A small set of arm bugfixes for rc0. The following changes since commit 5853e92207193e967abf5e4c25b4a551c7604725: Merge remote-tracking branch 'remotes/pmaydell/tags/pull-cocoa-20171107' into staging (2017-11-07 12:19:48 +0000) are available in the git repository at: git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20171107 for you to fetch changes up to 8a7348b5d62d7ea16807e6bea54b448a0184bb0f: hw/intc/arm_gicv3_its: Don't abort on table save failure (2017-11-07 13:03:52 +0000) ---------------------------------------------------------------- target-arm queue: * arm_gicv3_its: Don't abort on table save failure * arm_gicv3_its: Fix the VM termination in vm_change_state_handler() * translate.c: Fix usermode big-endian AArch32 LDREXD and STREXD * hw/arm: Mark the "fsl,imx31/25/6" devices with user_creatable = false * arm: implement cache/shareability attribute bits for PAR registers ---------------------------------------------------------------- Andrew Baumann (1): arm: implement cache/shareability attribute bits for PAR registers Eric Auger (1): hw/intc/arm_gicv3_its: Don't abort on table save failure Peter Maydell (1): translate.c: Fix usermode big-endian AArch32 LDREXD and STREXD Shanker Donthineni (1): hw/intc/arm_gicv3_its: Fix the VM termination in vm_change_state_handler() Thomas Huth (3): hw/arm: Mark the "fsl,imx6" device with user_creatable = false hw/arm: Mark the "fsl,imx25" device with user_creatable = false hw/arm: Mark the "fsl,imx31" device with user_creatable = false hw/arm/fsl-imx25.c | 6 +- hw/arm/fsl-imx31.c | 6 +- hw/arm/fsl-imx6.c | 3 +- hw/intc/arm_gicv3_its_kvm.c | 12 +-- target/arm/helper.c | 178 ++++++++++++++++++++++++++++++++++++++++---- target/arm/translate.c | 39 ++++++++-- 6 files changed, 214 insertions(+), 30 deletions(-) From: Andrew Baumann <Andrew.Baumann@microsoft.com> On a successful address translation instruction, PAR is supposed to contain cacheability and shareability attributes determined by the translation. We previously returned 0 for these bits (in line with the general strategy of ignoring caches and memory attributes), but some guest OSes may depend on them. This patch collects the attribute bits in the page-table walk, and updates PAR with the correct attributes for all LPAE translations. Short descriptor formats still return 0 for these bits, as in the prior implementation. Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Message-id: 20171031223830.4608-1-Andrew.Baumann@microsoft.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/helper.c | 178 +++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 164 insertions(+), 14 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ #define ARM_CPU_FREQ 1000000000 /* FIXME: 1 GHz, should be configurable */ #ifndef CONFIG_USER_ONLY +/* Cacheability and shareability attributes for a memory access */ +typedef struct ARMCacheAttrs { + unsigned int attrs:8; /* as in the MAIR register encoding */ + unsigned int shareability:2; /* as in the SH field of the VMSAv8-64 PTEs */ +} ARMCacheAttrs; + static bool get_phys_addr(CPUARMState *env, target_ulong address, MMUAccessType access_type, ARMMMUIdx mmu_idx, hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot, target_ulong *page_size, uint32_t *fsr, - ARMMMUFaultInfo *fi); + ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs); static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, MMUAccessType access_type, ARMMMUIdx mmu_idx, hwaddr *phys_ptr, MemTxAttrs *txattrs, int *prot, target_ulong *page_size_ptr, uint32_t *fsr, - ARMMMUFaultInfo *fi); + ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs); /* Security attributes for an address, as returned by v8m_security_lookup. */ typedef struct V8M_SAttributes { @@ -XXX,XX +XXX,XX @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value, uint64_t par64; MemTxAttrs attrs = {}; ARMMMUFaultInfo fi = {}; + ARMCacheAttrs cacheattrs = {}; - ret = get_phys_addr(env, value, access_type, mmu_idx, - &phys_addr, &attrs, &prot, &page_size, &fsr, &fi); + ret = get_phys_addr(env, value, access_type, mmu_idx, &phys_addr, &attrs, + &prot, &page_size, &fsr, &fi, &cacheattrs); if (extended_addresses_enabled(env)) { /* fsr is a DFSR/IFSR value for the long descriptor * translation table format, but with WnR always clear. @@ -XXX,XX +XXX,XX @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value, if (!attrs.secure) { par64 |= (1 << 9); /* NS */ } - /* We don't set the ATTR or SH fields in the PAR. */ + par64 |= (uint64_t)cacheattrs.attrs << 56; /* ATTR */ + par64 |= cacheattrs.shareability << 7; /* SH */ } else { par64 |= 1; /* F */ par64 |= (fsr & 0x3f) << 1; /* FS */ @@ -XXX,XX +XXX,XX @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx, return false; } if (get_phys_addr(env, addr, MMU_INST_FETCH, mmu_idx, - &physaddr, &attrs, &prot, &page_size, &fsr, &fi)) { + &physaddr, &attrs, &prot, &page_size, &fsr, &fi, NULL)) { /* the MPU lookup failed */ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_IACCVIOL_MASK; armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM, env->v7m.secure); @@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, int ret; ret = get_phys_addr_lpae(env, addr, 0, ARMMMUIdx_S2NS, &s2pa, - &txattrs, &s2prot, &s2size, fsr, fi); + &txattrs, &s2prot, &s2size, fsr, fi, NULL); if (ret) { fi->s2addr = addr; fi->stage2 = true; @@ -XXX,XX +XXX,XX @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level, return true; } +/* Translate from the 4-bit stage 2 representation of + * memory attributes (without cache-allocation hints) to + * the 8-bit representation of the stage 1 MAIR registers + * (which includes allocation hints). + * + * ref: shared/translation/attrs/S2AttrDecode() + * .../S2ConvertAttrsHints() + */ +static uint8_t convert_stage2_attrs(CPUARMState *env, uint8_t s2attrs) +{ + uint8_t hiattr = extract32(s2attrs, 2, 2); + uint8_t loattr = extract32(s2attrs, 0, 2); + uint8_t hihint = 0, lohint = 0; + + if (hiattr != 0) { /* normal memory */ + if ((env->cp15.hcr_el2 & HCR_CD) != 0) { /* cache disabled */ + hiattr = loattr = 1; /* non-cacheable */ + } else { + if (hiattr != 1) { /* Write-through or write-back */ + hihint = 3; /* RW allocate */ + } + if (loattr != 1) { /* Write-through or write-back */ + lohint = 3; /* RW allocate */ + } + } + } + + return (hiattr << 6) | (hihint << 4) | (loattr << 2) | lohint; +} + static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, MMUAccessType access_type, ARMMMUIdx mmu_idx, hwaddr *phys_ptr, MemTxAttrs *txattrs, int *prot, target_ulong *page_size_ptr, uint32_t *fsr, - ARMMMUFaultInfo *fi) + ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs) { ARMCPU *cpu = arm_env_get_cpu(env); CPUState *cs = CPU(cpu); @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, */ txattrs->secure = false; } + + if (cacheattrs != NULL) { + if (mmu_idx == ARMMMUIdx_S2NS) { + cacheattrs->attrs = convert_stage2_attrs(env, + extract32(attrs, 0, 4)); + } else { + /* Index into MAIR registers for cache attributes */ + uint8_t attrindx = extract32(attrs, 0, 3); + uint64_t mair = env->cp15.mair_el[regime_el(env, mmu_idx)]; + assert(attrindx <= 7); + cacheattrs->attrs = extract64(mair, attrindx * 8, 8); + } + cacheattrs->shareability = extract32(attrs, 6, 2); + } + *phys_ptr = descaddr; *page_size_ptr = page_size; return false; @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address, return false; } +/* Combine either inner or outer cacheability attributes for normal + * memory, according to table D4-42 and pseudocode procedure + * CombineS1S2AttrHints() of ARM DDI 0487B.b (the ARMv8 ARM). + * + * NB: only stage 1 includes allocation hints (RW bits), leading to + * some asymmetry. + */ +static uint8_t combine_cacheattr_nibble(uint8_t s1, uint8_t s2) +{ + if (s1 == 4 || s2 == 4) { + /* non-cacheable has precedence */ + return 4; + } else if (extract32(s1, 2, 2) == 0 || extract32(s1, 2, 2) == 2) { + /* stage 1 write-through takes precedence */ + return s1; + } else if (extract32(s2, 2, 2) == 2) { + /* stage 2 write-through takes precedence, but the allocation hint + * is still taken from stage 1 + */ + return (2 << 2) | extract32(s1, 0, 2); + } else { /* write-back */ + return s1; + } +} + +/* Combine S1 and S2 cacheability/shareability attributes, per D4.5.4 + * and CombineS1S2Desc() + * + * @s1: Attributes from stage 1 walk + * @s2: Attributes from stage 2 walk + */ +static ARMCacheAttrs combine_cacheattrs(ARMCacheAttrs s1, ARMCacheAttrs s2) +{ + uint8_t s1lo = extract32(s1.attrs, 0, 4), s2lo = extract32(s2.attrs, 0, 4); + uint8_t s1hi = extract32(s1.attrs, 4, 4), s2hi = extract32(s2.attrs, 4, 4); + ARMCacheAttrs ret; + + /* Combine shareability attributes (table D4-43) */ + if (s1.shareability == 2 || s2.shareability == 2) { + /* if either are outer-shareable, the result is outer-shareable */ + ret.shareability = 2; + } else if (s1.shareability == 3 || s2.shareability == 3) { + /* if either are inner-shareable, the result is inner-shareable */ + ret.shareability = 3; + } else { + /* both non-shareable */ + ret.shareability = 0; + } + + /* Combine memory type and cacheability attributes */ + if (s1hi == 0 || s2hi == 0) { + /* Device has precedence over normal */ + if (s1lo == 0 || s2lo == 0) { + /* nGnRnE has precedence over anything */ + ret.attrs = 0; + } else if (s1lo == 4 || s2lo == 4) { + /* non-Reordering has precedence over Reordering */ + ret.attrs = 4; /* nGnRE */ + } else if (s1lo == 8 || s2lo == 8) { + /* non-Gathering has precedence over Gathering */ + ret.attrs = 8; /* nGRE */ + } else { + ret.attrs = 0xc; /* GRE */ + } + + /* Any location for which the resultant memory type is any + * type of Device memory is always treated as Outer Shareable. + */ + ret.shareability = 2; + } else { /* Normal memory */ + /* Outer/inner cacheability combine independently */ + ret.attrs = combine_cacheattr_nibble(s1hi, s2hi) << 4 + | combine_cacheattr_nibble(s1lo, s2lo); + + if (ret.attrs == 0x44) { + /* Any location for which the resultant memory type is Normal + * Inner Non-cacheable, Outer Non-cacheable is always treated + * as Outer Shareable. + */ + ret.shareability = 2; + } + } + + return ret; +} + + /* get_phys_addr - get the physical address for this virtual address * * Find the physical address corresponding to the given virtual address, @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address, * @prot: set to the permissions for the page containing phys_ptr * @page_size: set to the size of the page containing phys_ptr * @fsr: set to the DFSR/IFSR value on failure + * @fi: set to fault info if the translation fails + * @cacheattrs: (if non-NULL) set to the cacheability/shareability attributes */ static bool get_phys_addr(CPUARMState *env, target_ulong address, MMUAccessType access_type, ARMMMUIdx mmu_idx, hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot, target_ulong *page_size, uint32_t *fsr, - ARMMMUFaultInfo *fi) + ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs) { if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) { /* Call ourselves recursively to do the stage 1 and then stage 2 @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr(CPUARMState *env, target_ulong address, hwaddr ipa; int s2_prot; int ret; + ARMCacheAttrs cacheattrs2 = {}; ret = get_phys_addr(env, address, access_type, stage_1_mmu_idx(mmu_idx), &ipa, attrs, - prot, page_size, fsr, fi); + prot, page_size, fsr, fi, cacheattrs); /* If S1 fails or S2 is disabled, return early. */ if (ret || regime_translation_disabled(env, ARMMMUIdx_S2NS)) { @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr(CPUARMState *env, target_ulong address, /* S1 is done. Now do S2 translation. */ ret = get_phys_addr_lpae(env, ipa, access_type, ARMMMUIdx_S2NS, phys_ptr, attrs, &s2_prot, - page_size, fsr, fi); + page_size, fsr, fi, + cacheattrs != NULL ? &cacheattrs2 : NULL); fi->s2addr = ipa; /* Combine the S1 and S2 perms. */ *prot &= s2_prot; + + /* Combine the S1 and S2 cache attributes, if needed */ + if (!ret && cacheattrs != NULL) { + *cacheattrs = combine_cacheattrs(*cacheattrs, cacheattrs2); + } + return ret; } else { /* @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr(CPUARMState *env, target_ulong address, if (regime_using_lpae_format(env, mmu_idx)) { return get_phys_addr_lpae(env, address, access_type, mmu_idx, phys_ptr, - attrs, prot, page_size, fsr, fi); + attrs, prot, page_size, fsr, fi, cacheattrs); } else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) { return get_phys_addr_v6(env, address, access_type, mmu_idx, phys_ptr, attrs, prot, page_size, fsr, fi); @@ -XXX,XX +XXX,XX @@ bool arm_tlb_fill(CPUState *cs, vaddr address, ret = get_phys_addr(env, address, access_type, core_to_arm_mmu_idx(env, mmu_idx), &phys_addr, - &attrs, &prot, &page_size, fsr, fi); + &attrs, &prot, &page_size, fsr, fi, NULL); if (!ret) { /* Map a single [sub]page. */ phys_addr &= TARGET_PAGE_MASK; @@ -XXX,XX +XXX,XX @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr, *attrs = (MemTxAttrs) {}; ret = get_phys_addr(env, addr, 0, mmu_idx, &phys_addr, - attrs, &prot, &page_size, &fsr, &fi); + attrs, &prot, &page_size, &fsr, &fi, NULL); if (ret) { return -1; -- 2.7.4 From: Thomas Huth <thuth@redhat.com> This device causes QEMU to abort if the user tries to instantiate it: $ qemu-system-aarch64 -M sabrelite -smp 1,maxcpus=2 -device fsl,,imx6 Unexpected error in qemu_chr_fe_init() at chardev/char-fe.c:222: qemu-system-aarch64: -device fsl,,imx6: Device 'serial0' is in use Aborted (core dumped) The device uses serial_hds[] directly in its realize function, so it can not be instantiated again by the user. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1509519537-6964-2-git-send-email-thuth@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/fsl-imx6.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/arm/fsl-imx6.c b/hw/arm/fsl-imx6.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/fsl-imx6.c +++ b/hw/arm/fsl-imx6.c @@ -XXX,XX +XXX,XX @@ static void fsl_imx6_class_init(ObjectClass *oc, void *data) DeviceClass *dc = DEVICE_CLASS(oc); dc->realize = fsl_imx6_realize; - dc->desc = "i.MX6 SOC"; + /* Reason: Uses serial_hds[] in the realize() function */ + dc->user_creatable = false; } static const TypeInfo fsl_imx6_type_info = { -- 2.7.4 From: Thomas Huth <thuth@redhat.com> QEMU currently crashes when the user tries to instantiate the fsl,imx25 device manually: $ aarch64-softmmu/qemu-system-aarch64 -S -M imx25-pdk -device fsl,,imx25 ** ERROR:/home/thuth/devel/qemu/tcg/tcg.c:538:tcg_register_thread: assertion failed: (n < max_cpus) The imx25-pdk board (which is the one that uses this CPU type) only supports one CPU, and the realize function of the "fsl,imx25" device also uses serial_hds[] directly, so this device clearly can not be instantiated twice and thus we should mark it with user_creatable = 0. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1509519537-6964-3-git-send-email-thuth@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/fsl-imx25.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/fsl-imx25.c +++ b/hw/arm/fsl-imx25.c @@ -XXX,XX +XXX,XX @@ static void fsl_imx25_class_init(ObjectClass *oc, void *data) DeviceClass *dc = DEVICE_CLASS(oc); dc->realize = fsl_imx25_realize; - dc->desc = "i.MX25 SOC"; + /* + * Reason: uses serial_hds in realize and the imx25 board does not + * support multiple CPUs + */ + dc->user_creatable = false; } static const TypeInfo fsl_imx25_type_info = { -- 2.7.4 From: Thomas Huth <thuth@redhat.com> QEMU currently crashes when the user tries to instantiate the fsl,imx31 device manually: $ aarch64-softmmu/qemu-system-aarch64 -M kzm -device fsl,,imx31 ** ERROR:/home/thuth/devel/qemu/tcg/tcg.c:538:tcg_register_thread: assertion failed: (n < max_cpus) Aborted (core dumped) The kzm board (which is the one that uses this CPU type) only supports one CPU, and the realize function of the "fsl,imx31" device also uses serial_hds[] directly, so this device clearly can not be instantiated twice and thus we should mark it with user_creatable = false. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1509519537-6964-4-git-send-email-thuth@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/fsl-imx31.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/fsl-imx31.c +++ b/hw/arm/fsl-imx31.c @@ -XXX,XX +XXX,XX @@ static void fsl_imx31_class_init(ObjectClass *oc, void *data) DeviceClass *dc = DEVICE_CLASS(oc); dc->realize = fsl_imx31_realize; - dc->desc = "i.MX31 SOC"; + /* + * Reason: uses serial_hds in realize and the kzm board does not + * support multiple CPUs + */ + dc->user_creatable = false; } static const TypeInfo fsl_imx31_type_info = { -- 2.7.4 For AArch32 LDREXD and STREXD, architecturally the 32-bit word at the lowest address is always Rt and the one at addr+4 is Rt2, even if the CPU is big-endian. Our implementation does these with a single 64-bit store, so if we're big-endian then we need to put the two 32-bit halves together in the opposite order to little-endian, so that they end up in the right places. We were trying to do this with the gen_aa32_frob64() function, but that is not correct for the usermode emulator, because there there is a distinction between "load a 64 bit value" (which does a BE 64-bit access and doesn't need swapping) and "load two 32 bit values as one 64 bit access" (where we still need to do the swapping, like system mode BE32). Fixes: https://bugs.launchpad.net/qemu/+bug/1725267 Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1509622400-13351-1-git-send-email-peter.maydell@linaro.org --- target/arm/translate.c | 39 ++++++++++++++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/target/arm/translate.c b/target/arm/translate.