tzc: Fix MISRA defects
The definitions FAIL_CONTROL_*_SHIFT were incorrect, they have been
fixed.
The types tzc_region_attributes_t and tzc_action_t have been removed and
replaced by unsigned int because it is not allowed to do logical
operations on enums.
Also, fix some address definitions in arm_def.h.
Change-Id: Id37941d76883f9fe5045a5f0a4224c133c504d8b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
diff --git a/drivers/arm/tzc/tzc400.c b/drivers/arm/tzc/tzc400.c
index db4f88a..763eba7 100644
--- a/drivers/arm/tzc/tzc400.c
+++ b/drivers/arm/tzc/tzc400.c
@@ -14,12 +14,12 @@
/*
* Macros which will be used by common core functions.
*/
-#define TZC_400_REGION_BASE_LOW_0_OFFSET 0x100
-#define TZC_400_REGION_BASE_HIGH_0_OFFSET 0x104
-#define TZC_400_REGION_TOP_LOW_0_OFFSET 0x108
-#define TZC_400_REGION_TOP_HIGH_0_OFFSET 0x10c
-#define TZC_400_REGION_ATTR_0_OFFSET 0x110
-#define TZC_400_REGION_ID_ACCESS_0_OFFSET 0x114
+#define TZC_400_REGION_BASE_LOW_0_OFFSET U(0x100)
+#define TZC_400_REGION_BASE_HIGH_0_OFFSET U(0x104)
+#define TZC_400_REGION_TOP_LOW_0_OFFSET U(0x108)
+#define TZC_400_REGION_TOP_HIGH_0_OFFSET U(0x10c)
+#define TZC_400_REGION_ATTR_0_OFFSET U(0x110)
+#define TZC_400_REGION_ID_ACCESS_0_OFFSET U(0x114)
/*
* Implementation defined values used to validate inputs later.
@@ -88,10 +88,10 @@
/* Upper half is current state. Lower half is requested state. */
open_status = get_gate_keeper_os(base);
- if (val)
- open_status |= (1 << filter);
+ if (val != 0)
+ open_status |= (1U << filter);
else
- open_status &= ~(1 << filter);
+ open_status &= ~(1U << filter);
_tzc400_write_gate_keeper(base, (open_status & GATE_KEEPER_OR_MASK) <<
GATE_KEEPER_OR_SHIFT);
@@ -101,9 +101,9 @@
;
}
-void tzc400_set_action(tzc_action_t action)
+void tzc400_set_action(unsigned int action)
{
- assert(tzc400.base);
+ assert(tzc400.base != 0U);
assert(action <= TZC_ACTION_ERR_INT);
/*
@@ -121,7 +121,7 @@
#endif
unsigned int tzc400_build;
- assert(base);
+ assert(base != 0U);
tzc400.base = base;
#if DEBUG
@@ -134,12 +134,12 @@
/* Save values we will use later. */
tzc400_build = _tzc400_read_build_config(tzc400.base);
- tzc400.num_filters = ((tzc400_build >> BUILD_CONFIG_NF_SHIFT) &
- BUILD_CONFIG_NF_MASK) + 1;
- tzc400.addr_width = ((tzc400_build >> BUILD_CONFIG_AW_SHIFT) &
- BUILD_CONFIG_AW_MASK) + 1;
- tzc400.num_regions = ((tzc400_build >> BUILD_CONFIG_NR_SHIFT) &
- BUILD_CONFIG_NR_MASK) + 1;
+ tzc400.num_filters = (uint8_t)((tzc400_build >> BUILD_CONFIG_NF_SHIFT) &
+ BUILD_CONFIG_NF_MASK) + 1U;
+ tzc400.addr_width = (uint8_t)((tzc400_build >> BUILD_CONFIG_AW_SHIFT) &
+ BUILD_CONFIG_AW_MASK) + 1U;
+ tzc400.num_regions = (uint8_t)((tzc400_build >> BUILD_CONFIG_NR_SHIFT) &
+ BUILD_CONFIG_NR_MASK) + 1U;
}
/*
@@ -148,10 +148,10 @@
* to any other region, and is enabled on all filters; this cannot be
* changed. This function only changes the access permissions.
