From patchwork Thu Sep 19 16:06:42 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andre Przywara <andre.przywara@linaro.org>
X-Patchwork-Id: 20456
Return-Path: <patchwork-forward+bncBCUM3NED3IJBBBGD5SIQKGQEEOAQDCQ@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-qa0-f72.google.com (mail-qa0-f72.google.com
 [209.85.216.72])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 89C9523906
 for <linaro@patches.linaro.org>; Thu, 19 Sep 2013 16:08:36 +0000 (UTC)
Received: by mail-qa0-f72.google.com with SMTP id j7sf6165627qaq.7
 for <linaro@patches.linaro.org>; Thu, 19 Sep 2013 09:08:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject
 :date:message-id:in-reply-to:references:x-original-sender
 :x-original-authentication-results:precedence:mailing-list:list-id
 :list-post:list-help:list-archive:list-unsubscribe;
 bh=4GaeCk5Y4PSdU/MuEw4WGzC4n/+GkZFB3dksURaEMbE=;
 b=D+Y3VZyUb/ZXOwYJawvyQSSJMHhUdZE1FftyV+BX5CUHO0fZMyyQakVmBXaEvZJlbN
 znucQ6kOYipN2ntiVNZdzcmU6xqJg5oKUvJXZN5qeDHrfTkf9NxoH327ZZBN2VjYcFT9
 2dZ91OGRrtAiNIwkHJF8vX7CfsuUWI1MaQ1sqF+n3JnYkyqwZ0K6uYhOGGHdW/k/LY5h
 mPOhC2dVTftVcMnJKddvyV2jNuJKg/PmMA+l2ZJ/NP31Ii29bT8EcrOWWokFQbAiGIvu
 QoEH7d7Zfl9zeWHbWjNHPq9JnGM98EUUn7nNw4ZB/8t/nwzROd0bJCme4bn8uq6LO3kh
 2s8A==
X-Gm-Message-State: ALoCoQkXejvu8zkKrOIYPrCt/SrEikLyJbodIbV0N7JFe/ioR1xaJ+LHaTQXaccFw7Vh27QET8uD
X-Received: by 10.58.255.74 with SMTP id ao10mr150741ved.38.1379606916349;
 Thu, 19 Sep 2013 09:08:36 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.49.39.163 with SMTP id q3ls3864112qek.31.gmail; Thu, 19 Sep
 2013 09:08:36 -0700 (PDT)
X-Received: by 10.58.133.66 with SMTP id pa2mr1859174veb.18.1379606916092;
 Thu, 19 Sep 2013 09:08:36 -0700 (PDT)
Received: from mail-ve0-f169.google.com (mail-ve0-f169.google.com
 [209.85.128.169]) by mx.google.com with ESMTPS id
 zw10si1963254vdb.83.1969.12.31.16.00.00
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Thu, 19 Sep 2013 09:08:36 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.128.169 is neither permitted nor
 denied by best guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 client-ip=209.85.128.169; 
Received: by mail-ve0-f169.google.com with SMTP id db12so7203607veb.0
 for <patchwork-forward@linaro.org>;
 Thu, 19 Sep 2013 09:08:36 -0700 (PDT)
X-Received: by 10.220.144.68 with SMTP id y4mr834064vcu.28.1379606915975;
 Thu, 19 Sep 2013 09:08:35 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patches@linaro.org
Received: by 10.220.174.196 with SMTP id u4csp286297vcz;
 Thu, 19 Sep 2013 09:08:35 -0700 (PDT)
X-Received: by 10.60.96.131 with SMTP id ds3mr1152540oeb.50.1379606915300;
 Thu, 19 Sep 2013 09:08:35 -0700 (PDT)
Received: from mail-ob0-f176.google.com (mail-ob0-f176.google.com
 [209.85.214.176]) by mx.google.com with ESMTPS id
 f9si3569650obv.140.1969.12.31.16.00.00
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Thu, 19 Sep 2013 09:08:35 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.214.176 is neither permitted nor
 denied by best guess record for domain of
 andre.przywara@linaro.org) client-ip=209.85.214.176; 
Received: by mail-ob0-f176.google.com with SMTP id uy5so9802173obc.7
 for <patches@linaro.org>; Thu, 19 Sep 2013 09:08:35 -0700 (PDT)
X-Received: by 10.182.76.38 with SMTP id h6mr11912obw.74.1379606914854;
 Thu, 19 Sep 2013 09:08:34 -0700 (PDT)
Received: from slackpad.drs.calxeda.com (f053081156.adsl.alicedsl.de.
 [78.53.81.156])
 by mx.google.com with ESMTPSA id s9sm4867327obu.4.1969.12.31.16.00.00
 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Thu, 19 Sep 2013 09:08:34 -0700 (PDT)
From: Andre Przywara <andre.przywara@linaro.org>
To: trini@ti.com,
	albert.u.boot@aribaud.net,
	christoffer.dall@linaro.org
Cc: u-boot@lists.denx.de, marc.zyngier@arm.com, peter.maydell@linaro.org,
 agraf@suse.de, geoff.levand@linaro.org, kvmarm@lists.cs.columbia.edu,
 Masahiro Yamada <yamada.m@jp.panasonic.com>,
 Nikolay Nikolaev <nicknickolaev@gmail.com>, patches@linaro.org,
 Andre Przywara <andre.przywara@linaro.org>
Subject: [PATCH v5 4/8] ARM: add C function to switch to non-secure state
Date: Thu, 19 Sep 2013 18:06:42 +0200
Message-Id: <1379606806-439-5-git-send-email-andre.przywara@linaro.org>
X-Mailer: git-send-email 1.7.12.1
In-Reply-To: <1379606806-439-1-git-send-email-andre.przywara@linaro.org>
References: <1379606806-439-1-git-send-email-andre.przywara@linaro.org>
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: andre.przywara@linaro.org
X-Original-Authentication-Results: mx.google.com;       spf=neutral
 (google.com: 209.85.128.169 is neither permitted nor denied by best
 guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Precedence: list
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
List-ID: <patchwork-forward.linaro.org>
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>

