!(tzc.filter_failure(3).is_none());
176 assert!(tzc.filter_failure(4).is_none());
177 assert!(tzc.filter_failure(18).is_none());
178 }
179
180 #[test]
181 pub fn fail_address() {
182 let mut regs = FakeTZCRegisters::new();
183 regs.reg_write(0x000, 0b0000_0011_0000_0000_0010_1111_0000_1000);
184 for i in 0..4 {
185 regs.reg_write(0x020 + i * 0x10, 0xabcd_0000);
186 regs.reg_write(0x024 + i * 0x10, 0xfc00 | i as u32);
187 }
188
189 let tzc = regs.tzc_for_test();
190
191 for i in 0..4 {
192 assert_eq!(
193 tzc.filter_failure(i).unwrap().fail_address(),
194 0xfc00_abcd_0000 | ((i as u64) << 32),
195 );
196 }
197 }
198
199 #[test]
200 fn fail_control() {
201 let mut regs = FakeTZCRegisters::new();
202 regs.reg_write(0x000, 0b0000_0011_0000_0000_0010_1111_0000_1000);
203 regs.reg_write(0x028, 0b0000_0001_0010_0000_0000_0000_0000_0000);
204 regs.reg_write(0x038, 0b0000_0000_0011_0000_0000_0000_0000_0000);
205 regs.reg_write(0x048, 0b0000_0001_0000_0000_0000_0000_0000_0000);
206 regs.reg_write(0x058, 0b0000_0000_0001_0000_0000_0000_0000_0000);
207 let tzc = regs.tzc_for_test();
208
209 let fc0 = tzc.filter_failure(0).unwrap().fail_control();
210 let fc1 = tzc.filter_failure(1).unwrap().fail_control();
211 let fc2 = tzc.filter_failure(2).unwrap().fail_control();
212 let fc3 = tzc.filter_failure(3).unwrap().fail_control();
213
214 assert_eq!(fc0.direction(), FailAccessDirection::Write);
215 assert!(!fc0.privileged());
216 assert!(fc0.non_secure());
217
218 assert_eq!(fc1.direction(), FailAccessDirection::Read);
219 assert!(fc1.privileged());
220 assert!(fc1.non_secure());
221
222 assert_eq!(fc2.direction(), FailAccessDirection::Write);
223 assert!(!fc2.privileged());
224 assert!(!fc2.non_secure());
225
226 assert_eq!(fc3.direction(), FailAccessDirection::Read);
227 assert!(fc3.privileged());
228 assert!(!fc3.non_secure());
229 }
230
231 #[test]
232 fn fail_id() {
233 let mut regs = FakeTZCRegisters::new();
234 regs.reg_write(0x000, 0b0000_0011_0000_0000_0010_1111_0000_1000);
235 regs.reg_write(0x02C, 0x05_00_be_ef);
236 regs.reg_write(0x03C, 0x02_de_ad_00);
237 regs.reg_write(0x04C, 0x08_ab_cd_ef);
238 regs.reg_write(0x05C, 0x0f_fe_d0_af);
239 let tzc = regs.tzc_for_test();
240
241 let fid0 = tzc.filter_failure(0).unwrap().fail_id();
242 let fid1 = tzc.filter_failure(1).unwrap().fail_id();
243 let fid2 = tzc.filter_failure(2).unwrap().fail_id();
244 let fid3 = tzc.filter_failure(3).unwrap().fail_id();
245
246 assert_eq!(fid0.vnet(), 5);
247 assert_eq!(fid0.id(), 0xbeef);
248
249 assert_eq!(fid1.vnet(), 2);
250 assert_eq!(fid1.id(), 0xdead00);
251
252 assert_eq!(fid2.vnet(), 8);
253 assert_eq!(fid2.id(), 0xabcdef);
254
255 assert_eq!(fid3.vnet(), 15);
256 assert_eq!(fid3.id(), 0xfed0af);
257 }
258}