*/
-void tzc400_configure_region0(tzc_region_attributes_t sec_attr,
+void tzc400_configure_region0(unsigned int sec_attr,
unsigned int ns_device_access)
{
- assert(tzc400.base);
+ assert(tzc400.base != 0U);
assert(sec_attr <= TZC_REGION_S_RDWR);
_tzc400_configure_region0(tzc400.base, sec_attr, ns_device_access);
@@ -166,17 +166,17 @@
* for this region (see comment for that function).
*/
void tzc400_configure_region(unsigned int filters,
- int region,
+ unsigned int region,
unsigned long long region_base,
unsigned long long region_top,
- tzc_region_attributes_t sec_attr,
+ unsigned int sec_attr,
unsigned int nsaid_permissions)
{
- assert(tzc400.base);
+ assert(tzc400.base != 0U);
/* Do range checks on filters and regions. */
- assert(((filters >> tzc400.num_filters) == 0) &&
- (region >= 0) && (region < tzc400.num_regions));
+ assert(((filters >> tzc400.num_filters) == 0U) &&
+ (region < tzc400.num_regions));
/*
* Do address range check based on TZC configuration. A 64bit address is
@@ -186,7 +186,7 @@
(region_base < region_top)));
/* region_base and (region_top + 1) must be 4KB aligned */
- assert(((region_base | (region_top + 1)) & (4096 - 1)) == 0);
+ assert(((region_base | (region_top + 1U)) & (4096U - 1U)) == 0U);
assert(sec_attr <= TZC_REGION_S_RDWR);
@@ -200,11 +200,11 @@
unsigned int state;
unsigned int filter;
- assert(tzc400.base);
+ assert(tzc400.base != 0U);
- for (filter = 0; filter < tzc400.num_filters; filter++) {
+ for (filter = 0U; filter < tzc400.num_filters; filter++) {
state = _tzc400_get_gate_keeper(tzc400.base, filter);
- if (state) {
+ if (state != 0U) {
/*
* The TZC filter is already configured. Changing the
* programmer's view in an active system can cause
@@ -227,7 +227,7 @@
{
unsigned int filter;
- assert(tzc400.base);
+ assert(tzc400.base != 0U);
/*
* We don't do the same state check as above as the Gatekeepers are
diff --git a/drivers/arm/tzc/tzc_common_private.h b/drivers/arm/tzc/tzc_common_private.h
index e1b7727..5fbea92 100644
--- a/drivers/arm/tzc/tzc_common_private.h
+++ b/drivers/arm/tzc/tzc_common_private.h
@@ -4,8 +4,8 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
-#ifndef __TZC_COMMON_PRIVATE_H__
-#define __TZC_COMMON_PRIVATE_H__
+#ifndef TZC_COMMON_PRIVATE_H
+#define TZC_COMMON_PRIVATE_H
#include <arch.h>
#include <arch_helpers.h>
@@ -15,7 +15,7 @@
#define DEFINE_TZC_COMMON_WRITE_ACTION(fn_name, macro_name) \
static inline void _tzc##fn_name##_write_action( \
uintptr_t base, \
- tzc_action_t action) \
+ unsigned int action) \
{ \
mmio_write_32(base + TZC_##macro_name##_ACTION_OFF, \
action); \
@@ -24,7 +24,7 @@
#define DEFINE_TZC_COMMON_WRITE_REGION_BASE(fn_name, macro_name) \
static inline void _tzc##fn_name##_write_region_base( \
uintptr_t base, \
- int region_no, \
+ unsigned int region_no, \
unsigned long long region_base) \
{ \
mmio_write_32(base + \
@@ -44,7 +44,7 @@
#define DEFINE_TZC_COMMON_WRITE_REGION_TOP(fn_name, macro_name) \
static inline void _tzc##fn_name##_write_region_top( \
uintptr_t base, \
- int region_no, \
