ARM queue for 2.10 soft freeze...

The following changes since commit 6632f6ff96f0537fc34cdc00c760656fc62e23c5:

Merge remote-tracking branch 'remotes/famz/tags/block-and-testing-pull-request' into staging (2017-07-17 11:46:36 +0100)

are available in the git repository at:

git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170717

for you to fetch changes up to e5a6a6e64e82a132cebef023d867085b0a2993d7:

MAINTAINERS: Add entries for MPS2 board (2017-07-17 13:36:09 +0100)

* new model of the ARM MPS2/MPS2+ FPGA based development board

* clean up DISAS_* exit conditions and fix various regressions

since commits e75449a346 8a6b28c7b5 (in particular including

ones which broke OP-TEE guests)

* make Cortex-M3 and M4 correctly default to 8 PMSA regions

Alex Bennée (6):

include/exec/exec-all: document common exit conditions

target/arm/translate: make DISAS_UPDATE match declared semantics

target/arm/translate.h: expand comment on DISAS_EXIT

target/arm/translate: ensure gen_goto_tb sets exit flags

target/arm: use gen_goto_tb for ISB handling

target/arm: use DISAS_EXIT for eret handling

Peter Maydell (12):

qdev-properties.h: Explicitly set the default value for arraylen properties

qdev: support properties which don't set a default value

target/arm: Make Cortex-M3 and M4 default to 8 PMSA regions

hw/arm/mps2: Implement skeleton mps2-an385 and mps2-an511 board models

hw/char/cmsdk-apb-uart.c: Implement CMSDK APB UART

hw/arm/mps2: Add UARTs

hw/char/cmsdk-apb-timer: Implement CMSDK APB timer device

hw/arm/mps2: Add timers

hw/misc/mps2_scc: Implement MPS2 Serial Communication Controller

hw/arm/mps2: Add SCC

hw/arm/mps2: Add ethernet

MAINTAINERS: Add entries for MPS2 board

hw/arm/Makefile.objs | 1 +

hw/char/Makefile.objs | 1 +

hw/misc/Makefile.objs | 1 +

hw/timer/Makefile.objs | 1 +

include/exec/exec-all.h | 29 ++-

include/hw/char/cmsdk-apb-uart.h | 78 +++++++

include/hw/misc/mps2-scc.h | 43 ++++

include/hw/qdev-core.h | 10 +

include/hw/qdev-properties.h | 21 ++

include/hw/timer/cmsdk-apb-timer.h | 59 ++++++

target/arm/translate.h | 5 +-

hw/arm/mps2.c | 385 +++++++++++++++++++++++++++++++++++

hw/char/cmsdk-apb-uart.c | 403 +++++++++++++++++++++++++++++++++++++

hw/core/qdev.c | 2 +-

hw/misc/mps2-scc.c | 310 ++++++++++++++++++++++++++++

hw/timer/cmsdk-apb-timer.c | 253 +++++++++++++++++++++++

target/arm/cpu.c | 12 +-

target/arm/translate-a64.c | 19 +-

target/arm/translate.c | 22 +-

MAINTAINERS | 14 +-

default-configs/arm-softmmu.mak | 6 +

hw/char/trace-events | 9 +

hw/misc/trace-events | 8 +

hw/timer/trace-events | 5 +

24 files changed, 1673 insertions(+), 24 deletions(-)

create mode 100644 include/hw/char/cmsdk-apb-uart.h

create mode 100644 include/hw/misc/mps2-scc.h

create mode 100644 include/hw/timer/cmsdk-apb-timer.h

create mode 100644 hw/arm/mps2.c

create mode 100644 hw/char/cmsdk-apb-uart.c

create mode 100644 hw/misc/mps2-scc.c

create mode 100644 hw/timer/cmsdk-apb-timer.c

Add entries to the MAINTAINERS file for the new MPS2

board and devices.

Since the CMSDK devices are not specific to the MPS2 board,

extend the existing 'PrimeCell' section to cover CMSDK

devices as well; in both cases these are devices implemented

by ARM and provided as RTL that may be used in multiple

SoCs and boards.

MAINTAINERS | 14 +++++++++++++-

1 file changed, 13 insertions(+), 1 deletion(-)

