From b69dc93d5b0334616388745028d039f9e7154916 Mon Sep 17 00:00:00 2001 From: spashabk-in Date: Wed, 29 Nov 2017 05:03:30 -0600 Subject: Chip-op filtering Implement chip-op filtering in secure mode Change-Id: Ia7d18de28b387615e5c61bc9693229c168f2d418 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50128 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: AMIT J. TENDOLKAR Reviewed-by: Sachin Gupta --- src/sbefw/sbe_sp_intf.H | 1 + src/sbefw/sbecmdparser.C | 29 +++++++++++++++++++++++------ src/sbefw/sbecmdparser.H | 36 +++++++++++++++++++++++++++--------- src/sbefw/sbecmdprocessor.C | 2 ++ src/sbefw/sbecmdreceiver.C | 21 +++++++++++---------- 5 files changed, 64 insertions(+), 25 deletions(-) (limited to 'src/sbefw') diff --git a/src/sbefw/sbe_sp_intf.H b/src/sbefw/sbe_sp_intf.H index 8584269b..8c66a096 100644 --- a/src/sbefw/sbe_sp_intf.H +++ b/src/sbefw/sbe_sp_intf.H @@ -218,6 +218,7 @@ enum sbeSecondaryResponse SBE_SEC_MEM_REGION_AMEND_ATTEMPTED = 0x17, SBE_SEC_INPUT_BUFFER_OVERFLOW = 0x18, SBE_SEC_INVALID_PARAMS = 0x19, + SBE_SEC_BLACKLISTED_CHIPOP_ACCESS = 0x20, }; /** diff --git a/src/sbefw/sbecmdparser.C b/src/sbefw/sbecmdparser.C index ba6b1e5a..73963936 100644 --- a/src/sbefw/sbecmdparser.C +++ b/src/sbefw/sbecmdparser.C @@ -50,6 +50,7 @@ #include "sbecmdtracearray.H" #include "sbecmdCntrlTimer.H" #include "sbecmdfastarray.H" +#include "sbeglobals.H" // Declaration static const uint16_t HARDWARE_FENCED_STATE = @@ -170,12 +171,12 @@ static sbeCmdStruct_t g_sbeRegAccessCmdArray [] = { {sbeGetReg, SBE_CMD_GETREG, - HARDWARE_FENCED_STATE, + HARDWARE_FENCED_STATE | SBE_FENCE_AT_SECURE_MODE, }, {sbePutReg, SBE_CMD_PUTREG, - PUT_HARDWARE_FENCED_STATE, + PUT_HARDWARE_FENCED_STATE | SBE_FENCE_AT_SECURE_MODE, }, }; @@ -475,11 +476,12 @@ uint8_t sbeValidateCmdClass (const uint8_t i_cmdClass, //////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////// -bool sbeIsCmdAllowedAtState (const uint8_t i_cmdClass, - const uint8_t i_cmdOpcode) +sbeChipOpRc_t sbeIsCmdAllowed (const uint8_t i_cmdClass, + const uint8_t i_cmdOpcode) { #define SBE_FUNC " sbeIsCmdAllowedAtState " bool l_ret = true; + sbeChipOpRc_t retRc; uint8_t l_numCmds = 0; sbeCmdStruct_t *l_pCmd = NULL; l_numCmds = sbeGetCmdStructAttr (i_cmdClass, &l_pCmd); @@ -555,10 +557,25 @@ bool sbeIsCmdAllowedAtState (const uint8_t i_cmdClass, l_ret = false; break; } + + if(false == l_ret) + { + retRc.primStatus = SBE_PRI_INVALID_COMMAND; + retRc.secStatus = SBE_SEC_COMMAND_NOT_ALLOWED_IN_THIS_STATE; + break; + } + // Check if the command is allowed in current security mode + if((SBE_GLOBAL->sbeFWSecurityEnabled) + && (SBE_FENCE_AT_SECURE_MODE & l_pCmd->cmd_state_fence)) + { + retRc.primStatus = SBE_PRI_UNSECURE_ACCESS_DENIED; + retRc.secStatus = SBE_SEC_BLACKLISTED_CHIPOP_ACCESS; + break; + } + break; } } - // For any other state, which is not handled above, return from here - return l_ret; + return retRc; #undef SBE_FUNC } diff --git a/src/sbefw/sbecmdparser.H b/src/sbefw/sbecmdparser.H index 7ecffb07..f969aec2 100644 --- a/src/sbefw/sbecmdparser.H +++ b/src/sbefw/sbecmdparser.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER sbe Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -33,7 +33,24 @@ #define __SBEFW_SBECMDPARSER_H #include +#include "sbe_sp_intf.H" +// Chip-op response codes +typedef struct sbeChipOpRc +{ + sbePrimResponse primStatus; + sbeSecondaryResponse secStatus; + + sbeChipOpRc():primStatus(SBE_PRI_OPERATION_SUCCESSFUL), + secStatus(SBE_SEC_OPERATION_SUCCESSFUL) + {} + + bool success() + { + return (primStatus == SBE_PRI_OPERATION_SUCCESSFUL) && + (secStatus == SBE_SEC_OPERATION_SUCCESSFUL); + } +} sbeChipOpRc_t; /** * @brief SBE Command structure associating an opcode of a command @@ -42,10 +59,10 @@ */ typedef uint32_t (*sbeChipOpFunc_t) (uint8_t *i_pArg); -typedef struct { - sbeChipOpFunc_t cmd_func; /* Command function