Use Greylist in PutScomUnderMask

RTC: 195177
Change-Id: I1728d78b2019b5a3d5da24c18baf676d07b93de2
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/60765
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Sachin Gupta <sgupta2m@in.ibm.com>
(cherry picked from commit 33f754c5c94daa873ca40e0a8accd43f3087ec5d)
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/60943

9 files changed, 42 insertions, 16 deletions

diff --git a/src/sbefw/app/common/sbecmdscomaccess.C b/src/sbefw/app/common/sbecmdscomaccess.C
index 77a3c26d..95ff498f 100644
--- a/src/sbefw/app/common/sbecmdscomaccess.C
+++ b/src/sbefw/app/common/sbecmdscomaccess.C
@@ -389,7 +389,8 @@ uint32_t sbePutScomUnderMask (uint8_t *i_pArg)
 
                 // Write the modified data
                 checkIndirectAndDoScom(false, l_addr,
-                                       l_scomData, &l_hdr, &l_ffdc);
+                                       l_scomData, &l_hdr, &l_ffdc,
+                                       l_putScomUmaskMsg.getInputMask());
             }
 
             if (l_hdr.secondaryStatus() != SBE_SEC_OPERATION_SUCCESSFUL) // scom failed
diff --git a/src/sbefw/core/pk_app_cfg.h b/src/sbefw/core/pk_app_cfg.h
index 875afd71..128f92bc 100644
--- a/src/sbefw/core/pk_app_cfg.h
+++ b/src/sbefw/core/pk_app_cfg.h
@@ -146,5 +146,5 @@
 #ifdef PK_TRACE_SZ
 #undef PK_TRACE_SZ
 #endif
-#define PK_TRACE_SZ 512
+#define PK_TRACE_SZ 128
 #endif /*__PK_APP_CFG_H__*/
diff --git a/src/sbefw/core/sbeSecurity.C b/src/sbefw/core/sbeSecurity.C
index af083337..bf5bc103 100644
--- a/src/sbefw/core/sbeSecurity.C
+++ b/src/sbefw/core/sbeSecurity.C
@@ -164,17 +164,23 @@ bool _is_present(const table< map_t< T1, T2 > > &table1,
     return ret;
 #undef SBE_FUNC
 }
-bool isAllowed(const uint32_t i_addr, accessType type)
+bool isAllowed(const uint32_t i_addr, uint64_t i_mask,  accessType i_type)
 {
     bool ret = true;
     if(SBE_GLOBAL->sbeFWSecurityEnabled)
     {
-        if(type == WRITE)
+        if(i_type == WRITE)
+        {
             ret =  WHITELIST::isPresent(i_addr);
-        else if(type == READ)
+            if( (ret == false ) && (i_mask != 0xffffffffffffffffull ))
+            {
+                ret = GREYLIST::isPresent(i_addr, i_mask);
+            }
+        }
+        else if(i_type == READ)
             ret =  !BLACKLIST::isPresent(i_addr);
         SBE_INFO("SBE_SECURITY access[%d] allowed[%d] addr[0x%08x]",
-                                        type, ret, i_addr);
+                                        i_type, ret, i_addr);
     }
     return ret;
 }
diff --git a/src/sbefw/core/sbeSecurity.H b/src/sbefw/core/sbeSecurity.H
index 6312aefe..d30daf6f 100644
--- a/src/sbefw/core/sbeSecurity.H
+++ b/src/sbefw/core/sbeSecurity.H
@@ -64,12 +64,14 @@ namespace SBE_SECURITY
      *                          for a given type of access
      *
      * @param[in] i_addr      - given address to verify
-     * @param[in] accessType  - access type - READ/WRITE
+     * @param[in] i_mask      - mask for data
+     * @param[in] i_type      - access type - READ/WRITE
      *
      * @return                - boolean to denote if the access on the address
      *                          is allowed or not
      */
-    bool isAllowed(const uint32_t i_addr, accessType type);
+    bool isAllowed(const uint32_t i_addr, const uint64_t i_mask,
+                   accessType i_type);
 
     /* @brief _is_present     - Look up tables to find if the given
      *                          address is present
diff --git a/src/sbefw/core/sbescom.C b/src/sbefw/core/sbescom.C
index cd2f0ca1..73924aba 100644
--- a/src/sbefw/core/sbescom.C
+++ b/src/sbefw/core/sbescom.C
@@ -74,7 +74,8 @@ void checkIndirectAndDoScom( const bool i_isRead,
                              const uint64_t i_addr,
                              uint64_t & io_data,
                              sbeRespGenHdr_t *const o_hdr,
-                             sbeResponseFfdc_t *const o_ffdc)
+                             sbeResponseFfdc_t *const o_ffdc,
+                             uint64_t i_mask )
 {
 
     #define SBE_FUNC " checkIndirectAndDoScom "
@@ -110,7 +111,7 @@ void checkIndirectAndDoScom( const bool i_isRead,
             CHECK_SBE_SECURITY_RC_AND_BREAK_IF_NOT_SUCCESS(
                         static_cast<uint32_t>(i_addr),
                         (i_isRead ? SBE_SECURITY::READ : SBE_SECURITY::WRITE),
-                        o_hdr)
+                        o_hdr, i_mask)
             if( i_isRead )
             {
                 fapiRc = getscom_abs_wrap (&l_hndl, (uint32_t)i_addr,
@@ -164,7 +165,7 @@ void checkIndirectAndDoScom( const bool i_isRead,
         CHECK_SBE_SECURITY_RC_AND_BREAK_IF_NOT_SUCCESS(
                         static_cast<uint32_t>(tempAddr),
                         (i_isRead ? SBE_SECURITY::READ : SBE_SECURITY::WRITE),
-                        o_hdr)
+                        o_hdr, i_mask)
 