@@ -XXX,XX +XXX,XX @@ F: hw/*/allwinner*

F: include/hw/*/allwinner*

F: hw/arm/cubieboard.c

-ARM PrimeCell

+ARM PrimeCell and CMSDK devices

M: Peter Maydell <peter.maydell@linaro.org>

L: qemu-arm@nongnu.org

S: Maintained

@@ -XXX,XX +XXX,XX @@ F: hw/intc/pl190.c

F: hw/sd/pl181.c

F: hw/timer/pl031.c

F: include/hw/arm/primecell.h

+F: hw/timer/cmsdk-apb-timer.c

+F: include/hw/timer/cmsdk-apb-timer.h

+F: hw/char/cmsdk-apb-uart.c

+F: include/hw/char/cmsdk-apb-uart.h

ARM cores

M: Peter Maydell <peter.maydell@linaro.org>

@@ -XXX,XX +XXX,XX @@ S: Maintained

F: hw/arm/integratorcp.c

F: hw/misc/arm_integrator_debug.c

+MPS2

+M: Peter Maydell <peter.maydell@linaro.org>

+L: qemu-arm@nongnu.org

+S: Maintained

+F: hw/arm/mps2.c

+F: hw/misc/mps2-scc.c

+F: include/hw/misc/mps2-scc.h

+

Musicpal

M: Jan Kiszka <jan.kiszka@web.de>

L: qemu-arm@nongnu.org

2.7.4

From: Alex Bennée <alex.bennee@linaro.org>

While an ISB will ensure any raised IRQs happen on the next

instruction it doesn't cause any to get raised by itself. We can

therefore use a simple tb exit for ISB instructions and rely on the

exit_request check at the top of each TB to deal with exiting if

needed.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

Reviewed-by: Richard Henderson <rth@twiddle.net>

Message-id: 20170713141928.25419-6-alex.bennee@linaro.org

target/arm/translate-a64.c | 2 +-

target/arm/translate.c | 4 ++--

2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static void handle_sync(DisasContext *s, uint32_t insn,

* a self-modified code correctly and also to take

* any pending interrupts immediately.

*/

- s->is_jmp = DISAS_UPDATE;

+ gen_goto_tb(s, 0, s->pc);

return;

default:

unallocated_encoding(s);

diff --git a/target/arm/translate.c b/target/arm/translate.c

--- a/target/arm/translate.c

+++ b/target/arm/translate.c

@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)

* self-modifying code correctly and also to take

* any pending interrupts immediately.

*/

- gen_lookup_tb(s);

+ gen_goto_tb(s, 0, s->pc & ~1);

return;

default:

goto illegal_op;

@@ -XXX,XX +XXX,XX @@ static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw

* and also to take any pending interrupts

* immediately.

*/

- gen_lookup_tb(s);

+ gen_goto_tb(s, 0, s->pc & ~1);

break;

default:

goto illegal_op;

2.7.4

From: Alex Bennée <alex.bennee@linaro.org>

We already have an exit condition, DISAS_UPDATE which will exit the

run-loop. Expand on the difference with DISAS_EXIT in the comments.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

Reviewed-by: Richard Henderson <rth@twiddle.net>

Message-id: 20170713141928.25419-4-alex.bennee@linaro.org

target/arm/translate.h | 5 ++++-

1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/target/arm/translate.h b/target/arm/translate.h

--- a/target/arm/translate.h

+++ b/target/arm/translate.h

@@ -XXX,XX +XXX,XX @@ static void disas_set_insn_syndrome(DisasContext *s, uint32_t syn)

*/

#define DISAS_BX_EXCRET 11

/* For instructions which want an immediate exit to the main loop,

- * as opposed to attempting to use lookup_and_goto_ptr.

+ * as opposed to attempting to use lookup_and_goto_ptr. Unlike

+ * DISAS_UPDATE this doesn't write the PC on exiting the translation

+ * loop so you need to ensure something (gen_a64_set_pc_im or runtime

+ * helper) has done so before we reach return from cpu_tb_exec.

*/

#define DISAS_EXIT 12

2.7.4

Add the UARTs to the MPS2 board models.

Unfortunately the details of the wiring of the interrupts through

various OR gates differ between AN511 and AN385 so this can't

be purely a data-driven difference.

hw/arm/mps2.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++++

hw/char/cmsdk-apb-uart.c | 2 +-

2 files changed, 89 insertions(+), 1 deletion(-)

diff --git a/hw/arm/mps2.c b/hw/arm/mps2.c

--- a/hw/arm/mps2.c

+++ b/hw/arm/mps2.c

#include "qemu/error-report.h"

#include "hw/arm/arm.h"

#include "hw/arm/armv7m.h"

+#include "hw/or-irq.h"

#include "hw/boards.h"

#include "exec/address-spaces.h"

+#include "sysemu/sysemu.h"

#include "hw/misc/unimp.h"

+#include "hw/char/cmsdk-apb-uart.h"

typedef enum MPS2FPGAType {

FPGA_AN385,

@@ -XXX,XX +XXX,XX @@ static void mps2_common_init(MachineState *machine)

create_unimplemented_device("Ethernet", 0x40200000, 0x00100000);

create_unimplemented_device("VGA", 0x41000000, 0x0200000);

+ switch (mmc->fpga_type) {

+ case FPGA_AN385:

+ {

+ /* The overflow IRQs for UARTs 0, 1 and 2 are ORed together.

+ * Overflow for UARTs 4 and 5 doesn't trigger any interrupt.

