* [Qemu-devel] [PULL 01/31] target/arm: Implement MSR/MRS access to NS banked registers
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 02/31] nvic: Add banked exception states Peter Maydell
` (30 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
In v8M the MSR and MRS instructions have extra register value
encodings to allow secure code to access the non-secure banked
version of various special registers.
(We don't implement the MSPLIM_NS or PSPLIM_NS aliases, because
we don't currently implement the stack limit registers at all.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-2-git-send-email-peter.maydell@linaro.org
---
target/arm/helper.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 110 insertions(+)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 4f41841..f4f2a87 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8892,12 +8892,68 @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
break;
case 20: /* CONTROL */
return env->v7m.control[env->v7m.secure];
+ case 0x94: /* CONTROL_NS */
+ /* We have to handle this here because unprivileged Secure code
+ * can read the NS CONTROL register.
+ */
+ if (!env->v7m.secure) {
+ return 0;
+ }
+ return env->v7m.control[M_REG_NS];
}
if (el == 0) {
return 0; /* unprivileged reads others as zero */
}
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
+ switch (reg) {
+ case 0x88: /* MSP_NS */
+ if (!env->v7m.secure) {
+ return 0;
+ }
+ return env->v7m.other_ss_msp;
+ case 0x89: /* PSP_NS */
+ if (!env->v7m.secure) {
+ return 0;
+ }
+ return env->v7m.other_ss_psp;
+ case 0x90: /* PRIMASK_NS */
+ if (!env->v7m.secure) {
+ return 0;
+ }
+ return env->v7m.primask[M_REG_NS];
+ case 0x91: /* BASEPRI_NS */
+ if (!env->v7m.secure) {
+ return 0;
+ }
+ return env->v7m.basepri[M_REG_NS];
+ case 0x93: /* FAULTMASK_NS */
+ if (!env->v7m.secure) {
+ return 0;
+ }
+ return env->v7m.faultmask[M_REG_NS];
+ case 0x98: /* SP_NS */
+ {
+ /* This gives the non-secure SP selected based on whether we're
+ * currently in handler mode or not, using the NS CONTROL.SPSEL.
+ */
+ bool spsel = env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK;
+
+ if (!env->v7m.secure) {
+ return 0;
+ }
+ if (!arm_v7m_is_handler_mode(env) && spsel) {
+ return env->v7m.other_ss_psp;
+ } else {
+ return env->v7m.other_ss_msp;
+ }
+ }
+ default:
+ break;
+ }
+ }
+
switch (reg) {
case 8: /* MSP */
return (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) ?
@@ -8936,6 +8992,60 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
return;
}
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
+ switch (reg) {
+ case 0x88: /* MSP_NS */
+ if (!env->v7m.secure) {
+ return;
+ }
+ env->v7m.other_ss_msp = val;
+ return;
+ case 0x89: /* PSP_NS */
+ if (!env->v7m.secure) {
+ return;
+ }
+ env->v7m.other_ss_psp = val;
+ return;
+ case 0x90: /* PRIMASK_NS */
+ if (!env->v7m.secure) {
+ return;
+ }
+ env->v7m.primask[M_REG_NS] = val & 1;
+ return;
+ case 0x91: /* BASEPRI_NS */
+ if (!env->v7m.secure) {
+ return;
+ }
+ env->v7m.basepri[M_REG_NS] = val & 0xff;
+ return;
+ case 0x93: /* FAULTMASK_NS */
+ if (!env->v7m.secure) {
+ return;
+ }
+ env->v7m.faultmask[M_REG_NS] = val & 1;
+ return;
+ case 0x98: /* SP_NS */
+ {
+ /* This gives the non-secure SP selected based on whether we're
+ * currently in handler mode or not, using the NS CONTROL.SPSEL.
+ */
+ bool spsel = env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK;
+
+ if (!env->v7m.secure) {
+ return;
+ }
+ if (!arm_v7m_is_handler_mode(env) && spsel) {
+ env->v7m.other_ss_psp = val;
+ } else {
+ env->v7m.other_ss_msp = val;
+ }
+ return;
+ }
+ default:
+ break;
+ }
+ }
+
switch (reg) {
case 0 ... 7: /* xPSR sub-fields */
/* only APSR is actually writable */
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 02/31] nvic: Add banked exception states
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 01/31] target/arm: Implement MSR/MRS access to NS banked registers Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 03/31] nvic: Add cached vectpending_is_s_banked state Peter Maydell
` (29 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
For the v8M security extension, some exceptions must be banked
between security states. Add the new vecinfo array which holds
the state for the banked exceptions and migrate it if the
CPU the NVIC is attached to implements the security extension.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
include/hw/intc/armv7m_nvic.h | 14 ++++++++++++
hw/intc/armv7m_nvic.c | 53 ++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 66 insertions(+), 1 deletion(-)
diff --git a/include/hw/intc/armv7m_nvic.h b/include/hw/intc/armv7m_nvic.h
index 1a4cce7..317601e 100644
--- a/include/hw/intc/armv7m_nvic.h
+++ b/include/hw/intc/armv7m_nvic.h
@@ -21,6 +21,8 @@
/* Highest permitted number of exceptions (architectural limit) */
#define NVIC_MAX_VECTORS 512
+/* Number of internal exceptions */
+#define NVIC_INTERNAL_VECTORS 16
typedef struct VecInfo {
/* Exception priorities can range from -3 to 255; only the unmodifiable
@@ -41,6 +43,18 @@ typedef struct NVICState {
ARMCPU *cpu;
VecInfo vectors[NVIC_MAX_VECTORS];
+ /* If the v8M security extension is implemented, some of the internal
+ * exceptions are banked between security states (ie there exists both
+ * a Secure and a NonSecure version of the exception and its state):
+ * HardFault, MemManage, UsageFault, SVCall, PendSV, SysTick (R_PJHV)
+ * The rest (including all the external exceptions) are not banked, though
+ * they may be configurable to target either Secure or NonSecure state.
+ * We store the secure exception state in sec_vectors[] for the banked
+ * exceptions, and otherwise use only vectors[] (including for exceptions
+ * like SecureFault that unconditionally target Secure state).
+ * Entries in sec_vectors[] for non-banked exception numbers are unused.
+ */
+ VecInfo sec_vectors[NVIC_INTERNAL_VECTORS];
uint32_t prigroup;
/* vectpending and exception_prio are both cached state that can
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index d3e2056..8793f75 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -47,7 +47,7 @@
* For historical reasons QEMU tends to use "interrupt" and
* "exception" more or less interchangeably.
*/
-#define NVIC_FIRST_IRQ 16
+#define NVIC_FIRST_IRQ NVIC_INTERNAL_VECTORS
#define NVIC_MAX_IRQ (NVIC_MAX_VECTORS - NVIC_FIRST_IRQ)
/* Effective running priority of the CPU when no exception is active
@@ -1158,6 +1158,43 @@ static const VMStateDescription vmstate_VecInfo = {
}
};
+static bool nvic_security_needed(void *opaque)
+{
+ NVICState *s = opaque;
+
+ return arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY);
+}
+
+static int nvic_security_post_load(void *opaque, int version_id)
+{
+ NVICState *s = opaque;
+ int i;
+
+ /* Check for out of range priority settings */
+ if (s->sec_vectors[ARMV7M_EXCP_HARD].prio != -1) {
+ return 1;
+ }
+ for (i = ARMV7M_EXCP_MEM; i < ARRAY_SIZE(s->sec_vectors); i++) {
+ if (s->sec_vectors[i].prio & ~0xff) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static const VMStateDescription vmstate_nvic_security = {
+ .name = "nvic/m-security",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = nvic_security_needed,
+ .post_load = &nvic_security_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT_ARRAY(sec_vectors, NVICState, NVIC_INTERNAL_VECTORS, 1,
+ vmstate_VecInfo, VecInfo),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
static const VMStateDescription vmstate_nvic = {
.name = "armv7m_nvic",
.version_id = 4,
@@ -1168,6 +1205,10 @@ static const VMStateDescription vmstate_nvic = {
vmstate_VecInfo, VecInfo),
VMSTATE_UINT32(prigroup, NVICState),
VMSTATE_END_OF_LIST()
+ },
+ .subsections = (const VMStateDescription*[]) {
+ &vmstate_nvic_security,
+ NULL
}
};
@@ -1195,6 +1236,16 @@ static void armv7m_nvic_reset(DeviceState *dev)
s->vectors[ARMV7M_EXCP_NMI].prio = -2;
s->vectors[ARMV7M_EXCP_HARD].prio = -1;
+ if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY)) {
+ s->sec_vectors[ARMV7M_EXCP_HARD].enabled = 1;
+ s->sec_vectors[ARMV7M_EXCP_SVC].enabled = 1;
+ s->sec_vectors[ARMV7M_EXCP_PENDSV].enabled = 1;
+ s->sec_vectors[ARMV7M_EXCP_SYSTICK].enabled = 1;
+
+ /* AIRCR.BFHFNMINS resets to 0 so Secure HF is priority -1 (R_CMTC) */
+ s->sec_vectors[ARMV7M_EXCP_HARD].prio = -1;
+ }
+
/* Strictly speaking the reset handler should be enabled.
* However, we don't simulate soft resets through the NVIC,
* and the reset vector should never be pended.
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 03/31] nvic: Add cached vectpending_is_s_banked state
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 01/31] target/arm: Implement MSR/MRS access to NS banked registers Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 02/31] nvic: Add banked exception states Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 04/31] nvic: Add cached vectpending_prio state Peter Maydell
` (28 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
With banked exceptions, just the exception number in
s->vectpending is no longer sufficient to uniquely identify
the pending exception. Add a vectpending_is_s_banked bool
which is true if the exception is using the sec_vectors[]
array.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1505240046-11454-4-git-send-email-peter.maydell@linaro.org
---
include/hw/intc/armv7m_nvic.h | 11 +++++++++--
hw/intc/armv7m_nvic.c | 1 +
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/include/hw/intc/armv7m_nvic.h b/include/hw/intc/armv7m_nvic.h
index 317601e..87c78b3 100644
--- a/include/hw/intc/armv7m_nvic.h
+++ b/include/hw/intc/armv7m_nvic.h
@@ -57,10 +57,17 @@ typedef struct NVICState {
VecInfo sec_vectors[NVIC_INTERNAL_VECTORS];
uint32_t prigroup;
- /* vectpending and exception_prio are both cached state that can
- * be recalculated from the vectors[] array and the prigroup field.
+ /* The following fields are all cached state that can be recalculated
+ * from the vectors[] and sec_vectors[] arrays and the prigroup field:
+ * - vectpending
+ * - vectpending_is_secure
+ * - exception_prio
*/
unsigned int vectpending; /* highest prio pending enabled exception */
+ /* true if vectpending is a banked secure exception, ie it is in
+ * sec_vectors[] rather than vectors[]
+ */
+ bool vectpending_is_s_banked;
int exception_prio; /* group prio of the highest prio active exception */
MemoryRegion sysregmem;
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 8793f75..a11df3d 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -1254,6 +1254,7 @@ static void armv7m_nvic_reset(DeviceState *dev)
s->exception_prio = NVIC_NOEXC_PRIO;
s->vectpending = 0;
+ s->vectpending_is_s_banked = false;
}
static void nvic_systick_trigger(void *opaque, int n, int level)
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 04/31] nvic: Add cached vectpending_prio state
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (2 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 03/31] nvic: Add cached vectpending_is_s_banked state Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 05/31] nvic: Implement AIRCR changes for v8M Peter Maydell
` (27 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Instead of looking up the pending priority
in nvic_pending_prio(), cache it in a new state struct
field. The calculation of the pending priority given
the interrupt number is more complicated in v8M with
the security extension, so the caching will be worthwhile.
This changes nvic_pending_prio() from returning a full
(group + subpriority) priority value to returning a group
priority. This doesn't require changes to its callsites
because we use it only in comparisons of the form
execution_prio > nvic_pending_prio()
and execution priority is always a group priority, so
a test (exec prio > full prio) is true if and only if
(execprio > group_prio).
(Architecturally the expected comparison is with the
group priority for this sort of "would we preempt" test;
we were only doing a test with a full priority as an
optimisation to avoid the mask, which is possible
precisely because the two comparisons always give the
same answer.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-5-git-send-email-peter.maydell@linaro.org
---
include/hw/intc/armv7m_nvic.h | 2 ++
hw/intc/armv7m_nvic.c | 23 +++++++++++++----------
hw/intc/trace-events | 2 +-
3 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/include/hw/intc/armv7m_nvic.h b/include/hw/intc/armv7m_nvic.h
index 87c78b3..329774e 100644
--- a/include/hw/intc/armv7m_nvic.h
+++ b/include/hw/intc/armv7m_nvic.h
@@ -62,6 +62,7 @@ typedef struct NVICState {
* - vectpending
* - vectpending_is_secure
* - exception_prio
+ * - vectpending_prio
*/
unsigned int vectpending; /* highest prio pending enabled exception */
/* true if vectpending is a banked secure exception, ie it is in
@@ -69,6 +70,7 @@ typedef struct NVICState {
*/
bool vectpending_is_s_banked;
int exception_prio; /* group prio of the highest prio active exception */
+ int vectpending_prio; /* group prio of the exeception in vectpending */
MemoryRegion sysregmem;
MemoryRegion sysreg_ns_mem;
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index a11df3d..fa5dd23 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -61,10 +61,10 @@ static const uint8_t nvic_id[] = {
static int nvic_pending_prio(NVICState *s)
{
- /* return the priority of the current pending interrupt,
+ /* return the group priority of the current pending interrupt,
* or NVIC_NOEXC_PRIO if no interrupt is pending
*/
- return s->vectpending ? s->vectors[s->vectpending].prio : NVIC_NOEXC_PRIO;
+ return s->vectpending_prio;
}
/* Return the value of the ISCR RETTOBASE bit:
@@ -156,10 +156,17 @@ static void nvic_recompute_state(NVICState *s)
active_prio &= nvic_gprio_mask(s);
}
+ if (pend_prio > 0) {
+ pend_prio &= nvic_gprio_mask(s);
+ }
+
s->vectpending = pend_irq;
+ s->vectpending_prio = pend_prio;
s->exception_prio = active_prio;
- trace_nvic_recompute_state(s->vectpending, s->exception_prio);
+ trace_nvic_recompute_state(s->vectpending,
+ s->vectpending_prio,
+ s->exception_prio);
}
/* Return the current execution priority of the CPU
@@ -323,7 +330,6 @@ void armv7m_nvic_acknowledge_irq(void *opaque)
CPUARMState *env = &s->cpu->env;
const int pending = s->vectpending;
const int running = nvic_exec_prio(s);
- int pendgroupprio;
VecInfo *vec;
assert(pending > ARMV7M_EXCP_RESET && pending < s->num_irq);
@@ -333,13 +339,9 @@ void armv7m_nvic_acknowledge_irq(void *opaque)
assert(vec->enabled);
assert(vec->pending);
- pendgroupprio = vec->prio;
- if (pendgroupprio > 0) {
- pendgroupprio &= nvic_gprio_mask(s);
- }
- assert(pendgroupprio < running);
+ assert(s->vectpending_prio < running);
- trace_nvic_acknowledge_irq(pending, vec->prio);
+ trace_nvic_acknowledge_irq(pending, s->vectpending_prio);
vec->active = 1;
vec->pending = 0;
@@ -1255,6 +1257,7 @@ static void armv7m_nvic_reset(DeviceState *dev)
s->exception_prio = NVIC_NOEXC_PRIO;
s->vectpending = 0;
s->vectpending_is_s_banked = false;
+ s->vectpending_prio = NVIC_NOEXC_PRIO;
}
static void nvic_systick_trigger(void *opaque, int n, int level)
diff --git a/hw/intc/trace-events b/hw/intc/trace-events
index 4762329..5635a5f 100644
--- a/hw/intc/trace-events
+++ b/hw/intc/trace-events
@@ -167,7 +167,7 @@ gicv3_redist_set_irq(uint32_t cpu, int irq, int level) "GICv3 redistributor 0x%x
gicv3_redist_send_sgi(uint32_t cpu, int irq) "GICv3 redistributor 0x%x pending SGI %d"
# hw/intc/armv7m_nvic.c
-nvic_recompute_state(int vectpending, int exception_prio) "NVIC state recomputed: vectpending %d exception_prio %d"
+nvic_recompute_state(int vectpending, int vectpending_prio, int exception_prio) "NVIC state recomputed: vectpending %d vectpending_prio %d exception_prio %d"
nvic_set_prio(int irq, uint8_t prio) "NVIC set irq %d priority %d"
nvic_irq_update(int vectpending, int pendprio, int exception_prio, int level) "NVIC vectpending %d pending prio %d exception_prio %d: setting irq line to %d"
nvic_escalate_prio(int irq, int irqprio, int runprio) "NVIC escalating irq %d to HardFault: insufficient priority %d >= %d"
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 05/31] nvic: Implement AIRCR changes for v8M
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (3 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 04/31] nvic: Add cached vectpending_prio state Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 06/31] nvic: Make ICSR.RETTOBASE handle banked exceptions Peter Maydell
` (26 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
The Application Interrupt and Reset Control Register has some changes
for v8M:
* new bits SYSRESETREQS, BFHFNMINS and PRIS: these all have
real state if the security extension is implemented and otherwise
are constant
* the PRIGROUP field is banked between security states
* non-secure code can be blocked from using the SYSRESET bit
to reset the system if SYSRESETREQS is set
Implement the new state and the changes to register read and write.
For the moment we ignore the effects of the secure PRIGROUP.
We will implement the effects of PRIS and BFHFNMIS later.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-6-git-send-email-peter.maydell@linaro.org
---
include/hw/intc/armv7m_nvic.h | 3 ++-
target/arm/cpu.h | 12 +++++++++++
hw/intc/armv7m_nvic.c | 49 +++++++++++++++++++++++++++++++++----------
target/arm/cpu.c | 7 +++++++
4 files changed, 59 insertions(+), 12 deletions(-)
diff --git a/include/hw/intc/armv7m_nvic.h b/include/hw/intc/armv7m_nvic.h
index 329774e..e96e488 100644
--- a/include/hw/intc/armv7m_nvic.h
+++ b/include/hw/intc/armv7m_nvic.h
@@ -55,7 +55,8 @@ typedef struct NVICState {
* Entries in sec_vectors[] for non-banked exception numbers are unused.
*/
VecInfo sec_vectors[NVIC_INTERNAL_VECTORS];
- uint32_t prigroup;
+ /* The PRIGROUP field in AIRCR is banked */
+ uint32_t prigroup[M_REG_NUM_BANKS];
/* The following fields are all cached state that can be recalculated
* from the vectors[] and sec_vectors[] arrays and the prigroup field:
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 6e50ae2..a52ec6b 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -449,6 +449,7 @@ typedef struct CPUARMState {
int exception;
uint32_t primask[M_REG_NUM_BANKS];
uint32_t faultmask[M_REG_NUM_BANKS];
+ uint32_t aircr; /* only holds r/w state if security extn implemented */
uint32_t secure; /* Is CPU in Secure state? (not guest visible) */
} v7m;
@@ -1200,6 +1201,17 @@ FIELD(V7M_CCR, STKALIGN, 9, 1)
FIELD(V7M_CCR, DC, 16, 1)
FIELD(V7M_CCR, IC, 17, 1)
+/* V7M AIRCR bits */
+FIELD(V7M_AIRCR, VECTRESET, 0, 1)
+FIELD(V7M_AIRCR, VECTCLRACTIVE, 1, 1)
+FIELD(V7M_AIRCR, SYSRESETREQ, 2, 1)
+FIELD(V7M_AIRCR, SYSRESETREQS, 3, 1)
+FIELD(V7M_AIRCR, PRIGROUP, 8, 3)
+FIELD(V7M_AIRCR, BFHFNMINS, 13, 1)
+FIELD(V7M_AIRCR, PRIS, 14, 1)
+FIELD(V7M_AIRCR, ENDIANNESS, 15, 1)
+FIELD(V7M_AIRCR, VECTKEY, 16, 16)
+
/* V7M CFSR bits for MMFSR */
FIELD(V7M_CFSR, IACCVIOL, 0, 1)
FIELD(V7M_CFSR, DACCVIOL, 1, 1)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index fa5dd23..d745f38 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -129,7 +129,7 @@ static bool nvic_isrpending(NVICState *s)
*/
static inline uint32_t nvic_gprio_mask(NVICState *s)
{
- return ~0U << (s->prigroup + 1);
+ return ~0U << (s->prigroup[M_REG_NS] + 1);
}
/* Recompute vectpending and exception_prio */
@@ -451,8 +451,21 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
return val;
case 0xd08: /* Vector Table Offset. */
return cpu->env.v7m.vecbase[attrs.secure];
- case 0xd0c: /* Application Interrupt/Reset Control. */
- return 0xfa050000 | (s->prigroup << 8);
+ case 0xd0c: /* Application Interrupt/Reset Control (AIRCR) */
+ val = 0xfa050000 | (s->prigroup[attrs.secure] << 8);
+ if (attrs.secure) {
+ /* s->aircr stores PRIS, BFHFNMINS, SYSRESETREQS */
+ val |= cpu->env.v7m.aircr;
+ } else {
+ if (arm_feature(&cpu->env, ARM_FEATURE_V8)) {
+ /* BFHFNMINS is R/O from NS; other bits are RAZ/WI. If
+ * security isn't supported then BFHFNMINS is RAO (and
+ * the bit in env.v7m.aircr is always set).
+ */
+ val |= cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK;
+ }
+ }
+ return val;
case 0xd10: /* System Control. */
/* TODO: Implement SLEEPONEXIT. */
return 0;
@@ -660,22 +673,35 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
case 0xd08: /* Vector Table Offset. */
cpu->env.v7m.vecbase[attrs.secure] = value & 0xffffff80;
break;
- case 0xd0c: /* Application Interrupt/Reset Control. */
- if ((value >> 16) == 0x05fa) {
- if (value & 4) {
- qemu_irq_pulse(s->sysresetreq);
+ case 0xd0c: /* Application Interrupt/Reset Control (AIRCR) */
+ if ((value >> R_V7M_AIRCR_VECTKEY_SHIFT) == 0x05fa) {
+ if (value & R_V7M_AIRCR_SYSRESETREQ_MASK) {
+ if (attrs.secure ||
+ !(cpu->env.v7m.aircr & R_V7M_AIRCR_SYSRESETREQS_MASK)) {
+ qemu_irq_pulse(s->sysresetreq);
+ }
}
- if (value & 2) {
+ if (value & R_V7M_AIRCR_VECTCLRACTIVE_MASK) {
qemu_log_mask(LOG_GUEST_ERROR,
"Setting VECTCLRACTIVE when not in DEBUG mode "
"is UNPREDICTABLE\n");
}
- if (value & 1) {
+ if (value & R_V7M_AIRCR_VECTRESET_MASK) {
+ /* NB: this bit is RES0 in v8M */
qemu_log_mask(LOG_GUEST_ERROR,
"Setting VECTRESET when not in DEBUG mode "
"is UNPREDICTABLE\n");
}
- s->prigroup = extract32(value, 8, 3);
+ s->prigroup[attrs.secure] = extract32(value,
+ R_V7M_AIRCR_PRIGROUP_SHIFT,
+ R_V7M_AIRCR_PRIGROUP_LENGTH);
+ if (attrs.secure) {
+ /* These bits are only writable by secure */
+ cpu->env.v7m.aircr = value &
+ (R_V7M_AIRCR_SYSRESETREQS_MASK |
+ R_V7M_AIRCR_BFHFNMINS_MASK |
+ R_V7M_AIRCR_PRIS_MASK);
+ }
nvic_irq_update(s);
}
break;
@@ -1193,6 +1219,7 @@ static const VMStateDescription vmstate_nvic_security = {
.fields = (VMStateField[]) {
VMSTATE_STRUCT_ARRAY(sec_vectors, NVICState, NVIC_INTERNAL_VECTORS, 1,
vmstate_VecInfo, VecInfo),
+ VMSTATE_UINT32(prigroup[M_REG_S], NVICState),
VMSTATE_END_OF_LIST()
}
};
@@ -1205,7 +1232,7 @@ static const VMStateDescription vmstate_nvic = {
.fields = (VMStateField[]) {
VMSTATE_STRUCT_ARRAY(vectors, NVICState, NVIC_MAX_VECTORS, 1,
vmstate_VecInfo, VecInfo),
- VMSTATE_UINT32(prigroup, NVICState),
+ VMSTATE_UINT32(prigroup[M_REG_NS], NVICState),
VMSTATE_END_OF_LIST()
},
.subsections = (const VMStateDescription*[]) {
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 20a3445..3344979 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -187,6 +187,13 @@ static void arm_cpu_reset(CPUState *s)
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
env->v7m.secure = true;
+ } else {
+ /* This bit resets to 0 if security is supported, but 1 if
+ * it is not. The bit is not present in v7M, but we set it
+ * here so we can avoid having to make checks on it conditional
+ * on ARM_FEATURE_V8 (we don't let the guest see the bit).