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -XXX,XX +XXX,XX @@ static void gen_load_exclusive(DisasContext *s, int rt, int rt2, TCGv_i32 tmp2 = tcg_temp_new_i32(); TCGv_i64 t64 = tcg_temp_new_i64(); - gen_aa32_ld_i64(s, t64, addr, get_mem_index(s), opc); + /* For AArch32, architecturally the 32-bit word at the lowest + * address is always Rt and the one at addr+4 is Rt2, even if + * the CPU is big-endian. That means we don't want to do a + * gen_aa32_ld_i64(), which invokes gen_aa32_frob64() as if + * for an architecturally 64-bit access, but instead do a + * 64-bit access using MO_BE if appropriate and then split + * the two halves. + * This only makes a difference for BE32 user-mode, where + * frob64() must not flip the two halves of the 64-bit data + * but this code must treat BE32 user-mode like BE32 system. + */ + TCGv taddr = gen_aa32_addr(s, addr, opc); + + tcg_gen_qemu_ld_i64(t64, taddr, get_mem_index(s), opc); + tcg_temp_free(taddr); tcg_gen_mov_i64(cpu_exclusive_val, t64); - tcg_gen_extr_i64_i32(tmp, tmp2, t64); + if (s->be_data == MO_BE) { + tcg_gen_extr_i64_i32(tmp2, tmp, t64); + } else { + tcg_gen_extr_i64_i32(tmp, tmp2, t64); + } tcg_temp_free_i64(t64); store_reg(s, rt2, tmp2); @@ -XXX,XX +XXX,XX @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2, TCGv_i64 n64 = tcg_temp_new_i64(); t2 = load_reg(s, rt2); - tcg_gen_concat_i32_i64(n64, t1, t2); + /* For AArch32, architecturally the 32-bit word at the lowest + * address is always Rt and the one at addr+4 is Rt2, even if + * the CPU is big-endian. Since we're going to treat this as a + * single 64-bit BE store, we need to put the two halves in the + * opposite order for BE to LE, so that they end up in the right + * places. + * We don't want gen_aa32_frob64() because that does the wrong + * thing for BE32 usermode. + */ + if (s->be_data == MO_BE) { + tcg_gen_concat_i32_i64(n64, t2, t1); + } else { + tcg_gen_concat_i32_i64(n64, t1, t2); + } tcg_temp_free_i32(t2); - gen_aa32_frob64(s, n64); tcg_gen_atomic_cmpxchg_i64(o64, taddr, cpu_exclusive_val, n64, get_mem_index(s), opc); tcg_temp_free_i64(n64); - gen_aa32_frob64(s, o64); tcg_gen_setcond_i64(TCG_COND_NE, o64, o64, cpu_exclusive_val); tcg_gen_extrl_i64_i32(t0, o64); -- 2.7.4 From: Shanker Donthineni <shankerd@codeaurora.org> The commit cddafd8f353d ("hw/intc/arm_gicv3_its: Implement state save /restore") breaks the backward compatibility with the older kernels where vITS save/restore support is not available. The vmstate function vm_change_state_handler() should not be registered if the running kernel doesn't support ITS save/restore feature. Otherwise VM instance will be killed whenever vmstate callback function is invoked. Observed a virtual machine shutdown with QEMU-2.10+linux-4.11 when testing the reboot command "virsh reboot <domain> --mode acpi" instead of reboot. KVM Error: 'KVM_SET_DEVICE_ATTR failed: Group 4 attr 0x00000000000001' Signed-off-by: Shanker Donthineni <shankerd@codeaurora.org> Reviewed-by: Eric Auger <eric.auger@redhat.com> Message-id: 1509712671-16299-1-git-send-email-shankerd@codeaurora.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/intc/arm_gicv3_its_kvm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/intc/arm_gicv3_its_kvm.c b/hw/intc/arm_gicv3_its_kvm.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/arm_gicv3_its_kvm.c +++ b/hw/intc/arm_gicv3_its_kvm.c @@ -XXX,XX +XXX,XX @@ static void kvm_arm_its_realize(DeviceState *dev, Error **errp) error_free(s->migration_blocker); return; } + } else { + qemu_add_vm_change_state_handler(vm_change_state_handler, s); } kvm_msi_use_devid = true; kvm_gsi_direct_mapping = false; kvm_msi_via_irqfd_allowed = kvm_irqfds_enabled(); - - qemu_add_vm_change_state_handler(vm_change_state_handler, s); } /** -- 2.7.4 From: Eric Auger <eric.auger@redhat.com> The ITS is not fully properly reset at the moment. Caches are not emptied. After a reset, in case we attempt to save the state before the bound devices have registered their MSIs and after the 1st level table has been allocated by the ITS driver (device BASER is valid), the first level entries are still invalid. If the device cache is not empty (devices registered before the reset), vgic_its_save_device_tables fails with -EINVAL. This causes a QEMU abort(). Cc: qemu-stable@nongnu.org Signed-off-by: Eric Auger <eric.auger@redhat.com> Reported-by: wanghaibin <wanghaibin.wang@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/intc/arm_gicv3_its_kvm.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/hw/intc/arm_gicv3_its_kvm.c b/hw/intc/arm_gicv3_its_kvm.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/arm_gicv3_its_kvm.c +++ b/hw/intc/arm_gicv3_its_kvm.c @@ -XXX,XX +XXX,XX @@ static void vm_change_state_handler(void *opaque, int running, { GICv3ITSState *s = (GICv3ITSState *)opaque; Error *err = NULL; - int ret; if (running) { return; } - ret = kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_CTRL, - KVM_DEV_ARM_ITS_SAVE_TABLES, NULL, true, &err); + kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_CTRL, + KVM_DEV_ARM_ITS_SAVE_TABLES, NULL, true, &err); if (err) { error_report_err(err); } - if (ret < 0 && ret != -EFAULT) { - abort(); - } } static void kvm_arm_its_realize(DeviceState *dev, Error **errp) -- 2.7.4 As promised, more Arm patches. The big thing in here is the MPS2-AN521 board model. thanks -- PMM The following changes since commit cfe6c547690b06fbce54a6d0f7b05dd7f18e36ea: Merge remote-tracking branch 'remotes/xanclic/tags/pull-block-2019-01-31' into staging (2019-01-31 19:26:09 +0000) are available in the Git repository at: https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190201 for you to fetch changes up to 7743b70ffe7a8ce168adce2cf50ad156b1fefb8c: tests/microbit-test: Add tests for nRF51 NVMC (2019-02-01 15:32:17 +0000) ---------------------------------------------------------------- target-arm queue: * New machine mps2-an521 -- this is a model of the AN521 FPGA image for the MPS2 devboard * Fix various places where we failed to UNDEF invalid A64 instructions * Don't UNDEF a valid FCMLA on 32-bit inputs * Fix some bugs in the newly-added PAuth implementation * microbit: Implement NVMC non-volatile memory controller ---------------------------------------------------------------- Aaron Lindsay OS (2): target/arm: Send interrupts on PMU counter overflow target/arm: Add a timer to predict PMU counter overflow Julia Suvorova (1): arm: Clarify the logic of set_pc() Peter Maydell (33): armv7m: Don't assume the NVIC's CPU is CPU 0 armv7m: Make cpu object a child of the armv7m container armv7m: Pass through start-powered-off CPU property hw/arm/iotkit: Rename IoTKit to ARMSSE hw/arm/iotkit: Refactor into abstract base class and subclass hw/arm/iotkit: Rename 'iotkit' local variables and functions hw/arm/iotkit: Rename files to hw/arm/armsse.[ch] hw/misc/iotkit-secctl: Support 4 internal MPCs hw/arm/armsse: Make number of SRAM banks parameterised hw/arm/armsse: Make SRAM bank size configurable hw/arm/armsse: Support dual-CPU configuration hw/arm/armsse: Give each CPU its own view of memory hw/arm/armsse: Put each CPU in its own cluster object iotkit-sysinfo: Make SYS_VERSION and SYS_CONFIG configurable hw/arm/armsse: Add unimplemented-device stubs for MHUs hw/arm/armsse: Add unimplemented-device stubs for PPUs hw/arm/armsse: Add unimplemented-device stub for cache control registers hw/arm/armsse: Add unimplemented-device stub for CPU local control registers hw/misc/armsse-cpuid: Implement SSE-200 CPU_IDENTITY register block hw/arm/armsse: Add CPU_IDENTITY block to SSE-200 hw/arm/armsse: Add SSE-200 model hw/arm/mps2-tz: Add IRQ infrastructure to support SSE-200 hw/arm/mps2-tz: Add mps2-an521 model target/arm/translate-a64: Don't underdecode system instructions target/arm/translate-a64: Don't underdecode PRFM target/arm/translate-a64: Don't underdecode SIMD ld/st multiple target/arm/translate-a64: Don't underdecode SIMD ld/st single target/arm/translate-a64: Don't underdecode add/sub extended register target/arm/translate-a64: Don't underdecode FP insns target/arm/translate-a64: Don't underdecode SDOT and UDOT exec.c: Don't reallocate IOMMUNotifiers that are in use target/arm/translate-a64: Fix FCMLA decoding error target/arm/translate-a64: Fix mishandling of size in FCMLA decode Remi Denis-Courmont (2): target/arm: fix AArch64 virtual address space size target/arm: fix decoding of B{,L}RA{A,B} Richard Henderson (5): target/arm: Enable API, APK bits in SCR, HCR target/arm: Always enable pac keys for user-only aarch64-linux-user: Update HWCAP bits from linux 5.0-rc1 aarch64-linux-user: Enable HWCAP bits for PAuth linux-user: Initialize aarch64 pac keys Steffen Görtz (3): hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories arm: Instantiate NRF51 special NVM's and NVMC tests/microbit-test: Add tests for nRF51 NVMC kumar sourav (1): hw/arm/nrf51_soc: set object owner in memory_region_init_ram hw/arm/Makefile.objs | 2 +- hw/misc/Makefile.objs | 1 + hw/nvram/Makefile.objs | 1 + include/hw/arm/{iotkit.h => armsse.h} | 113 ++- include/hw/arm/armv7m.h | 1 + include/hw/arm/nrf51_soc.h | 2 + include/hw/misc/armsse-cpuid.h | 41 ++ include/hw/misc/iotkit-secctl.h | 6 +- include/hw/misc/iotkit-sysinfo.h | 6 + include/hw/nvram/nrf51_nvm.h | 64 ++ include/qom/cpu.h | 16 +- linux-user/aarch64/target_syscall.h | 2 + target/arm/cpu.h | 12 +- exec.c | 10 +- hw/arm/armsse.c | 1241 +++++++++++++++++++++++++++++++++ hw/arm/armv7m.c | 23 +- hw/arm/boot.c | 4 - hw/arm/iotkit.c | 759 -------------------- hw/arm/mps2-tz.c | 121 +++- hw/arm/nrf51_soc.c | 44 +- hw/intc/armv7m_nvic.c | 3 +- hw/misc/armsse-cpuid.c | 134 ++++ hw/misc/iotkit-secctl.c | 5 +- hw/misc/iotkit-sysinfo.c | 15 +- hw/nvram/nrf51_nvm.c | 388 +++++++++++ linux-user/aarch64/cpu_loop.c | 31 +- linux-user/elfload.c | 10 + target/arm/arm-powerctl.c | 3 - target/arm/cpu.c | 41 +- target/arm/cpu64.c | 75 -- target/arm/helper.c | 139 +++- target/arm/translate-a64.c | 59 +- tests/microbit-test.c | 108 +++ MAINTAINERS | 6 +- default-configs/arm-softmmu.mak | 3 +- hw/misc/trace-events | 4 + 36 files changed, 2552 insertions(+), 941 deletions(-) rename include/hw/arm/{iotkit.h => armsse.h} (53%) create mode 100644 include/hw/misc/armsse-cpuid.h create mode 100644 include/hw/nvram/nrf51_nvm.h create mode 100644 hw/arm/armsse.c delete mode 100644 hw/arm/iotkit.c create mode 100644 hw/misc/armsse-cpuid.c create mode 100644 hw/nvram/nrf51_nvm.c From: kumar sourav <sourav.jb1988@gmail.com> set object owner in memory_region_init_ram() instead of NULL. Signed-off-by: kumar sourav <sourav.jb1988@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20190125155630.17430-1-sourav.jb1988@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/nrf51_soc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/arm/nrf51_soc.c b/hw/arm/nrf51_soc.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/nrf51_soc.c +++ b/hw/arm/nrf51_soc.c @@ -XXX,XX +XXX,XX @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error **errp) } memory_region_add_subregion(&s->container, NRF51_FLASH_BASE, &s->flash); - memory_region_init_ram(&s->sram, NULL, "nrf51.sram", s->sram_size, &err); + memory_region_init_ram(&s->sram, OBJECT(s), "nrf51.sram", s->sram_size, + &err); if (err) { error_propagate(errp, err); return; -- 2.20.1 Currently the ARMv7M NVIC object's realize method assumes that the CPU the NVIC is attached to is CPU 0, because it thinks there can only ever be one CPU in the system. To allow a dual-Cortex-M33 setup we need to remove this assumption; instead the armv7m wrapper object tells the NVIC its CPU, in the same way that it already tells the CPU what the NVIC is. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-2-peter.maydell@linaro.org --- hw/arm/armv7m.c | 6 ++++-- hw/intc/armv7m_nvic.c | 3 +-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armv7m.c +++ b/hw/arm/armv7m.c @@ -XXX,XX +XXX,XX @@ static void armv7m_realize(DeviceState *dev, Error **errp) } } - /* Tell the CPU where the NVIC is; it will fail realize if it doesn't - * have one. + /* + * Tell the CPU where the NVIC is; it will fail realize if it doesn't + * have one. Similarly, tell the NVIC where its CPU is. */ s->cpu->env.nvic = &s->nvic; + s->nvic.cpu = s->cpu; object_property_set_bool(OBJECT(s->cpu), true, "realized", &err); if (err != NULL) { diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -XXX,XX +XXX,XX @@ static void armv7m_nvic_realize(DeviceState *dev, Error **errp) Error *err = NULL; int regionlen; - s->cpu = ARM_CPU(qemu_get_cpu(0)); - + /* The armv7m container object will have set our CPU pointer */ if (!s->cpu || !arm_feature(&s->cpu->env, ARM_FEATURE_M)) { error_setg(errp, "The NVIC can only be used with a Cortex-M CPU"); return; -- 2.20.1 Rather than just creating the CPUs with object_new, make them child objects of the armv7m container. This will allow the cluster code to find the CPUs if an armv7m object is made a child of a cluster object. object_new_with_props() will do the parenting for us. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-3-peter.maydell@linaro.org --- hw/arm/armv7m.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armv7m.c +++ b/hw/arm/armv7m.c @@ -XXX,XX +XXX,XX @@ static void armv7m_realize(DeviceState *dev, Error **errp) memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -1); - s->cpu = ARM_CPU(object_new(s->cpu_type)); + s->cpu = ARM_CPU(object_new_with_props(s->cpu_type, OBJECT(s), "cpu", + &err, NULL)); + if (err != NULL) { + error_propagate(errp, err); + return; + } object_property_set_link(OBJECT(s->cpu), OBJECT(&s->container), "memory", &error_abort); -- 2.20.1 Expose "start-powered-off" as a property of the ARMv7M container, which we just pass through to the CPU object in the same way that we do for "init-svtor" and "idau". (We want this for the SSE-200, which powers up only the first CPU at reset and leaves the second powered down.) As with the other CPU properties here, we can't just use alias properties, because the CPU QOM object is not created until armv7m realize time. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-4-peter.maydell@linaro.org --- include/hw/arm/armv7m.h | 1 + hw/arm/armv7m.c | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/include/hw/arm/armv7m.h b/include/hw/arm/armv7m.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/armv7m.h +++ b/include/hw/arm/armv7m.h @@ -XXX,XX +XXX,XX @@ typedef struct ARMv7MState { Object *idau; uint32_t init_svtor; bool enable_bitband; + bool start_powered_off; } ARMv7MState; #endif diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armv7m.c +++ b/hw/arm/armv7m.c @@ -XXX,XX +XXX,XX @@ static void armv7m_realize(DeviceState *dev, Error **errp) return; } } + if (object_property_find(OBJECT(s->cpu), "start-powered-off", NULL)) { + object_property_set_bool(OBJECT(s->cpu), s->start_powered_off, + "start-powered-off", &err); + if (err != NULL) { + error_propagate(errp, err); + return; + } + } /* * Tell the CPU where the NVIC is; it will fail realize if it doesn't @@ -XXX,XX +XXX,XX @@ static Property armv7m_properties[] = { DEFINE_PROP_LINK("idau", ARMv7MState, idau, TYPE_IDAU_INTERFACE, Object *), DEFINE_PROP_UINT32("init-svtor", ARMv7MState, init_svtor, 0), DEFINE_PROP_BOOL("enable-bitband", ARMv7MState, enable_bitband, false), + DEFINE_PROP_BOOL("start-powered-off", ARMv7MState, start_powered_off, + false), DEFINE_PROP_END_OF_LIST(), }; -- 2.20.1 The Arm IoTKit was effectively the forerunner of a series of subsystems for embedded SoCs, named the SSE-050, SSE-100 and SSE-200: https://developer.arm.com/products/system-design/subsystems These are generally quite similar, though later iterations have extra devices that earlier ones do not. We want to add a model of the SSE-200, which means refactoring the IoTKit code into an abstract base class and subclasses (using the same design that the bcm283x SoC and Aspeed SoC family implementations do). As a first step, rename the IoTKit struct and QOM macros to ARMSSE, which is what we're going to name the base class. We temporarily retain TYPE_IOTKIT to avoid changing the code that instantiates a TYPE_IOTKIT device here and then changing it back again when it is re-introduced as a subclass. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-5-peter.maydell@linaro.org --- include/hw/arm/iotkit.h | 22 ++++++++++----- hw/arm/iotkit.c | 59 +++++++++++++++++++++-------------------- hw/arm/mps2-tz.c | 2 +- 3 files changed, 47 insertions(+), 36 deletions(-) diff --git a/include/hw/arm/iotkit.h b/include/hw/arm/iotkit.