+ */

+ Object *orgate;

+ DeviceState *orgate_dev;

+ int i;

+

+ orgate = object_new(TYPE_OR_IRQ);

+ object_property_set_int(orgate, 6, "num-lines", &error_fatal);

+ object_property_set_bool(orgate, true, "realized", &error_fatal);

+ orgate_dev = DEVICE(orgate);

+ qdev_connect_gpio_out(orgate_dev, 0, qdev_get_gpio_in(armv7m, 12));

+

+ for (i = 0; i < 5; i++) {

+ static const hwaddr uartbase[] = {0x40004000, 0x40005000,

+ 0x40006000, 0x40007000,

+ 0x40009000};

+ Chardev *uartchr = i < MAX_SERIAL_PORTS ? serial_hds[i] : NULL;

+ /* RX irq number; TX irq is always one greater */

+ static const int uartirq[] = {0, 2, 4, 18, 20};

+ qemu_irq txovrint = NULL, rxovrint = NULL;

+

+ if (i < 3) {

+ txovrint = qdev_get_gpio_in(orgate_dev, i * 2);

+ rxovrint = qdev_get_gpio_in(orgate_dev, i * 2 + 1);

+ }

+

+ cmsdk_apb_uart_create(uartbase[i],

+ qdev_get_gpio_in(armv7m, uartirq[i] + 1),

+ qdev_get_gpio_in(armv7m, uartirq[i]),

+ txovrint, rxovrint,

+ NULL,

+ uartchr, SYSCLK_FRQ);

+ }

+ break;

+ }

+ case FPGA_AN511:

+ {

+ /* The overflow IRQs for all UARTs are ORed together.

+ * Tx and Rx IRQs for each UART are ORed together.

+ */

+ Object *orgate;

+ DeviceState *orgate_dev;

+ int i;

+

+ orgate = object_new(TYPE_OR_IRQ);

+ object_property_set_int(orgate, 10, "num-lines", &error_fatal);

+ object_property_set_bool(orgate, true, "realized", &error_fatal);

+ orgate_dev = DEVICE(orgate);

+ qdev_connect_gpio_out(orgate_dev, 0, qdev_get_gpio_in(armv7m, 12));

+

+ for (i = 0; i < 5; i++) {

+ /* system irq numbers for the combined tx/rx for each UART */

+ static const int uart_txrx_irqno[] = {0, 2, 45, 46, 56};

+ static const hwaddr uartbase[] = {0x40004000, 0x40005000,

+ 0x4002c000, 0x4002d000,

+ 0x4002e000};

+ Chardev *uartchr = i < MAX_SERIAL_PORTS ? serial_hds[i] : NULL;

+ Object *txrx_orgate;

+ DeviceState *txrx_orgate_dev;

+

+ txrx_orgate = object_new(TYPE_OR_IRQ);

+ object_property_set_int(txrx_orgate, 2, "num-lines", &error_fatal);

+ object_property_set_bool(txrx_orgate, true, "realized",

+ &error_fatal);

+ txrx_orgate_dev = DEVICE(txrx_orgate);

+ qdev_connect_gpio_out(txrx_orgate_dev, 0,

+ qdev_get_gpio_in(armv7m, uart_txrx_irqno[i]));

+ cmsdk_apb_uart_create(uartbase[i],

+ qdev_get_gpio_in(txrx_orgate_dev, 0),

+ qdev_get_gpio_in(txrx_orgate_dev, 1),

+ qdev_get_gpio_in(orgate_dev, 0),

+ qdev_get_gpio_in(orgate_dev, 1),

+ NULL,

+ uartchr, SYSCLK_FRQ);

+ }

+ break;

+ }

+ default:

+ g_assert_not_reached();

+ }

+

system_clock_scale = NANOSECONDS_PER_SECOND / SYSCLK_FRQ;

armv7m_load_kernel(ARM_CPU(first_cpu), machine->kernel_filename,

diff --git a/hw/char/cmsdk-apb-uart.c b/hw/char/cmsdk-apb-uart.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/char/cmsdk-apb-uart.c

+++ b/hw/char/cmsdk-apb-uart.c

@@ -XXX,XX +XXX,XX @@ static void cmsdk_apb_uart_realize(DeviceState *dev, Error **errp)

* an event handler to deal with CHR_EVENT_BREAK.