+ */
+ env->v7m.aircr = R_V7M_AIRCR_BFHFNMINS_MASK;
}
/* In v7M the reset value of this bit is IMPDEF, but ARM recommends
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 06/31] nvic: Make ICSR.RETTOBASE handle banked exceptions
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (4 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 05/31] nvic: Implement AIRCR changes for v8M Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 07/31] nvic: Implement NVIC_ITNS<n> registers Peter Maydell
` (25 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Update the code in nvic_rettobase() so that it checks the
sec_vectors[] array as well as the vectors[] array if needed.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-7-git-send-email-peter.maydell@linaro.org
---
hw/intc/armv7m_nvic.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index d745f38..0df5eaf 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -84,9 +84,12 @@ static int nvic_pending_prio(NVICState *s)
static bool nvic_rettobase(NVICState *s)
{
int irq, nhand = 0;
+ bool check_sec = arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY);
for (irq = ARMV7M_EXCP_RESET; irq < s->num_irq; irq++) {
- if (s->vectors[irq].active) {
+ if (s->vectors[irq].active ||
+ (check_sec && irq < NVIC_INTERNAL_VECTORS &&
+ s->sec_vectors[irq].active)) {
nhand++;
if (nhand == 2) {
return 0;
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 07/31] nvic: Implement NVIC_ITNS<n> registers
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (5 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 06/31] nvic: Make ICSR.RETTOBASE handle banked exceptions Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 08/31] nvic: Handle banked exceptions in nvic_recompute_state() Peter Maydell
` (24 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
For v8M, the NVIC has a new set of registers per interrupt,
NVIC_ITNS<n>. These determine whether the interrupt targets Secure
or Non-secure state. Implement the register read/write code for
these, and make them cause NVIC_IABR, NVIC_ICER, NVIC_ISER,
NVIC_ICPR, NVIC_IPR and NVIC_ISPR to RAZ/WI for non-secure
accesses to fields corresponding to interrupts which are
configured to target secure state.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-8-git-send-email-peter.maydell@linaro.org
---
include/hw/intc/armv7m_nvic.h | 3 ++
hw/intc/armv7m_nvic.c | 74 +++++++++++++++++++++++++++++++++++++++----
2 files changed, 70 insertions(+), 7 deletions(-)
diff --git a/include/hw/intc/armv7m_nvic.h b/include/hw/intc/armv7m_nvic.h
index e96e488..ac7997c 100644
--- a/include/hw/intc/armv7m_nvic.h
+++ b/include/hw/intc/armv7m_nvic.h
@@ -58,6 +58,9 @@ typedef struct NVICState {
/* The PRIGROUP field in AIRCR is banked */
uint32_t prigroup[M_REG_NUM_BANKS];
+ /* v8M NVIC_ITNS state (stored as a bool per bit) */
+ bool itns[NVIC_MAX_VECTORS];
+
/* The following fields are all cached state that can be recalculated
* from the vectors[] and sec_vectors[] arrays and the prigroup field:
* - vectpending
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 0df5eaf..150c719 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -423,6 +423,25 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
switch (offset) {
case 4: /* Interrupt Control Type. */
return ((s->num_irq - NVIC_FIRST_IRQ) / 32) - 1;
+ case 0x380 ... 0x3bf: /* NVIC_ITNS<n> */
+ {
+ int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ;
+ int i;
+
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
+ goto bad_offset;
+ }
+ if (!attrs.secure) {
+ return 0;
+ }
+ val = 0;
+ for (i = 0; i < 32 && startvec + i < s->num_irq; i++) {
+ if (s->itns[startvec + i]) {
+ val |= (1 << i);
+ }
+ }
+ return val;
+ }
case 0xd00: /* CPUID Base. */
return cpu->midr;
case 0xd04: /* Interrupt Control State. */
@@ -658,6 +677,23 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
ARMCPU *cpu = s->cpu;
switch (offset) {
+ case 0x380 ... 0x3bf: /* NVIC_ITNS<n> */
+ {
+ int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ;
+ int i;
+
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
+ goto bad_offset;
+ }
+ if (!attrs.secure) {
+ break;
+ }
+ for (i = 0; i < 32 && startvec + i < s->num_irq; i++) {
+ s->itns[startvec + i] = (value >> i) & 1;
+ }
+ nvic_irq_update(s);
+ break;
+ }
case 0xd04: /* Interrupt Control State. */
if (value & (1 << 31)) {
armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI);
@@ -966,7 +1002,8 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
startvec = offset - 0x180 + NVIC_FIRST_IRQ; /* vector # */
for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
- if (s->vectors[startvec + i].enabled) {
+ if (s->vectors[startvec + i].enabled &&
+ (attrs.secure || s->itns[startvec + i])) {
val |= (1 << i);
}
}
@@ -978,7 +1015,8 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
val = 0;
startvec = offset - 0x280 + NVIC_FIRST_IRQ; /* vector # */
for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
- if (s->vectors[startvec + i].pending) {
+ if (s->vectors[startvec + i].pending &&
+ (attrs.secure || s->itns[startvec + i])) {
val |= (1 << i);
}
}
@@ -988,7 +1026,8 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
startvec = offset - 0x300 + NVIC_FIRST_IRQ; /* vector # */
for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
- if (s->vectors[startvec + i].active) {
+ if (s->vectors[startvec + i].active &&
+ (attrs.secure || s->itns[startvec + i])) {
val |= (1 << i);
}
}
@@ -998,7 +1037,9 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
startvec = offset - 0x400 + NVIC_FIRST_IRQ; /* vector # */
for (i = 0; i < size && startvec + i < s->num_irq; i++) {
- val |= s->vectors[startvec + i].prio << (8 * i);
+ if (attrs.secure || s->itns[startvec + i]) {
+ val |= s->vectors[startvec + i].prio << (8 * i);
+ }
}
break;
case 0xd18 ... 0xd23: /* System Handler Priority. */
@@ -1055,7 +1096,8 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
startvec = 8 * (offset - 0x180) + NVIC_FIRST_IRQ;
for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
- if (value & (1 << i)) {
+ if (value & (1 << i) &&
+ (attrs.secure || s->itns[startvec + i])) {
s->vectors[startvec + i].enabled = setval;
}
}
@@ -1072,7 +1114,8 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
startvec = 8 * (offset - 0x280) + NVIC_FIRST_IRQ; /* vector # */
for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
- if (value & (1 << i)) {
+ if (value & (1 << i) &&
+ (attrs.secure || s->itns[startvec + i])) {
s->vectors[startvec + i].pending = setval;
}
}
@@ -1084,7 +1127,9 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
startvec = 8 * (offset - 0x400) + NVIC_FIRST_IRQ; /* vector # */
for (i = 0; i < size && startvec + i < s->num_irq; i++) {
- set_prio(s, startvec + i, (value >> (i * 8)) & 0xff);
+ if (attrs.secure || s->itns[startvec + i]) {
+ set_prio(s, startvec + i, (value >> (i * 8)) & 0xff);
+ }
}
nvic_irq_update(s);
return MEMTX_OK;
@@ -1223,6 +1268,7 @@ static const VMStateDescription vmstate_nvic_security = {
VMSTATE_STRUCT_ARRAY(sec_vectors, NVICState, NVIC_INTERNAL_VECTORS, 1,
vmstate_VecInfo, VecInfo),
VMSTATE_UINT32(prigroup[M_REG_S], NVICState),
+ VMSTATE_BOOL_ARRAY(itns, NVICState, NVIC_MAX_VECTORS),
VMSTATE_END_OF_LIST()
}
};
@@ -1288,6 +1334,20 @@ static void armv7m_nvic_reset(DeviceState *dev)
s->vectpending = 0;
s->vectpending_is_s_banked = false;
s->vectpending_prio = NVIC_NOEXC_PRIO;
+
+ if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY)) {
+ memset(s->itns, 0, sizeof(s->itns));
+ } else {
+ /* This state is constant and not guest accessible in a non-security
+ * NVIC; we set the bits to true to avoid having to do a feature
+ * bit check in the NVIC enable/pend/etc register accessors.
+ */
+ int i;
+
+ for (i = NVIC_FIRST_IRQ; i < ARRAY_SIZE(s->itns); i++) {
+ s->itns[i] = true;
+ }
+ }
}
static void nvic_systick_trigger(void *opaque, int n, int level)
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 08/31] nvic: Handle banked exceptions in nvic_recompute_state()
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (6 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 07/31] nvic: Implement NVIC_ITNS<n> registers Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 09/31] nvic: Make set_pending and clear_pending take a secure parameter Peter Maydell
` (23 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Update the nvic_recompute_state() code to handle the security
extension and its associated banked registers.
Code that uses the resulting cached state (ie the irq
acknowledge and complete code) will be updated in a later
commit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-9-git-send-email-peter.maydell@linaro.org
---
hw/intc/armv7m_nvic.c | 151 ++++++++++++++++++++++++++++++++++++++++++++++++--
hw/intc/trace-events | 1 +
2 files changed, 147 insertions(+), 5 deletions(-)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 150c719..7081158 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -54,6 +54,8 @@
* (higher than the highest possible priority value)
*/
#define NVIC_NOEXC_PRIO 0x100
+/* Maximum priority of non-secure exceptions when AIRCR.PRIS is set */
+#define NVIC_NS_PRIO_LIMIT 0x80
static const uint8_t nvic_id[] = {
0x00, 0xb0, 0x1b, 0x00, 0x0d, 0xe0, 0x05, 0xb1
@@ -126,13 +128,139 @@ static bool nvic_isrpending(NVICState *s)
return false;
}
+static bool exc_is_banked(int exc)
+{
+ /* Return true if this is one of the limited set of exceptions which
+ * are banked (and thus have state in sec_vectors[])
+ */
+ return exc == ARMV7M_EXCP_HARD ||
+ exc == ARMV7M_EXCP_MEM ||
+ exc == ARMV7M_EXCP_USAGE ||
+ exc == ARMV7M_EXCP_SVC ||
+ exc == ARMV7M_EXCP_PENDSV ||
+ exc == ARMV7M_EXCP_SYSTICK;
+}
+
/* Return a mask word which clears the subpriority bits from
* a priority value for an M-profile exception, leaving only
* the group priority.
*/
-static inline uint32_t nvic_gprio_mask(NVICState *s)
+static inline uint32_t nvic_gprio_mask(NVICState *s, bool secure)
+{
+ return ~0U << (s->prigroup[secure] + 1);
+}
+
+static bool exc_targets_secure(NVICState *s, int exc)
+{
+ /* Return true if this non-banked exception targets Secure state. */
+ if (!arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY)) {
+ return false;
+ }
+
+ if (exc >= NVIC_FIRST_IRQ) {
+ return !s->itns[exc];
+ }
+
+ /* Function shouldn't be called for banked exceptions. */
+ assert(!exc_is_banked(exc));
+
+ switch (exc) {
+ case ARMV7M_EXCP_NMI:
+ case ARMV7M_EXCP_BUS:
+ return !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK);
+ case ARMV7M_EXCP_SECURE:
+ return true;
+ case ARMV7M_EXCP_DEBUG:
+ /* TODO: controlled by DEMCR.SDME, which we don't yet implement */
+ return false;
+ default:
+ /* reset, and reserved (unused) low exception numbers.
+ * We'll get called by code that loops through all the exception
+ * numbers, but it doesn't matter what we return here as these
+ * non-existent exceptions will never be pended or active.
+ */
+ return true;
+ }
+}
+
+static int exc_group_prio(NVICState *s, int rawprio, bool targets_secure)
+{
+ /* Return the group priority for this exception, given its raw
+ * (group-and-subgroup) priority value and whether it is targeting
+ * secure state or not.
+ */
+ if (rawprio < 0) {
+ return rawprio;
+ }
+ rawprio &= nvic_gprio_mask(s, targets_secure);
+ /* AIRCR.PRIS causes us to squash all NS priorities into the
+ * lower half of the total range
+ */
+ if (!targets_secure &&
+ (s->cpu->env.v7m.aircr & R_V7M_AIRCR_PRIS_MASK)) {
+ rawprio = (rawprio >> 1) + NVIC_NS_PRIO_LIMIT;
+ }
+ return rawprio;
+}
+
+/* Recompute vectpending and exception_prio for a CPU which implements
+ * the Security extension
+ */
+static void nvic_recompute_state_secure(NVICState *s)
{
- return ~0U << (s->prigroup[M_REG_NS] + 1);
+ int i, bank;
+ int pend_prio = NVIC_NOEXC_PRIO;
+ int active_prio = NVIC_NOEXC_PRIO;
+ int pend_irq = 0;
+ bool pending_is_s_banked = false;
+
+ /* R_CQRV: precedence is by:
+ * - lowest group priority; if both the same then
+ * - lowest subpriority; if both the same then
+ * - lowest exception number; if both the same (ie banked) then
+ * - secure exception takes precedence
+ * Compare pseudocode RawExecutionPriority.
+ * Annoyingly, now we have two prigroup values (for S and NS)
+ * we can't do the loop comparison on raw priority values.
+ */
+ for (i = 1; i < s->num_irq; i++) {
+ for (bank = M_REG_S; bank >= M_REG_NS; bank--) {
+ VecInfo *vec;
+ int prio;
+ bool targets_secure;
+
+ if (bank == M_REG_S) {
+ if (!exc_is_banked(i)) {
+ continue;
+ }
+ vec = &s->sec_vectors[i];
+ targets_secure = true;
+ } else {
+ vec = &s->vectors[i];
+ targets_secure = !exc_is_banked(i) && exc_targets_secure(s, i);
+ }
+
+ prio = exc_group_prio(s, vec->prio, targets_secure);
+ if (vec->enabled && vec->pending && prio < pend_prio) {
+ pend_prio = prio;
+ pend_irq = i;
+ pending_is_s_banked = (bank == M_REG_S);
+ }
+ if (vec->active && prio < active_prio) {
+ active_prio = prio;
+ }
+ }
+ }
+
+ s->vectpending_is_s_banked = pending_is_s_banked;
+ s->vectpending = pend_irq;
+ s->vectpending_prio = pend_prio;
+ s->exception_prio = active_prio;
+
+ trace_nvic_recompute_state_secure(s->vectpending,
+ s->vectpending_is_s_banked,
+ s->vectpending_prio,
+ s->exception_prio);
}
/* Recompute vectpending and exception_prio */
@@ -143,6 +271,18 @@ static void nvic_recompute_state(NVICState *s)
int active_prio = NVIC_NOEXC_PRIO;
int pend_irq = 0;
+ /* In theory we could write one function that handled both
+ * the "security extension present" and "not present"; however
+ * the security related changes significantly complicate the
+ * recomputation just by themselves and mixing both cases together
+ * would be even worse, so we retain a separate non-secure-only
+ * version for CPUs which don't implement the security extension.
+ */
+ if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY)) {
+ nvic_recompute_state_secure(s);
+ return;
+ }
+
for (i = 1; i < s->num_irq; i++) {
VecInfo *vec = &s->vectors[i];
@@ -156,11 +296,11 @@ static void nvic_recompute_state(NVICState *s)
}
if (active_prio > 0) {
- active_prio &= nvic_gprio_mask(s);
+ active_prio &= nvic_gprio_mask(s, false);
}
if (pend_prio > 0) {
- pend_prio &= nvic_gprio_mask(s);
+ pend_prio &= nvic_gprio_mask(s, false);
}
s->vectpending = pend_irq;
@@ -186,7 +326,8 @@ static inline int nvic_exec_prio(NVICState *s)
} else if (env->v7m.primask[env->v7m.secure]) {
running = 0;
} else if (env->v7m.basepri[env->v7m.secure] > 0) {
- running = env->v7m.basepri[env->v7m.secure] & nvic_gprio_mask(s);
+ running = env->v7m.basepri[env->v7m.secure] &
+ nvic_gprio_mask(s, env->v7m.secure);
} else {
running = NVIC_NOEXC_PRIO; /* lower than any possible priority */
}
diff --git a/hw/intc/trace-events b/hw/intc/trace-events
index 5635a5f..0b1fba3 100644
--- a/hw/intc/trace-events
+++ b/hw/intc/trace-events
@@ -168,6 +168,7 @@ gicv3_redist_send_sgi(uint32_t cpu, int irq) "GICv3 redistributor 0x%x pending S
# hw/intc/armv7m_nvic.c
nvic_recompute_state(int vectpending, int vectpending_prio, int exception_prio) "NVIC state recomputed: vectpending %d vectpending_prio %d exception_prio %d"
+nvic_recompute_state_secure(int vectpending, bool vectpending_is_s_banked, int vectpending_prio, int exception_prio) "NVIC state recomputed: vectpending %d is_s_banked %d vectpending_prio %d exception_prio %d"
nvic_set_prio(int irq, uint8_t prio) "NVIC set irq %d priority %d"
nvic_irq_update(int vectpending, int pendprio, int exception_prio, int level) "NVIC vectpending %d pending prio %d exception_prio %d: setting irq line to %d"
nvic_escalate_prio(int irq, int irqprio, int runprio) "NVIC escalating irq %d to HardFault: insufficient priority %d >= %d"
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 09/31] nvic: Make set_pending and clear_pending take a secure parameter
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (7 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 08/31] nvic: Handle banked exceptions in nvic_recompute_state() Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 10/31] nvic: Make SHPR registers banked Peter Maydell
` (22 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Make the armv7m_nvic_set_pending() and armv7m_nvic_clear_pending()
functions take a bool indicating whether to pend the secure
or non-secure version of a banked interrupt, and update the
callsites accordingly.
In most callsites we can simply pass the correct security
state in; in a couple of cases we use TODO comments to indicate
that we will return the code in a subsequent commit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-10-git-send-email-peter.maydell@linaro.org
---
target/arm/cpu.h | 14 ++++++++++-
hw/intc/armv7m_nvic.c | 64 ++++++++++++++++++++++++++++++++++++++-------------
target/arm/helper.c | 24 +++++++++++--------
hw/intc/trace-events | 4 ++--
4 files changed, 77 insertions(+), 29 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index a52ec6b..b67c29b 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1463,7 +1463,19 @@ static inline bool armv7m_nvic_can_take_pending_exception(void *opaque)
return true;
}
#endif
-void armv7m_nvic_set_pending(void *opaque, int irq);
+/**
+ * armv7m_nvic_set_pending: mark the specified exception as pending
+ * @opaque: the NVIC
+ * @irq: the exception number to mark pending
+ * @secure: false for non-banked exceptions or for the nonsecure
+ * version of a banked exception, true for the secure version of a banked
+ * exception.
+ *
+ * Marks the specified exception as pending. Note that we will assert()
+ * if @secure is true and @irq does not specify one of the fixed set
+ * of architecturally banked exceptions.
+ */
+void armv7m_nvic_set_pending(void *opaque, int irq, bool secure);
void armv7m_nvic_acknowledge_irq(void *opaque);
/**
* armv7m_nvic_complete_irq: complete specified interrupt or exception
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 7081158..1694c1e 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -384,31 +384,50 @@ static void nvic_irq_update(NVICState *s)
qemu_set_irq(s->excpout, lvl);
}
-static void armv7m_nvic_clear_pending(void *opaque, int irq)
+/**
+ * armv7m_nvic_clear_pending: mark the specified exception as not pending
+ * @opaque: the NVIC
+ * @irq: the exception number to mark as not pending
+ * @secure: false for non-banked exceptions or for the nonsecure
+ * version of a banked exception, true for the secure version of a banked
+ * exception.
+ *
+ * Marks the specified exception as not pending. Note that we will assert()
+ * if @secure is true and @irq does not specify one of the fixed set
+ * of architecturally banked exceptions.
+ */
+static void armv7m_nvic_clear_pending(void *opaque, int irq, bool secure)
{
NVICState *s = (NVICState *)opaque;
VecInfo *vec;
assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq);
- vec = &s->vectors[irq];
- trace_nvic_clear_pending(irq, vec->enabled, vec->prio);
+ if (secure) {
+ assert(exc_is_banked(irq));
+ vec = &s->sec_vectors[irq];
+ } else {
+ vec = &s->vectors[irq];
+ }
+ trace_nvic_clear_pending(irq, secure, vec->enabled, vec->prio);
if (vec->pending) {
vec->pending = 0;
nvic_irq_update(s);
}
}
-void armv7m_nvic_set_pending(void *opaque, int irq)
+void armv7m_nvic_set_pending(void *opaque, int irq, bool secure)
{
NVICState *s = (NVICState *)opaque;
+ bool banked = exc_is_banked(irq);
VecInfo *vec;
assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq);
+ assert(!secure || banked);
- vec = &s->vectors[irq];
- trace_nvic_set_pending(irq, vec->enabled, vec->prio);
+ vec = (banked && secure) ? &s->sec_vectors[irq] : &s->vectors[irq];
+ trace_nvic_set_pending(irq, secure, vec->enabled, vec->prio);
if (irq >= ARMV7M_EXCP_HARD && irq < ARMV7M_EXCP_PENDSV) {
/* If a synchronous exception is pending then it may be
@@ -454,9 +473,20 @@ void armv7m_nvic_set_pending(void *opaque, int irq)
"(current priority %d)\n", irq, running);
}
- /* We can do the escalation, so we take HardFault instead */
+ /* We can do the escalation, so we take HardFault instead.
+ * If BFHFNMINS is set then we escalate to the banked HF for
+ * the target security state of the original exception; otherwise
+ * we take a Secure HardFault.
+ */
irq = ARMV7M_EXCP_HARD;
- vec = &s->vectors[irq];
+ if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY) &&
+ (secure ||
+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK))) {
+ vec = &s->sec_vectors[irq];
+ } else {
+ vec = &s->vectors[irq];
+ }
+ /* HF may be banked but there is only one shared HFSR */
s->cpu->env.v7m.hfsr |= R_V7M_HFSR_FORCED_MASK;
}
}
@@ -551,7 +581,7 @@ static void set_irq_level(void *opaque, int n, int level)
if (level != vec->level) {
vec->level = level;
if (level) {
- armv7m_nvic_set_pending(s, n);
+ armv7m_nvic_set_pending(s, n, false);
}
}
}
@@ -837,17 +867,17 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
}
case 0xd04: /* Interrupt Control State. */
if (value & (1 << 31)) {
- armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI);
+ armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI, false);
}
if (value & (1 << 28)) {
- armv7m_nvic_set_pending(s, ARMV7M_EXCP_PENDSV);
+ armv7m_nvic_set_pending(s, ARMV7M_EXCP_PENDSV, attrs.secure);
} else if (value & (1 << 27)) {
- armv7m_nvic_clear_pending(s, ARMV7M_EXCP_PENDSV);
+ armv7m_nvic_clear_pending(s, ARMV7M_EXCP_PENDSV, attrs.secure);
}
if (value & (1 << 26)) {
- armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK);
+ armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK, attrs.secure);
} else if (value & (1 << 25)) {
- armv7m_nvic_clear_pending(s, ARMV7M_EXCP_SYSTICK);
+ armv7m_nvic_clear_pending(s, ARMV7M_EXCP_SYSTICK, attrs.secure);
}
break;
case 0xd08: /* Vector Table Offset. */
@@ -1093,7 +1123,7 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
{
int excnum = (value & 0x1ff) + NVIC_FIRST_IRQ;
if (excnum < s->num_irq) {
- armv7m_nvic_set_pending(s, excnum);
+ armv7m_nvic_set_pending(s, excnum, false);
}
break;
}
@@ -1499,8 +1529,10 @@ static void nvic_systick_trigger(void *opaque, int n, int level)
/* SysTick just asked us to pend its exception.
* (This is different from an external interrupt line's
* behaviour.)
+ * TODO: when we implement the banked systicks we must make
+ * this pend the correct banked exception.
*/
- armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK);
+ armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK, false);
}
}
diff --git a/target/arm/helper.c b/target/arm/helper.c
index f4f2a87..b64acd8 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6306,7 +6306,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
* stack, directly take a usage fault on the current stack.
*/
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
- armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);
v7m_exception_taken(cpu, excret);
qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "
"stackframe: failed exception return integrity check\n");
@@ -6345,8 +6345,11 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
* exception return excret specified then this is a UsageFault.
*/
if (return_to_handler != arm_v7m_is_handler_mode(env)) {
- /* Take an INVPC UsageFault by pushing the stack again. */
- armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
+ /* Take an INVPC UsageFault by pushing the stack again.
+ * TODO: the v8M version of this code should target the
+ * background state for this exception.
+ */
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, false);
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
v7m_push_stack(cpu);
v7m_exception_taken(cpu, excret);
@@ -6406,20 +6409,20 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
handle it. */
switch (cs->exception_index) {
case EXCP_UDEF:
- armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_UNDEFINSTR_MASK;
break;
case EXCP_NOCP:
- armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_NOCP_MASK;
break;
case EXCP_INVSTATE:
- armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVSTATE_MASK;
break;
case EXCP_SWI:
/* The PC already points to the next instruction. */
- armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC, env->v7m.secure);
break;
case EXCP_PREFETCH_ABORT:
case EXCP_DATA_ABORT:
@@ -6443,7 +6446,7 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
env->v7m.bfar);
break;
}
- armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS);
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS, false);
break;
default:
/* All other FSR values are either MPU faults or "can't happen
@@ -6463,7 +6466,8 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
env->v7m.mmfar[env->v7m.secure]);
break;
}
- armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM);
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM,
+ env->v7m.secure);
break;
}
break;
@@ -6480,7 +6484,7 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
return;
}
}
- armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG);
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG, false);
break;
case EXCP_IRQ:
break;
diff --git a/hw/intc/trace-events b/hw/intc/trace-events
index 0b1fba3..94038b6 100644
--- a/hw/intc/trace-events
+++ b/hw/intc/trace-events
@@ -173,8 +173,8 @@ nvic_set_prio(int irq, uint8_t prio) "NVIC set irq %d priority %d"
nvic_irq_update(int vectpending, int pendprio, int exception_prio, int level) "NVIC vectpending %d pending prio %d exception_prio %d: setting irq line to %d"
nvic_escalate_prio(int irq, int irqprio, int runprio) "NVIC escalating irq %d to HardFault: insufficient priority %d >= %d"
nvic_escalate_disabled(int irq) "NVIC escalating irq %d to HardFault: disabled"
-nvic_set_pending(int irq, int en, int prio) "NVIC set pending irq %d (enabled: %d priority %d)"
-nvic_clear_pending(int irq, int en, int prio) "NVIC clear pending irq %d (enabled: %d priority %d)"
+nvic_set_pending(int irq, bool secure, int en, int prio) "NVIC set pending irq %d secure-bank %d (enabled: %d priority %d)"
+nvic_clear_pending(int irq, bool secure, int en, int prio) "NVIC clear pending irq %d secure-bank %d (enabled: %d priority %d)"
nvic_set_pending_level(int irq) "NVIC set pending: irq %d higher prio than vectpending: setting irq line to 1"
nvic_acknowledge_irq(int irq, int prio) "NVIC acknowledge IRQ: %d now active (prio %d)"
nvic_complete_irq(int irq) "NVIC complete IRQ %d"
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 10/31] nvic: Make SHPR registers banked
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (8 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 09/31] nvic: Make set_pending and clear_pending take a secure parameter Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 11/31] nvic: Compare group priority for escalation to HF Peter Maydell
` (21 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Make the set_prio() function take a bool indicating
whether to pend the secure or non-secure version of a banked
interrupt, and use this to implement the correct banking
semantics for the SHPR registers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-11-git-send-email-peter.maydell@linaro.org
---
hw/intc/armv7m_nvic.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++-----
hw/intc/trace-events | 2 +-
2 files changed, 88 insertions(+), 10 deletions(-)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 1694c1e..6831ec5 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -349,15 +349,40 @@ int armv7m_nvic_raw_execution_priority(void *opaque)
return s->exception_prio;
}
-/* caller must call nvic_irq_update() after this */
-static void set_prio(NVICState *s, unsigned irq, uint8_t prio)
+/* caller must call nvic_irq_update() after this.