         // If we are doing a read. We need to do a write first..
         if( i_isRead)
diff --git a/src/sbefw/core/sbescom.H b/src/sbefw/core/sbescom.H
index 5d242cdf..586b0dbc 100644
--- a/src/sbefw/core/sbescom.H
+++ b/src/sbefw/core/sbescom.H
@@ -5,7 +5,8 @@
 /*                                                                        */
 /* OpenPOWER sbe Project                                                  */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2016,2017                        */
+/* Contributors Listed Below - COPYRIGHT 2016,2018                        */
+/* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
 /* Licensed under the Apache License, Version 2.0 (the "License");        */
@@ -31,10 +32,12 @@
   * @param[in]  io_data data for scom operation. For read, it is output operand.
   * @param[out] o_hdr response header object
   * @param[out] o_ffdc ffdc object
+  * @param[in]  i_mask mask for data
   *
   */
 void checkIndirectAndDoScom( const bool i_isRead,
                                  const uint64_t i_addr,
                                  uint64_t & io_data,
                                  sbeRespGenHdr_t *const o_hdr,
-                                 sbeResponseFfdc_t *const o_ffdc);
+                                 sbeResponseFfdc_t *const o_ffdc,
+                                 uint64_t i_mask = 0xffffffffffffffffull);
diff --git a/src/sbefw/core/sbeutil.H b/src/sbefw/core/sbeutil.H
index e32a8189..08e6fe0b 100644
--- a/src/sbefw/core/sbeutil.H
+++ b/src/sbefw/core/sbeutil.H
@@ -46,8 +46,8 @@ if ((l_rc) != SBE_SEC_OPERATION_SUCCESSFUL) \
     break; \
 }
 
-#define CHECK_SBE_SECURITY_RC_AND_BREAK_IF_NOT_SUCCESS(addr, op, resp) \
-if (!SBE_SECURITY::isAllowed(addr, op)) \
+#define CHECK_SBE_SECURITY_RC_AND_BREAK_IF_NOT_SUCCESS(addr, op, resp, mask) \
+if (!SBE_SECURITY::isAllowed(addr,mask,op)) \
 { \
     /* TODO via RTC 180983:Enable this once the BL/WL registers are settled */ \
     if(SbeRegAccess::theSbeRegAccess().disableScomFiltering()) \
diff --git a/src/test/testcases/test.xml b/src/test/testcases/test.xml
index 27b8af07..1283a565 100755
--- a/src/test/testcases/test.xml
+++ b/src/test/testcases/test.xml
@@ -36,7 +36,6 @@
           <include>../simics/targets/p9_nimbus/sbeTest/testPSUSetStashPair.xml</include>
           <include>../simics/targets/p9_nimbus/sbeTest/testIstep.xml</include>
           <include>../simics/targets/p9_nimbus/sbeTest/testSuspendIO.xml</include>
-          <include>../simics/targets/p9_nimbus/sbeTest/testSecurity.xml</include>
           <include>../simics/targets/p9_nimbus/sbeTest/testGeneric.xml</include>
           <!-- Memory access testcases -->
           <include>../simics/targets/p9_nimbus/sbeTest/testUnsecureMemRegions.xml</include>
@@ -59,6 +58,7 @@
           <include>../simics/targets/p9_nimbus/sbeTest/testSystemFabricMap.xml</include>
           <include>../simics/targets/p9_nimbus/sbeTest/testExecutorCntrlTimer.xml</include>
           <include>../simics/targets/p9_nimbus/sbeTest/testArrayAccess.xml</include>
+          <include>../simics/targets/p9_nimbus/sbeTest/testSecurity.xml</include>
           <include>../simics/targets/p9_nimbus/sbeTest/testStopClocks.xml</include>
           <include>../simics/targets/p9_nimbus/sbeTest/testGetRing.xml</include>
           <include>../simics/targets/p9_nimbus/sbeTest/testExecutorPutRing.xml</include>
diff --git a/src/test/testcases/testSecurity.py b/src/test/testcases/testSecurity.py
index 1efda516..5da28790 100644
--- a/src/test/testcases/testSecurity.py
+++ b/src/test/testcases/testSecurity.py
@@ -121,6 +121,19 @@ def main():
         if(dataRead != dataWritten):
             raise Exception('PutScom under mask failed %x != %x' % (dataRead, dataWritten))
         print "putscom under mask success testcase - passed"
+
+        # Greylist test cases
+        dataWritten = testScomUtil.getscom(0x0901080B)
+        # Do putScomUnderMask with wrong mask
+        testScomUtil.putScomUnderMask(0x0901080B, dataWritten, 0xF0FFFFFFFFFFFFFF, [0x00, 0x05, 0x00, 0x23])
+        # Do putScom on grey list register
+        testScomUtil.putscom(0x0901080B, 0, [0x00, 0x05, 0x00, 0x23])
+        # Do putScomUnderMask with exact mask
+        testScomUtil.putScomUnderMask(0x0901080B, dataWritten, 0xFF0FFFFFFFFFFFFF)
+        # Do putScomUnderMask with superset mask
+        testScomUtil.putScomUnderMask(0x0901080B, dataWritten, 0xFF00FFFFFFFFFFFF)
+        print "Greylist testcases - passed"
+
         # indirect scom test
         dataWritten = testScomUtil.getscom(0x8000000D06010C3F)
         dataiActWritten = (dataWritten & 0x00000000FFFFFFFF) | (0xDECAFFEE00000000)