*/

qemu_chr_fe_set_handlers(&s->chr, uart_can_receive, uart_receive,

- NULL, s, NULL, true);

+ NULL, NULL, s, NULL, true);

static int cmsdk_apb_uart_post_load(void *opaque, int version_id)

2.7.4

From: Alex Bennée <alex.bennee@linaro.org>

DISAS_UPDATE should be used when the wider CPU state other than just

the PC has been updated and we should therefore exit the TCG runtime

and return to the main execution loop rather assuming DISAS_JUMP would

do that.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

Reviewed-by: Richard Henderson <rth@twiddle.net>

Message-id: 20170713141928.25419-3-alex.bennee@linaro.org

target/arm/translate-a64.c | 14 +++++++-------

target/arm/translate.c | 6 +++---

2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ void gen_intermediate_code_a64(ARMCPU *cpu, TranslationBlock *tb)

case DISAS_NEXT:

gen_goto_tb(dc, 1, dc->pc);

break;

- default:

- case DISAS_UPDATE:

- gen_a64_set_pc_im(dc->pc);

- /* fall through */

case DISAS_JUMP:

tcg_gen_lookup_and_goto_ptr(cpu_pc);

break;

- case DISAS_EXIT:

- tcg_gen_exit_tb(0);

- break;

case DISAS_TB_JUMP:

case DISAS_EXC:

case DISAS_SWI:

@@ -XXX,XX +XXX,XX @@ void gen_intermediate_code_a64(ARMCPU *cpu, TranslationBlock *tb)

*/

tcg_gen_exit_tb(0);

break;

+ case DISAS_UPDATE:

+ gen_a64_set_pc_im(dc->pc);

+ /* fall through */

+ case DISAS_EXIT:

+ default:

+ tcg_gen_exit_tb(0);

+ break;

}

diff --git a/target/arm/translate.c b/target/arm/translate.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/translate.c

+++ b/target/arm/translate.c

@@ -XXX,XX +XXX,XX @@ void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb)

case DISAS_NEXT:

gen_goto_tb(dc, 1, dc->pc);

break;

- case DISAS_UPDATE:

- gen_set_pc_im(dc, dc->pc);

- /* fall through */

case DISAS_JUMP:

gen_goto_ptr();

break;

+ case DISAS_UPDATE:

+ gen_set_pc_im(dc, dc->pc);

+ /* fall through */

default:

/* indicate that the hash table must be used to find the next TB */

tcg_gen_exit_tb(0);

2.7.4

Implement a model of the simple "APB UART" provided in

the Cortex-M System Design Kit (CMSDK).

hw/char/Makefile.objs | 1 +

include/hw/char/cmsdk-apb-uart.h | 78 ++++++++

hw/char/cmsdk-apb-uart.c | 403 +++++++++++++++++++++++++++++++++++++++

default-configs/arm-softmmu.mak | 2 +

hw/char/trace-events | 9 +

5 files changed, 493 insertions(+)

create mode 100644 include/hw/char/cmsdk-apb-uart.h

create mode 100644 hw/char/cmsdk-apb-uart.c

diff --git a/hw/char/Makefile.objs b/hw/char/Makefile.objs

--- a/hw/char/Makefile.objs

+++ b/hw/char/Makefile.objs

@@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_DIGIC) += digic-uart.o

obj-$(CONFIG_STM32F2XX_USART) += stm32f2xx_usart.o

obj-$(CONFIG_RASPI) += bcm2835_aux.o

+common-obj-$(CONFIG_CMSDK_APB_UART) += cmsdk-apb-uart.o

common-obj-$(CONFIG_ETRAXFS) += etraxfs_ser.o

common-obj-$(CONFIG_ISA_DEBUG) += debugcon.o

common-obj-$(CONFIG_GRLIB) += grlib_apbuart.o

diff --git a/include/hw/char/cmsdk-apb-uart.h b/include/hw/char/cmsdk-apb-uart.h

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/include/hw/char/cmsdk-apb-uart.h

+/*

+ * ARM CMSDK APB UART emulation

+ *

+ * Copyright (c) 2017 Linaro Limited

+ * Written by Peter Maydell

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License version 2 or

+ * (at your option) any later version.

+ */

+

+#ifndef CMSDK_APB_UART_H

+#define CMSDK_APB_UART_H

+

+#include "hw/sysbus.h"

+#include "chardev/char-fe.h"

+

+#define TYPE_CMSDK_APB_UART "cmsdk-apb-uart"

+#define CMSDK_APB_UART(obj) OBJECT_CHECK(CMSDKAPBUART, (obj), \

+ TYPE_CMSDK_APB_UART)

+

+typedef struct {

+ /*< private >*/

+ SysBusDevice parent_obj;

+

+ /*< public >*/

+ MemoryRegion iomem;

+ CharBackend chr;

+ qemu_irq txint;

+ qemu_irq rxint;

+ qemu_irq txovrint;

+ qemu_irq rxovrint;

+ qemu_irq uartint;

+ guint watch_tag;

+ uint32_t pclk_frq;

+

+ uint32_t state;

+ uint32_t ctrl;

+ uint32_t intstatus;

+ uint32_t bauddiv;

+ /* This UART has no FIFO, only a 1-character buffer for each of Tx and Rx */

+ uint8_t txbuf;

+ uint8_t rxbuf;

+} CMSDKAPBUART;

+

+/**

+ * cmsdk_apb_uart_create - convenience function to create TYPE_CMSDK_APB_UART

+ * @addr: location in system memory to map registers

+ * @chr: Chardev backend to connect UART to, or NULL if no backend

+ * @pclk_frq: frequency in Hz of the PCLK clock (used for calculating baud rate)