+ * secure indicates the bank to use for banked exceptions (we assert if
+ * we are passed secure=true for a non-banked exception).
+ */
+static void set_prio(NVICState *s, unsigned irq, bool secure, uint8_t prio)
{
assert(irq > ARMV7M_EXCP_NMI); /* only use for configurable prios */
assert(irq < s->num_irq);
- s->vectors[irq].prio = prio;
+ if (secure) {
+ assert(exc_is_banked(irq));
+ s->sec_vectors[irq].prio = prio;
+ } else {
+ s->vectors[irq].prio = prio;
+ }
+
+ trace_nvic_set_prio(irq, secure, prio);
+}
+
+/* Return the current raw priority register value.
+ * secure indicates the bank to use for banked exceptions (we assert if
+ * we are passed secure=true for a non-banked exception).
+ */
+static int get_prio(NVICState *s, unsigned irq, bool secure)
+{
+ assert(irq > ARMV7M_EXCP_NMI); /* only use for configurable prios */
+ assert(irq < s->num_irq);
- trace_nvic_set_prio(irq, prio);
+ if (secure) {
+ assert(exc_is_banked(irq));
+ return s->sec_vectors[irq].prio;
+ } else {
+ return s->vectors[irq].prio;
+ }
}
/* Recompute state and assert irq line accordingly.
@@ -1149,6 +1174,47 @@ static bool nvic_user_access_ok(NVICState *s, hwaddr offset, MemTxAttrs attrs)
}
}
+static int shpr_bank(NVICState *s, int exc, MemTxAttrs attrs)
+{
+ /* Behaviour for the SHPR register field for this exception:
+ * return M_REG_NS to use the nonsecure vector (including for
+ * non-banked exceptions), M_REG_S for the secure version of
+ * a banked exception, and -1 if this field should RAZ/WI.
+ */
+ switch (exc) {
+ case ARMV7M_EXCP_MEM:
+ case ARMV7M_EXCP_USAGE:
+ case ARMV7M_EXCP_SVC:
+ case ARMV7M_EXCP_PENDSV:
+ case ARMV7M_EXCP_SYSTICK:
+ /* Banked exceptions */
+ return attrs.secure;
+ case ARMV7M_EXCP_BUS:
+ /* Not banked, RAZ/WI from nonsecure if BFHFNMINS is zero */
+ if (!attrs.secure &&
+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
+ return -1;
+ }
+ return M_REG_NS;
+ case ARMV7M_EXCP_SECURE:
+ /* Not banked, RAZ/WI from nonsecure */
+ if (!attrs.secure) {
+ return -1;
+ }
+ return M_REG_NS;
+ case ARMV7M_EXCP_DEBUG:
+ /* Not banked. TODO should RAZ/WI if DEMCR.SDME is set */
+ return M_REG_NS;
+ case 8 ... 10:
+ case 13:
+ /* RES0 */
+ return -1;
+ default:
+ /* Not reachable due to decode of SHPR register addresses */
+ g_assert_not_reached();
+ }
+}
+
static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
uint64_t *data, unsigned size,
MemTxAttrs attrs)
@@ -1213,10 +1279,16 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
}
}
break;
- case 0xd18 ... 0xd23: /* System Handler Priority. */
+ case 0xd18 ... 0xd23: /* System Handler Priority (SHPR1, SHPR2, SHPR3) */
val = 0;
for (i = 0; i < size; i++) {
- val |= s->vectors[(offset - 0xd14) + i].prio << (i * 8);
+ unsigned hdlidx = (offset - 0xd14) + i;
+ int sbank = shpr_bank(s, hdlidx, attrs);
+
+ if (sbank < 0) {
+ continue;
+ }
+ val = deposit32(val, i * 8, 8, get_prio(s, hdlidx, sbank));
}
break;
case 0xfe0 ... 0xfff: /* ID. */
@@ -1299,15 +1371,21 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
for (i = 0; i < size && startvec + i < s->num_irq; i++) {
if (attrs.secure || s->itns[startvec + i]) {
- set_prio(s, startvec + i, (value >> (i * 8)) & 0xff);
+ set_prio(s, startvec + i, false, (value >> (i * 8)) & 0xff);
}
}
nvic_irq_update(s);
return MEMTX_OK;
- case 0xd18 ... 0xd23: /* System Handler Priority. */
+ case 0xd18 ... 0xd23: /* System Handler Priority (SHPR1, SHPR2, SHPR3) */
for (i = 0; i < size; i++) {
unsigned hdlidx = (offset - 0xd14) + i;
- set_prio(s, hdlidx, (value >> (i * 8)) & 0xff);
+ int newprio = extract32(value, i * 8, 8);
+ int sbank = shpr_bank(s, hdlidx, attrs);
+
+ if (sbank < 0) {
+ continue;
+ }
+ set_prio(s, hdlidx, sbank, newprio);
}
nvic_irq_update(s);
return MEMTX_OK;
diff --git a/hw/intc/trace-events b/hw/intc/trace-events
index 94038b6..29bd308 100644
--- a/hw/intc/trace-events
+++ b/hw/intc/trace-events
@@ -169,7 +169,7 @@ gicv3_redist_send_sgi(uint32_t cpu, int irq) "GICv3 redistributor 0x%x pending S
# hw/intc/armv7m_nvic.c
nvic_recompute_state(int vectpending, int vectpending_prio, int exception_prio) "NVIC state recomputed: vectpending %d vectpending_prio %d exception_prio %d"
nvic_recompute_state_secure(int vectpending, bool vectpending_is_s_banked, int vectpending_prio, int exception_prio) "NVIC state recomputed: vectpending %d is_s_banked %d vectpending_prio %d exception_prio %d"
-nvic_set_prio(int irq, uint8_t prio) "NVIC set irq %d priority %d"
+nvic_set_prio(int irq, bool secure, uint8_t prio) "NVIC set irq %d secure-bank %d priority %d"
nvic_irq_update(int vectpending, int pendprio, int exception_prio, int level) "NVIC vectpending %d pending prio %d exception_prio %d: setting irq line to %d"
nvic_escalate_prio(int irq, int irqprio, int runprio) "NVIC escalating irq %d to HardFault: insufficient priority %d >= %d"
nvic_escalate_disabled(int irq) "NVIC escalating irq %d to HardFault: disabled"
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 11/31] nvic: Compare group priority for escalation to HF
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (9 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 10/31] nvic: Make SHPR registers banked Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 12/31] nvic: In escalation to HardFault, support HF not being priority -1 Peter Maydell
` (20 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
In armv7m_nvic_set_pending() we have to compare the
priority of an exception against the execution priority
to decide whether it needs to be escalated to HardFault.
In the specification this is a comparison against the
exception's group priority; for v7M we implemented it
as a comparison against the raw exception priority
because the two comparisons will always give the
same answer. For v8M the existence of AIRCR.PRIS and
the possibility of different PRIGROUP values for secure
and nonsecure exceptions means we need to explicitly
calculate the vector's group priority for this check.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-12-git-send-email-peter.maydell@linaro.org
---
hw/intc/armv7m_nvic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 6831ec5..d4b410d 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -478,7 +478,7 @@ void armv7m_nvic_set_pending(void *opaque, int irq, bool secure)
int running = nvic_exec_prio(s);
bool escalate = false;
- if (vec->prio >= running) {
+ if (exc_group_prio(s, vec->prio, secure) >= running) {
trace_nvic_escalate_prio(irq, vec->prio, running);
escalate = true;
} else if (!vec->enabled) {
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 12/31] nvic: In escalation to HardFault, support HF not being priority -1
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (10 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 11/31] nvic: Compare group priority for escalation to HF Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 13/31] nvic: Implement v8M changes to fixed priority exceptions Peter Maydell
` (19 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
When escalating to HardFault, we must go into Lockup if we
can't take the synchronous HardFault because the current
execution priority is already at or below the priority of
HardFault. In v7M HF is always priority -1 so a simple < 0
comparison sufficed; in v8M the priority of HardFault can
vary depending on whether it is a Secure or NonSecure
HardFault, so we must check against the priority of the
HardFault exception vector we're about to use.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-13-git-send-email-peter.maydell@linaro.org
---
hw/intc/armv7m_nvic.c | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index d4b410d..1a8ce01 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -487,18 +487,8 @@ void armv7m_nvic_set_pending(void *opaque, int irq, bool secure)
}
if (escalate) {
- if (running < 0) {
- /* We want to escalate to HardFault but we can't take a
- * synchronous HardFault at this point either. This is a
- * Lockup condition due to a guest bug. We don't model
- * Lockup, so report via cpu_abort() instead.
- */
- cpu_abort(&s->cpu->parent_obj,
- "Lockup: can't escalate %d to HardFault "
- "(current priority %d)\n", irq, running);
- }
- /* We can do the escalation, so we take HardFault instead.
+ /* We need to escalate this exception to a synchronous HardFault.
* If BFHFNMINS is set then we escalate to the banked HF for
* the target security state of the original exception; otherwise
* we take a Secure HardFault.
@@ -511,6 +501,17 @@ void armv7m_nvic_set_pending(void *opaque, int irq, bool secure)
} else {
vec = &s->vectors[irq];
}
+ if (running <= vec->prio) {
+ /* We want to escalate to HardFault but we can't take the
+ * synchronous HardFault at this point either. This is a
+ * Lockup condition due to a guest bug. We don't model
+ * Lockup, so report via cpu_abort() instead.
+ */
+ cpu_abort(&s->cpu->parent_obj,
+ "Lockup: can't escalate %d to HardFault "
+ "(current priority %d)\n", irq, running);
+ }
+
/* HF may be banked but there is only one shared HFSR */
s->cpu->env.v7m.hfsr |= R_V7M_HFSR_FORCED_MASK;
}
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 13/31] nvic: Implement v8M changes to fixed priority exceptions
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (11 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 12/31] nvic: In escalation to HardFault, support HF not being priority -1 Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 14/31] nvic: Disable the non-secure HardFault if AIRCR.BFHFNMINS is clear Peter Maydell
` (18 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
In v7M, the fixed-priority exceptions are:
Reset: -3
NMI: -2
HardFault: -1
In v8M, this changes because Secure HardFault may need
to be prioritised above NMI:
Reset: -4
Secure HardFault if AIRCR.BFHFNMINS == 1: -3
NMI: -2
Secure HardFault if AIRCR.BFHFNMINS == 0: -1
NonSecure HardFault: -1
Make these changes, including support for changing the
priority of Secure HardFault as AIRCR.BFHFNMINS changes.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-14-git-send-email-peter.maydell@linaro.org
---
hw/intc/armv7m_nvic.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 1a8ce01..0c1d591 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -937,6 +937,12 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
(R_V7M_AIRCR_SYSRESETREQS_MASK |
R_V7M_AIRCR_BFHFNMINS_MASK |
R_V7M_AIRCR_PRIS_MASK);
+ /* BFHFNMINS changes the priority of Secure HardFault */
+ if (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
+ s->sec_vectors[ARMV7M_EXCP_HARD].prio = -3;
+ } else {
+ s->sec_vectors[ARMV7M_EXCP_HARD].prio = -1;
+ }
}
nvic_irq_update(s);
}
@@ -1452,9 +1458,12 @@ static int nvic_post_load(void *opaque, int version_id)
{
NVICState *s = opaque;
unsigned i;
+ int resetprio;
/* Check for out of range priority settings */
- if (s->vectors[ARMV7M_EXCP_RESET].prio != -3 ||
+ resetprio = arm_feature(&s->cpu->env, ARM_FEATURE_V8) ? -4 : -3;
+
+ if (s->vectors[ARMV7M_EXCP_RESET].prio != resetprio ||
s->vectors[ARMV7M_EXCP_NMI].prio != -2 ||
s->vectors[ARMV7M_EXCP_HARD].prio != -1) {
return 1;
@@ -1497,7 +1506,12 @@ static int nvic_security_post_load(void *opaque, int version_id)
int i;
/* Check for out of range priority settings */
- if (s->sec_vectors[ARMV7M_EXCP_HARD].prio != -1) {
+ if (s->sec_vectors[ARMV7M_EXCP_HARD].prio != -1
+ && s->sec_vectors[ARMV7M_EXCP_HARD].prio != -3) {
+ /* We can't cross-check against AIRCR.BFHFNMINS as we don't know
+ * if the CPU state has been migrated yet; a mismatch won't
+ * cause the emulation to blow up, though.
+ */
return 1;
}
for (i = ARMV7M_EXCP_MEM; i < ARRAY_SIZE(s->sec_vectors); i++) {
@@ -1548,6 +1562,7 @@ static Property props_nvic[] = {
static void armv7m_nvic_reset(DeviceState *dev)
{
+ int resetprio;
NVICState *s = NVIC(dev);
s->vectors[ARMV7M_EXCP_NMI].enabled = 1;
@@ -1560,7 +1575,8 @@ static void armv7m_nvic_reset(DeviceState *dev)
s->vectors[ARMV7M_EXCP_PENDSV].enabled = 1;
s->vectors[ARMV7M_EXCP_SYSTICK].enabled = 1;
- s->vectors[ARMV7M_EXCP_RESET].prio = -3;
+ resetprio = arm_feature(&s->cpu->env, ARM_FEATURE_V8) ? -4 : -3;
+ s->vectors[ARMV7M_EXCP_RESET].prio = resetprio;
s->vectors[ARMV7M_EXCP_NMI].prio = -2;
s->vectors[ARMV7M_EXCP_HARD].prio = -1;
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 14/31] nvic: Disable the non-secure HardFault if AIRCR.BFHFNMINS is clear
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (12 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 13/31] nvic: Implement v8M changes to fixed priority exceptions Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 15/31] nvic: Handle v8M changes in nvic_exec_prio() Peter Maydell
` (17 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
If AIRCR.BFHFNMINS is clear, then although NonSecure HardFault
can still be pended via SHCSR.HARDFAULTPENDED it mustn't actually
preempt execution. The simple way to achieve this is to clear the
enable bit for it, since the enable bit isn't guest visible.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-15-git-send-email-peter.maydell@linaro.org
---
hw/intc/armv7m_nvic.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 0c1d591..35225c8 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -937,11 +937,16 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
(R_V7M_AIRCR_SYSRESETREQS_MASK |
R_V7M_AIRCR_BFHFNMINS_MASK |
R_V7M_AIRCR_PRIS_MASK);
- /* BFHFNMINS changes the priority of Secure HardFault */
+ /* BFHFNMINS changes the priority of Secure HardFault, and
+ * allows a pending Non-secure HardFault to preempt (which
+ * we implement by marking it enabled).
+ */
if (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
s->sec_vectors[ARMV7M_EXCP_HARD].prio = -3;
+ s->vectors[ARMV7M_EXCP_HARD].enabled = 1;
} else {
s->sec_vectors[ARMV7M_EXCP_HARD].prio = -1;
+ s->vectors[ARMV7M_EXCP_HARD].enabled = 0;
}
}
nvic_irq_update(s);
@@ -1566,7 +1571,6 @@ static void armv7m_nvic_reset(DeviceState *dev)
NVICState *s = NVIC(dev);
s->vectors[ARMV7M_EXCP_NMI].enabled = 1;
- s->vectors[ARMV7M_EXCP_HARD].enabled = 1;
/* MEM, BUS, and USAGE are enabled through
* the System Handler Control register
*/
@@ -1588,6 +1592,10 @@ static void armv7m_nvic_reset(DeviceState *dev)
/* AIRCR.BFHFNMINS resets to 0 so Secure HF is priority -1 (R_CMTC) */
s->sec_vectors[ARMV7M_EXCP_HARD].prio = -1;
+ /* If AIRCR.BFHFNMINS is 0 then NS HF is (effectively) disabled */
+ s->vectors[ARMV7M_EXCP_HARD].enabled = 0;
+ } else {
+ s->vectors[ARMV7M_EXCP_HARD].enabled = 1;
}
/* Strictly speaking the reset handler should be enabled.
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 15/31] nvic: Handle v8M changes in nvic_exec_prio()
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (13 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 14/31] nvic: Disable the non-secure HardFault if AIRCR.BFHFNMINS is clear Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 16/31] target/arm: Handle banking in negative-execution-priority check in cpu_mmu_index() Peter Maydell
` (16 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Update nvic_exec_prio() to support the v8M changes:
* BASEPRI, FAULTMASK and PRIMASK are all banked
* AIRCR.PRIS can affect NS priorities
* AIRCR.BFHFNMINS affects FAULTMASK behaviour
These changes mean that it's no longer possible to
definitely say that if FAULTMASK is set it overrides
PRIMASK, and if PRIMASK is set it overrides BASEPRI
(since if PRIMASK_NS is set and AIRCR.PRIS is set then
whether that 0x80 priority should take effect or the
priority in BASEPRI_S depends on the value of BASEPRI_S,
for instance). So we switch to the same approach used
by the pseudocode of working through BASEPRI, PRIMASK
and FAULTMASK and overriding the previous values if
needed.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-16-git-send-email-peter.maydell@linaro.org
---
hw/intc/armv7m_nvic.c | 51 ++++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 42 insertions(+), 9 deletions(-)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 35225c8..1f9e1aa 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -319,18 +319,51 @@ static void nvic_recompute_state(NVICState *s)
static inline int nvic_exec_prio(NVICState *s)
{
CPUARMState *env = &s->cpu->env;
- int running;
+ int running = NVIC_NOEXC_PRIO;
- if (env->v7m.faultmask[env->v7m.secure]) {
- running = -1;
- } else if (env->v7m.primask[env->v7m.secure]) {
+ if (env->v7m.basepri[M_REG_NS] > 0) {
+ running = exc_group_prio(s, env->v7m.basepri[M_REG_NS], M_REG_NS);
+ }
+
+ if (env->v7m.basepri[M_REG_S] > 0) {
+ int basepri = exc_group_prio(s, env->v7m.basepri[M_REG_S], M_REG_S);
+ if (running > basepri) {
+ running = basepri;
+ }
+ }
+
+ if (env->v7m.primask[M_REG_NS]) {
+ if (env->v7m.aircr & R_V7M_AIRCR_PRIS_MASK) {
+ if (running > NVIC_NS_PRIO_LIMIT) {
+ running = NVIC_NS_PRIO_LIMIT;
+ }
+ } else {
+ running = 0;
+ }
+ }
+
+ if (env->v7m.primask[M_REG_S]) {
running = 0;
- } else if (env->v7m.basepri[env->v7m.secure] > 0) {
- running = env->v7m.basepri[env->v7m.secure] &
- nvic_gprio_mask(s, env->v7m.secure);
- } else {
- running = NVIC_NOEXC_PRIO; /* lower than any possible priority */
}
+
+ if (env->v7m.faultmask[M_REG_NS]) {
+ if (env->v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
+ running = -1;
+ } else {
+ if (env->v7m.aircr & R_V7M_AIRCR_PRIS_MASK) {
+ if (running > NVIC_NS_PRIO_LIMIT) {
+ running = NVIC_NS_PRIO_LIMIT;
+ }
+ } else {
+ running = 0;
+ }
+ }
+ }
+
+ if (env->v7m.faultmask[M_REG_S]) {
+ running = (env->v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) ? -3 : -1;
+ }
+
/* consider priority of active handler */
return MIN(running, s->exception_prio);
}
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 16/31] target/arm: Handle banking in negative-execution-priority check in cpu_mmu_index()
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (14 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 15/31] nvic: Handle v8M changes in nvic_exec_prio() Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 17/31] nvic: Make ICSR banked for v8M Peter Maydell
` (15 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Now that we have a banked FAULTMASK register and banked exceptions,
we can implement the correct check in cpu_mmu_index() for whether
the MPU_CTRL.HFNMIENA bit's effect should apply. This bit causes
handlers which have requested a negative execution priority to run
with the MPU disabled. In v8M the test has to check this for the
current security state and so takes account of banking.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-17-git-send-email-peter.maydell@linaro.org
---
target/arm/cpu.h | 21 ++++++++++++++++-----
hw/intc/armv7m_nvic.c | 29 +++++++++++++++++++++++++++++
2 files changed, 45 insertions(+), 5 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b67c29b..c21c592 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1498,6 +1498,21 @@ int armv7m_nvic_complete_irq(void *opaque, int irq);
* (v8M ARM ARM I_PKLD.)
*/
int armv7m_nvic_raw_execution_priority(void *opaque);
+/**
+ * armv7m_nvic_neg_prio_requested: return true if the requested execution
+ * priority is negative for the specified security state.
+ * @opaque: the NVIC
+ * @secure: the security state to test
+ * This corresponds to the pseudocode IsReqExecPriNeg().
+ */
+#ifndef CONFIG_USER_ONLY
+bool armv7m_nvic_neg_prio_requested(void *opaque, bool secure);
+#else
+static inline bool armv7m_nvic_neg_prio_requested(void *opaque, bool secure)
+{
+ return false;
+}
+#endif
/* Interface for defining coprocessor registers.
* Registers are defined in tables of arm_cp_reginfo structs
@@ -2283,11 +2298,7 @@ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch)
if (arm_feature(env, ARM_FEATURE_M)) {
ARMMMUIdx mmu_idx = el == 0 ? ARMMMUIdx_MUser : ARMMMUIdx_MPriv;
- /* Execution priority is negative if FAULTMASK is set or
- * we're in a HardFault or NMI handler.
- */
- if ((env->v7m.exception > 0 && env->v7m.exception <= 3)
- || env->v7m.faultmask[env->v7m.secure]) {
+ if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) {
mmu_idx = ARMMMUIdx_MNegPri;
}
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 1f9e1aa..1aa925b 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -368,6 +368,35 @@ static inline int nvic_exec_prio(NVICState *s)
return MIN(running, s->exception_prio);
}
+bool armv7m_nvic_neg_prio_requested(void *opaque, bool secure)
+{
+ /* Return true if the requested execution priority is negative
+ * for the specified security state, ie that security state
+ * has an active NMI or HardFault or has set its FAULTMASK.
+ * Note that this is not the same as whether the execution
+ * priority is actually negative (for instance AIRCR.PRIS may
+ * mean we don't allow FAULTMASK_NS to actually make the execution
+ * priority negative). Compare pseudocode IsReqExcPriNeg().