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/iotkit.h +++ b/include/hw/arm/iotkit.h @@ -XXX,XX +XXX,XX @@ /* - * ARM IoT Kit + * ARM SSE (Subsystems for Embedded): IoTKit * * Copyright (c) 2018 Linaro Limited * Written by Peter Maydell @@ -XXX,XX +XXX,XX @@ * (at your option) any later version. */ -/* This is a model of the Arm IoT Kit which is documented in +/* + * This is a model of the Arm "Subsystems for Embedded" family of + * hardware, which include the IoT Kit and the SSE-050, SSE-100 and + * SSE-200. Currently we model only the Arm IoT Kit which is documented in * http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ecm0601256/index.html * It contains: * a Cortex-M33 @@ -XXX,XX +XXX,XX @@ #include "hw/or-irq.h" #include "hw/core/split-irq.h" -#define TYPE_IOTKIT "iotkit" -#define IOTKIT(obj) OBJECT_CHECK(IoTKit, (obj), TYPE_IOTKIT) +#define TYPE_ARMSSE "iotkit" +#define ARMSSE(obj) OBJECT_CHECK(ARMSSE, (obj), TYPE_ARMSSE) + +/* + * For the moment TYPE_IOTKIT is a synonym for TYPE_ARMSSE (and the + * latter's underlying name is left as "iotkit"); in a later + * commit it will become a subclass of TYPE_ARMSSE. + */ +#define TYPE_IOTKIT TYPE_ARMSSE /* We have an IRQ splitter and an OR gate input for each external PPC * and the 2 internal PPCs @@ -XXX,XX +XXX,XX @@ #define NUM_EXTERNAL_PPCS (IOTS_NUM_AHB_EXP_PPC + IOTS_NUM_APB_EXP_PPC) #define NUM_PPCS (NUM_EXTERNAL_PPCS + 2) -typedef struct IoTKit { +typedef struct ARMSSE { /*< private >*/ SysBusDevice parent_obj; @@ -XXX,XX +XXX,XX @@ typedef struct IoTKit { MemoryRegion *board_memory; uint32_t exp_numirq; uint32_t mainclk_frq; -} IoTKit; +} ARMSSE; #endif diff --git a/hw/arm/iotkit.c b/hw/arm/iotkit.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/iotkit.c +++ b/hw/arm/iotkit.c @@ -XXX,XX +XXX,XX @@ /* - * Arm IoT Kit + * Arm SSE (Subsystems for Embedded): IoTKit * * Copyright (c) 2018 Linaro Limited * Written by Peter Maydell @@ -XXX,XX +XXX,XX @@ /* Create an alias region of @size bytes starting at @base * which mirrors the memory starting at @orig. */ -static void make_alias(IoTKit *s, MemoryRegion *mr, const char *name, +static void make_alias(ARMSSE *s, MemoryRegion *mr, const char *name, hwaddr base, hwaddr size, hwaddr orig) { memory_region_init_alias(mr, NULL, name, &s->container, orig, size); @@ -XXX,XX +XXX,XX @@ static void irq_status_forwarder(void *opaque, int n, int level) static void nsccfg_handler(void *opaque, int n, int level) { - IoTKit *s = IOTKIT(opaque); + ARMSSE *s = ARMSSE(opaque); s->nsccfg = level; } -static void iotkit_forward_ppc(IoTKit *s, const char *ppcname, int ppcnum) +static void iotkit_forward_ppc(ARMSSE *s, const char *ppcname, int ppcnum) { /* Each of the 4 AHB and 4 APB PPCs that might be present in a - * system using the IoTKit has a collection of control lines which + * system using the ARMSSE has a collection of control lines which * are provided by the security controller and which we want to - * expose as control lines on the IoTKit device itself, so the - * code using the IoTKit can wire them up to the PPCs. + * expose as control lines on the ARMSSE device itself, so the + * code using the ARMSSE can wire them up to the PPCs. */ SplitIRQ *splitter = &s->ppc_irq_splitter[ppcnum]; DeviceState *iotkitdev = DEVICE(s); @@ -XXX,XX +XXX,XX @@ static void iotkit_forward_ppc(IoTKit *s, const char *ppcname, int ppcnum) g_free(name); } -static void iotkit_forward_sec_resp_cfg(IoTKit *s) +static void iotkit_forward_sec_resp_cfg(ARMSSE *s) { /* Forward the 3rd output from the splitter device as a * named GPIO output of the iotkit object. @@ -XXX,XX +XXX,XX @@ static void iotkit_forward_sec_resp_cfg(IoTKit *s) static void iotkit_init(Object *obj) { - IoTKit *s = IOTKIT(obj); + ARMSSE *s = ARMSSE(obj); int i; memory_region_init(&s->container, obj, "iotkit-container", UINT64_MAX); @@ -XXX,XX +XXX,XX @@ static void iotkit_init(Object *obj) static void iotkit_exp_irq(void *opaque, int n, int level) { - IoTKit *s = IOTKIT(opaque); + ARMSSE *s = ARMSSE(opaque); qemu_set_irq(s->exp_irqs[n], level); } static void iotkit_mpcexp_status(void *opaque, int n, int level) { - IoTKit *s = IOTKIT(opaque); + ARMSSE *s = ARMSSE(opaque); qemu_set_irq(s->mpcexp_status_in[n], level); } static void iotkit_realize(DeviceState *dev, Error **errp) { - IoTKit *s = IOTKIT(dev); + ARMSSE *s = ARMSSE(dev); int i; MemoryRegion *mr; Error *err = NULL; @@ -XXX,XX +XXX,XX @@ static void iotkit_realize(DeviceState *dev, Error **errp) * devices exist in both address spaces but with hard-wired security * permissions that will cause the CPU to fault for non-secure accesses. * - * The IoTKit has an IDAU (Implementation Defined Access Unit), + * The ARMSSE has an IDAU (Implementation Defined Access Unit), * which specifies hard-wired security permissions for different - * areas of the physical address space. For the IoTKit IDAU, the + * areas of the physical address space. For the ARMSSE IDAU, the * top 4 bits of the physical address are the IDAU region ID, and * if bit 28 (ie the lowest bit of the ID) is 0 then this is an NS * region, otherwise it is an S region. @@ -XXX,XX +XXX,XX @@ static void iotkit_realize(DeviceState *dev, Error **errp) * 0x20000000..0x2007ffff 32KB FPGA block RAM * 0x30000000..0x3fffffff alias of 0x20000000..0x2fffffff * 0x40000000..0x4000ffff base peripheral region 1 - * 0x40010000..0x4001ffff CPU peripherals (none for IoTKit) + * 0x40010000..0x4001ffff CPU peripherals (none for ARMSSE) * 0x40020000..0x4002ffff system control element peripherals * 0x40080000..0x400fffff base peripheral region 2 * 0x50000000..0x5fffffff alias of 0x40000000..0x4fffffff @@ -XXX,XX +XXX,XX @@ static void iotkit_realize(DeviceState *dev, Error **errp) qdev_connect_gpio_out_named(dev_secctl, "nsc_cfg", 0, s->nsc_cfg_in); /* The sec_resp_cfg output from the security controller must be split into - * multiple lines, one for each of the PPCs within the IoTKit and one - * that will be an output from the IoTKit to the system. + * multiple lines, one for each of the PPCs within the ARMSSE and one + * that will be an output from the ARMSSE to the system. */ object_property_set_int(OBJECT(&s->sec_resp_splitter), 3, "num-lines", &err); @@ -XXX,XX +XXX,XX @@ static void iotkit_realize(DeviceState *dev, Error **errp) /* 0x40010000 .. 0x4001ffff: private CPU region: unused in IoTKit */ - /* 0x40020000 .. 0x4002ffff : IoTKit system control peripheral region */ + /* 0x40020000 .. 0x4002ffff : ARMSSE system control peripheral region */ /* Devices behind APB PPC1: * 0x4002f000: S32K timer */ @@ -XXX,XX +XXX,XX @@ static void iotkit_realize(DeviceState *dev, Error **errp) qdev_get_gpio_in(DEVICE(&s->nmi_orgate), 0)); sysbus_mmio_map(SYS_BUS_DEVICE(&s->s32kwatchdog), 0, 0x5002e000); - /* 0x40080000 .. 0x4008ffff : IoTKit second Base peripheral region */ + /* 0x40080000 .. 0x4008ffff : ARMSSE second Base peripheral region */ qdev_prop_set_uint32(DEVICE(&s->nswatchdog), "wdogclk-frq", s->mainclk_frq); object_property_set_bool(OBJECT(&s->nswatchdog), true, "realized", &err); @@ -XXX,XX +XXX,XX @@ static void iotkit_realize(DeviceState *dev, Error **errp) * Expose our container region to the board model; this corresponds * to the AHB Slave Expansion ports which allow bus master devices * (eg DMA controllers) in the board model to make transactions into - * devices in the IoTKit. + * devices in the ARMSSE. */ sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->container); @@ -XXX,XX +XXX,XX @@ static void iotkit_realize(DeviceState *dev, Error **errp) static void iotkit_idau_check(IDAUInterface *ii, uint32_t address, int *iregion, bool *exempt, bool *ns, bool *nsc) { - /* For IoTKit systems the IDAU responses are simple logical functions + /* + * For ARMSSE systems the IDAU responses are simple logical functions * of the address bits. The NSC attribute is guest-adjustable via the * NSCCFG register in the security controller. */ - IoTKit *s = IOTKIT(ii); + ARMSSE *s = ARMSSE(ii); int region = extract32(address, 28, 4); *ns = !(region & 1); @@ -XXX,XX +XXX,XX @@ static const VMStateDescription iotkit_vmstate = { .version_id = 1, .minimum_version_id = 1, .fields = (VMStateField[]) { - VMSTATE_UINT32(nsccfg, IoTKit), + VMSTATE_UINT32(nsccfg, ARMSSE), VMSTATE_END_OF_LIST() } }; static Property iotkit_properties[] = { - DEFINE_PROP_LINK("memory", IoTKit, board_memory, TYPE_MEMORY_REGION, + DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION, MemoryRegion *), - DEFINE_PROP_UINT32("EXP_NUMIRQ", IoTKit, exp_numirq, 64), - DEFINE_PROP_UINT32("MAINCLK", IoTKit, mainclk_frq, 0), + DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64), + DEFINE_PROP_UINT32("MAINCLK", ARMSSE, mainclk_frq, 0), DEFINE_PROP_END_OF_LIST() }; static void iotkit_reset(DeviceState *dev) { - IoTKit *s = IOTKIT(dev); + ARMSSE *s = ARMSSE(dev); s->nsccfg = 0; } @@ -XXX,XX +XXX,XX @@ static void iotkit_class_init(ObjectClass *klass, void *data) } static const TypeInfo iotkit_info = { - .name = TYPE_IOTKIT, + .name = TYPE_ARMSSE, .parent = TYPE_SYS_BUS_DEVICE, - .instance_size = sizeof(IoTKit), + .instance_size = sizeof(ARMSSE), .instance_init = iotkit_init, .class_init = iotkit_class_init, .interfaces = (InterfaceInfo[]) { diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/mps2-tz.c +++ b/hw/arm/mps2-tz.c @@ -XXX,XX +XXX,XX @@ typedef struct { typedef struct { MachineState parent; - IoTKit iotkit; + ARMSSE iotkit; MemoryRegion psram; MemoryRegion ssram[3]; MemoryRegion ssram1_m; -- 2.20.1 The Arm SSE-200 Subsystem for Embedded is a revised and extended version of the older IoTKit SoC. Prepare for adding a model of it by refactoring the IoTKit code into an abstract base class which contains the functionality, driven by a class data block specific to each subclass. (This is the same approach used by the existing bcm283x SoC family implementation.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-6-peter.maydell@linaro.org --- include/hw/arm/iotkit.h | 22 +++++++++++++++++----- hw/arm/iotkit.c | 34 +++++++++++++++++++++++++++++----- 2 files changed, 46 insertions(+), 10 deletions(-) diff --git a/include/hw/arm/iotkit.h b/include/hw/arm/iotkit.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/iotkit.h +++ b/include/hw/arm/iotkit.h @@ -XXX,XX +XXX,XX @@ #include "hw/or-irq.h" #include "hw/core/split-irq.h" -#define TYPE_ARMSSE "iotkit" +#define TYPE_ARMSSE "arm-sse" #define ARMSSE(obj) OBJECT_CHECK(ARMSSE, (obj), TYPE_ARMSSE) /* - * For the moment TYPE_IOTKIT is a synonym for TYPE_ARMSSE (and the - * latter's underlying name is left as "iotkit"); in a later - * commit it will become a subclass of TYPE_ARMSSE. + * These type names are for specific IoTKit subsystems; other than + * instantiating them, code using these devices should always handle + * them via the ARMSSE base class, so they have no IOTKIT() etc macros. */ -#define TYPE_IOTKIT TYPE_ARMSSE +#define TYPE_IOTKIT "iotkit" /* We have an IRQ splitter and an OR gate input for each external PPC * and the 2 internal PPCs @@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE { uint32_t mainclk_frq; } ARMSSE; +typedef struct ARMSSEInfo ARMSSEInfo; + +typedef struct ARMSSEClass { + DeviceClass parent_class; + const ARMSSEInfo *info; +} ARMSSEClass; + +#define ARMSSE_CLASS(klass) \ + OBJECT_CLASS_CHECK(ARMSSEClass, (klass), TYPE_ARMSSE) +#define ARMSSE_GET_CLASS(obj) \ + OBJECT_GET_CLASS(ARMSSEClass, (obj), TYPE_ARMSSE) + #endif diff --git a/hw/arm/iotkit.c b/hw/arm/iotkit.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/iotkit.c +++ b/hw/arm/iotkit.c @@ -XXX,XX +XXX,XX @@ #include "hw/arm/iotkit.h" #include "hw/arm/arm.h" +struct ARMSSEInfo { + const char *name; +}; + +static const ARMSSEInfo armsse_variants[] = { + { + .name = TYPE_IOTKIT, + }, +}; + /* Clock frequency in HZ of the 32KHz "slow clock" */ #define S32KCLK (32 * 1000) @@ -XXX,XX +XXX,XX @@ static void iotkit_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); IDAUInterfaceClass *iic = IDAU_INTERFACE_CLASS(klass); + ARMSSEClass *asc = ARMSSE_CLASS(klass); dc->realize = iotkit_realize; dc->vmsd = &iotkit_vmstate; dc->props = iotkit_properties; dc->reset = iotkit_reset; iic->check = iotkit_idau_check; + asc->info = data; } -static const TypeInfo iotkit_info = { +static const TypeInfo armsse_info = { .name = TYPE_ARMSSE, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(ARMSSE), .instance_init = iotkit_init, - .class_init = iotkit_class_init, + .abstract = true, .interfaces = (InterfaceInfo[]) { { TYPE_IDAU_INTERFACE }, { } } }; -static void iotkit_register_types(void) +static void armsse_register_types(void) { - type_register_static(&iotkit_info); + int i; + + type_register_static(&armsse_info); + + for (i = 0; i < ARRAY_SIZE(armsse_variants); i++) { + TypeInfo ti = { + .name = armsse_variants[i].name, + .parent = TYPE_ARMSSE, + .class_init = iotkit_class_init, + .class_data = (void *)&armsse_variants[i], + }; + type_register(&ti); + } } -type_init(iotkit_register_types); +type_init(armsse_register_types); -- 2.20.1 Rename various internal uses of 'iotkit' in hw/arm/iotkit.c to 'armsse', for consistency. The remaining occurences are: * related to the devices TYPE_IOTKIT_SYSCTL, TYPE_IOTKIT_SYSINFO, etc, which this refactor is not touching * references that apply specifically to the IoTKit (like the lack of a private CPU region) * the vmstate, which keeps its old "iotkit" name for migration compatibility reasons Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-7-peter.maydell@linaro.org --- hw/arm/iotkit.c | 68 ++++++++++++++++++++++++------------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/hw/arm/iotkit.c b/hw/arm/iotkit.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/iotkit.c +++ b/hw/arm/iotkit.c @@ -XXX,XX +XXX,XX @@ static void nsccfg_handler(void *opaque, int n, int level) s->nsccfg = level; } -static void iotkit_forward_ppc(ARMSSE *s, const char *ppcname, int ppcnum) +static void armsse_forward_ppc(ARMSSE *s, const char *ppcname, int ppcnum) { /* Each of the 4 AHB and 4 APB PPCs that might be present in a * system using the ARMSSE has a collection of control lines which @@ -XXX,XX +XXX,XX @@ static void iotkit_forward_ppc(ARMSSE *s, const char *ppcname, int ppcnum) * code using the ARMSSE can wire them up to the PPCs. */ SplitIRQ *splitter = &s->ppc_irq_splitter[ppcnum]; - DeviceState *iotkitdev = DEVICE(s); + DeviceState *armssedev = DEVICE(s); DeviceState *dev_secctl = DEVICE(&s->secctl); DeviceState *dev_splitter = DEVICE(splitter); char *name; name = g_strdup_printf("%s_nonsec", ppcname); - qdev_pass_gpios(dev_secctl, iotkitdev, name); + qdev_pass_gpios(dev_secctl, armssedev, name); g_free(name); name = g_strdup_printf("%s_ap", ppcname); - qdev_pass_gpios(dev_secctl, iotkitdev, name); + qdev_pass_gpios(dev_secctl, armssedev, name); g_free(name); name = g_strdup_printf("%s_irq_enable", ppcname); - qdev_pass_gpios(dev_secctl, iotkitdev, name); + qdev_pass_gpios(dev_secctl, armssedev, name); g_free(name); name = g_strdup_printf("%s_irq_clear", ppcname); - qdev_pass_gpios(dev_secctl, iotkitdev, name); + qdev_pass_gpios(dev_secctl, armssedev, name); g_free(name); /* irq_status is a little more tricky, because we need to @@ -XXX,XX +XXX,XX @@ static void iotkit_forward_ppc(ARMSSE *s, const char *ppcname, int ppcnum) qdev_connect_gpio_out(dev_splitter, 1, qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), ppcnum)); s->irq_status_in[ppcnum] = qdev_get_gpio_in(dev_splitter, 0); - qdev_init_gpio_in_named_with_opaque(iotkitdev, irq_status_forwarder, + qdev_init_gpio_in_named_with_opaque(armssedev, irq_status_forwarder, s->irq_status_in[ppcnum], name, 1); g_free(name); } -static void iotkit_forward_sec_resp_cfg(ARMSSE *s) +static void armsse_forward_sec_resp_cfg(ARMSSE *s) { /* Forward the 3rd output from the splitter device as a - * named GPIO output of the iotkit object. + * named GPIO output of the armsse object. */ DeviceState *dev = DEVICE(s); DeviceState *dev_splitter = DEVICE(&s->sec_resp_splitter); @@ -XXX,XX +XXX,XX @@ static void iotkit_forward_sec_resp_cfg(ARMSSE *s) qdev_connect_gpio_out(dev_splitter, 2, s->sec_resp_cfg_in); } -static void iotkit_init(Object *obj) +static void armsse_init(Object *obj) { ARMSSE *s = ARMSSE(obj); int i; - memory_region_init(&s->container, obj, "iotkit-container", UINT64_MAX); + memory_region_init(&s->container, obj, "armsse-container", UINT64_MAX); sysbus_init_child_obj(obj, "armv7m", &s->armv7m, sizeof(s->armv7m), TYPE_ARMV7M); @@ -XXX,XX +XXX,XX @@ static void iotkit_init(Object *obj) sizeof(s->nswatchdog), TYPE_CMSDK_APB_WATCHDOG); sysbus_init_child_obj(obj, "swatchdog", &s->swatchdog, sizeof(s->swatchdog), TYPE_CMSDK_APB_WATCHDOG); - sysbus_init_child_obj(obj, "iotkit-sysctl", &s->sysctl, + sysbus_init_child_obj(obj, "armsse-sysctl", &s->sysctl, sizeof(s->sysctl), TYPE_IOTKIT_SYSCTL); - sysbus_init_child_obj(obj, "iotkit-sysinfo", &s->sysinfo, + sysbus_init_child_obj(obj, "armsse-sysinfo", &s->sysinfo, sizeof(s->sysinfo), TYPE_IOTKIT_SYSINFO); object_initialize_child(obj, "nmi-orgate", &s->nmi_orgate, sizeof(s->nmi_orgate), TYPE_OR_IRQ, @@ -XXX,XX +XXX,XX @@ static void iotkit_init(Object *obj) } } -static void iotkit_exp_irq(void *opaque, int n, int level) +static void armsse_exp_irq(void *opaque, int n, int level) { ARMSSE *s = ARMSSE(opaque); qemu_set_irq(s->exp_irqs[n], level); } -static void iotkit_mpcexp_status(void *opaque, int n, int level) +static void armsse_mpcexp_status(void *opaque, int n, int level) { ARMSSE *s = ARMSSE(opaque); qemu_set_irq(s->mpcexp_status_in[n], level); } -static void iotkit_realize(DeviceState *dev, Error **errp) +static void armsse_realize(DeviceState *dev, Error **errp) { ARMSSE *s = ARMSSE(dev); int i; @@ -XXX,XX +XXX,XX @@ static void iotkit_realize(DeviceState *dev, Error **errp) for (i = 0; i < s->exp_numirq; i++) { s->exp_irqs[i] = qdev_get_gpio_in(DEVICE(&s->armv7m), i + 32); } - qdev_init_gpio_in_named(dev, iotkit_exp_irq, "EXP_IRQ", s->exp_numirq); + qdev_init_gpio_in_named(dev, armsse_exp_irq, "EXP_IRQ", s->exp_numirq); /* Set up the big aliases first */ make_alias(s, &s->alias1, "alias 1", 0x10000000, 0x10000000, 0x00000000); @@ -XXX,XX +XXX,XX @@ static void iotkit_realize(DeviceState *dev, Error **errp) qdev_get_gpio_in(dev_splitter, 0)); /* This RAM lives behind the