pointer */ - uint8_t cmd_opcode; /* Command opcode */ - uint16_t cmd_state_fence; /* Command fencing based on SBE state */ +typedef struct sbeCmdStruct { + sbeChipOpFunc_t cmd_func; /* Command function pointer */ + uint8_t cmd_opcode; /* Command opcode */ + uint16_t cmd_state_fence; /* Command fencing based on SBE state */ } sbeCmdStruct_t; /** @@ -62,6 +79,7 @@ enum sbe_command_fence_attrs SBE_FENCE_AT_RUNTIME = 0x0010, ///< Fence off at Runtime state SBE_FENCE_AT_QUIESCE = 0x0020, ///< Fense off at Quiesce state SBE_FENCE_AT_DMT = 0x0040, ///< Fense off at DMT state + SBE_FENCE_AT_SECURE_MODE = 0x0080, ///< Fense off in secure mode }; /** @@ -79,16 +97,16 @@ uint8_t sbeValidateCmdClass (const uint8_t i_cmdClass, const uint8_t i_cmdOpcode); /** - * @brief sbeIsCmdAllowedAtState Validates if the command is allowed + * @brief sbeIsCmdAllowed Validates if the command is allowed * at the current SBE state * * @param[in] i_cmdClass Command class code * @param[in] i_cmdOpcode Command opcode * - * @return true command is allowed at the current state - * false command is not allowed at the current state + * @return sbeChipOpRc_t Indicating primary and secondary status of + * chip-op */ -bool sbeIsCmdAllowedAtState (const uint8_t i_cmdClass, +sbeChipOpRc_t sbeIsCmdAllowed (const uint8_t i_cmdClass, const uint8_t i_cmdOpcode); diff --git a/src/sbefw/sbecmdprocessor.C b/src/sbefw/sbecmdprocessor.C index 1f47dd6b..a0cea086 100644 --- a/src/sbefw/sbecmdprocessor.C +++ b/src/sbefw/sbecmdprocessor.C @@ -67,6 +67,7 @@ void sbeHandlePsuResponse (const uint32_t i_rc) case SBE_SEC_COMMAND_CLASS_NOT_SUPPORTED: case SBE_SEC_COMMAND_NOT_SUPPORTED: case SBE_SEC_COMMAND_NOT_ALLOWED_IN_THIS_STATE: + case SBE_SEC_BLACKLISTED_CHIPOP_ACCESS: // Caller sent an invalid Command class/opcode // Set the Ack bit in SBE->PSU DB register l_rc = sbeAcknowledgeHost(); @@ -149,6 +150,7 @@ void sbeHandleFifoResponse (const uint32_t i_rc) case SBE_SEC_COMMAND_CLASS_NOT_SUPPORTED: case SBE_SEC_COMMAND_NOT_SUPPORTED: case SBE_SEC_COMMAND_NOT_ALLOWED_IN_THIS_STATE: + case SBE_SEC_BLACKLISTED_CHIPOP_ACCESS: // Caller sent Invalid Command case SBE_SEC_OS_FAILURE: diff --git a/src/sbefw/sbecmdreceiver.C b/src/sbefw/sbecmdreceiver.C index 5883ebed..c8459dcd 100644 --- a/src/sbefw/sbecmdreceiver.C +++ b/src/sbefw/sbecmdreceiver.C @@ -201,28 +201,29 @@ void sbeCommandReceiver_routine(void *i_pArg) // Need to return from receiver thread itself for fenced rejection // of command, but there might be contention on the response sent // over FIFO/Mailbox usage. - if(false == sbeIsCmdAllowedAtState(l_cmdClass, l_command)) + sbeChipOpRc_t cmdAllowedStatus = sbeIsCmdAllowed(l_cmdClass, l_command); + if( !cmdAllowedStatus.success() && !SBE::isSimicsRunning() ) { - // This command is not allowed in this state - SBE_ERROR("Chip-Op CmdClass[0x%02X] Cmd[0x%02X] not allowed in " - "State - [0x%04X] ",l_cmdClass,l_command, + SBE_ERROR("Chip-Op CmdClass[0x%02X] Cmd[0x%02X] not allowed " + "secondary status[0x%04X] State - [0x%02X]", + l_cmdClass,l_command, + cmdAllowedStatus.secStatus, SbeRegAccess::theSbeRegAccess().getSbeState()); if ( SBE_INTERFACE_PSU == curInterface ) { - SBE_GLOBAL->sbeSbe2PsuRespHdr.setStatus(SBE_PRI_INVALID_COMMAND, - SBE_SEC_COMMAND_NOT_ALLOWED_IN_THIS_STATE); + SBE_GLOBAL->sbeSbe2PsuRespHdr.setStatus(cmdAllowedStatus.primStatus, + cmdAllowedStatus.secStatus); } else if ( SBE_INTERFACE_FIFO == curInterface ) { - SBE_GLOBAL->sbeCmdRespHdr.setStatus(SBE_PRI_INVALID_COMMAND, - SBE_SEC_COMMAND_NOT_ALLOWED_IN_THIS_STATE); + SBE_GLOBAL->sbeCmdRespHdr.setStatus(cmdAllowedStatus.primStatus, + cmdAllowedStatus.secStatus); } - l_rc = SBE_SEC_COMMAND_NOT_ALLOWED_IN_THIS_STATE; + l_rc = cmdAllowedStatus.secStatus; break; } - } while (false); // Inner do..while ends SBE_GLOBAL->sbeIntrSource.setIntrSource(SBE_RX_ROUTINE, curInterface ); -- cgit v1.2.1