The core specific part of the work is done in the assembly routine
in nonsec_virt.S, introduced with the previous patch, but for the full
glory we need to setup the GIC distributor interface once for the
whole system, which is done in C here.
The routine is placed in arch/arm/cpu/armv7 to allow easy access from
other ARMv7 boards.

We check the availability of the security extensions first.

Since we need a safe way to access the GIC, we use the PERIPHBASE
registers on Cortex-A15 and A7 CPUs and do some sanity checks.
Boards not implementing the CBAR can override this value via a
configuration file variable.

Then we actually do the GIC enablement:
a) enable the GIC distributor, both for non-secure and secure state
   (GICD_CTLR[1:0] = 11b)
b) allow all interrupts to be handled from non-secure state
   (GICD_IGROUPRn = 0xFFFFFFFF)

The core specific GIC setup is then done in the assembly routine.

Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
---
 arch/arm/cpu/armv7/Makefile  |   1 +
 arch/arm/cpu/armv7/virt-v7.c | 122 +++++++++++++++++++++++++++++++++++++++++++
 arch/arm/include/asm/armv7.h |   3 ++
 3 files changed, 126 insertions(+)
 create mode 100644 arch/arm/cpu/armv7/virt-v7.c

Changes:
v3..v4: w/s fixes, change GIC address variable, embed error reporting,
        remove bootm part (next patch)
v4..v5: only clear unbanked registers during GIC distributor init

diff --git a/arch/arm/cpu/armv7/Makefile b/arch/arm/cpu/armv7/Makefile
index 3466c7a..024c28b 100644
--- a/arch/arm/cpu/armv7/Makefile
+++ b/arch/arm/cpu/armv7/Makefile
@@ -22,6 +22,7 @@ endif
 
 ifneq ($(CONFIG_ARMV7_NONSEC),)
 SOBJS	+= nonsec_virt.o
+COBJS	+= virt-v7.o
 endif
 