+ */
+ NVICState *s = opaque;
+
+ if (s->cpu->env.v7m.faultmask[secure]) {
+ return true;
+ }
+
+ if (secure ? s->sec_vectors[ARMV7M_EXCP_HARD].active :
+ s->vectors[ARMV7M_EXCP_HARD].active) {
+ return true;
+ }
+
+ if (s->vectors[ARMV7M_EXCP_NMI].active &&
+ exc_targets_secure(s, ARMV7M_EXCP_NMI) == secure) {
+ return true;
+ }
+
+ return false;
+}
+
bool armv7m_nvic_can_take_pending_exception(void *opaque)
{
NVICState *s = opaque;
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 17/31] nvic: Make ICSR banked for v8M
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (15 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 16/31] target/arm: Handle banking in negative-execution-priority check in cpu_mmu_index() Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 18/31] nvic: Make SHCSR " Peter Maydell
` (14 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
The ICSR NVIC register is banked for v8M. This doesn't
require any new state, but it does mean that some bits
are controlled by BFHNFNMINS and some bits must work
with the correct banked exception. There is also a new
in v8M PENDNMICLR bit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-18-git-send-email-peter.maydell@linaro.org
---
hw/intc/armv7m_nvic.c | 45 ++++++++++++++++++++++++++++++++-------------
1 file changed, 32 insertions(+), 13 deletions(-)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 1aa925b..284521f 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -703,7 +703,7 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
}
case 0xd00: /* CPUID Base. */
return cpu->midr;
- case 0xd04: /* Interrupt Control State. */
+ case 0xd04: /* Interrupt Control State (ICSR) */
/* VECTACTIVE */
val = cpu->env.v7m.exception;
/* VECTPENDING */
@@ -716,19 +716,32 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
if (nvic_rettobase(s)) {
val |= (1 << 11);
}
- /* PENDSTSET */
- if (s->vectors[ARMV7M_EXCP_SYSTICK].pending) {
- val |= (1 << 26);
- }
- /* PENDSVSET */
- if (s->vectors[ARMV7M_EXCP_PENDSV].pending) {
- val |= (1 << 28);
+ if (attrs.secure) {
+ /* PENDSTSET */
+ if (s->sec_vectors[ARMV7M_EXCP_SYSTICK].pending) {
+ val |= (1 << 26);
+ }
+ /* PENDSVSET */
+ if (s->sec_vectors[ARMV7M_EXCP_PENDSV].pending) {
+ val |= (1 << 28);
+ }
+ } else {
+ /* PENDSTSET */
+ if (s->vectors[ARMV7M_EXCP_SYSTICK].pending) {
+ val |= (1 << 26);
+ }
+ /* PENDSVSET */
+ if (s->vectors[ARMV7M_EXCP_PENDSV].pending) {
+ val |= (1 << 28);
+ }
}
/* NMIPENDSET */
- if (s->vectors[ARMV7M_EXCP_NMI].pending) {
+ if ((cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) &&
+ s->vectors[ARMV7M_EXCP_NMI].pending) {
val |= (1 << 31);
}
- /* ISRPREEMPT not implemented */
+ /* ISRPREEMPT: RES0 when halting debug not implemented */
+ /* STTNS: RES0 for the Main Extension */
return val;
case 0xd08: /* Vector Table Offset. */
return cpu->env.v7m.vecbase[attrs.secure];
@@ -953,9 +966,15 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
nvic_irq_update(s);
break;
}
- case 0xd04: /* Interrupt Control State. */
- if (value & (1 << 31)) {
- armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI, false);
+ case 0xd04: /* Interrupt Control State (ICSR) */
+ if (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
+ if (value & (1 << 31)) {
+ armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI, false);
+ } else if (value & (1 << 30) &&
+ arm_feature(&cpu->env, ARM_FEATURE_V8)) {
+ /* PENDNMICLR didn't exist in v7M */
+ armv7m_nvic_clear_pending(s, ARMV7M_EXCP_NMI, false);
+ }
}
if (value & (1 << 28)) {
armv7m_nvic_set_pending(s, ARMV7M_EXCP_PENDSV, attrs.secure);
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 18/31] nvic: Make SHCSR banked for v8M
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (16 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 17/31] nvic: Make ICSR banked for v8M Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 19/31] nvic: Support banked exceptions in acknowledge and complete Peter Maydell
` (13 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Handle banking of SHCSR: some register bits are banked between
Secure and Non-Secure, and some are only accessible to Secure.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-19-git-send-email-peter.maydell@linaro.org
---
hw/intc/armv7m_nvic.c | 221 ++++++++++++++++++++++++++++++++++++++------------
1 file changed, 169 insertions(+), 52 deletions(-)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 284521f..19b0be1 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -770,50 +770,117 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
val = cpu->env.v7m.ccr[attrs.secure];
val |= cpu->env.v7m.ccr[M_REG_NS] & R_V7M_CCR_BFHFNMIGN_MASK;
return val;
- case 0xd24: /* System Handler Status. */
+ case 0xd24: /* System Handler Control and State (SHCSR) */
val = 0;
- if (s->vectors[ARMV7M_EXCP_MEM].active) {
- val |= (1 << 0);
- }
- if (s->vectors[ARMV7M_EXCP_BUS].active) {
- val |= (1 << 1);
- }
- if (s->vectors[ARMV7M_EXCP_USAGE].active) {
- val |= (1 << 3);
+ if (attrs.secure) {
+ if (s->sec_vectors[ARMV7M_EXCP_MEM].active) {
+ val |= (1 << 0);
+ }
+ if (s->sec_vectors[ARMV7M_EXCP_HARD].active) {
+ val |= (1 << 2);
+ }
+ if (s->sec_vectors[ARMV7M_EXCP_USAGE].active) {
+ val |= (1 << 3);
+ }
+ if (s->sec_vectors[ARMV7M_EXCP_SVC].active) {
+ val |= (1 << 7);
+ }
+ if (s->sec_vectors[ARMV7M_EXCP_PENDSV].active) {
+ val |= (1 << 10);
+ }
+ if (s->sec_vectors[ARMV7M_EXCP_SYSTICK].active) {
+ val |= (1 << 11);
+ }
+ if (s->sec_vectors[ARMV7M_EXCP_USAGE].pending) {
+ val |= (1 << 12);
+ }
+ if (s->sec_vectors[ARMV7M_EXCP_MEM].pending) {
+ val |= (1 << 13);
+ }
+ if (s->sec_vectors[ARMV7M_EXCP_SVC].pending) {
+ val |= (1 << 15);
+ }
+ if (s->sec_vectors[ARMV7M_EXCP_MEM].enabled) {
+ val |= (1 << 16);
+ }
+ if (s->sec_vectors[ARMV7M_EXCP_USAGE].enabled) {
+ val |= (1 << 18);
+ }
+ if (s->sec_vectors[ARMV7M_EXCP_HARD].pending) {
+ val |= (1 << 21);
+ }
+ /* SecureFault is not banked but is always RAZ/WI to NS */
+ if (s->vectors[ARMV7M_EXCP_SECURE].active) {
+ val |= (1 << 4);
+ }
+ if (s->vectors[ARMV7M_EXCP_SECURE].enabled) {
+ val |= (1 << 19);
+ }
+ if (s->vectors[ARMV7M_EXCP_SECURE].pending) {
+ val |= (1 << 20);
+ }
+ } else {
+ if (s->vectors[ARMV7M_EXCP_MEM].active) {
+ val |= (1 << 0);
+ }
+ if (arm_feature(&cpu->env, ARM_FEATURE_V8)) {
+ /* HARDFAULTACT, HARDFAULTPENDED not present in v7M */
+ if (s->vectors[ARMV7M_EXCP_HARD].active) {
+ val |= (1 << 2);
+ }
+ if (s->vectors[ARMV7M_EXCP_HARD].pending) {
+ val |= (1 << 21);
+ }
+ }
+ if (s->vectors[ARMV7M_EXCP_USAGE].active) {
+ val |= (1 << 3);
+ }
+ if (s->vectors[ARMV7M_EXCP_SVC].active) {
+ val |= (1 << 7);
+ }
+ if (s->vectors[ARMV7M_EXCP_PENDSV].active) {
+ val |= (1 << 10);
+ }
+ if (s->vectors[ARMV7M_EXCP_SYSTICK].active) {
+ val |= (1 << 11);
+ }
+ if (s->vectors[ARMV7M_EXCP_USAGE].pending) {
+ val |= (1 << 12);
+ }
+ if (s->vectors[ARMV7M_EXCP_MEM].pending) {
+ val |= (1 << 13);
+ }
+ if (s->vectors[ARMV7M_EXCP_SVC].pending) {
+ val |= (1 << 15);
+ }
+ if (s->vectors[ARMV7M_EXCP_MEM].enabled) {
+ val |= (1 << 16);
+ }
+ if (s->vectors[ARMV7M_EXCP_USAGE].enabled) {
+ val |= (1 << 18);
+ }
}
- if (s->vectors[ARMV7M_EXCP_SVC].active) {
- val |= (1 << 7);
+ if (attrs.secure || (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
+ if (s->vectors[ARMV7M_EXCP_BUS].active) {
+ val |= (1 << 1);
+ }
+ if (s->vectors[ARMV7M_EXCP_BUS].pending) {
+ val |= (1 << 14);
+ }
+ if (s->vectors[ARMV7M_EXCP_BUS].enabled) {
+ val |= (1 << 17);
+ }
+ if (arm_feature(&cpu->env, ARM_FEATURE_V8) &&
+ s->vectors[ARMV7M_EXCP_NMI].active) {
+ /* NMIACT is not present in v7M */
+ val |= (1 << 5);
+ }
}
+
+ /* TODO: this is RAZ/WI from NS if DEMCR.SDME is set */
if (s->vectors[ARMV7M_EXCP_DEBUG].active) {
val |= (1 << 8);
}
- if (s->vectors[ARMV7M_EXCP_PENDSV].active) {
- val |= (1 << 10);
- }
- if (s->vectors[ARMV7M_EXCP_SYSTICK].active) {
- val |= (1 << 11);
- }
- if (s->vectors[ARMV7M_EXCP_USAGE].pending) {
- val |= (1 << 12);
- }
- if (s->vectors[ARMV7M_EXCP_MEM].pending) {
- val |= (1 << 13);
- }
- if (s->vectors[ARMV7M_EXCP_BUS].pending) {
- val |= (1 << 14);
- }
- if (s->vectors[ARMV7M_EXCP_SVC].pending) {
- val |= (1 << 15);
- }
- if (s->vectors[ARMV7M_EXCP_MEM].enabled) {
- val |= (1 << 16);
- }
- if (s->vectors[ARMV7M_EXCP_BUS].enabled) {
- val |= (1 << 17);
- }
- if (s->vectors[ARMV7M_EXCP_USAGE].enabled) {
- val |= (1 << 18);
- }
return val;
case 0xd28: /* Configurable Fault Status. */
/* The BFSR bits [15:8] are shared between security states
@@ -1061,21 +1128,71 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
cpu->env.v7m.ccr[attrs.secure] = value;
break;
- case 0xd24: /* System Handler Control. */
- s->vectors[ARMV7M_EXCP_MEM].active = (value & (1 << 0)) != 0;
- s->vectors[ARMV7M_EXCP_BUS].active = (value & (1 << 1)) != 0;
- s->vectors[ARMV7M_EXCP_USAGE].active = (value & (1 << 3)) != 0;
- s->vectors[ARMV7M_EXCP_SVC].active = (value & (1 << 7)) != 0;
+ case 0xd24: /* System Handler Control and State (SHCSR) */
+ if (attrs.secure) {
+ s->sec_vectors[ARMV7M_EXCP_MEM].active = (value & (1 << 0)) != 0;
+ /* Secure HardFault active bit cannot be written */
+ s->sec_vectors[ARMV7M_EXCP_USAGE].active = (value & (1 << 3)) != 0;
+ s->sec_vectors[ARMV7M_EXCP_SVC].active = (value & (1 << 7)) != 0;
+ s->sec_vectors[ARMV7M_EXCP_PENDSV].active =
+ (value & (1 << 10)) != 0;
+ s->sec_vectors[ARMV7M_EXCP_SYSTICK].active =
+ (value & (1 << 11)) != 0;
+ s->sec_vectors[ARMV7M_EXCP_USAGE].pending =
+ (value & (1 << 12)) != 0;
+ s->sec_vectors[ARMV7M_EXCP_MEM].pending = (value & (1 << 13)) != 0;
+ s->sec_vectors[ARMV7M_EXCP_SVC].pending = (value & (1 << 15)) != 0;
+ s->sec_vectors[ARMV7M_EXCP_MEM].enabled = (value & (1 << 16)) != 0;
+ s->sec_vectors[ARMV7M_EXCP_BUS].enabled = (value & (1 << 17)) != 0;
+ s->sec_vectors[ARMV7M_EXCP_USAGE].enabled =
+ (value & (1 << 18)) != 0;
+ /* SecureFault not banked, but RAZ/WI to NS */
+ s->vectors[ARMV7M_EXCP_SECURE].active = (value & (1 << 4)) != 0;
+ s->vectors[ARMV7M_EXCP_SECURE].enabled = (value & (1 << 19)) != 0;
+ s->vectors[ARMV7M_EXCP_SECURE].pending = (value & (1 << 20)) != 0;
+ } else {
+ s->vectors[ARMV7M_EXCP_MEM].active = (value & (1 << 0)) != 0;
+ if (arm_feature(&cpu->env, ARM_FEATURE_V8)) {
+ /* HARDFAULTPENDED is not present in v7M */
+ s->vectors[ARMV7M_EXCP_HARD].pending = (value & (1 << 21)) != 0;
+ }
+ s->vectors[ARMV7M_EXCP_USAGE].active = (value & (1 << 3)) != 0;
+ s->vectors[ARMV7M_EXCP_SVC].active = (value & (1 << 7)) != 0;
+ s->vectors[ARMV7M_EXCP_PENDSV].active = (value & (1 << 10)) != 0;
+ s->vectors[ARMV7M_EXCP_SYSTICK].active = (value & (1 << 11)) != 0;
+ s->vectors[ARMV7M_EXCP_USAGE].pending = (value & (1 << 12)) != 0;
+ s->vectors[ARMV7M_EXCP_MEM].pending = (value & (1 << 13)) != 0;
+ s->vectors[ARMV7M_EXCP_SVC].pending = (value & (1 << 15)) != 0;
+ s->vectors[ARMV7M_EXCP_MEM].enabled = (value & (1 << 16)) != 0;
+ s->vectors[ARMV7M_EXCP_USAGE].enabled = (value & (1 << 18)) != 0;
+ }
+ if (attrs.secure || (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
+ s->vectors[ARMV7M_EXCP_BUS].active = (value & (1 << 1)) != 0;
+ s->vectors[ARMV7M_EXCP_BUS].pending = (value & (1 << 14)) != 0;
+ s->vectors[ARMV7M_EXCP_BUS].enabled = (value & (1 << 17)) != 0;
+ }
+ /* NMIACT can only be written if the write is of a zero, with
+ * BFHFNMINS 1, and by the CPU in secure state via the NS alias.
+ */
+ if (!attrs.secure && cpu->env.v7m.secure &&
+ (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) &&
+ (value & (1 << 5)) == 0) {
+ s->vectors[ARMV7M_EXCP_NMI].active = 0;
+ }
+ /* HARDFAULTACT can only be written if the write is of a zero
+ * to the non-secure HardFault state by the CPU in secure state.
+ * The only case where we can be targeting the non-secure HF state
+ * when in secure state is if this is a write via the NS alias
+ * and BFHFNMINS is 1.
+ */
+ if (!attrs.secure && cpu->env.v7m.secure &&
+ (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) &&
+ (value & (1 << 2)) == 0) {
+ s->vectors[ARMV7M_EXCP_HARD].active = 0;
+ }
+
+ /* TODO: this is RAZ/WI from NS if DEMCR.SDME is set */
s->vectors[ARMV7M_EXCP_DEBUG].active = (value & (1 << 8)) != 0;
- s->vectors[ARMV7M_EXCP_PENDSV].active = (value & (1 << 10)) != 0;
- s->vectors[ARMV7M_EXCP_SYSTICK].active = (value & (1 << 11)) != 0;
- s->vectors[ARMV7M_EXCP_USAGE].pending = (value & (1 << 12)) != 0;
- s->vectors[ARMV7M_EXCP_MEM].pending = (value & (1 << 13)) != 0;
- s->vectors[ARMV7M_EXCP_BUS].pending = (value & (1 << 14)) != 0;
- s->vectors[ARMV7M_EXCP_SVC].pending = (value & (1 << 15)) != 0;
- s->vectors[ARMV7M_EXCP_MEM].enabled = (value & (1 << 16)) != 0;
- s->vectors[ARMV7M_EXCP_BUS].enabled = (value & (1 << 17)) != 0;
- s->vectors[ARMV7M_EXCP_USAGE].enabled = (value & (1 << 18)) != 0;
nvic_irq_update(s);
break;
case 0xd28: /* Configurable Fault Status. */
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 19/31] nvic: Support banked exceptions in acknowledge and complete
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (17 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 18/31] nvic: Make SHCSR " Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 20/31] target/arm: Remove out of date ARM ARM section references in A64 decoder Peter Maydell
` (12 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Update armv7m_nvic_acknowledge_irq() and armv7m_nvic_complete_irq()
to handle banked exceptions:
* acknowledge needs to use the correct vector, which may be
in sec_vectors[]
* acknowledge needs to return to its caller whether the
exception should be taken to secure or non-secure state
* complete needs its caller to tell it whether the exception
being completed is a secure one or not
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505240046-11454-20-git-send-email-peter.maydell@linaro.org
---
target/arm/cpu.h | 15 +++++++++++++--
hw/intc/armv7m_nvic.c | 26 ++++++++++++++++++++------
target/arm/helper.c | 8 +++++---
hw/intc/trace-events | 4 ++--
4 files changed, 40 insertions(+), 13 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c21c592..8afceca 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1476,18 +1476,29 @@ static inline bool armv7m_nvic_can_take_pending_exception(void *opaque)
* of architecturally banked exceptions.
*/
void armv7m_nvic_set_pending(void *opaque, int irq, bool secure);
-void armv7m_nvic_acknowledge_irq(void *opaque);
+/**
+ * armv7m_nvic_acknowledge_irq: make highest priority pending exception active
+ * @opaque: the NVIC
+ *
+ * Move the current highest priority pending exception from the pending
+ * state to the active state, and update v7m.exception to indicate that
+ * it is the exception currently being handled.
+ *
+ * Returns: true if exception should be taken to Secure state, false for NS
+ */
+bool armv7m_nvic_acknowledge_irq(void *opaque);
/**
* armv7m_nvic_complete_irq: complete specified interrupt or exception
* @opaque: the NVIC
* @irq: the exception number to complete
+ * @secure: true if this exception was secure
*
* Returns: -1 if the irq was not active
* 1 if completing this irq brought us back to base (no active irqs)
* 0 if there is still an irq active after this one was completed
* (Ignoring -1, this is the same as the RETTOBASE value before completion.)
*/
-int armv7m_nvic_complete_irq(void *opaque, int irq);
+int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure);
/**
* armv7m_nvic_raw_execution_priority: return the raw execution priority
* @opaque: the NVIC
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 19b0be1..d90d8d0 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -586,24 +586,32 @@ void armv7m_nvic_set_pending(void *opaque, int irq, bool secure)
}
/* Make pending IRQ active. */
-void armv7m_nvic_acknowledge_irq(void *opaque)
+bool armv7m_nvic_acknowledge_irq(void *opaque)
{
NVICState *s = (NVICState *)opaque;
CPUARMState *env = &s->cpu->env;
const int pending = s->vectpending;
const int running = nvic_exec_prio(s);
VecInfo *vec;
+ bool targets_secure;
assert(pending > ARMV7M_EXCP_RESET && pending < s->num_irq);
- vec = &s->vectors[pending];
+ if (s->vectpending_is_s_banked) {
+ vec = &s->sec_vectors[pending];
+ targets_secure = true;
+ } else {
+ vec = &s->vectors[pending];
+ targets_secure = !exc_is_banked(s->vectpending) &&
+ exc_targets_secure(s, s->vectpending);
+ }
assert(vec->enabled);
assert(vec->pending);
assert(s->vectpending_prio < running);
- trace_nvic_acknowledge_irq(pending, s->vectpending_prio);
+ trace_nvic_acknowledge_irq(pending, s->vectpending_prio, targets_secure);
vec->active = 1;
vec->pending = 0;
@@ -611,9 +619,11 @@ void armv7m_nvic_acknowledge_irq(void *opaque)
env->v7m.exception = s->vectpending;
nvic_irq_update(s);
+
+ return targets_secure;
}
-int armv7m_nvic_complete_irq(void *opaque, int irq)
+int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure)
{
NVICState *s = (NVICState *)opaque;
VecInfo *vec;
@@ -621,9 +631,13 @@ int armv7m_nvic_complete_irq(void *opaque, int irq)
assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq);
- vec = &s->vectors[irq];
+ if (secure && exc_is_banked(irq)) {
+ vec = &s->sec_vectors[irq];
+ } else {
+ vec = &s->vectors[irq];
+ }
- trace_nvic_complete_irq(irq);
+ trace_nvic_complete_irq(irq, secure);
if (!vec->active) {
/* Tell the caller this was an illegal exception return */
diff --git a/target/arm/helper.c b/target/arm/helper.c
index b64acd8..8be78ea 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6218,6 +6218,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
bool return_to_sp_process = false;
bool return_to_handler = false;
bool rettobase = false;
+ bool exc_secure = false;
/* We can only get here from an EXCP_EXCEPTION_EXIT, and
* gen_bx_excret() enforces the architectural rule
@@ -6256,16 +6257,17 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
* which security state's faultmask to clear. (v8M ARM ARM R_KBNF.)
*/
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
- int es = excret & R_V7M_EXCRET_ES_MASK;
+ exc_secure = excret & R_V7M_EXCRET_ES_MASK;
if (armv7m_nvic_raw_execution_priority(env->nvic) >= 0) {
- env->v7m.faultmask[es] = 0;
+ env->v7m.faultmask[exc_secure] = 0;
}
} else {
env->v7m.faultmask[M_REG_NS] = 0;
}
}
- switch (armv7m_nvic_complete_irq(env->nvic, env->v7m.exception)) {
+ switch (armv7m_nvic_complete_irq(env->nvic, env->v7m.exception,
+ exc_secure)) {
case -1:
/* attempt to exit an exception that isn't active */
ufault = true;
diff --git a/hw/intc/trace-events b/hw/intc/trace-events
index 29bd308..b86f242 100644
--- a/hw/intc/trace-events
+++ b/hw/intc/trace-events
@@ -176,8 +176,8 @@ nvic_escalate_disabled(int irq) "NVIC escalating irq %d to HardFault: disabled"
nvic_set_pending(int irq, bool secure, int en, int prio) "NVIC set pending irq %d secure-bank %d (enabled: %d priority %d)"
nvic_clear_pending(int irq, bool secure, int en, int prio) "NVIC clear pending irq %d secure-bank %d (enabled: %d priority %d)"
nvic_set_pending_level(int irq) "NVIC set pending: irq %d higher prio than vectpending: setting irq line to 1"
-nvic_acknowledge_irq(int irq, int prio) "NVIC acknowledge IRQ: %d now active (prio %d)"
-nvic_complete_irq(int irq) "NVIC complete IRQ %d"
+nvic_acknowledge_irq(int irq, int prio, bool targets_secure) "NVIC acknowledge IRQ: %d now active (prio %d targets_secure %d)"
+nvic_complete_irq(int irq, bool secure) "NVIC complete IRQ %d (secure %d)"
nvic_set_irq_level(int irq, int level) "NVIC external irq %d level set to %d"
nvic_sysreg_read(uint64_t addr, uint32_t value, unsigned size) "NVIC sysreg read addr 0x%" PRIx64 " data 0x%" PRIx32 " size %u"
nvic_sysreg_write(uint64_t addr, uint32_t value, unsigned size) "NVIC sysreg write addr 0x%" PRIx64 " data 0x%" PRIx32 " size %u"
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 20/31] target/arm: Remove out of date ARM ARM section references in A64 decoder
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (18 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 19/31] nvic: Support banked exceptions in acknowledge and complete Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 21/31] hw/arm/palm.c: Don't use old_mmio for static_ops Peter Maydell
` (11 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
In the A64 decoder, we have a lot of references to section numbers
from version A.a of the v8A ARM ARM (DDI0487). This version of the
document is now long obsolete (we are currently on revision B.a),
and various intervening versions renumbered all the sections.
The most recent B.a version of the document doesn't assign
section numbers at all to the individual instruction classes
in the way that the various A.x versions did. The simplest thing
to do is just to delete all the out of date C.x.x references.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20170915150849.23557-1-peter.maydell@linaro.org
---
target/arm/translate-a64.c | 227 +++++++++++++++++++++++----------------------
1 file changed, 114 insertions(+), 113 deletions(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 083568c..899ffb9 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1203,12 +1203,14 @@ static inline AArch64DecodeFn *lookup_disas_fn(const AArch64DecodeTable *table,
}
/*
- * the instruction disassembly implemented here matches
- * the instruction encoding classifications in chapter 3 (C3)
- * of the ARM Architecture Reference Manual (DDI0487A_a)
+ * The instruction disassembly implemented here matches
+ * the instruction encoding classifications in chapter C4
+ * of the ARM Architecture Reference Manual (DDI0487B_a);
+ * classification names and decode diagrams here should generally
+ * match up with those in the manual.
*/
-/* C3.2.7 Unconditional branch (immediate)
+/* Unconditional branch (immediate)
* 31 30 26 25 0
* +----+-----------+-------------------------------------+
* | op | 0 0 1 0 1 | imm26 |
@@ -1219,15 +1221,15 @@ static void disas_uncond_b_imm(DisasContext *s, uint32_t insn)
uint64_t addr = s->pc + sextract32(insn, 0, 26) * 4 - 4;
if (insn & (1U << 31)) {
- /* C5.6.26 BL Branch with link */
+ /* BL Branch with link */
tcg_gen_movi_i64(cpu_reg(s, 30), s->pc);
}
- /* C5.6.20 B Branch / C5.6.26 BL Branch with link */
+ /* B Branch / BL Branch with link */
gen_goto_tb(s, 0, addr);
}
-/* C3.2.1 Compare & branch (immediate)
+/* Compare and branch (immediate)
* 31 30 25 24 23 5 4 0
* +----+-------------+----+---------------------+--------+
* | sf | 0 1 1 0 1 0 | op | imm19 | Rt |
@@ -1256,7 +1258,7 @@ static void disas_comp_b_imm(DisasContext *s, uint32_t insn)
gen_goto_tb(s, 1, addr);
}
-/* C3.2.5 Test & branch (immediate)
+/* Test and branch (immediate)
* 31 30 25 24 23 19 18 5 4 0
* +----+-------------+----+-------+-------------+------+
* | b5 | 0 1 1 0 1 1 | op | b40 | imm14 | Rt |
@@ -1285,7 +1287,7 @@ static void disas_test_b_imm(DisasContext *s, uint32_t insn)
gen_goto_tb(s, 1, addr);
}
-/* C3.2.2 / C5.6.19 Conditional branch (immediate)
+/* Conditional branch (immediate)
* 31 25 24 23 5 4 3 0
* +---------------+----+---------------------+----+------+
* | 0 1 0 1 0 1 0 | o1 | imm19 | o0 | cond |
@@ -1316,7 +1318,7 @@ static void disas_cond_b_imm(DisasContext *s, uint32_t insn)
}
}
-/* C5.6.68 HINT */
+/* HINT instruction group, including various allocated HINTs */
static void handle_hint(DisasContext *s, uint32_t insn,
unsigned int op1, unsigned int op2, unsigned int crm)
{
@@ -1401,7 +1403,7 @@ static void handle_sync(DisasContext *s, uint32_t insn,
}
}
-/* C5.6.130 MSR (immediate) - move immediate to processor state field */
+/* MSR (immediate) - move immediate to processor state field */
static void handle_msr_i(DisasContext *s, uint32_t insn,
unsigned int op1, unsigned int op2, unsigned int crm)
{
@@ -1477,10 +1479,10 @@ static void gen_set_nzcv(TCGv_i64 tcg_rt)
tcg_temp_free_i32(nzcv);
}
-/* C5.6.129 MRS - move from system register
- * C5.6.131 MSR (register) - move to system register
- * C5.6.204 SYS
- * C5.6.205 SYSL
+/* MRS - move from system register
+ * MSR (register) - move to system register
+ * SYS
+ * SYSL
* These are all essentially the same insn in 'read' and 'write'
* versions, with varying op0 fields.