Memory Protection Controller */ - memory_region_init_ram(&s->sram0, NULL, "iotkit.sram0", 0x00008000, &err); + memory_region_init_ram(&s->sram0, NULL, "armsse.sram0", 0x00008000, &err); if (err) { error_propagate(errp, err); return; @@ -XXX,XX +XXX,XX @@ static void iotkit_realize(DeviceState *dev, Error **errp) for (i = 0; i < IOTS_NUM_AHB_EXP_PPC; i++) { char *ppcname = g_strdup_printf("ahb_ppcexp%d", i); - iotkit_forward_ppc(s, ppcname, i); + armsse_forward_ppc(s, ppcname, i); g_free(ppcname); } for (i = 0; i < IOTS_NUM_APB_EXP_PPC; i++) { char *ppcname = g_strdup_printf("apb_ppcexp%d", i); - iotkit_forward_ppc(s, ppcname, i + IOTS_NUM_AHB_EXP_PPC); + armsse_forward_ppc(s, ppcname, i + IOTS_NUM_AHB_EXP_PPC); g_free(ppcname); } @@ -XXX,XX +XXX,XX @@ static void iotkit_realize(DeviceState *dev, Error **errp) /* Create GPIO inputs which will pass the line state for our * mpcexp_irq inputs to the correct splitter devices. */ - qdev_init_gpio_in_named(dev, iotkit_mpcexp_status, "mpcexp_status", + qdev_init_gpio_in_named(dev, armsse_mpcexp_status, "mpcexp_status", IOTS_NUM_EXP_MPC); - iotkit_forward_sec_resp_cfg(s); + armsse_forward_sec_resp_cfg(s); /* Forward the MSC related signals */ qdev_pass_gpios(dev_secctl, dev, "mscexp_status"); @@ -XXX,XX +XXX,XX @@ static void iotkit_realize(DeviceState *dev, Error **errp) system_clock_scale = NANOSECONDS_PER_SECOND / s->mainclk_frq; } -static void iotkit_idau_check(IDAUInterface *ii, uint32_t address, +static void armsse_idau_check(IDAUInterface *ii, uint32_t address, int *iregion, bool *exempt, bool *ns, bool *nsc) { /* @@ -XXX,XX +XXX,XX @@ static void iotkit_idau_check(IDAUInterface *ii, uint32_t address, *iregion = region; } -static const VMStateDescription iotkit_vmstate = { +static const VMStateDescription armsse_vmstate = { .name = "iotkit", .version_id = 1, .minimum_version_id = 1, @@ -XXX,XX +XXX,XX @@ static const VMStateDescription iotkit_vmstate = { } }; -static Property iotkit_properties[] = { +static Property armsse_properties[] = { DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION, MemoryRegion *), DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64), @@ -XXX,XX +XXX,XX @@ static Property iotkit_properties[] = { DEFINE_PROP_END_OF_LIST() }; -static void iotkit_reset(DeviceState *dev) +static void armsse_reset(DeviceState *dev) { ARMSSE *s = ARMSSE(dev); s->nsccfg = 0; } -static void iotkit_class_init(ObjectClass *klass, void *data) +static void armsse_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); IDAUInterfaceClass *iic = IDAU_INTERFACE_CLASS(klass); ARMSSEClass *asc = ARMSSE_CLASS(klass); - dc->realize = iotkit_realize; - dc->vmsd = &iotkit_vmstate; - dc->props = iotkit_properties; - dc->reset = iotkit_reset; - iic->check = iotkit_idau_check; + dc->realize = armsse_realize; + dc->vmsd = &armsse_vmstate; + dc->props = armsse_properties; + dc->reset = armsse_reset; + iic->check = armsse_idau_check; asc->info = data; } @@ -XXX,XX +XXX,XX @@ static const TypeInfo armsse_info = { .name = TYPE_ARMSSE, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(ARMSSE), - .instance_init = iotkit_init, + .instance_init = armsse_init, .abstract = true, .interfaces = (InterfaceInfo[]) { { TYPE_IDAU_INTERFACE }, @@ -XXX,XX +XXX,XX @@ static void armsse_register_types(void) TypeInfo ti = { .name = armsse_variants[i].name, .parent = TYPE_ARMSSE, - .class_init = iotkit_class_init, + .class_init = armsse_class_init, .class_data = (void *)&armsse_variants[i], }; type_register(&ti); -- 2.20.1 Rename the files that used to be iotkit.[ch] to armsse.[ch] to reflect the fact they new cover multiple Arm subsystems for embedded. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-8-peter.maydell@linaro.org --- hw/arm/Makefile.objs | 2 +- include/hw/arm/{iotkit.h => armsse.h} | 4 ++-- hw/arm/{iotkit.c => armsse.c} | 2 +- hw/arm/mps2-tz.c | 2 +- MAINTAINERS | 4 ++-- default-configs/arm-softmmu.mak | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) rename include/hw/arm/{iotkit.h => armsse.h} (99%) rename hw/arm/{iotkit.c => armsse.c} (99%) diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/Makefile.objs +++ b/hw/arm/Makefile.objs @@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_ASPEED_SOC) += aspeed_soc.o aspeed.o obj-$(CONFIG_MPS2) += mps2.o obj-$(CONFIG_MPS2) += mps2-tz.o obj-$(CONFIG_MSF2) += msf2-soc.o msf2-som.o -obj-$(CONFIG_IOTKIT) += iotkit.o +obj-$(CONFIG_ARMSSE) += armsse.o obj-$(CONFIG_FSL_IMX7) += fsl-imx7.o mcimx7d-sabre.o obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o smmuv3.o obj-$(CONFIG_FSL_IMX6UL) += fsl-imx6ul.o mcimx6ul-evk.o diff --git a/include/hw/arm/iotkit.h b/include/hw/arm/armsse.h similarity index 99% rename from include/hw/arm/iotkit.h rename to include/hw/arm/armsse.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/iotkit.h +++ b/include/hw/arm/armsse.h @@ -XXX,XX +XXX,XX @@ * + named GPIO outputs mscexp_ns[0..15] */ -#ifndef IOTKIT_H -#define IOTKIT_H +#ifndef ARMSSE_H +#define ARMSSE_H #include "hw/sysbus.h" #include "hw/arm/armv7m.h" diff --git a/hw/arm/iotkit.c b/hw/arm/armsse.c similarity index 99% rename from hw/arm/iotkit.c rename to hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/iotkit.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ #include "trace.h" #include "hw/sysbus.h" #include "hw/registerfields.h" -#include "hw/arm/iotkit.h" +#include "hw/arm/armsse.h" #include "hw/arm/arm.h" struct ARMSSEInfo { diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/mps2-tz.c +++ b/hw/arm/mps2-tz.c @@ -XXX,XX +XXX,XX @@ #include "hw/misc/mps2-fpgaio.h" #include "hw/misc/tz-mpc.h" #include "hw/misc/tz-msc.h" -#include "hw/arm/iotkit.h" +#include "hw/arm/armsse.h" #include "hw/dma/pl080.h" #include "hw/ssi/pl022.h" #include "hw/devices.h" diff --git a/MAINTAINERS b/MAINTAINERS index XXXXXXX..XXXXXXX 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -XXX,XX +XXX,XX @@ F: hw/arm/mps2.c F: hw/arm/mps2-tz.c F: hw/misc/mps2-*.c F: include/hw/misc/mps2-*.h -F: hw/arm/iotkit.c -F: include/hw/arm/iotkit.h +F: hw/arm/armsse.c +F: include/hw/arm/armsse.h F: hw/misc/iotkit-secctl.c F: include/hw/misc/iotkit-secctl.h F: hw/misc/iotkit-sysctl.c diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak index XXXXXXX..XXXXXXX 100644 --- a/default-configs/arm-softmmu.mak +++ b/default-configs/arm-softmmu.mak @@ -XXX,XX +XXX,XX @@ CONFIG_MPS2_SCC=y CONFIG_TZ_MPC=y CONFIG_TZ_MSC=y CONFIG_TZ_PPC=y -CONFIG_IOTKIT=y +CONFIG_ARMSSE=y CONFIG_IOTKIT_SECCTL=y CONFIG_IOTKIT_SYSCTL=y CONFIG_IOTKIT_SYSINFO=y -- 2.20.1 The SSE-200 has 4 banks of SRAM, each with its own internal Memory Protection Controller. The interrupt status for these extra MPCs appears in the same security controller SECMPCINTSTATUS register as the MPC for the IoTKit's single SRAM bank. Enhance the iotkit-secctl device to allow 4 MPCs. (If the particular IoTKit/SSE variant in use does not have all 4 MPCs then the unused inputs will simply result in the SECMPCINTSTATUS bits being zero as required.) The hardcoded constant "1"s in armsse.c indicate the actual number of SRAM MPCs the IoTKit has, and will be replaced in the following commit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-9-peter.maydell@linaro.org --- include/hw/misc/iotkit-secctl.h | 6 +++--- hw/arm/armsse.c | 6 +++--- hw/misc/iotkit-secctl.c | 5 +++-- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/include/hw/misc/iotkit-secctl.h b/include/hw/misc/iotkit-secctl.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/misc/iotkit-secctl.h +++ b/include/hw/misc/iotkit-secctl.h @@ -XXX,XX +XXX,XX @@ * + named GPIO outputs ahb_ppcexp{0,1,2,3}_irq_enable * + named GPIO outputs ahb_ppcexp{0,1,2,3}_irq_clear * + named GPIO inputs ahb_ppcexp{0,1,2,3}_irq_status - * Controlling the MPC in the IoTKit: - * + named GPIO input mpc_status + * Controlling the (up to) 4 MPCs in the IoTKit/SSE: + * + named GPIO inputs mpc_status[0..3] * Controlling each of the 16 expansion MPCs which a system using the IoTKit * might provide: * + named GPIO inputs mpcexp_status[0..15] @@ -XXX,XX +XXX,XX @@ #define IOTS_NUM_APB_EXP_PPC 4 #define IOTS_NUM_AHB_EXP_PPC 4 #define IOTS_NUM_EXP_MPC 16 -#define IOTS_NUM_MPC 1 +#define IOTS_NUM_MPC 4 #define IOTS_NUM_EXP_MSC 16 typedef struct IoTKitSecCtl IoTKitSecCtl; diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ static void armsse_init(Object *obj) sizeof(s->mpc_irq_orgate), TYPE_OR_IRQ, &error_abort, NULL); - for (i = 0; i < ARRAY_SIZE(s->mpc_irq_splitter); i++) { + for (i = 0; i < IOTS_NUM_EXP_MPC + 1; i++) { char *name = g_strdup_printf("mpc-irq-splitter-%d", i); SplitIRQ *splitter = &s->mpc_irq_splitter[i]; @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) /* We must OR together lines from the MPC splitters to go to the NVIC */ object_property_set_int(OBJECT(&s->mpc_irq_orgate), - IOTS_NUM_EXP_MPC + IOTS_NUM_MPC, "num-lines", &err); + IOTS_NUM_EXP_MPC + 1, "num-lines", &err); if (err) { error_propagate(errp, err); return; @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) } /* Wire up the splitters for the MPC IRQs */ - for (i = 0; i < IOTS_NUM_EXP_MPC + IOTS_NUM_MPC; i++) { + for (i = 0; i < IOTS_NUM_EXP_MPC + 1; i++) { SplitIRQ *splitter = &s->mpc_irq_splitter[i]; DeviceState *dev_splitter = DEVICE(splitter); diff --git a/hw/misc/iotkit-secctl.c b/hw/misc/iotkit-secctl.c index XXXXXXX..XXXXXXX 100644 --- a/hw/misc/iotkit-secctl.c +++ b/hw/misc/iotkit-secctl.c @@ -XXX,XX +XXX,XX @@ static void iotkit_secctl_mpc_status(void *opaque, int n, int level) { IoTKitSecCtl *s = IOTKIT_SECCTL(opaque); - s->mpcintstatus = deposit32(s->mpcintstatus, 0, 1, !!level); + s->mpcintstatus = deposit32(s->mpcintstatus, n, 1, !!level); } static void iotkit_secctl_mpcexp_status(void *opaque, int n, int level) @@ -XXX,XX +XXX,XX @@ static void iotkit_secctl_init(Object *obj) qdev_init_gpio_out_named(dev, &s->sec_resp_cfg, "sec_resp_cfg", 1); qdev_init_gpio_out_named(dev, &s->nsc_cfg_irq, "nsc_cfg", 1); - qdev_init_gpio_in_named(dev, iotkit_secctl_mpc_status, "mpc_status", 1); + qdev_init_gpio_in_named(dev, iotkit_secctl_mpc_status, "mpc_status", + IOTS_NUM_MPC); qdev_init_gpio_in_named(dev, iotkit_secctl_mpcexp_status, "mpcexp_status", IOTS_NUM_EXP_MPC); -- 2.20.1 The SSE-200 has four banks of SRAM, each with its own Memory Protection Controller, where the IoTKit has only one. Make the number of SRAM banks a field in ARMSSEInfo. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-10-peter.maydell@linaro.org --- include/hw/arm/armsse.h | 9 +++-- hw/arm/armsse.c | 78 ++++++++++++++++++++++++++--------------- 2 files changed, 56 insertions(+), 31 deletions(-) diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/armsse.h +++ b/include/hw/arm/armsse.h @@ -XXX,XX +XXX,XX @@ #define NUM_EXTERNAL_PPCS (IOTS_NUM_AHB_EXP_PPC + IOTS_NUM_APB_EXP_PPC) #define NUM_PPCS (NUM_EXTERNAL_PPCS + 2) +#define MAX_SRAM_BANKS 4 +#if MAX_SRAM_BANKS > IOTS_NUM_MPC +#error Too many SRAM banks +#endif + typedef struct ARMSSE { /*< private >*/ SysBusDevice parent_obj; @@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE { IoTKitSecCtl secctl; TZPPC apb_ppc0; TZPPC apb_ppc1; - TZMPC mpc; + TZMPC mpc[IOTS_NUM_MPC]; CMSDKAPBTIMER timer0; CMSDKAPBTIMER timer1; CMSDKAPBTIMER s32ktimer; @@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE { MemoryRegion alias1; MemoryRegion alias2; MemoryRegion alias3; - MemoryRegion sram0; + MemoryRegion sram[MAX_SRAM_BANKS]; qemu_irq *exp_irqs; qemu_irq ppc0_irq; diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ struct ARMSSEInfo { const char *name; + int sram_banks; }; static const ARMSSEInfo armsse_variants[] = { { .name = TYPE_IOTKIT, + .sram_banks = 1, }, }; @@ -XXX,XX +XXX,XX @@ static void armsse_forward_sec_resp_cfg(ARMSSE *s) static void armsse_init(Object *obj) { ARMSSE *s = ARMSSE(obj); + ARMSSEClass *asc = ARMSSE_GET_CLASS(obj); + const ARMSSEInfo *info = asc->info; int i; + assert(info->sram_banks <= MAX_SRAM_BANKS); + memory_region_init(&s->container, obj, "armsse-container", UINT64_MAX); sysbus_init_child_obj(obj, "armv7m", &s->armv7m, sizeof(s->armv7m), @@ -XXX,XX +XXX,XX @@ static void armsse_init(Object *obj) TYPE_TZ_PPC); sysbus_init_child_obj(obj, "apb-ppc1", &s->apb_ppc1, sizeof(s->apb_ppc1), TYPE_TZ_PPC); - sysbus_init_child_obj(obj, "mpc", &s->mpc, sizeof(s->mpc), TYPE_TZ_MPC); + for (i = 0; i < info->sram_banks; i++) { + char *name = g_strdup_printf("mpc%d", i); + sysbus_init_child_obj(obj, name, &s->mpc[i], + sizeof(s->mpc[i]), TYPE_TZ_MPC); + g_free(name); + } object_initialize_child(obj, "mpc-irq-orgate", &s->mpc_irq_orgate, sizeof(s->mpc_irq_orgate), TYPE_OR_IRQ, &error_abort, NULL); - for (i = 0; i < IOTS_NUM_EXP_MPC + 1; i++) { + for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) { char *name = g_strdup_printf("mpc-irq-splitter-%d", i); SplitIRQ *splitter = &s->mpc_irq_splitter[i]; @@ -XXX,XX +XXX,XX @@ static void armsse_mpcexp_status(void *opaque, int n, int level) static void armsse_realize(DeviceState *dev, Error **errp) { ARMSSE *s = ARMSSE(dev); + ARMSSEClass *asc = ARMSSE_GET_CLASS(dev); + const ARMSSEInfo *info = asc->info; int i; MemoryRegion *mr; Error *err = NULL; @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) qdev_connect_gpio_out_named(dev_secctl, "sec_resp_cfg", 0, qdev_get_gpio_in(dev_splitter, 0)); - /* This RAM lives behind the Memory Protection Controller */ - memory_region_init_ram(&s->sram0, NULL, "armsse.sram0", 0x00008000, &err); - if (err) { - error_propagate(errp, err); - return; + /* Each SRAM bank lives behind its own Memory Protection Controller */ + for (i = 0; i < info->sram_banks; i++) { + char *ramname = g_strdup_printf("armsse.sram%d", i); + SysBusDevice *sbd_mpc; + + memory_region_init_ram(&s->sram[i], NULL, ramname, 0x00008000, &err); + g_free(ramname); + if (err) { + error_propagate(errp, err); + return; + } + object_property_set_link(OBJECT(&s->mpc[i]), OBJECT(&s->sram[i]), + "downstream", &err); + if (err) { + error_propagate(errp, err); + return; + } + object_property_set_bool(OBJECT(&s->mpc[i]), true, "realized", &err); + if (err) { + error_propagate(errp, err); + return; + } + /* Map the upstream end of the MPC into the right place... */ + sbd_mpc = SYS_BUS_DEVICE(&s->mpc[i]); + memory_region_add_subregion(&s->container, 0x20000000 + i * 0x8000, + sysbus_mmio_get_region(sbd_mpc, 1)); + /* ...and its register interface */ + memory_region_add_subregion(&s->container, 0x50083000 + i * 0x1000, + sysbus_mmio_get_region(sbd_mpc, 0)); } - object_property_set_link(OBJECT(&s->mpc), OBJECT(&s->sram0), - "downstream", &err); - if (err) { - error_propagate(errp, err); - return; - } - object_property_set_bool(OBJECT(&s->mpc), true, "realized", &err); - if (err) { - error_propagate(errp, err); - return; - } - /* Map the upstream end of the MPC into the right place... */ - memory_region_add_subregion(&s->container, 0x20000000, - sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->mpc), - 1)); - /* ...and its register interface */ - memory_region_add_subregion(&s->container, 0x50083000, - sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->mpc), - 0)); /* We must OR together lines from the MPC splitters to go to the NVIC */ object_property_set_int(OBJECT(&s->mpc_irq_orgate), - IOTS_NUM_EXP_MPC + 1, "num-lines", &err); + IOTS_NUM_EXP_MPC + info->sram_banks, + "num-lines", &err); if (err) { error_propagate(errp, err); return; @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) } /* Wire up the splitters for the MPC IRQs */ - for (i = 0; i < IOTS_NUM_EXP_MPC + 1; i++) { + for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) { SplitIRQ *splitter = &s->mpc_irq_splitter[i]; DeviceState *dev_splitter = DEVICE(splitter); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) "mpcexp_status", i)); } else { /* Splitter input is from our own MPC */ - qdev_connect_gpio_out_named(DEVICE(&s->mpc), "irq", 0, + qdev_connect_gpio_out_named(DEVICE(&s->mpc[i - IOTS_NUM_EXP_MPC]), + "irq", 0, qdev_get_gpio_in(dev_splitter, 0)); qdev_connect_gpio_out(dev_splitter, 0, qdev_get_gpio_in_named(dev_secctl, -- 2.20.1 For the IoTKit the SRAM bank size is always 32K (15 bits); for the SSE-200 this is a configurable parameter, which defaults to 32K but can be changed when it is built into a particular SoC. For instance the Musca-B1 board sets it to 128K (17 bits). Make the bank size a QOM property. We follow the SSE-200 hardware in naming the parameter SRAM_ADDR_WIDTH, which specifies the number of address bits of a single SRAM bank. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-11-peter.maydell@linaro.org --- include/hw/arm/armsse.h | 1 + hw/arm/armsse.c | 18 ++++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/armsse.h +++ b/include/hw/arm/armsse.h @@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE { MemoryRegion *board_memory; uint32_t exp_numirq; uint32_t mainclk_frq; + uint32_t sram_addr_width; } ARMSSE; typedef struct ARMSSEInfo ARMSSEInfo; diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) DeviceState *dev_apb_ppc1; DeviceState *dev_secctl; DeviceState *dev_splitter; + uint32_t addr_width_max; if (!s->board_memory) { error_setg(errp, "memory property was not set"); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) return; } + /* max SRAM_ADDR_WIDTH: 24 - log2(SRAM_NUM_BANK) */ + assert(is_power_of_2(info->sram_banks)); + addr_width_max = 24 - ctz32(info->sram_banks); + if (s->sram_addr_width < 1 || s->sram_addr_width > addr_width_max) { + error_setg(errp, "SRAM_ADDR_WIDTH must be between 1 and %d", + addr_width_max); + return; + } + /* Handling of which devices should be available only to secure * code is usually done differently for M profile than for A profile. * Instead of putting some devices only into the secure address space, @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) for (i = 0; i < info->sram_banks; i++) { char *ramname = g_strdup_printf("armsse.sram%d", i); SysBusDevice *sbd_mpc; + uint32_t sram_bank_size = 1 << s->sram_addr_width; - memory_region_init_ram(&s->sram[i], NULL, ramname, 0x00008000, &err); + memory_region_init_ram(&s->sram[i], NULL, ramname, + sram_bank_size, &err); g_free(ramname); if (err) { error_propagate(errp, err); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) } /* Map the upstream end of the MPC into the right place... */ sbd_mpc = SYS_BUS_DEVICE(&s->mpc[i]); - memory_region_add_subregion(&s->container, 0x20000000 + i * 0x8000, + memory_region_add_subregion(&s->container, + 0x20000000 + i * sram_bank_size, sysbus_mmio_get_region(sbd_mpc, 1)); /* ...and its register interface */ memory_region_add_subregion(&s->container, 0x50083000 + i * 0x1000, @@ -XXX,XX +XXX,XX @@ static Property armsse_properties[] = { MemoryRegion *), DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64), DEFINE_PROP_UINT32("MAINCLK", ARMSSE, mainclk_frq, 0), + DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15), DEFINE_PROP_END_OF_LIST() }; -- 2.20.1 The SSE-200 has two Cortex-M33 CPUs. These see the same view of memory, with the exception of the "private CPU region" which has per-CPU devices. Internal device interrupts for SSE-200 devices are mostly wired up to both CPUs, with the exception of a few per-CPU devices. External GPIO inputs on the SSE-200 device are provided for the second CPU's interrupts above 32, as is already the case for the first CPU. Refactor the code to support creation of multiple CPUs. For the moment we leave all CPUs with the same view of memory: this will not work in the multiple-CPU case, but we will fix this in the following commit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-12-peter.maydell@linaro.org --- include/hw/arm/armsse.h | 21 +++- hw/arm/armsse.c | 206 ++++++++++++++++++++++++++++++++-------- 2 files changed, 180 insertions(+), 47 deletions(-) diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/armsse.h +++ b/include/hw/arm/armsse.h @@ -XXX,XX +XXX,XX @@ * + QOM property "memory" is a MemoryRegion containing the devices provided * by the board model. * + QOM property "MAINCLK" is the frequency of the main system clock - * + QOM property "EXP_NUMIRQ" sets the number of expansion interrupts - * + Named GPIO inputs "EXP_IRQ" 0..n are the expansion interrupts, which - * are wired to the NVIC lines 32 .. n+32 + * + QOM property "EXP_NUMIRQ" sets the number of expansion interrupts. + * (In hardware, the SSE-200 permits the number of expansion interrupts + * for the two CPUs to be configured separately, but we restrict it to + * being the same for both, to avoid having to have separate Property + * lists for different variants. This restriction can be relaxed later + * if necessary.) + * + Named GPIO inputs "EXP_IRQ" 0..n are the expansion interrupts for CPU 0, + * which are wired to its NVIC lines 32 .. n+32 + * + Named GPIO inputs "EXP_CPU1_IRQ" 0..n are the expansion interrupts for + * CPU 1, which are wired to its NVIC lines 32 .. n+32 * + sysbus MMIO region 0 is the "AHB Slave Expansion" which allows * bus master devices in the board model to make transactions into * all the devices and memory areas in the IoTKit @@ -XXX,XX +XXX,XX @@ #error Too many SRAM banks #endif +#define SSE_MAX_CPUS 2 + typedef struct ARMSSE { /*< private >*/ SysBusDevice parent_obj; /*< public >*/ - ARMv7MState armv7m; + ARMv7MState armv7m[SSE_MAX_CPUS]; IoTKitSecCtl secctl; TZPPC apb_ppc0; TZPPC apb_ppc1; @@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE { qemu_or_irq mpc_irq_orgate; qemu_or_irq nmi_orgate; + SplitIRQ cpu_irq_splitter[32]; + CMSDKAPBDualTimer dualtimer; CMSDKAPBWatchdog s32kwatchdog; @@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE { MemoryRegion alias3; MemoryRegion sram[MAX_SRAM_BANKS]; - qemu_irq *exp_irqs; + qemu_irq *exp_irqs[SSE_MAX_CPUS]; qemu_irq ppc0_irq; qemu_irq ppc1_irq; qemu_irq sec_resp_cfg; diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ struct ARMSSEInfo { const char *name; int sram_banks; + int num_cpus; }; static const ARMSSEInfo armsse_variants[] = { { .name = TYPE_IOTKIT, .sram_banks = 1, + .num_cpus = 1, }, }; /* Clock frequency in HZ of the 32KHz "slow clock" */ #define S32KCLK (32 * 1000) +/* Is internal IRQ n shared between CPUs in a multi-core SSE ? */ +static bool irq_is_common[32] = { + [0 ... 5] = true, + /* 6, 7: per-CPU MHU interrupts */ + [8 ... 12] = true, + /* 13: per-CPU icache interrupt */ + /* 14: reserved */ + [15 ... 20] = true, + /* 21: reserved */ + [22 ... 26] = true, + /* 27: reserved */ + /* 28, 29: per-CPU CTI interrupts */ + /* 30, 31: reserved */ +}; + /* Create an alias region of @size bytes starting at @base * which mirrors the memory starting at @orig. */ @@ -XXX,XX +XXX,XX @@ static void armsse_init(Object *obj) int i; assert(info->sram_banks <= MAX_SRAM_BANKS); + assert(info->num_cpus <= SSE_MAX_CPUS); memory_region_init(&s->container, obj, "armsse-container", UINT64_MAX); - sysbus_init_child_obj(obj, "armv7m", &s->armv7m, sizeof(s->armv7m), - TYPE_ARMV7M); - qdev_prop_set_string(DEVICE(&s->armv7m), "cpu-type", - ARM_CPU_TYPE_NAME("cortex-m33")); + for (i = 0; i < info->num_cpus; i++) { + char *name = g_strdup_printf("armv7m%d", i); + sysbus_init_child_obj(obj, name, &s->armv7m[i], sizeof(s->armv7m), + TYPE_ARMV7M); + qdev_prop_set_string(DEVICE(&s->armv7m[i]), "cpu-type", + ARM_CPU_TYPE_NAME("cortex-m33")); + g_free(name); + } sysbus_init_child_obj(obj, "secctl", &s->secctl, sizeof(s->secctl), TYPE_IOTKIT_SECCTL); @@ -XXX,XX +XXX,XX @@ static void armsse_init(Object *obj) TYPE_SPLIT_IRQ, &error_abort, NULL); g_free(name); } + if (info->num_cpus > 1) { + for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) { + if (irq_is_common[i]) { + char *name = g_strdup_printf("cpu-irq-splitter%d", i); + SplitIRQ *splitter = &s->cpu_irq_splitter[i]; + + object_initialize_child(obj, name, splitter, sizeof(*splitter), + TYPE_SPLIT_IRQ, &error_abort, NULL); + g_free(name); + } + } + } } static void armsse_exp_irq(void *opaque, int n, int level) { - ARMSSE *s = ARMSSE(opaque); + qemu_irq *irqarray = opaque; - qemu_set_irq(s->exp_irqs[n], level); + qemu_set_irq(irqarray[n], level); } static void armsse_mpcexp_status(void *opaque, int n, int level) @@ -XXX,XX +XXX,XX @@ static void armsse_mpcexp_status(void *opaque, int n, int level) qemu_set_irq(s->mpcexp_status_in[n], level); } +static qemu_irq armsse_get_common_irq_in(ARMSSE *s, int irqno) +{ + /* + * Return a qemu_irq which can be used to signal IRQ n to + * all CPUs in the SSE. + */ + ARMSSEClass *asc = ARMSSE_GET_CLASS(s); + const ARMSSEInfo *info = asc->info; + + assert(irq_is_common[irqno]); + + if (info->num_cpus == 1) { + /* Only one CPU -- just connect directly to it */ + return qdev_get_gpio_in(DEVICE(&s->armv7m[0]), irqno); + } else { + /* Connect to the splitter which feeds all CPUs */ + return qdev_get_gpio_in(DEVICE(&s->cpu_irq_splitter[irqno]), 0); + } +} + static void armsse_realize(DeviceState *dev, Error **errp) { ARMSSE *s = ARMSSE(dev); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -1); - qdev_prop_set_uint32(DEVICE(&s->armv7m), "num-irq", s->exp_numirq + 32); - /* In real hardware the initial Secure VTOR is set from the INITSVTOR0 - * register in the IoT Kit System Control Register block, and the - * initial value of that is in turn specifiable by the FPGA that - * instantiates the IoT Kit. In QEMU we don't implement this wrinkle, - * and simply set the CPU's init-svtor to the IoT Kit default value. - */ - qdev_prop_set_uint32(DEVICE(&s->armv7m), "init-svtor", 0x10000000); - object_property_set_link(OBJECT(&s->armv7m), OBJECT(&s->container), - "memory", &err); - if (err) { - error_propagate(errp, err); - return; - } - object_property_set_link(OBJECT(&s->armv7m), OBJECT(s), "idau", &err); - if (err) { - error_propagate(errp, err); - return; - } - object_property_set_bool(OBJECT(&s->armv7m), true, "realized", &err); - if (err) { - error_propagate(errp, err); - return; + for (i = 0; i < info->num_cpus; i++) { + DeviceState *cpudev = DEVICE(&s->armv7m[i]); + Object *cpuobj = OBJECT(&s->armv7m[i]); + int j; + char *gpioname; + + qdev_prop_set_uint32(cpudev, "num-irq", s->exp_numirq + 32); + /* + * In real hardware the initial Secure VTOR is set from the INITSVTOR0 + * register in the IoT Kit System Control Register block, and the + * initial value of that is in turn specifiable by the FPGA that + * instantiates the IoT Kit. In QEMU we don't implement this wrinkle, + * and simply set the CPU's init-svtor to the IoT Kit default value. + * In SSE-200 the situation is similar, except that the default value + * is a reset-time signal input. Typically a board using the SSE-200 + * will have a system control processor whose boot firmware initializes + * the INITSVTOR* registers before powering up the CPUs in any case, + * so the hardware's default value doesn't matter. QEMU doesn't emulate + * the control processor, so instead we behave in the way that the + * firmware does. All boards currently known about have firmware that + * sets the INITSVTOR0 and INITSVTOR1 registers to 0x10000000, like the + * IoTKit default. We can make this more configurable if necessary. + */ + qdev_prop_set_uint32(cpudev, "init-svtor", 0x10000000); + /* + * Start all CPUs except CPU0 powered down. In real hardware it is + * a configurable property of the SSE-200 which CPUs start powered up + * (via the CPUWAIT0_RST and CPUWAIT1_RST parameters), but since all + * the boards we care about start CPU0 and leave CPU1 powered off, + * we hard-code that for now. We can add QOM properties for this + * later if necessary. + */ + if (i > 0) { + object_property_set_bool(cpuobj, true, "start-powered-off", &err); + if (err) { + error_propagate(errp, err); + return; + } + } + object_property_set_link(cpuobj, OBJECT(&s->container), "memory", &err); + if (err) { + error_propagate(errp, err); + return; + } + object_property_set_link(cpuobj, OBJECT(s), "idau", &err); + if (err) { + error_propagate(errp, err); + return; + } + object_property_set_bool(cpuobj, true, "realized", &err); + if (err) { + error_propagate(errp, err); + return; + } + + /* Connect EXP_IRQ/EXP_CPUn_IRQ GPIOs to the NVIC's lines 32 and up */ + s->exp_irqs[i] = g_new(qemu_irq, s->exp_numirq); + for (j = 0; j < s->exp_numirq; j++) { + s->exp_irqs[i][j] = qdev_get_gpio_in(cpudev, i + 32); + } + if (i == 0) { + gpioname = g_strdup("EXP_IRQ"); + } else { + gpioname = g_strdup_printf("EXP_CPU%d_IRQ", i); + } + qdev_init_gpio_in_named_with_opaque(dev, armsse_exp_irq, + s->exp_irqs[i], + gpioname, s->exp_numirq); + g_free(gpioname); } - /* Connect our EXP_IRQ GPIOs to the NVIC's lines 32 and up. */ - s->exp_irqs = g_new(qemu_irq, s->exp_numirq); - for (i = 0; i < s->exp_numirq; i++) { - s->exp_irqs[i] = qdev_get_gpio_in(DEVICE(&s->armv7m), i + 32); + /* Wire up the splitters that connect common IRQs to all CPUs */ + if (info->num_cpus > 1) { + for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) { + if (irq_is_common[i]) { + Object *splitter = OBJECT(&s->cpu_irq_splitter[i]); + DeviceState *devs = DEVICE(splitter); + int cpunum; + + object_property_set_int(splitter, info->num_cpus, + "num-lines", &err); + if (err) { + error_propagate(errp, err); + return; + } + object_property_set_bool(splitter, true, "realized", &err); + if (err) { + error_propagate(errp, err); + return; + } + for (cpunum = 0; cpunum < info->num_cpus; cpunum++) { + DeviceState *cpudev = DEVICE(&s->armv7m[cpunum]); + + qdev_connect_gpio_out(devs, cpunum, + qdev_get_gpio_in(cpudev, i)); + } + } + } } - qdev_init_gpio_in_named(dev, armsse_exp_irq, "EXP_IRQ", s->exp_numirq); /* Set up the big aliases first */ make_alias(s, &s->alias1, "alias 1", 0x10000000, 0x10000000, 0x00000000); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) return; } qdev_connect_gpio_out(DEVICE(&s->mpc_irq_orgate), 0, - qdev_get_gpio_in(DEVICE(&s->armv7m), 9)); + armsse_get_common_irq_in(s, 9)); /* Devices behind APB PPC0: * 0x40000000: timer0 @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) return; } sysbus_connect_irq(SYS_BUS_DEVICE(&s->timer0), 0, - qdev_get_gpio_in(DEVICE(&s->armv7m), 3)); + armsse_get_common_irq_in(s, 3)); mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->timer0), 0); object_property_set_link(OBJECT(&s->apb_ppc0), OBJECT(mr), "port[0]", &err); if (err) { @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) return; } sysbus_connect_irq(SYS_BUS_DEVICE(&s->timer1), 0, - qdev_get_gpio_in(DEVICE(&s->armv7m), 4)); + armsse_get_common_irq_in(s, 4)); mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->timer1), 0); object_property_set_link(OBJECT(&s->apb_ppc0), OBJECT(mr), "port[1]", &err); if (err) { @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) return; } sysbus_connect_irq(SYS_BUS_DEVICE(&s->dualtimer), 0, - qdev_get_gpio_in(DEVICE(&s->armv7m), 5)); + armsse_get_common_irq_in(s, 5)); mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->dualtimer), 0); object_property_set_link(OBJECT(&s->apb_ppc0), OBJECT(mr), "port[2]", &err); if (err) { @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) return; } qdev_connect_gpio_out(DEVICE(&s->ppc_irq_orgate), 0, - qdev_get_gpio_in(DEVICE(&s->armv7m), 10)); + armsse_get_common_irq_in(s, 10)); /* 0x40010000 .. 0x4001ffff: private CPU region: unused in IoTKit */ @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) return; } sysbus_connect_irq(SYS_BUS_DEVICE(&s->s32ktimer), 0, - qdev_get_gpio_in(DEVICE(&s->armv7m), 2)); + armsse_get_common_irq_in(s, 2)); mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->s32ktimer), 0); object_property_set_link(OBJECT(&s->apb_ppc1), OBJECT(mr), "port[0]", &err); if (err) { @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) return; } sysbus_connect_irq(SYS_BUS_DEVICE(&s->nswatchdog), 0, - qdev_get_gpio_in(DEVICE(&s->armv7m), 1)); + armsse_get_common_irq_in(s, 1)); sysbus_mmio_map(SYS_BUS_DEVICE(&s->nswatchdog), 0, 0x40081000); qdev_prop_set_uint32(DEVICE(&s->swatchdog), "wdogclk-frq", s->mainclk_frq); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) qdev_pass_gpios(dev_secctl, dev, "mscexp_clear"); qdev_pass_gpios(dev_secctl, dev, "mscexp_ns"); qdev_connect_gpio_out_named(dev_secctl, "msc_irq", 0, - qdev_get_gpio_in(DEVICE(&s->armv7m), 11)); + armsse_get_common_irq_in(s, 11)); /* * Expose our container region to the board model; this corresponds -- 2.20.1 Give each CPU its own container memory region. This is necessary for two reasons: * some devices are instantiated one per CPU and the CPU sees only its own device * since a memory region can only be put into one container, we must give each armv7m object a different MemoryRegion as its 'memory' property, or a dual-CPU configuration will assert on realize when the second armv7m object tries to put the MR into a container when it is already in the first armv7m object's container Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-13-peter.maydell@linaro.org --- include/hw/arm/armsse.h | 10 ++++++++++ hw/arm/armsse.c | 22 ++++++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/armsse.h +++ b/include/hw/arm/armsse.h @@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE { IoTKitSysCtl sysctl; IoTKitSysCtl sysinfo; + /* + * 'container' holds all devices seen by all CPUs. + * 'cpu_container[i]' is the view that CPU i has: this has the + * per-CPU devices of that CPU, plus as the background 'container' + * (or an alias of it, since we can only use it directly once). + * container_alias[i] is the alias of 'container' used by CPU i+1; + * CPU 0 can use 'container' directly. + */ MemoryRegion container; + MemoryRegion container_alias[SSE_MAX_CPUS - 1]; + MemoryRegion cpu_container[SSE_MAX_CPUS]; MemoryRegion alias1; MemoryRegion alias2; MemoryRegion alias3; diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ static void armsse_init(Object *obj) qdev_prop_set_string(DEVICE(&s->armv7m[i]), "cpu-type", ARM_CPU_TYPE_NAME("cortex-m33")); g_free(name); + name = g_strdup_printf("arm-sse-cpu-container%d", i); + memory_region_init(&s->cpu_container[i], obj, name, UINT64_MAX); + g_free(name); + if (i > 0) { + name = g_strdup_printf("arm-sse-container-alias%d", i); + memory_region_init_alias(&s->container_alias[i - 1], obj, + name, &s->container, 0, UINT64_MAX); + g_free(name); + } } sysbus_init_child_obj(obj, "secctl", &s->secctl, sizeof(s->secctl), @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) * 0x50000000..0x5fffffff alias of 0x40000000..0x4fffffff */ - memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -1); + memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -2); for (i = 0; i < info->num_cpus; i++) { DeviceState *cpudev = DEVICE(&s->armv7m[i]); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) return; } } - object_property_set_link(cpuobj, OBJECT(&s->container), "memory", &err); + + if (i > 0) { + memory_region_add_subregion_overlap(&s->cpu_container[i], 0, + &s->container_alias[i - 1], -1); + } else { + memory_region_add_subregion_overlap(&s->cpu_container[i], 0, + &s->container, -1); + } + object_property_set_link(cpuobj, OBJECT(&s->cpu_container[i]), + "memory", &err); if (err) { error_propagate(errp, err); return; -- 2.20.1 Create a cluster object to hold each CPU in the SSE. They are logically distinct and may be configured differently (for instance one may not have an FPU where the other does). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-14-peter.maydell@linaro.org --- include/hw/arm/armsse.h | 2 ++ hw/arm/armsse.c | 31 ++++++++++++++++++++++++++++--- 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/armsse.h +++ b/include/hw/arm/armsse.h @@ -XXX,XX +XXX,XX @@ #include "hw/misc/iotkit-sysinfo.h" #include "hw/or-irq.h" #include "hw/core/split-irq.h" +#include "hw/cpu/cluster.h" #define TYPE_ARMSSE "arm-sse" #define ARMSSE(obj) OBJECT_CHECK(ARMSSE, (obj), TYPE_ARMSSE) @@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE { /*< public >*/ ARMv7MState armv7m[SSE_MAX_CPUS]; + CPUClusterState cluster[SSE_MAX_CPUS]; IoTKitSecCtl secctl; TZPPC apb_ppc0; TZPPC apb_ppc1; diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ static void armsse_init(Object *obj) memory_region_init(&s->container, obj, "armsse-container", UINT64_MAX); for (i = 0; i < info->num_cpus; i++) { - char *name = g_strdup_printf("armv7m%d", i); - sysbus_init_child_obj(obj, name, &s->armv7m[i], sizeof(s->armv7m), - TYPE_ARMV7M); + /* + * We put each CPU in its own cluster as they are logically + * distinct and may be configured differently. + */ + char *name; + + name = g_strdup_printf("cluster%d", i); + object_initialize_child(obj, name, &s->cluster[i], + sizeof(s->cluster[i]), TYPE_CPU_CLUSTER, + &error_abort, NULL); + qdev_prop_set_uint32(DEVICE(&s->cluster[i]), "cluster-id", i); + g_free(name); + + name = g_strdup_printf("armv7m%d", i); + sysbus_init_child_obj(OBJECT(&s->cluster[i]), name, + &s->armv7m[i], sizeof(s->armv7m), TYPE_ARMV7M); qdev_prop_set_string(DEVICE(&s->armv7m[i]), "cpu-type", ARM_CPU_TYPE_NAME("cortex-m33")); g_free(name); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) error_propagate(errp, err); return; } + /* + * The cluster must be realized after the armv7m container, as + * the container's CPU object is only created on realize, and the + * CPU must exist and have been parented into the cluster before + * the cluster is realized. + */ + object_property_set_bool(OBJECT(&s->cluster[i]), + true, "realized", &err); + if (err) { + error_propagate(errp, err); + return; + } /* Connect EXP_IRQ/EXP_CPUn_IRQ GPIOs to the NVIC's lines 32 and up */ s->exp_irqs[i] = g_new(qemu_irq, s->exp_numirq); -- 2.20.1 The SYS_VERSION and SYS_CONFIG register values differ between the IoTKit and SSE-200. Make them configurable via QOM properties rather than hard-coded, and set them appropriately in the ARMSSE code that instantiates the IOTKIT_SYSINFO device. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-15-peter.maydell@linaro.org --- include/hw/misc/iotkit-sysinfo.h | 6 ++++ hw/arm/armsse.c | 51 ++++++++++++++++++++++++++++++++ hw/misc/iotkit-sysinfo.c | 15 ++++++++-- 3 files changed, 70 insertions(+), 2 deletions(-) diff --git a/include/hw/misc/iotkit-sysinfo.h b/include/hw/misc/iotkit-sysinfo.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/misc/iotkit-sysinfo.h +++ b/include/hw/misc/iotkit-sysinfo.h @@ -XXX,XX +XXX,XX @@ * Arm IoTKit and documented in * http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ecm0601256/index.html * QEMU interface: + * + QOM property "SYS_VERSION": value to use for SYS_VERSION register + * + QOM property "SYS_CONFIG": value to use for SYS_CONFIG register * + sysbus MMIO region 0: the system information register bank */ @@ -XXX,XX +XXX,XX @@ typedef struct IoTKitSysInfo { /*< public >*/ MemoryRegion iomem; + + /* Properties */ + uint32_t sys_version; + uint32_t sys_config; } IoTKitSysInfo; #endif diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ #include "hw/arm/armsse.h" #include "hw/arm/arm.h" +/* Format of the System Information block SYS_CONFIG register */ +typedef enum SysConfigFormat { + IoTKitFormat, + SSE200Format, +} SysConfigFormat; + struct ARMSSEInfo { const char *name; int sram_banks; int num_cpus; + uint32_t sys_version; + SysConfigFormat sys_config_format; }; static const ARMSSEInfo armsse_variants[] = { @@ -XXX,XX +XXX,XX @@ static const ARMSSEInfo armsse_variants[] = { .name = TYPE_IOTKIT, .sram_banks = 1, .num_cpus = 1, + .sys_version = 0x41743, + .sys_config_format = IoTKitFormat, }, }; +static uint32_t armsse_sys_config_value(ARMSSE *s, const ARMSSEInfo *info) +{ + /* Return the SYS_CONFIG value for this SSE */ + uint32_t sys_config; + + switch (info->sys_config_format) { + case IoTKitFormat: + sys_config = 0; + sys_config = deposit32(sys_config, 0, 4, info->sram_banks); + sys_config = deposit32(sys_config, 4, 4, s->sram_addr_width - 12); + break; + case SSE200Format: + sys_config = 0; + sys_config = deposit32(sys_config, 0, 4, info->sram_banks); + sys_config = deposit32(sys_config, 4, 5, s->sram_addr_width); + sys_config = deposit32(sys_config, 24, 4, 2); + if (info->num_cpus > 1) { + sys_config = deposit32(sys_config, 10, 1, 1); + sys_config = deposit32(sys_config, 20, 4, info->sram_banks - 1); + sys_config = deposit32(sys_config, 28, 4, 2); + } + break; + default: + g_assert_not_reached(); + } + return sys_config; +} + /* Clock frequency in HZ of the 32KHz "slow clock" */ #define S32KCLK (32 * 1000) @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) qdev_get_gpio_in_named(dev_apb_ppc1, "cfg_sec_resp", 0)); + object_property_set_int(OBJECT(&s->sysinfo), info->sys_version, + "SYS_VERSION", &err); + if (err) { + error_propagate(errp, err); + return; + } + object_property_set_int(OBJECT(&s->sysinfo), + armsse_sys_config_value(s, info), + "SYS_CONFIG", &err); + if (err) { + error_propagate(errp, err); + return; + } object_property_set_bool(OBJECT(&s->sysinfo), true, "realized", &err); if (err) { error_propagate(errp, err); diff --git a/hw/misc/iotkit-sysinfo.c b/hw/misc/iotkit-sysinfo.c index XXXXXXX..XXXXXXX 100644 --- a/hw/misc/iotkit-sysinfo.c +++ b/hw/misc/iotkit-sysinfo.c @@ -XXX,XX +XXX,XX @@ static const int sysinfo_id[] = { static uint64_t iotkit_sysinfo_read(void *opaque, hwaddr offset, unsigned size) { + IoTKitSysInfo *s = IOTKIT_SYSINFO(opaque); uint64_t r; switch (offset) { case A_SYS_VERSION: - r = 0x41743; + r = s->sys_version; break; case A_SYS_CONFIG: - r = 0x31; + r = s->sys_config; break; case A_PID4 ... A_CID3: r = sysinfo_id[(offset - A_PID4) / 4]; @@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps iotkit_sysinfo_ops = { .valid.max_access_size = 4, }; +static Property iotkit_sysinfo_props[] = { + DEFINE_PROP_UINT32("SYS_VERSION", IoTKitSysInfo, sys_version, 0), + DEFINE_PROP_UINT32("SYS_CONFIG", IoTKitSysInfo, sys_config, 0), + DEFINE_PROP_END_OF_LIST() +}; + static void iotkit_sysinfo_init(Object *obj) { SysBusDevice *sbd = SYS_BUS_DEVICE(obj); @@ -XXX,XX +XXX,XX @@ static void iotkit_sysinfo_init(Object *obj) static void iotkit_sysinfo_class_init(ObjectClass *klass, void *data) { + DeviceClass *dc = DEVICE_CLASS(klass); + /* * This device has no guest-modifiable state and so it * does not need a reset function or VMState. */ + + dc->props = iotkit_sysinfo_props; } static const TypeInfo iotkit_sysinfo_info = { -- 2.20.1 The SSE-200 has two Message Handling Units (MHUs), which sit behind the APB PPC0. Wire up some unimplemented-device stubs for these, since we don't yet implement a real model of this device. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-16-peter.maydell@linaro.org --- include/hw/arm/armsse.h | 3 +++ hw/arm/armsse.c | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/armsse.h +++ b/include/hw/arm/armsse.h @@ -XXX,XX +XXX,XX @@ #include "hw/watchdog/cmsdk-apb-watchdog.h" #include "hw/misc/iotkit-sysctl.h" #include "hw/misc/iotkit-sysinfo.h" +#include "hw/misc/unimp.h" #include "hw/or-irq.h" #include "hw/core/split-irq.h" #include "hw/cpu/cluster.h" @@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE { IoTKitSysCtl sysctl; IoTKitSysCtl sysinfo; + UnimplementedDeviceState mhu[2]; + /* * 'container' holds all devices seen by all CPUs. * 'cpu_container[i]' is the view that CPU i has: this has the diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ struct ARMSSEInfo { int num_cpus; uint32_t sys_version; SysConfigFormat sys_config_format; + bool has_mhus; }; static const ARMSSEInfo armsse_variants[] = { @@ -XXX,XX +XXX,XX @@ static const ARMSSEInfo armsse_variants[] = { .num_cpus = 1, .sys_version = 0x41743, .sys_config_format = IoTKitFormat, + .has_mhus = false, }, }; @@ -XXX,XX +XXX,XX @@ static void armsse_init(Object *obj) sizeof(s->sysctl), TYPE_IOTKIT_SYSCTL); sysbus_init_child_obj(obj, "armsse-sysinfo", &s->sysinfo, sizeof(s->sysinfo), TYPE_IOTKIT_SYSINFO); + if (info->has_mhus) { + sysbus_init_child_obj(obj, "mhu0", &s->mhu[0], sizeof(s->mhu[0]), + TYPE_UNIMPLEMENTED_DEVICE); + sysbus_init_child_obj(obj, "mhu1", &s->mhu[1], sizeof(s->mhu[1]), + TYPE_UNIMPLEMENTED_DEVICE); + } object_initialize_child(obj, "nmi-orgate", &s->nmi_orgate, sizeof(s->nmi_orgate), TYPE_OR_IRQ, &error_abort, NULL); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) * 0x40000000: timer0 * 0x40001000: timer1 * 0x40002000: dual timer + * 0x40003000: MHU0 (SSE-200 only) + * 0x40004000: MHU1 (SSE-200 only) * We must configure and realize each downstream device and connect * it to the appropriate PPC port; then we can realize the PPC and * map its upstream ends to the right place in the container. @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) return; } + if (info->has_mhus) { + for (i = 0; i < ARRAY_SIZE(s->mhu); i++) { + char *name = g_strdup_printf("MHU%d", i); + char *port = g_strdup_printf("port[%d]", i + 3); + + qdev_prop_set_string(DEVICE(&s->mhu[i]), "name", name); + qdev_prop_set_uint64(DEVICE(&s->mhu[i]), "size", 0x1000); + object_property_set_bool(OBJECT(&s->mhu[i]), true, + "realized", &err); + if (err) { + error_propagate(errp, err); + return; + } + mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->mhu[i]), 0); + object_property_set_link(OBJECT(&s->apb_ppc0), OBJECT(mr), + port, &err); + if (err) { + error_propagate(errp, err); + return; + } + g_free(name); + g_free(port); + } + } + object_property_set_bool(OBJECT(&s->apb_ppc0), true, "realized", &err); if (err) { error_propagate(errp, err); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) memory_region_add_subregion(&s->container, 0x40001000, mr); mr = sysbus_mmio_get_region(sbd_apb_ppc0, 2); memory_region_add_subregion(&s->container, 0x40002000, mr); + if (info->has_mhus) { + mr = sysbus_mmio_get_region(sbd_apb_ppc0, 3); + memory_region_add_subregion(&s->container, 0x40003000, mr); + mr = sysbus_mmio_get_region(sbd_apb_ppc0, 4); + memory_region_add_subregion(&s->container, 0x40004000, mr); + } for (i = 0; i < IOTS_APB_PPC0_NUM_PORTS; i++) { qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_nonsec", i, qdev_get_gpio_in_named(dev_apb_ppc0, -- 2.20.1 Add unimplemented-device stubs for the various Power Policy Unit devices that the SSE-200 has. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-17-peter.maydell@linaro.org --- include/hw/arm/armsse.h | 11 ++++++++ hw/arm/armsse.c | 58 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/armsse.h +++ b/include/hw/arm/armsse.h @@ -XXX,XX +XXX,XX @@ #define SSE_MAX_CPUS 2 +/* These define what each PPU in the ppu[] index is for */ +#define CPU0CORE_PPU 0 +#define CPU1CORE_PPU 1 +#define DBG_PPU 2 +#define RAM0_PPU 3 +#define RAM1_PPU 4 +#define RAM2_PPU 5 +#define RAM3_PPU 6 +#define NUM_PPUS 7 + typedef struct ARMSSE { /*< private >*/ SysBusDevice parent_obj; @@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE { IoTKitSysCtl sysinfo; UnimplementedDeviceState mhu[2]; + UnimplementedDeviceState ppu[NUM_PPUS]; /* * 'container' holds all devices seen by all CPUs. diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ struct ARMSSEInfo { uint32_t sys_version; SysConfigFormat sys_config_format; bool has_mhus; + bool has_ppus; }; static const ARMSSEInfo armsse_variants[] = { @@ -XXX,XX +XXX,XX @@ static const ARMSSEInfo armsse_variants[] = { .sys_version = 0x41743, .sys_config_format = IoTKitFormat, .has_mhus = false, + .has_ppus = false, }, }; @@ -XXX,XX +XXX,XX @@ static void armsse_init(Object *obj) sysbus_init_child_obj(obj, "mhu1", &s->mhu[1], sizeof(s->mhu[1]), TYPE_UNIMPLEMENTED_DEVICE); } + if (info->has_ppus) { + for (i = 0; i < info->num_cpus; i++) { + char *name = g_strdup_printf("CPU%dCORE_PPU", i); + int ppuidx = CPU0CORE_PPU + i; + + sysbus_init_child_obj(obj, name, &s->ppu[ppuidx], + sizeof(s->ppu[ppuidx]), + TYPE_UNIMPLEMENTED_DEVICE); + g_free(name); + } + sysbus_init_child_obj(obj, "DBG_PPU", &s->ppu[DBG_PPU], + sizeof(s->ppu[DBG_PPU]), + TYPE_UNIMPLEMENTED_DEVICE); + for (i = 0; i < info->sram_banks; i++) { + char *name = g_strdup_printf("RAM%d_PPU", i); + int ppuidx = RAM0_PPU + i; + + sysbus_init_child_obj(obj, name, &s->ppu[ppuidx], + sizeof(s->ppu[ppuidx]), + TYPE_UNIMPLEMENTED_DEVICE); + g_free(name); + } + } object_initialize_child(obj, "nmi-orgate", &s->nmi_orgate, sizeof(s->nmi_orgate), TYPE_OR_IRQ, &error_abort, NULL); @@ -XXX,XX +XXX,XX @@ static qemu_irq armsse_get_common_irq_in(ARMSSE *s, int irqno) } } +static void map_ppu(ARMSSE *s, int ppuidx, const char *name, hwaddr addr) +{ + /* Map a PPU unimplemented device stub */ + DeviceState *dev = DEVICE(&s->ppu[ppuidx]); + + qdev_prop_set_string(dev, "name", name); + qdev_prop_set_uint64(dev, "size", 0x1000); + qdev_init_nofail(dev); + sysbus_mmio_map(SYS_BUS_DEVICE(&s->ppu[ppuidx]), 0, addr); +} + static void armsse_realize(DeviceState *dev, Error **errp) { ARMSSE *s = ARMSSE(dev); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) } sysbus_mmio_map(SYS_BUS_DEVICE(&s->sysctl), 0, 0x50021000); + if (info->has_ppus) { + /* CPUnCORE_PPU for each CPU */ + for (i = 0; i < info->num_cpus; i++) { + char *name = g_strdup_printf("CPU%dCORE_PPU", i); + + map_ppu(s, CPU0CORE_PPU + i, name, 0x50023000 + i * 0x2000); + /* + * We don't support CPU debug so don't create the + * CPU0DEBUG_PPU at 0x50024000 and 0x50026000. + */ + g_free(name); + } + map_ppu(s, DBG_PPU, "DBG_PPU", 0x50029000); + + for (i = 0; i < info->sram_banks; i++) { + char *name = g_strdup_printf("RAM%d_PPU", i); + + map_ppu(s, RAM0_PPU + i, name, 0x5002a000 + i * 0x1000); + g_free(name); + } + } + /* This OR gate wires together outputs from the secure watchdogs to NMI */ object_property_set_int(OBJECT(&s->nmi_orgate), 2, "num-lines", &err); if (err) { -- 2.20.1 The SSE-200 gives each CPU a register bank to use to control its L1 instruction cache. Put in an unimplemented-device stub for this. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-18-peter.maydell@linaro.org --- include/hw/arm/armsse.h | 1 + hw/arm/armsse.c | 39 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/armsse.h +++ b/include/hw/arm/armsse.h @@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE { UnimplementedDeviceState mhu[2]; UnimplementedDeviceState ppu[NUM_PPUS]; + UnimplementedDeviceState cachectrl[SSE_MAX_CPUS]; /* * 'container' holds all devices seen by all CPUs. diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ struct ARMSSEInfo { SysConfigFormat sys_config_format; bool has_mhus; bool has_ppus; + bool has_cachectrl; }; static const ARMSSEInfo armsse_variants[] = { @@ -XXX,XX +XXX,XX @@ static const ARMSSEInfo armsse_variants[] = { .sys_config_format = IoTKitFormat, .has_mhus = false, .has_ppus = false, + .has_cachectrl = false, }, }; @@ -XXX,XX +XXX,XX @@ static void armsse_init(Object *obj) g_free(name); } } + if (info->has_cachectrl) { + for (i = 0; i < info->num_cpus; i++) { + char *name = g_strdup_printf("cachectrl%d", i); + + sysbus_init_child_obj(obj, name, &s->cachectrl[i], + sizeof(s->cachectrl[i]), + TYPE_UNIMPLEMENTED_DEVICE); + g_free(name); + } + } object_initialize_child(obj, "nmi-orgate", &s->nmi_orgate, sizeof(s->nmi_orgate), TYPE_OR_IRQ, &error_abort, NULL); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) qdev_connect_gpio_out(DEVICE(&s->ppc_irq_orgate), 0, armsse_get_common_irq_in(s, 10)); - /* 0x40010000 .. 0x4001ffff: private CPU region: unused in IoTKit */ + /* + * 0x40010000 .. 0x4001ffff (and the 0x5001000... secure-only alias): + * private per-CPU region (all these devices are SSE-200 only): + * 0x50010000: L1 icache control registers + * 0x50011000: CPUSECCTRL (CPU local security control registers) + * 0x4001f000 and 0x5001f000: CPU_IDENTITY register block + */ + if (info->has_cachectrl) { + for (i = 0; i < info->num_cpus; i++) { + char *name = g_strdup_printf("cachectrl%d", i); + MemoryRegion *mr; + + qdev_prop_set_string(DEVICE(&s->cachectrl[i]), "name", name); + g_free(name); + qdev_prop_set_uint64(DEVICE(&s->cachectrl[i]), "size", 0x1000); + object_property_set_bool(OBJECT(&s->cachectrl[i]), true, + "realized", &err); + if (err) { + error_propagate(errp, err); + return; + } + + mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cachectrl[i]), 0); + memory_region_add_subregion(&s->cpu_container[i], 0x50010000, mr); + } + } /* 0x40020000 .. 0x4002ffff : ARMSSE system control peripheral region */ /* Devices behind APB PPC1: -- 2.20.1 The SSE-200 has a "CPU local security control" register bank; add an unimplemented-device stub for it. (The register bank has only one interesting register, which allows the guest to lock down changes to various CPU registers so they cannot be modified further. We don't support that in our Cortex-M33 model anyway.