+ */

+static inline DeviceState *cmsdk_apb_uart_create(hwaddr addr,

+ qemu_irq txint,

+ qemu_irq rxint,

+ qemu_irq txovrint,

+ qemu_irq rxovrint,

+ qemu_irq uartint,

+ Chardev *chr,

+ uint32_t pclk_frq)

+{

+ DeviceState *dev;

+ SysBusDevice *s;

+

+ dev = qdev_create(NULL, TYPE_CMSDK_APB_UART);

+ s = SYS_BUS_DEVICE(dev);

+ qdev_prop_set_chr(dev, "chardev", chr);

+ qdev_prop_set_uint32(dev, "pclk-frq", pclk_frq);

+ qdev_init_nofail(dev);

+ sysbus_mmio_map(s, 0, addr);

+ sysbus_connect_irq(s, 0, txint);

+ sysbus_connect_irq(s, 1, rxint);

+ sysbus_connect_irq(s, 2, txovrint);

+ sysbus_connect_irq(s, 3, rxovrint);

+ sysbus_connect_irq(s, 4, uartint);

+ return dev;

+}

+

+#endif

diff --git a/hw/char/cmsdk-apb-uart.c b/hw/char/cmsdk-apb-uart.c

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/hw/char/cmsdk-apb-uart.c

@@ -XXX,XX +XXX,XX @@

+/*

+ * ARM CMSDK APB UART emulation

+ *

+ * Copyright (c) 2017 Linaro Limited

+ * Written by Peter Maydell

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License version 2 or

+ * (at your option) any later version.

+ */

+

+/* This is a model of the "APB UART" which is part of the Cortex-M

+ * System Design Kit (CMSDK) and documented in the Cortex-M System

+ * Design Kit Technical Reference Manual (ARM DDI0479C):

+ * https://developer.arm.com/products/system-design/system-design-kits/cortex-m-system-design-kit

+ */

+

+#include "qemu/osdep.h"

+#include "qemu/log.h"

+#include "qapi/error.h"

+#include "trace.h"

+#include "hw/sysbus.h"

+#include "hw/registerfields.h"

+#include "chardev/char-fe.h"

+#include "chardev/char-serial.h"

+#include "hw/char/cmsdk-apb-uart.h"

+

+REG32(DATA, 0)

+REG32(STATE, 4)

+ FIELD(STATE, TXFULL, 0, 1)

+ FIELD(STATE, RXFULL, 1, 1)

+ FIELD(STATE, TXOVERRUN, 2, 1)

+ FIELD(STATE, RXOVERRUN, 3, 1)

+REG32(CTRL, 8)

+ FIELD(CTRL, TX_EN, 0, 1)

+ FIELD(CTRL, RX_EN, 1, 1)

+ FIELD(CTRL, TX_INTEN, 2, 1)

+ FIELD(CTRL, RX_INTEN, 3, 1)

+ FIELD(CTRL, TXO_INTEN, 4, 1)

+ FIELD(CTRL, RXO_INTEN, 5, 1)

+ FIELD(CTRL, HSTEST, 6, 1)

+REG32(INTSTATUS, 0xc)

+ FIELD(INTSTATUS, TX, 0, 1)

+ FIELD(INTSTATUS, RX, 1, 1)

+ FIELD(INTSTATUS, TXO, 2, 1)

+ FIELD(INTSTATUS, RXO, 3, 1)

+REG32(BAUDDIV, 0x10)

+REG32(PID4, 0xFD0)

+REG32(PID5, 0xFD4)

+REG32(PID6, 0xFD8)

+REG32(PID7, 0xFDC)

+REG32(PID0, 0xFE0)

+REG32(PID1, 0xFE4)

+REG32(PID2, 0xFE8)

+REG32(PID3, 0xFEC)

+REG32(CID0, 0xFF0)

+REG32(CID1, 0xFF4)

+REG32(CID2, 0xFF8)

+REG32(CID3, 0xFFC)

+

+/* PID/CID values */

+static const int uart_id[] = {

+ 0x04, 0x00, 0x00, 0x00, /* PID4..PID7 */

+ 0x21, 0xb8, 0x1b, 0x00, /* PID0..PID3 */

+ 0x0d, 0xf0, 0x05, 0xb1, /* CID0..CID3 */

+};

+

+static bool uart_baudrate_ok(CMSDKAPBUART *s)

+{

+ /* The minimum permitted bauddiv setting is 16, so we just ignore

+ * settings below that (usually this means the device has just

+ * been reset and not yet programmed).

