Re: [PATCHv3] arm-virt: add secure pl061 for reset/power down

qemu-arm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCHv3] arm-virt: add secure pl061 for reset/power down

From:	Peter Maydell
Subject:	Re: [PATCHv3] arm-virt: add secure pl061 for reset/power down
Date:	Fri, 8 Jan 2021 14:31:43 +0000

On Wed, 6 Jan 2021 at 16:34, Maxim Uvarov <maxim.uvarov@linaro.org> wrote:
>
> Add secure pl061 for reset/power down machine from
> the secure world (Arm Trusted Firmware).
> Use the same gpio 3 and gpio 4 which were used by
> non acpi variant of linux power control gpios.
>
> Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> ---
>  v3: added missed include qemu/log.h for qemu_log(..
>  v2: replace printf with qemu_log (Philippe Mathieu-Daudé)
>
>  hw/arm/Kconfig        |  1 +
>  hw/arm/virt.c         | 24 ++++++++++++
>  hw/gpio/Kconfig       |  3 ++
>  hw/gpio/gpio_pwr.c    | 85 +++++++++++++++++++++++++++++++++++++++++++
>  hw/gpio/meson.build   |  1 +
>  include/hw/arm/virt.h |  1 +
>  6 files changed, 115 insertions(+)
>  create mode 100644 hw/gpio/gpio_pwr.c

Could you put "Implement new gpio_pwr device" and "wire up
gpio_pwr device in virt board" in separate patches please?
(That is, turn this into a two-patch patchset.)

> +static void create_gpio_secure(const VirtMachineState *vms)
> +{
> +    DeviceState *pl061_dev;
> +    static DeviceState *gpio_pwr_dev;
> +
> +    hwaddr base = vms->memmap[VIRT_SECURE_GPIO].base;
> +    int irq = vms->irqmap[VIRT_SECURE_GPIO];
> +
> +    pl061_dev = sysbus_create_simple("pl061", base,
> +                                     qdev_get_gpio_in(vms->gic, irq));

sysbus_create_simple() will map the device into the default
(NonSecure) address space. You need to pass secure_sysmem into
the create_ function and use that (compare create_uart()).

> +
> +    gpio_pwr_dev = sysbus_create_simple("gpio-pwr", -1,
> +                                        qdev_get_gpio_in(pl061_dev, 3));
> +
> +    qdev_connect_gpio_out(pl061_dev, 3, qdev_get_gpio_in(gpio_pwr_dev, 3));
> +    qdev_connect_gpio_out(pl061_dev, 4, qdev_get_gpio_in(gpio_pwr_dev, 4));
> +}
> +
>  static void create_virtio_devices(const VirtMachineState *vms)
>  {
>      int i;
> @@ -1993,6 +2013,10 @@ static void machvirt_init(MachineState *machine)
>          create_gpio(vms);
>      }
>
> +    if (vms->secure) {
> +        create_gpio_secure(vms);
> +    }

The 'virt' board has strict versioning -- this means that, for
instance, the 'virt-5.2' machine must always look exactly like
the version of 'virt' that shipped in QEMU's 5.2 release, with
no extra guest visible devices. So you need to add the flags
and code so that this new secure PL061 is only present from
virt-6.0 and onwards. This means a flag no_secure_gpio in the
VirtMachineClass and a flag secure_gpio in the VirtMachineState,
a line setting vmc->no_secure_gpio to true in virt_machine_5_2_options(),
code in virt_instance_init() to set vms->secure_gpio from
vmc->no_secure_gpio, and then only create the secure GPIO if
vms->secure_gpio is true. The 'no_its'/'its' flags are the
right pattern to use. (Yes, having no_foo in the class struct
and foo in the state struct is deliberate.)

> diff --git a/hw/gpio/gpio_pwr.c b/hw/gpio/gpio_pwr.c
> new file mode 100644
> index 0000000000..0d0680c9f7
> --- /dev/null
> +++ b/hw/gpio/gpio_pwr.c
> @@ -0,0 +1,85 @@
> +/*
> + * GPIO qemu power controller
> + *
> + * Copyright (c) 2020 Linaro Limited
> + *
> + * Author: Maxim Uvarov <maxim.uvarov@linaro.org>
> + *
> + * Virtual gpio driver which can be used on top of pl061
> + * to reboot and shutdown qemu virtual machine. One of use
> + * case is gpio driver for secure world application (ARM
> + * Trusted Firmware.).
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + */

What is the interface of this device intended to be?
As written it has:
 * 8 input GPIO lines, of which all except 3 and 4 are
   ignored; asserting input line 3 triggers a shutdown,
   and asserting input line 4 triggers a reset
 * one output IRQ line, which is asserted whenever any
   input GPIO line is set to any level, and never cleared

This seems a very weird choice of interface. I was expecting
something much more simple:
 * no output IRQ or GPIO lines
 * two named input GPIO lines:
    'reset' : when asserted, trigger system reset
    'shutdown' : when asserted, trigger system shutdown

thanks
-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCHv3] arm-virt: add secure pl061 for reset/power down, Maxim Uvarov, 2021/01/06
- Re: [PATCHv3] arm-virt: add secure pl061 for reset/power down, Maxim Uvarov, 2021/01/06
- Re: [PATCHv3] arm-virt: add secure pl061 for reset/power down, Philippe Mathieu-Daudé, 2021/01/06
- Re: [PATCHv3] arm-virt: add secure pl061 for reset/power down, Peter Maydell <=

Prev by Date: Re: [PATCH v4 2/3] target/arm: Add cpu properties to control pauth
Next by Date: Re: [PATCH v2 2/2] hw/ssi: imx_spi: Disable chip selects in imx_spi_reset()
Previous by thread: Re: [PATCHv3] arm-virt: add secure pl061 for reset/power down
Next by thread: Re: [PATCH v3] acpi: Permit OEM ID and OEM table ID fields to be changed
Index(es):
- Date
- Thread