*/
@@ -1603,7 +1605,7 @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
}
}
-/* C3.2.4 System
+/* System
* 31 22 21 20 19 18 16 15 12 11 8 7 5 4 0
* +---------------------+---+-----+-----+-------+-------+-----+------+
* | 1 1 0 1 0 1 0 1 0 0 | L | op0 | op1 | CRn | CRm | op2 | Rt |
@@ -1626,13 +1628,13 @@ static void disas_system(DisasContext *s, uint32_t insn)
return;
}
switch (crn) {
- case 2: /* C5.6.68 HINT */
+ case 2: /* HINT (including allocated hints like NOP, YIELD, etc) */
handle_hint(s, insn, op1, op2, crm);
break;
case 3: /* CLREX, DSB, DMB, ISB */
handle_sync(s, insn, op1, op2, crm);
break;
- case 4: /* C5.6.130 MSR (immediate) */
+ case 4: /* MSR (immediate) */
handle_msr_i(s, insn, op1, op2, crm);
break;
default:
@@ -1644,7 +1646,7 @@ static void disas_system(DisasContext *s, uint32_t insn)
handle_sys(s, insn, l, op0, op1, op2, crn, crm, rt);
}
-/* C3.2.3 Exception generation
+/* Exception generation
*
* 31 24 23 21 20 5 4 2 1 0
* +-----------------+-----+------------------------+-----+----+
@@ -1751,7 +1753,7 @@ static void disas_exc(DisasContext *s, uint32_t insn)
}
}
-/* C3.2.7 Unconditional branch (register)
+/* Unconditional branch (register)
* 31 25 24 21 20 16 15 10 9 5 4 0
* +---------------+-------+-------+-------+------+-------+
* | 1 1 0 1 0 1 1 | opc | op2 | op3 | Rn | op4 |
@@ -1806,7 +1808,7 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
s->base.is_jmp = DISAS_JUMP;
}
-/* C3.2 Branches, exception generating and system instructions */
+/* Branches, exception generating and system instructions */
static void disas_b_exc_sys(DisasContext *s, uint32_t insn)
{
switch (extract32(insn, 25, 7)) {
@@ -1966,7 +1968,7 @@ static bool disas_ldst_compute_iss_sf(int size, bool is_signed, int opc)
return regsize == 64;
}
-/* C3.3.6 Load/store exclusive
+/* Load/store exclusive
*
* 31 30 29 24 23 22 21 20 16 15 14 10 9 5 4 0
* +-----+-------------+----+---+----+------+----+-------+------+------+
@@ -2043,7 +2045,7 @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
}
/*
- * C3.3.5 Load register (literal)
+ * Load register (literal)
*
* 31 30 29 27 26 25 24 23 5 4 0
* +-----+-------+---+-----+-------------------+-------+
@@ -2099,15 +2101,15 @@ static void disas_ld_lit(DisasContext *s, uint32_t insn)
}
/*
- * C5.6.80 LDNP (Load Pair - non-temporal hint)
- * C5.6.81 LDP (Load Pair - non vector)
- * C5.6.82 LDPSW (Load Pair Signed Word - non vector)
- * C5.6.176 STNP (Store Pair - non-temporal hint)
- * C5.6.177 STP (Store Pair - non vector)
- * C6.3.165 LDNP (Load Pair of SIMD&FP - non-temporal hint)
- * C6.3.165 LDP (Load Pair of SIMD&FP)
- * C6.3.284 STNP (Store Pair of SIMD&FP - non-temporal hint)
- * C6.3.284 STP (Store Pair of SIMD&FP)
+ * LDNP (Load Pair - non-temporal hint)
+ * LDP (Load Pair - non vector)
+ * LDPSW (Load Pair Signed Word - non vector)
+ * STNP (Store Pair - non-temporal hint)
+ * STP (Store Pair - non vector)
+ * LDNP (Load Pair of SIMD&FP - non-temporal hint)
+ * LDP (Load Pair of SIMD&FP)
+ * STNP (Store Pair of SIMD&FP - non-temporal hint)
+ * STP (Store Pair of SIMD&FP)
*
* 31 30 29 27 26 25 24 23 22 21 15 14 10 9 5 4 0
* +-----+-------+---+---+-------+---+-----------------------------+
@@ -2253,9 +2255,9 @@ static void disas_ldst_pair(DisasContext *s, uint32_t insn)
}
/*
- * C3.3.8 Load/store (immediate post-indexed)
- * C3.3.9 Load/store (immediate pre-indexed)
- * C3.3.12 Load/store (unscaled immediate)
+ * Load/store (immediate post-indexed)
+ * Load/store (immediate pre-indexed)
+ * Load/store (unscaled immediate)
*
* 31 30 29 27 26 25 24 23 22 21 20 12 11 10 9 5 4 0
* +----+-------+---+-----+-----+---+--------+-----+------+------+
@@ -2371,7 +2373,7 @@ static void disas_ldst_reg_imm9(DisasContext *s, uint32_t insn,
}
/*
- * C3.3.10 Load/store (register offset)
+ * Load/store (register offset)
*
* 31 30 29 27 26 25 24 23 22 21 20 16 15 13 12 11 10 9 5 4 0
* +----+-------+---+-----+-----+---+------+-----+--+-----+----+----+
@@ -2468,7 +2470,7 @@ static void disas_ldst_reg_roffset(DisasContext *s, uint32_t insn,
}
/*
- * C3.3.13 Load/store (unsigned immediate)
+ * Load/store (unsigned immediate)
*
* 31 30 29 27 26 25 24 23 22 21 10 9 5
* +----+-------+---+-----+-----+------------+-------+------+
@@ -2579,14 +2581,14 @@ static void disas_ldst_reg(DisasContext *s, uint32_t insn)
}
}
-/* C3.3.1 AdvSIMD load/store multiple structures
+/* AdvSIMD load/store multiple structures
*
* 31 30 29 23 22 21 16 15 12 11 10 9 5 4 0
* +---+---+---------------+---+-------------+--------+------+------+------+
* | 0 | Q | 0 0 1 1 0 0 0 | L | 0 0 0 0 0 0 | opcode | size | Rn | Rt |
* +---+---+---------------+---+-------------+--------+------+------+------+
*
- * C3.3.2 AdvSIMD load/store multiple structures (post-indexed)
+ * AdvSIMD load/store multiple structures (post-indexed)
*
* 31 30 29 23 22 21 20 16 15 12 11 10 9 5 4 0
* +---+---+---------------+---+---+---------+--------+------+------+------+
@@ -2711,14 +2713,14 @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
tcg_temp_free_i64(tcg_addr);
}
-/* C3.3.3 AdvSIMD load/store single structure
+/* AdvSIMD load/store single structure
*
* 31 30 29 23 22 21 20 16 15 13 12 11 10 9 5 4 0
* +---+---+---------------+-----+-----------+-----+---+------+------+------+
* | 0 | Q | 0 0 1 1 0 1 0 | L R | 0 0 0 0 0 | opc | S | size | Rn | Rt |
* +---+---+---------------+-----+-----------+-----+---+------+------+------+
*
- * C3.3.4 AdvSIMD load/store single structure (post-indexed)
+ * AdvSIMD load/store single structure (post-indexed)
*
* 31 30 29 23 22 21 20 16 15 13 12 11 10 9 5 4 0
* +---+---+---------------+-----+-----------+-----+---+------+------+------+
@@ -2861,7 +2863,7 @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
tcg_temp_free_i64(tcg_addr);
}
-/* C3.3 Loads and stores */
+/* Loads and stores */
static void disas_ldst(DisasContext *s, uint32_t insn)
{
switch (extract32(insn, 24, 6)) {
@@ -2891,7 +2893,7 @@ static void disas_ldst(DisasContext *s, uint32_t insn)
}
}
-/* C3.4.6 PC-rel. addressing
+/* PC-rel. addressing
* 31 30 29 28 24 23 5 4 0
* +----+-------+-----------+-------------------+------+
* | op | immlo | 1 0 0 0 0 | immhi | Rd |
@@ -2920,7 +2922,7 @@ static void disas_pc_rel_adr(DisasContext *s, uint32_t insn)
}
/*
- * C3.4.1 Add/subtract (immediate)
+ * Add/subtract (immediate)
*
* 31 30 29 28 24 23 22 21 10 9 5 4 0
* +--+--+--+-----------+-----+-------------+-----+-----+
@@ -3070,7 +3072,7 @@ static bool logic_imm_decode_wmask(uint64_t *result, unsigned int immn,
return true;
}
-/* C3.4.4 Logical (immediate)
+/* Logical (immediate)
* 31 30 29 28 23 22 21 16 15 10 9 5 4 0
* +----+-----+-------------+---+------+------+------+------+
* | sf | opc | 1 0 0 1 0 0 | N | immr | imms | Rn | Rd |
@@ -3143,7 +3145,7 @@ static void disas_logic_imm(DisasContext *s, uint32_t insn)
}
/*
- * C3.4.5 Move wide (immediate)
+ * Move wide (immediate)
*
* 31 30 29 28 23 22 21 20 5 4 0
* +--+-----+-------------+-----+----------------+------+
@@ -3195,7 +3197,7 @@ static void disas_movw_imm(DisasContext *s, uint32_t insn)
}
}
-/* C3.4.2 Bitfield
+/* Bitfield
* 31 30 29 28 23 22 21 16 15 10 9 5 4 0
* +----+-----+-------------+---+------+------+------+------+
* | sf | opc | 1 0 0 1 1 0 | N | immr | imms | Rn | Rd |
@@ -3273,7 +3275,7 @@ static void disas_bitfield(DisasContext *s, uint32_t insn)
}
}
-/* C3.4.3 Extract
+/* Extract
* 31 30 29 28 23 22 21 20 16 15 10 9 5 4 0
* +----+------+-------------+---+----+------+--------+------+------+
* | sf | op21 | 1 0 0 1 1 1 | N | o0 | Rm | imms | Rn | Rd |
@@ -3333,7 +3335,7 @@ static void disas_extract(DisasContext *s, uint32_t insn)
}
}
-/* C3.4 Data processing - immediate */
+/* Data processing - immediate */
static void disas_data_proc_imm(DisasContext *s, uint32_t insn)
{
switch (extract32(insn, 23, 6)) {
@@ -3427,7 +3429,7 @@ static void shift_reg_imm(TCGv_i64 dst, TCGv_i64 src, int sf,
}
}
-/* C3.5.10 Logical (shifted register)
+/* Logical (shifted register)
* 31 30 29 28 24 23 22 21 20 16 15 10 9 5 4 0
* +----+-----+-----------+-------+---+------+--------+------+------+
* | sf | opc | 0 1 0 1 0 | shift | N | Rm | imm6 | Rn | Rd |
@@ -3518,7 +3520,7 @@ static void disas_logic_reg(DisasContext *s, uint32_t insn)
}
/*
- * C3.5.1 Add/subtract (extended register)
+ * Add/subtract (extended register)
*
* 31|30|29|28 24|23 22|21|20 16|15 13|12 10|9 5|4 0|
* +--+--+--+-----------+-----+--+-------+------+------+----+----+
@@ -3591,7 +3593,7 @@ static void disas_add_sub_ext_reg(DisasContext *s, uint32_t insn)
}
/*
- * C3.5.2 Add/subtract (shifted register)
+ * Add/subtract (shifted register)
*
* 31 30 29 28 24 23 22 21 20 16 15 10 9 5 4 0
* +--+--+--+-----------+-----+--+-------+---------+------+------+
@@ -3654,13 +3656,12 @@ static void disas_add_sub_reg(DisasContext *s, uint32_t insn)
tcg_temp_free_i64(tcg_result);
}
-/* C3.5.9 Data-processing (3 source)
-
- 31 30 29 28 24 23 21 20 16 15 14 10 9 5 4 0
- +--+------+-----------+------+------+----+------+------+------+
- |sf| op54 | 1 1 0 1 1 | op31 | Rm | o0 | Ra | Rn | Rd |
- +--+------+-----------+------+------+----+------+------+------+
-
+/* Data-processing (3 source)
+ *
+ * 31 30 29 28 24 23 21 20 16 15 14 10 9 5 4 0
+ * +--+------+-----------+------+------+----+------+------+------+
+ * |sf| op54 | 1 1 0 1 1 | op31 | Rm | o0 | Ra | Rn | Rd |
+ * +--+------+-----------+------+------+----+------+------+------+
*/
static void disas_data_proc_3src(DisasContext *s, uint32_t insn)
{
@@ -3753,7 +3754,7 @@ static void disas_data_proc_3src(DisasContext *s, uint32_t insn)
tcg_temp_free_i64(tcg_tmp);
}
-/* C3.5.3 - Add/subtract (with carry)
+/* Add/subtract (with carry)
* 31 30 29 28 27 26 25 24 23 22 21 20 16 15 10 9 5 4 0
* +--+--+--+------------------------+------+---------+------+-----+
* |sf|op| S| 1 1 0 1 0 0 0 0 | rm | opcode2 | Rn | Rd |
@@ -3795,7 +3796,7 @@ static void disas_adc_sbc(DisasContext *s, uint32_t insn)
}
}
-/* C3.5.4 - C3.5.5 Conditional compare (immediate / register)
+/* Conditional compare (immediate / register)
* 31 30 29 28 27 26 25 24 23 22 21 20 16 15 12 11 10 9 5 4 3 0
* +--+--+--+------------------------+--------+------+----+--+------+--+-----+
* |sf|op| S| 1 1 0 1 0 0 1 0 |imm5/rm | cond |i/r |o2| Rn |o3|nzcv |
@@ -3900,7 +3901,7 @@ static void disas_cc(DisasContext *s, uint32_t insn)
tcg_temp_free_i32(tcg_t2);
}
-/* C3.5.6 Conditional select
+/* Conditional select
* 31 30 29 28 21 20 16 15 12 11 10 9 5 4 0
* +----+----+---+-----------------+------+------+-----+------+------+
* | sf | op | S | 1 1 0 1 0 1 0 0 | Rm | cond | op2 | Rn | Rd |
@@ -4011,7 +4012,7 @@ static void handle_rbit(DisasContext *s, unsigned int sf,
}
}
-/* C5.6.149 REV with sf==1, opcode==3 ("REV64") */
+/* REV with sf==1, opcode==3 ("REV64") */
static void handle_rev64(DisasContext *s, unsigned int sf,
unsigned int rn, unsigned int rd)
{
@@ -4022,8 +4023,8 @@ static void handle_rev64(DisasContext *s, unsigned int sf,
tcg_gen_bswap64_i64(cpu_reg(s, rd), cpu_reg(s, rn));
}
-/* C5.6.149 REV with sf==0, opcode==2
- * C5.6.151 REV32 (sf==1, opcode==2)
+/* REV with sf==0, opcode==2
+ * REV32 (sf==1, opcode==2)
*/
static void handle_rev32(DisasContext *s, unsigned int sf,
unsigned int rn, unsigned int rd)
@@ -4048,7 +4049,7 @@ static void handle_rev32(DisasContext *s, unsigned int sf,
}
}
-/* C5.6.150 REV16 (opcode==1) */
+/* REV16 (opcode==1) */
static void handle_rev16(DisasContext *s, unsigned int sf,
unsigned int rn, unsigned int rd)
{
@@ -4067,7 +4068,7 @@ static void handle_rev16(DisasContext *s, unsigned int sf,
tcg_temp_free_i64(tcg_tmp);
}
-/* C3.5.7 Data-processing (1 source)
+/* Data-processing (1 source)
* 31 30 29 28 21 20 16 15 10 9 5 4 0
* +----+---+---+-----------------+---------+--------+------+------+
* | sf | 1 | S | 1 1 0 1 0 1 1 0 | opcode2 | opcode | Rn | Rd |
@@ -4136,7 +4137,7 @@ static void handle_div(DisasContext *s, bool is_signed, unsigned int sf,
}
}
-/* C5.6.115 LSLV, C5.6.118 LSRV, C5.6.17 ASRV, C5.6.154 RORV */
+/* LSLV, LSRV, ASRV, RORV */
static void handle_shift_reg(DisasContext *s,
enum a64_shift_type shift_type, unsigned int sf,
unsigned int rm, unsigned int rn, unsigned int rd)
@@ -4198,7 +4199,7 @@ static void handle_crc32(DisasContext *s,
tcg_temp_free_i32(tcg_bytes);
}
-/* C3.5.8 Data-processing (2 source)
+/* Data-processing (2 source)
* 31 30 29 28 21 20 16 15 10 9 5 4 0
* +----+---+---+-----------------+------+--------+------+------+
* | sf | 0 | S | 1 1 0 1 0 1 1 0 | Rm | opcode | Rn | Rd |
@@ -4257,7 +4258,7 @@ static void disas_data_proc_2src(DisasContext *s, uint32_t insn)
}
}
-/* C3.5 Data processing - register */
+/* Data processing - register */
static void disas_data_proc_reg(DisasContext *s, uint32_t insn)
{
switch (extract32(insn, 24, 5)) {
@@ -4351,7 +4352,7 @@ static void handle_fp_compare(DisasContext *s, bool is_double,
tcg_temp_free_i64(tcg_flags);
}
-/* C3.6.22 Floating point compare
+/* Floating point compare
* 31 30 29 28 24 23 22 21 20 16 15 14 13 10 9 5 4 0
* +---+---+---+-----------+------+---+------+-----+---------+------+-------+
* | M | 0 | S | 1 1 1 1 0 | type | 1 | Rm | op | 1 0 0 0 | Rn | op2 |
@@ -4381,7 +4382,7 @@ static void disas_fp_compare(DisasContext *s, uint32_t insn)
handle_fp_compare(s, type, rn, rm, opc & 1, opc & 2);
}
-/* C3.6.23 Floating point conditional compare
+/* Floating point conditional compare
* 31 30 29 28 24 23 22 21 20 16 15 12 11 10 9 5 4 3 0
* +---+---+---+-----------+------+---+------+------+-----+------+----+------+
* | M | 0 | S | 1 1 1 1 0 | type | 1 | Rm | cond | 0 1 | Rn | op | nzcv |
@@ -4429,7 +4430,7 @@ static void disas_fp_ccomp(DisasContext *s, uint32_t insn)
}
}
-/* C3.6.24 Floating point conditional select
+/* Floating point conditional select
* 31 30 29 28 24 23 22 21 20 16 15 12 11 10 9 5 4 0
* +---+---+---+-----------+------+---+------+------+-----+------+------+
* | M | 0 | S | 1 1 1 1 0 | type | 1 | Rm | cond | 1 1 | Rn | Rd |
@@ -4476,7 +4477,7 @@ static void disas_fp_csel(DisasContext *s, uint32_t insn)
tcg_temp_free_i64(t_true);
}
-/* C3.6.25 Floating-point data-processing (1 source) - single precision */
+/* Floating-point data-processing (1 source) - single precision */
static void handle_fp_1src_single(DisasContext *s, int opcode, int rd, int rn)
{
TCGv_ptr fpst;
@@ -4532,7 +4533,7 @@ static void handle_fp_1src_single(DisasContext *s, int opcode, int rd, int rn)
tcg_temp_free_i32(tcg_res);
}
-/* C3.6.25 Floating-point data-processing (1 source) - double precision */
+/* Floating-point data-processing (1 source) - double precision */
static void handle_fp_1src_double(DisasContext *s, int opcode, int rd, int rn)
{
TCGv_ptr fpst;
@@ -4654,7 +4655,7 @@ static void handle_fp_fcvt(DisasContext *s, int opcode,
}
}
-/* C3.6.25 Floating point data-processing (1 source)
+/* Floating point data-processing (1 source)
* 31 30 29 28 24 23 22 21 20 15 14 10 9 5 4 0
* +---+---+---+-----------+------+---+--------+-----------+------+------+
* | M | 0 | S | 1 1 1 1 0 | type | 1 | opcode | 1 0 0 0 0 | Rn | Rd |
@@ -4712,7 +4713,7 @@ static void disas_fp_1src(DisasContext *s, uint32_t insn)
}
}
-/* C3.6.26 Floating-point data-processing (2 source) - single precision */
+/* Floating-point data-processing (2 source) - single precision */
static void handle_fp_2src_single(DisasContext *s, int opcode,
int rd, int rn, int rm)
{
@@ -4765,7 +4766,7 @@ static void handle_fp_2src_single(DisasContext *s, int opcode,
tcg_temp_free_i32(tcg_res);
}
-/* C3.6.26 Floating-point data-processing (2 source) - double precision */
+/* Floating-point data-processing (2 source) - double precision */
static void handle_fp_2src_double(DisasContext *s, int opcode,
int rd, int rn, int rm)
{
@@ -4818,7 +4819,7 @@ static void handle_fp_2src_double(DisasContext *s, int opcode,
tcg_temp_free_i64(tcg_res);
}
-/* C3.6.26 Floating point data-processing (2 source)
+/* Floating point data-processing (2 source)
* 31 30 29 28 24 23 22 21 20 16 15 12 11 10 9 5 4 0
* +---+---+---+-----------+------+---+------+--------+-----+------+------+
* | M | 0 | S | 1 1 1 1 0 | type | 1 | Rm | opcode | 1 0 | Rn | Rd |
@@ -4855,7 +4856,7 @@ static void disas_fp_2src(DisasContext *s, uint32_t insn)
}
}
-/* C3.6.27 Floating-point data-processing (3 source) - single precision */
+/* Floating-point data-processing (3 source) - single precision */
static void handle_fp_3src_single(DisasContext *s, bool o0, bool o1,
int rd, int rn, int rm, int ra)
{
@@ -4893,7 +4894,7 @@ static void handle_fp_3src_single(DisasContext *s, bool o0, bool o1,
tcg_temp_free_i32(tcg_res);
}
-/* C3.6.27 Floating-point data-processing (3 source) - double precision */
+/* Floating-point data-processing (3 source) - double precision */
static void handle_fp_3src_double(DisasContext *s, bool o0, bool o1,
int rd, int rn, int rm, int ra)
{
@@ -4931,7 +4932,7 @@ static void handle_fp_3src_double(DisasContext *s, bool o0, bool o1,
tcg_temp_free_i64(tcg_res);
}
-/* C3.6.27 Floating point data-processing (3 source)
+/* Floating point data-processing (3 source)
* 31 30 29 28 24 23 22 21 20 16 15 14 10 9 5 4 0
* +---+---+---+-----------+------+----+------+----+------+------+------+
* | M | 0 | S | 1 1 1 1 1 | type | o1 | Rm | o0 | Ra | Rn | Rd |
@@ -4965,7 +4966,7 @@ static void disas_fp_3src(DisasContext *s, uint32_t insn)
}
}
-/* C3.6.28 Floating point immediate
+/* Floating point immediate
* 31 30 29 28 24 23 22 21 20 13 12 10 9 5 4 0
* +---+---+---+-----------+------+---+------------+-------+------+------+
* | M | 0 | S | 1 1 1 1 0 | type | 1 | imm8 | 1 0 0 | imm5 | Rd |
@@ -5136,7 +5137,7 @@ static void handle_fpfpcvt(DisasContext *s, int rd, int rn, int opcode,
tcg_temp_free_i32(tcg_shift);
}
-/* C3.6.29 Floating point <-> fixed point conversions
+/* Floating point <-> fixed point conversions
* 31 30 29 28 24 23 22 21 20 19 18 16 15 10 9 5 4 0
* +----+---+---+-----------+------+---+-------+--------+-------+------+------+
* | sf | 0 | S | 1 1 1 1 0 | type | 0 | rmode | opcode | scale | Rn | Rd |
@@ -5236,7 +5237,7 @@ static void handle_fmov(DisasContext *s, int rd, int rn, int type, bool itof)
}
}
-/* C3.6.30 Floating point <-> integer conversions
+/* Floating point <-> integer conversions
* 31 30 29 28 24 23 22 21 20 19 18 16 15 10 9 5 4 0
* +----+---+---+-----------+------+---+-------+-----+-------------+----+----+
* | sf | 0 | S | 1 1 1 1 0 | type | 1 | rmode | opc | 0 0 0 0 0 0 | Rn | Rd |
@@ -5371,7 +5372,7 @@ static void do_ext64(DisasContext *s, TCGv_i64 tcg_left, TCGv_i64 tcg_right,
tcg_temp_free_i64(tcg_tmp);
}
-/* C3.6.1 EXT
+/* EXT
* 31 30 29 24 23 22 21 20 16 15 14 11 10 9 5 4 0
* +---+---+-------------+-----+---+------+---+------+---+------+------+
* | 0 | Q | 1 0 1 1 1 0 | op2 | 0 | Rm | 0 | imm4 | 0 | Rn | Rd |
@@ -5444,7 +5445,7 @@ static void disas_simd_ext(DisasContext *s, uint32_t insn)
tcg_temp_free_i64(tcg_resh);
}
-/* C3.6.2 TBL/TBX
+/* TBL/TBX
* 31 30 29 24 23 22 21 20 16 15 14 13 12 11 10 9 5 4 0
* +---+---+-------------+-----+---+------+---+-----+----+-----+------+------+
* | 0 | Q | 0 0 1 1 1 0 | op2 | 0 | Rm | 0 | len | op | 0 0 | Rn | Rd |
@@ -5512,7 +5513,7 @@ static void disas_simd_tb(DisasContext *s, uint32_t insn)
tcg_temp_free_i64(tcg_resh);
}
-/* C3.6.3 ZIP/UZP/TRN
+/* ZIP/UZP/TRN
* 31 30 29 24 23 22 21 20 16 15 14 12 11 10 9 5 4 0
* +---+---+-------------+------+---+------+---+------------------+------+
* | 0 | Q | 0 0 1 1 1 0 | size | 0 | Rm | 0 | opc | 1 0 | Rn | Rd |
@@ -5624,7 +5625,7 @@ static void do_minmaxop(DisasContext *s, TCGv_i32 tcg_elt1, TCGv_i32 tcg_elt2,
}
}
-/* C3.6.4 AdvSIMD across lanes
+/* AdvSIMD across lanes
* 31 30 29 28 24 23 22 21 17 16 12 11 10 9 5 4 0
* +---+---+---+-----------+------+-----------+--------+-----+------+------+
* | 0 | Q | U | 0 1 1 1 0 | size | 1 1 0 0 0 | opcode | 1 0 | Rn | Rd |
@@ -5791,7 +5792,7 @@ static void disas_simd_across_lanes(DisasContext *s, uint32_t insn)
tcg_temp_free_i64(tcg_res);
}
-/* C6.3.31 DUP (Element, Vector)
+/* DUP (Element, Vector)
*
* 31 30 29 21 20 16 15 10 9 5 4 0
* +---+---+-------------------+--------+-------------+------+------+
@@ -5834,7 +5835,7 @@ static void handle_simd_dupe(DisasContext *s, int is_q, int rd, int rn,
tcg_temp_free_i64(tmp);
}
-/* C6.3.31 DUP (element, scalar)
+/* DUP (element, scalar)
* 31 21 20 16 15 10 9 5 4 0
* +-----------------------+--------+-------------+------+------+
* | 0 1 0 1 1 1 1 0 0 0 0 | imm5 | 0 0 0 0 0 1 | Rn | Rd |
@@ -5867,7 +5868,7 @@ static void handle_simd_dupes(DisasContext *s, int rd, int rn,
tcg_temp_free_i64(tmp);
}
-/* C6.3.32 DUP (General)
+/* DUP (General)
*
* 31 30 29 21 20 16 15 10 9 5 4 0
* +---+---+-------------------+--------+-------------+------+------+
@@ -5901,7 +5902,7 @@ static void handle_simd_dupg(DisasContext *s, int is_q, int rd, int rn,
}
}
-/* C6.3.150 INS (Element)
+/* INS (Element)
*
* 31 21 20 16 15 14 11 10 9 5 4 0
* +-----------------------+--------+------------+---+------+------+
@@ -5939,7 +5940,7 @@ static void handle_simd_inse(DisasContext *s, int rd, int rn,
}
-/* C6.3.151 INS (General)
+/* INS (General)
*
* 31 21 20 16 15 10 9 5 4 0
* +-----------------------+--------+-------------+------+------+
@@ -5968,8 +5969,8 @@ static void handle_simd_insg(DisasContext *s, int rd, int rn, int imm5)