+ */

+ return s->bauddiv >= 16 && s->bauddiv <= s->pclk_frq;

+}

+

+static void uart_update_parameters(CMSDKAPBUART *s)

+{

+ QEMUSerialSetParams ssp;

+

+ /* This UART is always 8N1 but the baud rate is programmable. */

+ if (!uart_baudrate_ok(s)) {

+ return;

+ ssp.data_bits = 8;

+ ssp.parity = 'N';

+ ssp.stop_bits = 1;

+ ssp.speed = s->pclk_frq / s->bauddiv;

+ qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);

+ trace_cmsdk_apb_uart_set_params(ssp.speed);

+}

+

+static void cmsdk_apb_uart_update(CMSDKAPBUART *s)

+{

+ /* update outbound irqs, including handling the way the rxo and txo

+ * interrupt status bits are just logical AND of the overrun bit in

+ * STATE and the overrun interrupt enable bit in CTRL.

+ */

+ uint32_t omask = (R_INTSTATUS_RXO_MASK | R_INTSTATUS_TXO_MASK);

+ s->intstatus &= ~omask;

+ s->intstatus |= (s->state & (s->ctrl >> 2) & omask);

+

+ qemu_set_irq(s->txint, !!(s->intstatus & R_INTSTATUS_TX_MASK));

+ qemu_set_irq(s->rxint, !!(s->intstatus & R_INTSTATUS_RX_MASK));

+ qemu_set_irq(s->txovrint, !!(s->intstatus & R_INTSTATUS_TXO_MASK));

+ qemu_set_irq(s->rxovrint, !!(s->intstatus & R_INTSTATUS_RXO_MASK));

+ qemu_set_irq(s->uartint, !!(s->intstatus));

+}

+

+static int uart_can_receive(void *opaque)

+{

+ CMSDKAPBUART *s = CMSDK_APB_UART(opaque);

+

+ /* We can take a char if RX is enabled and the buffer is empty */

+ if (s->ctrl & R_CTRL_RX_EN_MASK && !(s->state & R_STATE_RXFULL_MASK)) {

+ return 0;

+}

+

+static void uart_receive(void *opaque, const uint8_t *buf, int size)

+{

+ CMSDKAPBUART *s = CMSDK_APB_UART(opaque);

+

+ trace_cmsdk_apb_uart_receive(*buf);

+

+ /* In fact uart_can_receive() ensures that we can't be

+ * called unless RX is enabled and the buffer is empty,

+ * but we include this logic as documentation of what the

+ * hardware does if a character arrives in these circumstances.

+ */

+ if (!(s->ctrl & R_CTRL_RX_EN_MASK)) {

+ /* Just drop the character on the floor */

+ return;

+ }

+

+ if (s->state & R_STATE_RXFULL_MASK) {

+ s->state |= R_STATE_RXOVERRUN_MASK;

+ }

+

+ s->rxbuf = *buf;

+ s->state |= R_STATE_RXFULL_MASK;

+ if (s->ctrl & R_CTRL_RX_INTEN_MASK) {

+ s->intstatus |= R_INTSTATUS_RX_MASK;

+ }

+ cmsdk_apb_uart_update(s);

+}

+

+static uint64_t uart_read(void *opaque, hwaddr offset, unsigned size)

+{

+ CMSDKAPBUART *s = CMSDK_APB_UART(opaque);

+ uint64_t r;

+

+ switch (offset) {

+ case A_DATA:

+ r = s->rxbuf;

+ s->state &= ~R_STATE_RXFULL_MASK;

+ cmsdk_apb_uart_update(s);

+ break;

+ case A_STATE:

+ r = s->state;

+ break;

+ case A_CTRL:

+ r = s->ctrl;

+ break;

+ case A_INTSTATUS:

+ r = s->intstatus;

+ break;

+ case A_BAUDDIV:

+ r = s->bauddiv;

+ break;

+ case A_PID4 ... A_CID3:

+ r = uart_id[(offset - A_PID4) / 4];

+ break;

+ default:

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "CMSDK APB UART read: bad offset %x\n", (int) offset);

+ r = 0;

+ break;

+ }

+ trace_cmsdk_apb_uart_read(offset, r, size);

+ return r;

+}

+

+/* Try to send tx data, and arrange to be called back later if

+ * we can't (ie the char backend is busy/blocking).

+ */

+static gboolean uart_transmit(GIOChannel *chan, GIOCondition cond, void *opaque)

+{

+ CMSDKAPBUART *s = CMSDK_APB_UART(opaque);

+ int ret;

+

+ s->watch_tag = 0;

+

+ if (!(s->ctrl & R_CTRL_TX_EN_MASK) || !(s->state & R_STATE_TXFULL_MASK)) {

+ return FALSE;

+ }

+

+ ret = qemu_chr_fe_write(&s->chr, &s->txbuf, 1);

+ if (ret <= 0) {

+ s->watch_tag = qemu_chr_fe_add_watch(&s->chr, G_IO_OUT | G_IO_HUP,

+ uart_transmit, s);

+ if (!s->watch_tag) {

+ /* Most common reason to be here is "no chardev backend":

+ * just insta-drain the buffer, so the serial output

+ * goes into a void, rather than blocking the guest.