+ unsigned int region_no, \
unsigned long long region_top) \
{ \
mmio_write_32(base + \
@@ -52,19 +52,19 @@
(TZC_##macro_name##_REGION_SIZE, \
region_no) + \
TZC_##macro_name##_REGION_TOP_LOW_0_OFFSET, \
- (uint32_t)region_top); \
+ (uint32_t)region_top); \
mmio_write_32(base + \
TZC_REGION_OFFSET( \
TZC_##macro_name##_REGION_SIZE, \
region_no) + \
TZC_##macro_name##_REGION_TOP_HIGH_0_OFFSET, \
- (uint32_t)(region_top >> 32)); \
+ (uint32_t)(region_top >> 32)); \
}
#define DEFINE_TZC_COMMON_WRITE_REGION_ATTRIBUTES(fn_name, macro_name) \
static inline void _tzc##fn_name##_write_region_attributes( \
uintptr_t base, \
- int region_no, \
+ unsigned int region_no, \
unsigned int attr) \
{ \
mmio_write_32(base + \
@@ -78,7 +78,7 @@
#define DEFINE_TZC_COMMON_WRITE_REGION_ID_ACCESS(fn_name, macro_name) \
static inline void _tzc##fn_name##_write_region_id_access( \
uintptr_t base, \
- int region_no, \
+ unsigned int region_no, \
unsigned int val) \
{ \
mmio_write_32(base + \
@@ -94,13 +94,13 @@
*/
#define DEFINE_TZC_COMMON_CONFIGURE_REGION0(fn_name) \
static void _tzc##fn_name##_configure_region0(uintptr_t base, \
- tzc_region_attributes_t sec_attr, \
+ unsigned int sec_attr, \
unsigned int ns_device_access) \
{ \
- assert(base); \
+ assert(base != 0U); \
VERBOSE("TrustZone : Configuring region 0 " \
- "(TZC Interface Base=%p sec_attr=0x%x," \
- " ns_devs=0x%x)\n", (void *)base, \
+ "(TZC Interface Base=0x%lx sec_attr=0x%x," \
+ " ns_devs=0x%x)\n", base, \
sec_attr, ns_device_access); \
\
/* Set secure attributes on region 0 */ \
@@ -126,18 +126,18 @@
#define DEFINE_TZC_COMMON_CONFIGURE_REGION(fn_name) \
static void _tzc##fn_name##_configure_region(uintptr_t base, \
unsigned int filters, \
- int region_no, \
+ unsigned int region_no, \
unsigned long long region_base, \
unsigned long long region_top, \
- tzc_region_attributes_t sec_attr, \
- unsigned int nsaid_permissions) \
+ unsigned int sec_attr, \
+ unsigned int nsaid_permissions) \
{ \
- assert(base); \
+ assert(base != 0U); \
VERBOSE("TrustZone : Configuring region " \
- "(TZC Interface Base: %p, region_no = %d)" \
- "...\n", (void *)base, region_no); \
+ "(TZC Interface Base: 0x%lx, region_no = %u)" \
+ "...\n", base, region_no); \
VERBOSE("TrustZone : ... base = %llx, top = %llx," \
- "\n", region_base, region_top);\
+ "\n", region_base, region_top); \
VERBOSE("TrustZone : ... sec_attr = 0x%x," \
" ns_devs = 0x%x)\n", \
sec_attr, nsaid_permissions); \
@@ -175,42 +175,44 @@
id = mmio_read_32(base + PID0_OFF);
/* Masks DESC part in PID1 */
- id |= ((mmio_read_32(base + PID1_OFF) & 0xF) << 8);
+ id |= ((mmio_read_32(base + PID1_OFF) & 0xFU) << 8U);
return id;
}
#if ENABLE_ASSERTIONS
#ifdef AARCH32
-static inline unsigned long long _tzc_get_max_top_addr(int addr_width)
+static inline unsigned long long _tzc_get_max_top_addr(unsigned int addr_width)
{
/*
* Assume at least 32 bit wide address and initialize the max.
* This function doesn't use 64-bit integer arithmetic to avoid
* having to implement additional compiler library functions.