}
/*
- * C6.3.321 UMOV (General)
- * C6.3.237 SMOV (General)
+ * UMOV (General)
+ * SMOV (General)
*
* 31 30 29 21 20 16 15 12 10 9 5 4 0
* +---+---+-------------------+--------+-------------+------+------+
@@ -6014,7 +6015,7 @@ static void handle_simd_umov_smov(DisasContext *s, int is_q, int is_signed,
}
}
-/* C3.6.5 AdvSIMD copy
+/* AdvSIMD copy
* 31 30 29 28 21 20 16 15 14 11 10 9 5 4 0
* +---+---+----+-----------------+------+---+------+---+------+------+
* | 0 | Q | op | 0 1 1 1 0 0 0 0 | imm5 | 0 | imm4 | 1 | Rn | Rd |
@@ -6066,7 +6067,7 @@ static void disas_simd_copy(DisasContext *s, uint32_t insn)
}
}
-/* C3.6.6 AdvSIMD modified immediate
+/* AdvSIMD modified immediate
* 31 30 29 28 19 18 16 15 12 11 10 9 5 4 0
* +---+---+----+---------------------+-----+-------+----+---+-------+------+
* | 0 | Q | op | 0 1 1 1 1 0 0 0 0 0 | abc | cmode | o2 | 1 | defgh | Rd |
@@ -6199,7 +6200,7 @@ static void disas_simd_mod_imm(DisasContext *s, uint32_t insn)
tcg_temp_free_i64(tcg_imm);
}
-/* C3.6.7 AdvSIMD scalar copy
+/* AdvSIMD scalar copy
* 31 30 29 28 21 20 16 15 14 11 10 9 5 4 0
* +-----+----+-----------------+------+---+------+---+------+------+
* | 0 1 | op | 1 1 1 1 0 0 0 0 | imm5 | 0 | imm4 | 1 | Rn | Rd |
@@ -6222,7 +6223,7 @@ static void disas_simd_scalar_copy(DisasContext *s, uint32_t insn)
handle_simd_dupes(s, rd, rn, imm5);
}
-/* C3.6.8 AdvSIMD scalar pairwise
+/* AdvSIMD scalar pairwise
* 31 30 29 28 24 23 22 21 17 16 12 11 10 9 5 4 0
* +-----+---+-----------+------+-----------+--------+-----+------+------+
* | 0 1 | U | 1 1 1 1 0 | size | 1 1 0 0 0 | opcode | 1 0 | Rn | Rd |
@@ -6948,7 +6949,7 @@ static void handle_simd_shift_fpint_conv(DisasContext *s, bool is_scalar,
tcg_temp_free_i32(tcg_rmode);
}
-/* C3.6.9 AdvSIMD scalar shift by immediate
+/* AdvSIMD scalar shift by immediate
* 31 30 29 28 23 22 19 18 16 15 11 10 9 5 4 0
* +-----+---+-------------+------+------+--------+---+------+------+
* | 0 1 | U | 1 1 1 1 1 0 | immh | immb | opcode | 1 | Rn | Rd |
@@ -7023,7 +7024,7 @@ static void disas_simd_scalar_shift_imm(DisasContext *s, uint32_t insn)
}
}
-/* C3.6.10 AdvSIMD scalar three different
+/* AdvSIMD scalar three different
* 31 30 29 28 24 23 22 21 20 16 15 12 11 10 9 5 4 0
* +-----+---+-----------+------+---+------+--------+-----+------+------+
* | 0 1 | U | 1 1 1 1 0 | size | 1 | Rm | opcode | 0 0 | Rn | Rd |
@@ -7410,7 +7411,7 @@ static void handle_3same_float(DisasContext *s, int size, int elements,
}
}
-/* C3.6.11 AdvSIMD scalar three same
+/* AdvSIMD scalar three same
* 31 30 29 28 24 23 22 21 20 16 15 11 10 9 5 4 0
* +-----+---+-----------+------+---+------+--------+---+------+------+
* | 0 1 | U | 1 1 1 1 0 | size | 1 | Rm | opcode | 1 | Rn | Rd |
@@ -8079,7 +8080,7 @@ static void handle_2misc_satacc(DisasContext *s, bool is_scalar, bool is_u,
}
}
-/* C3.6.12 AdvSIMD scalar two reg misc
+/* AdvSIMD scalar two reg misc
* 31 30 29 28 24 23 22 21 17 16 12 11 10 9 5 4 0
* +-----+---+-----------+------+-----------+--------+-----+------+------+
* | 0 1 | U | 1 1 1 1 0 | size | 1 0 0 0 0 | opcode | 1 0 | Rn | Rd |
@@ -8507,7 +8508,7 @@ static void handle_vec_simd_shrn(DisasContext *s, bool is_q,
}
-/* C3.6.14 AdvSIMD shift by immediate
+/* AdvSIMD shift by immediate
* 31 30 29 28 23 22 19 18 16 15 11 10 9 5 4 0
* +---+---+---+-------------+------+------+--------+---+------+------+
* | 0 | Q | U | 0 1 1 1 1 0 | immh | immb | opcode | 1 | Rn | Rd |
@@ -8926,7 +8927,7 @@ static void handle_pmull_64(DisasContext *s, int is_q, int rd, int rn, int rm)
tcg_temp_free_i64(tcg_res);
}
-/* C3.6.15 AdvSIMD three different
+/* AdvSIMD three different
* 31 30 29 28 24 23 22 21 20 16 15 12 11 10 9 5 4 0
* +---+---+---+-----------+------+---+------+--------+-----+------+------+
* | 0 | Q | U | 0 1 1 1 0 | size | 1 | Rm | opcode | 0 0 | Rn | Rd |
@@ -9663,7 +9664,7 @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
}
}
-/* C3.6.16 AdvSIMD three same
+/* AdvSIMD three same
* 31 30 29 28 24 23 22 21 20 16 15 11 10 9 5 4 0
* +---+---+---+-----------+------+---+------+--------+---+------+------+
* | 0 | Q | U | 0 1 1 1 0 | size | 1 | Rm | opcode | 1 | Rn | Rd |
@@ -9932,7 +9933,7 @@ static void handle_shll(DisasContext *s, bool is_q, int size, int rn, int rd)
}
}
-/* C3.6.17 AdvSIMD two reg misc
+/* AdvSIMD two reg misc
* 31 30 29 28 24 23 22 21 17 16 12 11 10 9 5 4 0
* +---+---+---+-----------+------+-----------+--------+-----+------+------+
* | 0 | Q | U | 0 1 1 1 0 | size | 1 0 0 0 0 | opcode | 1 0 | Rn | Rd |
@@ -10444,12 +10445,12 @@ static void disas_simd_two_reg_misc(DisasContext *s, uint32_t insn)
}
}
-/* C3.6.13 AdvSIMD scalar x indexed element
+/* AdvSIMD scalar x indexed element
* 31 30 29 28 24 23 22 21 20 19 16 15 12 11 10 9 5 4 0
* +-----+---+-----------+------+---+---+------+-----+---+---+------+------+
* | 0 1 | U | 1 1 1 1 1 | size | L | M | Rm | opc | H | 0 | Rn | Rd |
* +-----+---+-----------+------+---+---+------+-----+---+---+------+------+
- * C3.6.18 AdvSIMD vector x indexed element
+ * AdvSIMD vector x indexed element
* 31 30 29 28 24 23 22 21 20 19 16 15 12 11 10 9 5 4 0
* +---+---+---+-----------+------+---+---+------+-----+---+---+------+------+
* | 0 | Q | U | 0 1 1 1 1 | size | L | M | Rm | opc | H | 0 | Rn | Rd |
@@ -10899,7 +10900,7 @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
}
}
-/* C3.6.19 Crypto AES
+/* Crypto AES
* 31 24 23 22 21 17 16 12 11 10 9 5 4 0
* +-----------------+------+-----------+--------+-----+------+------+
* | 0 1 0 0 1 1 1 0 | size | 1 0 1 0 0 | opcode | 1 0 | Rn | Rd |
@@ -10962,7 +10963,7 @@ static void disas_crypto_aes(DisasContext *s, uint32_t insn)
tcg_temp_free_i32(tcg_decrypt);
}
-/* C3.6.20 Crypto three-reg SHA
+/* Crypto three-reg SHA
* 31 24 23 22 21 20 16 15 14 12 11 10 9 5 4 0
* +-----------------+------+---+------+---+--------+-----+------+------+
* | 0 1 0 1 1 1 1 0 | size | 0 | Rm | 0 | opcode | 0 0 | Rn | Rd |
@@ -11034,7 +11035,7 @@ static void disas_crypto_three_reg_sha(DisasContext *s, uint32_t insn)
tcg_temp_free_i32(tcg_rm_regno);
}
-/* C3.6.21 Crypto two-reg SHA
+/* Crypto two-reg SHA
* 31 24 23 22 21 17 16 12 11 10 9 5 4 0
* +-----------------+------+-----------+--------+-----+------+------+
* | 0 1 0 1 1 1 1 0 | size | 1 0 1 0 0 | opcode | 1 0 | Rn | Rd |
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 21/31] hw/arm/palm.c: Don't use old_mmio for static_ops
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (19 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 20/31] target/arm: Remove out of date ARM ARM section references in A64 decoder Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 22/31] hw/gpio/omap_gpio.c: Don't use old_mmio Peter Maydell
` (10 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Update the static_ops functions to use new-style mmio
rather than the legacy old_mmio functions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505580378-9044-2-git-send-email-peter.maydell@linaro.org
---
hw/arm/palm.c | 30 ++++++++++--------------------
1 file changed, 10 insertions(+), 20 deletions(-)
diff --git a/hw/arm/palm.c b/hw/arm/palm.c
index b8753e2..a1f55d7 100644
--- a/hw/arm/palm.c
+++ b/hw/arm/palm.c
@@ -31,26 +31,16 @@
#include "exec/address-spaces.h"
#include "cpu.h"
-static uint32_t static_readb(void *opaque, hwaddr offset)
+static uint64_t static_read(void *opaque, hwaddr offset, unsigned size)
{
- uint32_t *val = (uint32_t *) opaque;
- return *val >> ((offset & 3) << 3);
-}
+ uint32_t *val = (uint32_t *)opaque;
+ uint32_t sizemask = 7 >> size;
-static uint32_t static_readh(void *opaque, hwaddr offset)
-{
- uint32_t *val = (uint32_t *) opaque;
- return *val >> ((offset & 1) << 3);
-}
-
-static uint32_t static_readw(void *opaque, hwaddr offset)
-{
- uint32_t *val = (uint32_t *) opaque;
- return *val >> ((offset & 0) << 3);
+ return *val >> ((offset & sizemask) << 3);
}
-static void static_write(void *opaque, hwaddr offset,
- uint32_t value)
+static void static_write(void *opaque, hwaddr offset, uint64_t value,
+ unsigned size)
{
#ifdef SPY
printf("%s: value %08lx written at " PA_FMT "\n",
@@ -59,10 +49,10 @@ static void static_write(void *opaque, hwaddr offset,
}
static const MemoryRegionOps static_ops = {
- .old_mmio = {
- .read = { static_readb, static_readh, static_readw, },
- .write = { static_write, static_write, static_write, },
- },
+ .read = static_read,
+ .write = static_write,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 4,
.endianness = DEVICE_NATIVE_ENDIAN,
};
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 22/31] hw/gpio/omap_gpio.c: Don't use old_mmio
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (20 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 21/31] hw/arm/palm.c: Don't use old_mmio for static_ops Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 23/31] hw/timer/omap_synctimer.c: " Peter Maydell
` (9 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Drop the use of old_mmio in the omap2_gpio memory ops.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505580378-9044-3-git-send-email-peter.maydell@linaro.org
---
hw/gpio/omap_gpio.c | 26 ++++++++++++--------------
1 file changed, 12 insertions(+), 14 deletions(-)
diff --git a/hw/gpio/omap_gpio.c b/hw/gpio/omap_gpio.c
index 1df394e..17891e2 100644
--- a/hw/gpio/omap_gpio.c
+++ b/hw/gpio/omap_gpio.c
@@ -525,17 +525,23 @@ static void omap2_gpio_module_write(void *opaque, hwaddr addr,
}
}
-static uint32_t omap2_gpio_module_readp(void *opaque, hwaddr addr)
+static uint64_t omap2_gpio_module_readp(void *opaque, hwaddr addr,
+ unsigned size)
{
return omap2_gpio_module_read(opaque, addr & ~3) >> ((addr & 3) << 3);
}
static void omap2_gpio_module_writep(void *opaque, hwaddr addr,
- uint32_t value)
+ uint64_t value, unsigned size)
{
uint32_t cur = 0;
uint32_t mask = 0xffff;
+ if (size == 4) {
+ omap2_gpio_module_write(opaque, addr, value);
+ return;
+ }
+
switch (addr & ~3) {
case 0x00: /* GPIO_REVISION */
case 0x14: /* GPIO_SYSSTATUS */
@@ -581,18 +587,10 @@ static void omap2_gpio_module_writep(void *opaque, hwaddr addr,
}
static const MemoryRegionOps omap2_gpio_module_ops = {
- .old_mmio = {
- .read = {
- omap2_gpio_module_readp,
- omap2_gpio_module_readp,
- omap2_gpio_module_read,
- },
- .write = {
- omap2_gpio_module_writep,
- omap2_gpio_module_writep,
- omap2_gpio_module_write,
- },
- },
+ .read = omap2_gpio_module_readp,
+ .write = omap2_gpio_module_writep,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 4,
.endianness = DEVICE_NATIVE_ENDIAN,
};
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 23/31] hw/timer/omap_synctimer.c: Don't use old_mmio
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (21 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 22/31] hw/gpio/omap_gpio.c: Don't use old_mmio Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 24/31] hw/timer/omap_gptimer: " Peter Maydell
` (8 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Don't use the old_mmio in the memory region ops struct.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505580378-9044-4-git-send-email-peter.maydell@linaro.org
---
hw/timer/omap_synctimer.c | 35 +++++++++++++++++++++--------------
1 file changed, 21 insertions(+), 14 deletions(-)
diff --git a/hw/timer/omap_synctimer.c b/hw/timer/omap_synctimer.c
index 9ee6519..0d75a90 100644
--- a/hw/timer/omap_synctimer.c
+++ b/hw/timer/omap_synctimer.c
@@ -68,25 +68,32 @@ static uint32_t omap_synctimer_readh(void *opaque, hwaddr addr)
}
}
-static void omap_synctimer_write(void *opaque, hwaddr addr,
- uint32_t value)
+static uint64_t omap_synctimer_readfn(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ switch (size) {
+ case 1:
+ return omap_badwidth_read32(opaque, addr);
+ case 2:
+ return omap_synctimer_readh(opaque, addr);
+ case 4:
+ return omap_synctimer_readw(opaque, addr);
+ default:
+ g_assert_not_reached();
+ }
+}
+
+static void omap_synctimer_writefn(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
{
OMAP_BAD_REG(addr);
}
static const MemoryRegionOps omap_synctimer_ops = {
- .old_mmio = {
- .read = {
- omap_badwidth_read32,
- omap_synctimer_readh,
- omap_synctimer_readw,
- },
- .write = {
- omap_badwidth_write32,
- omap_synctimer_write,
- omap_synctimer_write,
- },
- },
+ .read = omap_synctimer_readfn,
+ .write = omap_synctimer_writefn,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 4,
.endianness = DEVICE_NATIVE_ENDIAN,
};
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 24/31] hw/timer/omap_gptimer: Don't use old_mmio
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (22 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 23/31] hw/timer/omap_synctimer.c: " Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 25/31] hw/i2c/omap_i2c.c: " Peter Maydell
` (7 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Don't use the old_mmio struct in memory region ops.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505580378-9044-5-git-send-email-peter.maydell@linaro.org
---
hw/timer/omap_gptimer.c | 49 +++++++++++++++++++++++++++++++++++++------------
1 file changed, 37 insertions(+), 12 deletions(-)
diff --git a/hw/timer/omap_gptimer.c b/hw/timer/omap_gptimer.c
index 5e3e8a6..6d7c8a3 100644
--- a/hw/timer/omap_gptimer.c
+++ b/hw/timer/omap_gptimer.c
@@ -450,19 +450,44 @@ static void omap_gp_timer_writeh(void *opaque, hwaddr addr,
s->writeh = (uint16_t) value;
}
+static uint64_t omap_gp_timer_readfn(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ switch (size) {
+ case 1:
+ return omap_badwidth_read32(opaque, addr);
+ case 2:
+ return omap_gp_timer_readh(opaque, addr);
+ case 4:
+ return omap_gp_timer_readw(opaque, addr);
+ default:
+ g_assert_not_reached();
+ }
+}
+
+static void omap_gp_timer_writefn(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ switch (size) {
+ case 1:
+ omap_badwidth_write32(opaque, addr, value);
+ break;
+ case 2:
+ omap_gp_timer_writeh(opaque, addr, value);
+ break;
+ case 4:
+ omap_gp_timer_write(opaque, addr, value);
+ break;
+ default:
+ g_assert_not_reached();
+ }
+}
+
static const MemoryRegionOps omap_gp_timer_ops = {
- .old_mmio = {
- .read = {
- omap_badwidth_read32,
- omap_gp_timer_readh,
- omap_gp_timer_readw,
- },
- .write = {
- omap_badwidth_write32,
- omap_gp_timer_writeh,
- omap_gp_timer_write,
- },
- },
+ .read = omap_gp_timer_readfn,
+ .write = omap_gp_timer_writefn,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 4,
.endianness = DEVICE_NATIVE_ENDIAN,
};
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 25/31] hw/i2c/omap_i2c.c: Don't use old_mmio
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (23 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 24/31] hw/timer/omap_gptimer: " Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 26/31] hw/arm/omap2.c: " Peter Maydell
` (6 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Don't use old_mmio in the memory region ops struct.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505580378-9044-6-git-send-email-peter.maydell@linaro.org
---
hw/i2c/omap_i2c.c | 44 ++++++++++++++++++++++++++++++++------------
1 file changed, 32 insertions(+), 12 deletions(-)
diff --git a/hw/i2c/omap_i2c.c b/hw/i2c/omap_i2c.c
index f6e80be..12264ee 100644
--- a/hw/i2c/omap_i2c.c
+++ b/hw/i2c/omap_i2c.c
@@ -430,19 +430,39 @@ static void omap_i2c_writeb(void *opaque, hwaddr addr,
}
}
+static uint64_t omap_i2c_readfn(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ switch (size) {
+ case 2:
+ return omap_i2c_read(opaque, addr);
+ default:
+ return omap_badwidth_read16(opaque, addr);
+ }
+}
+
+static void omap_i2c_writefn(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ switch (size) {
+ case 1:
+ /* Only the last fifo write can be 8 bit. */
+ omap_i2c_writeb(opaque, addr, value);
+ break;
+ case 2:
+ omap_i2c_write(opaque, addr, value);
+ break;
+ default:
+ omap_badwidth_write16(opaque, addr, value);
+ break;
+ }
+}
+
static const MemoryRegionOps omap_i2c_ops = {
- .old_mmio = {
- .read = {
- omap_badwidth_read16,
- omap_i2c_read,
- omap_badwidth_read16,
- },
- .write = {
- omap_i2c_writeb, /* Only the last fifo write can be 8 bit. */
- omap_i2c_write,
- omap_badwidth_write16,
- },
- },
+ .read = omap_i2c_readfn,
+ .write = omap_i2c_writefn,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 4,
.endianness = DEVICE_NATIVE_ENDIAN,
};
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 26/31] hw/arm/omap2.c: Don't use old_mmio
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (24 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 25/31] hw/i2c/omap_i2c.c: " Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 27/31] msf2: Add Smartfusion2 System timer Peter Maydell
` (5 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
Don't use old_mmio in the memory region ops struct.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1505580378-9044-7-git-send-email-peter.maydell@linaro.org
---
hw/arm/omap2.c | 49 +++++++++++++++++++++++++++++++++++++------------
1 file changed, 37 insertions(+), 12 deletions(-)
diff --git a/hw/arm/omap2.c b/hw/arm/omap2.c
index 3f6076e..f5b1488 100644
--- a/hw/arm/omap2.c
+++ b/hw/arm/omap2.c
@@ -2087,19 +2087,44 @@ static void omap_sysctl_write(void *opaque, hwaddr addr,
}
}
+static uint64_t omap_sysctl_readfn(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ switch (size) {
+ case 1:
+ return omap_sysctl_read8(opaque, addr);
+ case 2:
+ return omap_badwidth_read32(opaque, addr); /* TODO */
+ case 4:
+ return omap_sysctl_read(opaque, addr);
+ default:
+ g_assert_not_reached();
+ }
+}
+
+static void omap_sysctl_writefn(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ switch (size) {
+ case 1:
+ omap_sysctl_write8(opaque, addr, value);
+ break;
+ case 2:
+ omap_badwidth_write32(opaque, addr, value); /* TODO */
+ break;
+ case 4:
+ omap_sysctl_write(opaque, addr, value);
+ break;
+ default:
+ g_assert_not_reached();
+ }
+}
+
static const MemoryRegionOps omap_sysctl_ops = {
- .old_mmio = {
- .read = {
- omap_sysctl_read8,
- omap_badwidth_read32, /* TODO */
- omap_sysctl_read,
- },
- .write = {
- omap_sysctl_write8,
- omap_badwidth_write32, /* TODO */
- omap_sysctl_write,
- },
- },
+ .read = omap_sysctl_readfn,
+ .write = omap_sysctl_writefn,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 4,
.endianness = DEVICE_NATIVE_ENDIAN,
};
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 27/31] msf2: Add Smartfusion2 System timer
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (25 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 26/31] hw/arm/omap2.c: " Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 28/31] msf2: Microsemi Smartfusion2 System Register block Peter Maydell
` (4 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
From: Subbaraya Sundeep <sundeep.lkml@gmail.com>
Modelled System Timer in Microsemi's Smartfusion2 Soc.
Timer has two 32bit down counters and two interrupts.
Signed-off-by: Subbaraya Sundeep <sundeep.lkml@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170920201737.25723-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/timer/Makefile.objs | 1 +
include/hw/timer/mss-timer.h | 64 ++++++++++
hw/timer/mss-timer.c | 289 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 354 insertions(+)
create mode 100644 include/hw/timer/mss-timer.h
create mode 100644 hw/timer/mss-timer.c
diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
index 15cce1c..8c19eac 100644
--- a/hw/timer/Makefile.objs
+++ b/hw/timer/Makefile.objs
@@ -42,3 +42,4 @@ common-obj-$(CONFIG_ASPEED_SOC) += aspeed_timer.o
common-obj-$(CONFIG_SUN4V_RTC) += sun4v-rtc.o
common-obj-$(CONFIG_CMSDK_APB_TIMER) += cmsdk-apb-timer.o
+common-obj-$(CONFIG_MSF2) += mss-timer.o
diff --git a/include/hw/timer/mss-timer.h b/include/hw/timer/mss-timer.h
new file mode 100644
index 0000000..d15d173
--- /dev/null
+++ b/include/hw/timer/mss-timer.h
@@ -0,0 +1,64 @@
+/*
+ * Microsemi SmartFusion2 Timer.
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_MSS_TIMER_H
+#define HW_MSS_TIMER_H
+
+#include "hw/sysbus.h"
+#include "hw/ptimer.h"
+
+#define TYPE_MSS_TIMER "mss-timer"
+#define MSS_TIMER(obj) OBJECT_CHECK(MSSTimerState, \
+ (obj), TYPE_MSS_TIMER)
+
+/*
+ * There are two 32-bit down counting timers.
+ * Timers 1 and 2 can be concatenated into a single 64-bit Timer
+ * that operates either in Periodic mode or in One-shot mode.
+ * Writing 1 to the TIM64_MODE register bit 0 sets the Timers in 64-bit mode.
+ * In 64-bit mode, writing to the 32-bit registers has no effect.
+ * Similarly, in 32-bit mode, writing to the 64-bit mode registers
+ * has no effect. Only two 32-bit timers are supported currently.
+ */
+#define NUM_TIMERS 2
+
+#define R_TIM1_MAX 6
+
+struct Msf2Timer {
+ QEMUBH *bh;
+ ptimer_state *ptimer;
+
+ uint32_t regs[R_TIM1_MAX];
+ qemu_irq irq;
+};
+
+typedef struct MSSTimerState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion mmio;
+ uint32_t freq_hz;
+ struct Msf2Timer timers[NUM_TIMERS];
+} MSSTimerState;
+
+#endif /* HW_MSS_TIMER_H */
diff --git a/hw/timer/mss-timer.c b/hw/timer/mss-timer.c
new file mode 100644
index 0000000..60f1213
--- /dev/null
+++ b/hw/timer/mss-timer.c
@@ -0,0 +1,289 @@
+/*
+ * Block model of System timer present in
+ * Microsemi's SmartFusion2 and SmartFusion SoCs.
