From patchwork Fri Mar 4 11:41:31 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 8503181 Return-Path: X-Original-To: patchwork-qemu-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 85D2A9F659 for ; Fri, 4 Mar 2016 11:44:17 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id BD0D6201F2 for ; Fri, 4 Mar 2016 11:44:16 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C6DB4201C7 for ; Fri, 4 Mar 2016 11:44:15 +0000 (UTC) Received: from localhost ([::1]:40511 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1abo9X-0000Ku-5N for patchwork-qemu-devel@patchwork.kernel.org; Fri, 04 Mar 2016 06:44:15 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40789) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1abo7N-0004uO-8X for qemu-devel@nongnu.org; Fri, 04 Mar 2016 06:42:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1abo7L-000163-Se for qemu-devel@nongnu.org; Fri, 04 Mar 2016 06:42:01 -0500 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:56097) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1abo7L-000151-K6 for qemu-devel@nongnu.org; Fri, 04 Mar 2016 06:41:59 -0500 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84) (envelope-from ) id 1abo7L-0001tE-4i for qemu-devel@nongnu.org; Fri, 04 Mar 2016 11:41:59 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 4 Mar 2016 11:41:31 +0000 Message-Id: <1457091713-10138-9-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1457091713-10138-1-git-send-email-peter.maydell@linaro.org> References: <1457091713-10138-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 08/30] hw/arm/virt: Make first flash device Secure-only if booting secure X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP If the virt board is started with the 'secure' property set to request a Secure setup, then make the first flash device be visible only to the Secure world. This is a breaking change, but I don't expect it to be noticed by anybody, because running TZ-aware guests isn't common and those guests are generally going to be booting from the flash and implicitly expecting their Non-secure guests to not touch it. Signed-off-by: Peter Maydell Message-id: 1455288361-30117-5-git-send-email-peter.maydell@linaro.org --- hw/arm/virt.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 49 insertions(+), 14 deletions(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index c1d2832..e53e1ce 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -696,7 +696,8 @@ static void create_virtio_devices(const VirtBoardInfo *vbi, qemu_irq *pic) } static void create_one_flash(const char *name, hwaddr flashbase, - hwaddr flashsize, const char *file) + hwaddr flashsize, const char *file, + MemoryRegion *sysmem) { /* Create and map a single flash device. We use the same * parameters as the flash devices on the Versatile Express board. @@ -723,7 +724,8 @@ static void create_one_flash(const char *name, hwaddr flashbase, qdev_prop_set_string(dev, "name", name); qdev_init_nofail(dev); - sysbus_mmio_map(sbd, 0, flashbase); + memory_region_add_subregion(sysmem, flashbase, + sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0)); if (file) { char *fn; @@ -749,26 +751,59 @@ static void create_one_flash(const char *name, hwaddr flashbase, } } -static void create_flash(const VirtBoardInfo *vbi) +static void create_flash(const VirtBoardInfo *vbi, + MemoryRegion *sysmem, + MemoryRegion *secure_sysmem) { /* Create two flash devices to fill the VIRT_FLASH space in the memmap. * Any file passed via -bios goes in the first of these. + * sysmem is the system memory space. secure_sysmem is the secure view + * of the system, and the first flash device should be made visible only + * there. The second flash device is visible to both secure and nonsecure. + * If sysmem == secure_sysmem this means there is no separate Secure + * address space and both flash devices are generally visible. */ hwaddr flashsize = vbi->memmap[VIRT_FLASH].size / 2; hwaddr flashbase = vbi->memmap[VIRT_FLASH].base; char *nodename; - create_one_flash("virt.flash0", flashbase, flashsize, bios_name); - create_one_flash("virt.flash1", flashbase + flashsize, flashsize, NULL); + create_one_flash("virt.flash0", flashbase, flashsize, + bios_name, secure_sysmem); + create_one_flash("virt.flash1", flashbase + flashsize, flashsize, + NULL, sysmem); - nodename = g_strdup_printf("/flash@%" PRIx64, flashbase); - qemu_fdt_add_subnode(vbi->fdt, nodename); - qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible", "cfi-flash"); - qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", - 2, flashbase, 2, flashsize, - 2, flashbase + flashsize, 2, flashsize); - qemu_fdt_setprop_cell(vbi->fdt, nodename, "bank-width", 4); - g_free(nodename); + if (sysmem == secure_sysmem) { + /* Report both flash devices as a single node in the DT */ + nodename = g_strdup_printf("/flash@%" PRIx64, flashbase); + qemu_fdt_add_subnode(vbi->fdt, nodename); + qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible", "cfi-flash"); + qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", + 2, flashbase, 2, flashsize, + 2, flashbase + flashsize, 2, flashsize); + qemu_fdt_setprop_cell(vbi->fdt, nodename, "bank-width", 4); + g_free(nodename); + } else { + /* Report the devices as separate nodes so we can mark one as + * only visible to the secure world. + */ + nodename = g_strdup_printf("/secflash@%" PRIx64, flashbase); + qemu_fdt_add_subnode(vbi->fdt, nodename); + qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible", "cfi-flash"); + qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", + 2, flashbase, 2, flashsize); + qemu_fdt_setprop_cell(vbi->fdt, nodename, "bank-width", 4); + qemu_fdt_setprop_string(vbi->fdt, nodename, "status", "disabled"); + qemu_fdt_setprop_string(vbi->fdt, nodename, "secure-status", "okay"); + g_free(nodename); + + nodename = g_strdup_printf("/flash@%" PRIx64, flashbase); + qemu_fdt_add_subnode(vbi->fdt, nodename); + qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible", "cfi-flash"); + qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg", + 2, flashbase + flashsize, 2, flashsize); + qemu_fdt_setprop_cell(vbi->fdt, nodename, "bank-width", 4); + g_free(nodename); + } } static void create_fw_cfg(const VirtBoardInfo *vbi, AddressSpace *as) @@ -1185,7 +1220,7 @@ static void machvirt_init(MachineState *machine) machine->ram_size); memory_region_add_subregion(sysmem, vbi->memmap[VIRT_MEM].base, ram); - create_flash(vbi); + create_flash(vbi, sysmem, secure_sysmem ? secure_sysmem : sysmem); create_gic(vbi, pic, gic_version, vms->secure);