diff options
author | spashabk-in <shakeebbk@in.ibm.com> | 2017-06-15 05:46:24 -0500 |
---|---|---|
committer | Sachin Gupta <sgupta2m@in.ibm.com> | 2017-10-04 01:24:38 -0400 |
commit | 794dd51dcb8ee25822dac196200ae396c0c77225 (patch) | |
tree | 611c16aa7e8a6fdf0ef76e22e7a77ac4f55bae96 | |
parent | 4b8ed3f80f35d4de9e913f1fee92a0a95e8f8834 (diff) | |
download | talos-sbe-794dd51dcb8ee25822dac196200ae396c0c77225.tar.gz talos-sbe-794dd51dcb8ee25822dac196200ae396c0c77225.zip |
[Whitelist/Blacklist] - Enable scom filter and testcase addition
Implemented whitelist/blacklist filtering on scom chip-ops
Removed separate scom tetcases and included the same in security
testcases
Included security negative testcases for scom filtering
Change-Id: I41e5aa1a059b7a60b83e8740c738de41dc30dd3f
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41871
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Sachin Gupta <sgupta2m@in.ibm.com>
-rw-r--r-- | src/build/security/securityRegListGen.py | 60 | ||||
-rw-r--r-- | src/sbefw/sbeSecurity.C | 43 | ||||
-rw-r--r-- | src/sbefw/sbeSecurity.H | 5 | ||||
-rw-r--r-- | src/sbefw/sbecmdscomaccess.C | 157 | ||||
-rw-r--r-- | src/sbefw/sbefwfiles.mk | 1 | ||||
-rw-r--r-- | src/sbefw/sbescom.C | 35 | ||||
-rw-r--r-- | src/sbefw/sbescom.H | 7 | ||||
-rw-r--r-- | src/sbefw/sbeutil.H | 8 | ||||
-rwxr-xr-x | src/test/testcases/test.xml | 3 | ||||
-rwxr-xr-x | src/test/testcases/testModifyScom.py | 98 | ||||
-rwxr-xr-x | src/test/testcases/testPutGetInScom.py | 83 | ||||
-rw-r--r--[-rwxr-xr-x] | src/test/testcases/testPutGetScom.py | 102 | ||||
-rwxr-xr-x | src/test/testcases/testPutScomUnderMask.py | 99 | ||||
-rw-r--r-- | src/test/testcases/testSbeDump.py | 5 | ||||
-rwxr-xr-x | src/test/testcases/testScom.xml | 43 | ||||
-rw-r--r-- | src/test/testcases/testScomUtil.py | 125 | ||||
-rw-r--r-- | src/test/testcases/testSecurity.py | 43 | ||||
-rwxr-xr-x | src/tools/debug/simics-debug-framework.py | 4 |
18 files changed, 355 insertions, 566 deletions
diff --git a/src/build/security/securityRegListGen.py b/src/build/security/securityRegListGen.py index 0b9fc591..c7d12db4 100644 --- a/src/build/security/securityRegListGen.py +++ b/src/build/security/securityRegListGen.py @@ -71,7 +71,7 @@ def exit(error, msg = ''): else: if(DEBUG): print "unknown error:exiting" - sys.exit() + sys.exit(1) def remove_duplicates(xlist): xlist = list(set(xlist)) @@ -95,6 +95,14 @@ def gen_file(whitelist_tables, blacklist_tables): tables = (('WHITELIST', 'whitelist', whitelist_tables), ('BLACKLIST', 'blacklist', blacklist_tables)) body = '' + # table 1 range and running count type + table1_range_type = "uint8_t" + table1_index_type = "uint8_t" + # table 2 value and running count type + table2_value_type = "uint8_t" + table2_index_type = "uint8_t" + # table 3 value type + table3_value_type = "uint16_t" for namespace, tablename, table in tables: body += (""" namespace """+namespace+""" @@ -112,7 +120,7 @@ namespace """+namespace+""" 1 byte for running count - we are good with uint8_t till the total paths are less than 256 */ - map_t< range_t<uint8_t>, uint8_t > _t1[] = { + map_t< range_t<"""+table1_range_type+""">, """+table1_index_type+""" > _t1[] = { // length of the table = """+s_list_len(table[0])+""" """+s_table1_gen(tablename, table[0])+""" }; @@ -131,7 +139,7 @@ namespace """+namespace+""" We are good with uint8_t, till the number of paths to table 3 from each key is less than 256 */ - map_t< uint8_t, uint8_t > _t2[] = { + map_t< """+table2_value_type+""", """+table2_index_type+""" > _t2[] = { // length of the table = """+s_list_len(table[1])+""" """+s_table2_gen(tablename, table[1])+""" }; @@ -139,22 +147,29 @@ namespace """+namespace+""" table 3 values = 2 byte value bit 16-31 of the 32-bit address */ - uint16_t _t3[] = { + """+table3_value_type+""" _t3[] = { // length of the table = """+s_list_len(table[2])+""" """+s_table3_gen(tablename, table[2])+""" }; - table< map_t< range_t<uint16_t, uint8_t>, uint8_t > > t1 = - {sizeof(_t1)/sizeof(uint8_t), 0xFF000000, _t1}; - table< map_t< uint8_t, uint8_t > > t2 = - {sizeof(_t2)/sizeof(uint16_t), 0x00FF0000, _t2}; - table<uint16_t> t3 = {sizeof(_t3)/sizeof(uint16_t), 0x0000FFFF, _t3}; + table< map_t< range_t<"""+table1_range_type+""">, """+table1_index_type+""" > > t1 = + {sizeof(_t1)/sizeof(map_t< range_t<"""+table1_range_type+""">, """+table1_index_type+""" >), + 0xFF000000, + _t1}; + table< map_t< """+table2_value_type+""", """+table2_index_type+""" > > t2 = + {sizeof(_t2)/sizeof(map_t< """+table2_value_type+""", """+table2_index_type+""" >), + 0x00FF0000, + _t2}; + table<"""+table3_value_type+"""> t3 = + {sizeof(_t3)/sizeof("""+table3_value_type+"""), + 0x0000FFFF, + _t3}; bool isPresent(uint32_t i_addr) { return SBE_SECURITY::_is_present - < uint16_t, uint8_t, uint8_t, - uint8_t, uint8_t, - uint16_t> + < """+table1_range_type+""", """+table1_index_type+""", + """+table2_value_type+""", """+table2_index_type+""", + """+table3_value_type+"""> (t1, t2, t3, i_addr); } }""") @@ -339,9 +354,9 @@ def get_tables(id, list): # Eg: {0102 : [ABCDEF], 0405 : [ABCDEF, UVWXYZ], 1020 : [UVWXYZ]} # # || # # \/ # - # {0102 : {AB : [CD, EF]}, # - # 0405 : {AB : [CD, EF], UV : [WX, YZ]}, # - # 1020 : {UV : [WX, YZ]}} # + # {0102 : {AB : [CDEF]}, # + # 0405 : {AB : [CDEF], UV : [WXYZ]}, # + # 1020 : {UV : [WXYZ]}} # # -----------------------------------------------------------------# table_range_to_key_to_base = [] for key, values in table_range_to_base.items(): @@ -536,9 +551,9 @@ def main(argv): reader = csv.DictReader(f) for idx, row in enumerate(reader): try: - if(version == 'unknown'): + if(version.lower() == 'unknown'): version = row[TAG_VERSION] - base_addr = row[TAG_BASE_ADDR] + base_addr = row[TAG_BASE_ADDR].lower().split('0x')[-1] # Append 0s for numbers represented by less than 8 chars base_addr = '0'*(8-len(base_addr))+base_addr # Extract the least 32 bit number for base address @@ -550,7 +565,12 @@ def main(argv): # Empty range field considered as error if(chiplet_range[0] == ''): exit(PRINT_AND_EXIT, "Missing chiplet id range") - if(chiplet_range[0] != '0x00'): + if(chiplet_range[0].lower() != '0x00'): + if(chiplet_range[0].lower() != '0x%02x' % (get_chiplet(base_addr))): + print "base_addr",hex(base_addr) + print "get_chiplet(base_addr)",hex(get_chiplet(base_addr)) + print "chiplet_range[0]", chiplet_range[0] + exit(PRINT_AND_EXIT, "Base address is not consistent") base_addr = base_addr & 0x00FFFFFF chiplet_range = [int(ele, 16) for ele in chiplet_range] # Expand base address with ranges @@ -561,12 +581,12 @@ def main(argv): expanded_line = get_effective_address(row[TAG_CHIPLET], expanded_line) if(VERBOSE): print s_list_hex("range:", expanded_range, 8) - if(row[TAG_TYPE] == TAG_NAME_WHITELIST): + if(row[TAG_TYPE].lower() == TAG_NAME_WHITELIST): whitelist_line = expanded_line if(VERBOSE): print s_list_hex("whitelist_line:", whitelist_line, 8) whitelist += whitelist_line - elif(row[TAG_TYPE] == TAG_NAME_BLACKLIST): + elif(row[TAG_TYPE].lower() == TAG_NAME_BLACKLIST): blacklist_line = expanded_line if(VERBOSE): print s_list_hex("blacklist_line:", blacklist_line, 8) diff --git a/src/sbefw/sbeSecurity.C b/src/sbefw/sbeSecurity.C index 0085fc41..60cc3464 100644 --- a/src/sbefw/sbeSecurity.C +++ b/src/sbefw/sbeSecurity.C @@ -6,6 +6,7 @@ /* OpenPOWER sbe Project */ /* */ /* Contributors Listed Below - COPYRIGHT 2017 */ +/* [+] International Business Machines Corp. */ /* */ /* */ /* Licensed under the Apache License, Version 2.0 (the "License"); */ @@ -23,6 +24,7 @@ /* IBM_PROLOG_END_TAG */ #include "sbeSecurity.H" #include "sbetrace.H" +#include "sbeglobals.H" #include "sbeSecurityGen.H" @@ -38,7 +40,7 @@ constexpr uint32_t get_shift_len(uint32_t mask, uint8_t shifts = 0) template <typename Func> map_t<bool, uint32_t> binary_search( const uint32_t search_key, - range_t<uint64_t, uint32_t> x_range, + range_t<uint32_t> x_range, Func get_element) { map_t<bool, uint32_t> ret = {false, 0}; // found=false @@ -77,15 +79,15 @@ bool _is_present(const table< map_t< range_t<M1_T>, M1_U > > &table1, SBE_ENTER(SBE_FUNC); for(size_t i = 0; i < table1.size; i++) { - M1_U key = (i_addr & table1.mask) >> get_shift_len(table1.mask); - if((table1.table[i].key.start <= key) && - (table1.table[i].key.end >= key)) + uint32_t search_key = (i_addr & table1.mask) >> get_shift_len(table1.mask); + if((table1.table[i].key.start <= search_key) && + (table1.table[i].key.end >= search_key)) { - SBE_DEBUG(SBE_FUNC" found key[0x%x] table index[%d]", key, i); + SBE_DEBUG(SBE_FUNC" table1:found key[0x%x] table index[%d]", + search_key, i); // Found the range where key might belong to - uint32_t search_key = (i_addr & table2.mask) >> - get_shift_len(table2.mask); - range_t<uint64_t, uint32_t> search_range = {}; + search_key = (i_addr & table2.mask) >> get_shift_len(table2.mask); + range_t<uint32_t> search_range = {}; search_range.start = i ? table1.table[i-1].value : 0; search_range.end = table1.table[i].value - 1; map_t<bool, uint32_t> search_result = @@ -97,6 +99,9 @@ bool _is_present(const table< map_t< range_t<M1_T>, M1_U > > &table1, }); if(search_result.key == true) { + SBE_DEBUG(SBE_FUNC" table2:found key[0x%x] table index[%d]", + search_key, + search_result.value); // Found the key search_range.start = (search_result.value ? table2.table[search_result.value-1].value : 0); @@ -112,6 +117,9 @@ bool _is_present(const table< map_t< range_t<M1_T>, M1_U > > &table1, }); if(search_result.key == true) { + SBE_DEBUG(SBE_FUNC" table3:found key[0x%x] table index[%d]", + search_key, + search_result.value); // Found the number return true; } @@ -125,15 +133,18 @@ bool _is_present(const table< map_t< range_t<M1_T>, M1_U > > &table1, bool isAllowed(const uint32_t i_addr, accessType type) { - bool ret = false; - if(type == WRITE) - ret = WHITELIST::isPresent(i_addr); - else if(type == READ) - ret = !BLACKLIST::isPresent(i_addr); - if(!ret) + bool ret = true; + if(SBE_GLOBAL->sbeFWSecurityEnabled) { - SBE_INFO("SBE_SECURITY access[%d] denied addr[0x%08x]", - type, i_addr); + if(type == WRITE) + ret = WHITELIST::isPresent(i_addr); + else if(type == READ) + ret = !BLACKLIST::isPresent(i_addr); + if(!ret) + { + SBE_INFO("SBE_SECURITY access[%d] denied addr[0x%08x]", + type, i_addr); + } } return ret; } diff --git a/src/sbefw/sbeSecurity.H b/src/sbefw/sbeSecurity.H index f115ffe3..cda2a732 100644 --- a/src/sbefw/sbeSecurity.H +++ b/src/sbefw/sbeSecurity.H @@ -6,6 +6,7 @@ /* OpenPOWER sbe Project */ /* */ /* Contributors Listed Below - COPYRIGHT 2017 */ +/* [+] International Business Machines Corp. */ /* */ /* */ /* Licensed under the Apache License, Version 2.0 (the "License"); */ @@ -36,11 +37,11 @@ namespace SBE_SECURITY // type to define a range template <typename T> - struct + struct range_t { T start; T end; - } range; + }; // key-value map used for the tables template <typename T, typename U> diff --git a/src/sbefw/sbecmdscomaccess.C b/src/sbefw/sbecmdscomaccess.C index c74ed133..b3524a9a 100644 --- a/src/sbefw/sbecmdscomaccess.C +++ b/src/sbefw/sbecmdscomaccess.C @@ -49,12 +49,12 @@ uint32_t sbeGetScom (uint8_t *i_pArg) uint32_t l_rc = SBE_SEC_OPERATION_SUCCESSFUL; sbeGetScomReqMsg_t l_getScomReqMsg; + sbeRespGenHdr_t l_hdr; + l_hdr.init(); + sbeResponseFfdc_t l_ffdc; do { - uint16_t l_primStatus = SBE_GLOBAL->sbeCmdRespHdr.prim_status; - uint16_t l_secStatus = SBE_GLOBAL->sbeCmdRespHdr.sec_status ; - // Will attempt to dequeue two entries for // the scom addresses plus the expected // EOT entry at the end @@ -69,9 +69,6 @@ uint32_t sbeGetScom (uint8_t *i_pArg) break; } - sbeRespGenHdr_t l_hdr; - l_hdr.init(); - sbeResponseFfdc_t l_ffdc; uint32_t l_len2enqueue = 0; uint32_t l_sbeDownFifoRespBuf[2] = {0}; @@ -80,17 +77,16 @@ uint32_t sbeGetScom (uint8_t *i_pArg) uint64_t l_scomData = 0; SBE_DEBUG(SBE_FUNC"scomAddr[0x%08X%08X]", l_getScomReqMsg.hiAddr, l_getScomReqMsg.lowAddr); - l_rc = checkIndirectAndDoScom(true, l_addr, - l_scomData, - &l_ffdc); + checkIndirectAndDoScom(true, l_addr, + l_scomData, &l_hdr, + &l_ffdc); - if (l_rc != SBE_SEC_OPERATION_SUCCESSFUL) // scom failed + if (l_hdr.secondaryStatus != SBE_SEC_OPERATION_SUCCESSFUL) // scom failed { SBE_ERROR(SBE_FUNC"getscom failed, " "scomAddr[0x%08X%08X]", l_getScomReqMsg.hiAddr, l_getScomReqMsg.lowAddr); - l_primStatus = SBE_PRI_GENERIC_EXECUTION_FAILURE; - l_secStatus = l_rc; + break; } else // successful scom { @@ -112,18 +108,15 @@ uint32_t sbeGetScom (uint8_t *i_pArg) } } // end successful scom - // Build the response header packet + } while(false); - l_hdr.setStatus(l_primStatus, l_secStatus); + if(l_rc == SBE_SEC_OPERATION_SUCCESSFUL) + { + // Build the response header packet l_rc = sbeDsSendRespHdr(l_hdr, &l_ffdc); - if (l_rc) - { - // will let command processor routine - // handle the failure - break; - } - - } while(false); + // will let command processor routine + // handle the failure + } SBE_EXIT(SBE_FUNC); return l_rc; @@ -139,12 +132,12 @@ uint32_t sbePutScom (uint8_t *i_pArg) uint32_t l_rc = SBE_SEC_OPERATION_SUCCESSFUL; sbePutScomReqMsg_t l_putScomReqMsg; + sbeRespGenHdr_t l_hdr; + l_hdr.init(); + sbeResponseFfdc_t l_ffdc; do { - uint16_t l_primStatus = SBE_GLOBAL->sbeCmdRespHdr.prim_status; - uint16_t l_secStatus = SBE_GLOBAL->sbeCmdRespHdr.sec_status ; - // Will attempt to dequeue four entries for // the scom address (two entries) and the // corresponding data (two entries) plus @@ -161,9 +154,6 @@ uint32_t sbePutScom (uint8_t *i_pArg) } uint64_t l_scomData = 0; - sbeRespGenHdr_t l_hdr; - l_hdr.init(); - sbeResponseFfdc_t l_ffdc; // successfully dequeued two entries for // scom address followed by the EOT entry @@ -179,10 +169,10 @@ uint32_t sbePutScom (uint8_t *i_pArg) l_putScomReqMsg.lowAddr; SBE_DEBUG(SBE_FUNC"scomAddr[0x%08X%08X]", l_putScomReqMsg.hiAddr, l_putScomReqMsg.lowAddr); - l_rc = checkIndirectAndDoScom(false, l_addr, - l_scomData, &l_ffdc); + checkIndirectAndDoScom(false, l_addr, + l_scomData, &l_hdr, &l_ffdc); - if (l_rc != SBE_SEC_OPERATION_SUCCESSFUL) // scom failed + if (l_hdr.secondaryStatus != SBE_SEC_OPERATION_SUCCESSFUL) // scom failed { SBE_ERROR(SBE_FUNC"putscom failure data, " "scomAddr[0x%08X%08X], " @@ -191,22 +181,18 @@ uint32_t sbePutScom (uint8_t *i_pArg) l_putScomReqMsg.lowAddr, SBE::higher32BWord(l_scomData), SBE::lower32BWord(l_scomData)); - l_primStatus = SBE_PRI_GENERIC_EXECUTION_FAILURE; - l_secStatus = l_rc; + break; } - // Build the response header packet + } while(false); - l_hdr.setStatus(l_primStatus, l_secStatus); + if(l_rc == SBE_SEC_OPERATION_SUCCESSFUL) + { + // Build the response header packet l_rc = sbeDsSendRespHdr(l_hdr, &l_ffdc); - if (l_rc) - { - // will let command processor routine - // handle the failure - break; - } - - } while(false); + // will let command processor routine + // handle the failure + } SBE_EXIT(SBE_FUNC); return l_rc; @@ -224,12 +210,12 @@ uint32_t sbeModifyScom (uint8_t *i_pArg) uint32_t l_rc = SBE_SEC_OPERATION_SUCCESSFUL; sbeModifyScomReqMsg_t l_modifyScomMsg; + sbeRespGenHdr_t l_hdr; + l_hdr.init(); + sbeResponseFfdc_t l_ffdc; do { - uint16_t l_primStatus = SBE_GLOBAL->sbeCmdRespHdr.prim_status; - uint16_t l_secStatus = SBE_GLOBAL->sbeCmdRespHdr.sec_status ; - // Will attempt to dequeue the following entries: // Entry 1 : Operation Mode // Entry 2 : Scom Register Address (0..31) @@ -248,10 +234,6 @@ uint32_t sbeModifyScom (uint8_t *i_pArg) break; } - sbeRespGenHdr_t l_hdr; - l_hdr.init(); - sbeResponseFfdc_t l_ffdc; - // Modifying Data uint64_t l_modifyingData = l_modifyScomMsg.getModifyingData(); @@ -274,8 +256,8 @@ uint32_t sbeModifyScom (uint8_t *i_pArg) { // Invalid Data passed SBE_ERROR(SBE_FUNC"Invalid OpMode"); - l_primStatus = SBE_PRI_INVALID_DATA; - l_secStatus = SBE_SEC_GENERIC_FAILURE_IN_EXECUTION; + l_hdr.setStatus(SBE_PRI_INVALID_DATA, + SBE_SEC_GENERIC_FAILURE_IN_EXECUTION); break; } @@ -284,16 +266,14 @@ uint32_t sbeModifyScom (uint8_t *i_pArg) uint64_t l_scomData = 0; SBE_DEBUG(SBE_FUNC"scomAddr[0x%08X%08X]", l_modifyScomMsg.hiAddr, l_modifyScomMsg.lowAddr); - l_rc = checkIndirectAndDoScom(true, l_addr, - l_scomData, &l_ffdc); + checkIndirectAndDoScom(true, l_addr, + l_scomData, &l_hdr, &l_ffdc); - if (l_rc != SBE_SEC_OPERATION_SUCCESSFUL) // scom failed + if (l_hdr.secondaryStatus != SBE_SEC_OPERATION_SUCCESSFUL) // scom failed { SBE_ERROR(SBE_FUNC"getscom failed," " ScomAddress[0x%08X %08X]", l_modifyScomMsg.hiAddr, l_modifyScomMsg.lowAddr); - l_primStatus = SBE_PRI_GENERIC_EXECUTION_FAILURE; - l_secStatus = l_rc; break; } @@ -311,10 +291,10 @@ uint32_t sbeModifyScom (uint8_t *i_pArg) } // Write the modified data - l_rc = checkIndirectAndDoScom(false, l_addr, - l_modifyingData, &l_ffdc); + checkIndirectAndDoScom(false, l_addr, + l_modifyingData, &l_hdr, &l_ffdc); - if (l_rc != SBE_SEC_OPERATION_SUCCESSFUL) // scom failed + if (l_hdr.secondaryStatus != SBE_SEC_OPERATION_SUCCESSFUL) // scom failed { SBE_ERROR(SBE_FUNC"putscom failed," " ScomAddress[0x%08X%08X]", @@ -322,21 +302,20 @@ uint32_t sbeModifyScom (uint8_t *i_pArg) SBE_ERROR(SBE_FUNC"modifyingData[0x%08X%08X]", SBE::higher32BWord(l_modifyingData), SBE::lower32BWord(l_modifyingData)); - l_primStatus = SBE_PRI_GENERIC_EXECUTION_FAILURE; - l_secStatus = l_rc; break; } } while (false); - // Build the response header packet - - l_hdr.setStatus(l_primStatus, l_secStatus); - l_rc = sbeDsSendRespHdr(l_hdr, &l_ffdc); - if (l_rc) + if(l_rc == SBE_SEC_OPERATION_SUCCESSFUL) { - // will let command processor routine - // handle the failure - break; + // Build the response header packet + l_rc = sbeDsSendRespHdr(l_hdr, &l_ffdc); + if (l_rc) + { + // will let command processor routine + // handle the failure + break; + } } } while(false); @@ -355,12 +334,12 @@ uint32_t sbePutScomUnderMask (uint8_t *i_pArg) uint32_t l_rc = SBE_SEC_OPERATION_SUCCESSFUL; sbePutScomUnderMaskReqMsg_t l_putScomUmaskMsg; + sbeRespGenHdr_t l_hdr; + l_hdr.init(); + sbeResponseFfdc_t l_ffdc; do { - uint16_t l_primStatus = SBE_GLOBAL->sbeCmdRespHdr.prim_status; - uint16_t l_secStatus = SBE_GLOBAL->sbeCmdRespHdr.sec_status ; - // Will attempt to dequeue the following entries: // Entry 1 : Scom Register Address (0..31) // Entry 2 : Scom Register Address (32..63) @@ -381,10 +360,6 @@ uint32_t sbePutScomUnderMask (uint8_t *i_pArg) break; } - sbeRespGenHdr_t l_hdr; - l_hdr.init(); - sbeResponseFfdc_t l_ffdc; - SBE_DEBUG(SBE_FUNC"scomAddr[0x%08X%08X]," "modifyingData[0x%08X%08X]", l_putScomUmaskMsg.hiAddr, @@ -404,19 +379,19 @@ uint32_t sbePutScomUnderMask (uint8_t *i_pArg) uint64_t l_addr = ( (uint64_t) l_putScomUmaskMsg.hiAddr << 32) | l_putScomUmaskMsg.lowAddr; - l_rc = checkIndirectAndDoScom(true, l_addr, - l_scomData, &l_ffdc); + checkIndirectAndDoScom(true, l_addr, + l_scomData, &l_hdr, &l_ffdc); - if (l_rc == SBE_SEC_OPERATION_SUCCESSFUL) // scom success + if (l_hdr.secondaryStatus == SBE_SEC_OPERATION_SUCCESSFUL) // scom success { l_putScomUmaskMsg.getScomData(l_scomData); // Write the modified data - l_rc = checkIndirectAndDoScom(false, l_addr, - l_scomData, &l_ffdc); + checkIndirectAndDoScom(false, l_addr, + l_scomData, &l_hdr, &l_ffdc); } - if (l_rc != SBE_SEC_OPERATION_SUCCESSFUL) // scom failed + if (l_hdr.secondaryStatus != SBE_SEC_OPERATION_SUCCESSFUL) // scom failed { SBE_ERROR(SBE_FUNC"scom failed, " "ScomAddress[0x%08X%08X]", @@ -429,22 +404,18 @@ uint32_t sbePutScomUnderMask (uint8_t *i_pArg) l_putScomUmaskMsg.hiMaskData, l_putScomUmaskMsg.lowMaskData); - l_primStatus = SBE_PRI_GENERIC_EXECUTION_FAILURE; - l_secStatus = l_rc; break; } } while (false); + } while(false); + if(l_rc == SBE_SEC_OPERATION_SUCCESSFUL) + { // Build the response header packet - l_hdr.setStatus(l_primStatus, l_secStatus); l_rc = sbeDsSendRespHdr(l_hdr, &l_ffdc); - if (l_rc) - { - // will let command processor routine - // handle the failure - break; - } - } while(false); + // will let command processor routine + // handle the failure + } SBE_EXIT(SBE_FUNC); return l_rc; diff --git a/src/sbefw/sbefwfiles.mk b/src/sbefw/sbefwfiles.mk index 439c4bb6..dbfb7678 100644 --- a/src/sbefw/sbefwfiles.mk +++ b/src/sbefw/sbefwfiles.mk @@ -54,6 +54,7 @@ SBEFW-CPP-SOURCES += sbeSpMsg.C SBEFW-CPP-SOURCES += sbeglobals.C SBEFW-CPP-SOURCES += sbeMemAccessInterface.C SBEFW-CPP-SOURCES += sbeSecureMemRegionManager.C +SBEFW-CPP-SOURCES += sbeSecurity.C SBEFW-C-SOURCES = SBEFW-S-SOURCES = diff --git a/src/sbefw/sbescom.C b/src/sbefw/sbescom.C index 634c8868..c38827c8 100644 --- a/src/sbefw/sbescom.C +++ b/src/sbefw/sbescom.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER sbe Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2016 */ +/* Contributors Listed Below - COPYRIGHT 2016,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -29,6 +29,7 @@ #include "plat_hw_access.H" #include "plat_target.H" #include "sbescom.H" +#include "sbeSecurity.H" using namespace fapi2; /** @@ -66,14 +67,14 @@ enum sbeScomType SBE_SCOM_TYPE_INDIRECT_2 = 2, // Indirect scom. New form }; -uint32_t checkIndirectAndDoScom( const bool i_isRead, - const uint64_t i_addr, - uint64_t & io_data, - sbeResponseFfdc_t *const o_ffdc) +void checkIndirectAndDoScom( const bool i_isRead, + const uint64_t i_addr, + uint64_t & io_data, + sbeRespGenHdr_t *const o_hdr, + sbeResponseFfdc_t *const o_ffdc) { #define SBE_FUNC " checkIndirectAndDoScom " - uint32_t l_rc = SBE_SEC_OPERATION_SUCCESSFUL; uint32_t elapsedIndScomTimeNs = 0; uint64_t tempBuffer = io_data; sbeScomType scomType = SBE_SCOM_TYPE_DIRECT; @@ -85,6 +86,11 @@ uint32_t checkIndirectAndDoScom( const bool i_isRead, { plat_target_handle_t l_hndl; SBE_INFO(SBE_FUNC "Performing Direct scom."); + CHECK_SBE_SECURITY_RC_AND_BREAK_IF_NOT_SUCCESS( + static_cast<uint32_t>(i_addr), + (i_isRead ? SBE_SECURITY::READ : SBE_SECURITY::WRITE), + o_hdr->primaryStatus, + o_hdr->secondaryStatus) if( i_isRead ) { fapiRc = getscom_abs_wrap (&l_hndl, (uint32_t)i_addr, @@ -106,7 +112,8 @@ uint32_t checkIndirectAndDoScom( const bool i_isRead, { // Not allowed write on new format. SBE_ERROR(SBE_FUNC "Read not allowed in new form"); - l_rc = SBE_SEC_INVALID_ADDRESS_PASSED; + o_hdr->primaryStatus = SBE_PRI_GENERIC_EXECUTION_FAILURE; + o_hdr->secondaryStatus = SBE_SEC_INVALID_ADDRESS_PASSED; break; } // Zero out the indirect address location.. leave the 52bits of data @@ -134,6 +141,11 @@ uint32_t checkIndirectAndDoScom( const bool i_isRead, // bit 48-63 - local addr uint64_t tempAddr = i_addr & 0x000000007FFFFFFF; plat_target_handle_t l_hndl; + CHECK_SBE_SECURITY_RC_AND_BREAK_IF_NOT_SUCCESS( + static_cast<uint32_t>(tempAddr), + (i_isRead ? SBE_SECURITY::READ : SBE_SECURITY::WRITE), + o_hdr->primaryStatus, + o_hdr->secondaryStatus) // If we are doing a read. We need to do a write first.. if( i_isRead) @@ -191,7 +203,8 @@ uint32_t checkIndirectAndDoScom( const bool i_isRead, if( ! scomout.done) { SBE_ERROR(SBE_FUNC "Indirect scom timeout."); - l_rc = SBE_SEC_HW_OP_TIMEOUT; + o_hdr->primaryStatus = SBE_PRI_GENERIC_EXECUTION_FAILURE; + o_hdr->secondaryStatus = SBE_SEC_HW_OP_TIMEOUT; break; } @@ -199,11 +212,11 @@ uint32_t checkIndirectAndDoScom( const bool i_isRead, if (fapiRc != FAPI2_RC_SUCCESS) { - l_rc = SBE_SEC_PCB_PIB_ERR; + o_hdr->primaryStatus = SBE_PRI_GENERIC_EXECUTION_FAILURE; + o_hdr->secondaryStatus = SBE_SEC_PCB_PIB_ERR; if(o_ffdc) o_ffdc->setRc(fapiRc); } - SBE_DEBUG(SBE_FUNC "fapiRc:%u l_rc:0x%08X", fapiRc, l_rc); - return l_rc; + SBE_DEBUG(SBE_FUNC "fapiRc:%u o_hdr->secondaryStatus:0x%08X", fapiRc, o_hdr->secondaryStatus); } diff --git a/src/sbefw/sbescom.H b/src/sbefw/sbescom.H index 7241634f..86c16379 100644 --- a/src/sbefw/sbescom.H +++ b/src/sbefw/sbescom.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER sbe Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2016 */ +/* Contributors Listed Below - COPYRIGHT 2016,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -30,11 +30,12 @@ * @param[in] i_isRead True if read operation, false otherwise * @param[in] i_addr scom addess * @param[in] io_data data for scom operation. For read, it is output operand. + * @param[out] o_hdr response header object * @param[out] o_ffdc ffdc object * - * @return seconday error code. */ -uint32_t checkIndirectAndDoScom( const bool i_isRead, +void checkIndirectAndDoScom( const bool i_isRead, const uint64_t i_addr, uint64_t & io_data, + sbeRespGenHdr_t *const o_hdr, sbeResponseFfdc_t *const o_ffdc); diff --git a/src/sbefw/sbeutil.H b/src/sbefw/sbeutil.H index 58614fb3..39a3e25c 100644 --- a/src/sbefw/sbeutil.H +++ b/src/sbefw/sbeutil.H @@ -46,6 +46,14 @@ if ((l_rc) != SBE_SEC_OPERATION_SUCCESSFUL) \ break; \ } +#define CHECK_SBE_SECURITY_RC_AND_BREAK_IF_NOT_SUCCESS(addr, op, prim, sec) \ +if (!SBE_SECURITY::isAllowed(addr, op)) \ +{ \ + prim = SBE_PRI_UNSECURE_ACCESS_DENIED; \ + sec = SBE_SEC_BLACKLISTED_REG_ACCESS; \ + break; \ +} + #define mfdec() \ ({volatile uint32_t l_dec; \ asm volatile ("mfdec %0" : "=r" (l_dec)); \ diff --git a/src/test/testcases/test.xml b/src/test/testcases/test.xml index a56da5de..6cbdcc17 100755 --- a/src/test/testcases/test.xml +++ b/src/test/testcases/test.xml @@ -33,7 +33,7 @@ <include>../simics/targets/p9_nimbus/sbeTest/testPSUSetStashPair.xml</include> <include>../simics/targets/p9_nimbus/sbeTest/testIstep.xml</include> <include>../simics/targets/p9_nimbus/sbeTest/testSuspendIO.xml</include> - <include>../simics/targets/p9_nimbus/sbeTest/testScom.xml</include> + <include>../simics/targets/p9_nimbus/sbeTest/testSecurity.xml</include> <include>../simics/targets/p9_nimbus/sbeTest/testGeneric.xml</include> <!-- Memory access testcases --> <include>../simics/targets/p9_nimbus/sbeTest/testUnsecureMemRegions.xml</include> @@ -52,7 +52,6 @@ <include>../simics/targets/p9_nimbus/sbeTest/testExecutorPutRing.xml</include> <include>../simics/targets/p9_nimbus/sbeTest/testFastAccess.xml</include> <include>../simics/targets/p9_nimbus/sbeTest/testQuiesce.xml</include> - <include>../simics/targets/p9_nimbus/sbeTest/testSecurity.xml</include> <testcase> <simcmd>sbe-trace 0</simcmd> </testcase> diff --git a/src/test/testcases/testModifyScom.py b/src/test/testcases/testModifyScom.py deleted file mode 100755 index 487dae5b..00000000 --- a/src/test/testcases/testModifyScom.py +++ /dev/null @@ -1,98 +0,0 @@ -# IBM_PROLOG_BEGIN_TAG -# This is an automatically generated prolog. -# -# $Source: src/test/testcases/testModifyScom.py $ -# -# OpenPOWER sbe Project -# -# Contributors Listed Below - COPYRIGHT 2016 -# [+] International Business Machines Corp. -# -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. See the License for the specific language governing -# permissions and limitations under the License. -# -# IBM_PROLOG_END_TAG -import sys -sys.path.append("targets/p9_nimbus/sbeTest" ) -import testUtil -err = False -#from testWrite import * - - -PUTSCOM_TESTDATA = [0,0,0,6, - 0,0,0xA2,0x02, - 0,0,0x0,0x00, - 0,0x05,0x00,0x3E, #scratch reg 7 (32-bit) - 0x00,0xff,0x00,0xff, - 0x00,0x00,0x00,0x00 ] - -PUTSCOM_EXPDATA = [0xc0,0xde,0xa2,0x02, - 0x0,0x0,0x0,0x0, - 0x00,0x0,0x0,0x03]; - - -MODIFYSCOM_TESTDATA = [0,0,0,7, - 0,0,0xA2,0x03, - 0,0,0x0,0x01, - 0,0,0x0,0x00, - 0,0x05,0x00,0x3E, - 0xde,0x00,0xff,0x00, - 0x00,0x00,0x00,0x00] - -MODIFYSCOM_EXPDATA = [0xc0,0xde,0xa2,0x03, - 0x0,0x0,0x0,0x0, - 0x00,0x0,0x0,0x03]; - -GETSCOM4MODIFYSCOM_TESTDATA = [0,0,0,4, - 0,0,0xA2,0x01, - 0,0,0x0,0x00, - 0,0x05,0x0,0x3E] - -GETSCOM4MODIFYSCOM_EXPDATA = [0xde,0xff,0xff,0xff, - 0x00,0x00,0x00,0x00, - 0xc0,0xde,0xa2,0x01, - 0x0,0x0,0x0,0x0, - 0x00,0x0,0x0,0x03]; - -# MAIN Test Run Starts Here... -#------------------------------------------------- -def main( ): - testUtil.runCycles( 10000000 ) - - testUtil.writeUsFifo( PUTSCOM_TESTDATA ) - testUtil.writeEot( ) - testUtil.readDsFifo( PUTSCOM_EXPDATA ) - testUtil.readEot( ) - - testUtil.writeUsFifo( MODIFYSCOM_TESTDATA ) - testUtil.writeEot( ) - testUtil.readDsFifo( MODIFYSCOM_EXPDATA ) - testUtil.readEot( ) - - testUtil.writeUsFifo( GETSCOM4MODIFYSCOM_TESTDATA ) - testUtil.writeEot( ) - testUtil.readDsFifo( GETSCOM4MODIFYSCOM_EXPDATA ) - testUtil.readEot( ) - -#------------------------------------------------- -# Calling all test code -#------------------------------------------------- -main() - -if err: - print ("\nTest Suite completed with error(s)") - #sys.exit(1) -else: - print ("\nTest Suite completed with no errors") - #sys.exit(0); - diff --git a/src/test/testcases/testPutGetInScom.py b/src/test/testcases/testPutGetInScom.py deleted file mode 100755 index 2aecb0e6..00000000 --- a/src/test/testcases/testPutGetInScom.py +++ /dev/null @@ -1,83 +0,0 @@ -# IBM_PROLOG_BEGIN_TAG -# This is an automatically generated prolog. -# -# $Source: src/test/testcases/testPutGetInScom.py $ -# -# OpenPOWER sbe Project -# -# Contributors Listed Below - COPYRIGHT 2015,2016 -# [+] International Business Machines Corp. -# -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. See the License for the specific language governing -# permissions and limitations under the License. -# -# IBM_PROLOG_END_TAG - -import sys -sys.path.append("targets/p9_nimbus/sbeTest" ) -import testUtil -err = False -#from testWrite import * - -# @TODO via RTC : 141905 -# Modify the test sequence in such a way that -# the test does not leave the Register value altered. - -# Indirect scom form 0 test case -PUTSCOM_TESTDATA = [0,0,0,6, - 0,0,0xA2,0x02, - 0x80,0x0,0x0,0x83, - 0x0D,0x01,0x0C,0x3F, - 0xde,0xca,0xff,0xee, - 0x00,0x00,0x12,0x34 ] - -PUTSCOM_EXPDATA = [0xc0,0xde,0xa2,0x02, - 0x0,0x0,0x0,0x0, - 0x00,0x0,0x0,0x03]; - -GETSCOM_TESTDATA = [0,0,0,4, - 0,0,0xA2,0x01, - 0x80,0x0,0x0,0x83, - 0x0D,0x01,0x0C,0x3F] - -GETSCOM_EXPDATA = [0x00,0x00,0x00,0x00, - 0x00,0x00,0x12,0x34, # Only last 16 bits will be returned - 0xc0,0xde,0xa2,0x01, - 0x0,0x0,0x0,0x0, - 0x00,0x0,0x0,0x03]; - -# MAIN Test Run Starts Here... -#------------------------------------------------- -def main( ): - testUtil.runCycles( 10000000 ) - testUtil.writeUsFifo( PUTSCOM_TESTDATA ) - testUtil.writeEot( ) - testUtil.readDsFifo( PUTSCOM_EXPDATA ) - testUtil.readEot( ) - testUtil.writeUsFifo( GETSCOM_TESTDATA ) - testUtil.writeEot( ) - testUtil.readDsFifo( GETSCOM_EXPDATA ) - testUtil.readEot( ) - -#------------------------------------------------- -# Calling all test code -#------------------------------------------------- -main() - -if err: - print ("\nTest Suite completed with error(s)") - #sys.exit(1) -else: - print ("\nTest Suite completed with no errors") - #sys.exit(0); - diff --git a/src/test/testcases/testPutGetScom.py b/src/test/testcases/testPutGetScom.py index 6378e114..8b5fe5ce 100755..100644 --- a/src/test/testcases/testPutGetScom.py +++ b/src/test/testcases/testPutGetScom.py @@ -5,7 +5,7 @@ # # OpenPOWER sbe Project # -# Contributors Listed Below - COPYRIGHT 2015,2016 +# Contributors Listed Below - COPYRIGHT 2016,2017 # [+] International Business Machines Corp. # # @@ -22,98 +22,12 @@ # permissions and limitations under the License. # # IBM_PROLOG_END_TAG +import os import sys -sys.path.append("targets/p9_nimbus/sbeTest" ) -import testUtil -err = False -#from testWrite import * - -# @TODO via RTC : 141905 -# Modify the test sequence in such a way that -# the test does not leave the Register value altered. - -PUTSCOM_TESTDATA = [0,0,0,6, - 0,0,0xA2,0x02, - 0,0,0x0,0x00, - 0,0x05,0x00,0x3E, #scratch reg 7 (32-bit) - 0xde,0xca,0xff,0xee, - 0x00,0x00,0x00,0x00 ] - -PUTSCOM_TESTDATA_INVALID = [0,0,0,6, - 0,0,0xA2,0x02, - 0,0,0x0,0x00, - # TODO via RTC 152952: This address is invalid for - # Nimbus but not for Cumulus - 0x0a,0x00,0x00,0x00, - 0xde,0xca,0xff,0xee, - 0x00,0x00,0x00,0x00 ] - -PUTSCOM_EXPDATA = [0xc0,0xde,0xa2,0x02, - 0x0,0x0,0x0,0x0, - 0x00,0x0,0x0,0x03]; - -PUTSCOM_EXPDATA_INVALID = [0xc0,0xde,0xa2,0x02, - 0x0,0xfe,0x0,0x11] -GETSCOM_TESTDATA = [0,0,0,4, - 0,0,0xA2,0x01, - 0,0,0x0,0x00, - 0,0x05,0x0,0x3E] - -GETSCOM_TESTDATA_INVALID = [0,0,0,4, - 0,0,0xA2,0x01, - 0,0,0x0,0x00, - # TODO via RTC: 152952: This address is invalid for - # Nimbus but not for Cumulus - 0x0a,0x0,0x0,0x0] - -GETSCOM_EXPDATA = [0xde,0xca,0xff,0xee, - 0x00,0x00,0x00,0x00, - 0xc0,0xde,0xa2,0x01, - 0x0,0x0,0x0,0x0, - 0x00,0x0,0x0,0x03]; - -GETSCOM_EXPDATA_INVALID = [0xc0,0xde,0xa2,0x01, - 0x0,0xfe,0x0,0x11] -# MAIN Test Run Starts Here... -#------------------------------------------------- -def main( ): - testUtil.runCycles( 10000000 ) - print ("\nStarting putscom test") - testUtil.writeUsFifo( PUTSCOM_TESTDATA ) - testUtil.writeEot( ) - testUtil.readDsFifo( PUTSCOM_EXPDATA ) - testUtil.readEot( ) - print ("\nStarting invalid putscom test") - testUtil.writeUsFifo( PUTSCOM_TESTDATA_INVALID ) - testUtil.writeEot( ) - testUtil.readDsFifo( PUTSCOM_EXPDATA_INVALID ) - testUtil.extractHWPFFDC( ) - #flush out distance - testUtil.readDsEntryReturnVal() - testUtil.readEot( ) - print ("\nStarting getscom test") - testUtil.writeUsFifo( GETSCOM_TESTDATA ) - testUtil.writeEot( ) - testUtil.readDsFifo( GETSCOM_EXPDATA ) - testUtil.readEot( ) - print ("\nStarting invalid getscom test") - testUtil.writeUsFifo( GETSCOM_TESTDATA_INVALID ) - testUtil.writeEot( ) - testUtil.readDsFifo( GETSCOM_EXPDATA_INVALID ) - testUtil.extractHWPFFDC( ) - #flush out distance - testUtil.readDsEntryReturnVal() - testUtil.readEot( ) - -#------------------------------------------------- -# Calling all test code -#------------------------------------------------- -main() - -if err: - print ("\nTest Suite completed with error(s)") - #sys.exit(1) -else: - print ("\nTest Suite completed with no errors") - #sys.exit(0); +import struct +import testScomUtil +# getscom success +testScomUtil.getscom(0x0204001A) +# putscom success +testScomUtil.putscom(0x000F001A, testScomUtil.getscom(0x000F001A)) diff --git a/src/test/testcases/testPutScomUnderMask.py b/src/test/testcases/testPutScomUnderMask.py deleted file mode 100755 index 200c57a9..00000000 --- a/src/test/testcases/testPutScomUnderMask.py +++ /dev/null @@ -1,99 +0,0 @@ -# IBM_PROLOG_BEGIN_TAG -# This is an automatically generated prolog. -# -# $Source: src/test/testcases/testPutScomUnderMask.py $ -# -# OpenPOWER sbe Project -# -# Contributors Listed Below - COPYRIGHT 2016 -# [+] International Business Machines Corp. -# -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. See the License for the specific language governing -# permissions and limitations under the License. -# -# IBM_PROLOG_END_TAG -import sys -sys.path.append("targets/p9_nimbus/sbeTest" ) -import testUtil -err = False -#from testWrite import * - -PUTSCOM_TESTDATA = [0,0,0,6, - 0,0,0xA2,0x02, - 0,0,0x0,0x00, - 0,0x05,0x00,0x3E, #scratch reg 7 (32-bit) - 0xff,0xff,0xff,0xff, - 0x00,0x00,0x00,0x00 ] - -PUTSCOM_EXPDATA = [0xc0,0xde,0xa2,0x02, - 0x0,0x0,0x0,0x0, - 0x00,0x0,0x0,0x03]; - - -PUTSCOMUMASK_TESTDATA = [0,0,0,8, - 0,0,0xA2,0x04, - 0,0,0x0,0x00, - 0,0x05,0x00,0x3E, - 0xde,0xca,0xff,0xee, - 0x00,0x00,0x00,0x00, - 0xff,0x00,0xff,0x00, - 0x00,0x00,0x00,0x00] - - -PUTSCOMUMASK_EXPDATA = [0xc0,0xde,0xa2,0x04, - 0x0,0x0,0x0,0x0, - 0x00,0x0,0x0,0x03]; - -GETSCOMUMASK_TESTDATA = [0,0,0,4, - 0,0,0xA2,0x01, - 0,0,0x0,0x00, - 0,0x05,0x0,0x3E] - -GETSCOMUMASK_EXPDATA = [0xde, 0xff, 0xff, 0xff, - 0x00, 0x00, 0x00, 0x00, - 0xc0,0xde,0xa2,0x01, - 0x0,0x0,0x0,0x0, - 0x00,0x0,0x0,0x03]; - -# MAIN Test Run Starts Here... -#------------------------------------------------- -def main( ): - testUtil.runCycles( 10000000 ) - - testUtil.writeUsFifo( PUTSCOM_TESTDATA ) - testUtil.writeEot( ) - testUtil.readDsFifo( PUTSCOM_EXPDATA ) - testUtil.readEot( ) - - testUtil.writeUsFifo( PUTSCOMUMASK_TESTDATA ) - testUtil.writeEot( ) - testUtil.readDsFifo( PUTSCOMUMASK_EXPDATA ) - testUtil.readEot( ) - - testUtil.writeUsFifo( GETSCOMUMASK_TESTDATA ) - testUtil.writeEot( ) - testUtil.readDsFifo( GETSCOMUMASK_EXPDATA ) - testUtil.readEot( ) - -#------------------------------------------------- -# Calling all test code -#------------------------------------------------- -main() - -if err: - print ("\nTest Suite completed with error(s)") - #sys.exit(1) -else: - print ("\nTest Suite completed with no errors") - #sys.exit(0); - diff --git a/src/test/testcases/testSbeDump.py b/src/test/testcases/testSbeDump.py index 01ae81a7..f4f472a2 100644 --- a/src/test/testcases/testSbeDump.py +++ b/src/test/testcases/testSbeDump.py @@ -26,6 +26,7 @@ import sys sys.path.append("targets/p9_nimbus/sbeTest") import testUtil err = False +import testScomUtil #from testWrite import * TESTDATA = [0, 0, 0, 2, @@ -39,6 +40,10 @@ EXPDATA = [0xc0, 0xde, 0xa8, 0x01, #------------------------------------------------- def main(): testUtil.runCycles(10000000) + + # Generate FSPI rc + testScomUtil.getscom(0x0A000000, [0x00, 0xFE, 0x00, 0x11], True) + testUtil.writeUsFifo(TESTDATA) testUtil.writeEot() diff --git a/src/test/testcases/testScom.xml b/src/test/testcases/testScom.xml deleted file mode 100755 index 8b536031..00000000 --- a/src/test/testcases/testScom.xml +++ /dev/null @@ -1,43 +0,0 @@ -<!-- IBM_PROLOG_BEGIN_TAG --> -<!-- This is an automatically generated prolog. --> -<!-- --> -<!-- $Source: src/test/testcases/testScom.xml $ --> -<!-- --> -<!-- OpenPOWER sbe Project --> -<!-- --> -<!-- Contributors Listed Below - COPYRIGHT 2015,2016 --> -<!-- [+] International Business Machines Corp. --> -<!-- --> -<!-- --> -<!-- Licensed under the Apache License, Version 2.0 (the "License"); --> -<!-- you may not use this file except in compliance with the License. --> -<!-- You may obtain a copy of the License at --> -<!-- --> -<!-- http://www.apache.org/licenses/LICENSE-2.0 --> -<!-- --> -<!-- Unless required by applicable law or agreed to in writing, software --> -<!-- distributed under the License is distributed on an "AS IS" BASIS, --> -<!-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or --> -<!-- implied. See the License for the specific language governing --> -<!-- permissions and limitations under the License. --> -<!-- --> -<!-- IBM_PROLOG_END_TAG --> -<?xml version="1.0" encoding="UTF-8"?> - - <testcase> - <simcmd>run-python-file targets/p9_nimbus/sbeTest/testPutGetScom.py</simcmd> - <exitonerror>yes</exitonerror> - </testcase> - <testcase> - <simcmd>run-python-file targets/p9_nimbus/sbeTest/testPutScomUnderMask.py</simcmd> - <exitonerror>yes</exitonerror> - </testcase> - <testcase> - <simcmd>run-python-file targets/p9_nimbus/sbeTest/testModifyScom.py</simcmd> - <exitonerror>yes</exitonerror> - </testcase> - <testcase> - <simcmd>run-python-file targets/p9_nimbus/sbeTest/testPutGetInScom.py</simcmd> - <exitonerror>yes</exitonerror> - </testcase> - diff --git a/src/test/testcases/testScomUtil.py b/src/test/testcases/testScomUtil.py new file mode 100644 index 00000000..23b20005 --- /dev/null +++ b/src/test/testcases/testScomUtil.py @@ -0,0 +1,125 @@ +# IBM_PROLOG_BEGIN_TAG +# This is an automatically generated prolog. +# +# $Source: src/test/testcases/testScomUtil.py $ +# +# OpenPOWER sbe Project +# +# Contributors Listed Below - COPYRIGHT 2017 +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. +# +# IBM_PROLOG_END_TAG +import sys +import os +import struct +sys.path.append("targets/p9_nimbus/sbeTest" ) +import testUtil +err = False + +def getsingleword(dataInInt): + hex_string = '0'*(8-len(str(hex(dataInInt))[2:])) + str(hex(dataInInt))[2:] + return list(struct.unpack('<BBBB',hex_string.decode('hex'))) +def getdoubleword(dataInInt): + hex_string = '0'*(16-len(str(hex(dataInInt))[:18][2:])) + str(hex(dataInInt))[:18][2:] + return list(struct.unpack('<BBBBBBBB',hex_string.decode('hex'))) + +def getscom(addr, expStatus = [0, 0, 0, 0], HWPffdc = False): + req = ([0, 0, 0, 4] + + [0,0,0xA2,0x01] + + getdoubleword(addr)) + + testUtil.writeUsFifo(req) + testUtil.writeEot( ) + + expData = ([0xc0,0xde,0xa2,0x01] + + expStatus) + success = False + if(expStatus == [0, 0, 0, 0]): + success = True + + data = [0]*8 + if(success): + data = testUtil.readDsEntryReturnVal() + data += testUtil.readDsEntryReturnVal() + testUtil.readDsFifo(expData) + if(not success and HWPffdc): + testUtil.extractHWPFFDC( ) + #flush out distance + testUtil.readDsEntryReturnVal() + testUtil.readEot( ) + + val = 0 + for i in range(0, 8): + val |= data[i] << ((7-i)*8) + return val + +def putscom(addr, data, expStatus = [0, 0, 0, 0]): + req = ([0,0,0,6, + 0,0,0xA2,0x02] + + getdoubleword(addr) + + getdoubleword(data)) + testUtil.writeUsFifo(req) + testUtil.writeEot( ) + + expData = ([0xc0,0xde,0xa2,0x02] + + expStatus) + + success = False + if(expStatus == [0, 0, 0, 0]): + success = True + testUtil.readDsFifo(expData) + #flush out distance + testUtil.readDsEntryReturnVal() + testUtil.readEot( ) + +def putScomUnderMask(addr, data, mask, expStatus = [0, 0, 0, 0]): + req = ([0,0,0,8, + 0,0,0xA2,0x04] + + getdoubleword(addr) + + getdoubleword(data) + + getdoubleword(mask)) + testUtil.writeUsFifo(req) + testUtil.writeEot( ) + + expData = ([0xc0,0xde,0xa2,0x04] + + expStatus) + + success = False + if(expStatus == [0, 0, 0, 0]): + success = True + testUtil.readDsFifo(expData) + #flush out distance + testUtil.readDsEntryReturnVal() + testUtil.readEot( ) + +def modifyScom(operation, addr, data, expStatus = [0, 0, 0, 0]): + req = ([0,0,0,7, + 0,0,0xA2,0x03] + + getsingleword(operation) + + getdoubleword(addr) + + getdoubleword(data)) + testUtil.writeUsFifo(req) + testUtil.writeEot( ) + + expData = ([0xc0,0xde,0xa2,0x03] + + expStatus) + + success = False + if(expStatus == [0, 0, 0, 0]): + success = True + testUtil.readDsFifo(expData) + #flush out distance + testUtil.readDsEntryReturnVal() + testUtil.readEot( ) diff --git a/src/test/testcases/testSecurity.py b/src/test/testcases/testSecurity.py index 58c4e2d4..be352ca1 100644 --- a/src/test/testcases/testSecurity.py +++ b/src/test/testcases/testSecurity.py @@ -25,6 +25,7 @@ import os import sys import struct +import testScomUtil SECURITY_FILE = "../../src/import/chips/p9/security/p9_security_white_black_list.csv" SECURITY_SCRIPT = "../../src/build/security/securityRegListGen.py" @@ -78,11 +79,53 @@ def main(): whitelist_table1, whitelist_table2, whitelist_table3) + print "generated whitelist validation passed" test_normal('blacklist', blacklist, blacklist_table1, blacklist_table2, blacklist_table3) + print "generated blacklist validation passed" + + # getscom success + testScomUtil.getscom(0x0204001A) + print "getscom success testcase - passed" + # getscom failure + testScomUtil.getscom(eval(blacklist[0]), [0x00, 0x05, 0x00, 0x0B]) + print "getscom failure testcase - passed" + # putscom success + testScomUtil.putscom(eval(whitelist[0]), testScomUtil.getscom(eval(whitelist[0]))) + print "putscom success testcase - passed" + # putscom failure + while(True): + random_addr = struct.unpack('>L', os.urandom(4))[0] + if random_addr not in [eval(a) for a in whitelist]: + testScomUtil.putscom(random_addr, 0, [0x00, 0x05, 0x00, 0x0B]) + break + print "putscom failure testcase - passed" + # modify scom success + dataWritten = testScomUtil.getscom(0x00040006) + testScomUtil.modifyScom(0x01, 0x00040006, 0x0) + dataRead = testScomUtil.getscom(0x00040006) + if(dataRead != dataWritten): + raise Exception('modify scom failed %x != %x' % (dataRead, dataWritten)) + print "modify scom success testcase - passed" + # putscom under mask success + dataWritten = testScomUtil.getscom(0x00040006) + testScomUtil.putScomUnderMask(0x00040006, dataWritten, 0xFFFFFFFFFFFFFFFF) + dataRead = testScomUtil.getscom(0x00040006) + if(dataRead != dataWritten): + raise Exception('PutScom under mask failed %x != %x' % (dataRead, dataWritten)) + print "putscom under mask success testcase - passed" + # indirect scom test + dataWritten = testScomUtil.getscom(0x8000000D06010C3F) + dataiActWritten = (dataWritten & 0x00000000FFFFFFFF) | (0xDECAFFEE00000000) + testScomUtil.putscom(0x8000000D06010C3F, dataiActWritten) + dataRead = testScomUtil.getscom(0x8000000D06010C3F) + if(dataRead != dataWritten): + raise Exception('indirect scom test failed %x != %x' % (dataRead, dataWritten)) + print "Indirect scom success testcase - passed" + except Exception, error: raise Exception(error) diff --git a/src/tools/debug/simics-debug-framework.py b/src/tools/debug/simics-debug-framework.py index 077ed850..8278d27f 100755 --- a/src/tools/debug/simics-debug-framework.py +++ b/src/tools/debug/simics-debug-framework.py @@ -50,9 +50,9 @@ def get_dd_level(procNr = 0): with open('temp.map', 'r') as f: map = f.read() map = map.split() - if map[map.index('p9Proc0.sbe.fi2c_bo:fi2cfsm')-1] == '0x80000000': + if map[map.index('p9Proc'+str(procNr)+'.sbe.fi2c_bo:fi2cfsm')-1] == '0x80000000': ddlevel = "DD1" - if map[map.index('p9Proc0.sbe.fi2c_bo:fi2cfsm')-1] == '0xff800000': + if map[map.index('p9Proc'+str(procNr)+'.sbe.fi2c_bo:fi2cfsm')-1] == '0xff800000': ddlevel = "DD2" print "running image - ["+ddlevel+"]" return ddlevel |