+ */

+ goto buffer_drained;

+ }

+ /* Transmit pending */

+ trace_cmsdk_apb_uart_tx_pending();

+ return FALSE;

+ }

+

+buffer_drained:

+ /* Character successfully sent */

+ trace_cmsdk_apb_uart_tx(s->txbuf);

+ s->state &= ~R_STATE_TXFULL_MASK;

+ /* Going from TXFULL set to clear triggers the tx interrupt */

+ if (s->ctrl & R_CTRL_TX_INTEN_MASK) {

+ s->intstatus |= R_INTSTATUS_TX_MASK;

+ }

+ cmsdk_apb_uart_update(s);

+ return FALSE;

+}

+

+static void uart_cancel_transmit(CMSDKAPBUART *s)

+{

+ if (s->watch_tag) {

+ g_source_remove(s->watch_tag);

+ s->watch_tag = 0;

+ }

+}

+

+static void uart_write(void *opaque, hwaddr offset, uint64_t value,

+ unsigned size)

+{

+ CMSDKAPBUART *s = CMSDK_APB_UART(opaque);

+

+ trace_cmsdk_apb_uart_write(offset, value, size);

+

+ switch (offset) {

+ case A_DATA:

+ s->txbuf = value;

+ if (s->state & R_STATE_TXFULL_MASK) {

+ /* Buffer already full -- note the overrun and let the

+ * existing pending transmit callback handle the new char.

+ */

+ s->state |= R_STATE_TXOVERRUN_MASK;

+ cmsdk_apb_uart_update(s);

+ } else {

+ s->state |= R_STATE_TXFULL_MASK;

+ uart_transmit(NULL, G_IO_OUT, s);

+ }

+ break;

+ case A_STATE:

+ /* Bits 0 and 1 are read only; bits 2 and 3 are W1C */

+ s->state &= ~(value &

+ (R_STATE_TXOVERRUN_MASK | R_STATE_RXOVERRUN_MASK));

+ cmsdk_apb_uart_update(s);

+ break;

+ case A_CTRL:

+ s->ctrl = value & 0x7f;

+ if ((s->ctrl & R_CTRL_TX_EN_MASK) && !uart_baudrate_ok(s)) {

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "CMSDK APB UART: Tx enabled with invalid baudrate\n");

+ }

+ cmsdk_apb_uart_update(s);

+ break;

+ case A_INTSTATUS:

+ /* All bits are W1C. Clearing the overrun interrupt bits really

+ * clears the overrun status bits in the STATE register (which

+ * is then reflected into the intstatus value by the update function).

+ */

+ s->state &= ~(value & (R_INTSTATUS_TXO_MASK | R_INTSTATUS_RXO_MASK));

+ cmsdk_apb_uart_update(s);

+ break;

+ case A_BAUDDIV:

+ s->bauddiv = value & 0xFFFFF;

+ uart_update_parameters(s);

+ break;

+ case A_PID4 ... A_CID3:

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "CMSDK APB UART write: write to RO offset 0x%x\n",

+ (int)offset);

+ break;

+ default:

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "CMSDK APB UART write: bad offset 0x%x\n", (int) offset);

+ break;

+ }

+}

+

+static const MemoryRegionOps uart_ops = {

+ .read = uart_read,

+ .write = uart_write,

+ .endianness = DEVICE_LITTLE_ENDIAN,

+};

+

+static void cmsdk_apb_uart_reset(DeviceState *dev)

+{

+ CMSDKAPBUART *s = CMSDK_APB_UART(dev);

+

+ trace_cmsdk_apb_uart_reset();

+ uart_cancel_transmit(s);

+ s->state = 0;

+ s->ctrl = 0;

+ s->intstatus = 0;

+ s->bauddiv = 0;

+ s->txbuf = 0;

+ s->rxbuf = 0;

+}

+

+static void cmsdk_apb_uart_init(Object *obj)

+{

+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);

+ CMSDKAPBUART *s = CMSDK_APB_UART(obj);

+

+ memory_region_init_io(&s->iomem, obj, &uart_ops, s, "uart", 0x1000);

+ sysbus_init_mmio(sbd, &s->iomem);

+ sysbus_init_irq(sbd, &s->txint);

+ sysbus_init_irq(sbd, &s->rxint);

+ sysbus_init_irq(sbd, &s->txovrint);

+ sysbus_init_irq(sbd, &s->rxovrint);

+ sysbus_init_irq(sbd, &s->uartint);

+}

+

+static void cmsdk_apb_uart_realize(DeviceState *dev, Error **errp)

+{

+ CMSDKAPBUART *s = CMSDK_APB_UART(dev);

+

+ if (s->pclk_frq == 0) {

+ error_setg(errp, "CMSDK APB UART: pclk-frq property must be set");

+ return;

+ }

+

+ /* This UART has no flow control, so we do not need to register

+ * an event handler to deal with CHR_EVENT_BREAK.