*/
- unsigned long long addr_mask = 0xFFFFFFFF;
+ unsigned long long addr_mask = 0xFFFFFFFFU;
uint32_t *addr_ptr = (uint32_t *)&addr_mask;
- assert(addr_width >= 32);
+ assert(addr_width >= 32U);
/* This logic works only on little - endian platforms */
- assert((read_sctlr() & SCTLR_EE_BIT) == 0);
+ assert((read_sctlr() & SCTLR_EE_BIT) == 0U);
/*
* If required address width is greater than 32, populate the higher
* 32 bits of the 64 bit field with the max address.
*/
- if (addr_width > 32)
- *(addr_ptr + 1) = ((1 << (addr_width - 32)) - 1);
+ if (addr_width > 32U)
+ *(addr_ptr + 1U) = ((1U << (addr_width - 32U)) - 1U);
return addr_mask;
}
#else
-#define _tzc_get_max_top_addr(addr_width)\
- (UINT64_MAX >> (64 - (addr_width)))
+static inline unsigned long long _tzc_get_max_top_addr(unsigned int addr_width)
+{
+ return UINT64_MAX >> (64U - addr_width);
+}
#endif /* AARCH32 */
#endif /* ENABLE_ASSERTIONS */
-#endif /* __TZC_COMMON_PRIVATE_H__ */
+#endif /* TZC_COMMON_PRIVATE_H */
diff --git a/drivers/arm/tzc/tzc_dmc500.c b/drivers/arm/tzc/tzc_dmc500.c
index 8b618e6..3e6c783 100644
--- a/drivers/arm/tzc/tzc_dmc500.c
+++ b/drivers/arm/tzc/tzc_dmc500.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -36,7 +36,7 @@
* Structure for configured regions attributes in DMC500.
*/
typedef struct tzc_dmc500_regions {
- tzc_region_attributes_t sec_attr;
+ unsigned int sec_attr;
int is_enabled;
} tzc_dmc500_regions_t;
@@ -63,7 +63,7 @@
static inline unsigned int _tzc_dmc500_read_region_attr_0(
uintptr_t dmc_si_base,
- int region_no)
+ unsigned int region_no)
{
return mmio_read_32(dmc_si_base +
TZC_REGION_OFFSET(TZC_DMC500_REGION_SIZE, region_no) +
@@ -144,8 +144,8 @@
* and is always enabled; this cannot be changed. This function only changes
* the access permissions.
*/
-void tzc_dmc500_configure_region0(tzc_region_attributes_t sec_attr,
- unsigned int nsaid_permissions)
+void tzc_dmc500_configure_region0(unsigned int sec_attr,
+ unsigned int nsaid_permissions)
{
int dmc_inst, sys_if;
@@ -172,17 +172,17 @@
* Region 0 is special; it is preferable to use tzc_dmc500_configure_region0
* for this region (see comment for that function).
*/
-void tzc_dmc500_configure_region(int region_no,
+void tzc_dmc500_configure_region(unsigned int region_no,
unsigned long long region_base,
unsigned long long region_top,
- tzc_region_attributes_t sec_attr,
+ unsigned int sec_attr,
unsigned int nsaid_permissions)
{
int dmc_inst, sys_if;
assert(g_driver_data);
/* Do range checks on regions. */
- assert(region_no >= 0 && region_no <= MAX_REGION_VAL);
+ assert((region_no >= 0U) && (region_no <= MAX_REGION_VAL));
/*
* Do address range check based on DMC-TZ configuration. A 43bit address
@@ -192,7 +192,7 @@
(region_base < region_top)));
/* region_base and (region_top + 1) must be 4KB aligned */
- assert(((region_base | (region_top + 1)) & (4096 - 1)) == 0);
+ assert(((region_base | (region_top + 1U)) & (4096U - 1U)) == 0U);
for (dmc_inst = 0; dmc_inst < g_driver_data->dmc_count; dmc_inst++) {
assert(DMC_INST_BASE_ADDR(dmc_inst));
@@ -209,7 +209,7 @@
}
/* Sets the action value for all the DMC instances */
-void tzc_dmc500_set_action(tzc_action_t action)
+void tzc_dmc500_set_action(unsigned int action)
{
int dmc_inst;