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com>.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/main-loop.h"
+#include "qemu/log.h"
+#include "hw/timer/mss-timer.h"
+
+#ifndef MSS_TIMER_ERR_DEBUG
+#define MSS_TIMER_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do { \
+ if (MSS_TIMER_ERR_DEBUG >= lvl) { \
+ qemu_log("%s: " fmt "\n", __func__, ## args); \
+ } \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+#define R_TIM_VAL 0
+#define R_TIM_LOADVAL 1
+#define R_TIM_BGLOADVAL 2
+#define R_TIM_CTRL 3
+#define R_TIM_RIS 4
+#define R_TIM_MIS 5
+
+#define TIMER_CTRL_ENBL (1 << 0)
+#define TIMER_CTRL_ONESHOT (1 << 1)
+#define TIMER_CTRL_INTR (1 << 2)
+#define TIMER_RIS_ACK (1 << 0)
+#define TIMER_RST_CLR (1 << 6)
+#define TIMER_MODE (1 << 0)
+
+static void timer_update_irq(struct Msf2Timer *st)
+{
+ bool isr, ier;
+
+ isr = !!(st->regs[R_TIM_RIS] & TIMER_RIS_ACK);
+ ier = !!(st->regs[R_TIM_CTRL] & TIMER_CTRL_INTR);
+ qemu_set_irq(st->irq, (ier && isr));
+}
+
+static void timer_update(struct Msf2Timer *st)
+{
+ uint64_t count;
+
+ if (!(st->regs[R_TIM_CTRL] & TIMER_CTRL_ENBL)) {
+ ptimer_stop(st->ptimer);
+ return;
+ }
+
+ count = st->regs[R_TIM_LOADVAL];
+ ptimer_set_limit(st->ptimer, count, 1);
+ ptimer_run(st->ptimer, 1);
+}
+
+static uint64_t
+timer_read(void *opaque, hwaddr offset, unsigned int size)
+{
+ MSSTimerState *t = opaque;
+ hwaddr addr;
+ struct Msf2Timer *st;
+ uint32_t ret = 0;
+ int timer = 0;
+ int isr;
+ int ier;
+
+ addr = offset >> 2;
+ /*
+ * Two independent timers has same base address.
+ * Based on address passed figure out which timer is being used.
+ */
+ if ((addr >= R_TIM1_MAX) && (addr < NUM_TIMERS * R_TIM1_MAX)) {
+ timer = 1;
+ addr -= R_TIM1_MAX;
+ }
+
+ st = &t->timers[timer];
+
+ switch (addr) {
+ case R_TIM_VAL:
+ ret = ptimer_get_count(st->ptimer);
+ break;
+
+ case R_TIM_MIS:
+ isr = !!(st->regs[R_TIM_RIS] & TIMER_RIS_ACK);
+ ier = !!(st->regs[R_TIM_CTRL] & TIMER_CTRL_INTR);
+ ret = ier & isr;
+ break;
+
+ default:
+ if (addr < R_TIM1_MAX) {
+ ret = st->regs[addr];
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ TYPE_MSS_TIMER": 64-bit mode not supported\n");
+ return ret;
+ }
+ break;
+ }
+
+ DB_PRINT("timer=%d 0x%" HWADDR_PRIx "=0x%" PRIx32, timer, offset,
+ ret);
+ return ret;
+}
+
+static void
+timer_write(void *opaque, hwaddr offset,
+ uint64_t val64, unsigned int size)
+{
+ MSSTimerState *t = opaque;
+ hwaddr addr;
+ struct Msf2Timer *st;
+ int timer = 0;
+ uint32_t value = val64;
+
+ addr = offset >> 2;
+ /*
+ * Two independent timers has same base address.
+ * Based on addr passed figure out which timer is being used.
+ */
+ if ((addr >= R_TIM1_MAX) && (addr < NUM_TIMERS * R_TIM1_MAX)) {
+ timer = 1;
+ addr -= R_TIM1_MAX;
+ }
+
+ st = &t->timers[timer];
+
+ DB_PRINT("addr=0x%" HWADDR_PRIx " val=0x%" PRIx32 " (timer=%d)", offset,
+ value, timer);
+
+ switch (addr) {
+ case R_TIM_CTRL:
+ st->regs[R_TIM_CTRL] = value;
+ timer_update(st);
+ break;
+
+ case R_TIM_RIS:
+ if (value & TIMER_RIS_ACK) {
+ st->regs[R_TIM_RIS] &= ~TIMER_RIS_ACK;
+ }
+ break;
+
+ case R_TIM_LOADVAL:
+ st->regs[R_TIM_LOADVAL] = value;
+ if (st->regs[R_TIM_CTRL] & TIMER_CTRL_ENBL) {
+ timer_update(st);
+ }
+ break;
+
+ case R_TIM_BGLOADVAL:
+ st->regs[R_TIM_BGLOADVAL] = value;
+ st->regs[R_TIM_LOADVAL] = value;
+ break;
+
+ case R_TIM_VAL:
+ case R_TIM_MIS:
+ break;
+
+ default:
+ if (addr < R_TIM1_MAX) {
+ st->regs[addr] = value;
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ TYPE_MSS_TIMER": 64-bit mode not supported\n");
+ return;
+ }
+ break;
+ }
+ timer_update_irq(st);
+}
+
+static const MemoryRegionOps timer_ops = {
+ .read = timer_read,
+ .write = timer_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 4
+ }
+};
+
+static void timer_hit(void *opaque)
+{
+ struct Msf2Timer *st = opaque;
+
+ st->regs[R_TIM_RIS] |= TIMER_RIS_ACK;
+
+ if (!(st->regs[R_TIM_CTRL] & TIMER_CTRL_ONESHOT)) {
+ timer_update(st);
+ }
+ timer_update_irq(st);
+}
+
+static void mss_timer_init(Object *obj)
+{
+ MSSTimerState *t = MSS_TIMER(obj);
+ int i;
+
+ /* Init all the ptimers. */
+ for (i = 0; i < NUM_TIMERS; i++) {
+ struct Msf2Timer *st = &t->timers[i];
+
+ st->bh = qemu_bh_new(timer_hit, st);
+ st->ptimer = ptimer_init(st->bh, PTIMER_POLICY_DEFAULT);
+ ptimer_set_freq(st->ptimer, t->freq_hz);
+ sysbus_init_irq(SYS_BUS_DEVICE(obj), &st->irq);
+ }
+
+ memory_region_init_io(&t->mmio, OBJECT(t), &timer_ops, t, TYPE_MSS_TIMER,
+ NUM_TIMERS * R_TIM1_MAX * 4);
+ sysbus_init_mmio(SYS_BUS_DEVICE(obj), &t->mmio);
+}
+
+static const VMStateDescription vmstate_timers = {
+ .name = "mss-timer-block",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_PTIMER(ptimer, struct Msf2Timer),
+ VMSTATE_UINT32_ARRAY(regs, struct Msf2Timer, R_TIM1_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_mss_timer = {
+ .name = TYPE_MSS_TIMER,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(freq_hz, MSSTimerState),
+ VMSTATE_STRUCT_ARRAY(timers, MSSTimerState, NUM_TIMERS, 0,
+ vmstate_timers, struct Msf2Timer),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property mss_timer_properties[] = {
+ /* Libero GUI shows 100Mhz as default for clocks */
+ DEFINE_PROP_UINT32("clock-frequency", MSSTimerState, freq_hz,
+ 100 * 1000000),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void mss_timer_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->props = mss_timer_properties;
+ dc->vmsd = &vmstate_mss_timer;
+}
+
+static const TypeInfo mss_timer_info = {
+ .name = TYPE_MSS_TIMER,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MSSTimerState),
+ .instance_init = mss_timer_init,
+ .class_init = mss_timer_class_init,
+};
+
+static void mss_timer_register_types(void)
+{
+ type_register_static(&mss_timer_info);
+}
+
+type_init(mss_timer_register_types)
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 28/31] msf2: Microsemi Smartfusion2 System Register block
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (26 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 27/31] msf2: Add Smartfusion2 System timer Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 29/31] msf2: Add Smartfusion2 SPI controller Peter Maydell
` (3 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
From: Subbaraya Sundeep <sundeep.lkml@gmail.com>
Added Sytem register block of Smartfusion2.
This block has PLL registers which are accessed by guest.
Signed-off-by: Subbaraya Sundeep <sundeep.lkml@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170920201737.25723-3-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/misc/Makefile.objs | 1 +
include/hw/misc/msf2-sysreg.h | 77 ++++++++++++++++++++
hw/misc/msf2-sysreg.c | 160 ++++++++++++++++++++++++++++++++++++++++++
hw/misc/trace-events | 5 ++
4 files changed, 243 insertions(+)
create mode 100644 include/hw/misc/msf2-sysreg.h
create mode 100644 hw/misc/msf2-sysreg.c
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 29fb922..e8f0a02 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -59,3 +59,4 @@ obj-$(CONFIG_HYPERV_TESTDEV) += hyperv_testdev.o
obj-$(CONFIG_AUX) += auxbus.o
obj-$(CONFIG_ASPEED_SOC) += aspeed_scu.o aspeed_sdmc.o
obj-y += mmio_interface.o
+obj-$(CONFIG_MSF2) += msf2-sysreg.o
diff --git a/include/hw/misc/msf2-sysreg.h b/include/hw/misc/msf2-sysreg.h
new file mode 100644
index 0000000..5993f67
--- /dev/null
+++ b/include/hw/misc/msf2-sysreg.h
@@ -0,0 +1,77 @@
+/*
+ * Microsemi SmartFusion2 SYSREG
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_MSF2_SYSREG_H
+#define HW_MSF2_SYSREG_H
+
+#include "hw/sysbus.h"
+
+enum {
+ ESRAM_CR = 0x00 / 4,
+ ESRAM_MAX_LAT,
+ DDR_CR,
+ ENVM_CR,
+ ENVM_REMAP_BASE_CR,
+ ENVM_REMAP_FAB_CR,
+ CC_CR,
+ CC_REGION_CR,
+ CC_LOCK_BASE_ADDR_CR,
+ CC_FLUSH_INDX_CR,
+ DDRB_BUF_TIMER_CR,
+ DDRB_NB_ADDR_CR,
+ DDRB_NB_SIZE_CR,
+ DDRB_CR,
+
+ SOFT_RESET_CR = 0x48 / 4,
+ M3_CR,
+
+ GPIO_SYSRESET_SEL_CR = 0x58 / 4,
+
+ MDDR_CR = 0x60 / 4,
+
+ MSSDDR_PLL_STATUS_LOW_CR = 0x90 / 4,
+ MSSDDR_PLL_STATUS_HIGH_CR,
+ MSSDDR_FACC1_CR,
+ MSSDDR_FACC2_CR,
+
+ MSSDDR_PLL_STATUS = 0x150 / 4,
+};
+
+#define MSF2_SYSREG_MMIO_SIZE 0x300
+
+#define TYPE_MSF2_SYSREG "msf2-sysreg"
+#define MSF2_SYSREG(obj) OBJECT_CHECK(MSF2SysregState, (obj), TYPE_MSF2_SYSREG)
+
+typedef struct MSF2SysregState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+
+ uint8_t apb0div;
+ uint8_t apb1div;
+
+ uint32_t regs[MSF2_SYSREG_MMIO_SIZE / 4];
+} MSF2SysregState;
+
+#endif /* HW_MSF2_SYSREG_H */
diff --git a/hw/misc/msf2-sysreg.c b/hw/misc/msf2-sysreg.c
new file mode 100644
index 0000000..6eb5011
--- /dev/null
+++ b/hw/misc/msf2-sysreg.c
@@ -0,0 +1,160 @@
+/*
+ * System Register block model of Microsemi SmartFusion2.
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu/log.h"
+#include "hw/misc/msf2-sysreg.h"
+#include "qemu/error-report.h"
+#include "trace.h"
+
+static inline int msf2_divbits(uint32_t div)
+{
+ int r = ctz32(div);
+
+ return (div < 8) ? r : r + 1;
+}
+
+static void msf2_sysreg_reset(DeviceState *d)
+{
+ MSF2SysregState *s = MSF2_SYSREG(d);
+
+ s->regs[MSSDDR_PLL_STATUS_LOW_CR] = 0x021A2358;
+ s->regs[MSSDDR_PLL_STATUS] = 0x3;
+ s->regs[MSSDDR_FACC1_CR] = msf2_divbits(s->apb0div) << 5 |
+ msf2_divbits(s->apb1div) << 2;
+}
+
+static uint64_t msf2_sysreg_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+ MSF2SysregState *s = opaque;
+ uint32_t ret = 0;
+
+ offset >>= 2;
+ if (offset < ARRAY_SIZE(s->regs)) {
+ ret = s->regs[offset];
+ trace_msf2_sysreg_read(offset << 2, ret);
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Bad offset 0x%08" HWADDR_PRIx "\n", __func__,
+ offset << 2);
+ }
+
+ return ret;
+}
+
+static void msf2_sysreg_write(void *opaque, hwaddr offset,
+ uint64_t val, unsigned size)
+{
+ MSF2SysregState *s = opaque;
+ uint32_t newval = val;
+
+ offset >>= 2;
+
+ switch (offset) {
+ case MSSDDR_PLL_STATUS:
+ trace_msf2_sysreg_write_pll_status();
+ break;
+
+ case ESRAM_CR:
+ case DDR_CR:
+ case ENVM_REMAP_BASE_CR:
+ if (newval != s->regs[offset]) {
+ qemu_log_mask(LOG_UNIMP,
+ TYPE_MSF2_SYSREG": remapping not supported\n");
+ }
+ break;
+
+ default:
+ if (offset < ARRAY_SIZE(s->regs)) {
+ trace_msf2_sysreg_write(offset << 2, newval, s->regs[offset]);
+ s->regs[offset] = newval;
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Bad offset 0x%08" HWADDR_PRIx "\n", __func__,
+ offset << 2);
+ }
+ break;
+ }
+}
+
+static const MemoryRegionOps sysreg_ops = {
+ .read = msf2_sysreg_read,
+ .write = msf2_sysreg_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void msf2_sysreg_init(Object *obj)
+{
+ MSF2SysregState *s = MSF2_SYSREG(obj);
+
+ memory_region_init_io(&s->iomem, obj, &sysreg_ops, s, TYPE_MSF2_SYSREG,
+ MSF2_SYSREG_MMIO_SIZE);
+ sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->iomem);
+}
+
+static const VMStateDescription vmstate_msf2_sysreg = {
+ .name = TYPE_MSF2_SYSREG,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, MSF2SysregState, MSF2_SYSREG_MMIO_SIZE / 4),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static Property msf2_sysreg_properties[] = {
+ /* default divisors in Libero GUI */
+ DEFINE_PROP_UINT8("apb0divisor", MSF2SysregState, apb0div, 2),
+ DEFINE_PROP_UINT8("apb1divisor", MSF2SysregState, apb1div, 2),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void msf2_sysreg_realize(DeviceState *dev, Error **errp)
+{
+ MSF2SysregState *s = MSF2_SYSREG(dev);
+
+ if ((s->apb0div > 32 || !is_power_of_2(s->apb0div))
+ || (s->apb1div > 32 || !is_power_of_2(s->apb1div))) {
+ error_setg(errp, "Invalid apb divisor value");
+ error_append_hint(errp, "apb divisor must be a power of 2"
+ " and maximum value is 32\n");
+ }
+}
+
+static void msf2_sysreg_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->vmsd = &vmstate_msf2_sysreg;
+ dc->reset = msf2_sysreg_reset;
+ dc->props = msf2_sysreg_properties;
+ dc->realize = msf2_sysreg_realize;
+}
+
+static const TypeInfo msf2_sysreg_info = {
+ .name = TYPE_MSF2_SYSREG,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .class_init = msf2_sysreg_class_init,
+ .instance_size = sizeof(MSF2SysregState),
+ .instance_init = msf2_sysreg_init,
+};
+
+static void msf2_sysreg_register_types(void)
+{
+ type_register_static(&msf2_sysreg_info);
+}
+
+type_init(msf2_sysreg_register_types)
diff --git a/hw/misc/trace-events b/hw/misc/trace-events
index 3313585..616579a 100644
--- a/hw/misc/trace-events
+++ b/hw/misc/trace-events
@@ -61,3 +61,8 @@ mps2_scc_reset(void) "MPS2 SCC: reset"
mps2_scc_leds(char led7, char led6, char led5, char led4, char led3, char led2, char led1, char led0) "MPS2 SCC LEDs: %c%c%c%c%c%c%c%c"
mps2_scc_cfg_write(unsigned function, unsigned device, uint32_t value) "MPS2 SCC config write: function %d device %d data 0x%" PRIx32
mps2_scc_cfg_read(unsigned function, unsigned device, uint32_t value) "MPS2 SCC config read: function %d device %d data 0x%" PRIx32
+
+# hw/misc/msf2-sysreg.c
+msf2_sysreg_write(uint64_t offset, uint32_t val, uint32_t prev) "msf2-sysreg write: addr 0x%08" HWADDR_PRIx " data 0x%" PRIx32 " prev 0x%" PRIx32
+msf2_sysreg_read(uint64_t offset, uint32_t val) "msf2-sysreg read: addr 0x%08" HWADDR_PRIx " data 0x%08" PRIx32
+msf2_sysreg_write_pll_status(void) "Invalid write to read only PLL status register"
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 29/31] msf2: Add Smartfusion2 SPI controller
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (27 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 28/31] msf2: Microsemi Smartfusion2 System Register block Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 30/31] msf2: Add Smartfusion2 SoC Peter Maydell
` (2 subsequent siblings)
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
From: Subbaraya Sundeep <sundeep.lkml@gmail.com>
Modelled Microsemi's Smartfusion2 SPI controller.
Signed-off-by: Subbaraya Sundeep <sundeep.lkml@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170920201737.25723-4-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/ssi/Makefile.objs | 1 +
include/hw/ssi/mss-spi.h | 58 +++++++
hw/ssi/mss-spi.c | 404 +++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 463 insertions(+)
create mode 100644 include/hw/ssi/mss-spi.h
create mode 100644 hw/ssi/mss-spi.c
diff --git a/hw/ssi/Makefile.objs b/hw/ssi/Makefile.objs
index 487add2..f5bcc65 100644
--- a/hw/ssi/Makefile.objs
+++ b/hw/ssi/Makefile.objs
@@ -4,6 +4,7 @@ common-obj-$(CONFIG_XILINX_SPI) += xilinx_spi.o
common-obj-$(CONFIG_XILINX_SPIPS) += xilinx_spips.o
common-obj-$(CONFIG_ASPEED_SOC) += aspeed_smc.o
common-obj-$(CONFIG_STM32F2XX_SPI) += stm32f2xx_spi.o
+common-obj-$(CONFIG_MSF2) += mss-spi.o
obj-$(CONFIG_OMAP) += omap_spi.o
obj-$(CONFIG_IMX) += imx_spi.o
diff --git a/include/hw/ssi/mss-spi.h b/include/hw/ssi/mss-spi.h
new file mode 100644
index 0000000..f0cf324
--- /dev/null
+++ b/include/hw/ssi/mss-spi.h
@@ -0,0 +1,58 @@
+/*
+ * Microsemi SmartFusion2 SPI
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_MSS_SPI_H
+#define HW_MSS_SPI_H
+
+#include "hw/sysbus.h"
+#include "hw/ssi/ssi.h"
+#include "qemu/fifo32.h"
+
+#define TYPE_MSS_SPI "mss-spi"
+#define MSS_SPI(obj) OBJECT_CHECK(MSSSpiState, (obj), TYPE_MSS_SPI)
+
+#define R_SPI_MAX 16
+
+typedef struct MSSSpiState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion mmio;
+
+ qemu_irq irq;
+
+ qemu_irq cs_line;
+
+ SSIBus *spi;
+
+ Fifo32 rx_fifo;
+ Fifo32 tx_fifo;
+
+ int fifo_depth;
+ uint32_t frame_count;
+ bool enabled;
+
+ uint32_t regs[R_SPI_MAX];
+} MSSSpiState;
+
+#endif /* HW_MSS_SPI_H */
diff --git a/hw/ssi/mss-spi.c b/hw/ssi/mss-spi.c
new file mode 100644
index 0000000..5a8e308
--- /dev/null
+++ b/hw/ssi/mss-spi.c
@@ -0,0 +1,404 @@
+/*
+ * Block model of SPI controller present in
+ * Microsemi's SmartFusion2 and SmartFusion SoCs.
+ *
+ * Copyright (C) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/ssi/mss-spi.h"
+#include "qemu/log.h"
+
+#ifndef MSS_SPI_ERR_DEBUG
+#define MSS_SPI_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do { \
+ if (MSS_SPI_ERR_DEBUG >= lvl) { \
+ qemu_log("%s: " fmt "\n", __func__, ## args); \
+ } \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+#define FIFO_CAPACITY 32
+
+#define R_SPI_CONTROL 0
+#define R_SPI_DFSIZE 1
+#define R_SPI_STATUS 2
+#define R_SPI_INTCLR 3
+#define R_SPI_RX 4
+#define R_SPI_TX 5
+#define R_SPI_CLKGEN 6
+#define R_SPI_SS 7
+#define R_SPI_MIS 8
+#define R_SPI_RIS 9
+
+#define S_TXDONE (1 << 0)
+#define S_RXRDY (1 << 1)
+#define S_RXCHOVRF (1 << 2)
+#define S_RXFIFOFUL (1 << 4)
+#define S_RXFIFOFULNXT (1 << 5)
+#define S_RXFIFOEMP (1 << 6)
+#define S_RXFIFOEMPNXT (1 << 7)
+#define S_TXFIFOFUL (1 << 8)
+#define S_TXFIFOFULNXT (1 << 9)
+#define S_TXFIFOEMP (1 << 10)
+#define S_TXFIFOEMPNXT (1 << 11)
+#define S_FRAMESTART (1 << 12)
+#define S_SSEL (1 << 13)
+#define S_ACTIVE (1 << 14)
+
+#define C_ENABLE (1 << 0)
+#define C_MODE (1 << 1)
+#define C_INTRXDATA (1 << 4)
+#define C_INTTXDATA (1 << 5)
+#define C_INTRXOVRFLO (1 << 6)
+#define C_SPS (1 << 26)
+#define C_BIGFIFO (1 << 29)
+#define C_RESET (1 << 31)
+
+#define FRAMESZ_MASK 0x1F
+#define FMCOUNT_MASK 0x00FFFF00
+#define FMCOUNT_SHIFT 8
+
+static void txfifo_reset(MSSSpiState *s)
+{
+ fifo32_reset(&s->tx_fifo);
+
+ s->regs[R_SPI_STATUS] &= ~S_TXFIFOFUL;
+ s->regs[R_SPI_STATUS] |= S_TXFIFOEMP;
+}
+
+static void rxfifo_reset(MSSSpiState *s)
+{
+ fifo32_reset(&s->rx_fifo);
+
+ s->regs[R_SPI_STATUS] &= ~S_RXFIFOFUL;
+ s->regs[R_SPI_STATUS] |= S_RXFIFOEMP;
+}
+
+static void set_fifodepth(MSSSpiState *s)
+{
+ unsigned int size = s->regs[R_SPI_DFSIZE] & FRAMESZ_MASK;
+
+ if (size <= 8) {
+ s->fifo_depth = 32;
+ } else if (size <= 16) {
+ s->fifo_depth = 16;
+ } else if (size <= 32) {
+ s->fifo_depth = 8;
+ } else {
+ s->fifo_depth = 4;
+ }
+}
+
+static void update_mis(MSSSpiState *s)
+{
+ uint32_t reg = s->regs[R_SPI_CONTROL];
+ uint32_t tmp;
+
+ /*
+ * form the Control register interrupt enable bits
+ * same as RIS, MIS and Interrupt clear registers for simplicity
+ */
+ tmp = ((reg & C_INTRXOVRFLO) >> 4) | ((reg & C_INTRXDATA) >> 3) |
+ ((reg & C_INTTXDATA) >> 5);
+ s->regs[R_SPI_MIS] |= tmp & s->regs[R_SPI_RIS];
+}
+
+static void spi_update_irq(MSSSpiState *s)
+{
+ int irq;
+
+ update_mis(s);
+ irq = !!(s->regs[R_SPI_MIS]);
+
+ qemu_set_irq(s->irq, irq);
+}
+
+static void mss_spi_reset(DeviceState *d)
+{
+ MSSSpiState *s = MSS_SPI(d);
+
+ memset(s->regs, 0, sizeof s->regs);
+ s->regs[R_SPI_CONTROL] = 0x80000102;
+ s->regs[R_SPI_DFSIZE] = 0x4;
+ s->regs[R_SPI_STATUS] = S_SSEL | S_TXFIFOEMP | S_RXFIFOEMP;
+ s->regs[R_SPI_CLKGEN] = 0x7;
+ s->regs[R_SPI_RIS] = 0x0;
+
+ s->fifo_depth = 4;
+ s->frame_count = 1;
+ s->enabled = false;
+
+ rxfifo_reset(s);
+ txfifo_reset(s);
+}
+
+static uint64_t
+spi_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ MSSSpiState *s = opaque;
+ uint32_t ret = 0;
+
+ addr >>= 2;
+ switch (addr) {
+ case R_SPI_RX:
+ s->regs[R_SPI_STATUS] &= ~S_RXFIFOFUL;
+ s->regs[R_SPI_STATUS] &= ~S_RXCHOVRF;
+ ret = fifo32_pop(&s->rx_fifo);
+ if (fifo32_is_empty(&s->rx_fifo)) {
+ s->regs[R_SPI_STATUS] |= S_RXFIFOEMP;
+ }
+ break;
+
+ case R_SPI_MIS:
+ update_mis(s);
+ ret = s->regs[R_SPI_MIS];
+ break;
+
+ default:
+ if (addr < ARRAY_SIZE(s->regs)) {
+ ret = s->regs[addr];
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Bad offset 0x%" HWADDR_PRIx "\n", __func__,
+ addr * 4);
+ return ret;
+ }
+ break;
+ }
+
+ DB_PRINT("addr=0x%" HWADDR_PRIx " = 0x%" PRIx32, addr * 4, ret);
+ spi_update_irq(s);
+ return ret;
+}
+
+static void assert_cs(MSSSpiState *s)
+{
+ qemu_set_irq(s->cs_line, 0);
+}
+
+static void deassert_cs(MSSSpiState *s)
+{
+ qemu_set_irq(s->cs_line, 1);
+}
+
+static void spi_flush_txfifo(MSSSpiState *s)
+{
+ uint32_t tx;
+ uint32_t rx;
+ bool sps = !!(s->regs[R_SPI_CONTROL] & C_SPS);
+
+ /*
+ * Chip Select(CS) is automatically controlled by this controller.
+ * If SPS bit is set in Control register then CS is asserted
+ * until all the frames set in frame count of Control register are
+ * transferred. If SPS is not set then CS pulses between frames.