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-19-peter.maydell@linaro.org --- include/hw/arm/armsse.h | 1 + hw/arm/armsse.c | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/armsse.h +++ b/include/hw/arm/armsse.h @@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE { UnimplementedDeviceState mhu[2]; UnimplementedDeviceState ppu[NUM_PPUS]; UnimplementedDeviceState cachectrl[SSE_MAX_CPUS]; + UnimplementedDeviceState cpusecctrl[SSE_MAX_CPUS]; /* * 'container' holds all devices seen by all CPUs. diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ struct ARMSSEInfo { bool has_mhus; bool has_ppus; bool has_cachectrl; + bool has_cpusecctrl; }; static const ARMSSEInfo armsse_variants[] = { @@ -XXX,XX +XXX,XX @@ static const ARMSSEInfo armsse_variants[] = { .has_mhus = false, .has_ppus = false, .has_cachectrl = false, + .has_cpusecctrl = false, }, }; @@ -XXX,XX +XXX,XX @@ static void armsse_init(Object *obj) g_free(name); } } + if (info->has_cpusecctrl) { + for (i = 0; i < info->num_cpus; i++) { + char *name = g_strdup_printf("cpusecctrl%d", i); + + sysbus_init_child_obj(obj, name, &s->cpusecctrl[i], + sizeof(s->cpusecctrl[i]), + TYPE_UNIMPLEMENTED_DEVICE); + g_free(name); + } + } object_initialize_child(obj, "nmi-orgate", &s->nmi_orgate, sizeof(s->nmi_orgate), TYPE_OR_IRQ, &error_abort, NULL); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) memory_region_add_subregion(&s->cpu_container[i], 0x50010000, mr); } } + if (info->has_cpusecctrl) { + for (i = 0; i < info->num_cpus; i++) { + char *name = g_strdup_printf("CPUSECCTRL%d", i); + MemoryRegion *mr; + + qdev_prop_set_string(DEVICE(&s->cpusecctrl[i]), "name", name); + g_free(name); + qdev_prop_set_uint64(DEVICE(&s->cpusecctrl[i]), "size", 0x1000); + object_property_set_bool(OBJECT(&s->cpusecctrl[i]), true, + "realized", &err); + if (err) { + error_propagate(errp, err); + return; + } + + mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpusecctrl[i]), 0); + memory_region_add_subregion(&s->cpu_container[i], 0x50011000, mr); + } + } /* 0x40020000 .. 0x4002ffff : ARMSSE system control peripheral region */ /* Devices behind APB PPC1: -- 2.20.1 The SSE-200 has a CPU_IDENTITY register block, which is a set of read-only registers. As well as the usual PID/CID registers, there is a single CPUID register which indicates whether the CPU is CPU 0 or CPU 1. Implement a model of this register block. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-20-peter.maydell@linaro.org --- hw/misc/Makefile.objs | 1 + include/hw/misc/armsse-cpuid.h | 41 ++++++++++ hw/misc/armsse-cpuid.c | 134 ++++++++++++++++++++++++++++++++ MAINTAINERS | 2 + default-configs/arm-softmmu.mak | 1 + hw/misc/trace-events | 4 + 6 files changed, 183 insertions(+) create mode 100644 include/hw/misc/armsse-cpuid.h create mode 100644 hw/misc/armsse-cpuid.c diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs index XXXXXXX..XXXXXXX 100644 --- a/hw/misc/Makefile.objs +++ b/hw/misc/Makefile.objs @@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_TZ_PPC) += tz-ppc.o obj-$(CONFIG_IOTKIT_SECCTL) += iotkit-secctl.o obj-$(CONFIG_IOTKIT_SYSCTL) += iotkit-sysctl.o obj-$(CONFIG_IOTKIT_SYSINFO) += iotkit-sysinfo.o +obj-$(CONFIG_ARMSSE_CPUID) += armsse-cpuid.o obj-$(CONFIG_PVPANIC) += pvpanic.o obj-$(CONFIG_AUX) += auxbus.o diff --git a/include/hw/misc/armsse-cpuid.h b/include/hw/misc/armsse-cpuid.h new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/include/hw/misc/armsse-cpuid.h @@ -XXX,XX +XXX,XX @@ +/* + * ARM SSE-200 CPU_IDENTITY register block + * + * Copyright (c) 2019 Linaro Limited + * Written by Peter Maydell + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 or + * (at your option) any later version. + */ + +/* + * This is a model of the "CPU_IDENTITY" register block which is part of the + * Arm SSE-200 and documented in + * http://infocenter.arm.com/help/topic/com.arm.doc.101104_0100_00_en/corelink_sse200_subsystem_for_embedded_technical_reference_manual_101104_0100_00_en.pdf + * + * QEMU interface: + * + QOM property "CPUID": the value to use for the CPUID register + * + sysbus MMIO region 0: the system information register bank + */ + +#ifndef HW_MISC_ARMSSE_CPUID_H +#define HW_MISC_ARMSSE_CPUID_H + +#include "hw/sysbus.h" + +#define TYPE_ARMSSE_CPUID "armsse-cpuid" +#define ARMSSE_CPUID(obj) OBJECT_CHECK(ARMSSECPUID, (obj), TYPE_ARMSSE_CPUID) + +typedef struct ARMSSECPUID { + /*< private >*/ + SysBusDevice parent_obj; + + /*< public >*/ + MemoryRegion iomem; + + /* Properties */ + uint32_t cpuid; +} ARMSSECPUID; + +#endif diff --git a/hw/misc/armsse-cpuid.c b/hw/misc/armsse-cpuid.c new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/hw/misc/armsse-cpuid.c @@ -XXX,XX +XXX,XX @@ +/* + * ARM SSE-200 CPU_IDENTITY register block + * + * Copyright (c) 2019 Linaro Limited + * Written by Peter Maydell + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 or + * (at your option) any later version. + */ + +/* + * This is a model of the "CPU_IDENTITY" register block which is part of the + * Arm SSE-200 and documented in + * http://infocenter.arm.com/help/topic/com.arm.doc.101104_0100_00_en/corelink_sse200_subsystem_for_embedded_technical_reference_manual_101104_0100_00_en.pdf + * + * It consists of one read-only CPUID register (set by QOM property), plus the + * usual ID registers. + */ + +#include "qemu/osdep.h" +#include "qemu/log.h" +#include "trace.h" +#include "qapi/error.h" +#include "sysemu/sysemu.h" +#include "hw/sysbus.h" +#include "hw/registerfields.h" +#include "hw/misc/armsse-cpuid.h" + +REG32(CPUID, 0x0) +REG32(PID4, 0xfd0) +REG32(PID5, 0xfd4) +REG32(PID6, 0xfd8) +REG32(PID7, 0xfdc) +REG32(PID0, 0xfe0) +REG32(PID1, 0xfe4) +REG32(PID2, 0xfe8) +REG32(PID3, 0xfec) +REG32(CID0, 0xff0) +REG32(CID1, 0xff4) +REG32(CID2, 0xff8) +REG32(CID3, 0xffc) + +/* PID/CID values */ +static const int sysinfo_id[] = { + 0x04, 0x00, 0x00, 0x00, /* PID4..PID7 */ + 0x58, 0xb8, 0x0b, 0x00, /* PID0..PID3 */ + 0x0d, 0xf0, 0x05, 0xb1, /* CID0..CID3 */ +}; + +static uint64_t armsse_cpuid_read(void *opaque, hwaddr offset, + unsigned size) +{ + ARMSSECPUID *s = ARMSSE_CPUID(opaque); + uint64_t r; + + switch (offset) { + case A_CPUID: + r = s->cpuid; + break; + case A_PID4 ... A_CID3: + r = sysinfo_id[(offset - A_PID4) / 4]; + break; + default: + qemu_log_mask(LOG_GUEST_ERROR, + "SSE CPU_IDENTITY read: bad offset 0x%x\n", (int)offset); + r = 0; + break; + } + trace_armsse_cpuid_read(offset, r, size); + return r; +} + +static void armsse_cpuid_write(void *opaque, hwaddr offset, + uint64_t value, unsigned size) +{ + trace_armsse_cpuid_write(offset, value, size); + + qemu_log_mask(LOG_GUEST_ERROR, + "SSE CPU_IDENTITY: write to RO offset 0x%x\n", (int)offset); +} + +static const MemoryRegionOps armsse_cpuid_ops = { + .read = armsse_cpuid_read, + .write = armsse_cpuid_write, + .endianness = DEVICE_LITTLE_ENDIAN, + /* byte/halfword accesses are just zero-padded on reads and writes */ + .impl.min_access_size = 4, + .impl.max_access_size = 4, + .valid.min_access_size = 1, + .valid.max_access_size = 4, +}; + +static Property armsse_cpuid_props[] = { + DEFINE_PROP_UINT32("CPUID", ARMSSECPUID, cpuid, 0), + DEFINE_PROP_END_OF_LIST() +}; + +static void armsse_cpuid_init(Object *obj) +{ + SysBusDevice *sbd = SYS_BUS_DEVICE(obj); + ARMSSECPUID *s = ARMSSE_CPUID(obj); + + memory_region_init_io(&s->iomem, obj, &armsse_cpuid_ops, + s, "armsse-cpuid", 0x1000); + sysbus_init_mmio(sbd, &s->iomem); +} + +static void armsse_cpuid_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + + /* + * This device has no guest-modifiable state and so it + * does not need a reset function or VMState. + */ + + dc->props = armsse_cpuid_props; +} + +static const TypeInfo armsse_cpuid_info = { + .name = TYPE_ARMSSE_CPUID, + .parent = TYPE_SYS_BUS_DEVICE, + .instance_size = sizeof(ARMSSECPUID), + .instance_init = armsse_cpuid_init, + .class_init = armsse_cpuid_class_init, +}; + +static void armsse_cpuid_register_types(void) +{ + type_register_static(&armsse_cpuid_info); +} + +type_init(armsse_cpuid_register_types); diff --git a/MAINTAINERS b/MAINTAINERS index XXXXXXX..XXXXXXX 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -XXX,XX +XXX,XX @@ F: hw/misc/iotkit-sysctl.c F: include/hw/misc/iotkit-sysctl.h F: hw/misc/iotkit-sysinfo.c F: include/hw/misc/iotkit-sysinfo.h +F: hw/misc/armsse-cpuid.c +F: include/hw/misc/armsse-cpuid.h Musicpal M: Jan Kiszka <jan.kiszka@web.de> diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak index XXXXXXX..XXXXXXX 100644 --- a/default-configs/arm-softmmu.mak +++ b/default-configs/arm-softmmu.mak @@ -XXX,XX +XXX,XX @@ CONFIG_ARMSSE=y CONFIG_IOTKIT_SECCTL=y CONFIG_IOTKIT_SYSCTL=y CONFIG_IOTKIT_SYSINFO=y +CONFIG_ARMSSE_CPUID=y CONFIG_VERSATILE=y CONFIG_VERSATILE_PCI=y diff --git a/hw/misc/trace-events b/hw/misc/trace-events index XXXXXXX..XXXXXXX 100644 --- a/hw/misc/trace-events +++ b/hw/misc/trace-events @@ -XXX,XX +XXX,XX @@ iotkit_sysinfo_write(uint64_t offset, uint64_t data, unsigned size) "IoTKit SysI iotkit_sysctl_read(uint64_t offset, uint64_t data, unsigned size) "IoTKit SysCtl read: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u" iotkit_sysctl_write(uint64_t offset, uint64_t data, unsigned size) "IoTKit SysCtl write: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u" iotkit_sysctl_reset(void) "IoTKit SysCtl: reset" + +# hw/misc/armsse-cpuid.c +armsse_cpuid_read(uint64_t offset, uint64_t data, unsigned size) "SSE-200 CPU_IDENTITY read: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u" +armsse_cpuid_write(uint64_t offset, uint64_t data, unsigned size) "SSE-200 CPU_IDENTITY write: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u" -- 2.20.1 Instantiate a copy of the CPU_IDENTITY register block for each CPU in an SSE-200. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-21-peter.maydell@linaro.org --- include/hw/arm/armsse.h | 3 +++ hw/arm/armsse.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/armsse.h +++ b/include/hw/arm/armsse.h @@ -XXX,XX +XXX,XX @@ #include "hw/watchdog/cmsdk-apb-watchdog.h" #include "hw/misc/iotkit-sysctl.h" #include "hw/misc/iotkit-sysinfo.h" +#include "hw/misc/armsse-cpuid.h" #include "hw/misc/unimp.h" #include "hw/or-irq.h" #include "hw/core/split-irq.h" @@ -XXX,XX +XXX,XX @@ typedef struct ARMSSE { UnimplementedDeviceState cachectrl[SSE_MAX_CPUS]; UnimplementedDeviceState cpusecctrl[SSE_MAX_CPUS]; + ARMSSECPUID cpuid[SSE_MAX_CPUS]; + /* * 'container' holds all devices seen by all CPUs. * 'cpu_container[i]' is the view that CPU i has: this has the diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ struct ARMSSEInfo { bool has_ppus; bool has_cachectrl; bool has_cpusecctrl; + bool has_cpuid; }; static const ARMSSEInfo armsse_variants[] = { @@ -XXX,XX +XXX,XX @@ static const ARMSSEInfo armsse_variants[] = { .has_ppus = false, .has_cachectrl = false, .has_cpusecctrl = false, + .has_cpuid = false, }, }; @@ -XXX,XX +XXX,XX @@ static void armsse_init(Object *obj) g_free(name); } } + if (info->has_cpuid) { + for (i = 0; i < info->num_cpus; i++) { + char *name = g_strdup_printf("cpuid%d", i); + + sysbus_init_child_obj(obj, name, &s->cpuid[i], + sizeof(s->cpuid[i]), + TYPE_ARMSSE_CPUID); + g_free(name); + } + } object_initialize_child(obj, "nmi-orgate", &s->nmi_orgate, sizeof(s->nmi_orgate), TYPE_OR_IRQ, &error_abort, NULL); @@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp) memory_region_add_subregion(&s->cpu_container[i], 0x50011000, mr); } } + if (info->has_cpuid) { + for (i = 0; i < info->num_cpus; i++) { + MemoryRegion *mr; + + qdev_prop_set_uint32(DEVICE(&s->cpuid[i]), "CPUID", i); + object_property_set_bool(OBJECT(&s->cpuid[i]), true, + "realized", &err); + if (err) { + error_propagate(errp, err); + return; + } + + mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpuid[i]), 0); + memory_region_add_subregion(&s->cpu_container[i], 0x4001F000, mr); + } + } /* 0x40020000 .. 0x4002ffff : ARMSSE system control peripheral region */ /* Devices behind APB PPC1: -- 2.20.1 Add a model of the SSE-200, now we have put in all the code that lets us make it different from the IoTKit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-22-peter.maydell@linaro.org --- include/hw/arm/armsse.h | 19 ++++++++++++++++--- hw/arm/armsse.c | 12 ++++++++++++ 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/armsse.h +++ b/include/hw/arm/armsse.h @@ -XXX,XX +XXX,XX @@ /* - * ARM SSE (Subsystems for Embedded): IoTKit + * ARM SSE (Subsystems for Embedded): IoTKit, SSE-200 * * Copyright (c) 2018 Linaro Limited * Written by Peter Maydell @@ -XXX,XX +XXX,XX @@ /* * This is a model of the Arm "Subsystems for Embedded" family of * hardware, which include the IoT Kit and the SSE-050, SSE-100 and - * SSE-200. Currently we model only the Arm IoT Kit which is documented in + * SSE-200. Currently we model: + * - the Arm IoT Kit which is documented in * http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ecm0601256/index.html - * It contains: + * - the SSE-200 which is documented in + * http://infocenter.arm.com/help/topic/com.arm.doc.101104_0100_00_en/corelink_sse200_subsystem_for_embedded_technical_reference_manual_101104_0100_00_en.pdf + * + * The IoTKit contains: * a Cortex-M33 * the IDAU * some timers and watchdogs @@ -XXX,XX +XXX,XX @@ * a security controller * a bus fabric which arranges that some parts of the address * space are secure and non-secure aliases of each other + * The SSE-200 additionally contains: + * a second Cortex-M33 + * two Message Handling Units (MHUs) + * an optional CryptoCell (which we do not model) + * more SRAM banks with associated MPCs + * multiple Power Policy Units (PPUs) + * a control interface for an icache for each CPU + * per-CPU identity and control register blocks * * QEMU interface: * + QOM property "memory" is a MemoryRegion containing the devices provided @@ -XXX,XX +XXX,XX @@ * them via the ARMSSE base class, so they have no IOTKIT() etc macros. */ #define TYPE_IOTKIT "iotkit" +#define TYPE_SSE200 "sse-200" /* We have an IRQ splitter and an OR gate input for each external PPC * and the 2 internal PPCs diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/armsse.c +++ b/hw/arm/armsse.c @@ -XXX,XX +XXX,XX @@ static const ARMSSEInfo armsse_variants[] = { .has_cpusecctrl = false, .has_cpuid = false, }, + { + .name = TYPE_SSE200, + .sram_banks = 4, + .num_cpus = 2, + .sys_version = 0x22041743, + .sys_config_format = SSE200Format, + .has_mhus = true, + .has_ppus = true, + .has_cachectrl = true, + .has_cpusecctrl = true, + .has_cpuid = true, + }, }; static uint32_t armsse_sys_config_value(ARMSSE *s, const ARMSSEInfo *info) -- 2.20.1 In preparation for adding support for the AN521 MPS2 image, we need to handle wiring up the MPS2 device interrupt lines to both CPUs in the SSE-200, rather than just the one that the IoTKit has. Abstract out a "connect to the IoTKit interrupt line" function and make it connect to a splitter which feeds both sets of inputs for the SSE-200 case. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-23-peter.maydell@linaro.org --- hw/arm/mps2-tz.c | 79 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 59 insertions(+), 20 deletions(-) diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/mps2-tz.c +++ b/hw/arm/mps2-tz.c @@ -XXX,XX +XXX,XX @@ #include "net/net.h" #include "hw/core/split-irq.h" +#define MPS2TZ_NUMIRQ 92 + typedef enum MPS2TZFPGAType { FPGA_AN505, + FPGA_AN521, } MPS2TZFPGAType; typedef struct { @@ -XXX,XX +XXX,XX @@ typedef struct { SplitIRQ sec_resp_splitter; qemu_or_irq uart_irq_orgate; DeviceState *lan9118; + SplitIRQ cpu_irq_splitter[MPS2TZ_NUMIRQ]; } MPS2TZMachineState; #define TYPE_MPS2TZ_MACHINE "mps2tz" @@ -XXX,XX +XXX,XX @@ static void make_ram_alias(MemoryRegion *mr, const char *name, memory_region_add_subregion(get_system_memory(), base, mr); } +static qemu_irq get_sse_irq_in(MPS2TZMachineState *mms, int irqno) +{ + /* Return a qemu_irq which will signal IRQ n to all CPUs in the SSE. */ + MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms); + + assert(irqno < MPS2TZ_NUMIRQ); + + switch (mmc->fpga_type) { + case FPGA_AN505: + return qdev_get_gpio_in_named(DEVICE(&mms->iotkit), "EXP_IRQ", irqno); + case FPGA_AN521: + return qdev_get_gpio_in(DEVICE(&mms->cpu_irq_splitter[irqno]), 0); + default: + g_assert_not_reached(); + } +} + /* Most of the devices in the AN505 FPGA image sit behind * Peripheral Protection Controllers. These data structures * define the layout of which devices sit behind which PPCs. @@ -XXX,XX +XXX,XX @@ static MemoryRegion *make_uart(MPS2TZMachineState *mms, void *opaque, int txirqno = i * 2 + 1; int combirqno = i + 10; SysBusDevice *s; - DeviceState *iotkitdev = DEVICE(&mms->iotkit); DeviceState *orgate_dev = DEVICE(&mms->uart_irq_orgate); sysbus_init_child_obj(OBJECT(mms), name, uart, sizeof(mms->uart[0]), @@ -XXX,XX +XXX,XX @@ static MemoryRegion *make_uart(MPS2TZMachineState *mms, void *opaque, qdev_prop_set_uint32(DEVICE(uart), "pclk-frq", SYSCLK_FRQ); object_property_set_bool(OBJECT(uart), true, "realized", &error_fatal); s = SYS_BUS_DEVICE(uart); - sysbus_connect_irq(s, 0, qdev_get_gpio_in_named(iotkitdev, - "EXP_IRQ", txirqno)); - sysbus_connect_irq(s, 1, qdev_get_gpio_in_named(iotkitdev, - "EXP_IRQ", rxirqno)); + sysbus_connect_irq(s, 0, get_sse_irq_in(mms, txirqno)); + sysbus_connect_irq(s, 1, get_sse_irq_in(mms, rxirqno)); sysbus_connect_irq(s, 2, qdev_get_gpio_in(orgate_dev, i * 2)); sysbus_connect_irq(s, 3, qdev_get_gpio_in(orgate_dev, i * 2 + 1)); - sysbus_connect_irq(s, 4, qdev_get_gpio_in_named(iotkitdev, - "EXP_IRQ", combirqno)); + sysbus_connect_irq(s, 4, get_sse_irq_in(mms, combirqno)); return