 SRCS	:= $(START:.o=.S) $(COBJS:.o=.c)
diff --git a/arch/arm/cpu/armv7/virt-v7.c b/arch/arm/cpu/armv7/virt-v7.c
new file mode 100644
index 0000000..068ac85
--- /dev/null
+++ b/arch/arm/cpu/armv7/virt-v7.c
@@ -0,0 +1,122 @@
+/*
+ * (C) Copyright 2013
+ * Andre Przywara, Linaro
+ *
+ * Routines to transition ARMv7 processors from secure into non-secure state
+ * needed to enable ARMv7 virtualization for current hypervisors
+ *
+ * See file CREDITS for list of people who contributed to this
+ * project.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
+ * MA 02111-1307 USA
+ */
+
+#include <common.h>
+#include <asm/armv7.h>
+#include <asm/gic.h>
+#include <asm/io.h>
+
+unsigned long gic_dist_addr;
+
+static unsigned int read_id_pfr1(void)
+{
+	unsigned int reg;
+
+	asm("mrc p15, 0, %0, c0, c1, 1\n" : "=r"(reg));
+	return reg;
+}
+
+static unsigned long get_gicd_base_address(void)
+{
+#ifdef CONFIG_ARM_GIC_BASE_ADDRESS
+	return CONFIG_ARM_GIC_BASE_ADDRESS + GIC_DIST_OFFSET;
+#else
+	unsigned midr;
+	unsigned periphbase;
+
+	/* check whether we are an Cortex-A15 or A7.
+	 * The actual HYP switch should work with all CPUs supporting
+	 * the virtualization extension, but we need the GIC address,
+	 * which we know only for sure for those two CPUs.
+	 */
+	asm("mrc p15, 0, %0, c0, c0, 0\n" : "=r"(midr));
+	switch (midr & MIDR_PRIMARY_PART_MASK) {
+	case MIDR_CORTEX_A9_R0P1:
+	case MIDR_CORTEX_A15_R0P0:
+	case MIDR_CORTEX_A7_R0P0:
+		break;
+	default:
+		printf("nonsec: could not determine GIC address.\n");
+		return -1;
+	}
+
+	/* get the GIC base address from the CBAR register */
+	asm("mrc p15, 4, %0, c15, c0, 0\n" : "=r" (periphbase));
+
+	/* the PERIPHBASE can be mapped above 4 GB (lower 8 bits used to
+	 * encode this). Bail out here since we cannot access this without
+	 * enabling paging.
+	 */
+	if ((periphbase & 0xff) != 0) {
+		printf("nonsec: PERIPHBASE is above 4 GB, no access.\n");
+		return -1;
+	}
+
+	return (periphbase & CBAR_MASK) + GIC_DIST_OFFSET;
+#endif
+}
+
+int armv7_switch_nonsec(void)
+{
+	unsigned int reg;
+	unsigned itlinesnr, i;
+
+	/* check whether the CPU supports the security extensions */
+	reg = read_id_pfr1();
+	if ((reg & 0xF0) == 0) {
+		printf("nonsec: Security extensions not implemented.\n");
+		return -1;
+	}
+
+	/* the SCR register will be set directly in the monitor mode handler,
+	 * according to the spec one should not tinker with it in secure state
+	 * in SVC mode. Do not try to read it once in non-secure state,
+	 * any access to it will trap.
+	 */
+
+	gic_dist_addr = get_gicd_base_address();
+	if (gic_dist_addr == -1)
+		return -1;
+
+	/* enable the GIC distributor */
+	writel(readl(gic_dist_addr + GICD_CTLR) | 0x03,
+	       gic_dist_addr + GICD_CTLR);
+
+	/* TYPER[4:0] contains an encoded number of available interrupts */
+	itlinesnr = readl(gic_dist_addr + GICD_TYPER) & 0x1f;
+
+	/* set all bits in the GIC group registers to one to allow access
+	 * from non-secure state. The first 32 interrupts are private per
+	 * CPU and will be set later when enabling the GIC for each core
+	 */
+	for (i = 1; i <= itlinesnr; i++)
+		writel((unsigned)-1, gic_dist_addr + GICD_IGROUPRn + 4 * i);
+
+	/* call the non-sec switching code on this CPU */
+	_nonsec_init();
+
+	return 0;
+}
diff --git a/arch/arm/include/asm/armv7.h b/arch/arm/include/asm/armv7.h
index 3dcfc8f..b352d43 100644
--- a/arch/arm/include/asm/armv7.h
+++ b/arch/arm/include/asm/armv7.h
@@ -77,6 +77,9 @@ void v7_outer_cache_flush_range(u32 start, u32 end);
 void v7_outer_cache_inval_range(u32 start, u32 end);
 
 #ifdef CONFIG_ARMV7_NONSEC
+
+int armv7_switch_nonsec(void);
+
 /* defined in assembly file */
 unsigned int _nonsec_init(void);
 #endif /* CONFIG_ARMV7_NONSEC */