+ * Note that Slave Select register specifies which of the CS line
+ * has to be controlled automatically by controller. Bits SS[7:1] are for
+ * masters in FPGA fabric since we model only Microcontroller subsystem
+ * of Smartfusion2 we control only one CS(SS[0]) line.
+ */
+ while (!fifo32_is_empty(&s->tx_fifo) && s->frame_count) {
+ assert_cs(s);
+
+ s->regs[R_SPI_STATUS] &= ~(S_TXDONE | S_RXRDY);
+
+ tx = fifo32_pop(&s->tx_fifo);
+ DB_PRINT("data tx:0x%" PRIx32, tx);
+ rx = ssi_transfer(s->spi, tx);
+ DB_PRINT("data rx:0x%" PRIx32, rx);
+
+ if (fifo32_num_used(&s->rx_fifo) == s->fifo_depth) {
+ s->regs[R_SPI_STATUS] |= S_RXCHOVRF;
+ s->regs[R_SPI_RIS] |= S_RXCHOVRF;
+ } else {
+ fifo32_push(&s->rx_fifo, rx);
+ s->regs[R_SPI_STATUS] &= ~S_RXFIFOEMP;
+ if (fifo32_num_used(&s->rx_fifo) == (s->fifo_depth - 1)) {
+ s->regs[R_SPI_STATUS] |= S_RXFIFOFULNXT;
+ } else if (fifo32_num_used(&s->rx_fifo) == s->fifo_depth) {
+ s->regs[R_SPI_STATUS] |= S_RXFIFOFUL;
+ }
+ }
+ s->frame_count--;
+ if (!sps) {
+ deassert_cs(s);
+ }
+ }
+
+ if (!s->frame_count) {
+ s->frame_count = (s->regs[R_SPI_CONTROL] & FMCOUNT_MASK) >>
+ FMCOUNT_SHIFT;
+ deassert_cs(s);
+ s->regs[R_SPI_RIS] |= S_TXDONE | S_RXRDY;
+ s->regs[R_SPI_STATUS] |= S_TXDONE | S_RXRDY;
+ }
+}
+
+static void spi_write(void *opaque, hwaddr addr,
+ uint64_t val64, unsigned int size)
+{
+ MSSSpiState *s = opaque;
+ uint32_t value = val64;
+
+ DB_PRINT("addr=0x%" HWADDR_PRIx " =0x%" PRIx32, addr, value);
+ addr >>= 2;
+
+ switch (addr) {
+ case R_SPI_TX:
+ /* adding to already full FIFO */
+ if (fifo32_num_used(&s->tx_fifo) == s->fifo_depth) {
+ break;
+ }
+ s->regs[R_SPI_STATUS] &= ~S_TXFIFOEMP;
+ fifo32_push(&s->tx_fifo, value);
+ if (fifo32_num_used(&s->tx_fifo) == (s->fifo_depth - 1)) {
+ s->regs[R_SPI_STATUS] |= S_TXFIFOFULNXT;
+ } else if (fifo32_num_used(&s->tx_fifo) == s->fifo_depth) {
+ s->regs[R_SPI_STATUS] |= S_TXFIFOFUL;
+ }
+ if (s->enabled) {
+ spi_flush_txfifo(s);
+ }
+ break;
+
+ case R_SPI_CONTROL:
+ s->regs[R_SPI_CONTROL] = value;
+ if (value & C_BIGFIFO) {
+ set_fifodepth(s);
+ } else {
+ s->fifo_depth = 4;
+ }
+ s->enabled = value & C_ENABLE;
+ s->frame_count = (value & FMCOUNT_MASK) >> FMCOUNT_SHIFT;
+ if (value & C_RESET) {
+ mss_spi_reset(DEVICE(s));
+ }
+ break;
+
+ case R_SPI_DFSIZE:
+ if (s->enabled) {
+ break;
+ }
+ s->regs[R_SPI_DFSIZE] = value;
+ break;
+
+ case R_SPI_INTCLR:
+ s->regs[R_SPI_INTCLR] = value;
+ if (value & S_TXDONE) {
+ s->regs[R_SPI_RIS] &= ~S_TXDONE;
+ }
+ if (value & S_RXRDY) {
+ s->regs[R_SPI_RIS] &= ~S_RXRDY;
+ }
+ if (value & S_RXCHOVRF) {
+ s->regs[R_SPI_RIS] &= ~S_RXCHOVRF;
+ }
+ break;
+
+ case R_SPI_MIS:
+ case R_SPI_STATUS:
+ case R_SPI_RIS:
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Write to read only register 0x%" HWADDR_PRIx "\n",
+ __func__, addr * 4);
+ break;
+
+ default:
+ if (addr < ARRAY_SIZE(s->regs)) {
+ s->regs[addr] = value;
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Bad offset 0x%" HWADDR_PRIx "\n", __func__,
+ addr * 4);
+ }
+ break;
+ }
+
+ spi_update_irq(s);
+}
+
+static const MemoryRegionOps spi_ops = {
+ .read = spi_read,
+ .write = spi_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 4
+ }
+};
+
+static void mss_spi_realize(DeviceState *dev, Error **errp)
+{
+ MSSSpiState *s = MSS_SPI(dev);
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+
+ s->spi = ssi_create_bus(dev, "spi");
+
+ sysbus_init_irq(sbd, &s->irq);
+ ssi_auto_connect_slaves(dev, &s->cs_line, s->spi);
+ sysbus_init_irq(sbd, &s->cs_line);
+
+ memory_region_init_io(&s->mmio, OBJECT(s), &spi_ops, s,
+ TYPE_MSS_SPI, R_SPI_MAX * 4);
+ sysbus_init_mmio(sbd, &s->mmio);
+
+ fifo32_create(&s->tx_fifo, FIFO_CAPACITY);
+ fifo32_create(&s->rx_fifo, FIFO_CAPACITY);
+}
+
+static const VMStateDescription vmstate_mss_spi = {
+ .name = TYPE_MSS_SPI,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_FIFO32(tx_fifo, MSSSpiState),
+ VMSTATE_FIFO32(rx_fifo, MSSSpiState),
+ VMSTATE_UINT32_ARRAY(regs, MSSSpiState, R_SPI_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void mss_spi_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = mss_spi_realize;
+ dc->reset = mss_spi_reset;
+ dc->vmsd = &vmstate_mss_spi;
+}
+
+static const TypeInfo mss_spi_info = {
+ .name = TYPE_MSS_SPI,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MSSSpiState),
+ .class_init = mss_spi_class_init,
+};
+
+static void mss_spi_register_types(void)
+{
+ type_register_static(&mss_spi_info);
+}
+
+type_init(mss_spi_register_types)
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 30/31] msf2: Add Smartfusion2 SoC
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (28 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 29/31] msf2: Add Smartfusion2 SPI controller Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 16:41 ` [Qemu-devel] [PULL 31/31] msf2: Add Emcraft's Smartfusion2 SOM kit Peter Maydell
2017-09-21 17:28 ` [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
From: Subbaraya Sundeep <sundeep.lkml@gmail.com>
Smartfusion2 SoC has hardened Microcontroller subsystem
and flash based FPGA fabric. This patch adds support for
Microcontroller subsystem in the SoC.
Signed-off-by: Subbaraya Sundeep <sundeep.lkml@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170920201737.25723-5-f4bug@amsat.org
[PMD: drop cpu_model to directly use cpu type, check m3clk non null]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/arm/Makefile.objs | 1 +
include/hw/arm/msf2-soc.h | 67 +++++++++++
hw/arm/msf2-soc.c | 238 ++++++++++++++++++++++++++++++++++++++++
default-configs/arm-softmmu.mak | 1 +
4 files changed, 307 insertions(+)
create mode 100644 include/hw/arm/msf2-soc.h
create mode 100644 hw/arm/msf2-soc.c
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 5ee6f7d..a6cf24f 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -19,3 +19,4 @@ obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
obj-$(CONFIG_ASPEED_SOC) += aspeed_soc.o aspeed.o
obj-$(CONFIG_MPS2) += mps2.o
+obj-$(CONFIG_MSF2) += msf2-soc.o
diff --git a/include/hw/arm/msf2-soc.h b/include/hw/arm/msf2-soc.h
new file mode 100644
index 0000000..3cfe5c7
--- /dev/null
+++ b/include/hw/arm/msf2-soc.h
@@ -0,0 +1,67 @@
+/*
+ * Microsemi Smartfusion2 SoC
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_ARM_MSF2_SOC_H
+#define HW_ARM_MSF2_SOC_H
+
+#include "hw/arm/armv7m.h"
+#include "hw/timer/mss-timer.h"
+#include "hw/misc/msf2-sysreg.h"
+#include "hw/ssi/mss-spi.h"
+
+#define TYPE_MSF2_SOC "msf2-soc"
+#define MSF2_SOC(obj) OBJECT_CHECK(MSF2State, (obj), TYPE_MSF2_SOC)
+
+#define MSF2_NUM_SPIS 2
+#define MSF2_NUM_UARTS 2
+
+/*
+ * System timer consists of two programmable 32-bit
+ * decrementing counters that generate individual interrupts to
+ * the Cortex-M3 processor
+ */
+#define MSF2_NUM_TIMERS 2
+
+typedef struct MSF2State {
+ /*< private >*/
+ SysBusDevice parent_obj;
+ /*< public >*/
+
+ ARMv7MState armv7m;
+
+ char *cpu_type;
+ char *part_name;
+ uint64_t envm_size;
+ uint64_t esram_size;
+
+ uint32_t m3clk;
+ uint8_t apb0div;
+ uint8_t apb1div;
+
+ MSF2SysregState sysreg;
+ MSSTimerState timer;
+ MSSSpiState spi[MSF2_NUM_SPIS];
+} MSF2State;
+
+#endif
diff --git a/hw/arm/msf2-soc.c b/hw/arm/msf2-soc.c
new file mode 100644
index 0000000..6f97fa9
--- /dev/null
+++ b/hw/arm/msf2-soc.c
@@ -0,0 +1,238 @@
+/*
+ * SmartFusion2 SoC emulation.
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "hw/arm/arm.h"
+#include "exec/address-spaces.h"
+#include "hw/char/serial.h"
+#include "hw/boards.h"
+#include "sysemu/block-backend.h"
+#include "qemu/cutils.h"
+#include "hw/arm/msf2-soc.h"
+#include "hw/misc/unimp.h"
+
+#define MSF2_TIMER_BASE 0x40004000
+#define MSF2_SYSREG_BASE 0x40038000
+
+#define ENVM_BASE_ADDRESS 0x60000000
+
+#define SRAM_BASE_ADDRESS 0x20000000
+
+#define MSF2_ENVM_MAX_SIZE (512 * K_BYTE)
+
+/*
+ * eSRAM max size is 80k without SECDED(Single error correction and
+ * dual error detection) feature and 64k with SECDED.
+ * We do not support SECDED now.
+ */
+#define MSF2_ESRAM_MAX_SIZE (80 * K_BYTE)
+
+static const uint32_t spi_addr[MSF2_NUM_SPIS] = { 0x40001000 , 0x40011000 };
+static const uint32_t uart_addr[MSF2_NUM_UARTS] = { 0x40000000 , 0x40010000 };
+
+static const int spi_irq[MSF2_NUM_SPIS] = { 2, 3 };
+static const int uart_irq[MSF2_NUM_UARTS] = { 10, 11 };
+static const int timer_irq[MSF2_NUM_TIMERS] = { 14, 15 };
+
+static void m2sxxx_soc_initfn(Object *obj)
+{
+ MSF2State *s = MSF2_SOC(obj);
+ int i;
+
+ object_initialize(&s->armv7m, sizeof(s->armv7m), TYPE_ARMV7M);
+ qdev_set_parent_bus(DEVICE(&s->armv7m), sysbus_get_default());
+
+ object_initialize(&s->sysreg, sizeof(s->sysreg), TYPE_MSF2_SYSREG);
+ qdev_set_parent_bus(DEVICE(&s->sysreg), sysbus_get_default());
+
+ object_initialize(&s->timer, sizeof(s->timer), TYPE_MSS_TIMER);
+ qdev_set_parent_bus(DEVICE(&s->timer), sysbus_get_default());
+
+ for (i = 0; i < MSF2_NUM_SPIS; i++) {
+ object_initialize(&s->spi[i], sizeof(s->spi[i]),
+ TYPE_MSS_SPI);
+ qdev_set_parent_bus(DEVICE(&s->spi[i]), sysbus_get_default());
+ }
+}
+
+static void m2sxxx_soc_realize(DeviceState *dev_soc, Error **errp)
+{
+ MSF2State *s = MSF2_SOC(dev_soc);
+ DeviceState *dev, *armv7m;
+ SysBusDevice *busdev;
+ Error *err = NULL;
+ int i;
+
+ MemoryRegion *system_memory = get_system_memory();
+ MemoryRegion *nvm = g_new(MemoryRegion, 1);
+ MemoryRegion *nvm_alias = g_new(MemoryRegion, 1);
+ MemoryRegion *sram = g_new(MemoryRegion, 1);
+
+ memory_region_init_rom(nvm, NULL, "MSF2.eNVM", s->envm_size,
+ &error_fatal);
+ /*
+ * On power-on, the eNVM region 0x60000000 is automatically
+ * remapped to the Cortex-M3 processor executable region
+ * start address (0x0). We do not support remapping other eNVM,
+ * eSRAM and DDR regions by guest(via Sysreg) currently.
+ */
+ memory_region_init_alias(nvm_alias, NULL, "MSF2.eNVM",
+ nvm, 0, s->envm_size);
+
+ memory_region_add_subregion(system_memory, ENVM_BASE_ADDRESS, nvm);
+ memory_region_add_subregion(system_memory, 0, nvm_alias);
+
+ memory_region_init_ram(sram, NULL, "MSF2.eSRAM", s->esram_size,
+ &error_fatal);
+ memory_region_add_subregion(system_memory, SRAM_BASE_ADDRESS, sram);
+
+ armv7m = DEVICE(&s->armv7m);
+ qdev_prop_set_uint32(armv7m, "num-irq", 81);
+ qdev_prop_set_string(armv7m, "cpu-type", s->cpu_type);
+ object_property_set_link(OBJECT(&s->armv7m), OBJECT(get_system_memory()),
+ "memory", &error_abort);
+ object_property_set_bool(OBJECT(&s->armv7m), true, "realized", &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ if (!s->m3clk) {
+ error_setg(errp, "Invalid m3clk value");
+ error_append_hint(errp, "m3clk can not be zero\n");
+ return;
+ }
+ system_clock_scale = NANOSECONDS_PER_SECOND / s->m3clk;
+
+ for (i = 0; i < MSF2_NUM_UARTS; i++) {
+ if (serial_hds[i]) {
+ serial_mm_init(get_system_memory(), uart_addr[i], 2,
+ qdev_get_gpio_in(armv7m, uart_irq[i]),
+ 115200, serial_hds[i], DEVICE_NATIVE_ENDIAN);
+ }
+ }
+
+ dev = DEVICE(&s->timer);
+ /* APB0 clock is the timer input clock */
+ qdev_prop_set_uint32(dev, "clock-frequency", s->m3clk / s->apb0div);
+ object_property_set_bool(OBJECT(&s->timer), true, "realized", &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+ return;
+ }
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(busdev, 0, MSF2_TIMER_BASE);
+ sysbus_connect_irq(busdev, 0,
+ qdev_get_gpio_in(armv7m, timer_irq[0]));
+ sysbus_connect_irq(busdev, 1,
+ qdev_get_gpio_in(armv7m, timer_irq[1]));
+
+ dev = DEVICE(&s->sysreg);
+ qdev_prop_set_uint32(dev, "apb0divisor", s->apb0div);
+ qdev_prop_set_uint32(dev, "apb1divisor", s->apb1div);
+ object_property_set_bool(OBJECT(&s->sysreg), true, "realized", &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+ return;
+ }
+ busdev = SYS_BUS_DEVICE(dev);
+ sysbus_mmio_map(busdev, 0, MSF2_SYSREG_BASE);
+
+ for (i = 0; i < MSF2_NUM_SPIS; i++) {
+ gchar *bus_name;
+
+ object_property_set_bool(OBJECT(&s->spi[i]), true, "realized", &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ sysbus_mmio_map(SYS_BUS_DEVICE(&s->spi[i]), 0, spi_addr[i]);
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->spi[i]), 0,
+ qdev_get_gpio_in(armv7m, spi_irq[i]));
+
+ /* Alias controller SPI bus to the SoC itself */
+ bus_name = g_strdup_printf("spi%d", i);
+ object_property_add_alias(OBJECT(s), bus_name,
+ OBJECT(&s->spi[i]), "spi",
+ &error_abort);
+ g_free(bus_name);
+ }
+
+ /* Below devices are not modelled yet. */
+ create_unimplemented_device("i2c_0", 0x40002000, 0x1000);
+ create_unimplemented_device("dma", 0x40003000, 0x1000);
+ create_unimplemented_device("watchdog", 0x40005000, 0x1000);
+ create_unimplemented_device("i2c_1", 0x40012000, 0x1000);
+ create_unimplemented_device("gpio", 0x40013000, 0x1000);
+ create_unimplemented_device("hs-dma", 0x40014000, 0x1000);
+ create_unimplemented_device("can", 0x40015000, 0x1000);
+ create_unimplemented_device("rtc", 0x40017000, 0x1000);
+ create_unimplemented_device("apb_config", 0x40020000, 0x10000);
+ create_unimplemented_device("emac", 0x40041000, 0x1000);
+ create_unimplemented_device("usb", 0x40043000, 0x1000);
+}
+
+static Property m2sxxx_soc_properties[] = {
+ /*
+ * part name specifies the type of SmartFusion2 device variant(this
+ * property is for information purpose only.
+ */
+ DEFINE_PROP_STRING("cpu-type", MSF2State, cpu_type),
+ DEFINE_PROP_STRING("part-name", MSF2State, part_name),
+ DEFINE_PROP_UINT64("eNVM-size", MSF2State, envm_size, MSF2_ENVM_MAX_SIZE),
+ DEFINE_PROP_UINT64("eSRAM-size", MSF2State, esram_size,
+ MSF2_ESRAM_MAX_SIZE),
+ /* Libero GUI shows 100Mhz as default for clocks */
+ DEFINE_PROP_UINT32("m3clk", MSF2State, m3clk, 100 * 1000000),
+ /* default divisors in Libero GUI */
+ DEFINE_PROP_UINT8("apb0div", MSF2State, apb0div, 2),
+ DEFINE_PROP_UINT8("apb1div", MSF2State, apb1div, 2),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void m2sxxx_soc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = m2sxxx_soc_realize;
+ dc->props = m2sxxx_soc_properties;
+}
+
+static const TypeInfo m2sxxx_soc_info = {
+ .name = TYPE_MSF2_SOC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(MSF2State),
+ .instance_init = m2sxxx_soc_initfn,
+ .class_init = m2sxxx_soc_class_init,
+};
+
+static void m2sxxx_soc_types(void)
+{
+ type_register_static(&m2sxxx_soc_info);
+}
+
+type_init(m2sxxx_soc_types)
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index bbdd3c1..5059d13 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -129,3 +129,4 @@ CONFIG_ACPI=y
CONFIG_SMBIOS=y
CONFIG_ASPEED_SOC=y
CONFIG_GPIO_KEY=y
+CONFIG_MSF2=y
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* [Qemu-devel] [PULL 31/31] msf2: Add Emcraft's Smartfusion2 SOM kit
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (29 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 30/31] msf2: Add Smartfusion2 SoC Peter Maydell
@ 2017-09-21 16:41 ` Peter Maydell
2017-09-21 17:28 ` [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 16:41 UTC (permalink / raw)
To: qemu-devel
From: Subbaraya Sundeep <sundeep.lkml@gmail.com>
Emulated Emcraft's Smartfusion2 System On Module starter
kit.
Signed-off-by: Subbaraya Sundeep <sundeep.lkml@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170920201737.25723-6-f4bug@amsat.org
[PMD: drop cpu_model to directly use cpu type]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/arm/Makefile.objs | 2 +-
hw/arm/msf2-som.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 106 insertions(+), 1 deletion(-)
create mode 100644 hw/arm/msf2-som.c
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index a6cf24f..2794e08 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -19,4 +19,4 @@ obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
obj-$(CONFIG_ASPEED_SOC) += aspeed_soc.o aspeed.o
obj-$(CONFIG_MPS2) += mps2.o
-obj-$(CONFIG_MSF2) += msf2-soc.o
+obj-$(CONFIG_MSF2) += msf2-soc.o msf2-som.o
diff --git a/hw/arm/msf2-som.c b/hw/arm/msf2-som.c
new file mode 100644
index 0000000..0795a3a
--- /dev/null
+++ b/hw/arm/msf2-som.c
@@ -0,0 +1,105 @@
+/*
+ * SmartFusion2 SOM starter kit(from Emcraft) emulation.
+ *
+ * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu/error-report.h"
+#include "hw/boards.h"
+#include "hw/arm/arm.h"
+#include "exec/address-spaces.h"
+#include "qemu/cutils.h"
+#include "hw/arm/msf2-soc.h"
+#include "cpu.h"
+
+#define DDR_BASE_ADDRESS 0xA0000000
+#define DDR_SIZE (64 * M_BYTE)
+
+#define M2S010_ENVM_SIZE (256 * K_BYTE)
+#define M2S010_ESRAM_SIZE (64 * K_BYTE)
+
+static void emcraft_sf2_s2s010_init(MachineState *machine)
+{
+ DeviceState *dev;
+ DeviceState *spi_flash;
+ MSF2State *soc;
+ MachineClass *mc = MACHINE_GET_CLASS(machine);
+ DriveInfo *dinfo = drive_get_next(IF_MTD);
+ qemu_irq cs_line;
+ SSIBus *spi_bus;
+ MemoryRegion *sysmem = get_system_memory();
+ MemoryRegion *ddr = g_new(MemoryRegion, 1);
+
+ if (strcmp(machine->cpu_type, mc->default_cpu_type) != 0) {
+ error_report("This board can only be used with CPU %s",
+ mc->default_cpu_type);
+ }
+
+ memory_region_init_ram(ddr, NULL, "ddr-ram", DDR_SIZE,
+ &error_fatal);
+ memory_region_add_subregion(sysmem, DDR_BASE_ADDRESS, ddr);
+
+ dev = qdev_create(NULL, TYPE_MSF2_SOC);
+ qdev_prop_set_string(dev, "part-name", "M2S010");
+ qdev_prop_set_string(dev, "cpu-type", mc->default_cpu_type);
+
+ qdev_prop_set_uint64(dev, "eNVM-size", M2S010_ENVM_SIZE);
+ qdev_prop_set_uint64(dev, "eSRAM-size", M2S010_ESRAM_SIZE);
+
+ /*
+ * CPU clock and peripheral clocks(APB0, APB1)are configurable
+ * in Libero. CPU clock is divided by APB0 and APB1 divisors for
+ * peripherals. Emcraft's SoM kit comes with these settings by default.
+ */
+ qdev_prop_set_uint32(dev, "m3clk", 142 * 1000000);
+ qdev_prop_set_uint32(dev, "apb0div", 2);
+ qdev_prop_set_uint32(dev, "apb1div", 2);
+
+ object_property_set_bool(OBJECT(dev), true, "realized", &error_fatal);
+
+ soc = MSF2_SOC(dev);
+
+ /* Attach SPI flash to SPI0 controller */
+ spi_bus = (SSIBus *)qdev_get_child_bus(dev, "spi0");
+ spi_flash = ssi_create_slave_no_init(spi_bus, "s25sl12801");
+ qdev_prop_set_uint8(spi_flash, "spansion-cr2nv", 1);
+ if (dinfo) {
+ qdev_prop_set_drive(spi_flash, "drive", blk_by_legacy_dinfo(dinfo),
+ &error_fatal);
+ }
+ qdev_init_nofail(spi_flash);
+ cs_line = qdev_get_gpio_in_named(spi_flash, SSI_GPIO_CS, 0);
+ sysbus_connect_irq(SYS_BUS_DEVICE(&soc->spi[0]), 1, cs_line);
+
+ armv7m_load_kernel(ARM_CPU(first_cpu), machine->kernel_filename,
+ soc->envm_size);
+}
+
+static void emcraft_sf2_machine_init(MachineClass *mc)
+{
+ mc->desc = "SmartFusion2 SOM kit from Emcraft (M2S010)";
+ mc->init = emcraft_sf2_s2s010_init;
+ mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-m3");
+}
+
+DEFINE_MACHINE("emcraft-sf2", emcraft_sf2_machine_init)
--
2.7.4
^ permalink raw reply related [flat|nested] 39+ messages in thread* Re: [Qemu-devel] [PULL 00/31] target-arm queue
2017-09-21 16:41 [Qemu-devel] [PULL 00/31] target-arm queue Peter Maydell
` (30 preceding siblings ...)
2017-09-21 16:41 ` [Qemu-devel] [PULL 31/31] msf2: Add Emcraft's Smartfusion2 SOM kit Peter Maydell
@ 2017-09-21 17:28 ` Peter Maydell
31 siblings, 0 replies; 39+ messages in thread
From: Peter Maydell @ 2017-09-21 17:28 UTC (permalink / raw)
To: QEMU Developers
On 21 September 2017 at 17:41, Peter Maydell <peter.maydell@linaro.org> wrote:
> ARM queue: mostly patches from me, but also the Smartfusion2 board.
>
> thanks
> -- PMM
>
> The following changes since commit 9ee660e7c138595224b65ddc1c5712549f0a278c:
>
> Merge remote-tracking branch 'remotes/yongbok/tags/mips-20170921' into staging (2017-09-21 14:40:32 +0100)
>
> are available in the git repository at:
>
> git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170921
>
> for you to fetch changes up to 6d262dcb7d108eda93813574c2061398084dc795:
>
> msf2: Add Emcraft's Smartfusion2 SOM kit (2017-09-21 16:36:56 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
> * more preparatory work for v8M support
> * convert some omap devices away from old_mmio
> * remove out of date ARM ARM section references in comments
> * add the Smartfusion2 board
Applied, thanks.
-- PMM
^ permalink raw reply [flat|nested] 39+ messages in thread