+ */

+ qemu_chr_fe_set_handlers(&s->chr, uart_can_receive, uart_receive,

+ NULL, s, NULL, true);

+}

+

+static int cmsdk_apb_uart_post_load(void *opaque, int version_id)

+{

+ CMSDKAPBUART *s = CMSDK_APB_UART(opaque);

+

+ /* If we have a pending character, arrange to resend it. */

+ if (s->state & R_STATE_TXFULL_MASK) {

+ s->watch_tag = qemu_chr_fe_add_watch(&s->chr, G_IO_OUT | G_IO_HUP,

+ uart_transmit, s);

+ }

+ uart_update_parameters(s);

+ return 0;

+}

+

+static const VMStateDescription cmsdk_apb_uart_vmstate = {

+ .name = "cmsdk-apb-uart",

+ .version_id = 1,

+ .minimum_version_id = 1,

+ .post_load = cmsdk_apb_uart_post_load,

+ .fields = (VMStateField[]) {

+ VMSTATE_UINT32(state, CMSDKAPBUART),

+ VMSTATE_UINT32(ctrl, CMSDKAPBUART),

+ VMSTATE_UINT32(intstatus, CMSDKAPBUART),

+ VMSTATE_UINT32(bauddiv, CMSDKAPBUART),

+ VMSTATE_UINT8(txbuf, CMSDKAPBUART),

+ VMSTATE_UINT8(rxbuf, CMSDKAPBUART),

+ VMSTATE_END_OF_LIST()

+ }

+};

+

+static Property cmsdk_apb_uart_properties[] = {

+ DEFINE_PROP_CHR("chardev", CMSDKAPBUART, chr),

+ DEFINE_PROP_UINT32("pclk-frq", CMSDKAPBUART, pclk_frq, 0),

+ DEFINE_PROP_END_OF_LIST(),

+};

+

+static void cmsdk_apb_uart_class_init(ObjectClass *klass, void *data)

+{

+ DeviceClass *dc = DEVICE_CLASS(klass);

+

+ dc->realize = cmsdk_apb_uart_realize;

+ dc->vmsd = &cmsdk_apb_uart_vmstate;

+ dc->reset = cmsdk_apb_uart_reset;

+ dc->props = cmsdk_apb_uart_properties;

+}

+

+static const TypeInfo cmsdk_apb_uart_info = {

+ .name = TYPE_CMSDK_APB_UART,

+ .parent = TYPE_SYS_BUS_DEVICE,

+ .instance_size = sizeof(CMSDKAPBUART),

+ .instance_init = cmsdk_apb_uart_init,

+ .class_init = cmsdk_apb_uart_class_init,

+};

+

+static void cmsdk_apb_uart_register_types(void)

+{

+ type_register_static(&cmsdk_apb_uart_info);

+}

+

+type_init(cmsdk_apb_uart_register_types);

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak

index XXXXXXX..XXXXXXX 100644

--- a/default-configs/arm-softmmu.mak

+++ b/default-configs/arm-softmmu.mak

@@ -XXX,XX +XXX,XX @@ CONFIG_STM32F2XX_ADC=y

CONFIG_STM32F2XX_SPI=y

CONFIG_STM32F205_SOC=y

+CONFIG_CMSDK_APB_UART=y

+

CONFIG_VERSATILE_PCI=y

CONFIG_VERSATILE_I2C=y

diff --git a/hw/char/trace-events b/hw/char/trace-events

index XXXXXXX..XXXXXXX 100644

--- a/hw/char/trace-events

+++ b/hw/char/trace-events

@@ -XXX,XX +XXX,XX @@ pl011_write(uint32_t addr, uint32_t value) "addr 0x%08x value 0x%08x"

pl011_can_receive(uint32_t lcr, int read_count, int r) "LCR %08x read_count %d returning %d"

pl011_put_fifo(uint32_t c, int read_count) "new char 0x%x read_count now %d"

pl011_put_fifo_full(void) "FIFO now full, RXFF set"

+

+# hw/char/cmsdk_apb_uart.c

+cmsdk_apb_uart_read(uint64_t offset, uint64_t data, unsigned size) "CMSDK APB UART read: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"

+cmsdk_apb_uart_write(uint64_t offset, uint64_t data, unsigned size) "CMSDK APB UART write: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"

+cmsdk_apb_uart_reset(void) "CMSDK APB UART: reset"

+cmsdk_apb_uart_receive(uint8_t c) "CMSDK APB UART: got character 0x%x from backend"

+cmsdk_apb_uart_tx_pending(void) "CMSDK APB UART: character send to backend pending"

+cmsdk_apb_uart_tx(uint8_t c) "CMSDK APB UART: character 0x%x sent to backend"

+cmsdk_apb_uart_set_params(int speed) "CMSDK APB UART: params set to %d 8N1"

2.7.4