sysbus_mmio_get_region(SYS_BUS_DEVICE(uart), 0); } @@ -XXX,XX +XXX,XX @@ static MemoryRegion *make_eth_dev(MPS2TZMachineState *mms, void *opaque, const char *name, hwaddr size) { SysBusDevice *s; - DeviceState *iotkitdev = DEVICE(&mms->iotkit); NICInfo *nd = &nd_table[0]; /* In hardware this is a LAN9220; the LAN9118 is software compatible @@ -XXX,XX +XXX,XX @@ static MemoryRegion *make_eth_dev(MPS2TZMachineState *mms, void *opaque, qdev_init_nofail(mms->lan9118); s = SYS_BUS_DEVICE(mms->lan9118); - sysbus_connect_irq(s, 0, qdev_get_gpio_in_named(iotkitdev, "EXP_IRQ", 16)); + sysbus_connect_irq(s, 0, get_sse_irq_in(mms, 16)); return sysbus_mmio_get_region(s, 0); } @@ -XXX,XX +XXX,XX @@ static MemoryRegion *make_dma(MPS2TZMachineState *mms, void *opaque, s = SYS_BUS_DEVICE(dma); /* Wire up DMACINTR, DMACINTERR, DMACINTTC */ - sysbus_connect_irq(s, 0, qdev_get_gpio_in_named(iotkitdev, - "EXP_IRQ", 58 + i * 3)); - sysbus_connect_irq(s, 1, qdev_get_gpio_in_named(iotkitdev, - "EXP_IRQ", 56 + i * 3)); - sysbus_connect_irq(s, 2, qdev_get_gpio_in_named(iotkitdev, - "EXP_IRQ", 57 + i * 3)); + sysbus_connect_irq(s, 0, get_sse_irq_in(mms, 58 + i * 3)); + sysbus_connect_irq(s, 1, get_sse_irq_in(mms, 56 + i * 3)); + sysbus_connect_irq(s, 2, get_sse_irq_in(mms, 57 + i * 3)); g_free(mscname); return sysbus_mmio_get_region(s, 0); @@ -XXX,XX +XXX,XX @@ static MemoryRegion *make_spi(MPS2TZMachineState *mms, void *opaque, */ PL022State *spi = opaque; int i = spi - &mms->spi[0]; - DeviceState *iotkitdev = DEVICE(&mms->iotkit); SysBusDevice *s; sysbus_init_child_obj(OBJECT(mms), name, spi, sizeof(mms->spi[0]), TYPE_PL022); object_property_set_bool(OBJECT(spi), true, "realized", &error_fatal); s = SYS_BUS_DEVICE(spi); - sysbus_connect_irq(s, 0, - qdev_get_gpio_in_named(iotkitdev, "EXP_IRQ", 51 + i)); + sysbus_connect_irq(s, 0, get_sse_irq_in(mms, 51 + i)); return sysbus_mmio_get_region(s, 0); } static void mps2tz_common_init(MachineState *machine) { MPS2TZMachineState *mms = MPS2TZ_MACHINE(machine); + MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms); MachineClass *mc = MACHINE_GET_CLASS(machine); MemoryRegion *system_memory = get_system_memory(); DeviceState *iotkitdev; @@ -XXX,XX +XXX,XX @@ static void mps2tz_common_init(MachineState *machine) iotkitdev = DEVICE(&mms->iotkit); object_property_set_link(OBJECT(&mms->iotkit), OBJECT(system_memory), "memory", &error_abort); - qdev_prop_set_uint32(iotkitdev, "EXP_NUMIRQ", 92); + qdev_prop_set_uint32(iotkitdev, "EXP_NUMIRQ", MPS2TZ_NUMIRQ); qdev_prop_set_uint32(iotkitdev, "MAINCLK", SYSCLK_FRQ); object_property_set_bool(OBJECT(&mms->iotkit), true, "realized", &error_fatal); + /* + * The AN521 needs us to create splitters to feed the IRQ inputs + * for each CPU in the SSE-200 from each device in the board. + */ + if (mmc->fpga_type == FPGA_AN521) { + for (i = 0; i < MPS2TZ_NUMIRQ; i++) { + char *name = g_strdup_printf("mps2-irq-splitter%d", i); + SplitIRQ *splitter = &mms->cpu_irq_splitter[i]; + + object_initialize_child(OBJECT(machine), name, + splitter, sizeof(*splitter), + TYPE_SPLIT_IRQ, &error_fatal, NULL); + g_free(name); + + object_property_set_int(OBJECT(splitter), 2, "num-lines", + &error_fatal); + object_property_set_bool(OBJECT(splitter), true, "realized", + &error_fatal); + qdev_connect_gpio_out(DEVICE(splitter), 0, + qdev_get_gpio_in_named(DEVICE(&mms->iotkit), + "EXP_IRQ", i)); + qdev_connect_gpio_out(DEVICE(splitter), 1, + qdev_get_gpio_in_named(DEVICE(&mms->iotkit), + "EXP_CPU1_IRQ", i)); + } + } + /* The sec_resp_cfg output from the IoTKit must be split into multiple * lines, one for each of the PPCs we create here, plus one per MSC. */ @@ -XXX,XX +XXX,XX @@ static void mps2tz_common_init(MachineState *machine) object_property_set_bool(OBJECT(&mms->uart_irq_orgate), true, "realized", &error_fatal); qdev_connect_gpio_out(DEVICE(&mms->uart_irq_orgate), 0, - qdev_get_gpio_in_named(iotkitdev, "EXP_IRQ", 15)); + get_sse_irq_in(mms, 15)); /* Most of the devices in the FPGA are behind Peripheral Protection * Controllers. The required order for initializing things is: -- 2.20.1 Add a model of the MPS2 FPGA image described in Application Note AN521. This is identical to the AN505 image, except that it uses the SSE-200 rather than the IoTKit and so has two Cortex-M33 CPUs. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190121185118.18550-24-peter.maydell@linaro.org --- hw/arm/mps2-tz.c | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/mps2-tz.c +++ b/hw/arm/mps2-tz.c @@ -XXX,XX +XXX,XX @@ * as seen by the guest depend significantly on the FPGA image. * This source file covers the following FPGA images, for TrustZone cores: * "mps2-an505" -- Cortex-M33 as documented in ARM Application Note AN505 + * "mps2-an521" -- Dual Cortex-M33 as documented in Application Note AN521 * * Links to the TRM for the board itself and to the various Application * Notes which document the FPGA images can be found here: @@ -XXX,XX +XXX,XX @@ * http://infocenter.arm.com/help/topic/com.arm.doc.100112_0200_06_en/versatile_express_cortex_m_prototyping_systems_v2m_mps2_and_v2m_mps2plus_technical_reference_100112_0200_06_en.pdf * Application Note AN505: * http://infocenter.arm.com/help/topic/com.arm.doc.dai0505b/index.html + * Application Note AN521: + * http://infocenter.arm.com/help/topic/com.arm.doc.dai0521c/index.html * * The AN505 defers to the Cortex-M33 processor ARMv8M IoT Kit FVP User Guide * (ARM ECM0601256) for the details of some of the device layout: * http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ecm0601256/index.html + * Similarly, the AN521 uses the SSE-200, and the SSE-200 TRM defines + * most of the device layout: + * http://infocenter.arm.com/help/topic/com.arm.doc.101104_0100_00_en/corelink_sse200_subsystem_for_embedded_technical_reference_manual_101104_0100_00_en.pdf + * */ #include "qemu/osdep.h" @@ -XXX,XX +XXX,XX @@ typedef struct { MachineClass parent; MPS2TZFPGAType fpga_type; uint32_t scc_id; + const char *armsse_type; } MPS2TZMachineClass; typedef struct { @@ -XXX,XX +XXX,XX @@ typedef struct { #define TYPE_MPS2TZ_MACHINE "mps2tz" #define TYPE_MPS2TZ_AN505_MACHINE MACHINE_TYPE_NAME("mps2-an505") +#define TYPE_MPS2TZ_AN521_MACHINE MACHINE_TYPE_NAME("mps2-an521") #define MPS2TZ_MACHINE(obj) \ OBJECT_CHECK(MPS2TZMachineState, obj, TYPE_MPS2TZ_MACHINE) @@ -XXX,XX +XXX,XX @@ static void mps2tz_common_init(MachineState *machine) } sysbus_init_child_obj(OBJECT(machine), "iotkit", &mms->iotkit, - sizeof(mms->iotkit), TYPE_IOTKIT); + sizeof(mms->iotkit), mmc->armsse_type); iotkitdev = DEVICE(&mms->iotkit); object_property_set_link(OBJECT(&mms->iotkit), OBJECT(system_memory), "memory", &error_abort); @@ -XXX,XX +XXX,XX @@ static void mps2tz_class_init(ObjectClass *oc, void *data) IDAUInterfaceClass *iic = IDAU_INTERFACE_CLASS(oc); mc->init = mps2tz_common_init; - mc->max_cpus = 1; iic->check = mps2_tz_idau_check; } @@ -XXX,XX +XXX,XX @@ static void mps2tz_an505_class_init(ObjectClass *oc, void *data) MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_CLASS(oc); mc->desc = "ARM MPS2 with AN505 FPGA image for Cortex-M33"; + mc->default_cpus = 1; + mc->min_cpus = mc->default_cpus; + mc->max_cpus = mc->default_cpus; mmc->fpga_type = FPGA_AN505; mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-m33"); mmc->scc_id = 0x41045050; + mmc->armsse_type = TYPE_IOTKIT; +} + +static void mps2tz_an521_class_init(ObjectClass *oc, void *data) +{ + MachineClass *mc = MACHINE_CLASS(oc); + MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_CLASS(oc); + + mc->desc = "ARM MPS2 with AN521 FPGA image for dual Cortex-M33"; + mc->default_cpus = 2; + mc->min_cpus = mc->default_cpus; + mc->max_cpus = mc->default_cpus; + mmc->fpga_type = FPGA_AN521; + mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-m33"); + mmc->scc_id = 0x41045210; + mmc->armsse_type = TYPE_SSE200; } static const TypeInfo mps2tz_info = { @@ -XXX,XX +XXX,XX @@ static const TypeInfo mps2tz_an505_info = { .class_init = mps2tz_an505_class_init, }; +static const TypeInfo mps2tz_an521_info = { + .name = TYPE_MPS2TZ_AN521_MACHINE, + .parent = TYPE_MPS2TZ_MACHINE, + .class_init = mps2tz_an521_class_init, +}; + static void mps2tz_machine_init(void) { type_register_static(&mps2tz_info); type_register_static(&mps2tz_an505_info); + type_register_static(&mps2tz_an521_info); } type_init(mps2tz_machine_init); -- 2.20.1 The "system instructions" and "system register move" subcategories of "branches, exception generating and system instructions" for A64 only apply if bits [23:22] are zero; other values are currently unallocated. Correctly UNDEF these unallocated encodings. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Message-id: 20190125182626.9221-2-peter.maydell@linaro.org --- target/arm/translate-a64.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void disas_b_exc_sys(DisasContext *s, uint32_t insn) break; case 0x6a: /* Exception generation / System */ if (insn & (1 << 24)) { - disas_system(s, insn); + if (extract32(insn, 22, 2) == 0) { + disas_system(s, insn); + } else { + unallocated_encoding(s); + } } else { disas_exc(s, insn); } -- 2.20.1 The PRFM prefetch insn in the load/store with imm9 encodings requires idx field 0b00; we were underdecoding this by only checking !is_unpriv (which is equivalent to idx != 2). Correctly UNDEF the unallocated encodings where idx == 0b01 and 0b11 as well as 0b10. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Message-id: 20190125182626.9221-3-peter.maydell@linaro.org --- target/arm/translate-a64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_imm9(DisasContext *s, uint32_t insn, } else { if (size == 3 && opc == 2) { /* PRFM - prefetch */ - if (is_unpriv) { + if (idx != 0) { unallocated_encoding(s); return; } -- 2.20.1 In the AdvSIMD load/store multiple structures encodings, the non-post-indexed case should have zeroes in [20:16] (which is the Rm field for the post-indexed case). Correctly UNDEF the currently unallocated encodings which have non-zeroes in those bits. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Message-id: 20190125182626.9221-4-peter.maydell@linaro.org --- target/arm/translate-a64.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn) { int rt = extract32(insn, 0, 5); int rn = extract32(insn, 5, 5); + int rm = extract32(insn, 16, 5); int size = extract32(insn, 10, 2); int opcode = extract32(insn, 12, 4); bool is_store = !extract32(insn, 22, 1); @@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn) return; } + if (!is_postidx && rm != 0) { + unallocated_encoding(s); + return; + } + /* From the shared decode logic */ switch (opcode) { case 0x0: @@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn) } if (is_postidx) { - int rm = extract32(insn, 16, 5); if (rm == 31) { tcg_gen_mov_i64(tcg_rn, tcg_addr); } else { -- 2.20.1 In the AdvSIMD load/store single structure encodings, the non-post-indexed case should have zeroes in [20:16] (which is the Rm field for the post-indexed case). Bit 31 must also be zero (a check we got right in ldst_multiple but not here). Correctly UNDEF these unallocated encodings. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Message-id: 20190125182626.9221-5-peter.maydell@linaro.org --- target/arm/translate-a64.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn) { int rt = extract32(insn, 0, 5); int rn = extract32(insn, 5, 5); + int rm = extract32(insn, 16, 5); int size = extract32(insn, 10, 2); int S = extract32(insn, 12, 1); int opc = extract32(insn, 13, 3); @@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn) int ebytes, xs; TCGv_i64 tcg_addr, tcg_rn, tcg_ebytes; + if (extract32(insn, 31, 1)) { + unallocated_encoding(s); + return; + } + if (!is_postidx && rm != 0) { + unallocated_encoding(s); + return; + } + switch (scale) { case 3: if (!is_load || S) { @@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn) } if (is_postidx) { - int rm = extract32(insn, 16, 5); if (rm == 31) { tcg_gen_mov_i64(tcg_rn, tcg_addr); } else { -- 2.20.1 In the "add/subtract (extended register)" encoding group, the "opt" field in bits [23:22] must be zero. Correctly UNDEF the unallocated encodings where this field is not zero. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Message-id: 20190125182626.9221-6-peter.maydell@linaro.org --- target/arm/translate-a64.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void disas_add_sub_ext_reg(DisasContext *s, uint32_t insn) int imm3 = extract32(insn, 10, 3); int option = extract32(insn, 13, 3); int rm = extract32(insn, 16, 5); + int opt = extract32(insn, 22, 2); bool setflags = extract32(insn, 29, 1); bool sub_op = extract32(insn, 30, 1); bool sf = extract32(insn, 31, 1); @@ -XXX,XX +XXX,XX @@ static void disas_add_sub_ext_reg(DisasContext *s, uint32_t insn) TCGv_i64 tcg_rd; TCGv_i64 tcg_result; - if (imm3 > 4) { + if (imm3 > 4 || opt != 0) { unallocated_encoding(s); return; } -- 2.20.1 In the encoding groups * floating-point data-processing (1 source) * floating-point data-processing (2 source) * floating-point data-processing (3 source) * floating-point immediate * floating-point compare * floating-ponit conditional compare * floating-point conditional select bit 31 is M and bit 29 is S (and bit 30 is 0, already checked at this point in the decode). None of these groups allocate any encoding for M=1 or S=1. We checked this in disas_fp_compare(), disas_fp_ccomp() and disas_fp_csel(), but missed it in disas_fp_1src(), disas_fp_2src(), disas_fp_3src() and disas_fp_imm(). We also missed that in the fp immediate encoding the imm5 field must be all zeroes. Correctly UNDEF the unallocated encodings here. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Message-id: 20190125182626.9221-7-peter.maydell@linaro.org --- target/arm/translate-a64.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void handle_fp_fcvt(DisasContext *s, int opcode, */ static void disas_fp_1src(DisasContext *s, uint32_t insn) { + int mos = extract32(insn, 29, 3); int type = extract32(insn, 22, 2); int opcode = extract32(insn, 15, 6); int rn = extract32(insn, 5, 5); int rd = extract32(insn, 0, 5); + if (mos) { + unallocated_encoding(s); + return; + } + switch (opcode) { case 0x4: case 0x5: case 0x7: { @@ -XXX,XX +XXX,XX @@ static void handle_fp_2src_half(DisasContext *s, int opcode, */ static void disas_fp_2src(DisasContext *s, uint32_t insn) { + int mos = extract32(insn, 29, 3); int type = extract32(insn, 22, 2); int rd = extract32(insn, 0, 5); int rn = extract32(insn, 5, 5); int rm = extract32(insn, 16, 5); int opcode = extract32(insn, 12, 4); - if (opcode > 8) { + if (opcode > 8 || mos) { unallocated_encoding(s); return; } @@ -XXX,XX +XXX,XX @@ static void handle_fp_3src_half(DisasContext *s, bool o0, bool o1, */ static void disas_fp_3src(DisasContext *s, uint32_t insn) { + int mos = extract32(insn, 29, 3); int type = extract32(insn, 22, 2); int rd = extract32(insn, 0, 5); int rn = extract32(insn, 5, 5); @@ -XXX,XX +XXX,XX @@ static void disas_fp_3src(DisasContext *s, uint32_t insn) bool o0 = extract32(insn, 15, 1); bool o1 = extract32(insn, 21, 1); + if (mos) { + unallocated_encoding(s); + return; + } + switch (type) { case 0: if (!fp_access_check(s)) { @@ -XXX,XX +XXX,XX @@ uint64_t vfp_expand_imm(int size, uint8_t imm8) static void disas_fp_imm(DisasContext *s, uint32_t insn) { int rd = extract32(insn, 0, 5); + int imm5 = extract32(insn, 5, 5); int imm8 = extract32(insn, 13, 8); int type = extract32(insn, 22, 2); + int mos = extract32(insn, 29, 3); uint64_t imm; TCGv_i64 tcg_res; TCGMemOp sz; + if (mos || imm5) { + unallocated_encoding(s); + return; + } + switch (type) { case 0: sz = MO_32; -- 2.20.1 In the AdvSIMD scalar x indexed element and vector x indexed element encoding group, the SDOT and UDOT instructions are vector only, and their opcode is unallocated in the scalar group. Correctly UNDEF this unallocated encoding. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Message-id: 20190125182626.9221-8-peter.maydell@linaro.org --- target/arm/translate-a64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn) break; case 0x0e: /* SDOT */ case 0x1e: /* UDOT */ - if (size != MO_32 || !dc_isar_feature(aa64_dp, s)) { + if (is_scalar || size != MO_32 || !dc_isar_feature(aa64_dp, s)) { unallocated_encoding(s); return; } -- 2.20.1 The tcg_register_iommu_notifier() code has a GArray of TCGIOMMUNotifier structs which it has registered by passing memory_region_register_iommu_notifier() a pointer to the embedded IOMMUNotifier field. Unfortunately, if we need to enlarge the array via g_array_set_size() this can cause a realloc(), which invalidates the pointer that memory_region_register_iommu_notifier() put into the MemoryRegion's iommu_notify list. This can result in segfaults. Switch the GArray to holding pointers to the TCGIOMMUNotifier structs, so that we can individually allocate and free them. Cc: qemu-stable@nongnu.org Fixes: 1f871c5e6b0f30644a60a ("exec.c: Handle IOMMUs in address_space_translate_for_iotlb()") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190128174241.5860-1-peter.maydell@linaro.org --- exec.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/exec.c b/exec.c index XXXXXXX..XXXXXXX 100644 --- a/exec.c +++ b/exec.c @@ -XXX,XX +XXX,XX @@ static void tcg_register_iommu_notifier(CPUState *cpu, int i; for (i = 0; i < cpu->iommu_notifiers->len; i++) { - notifier = &g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier, i); + notifier = g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier *, i); if (notifier->mr == mr && notifier->iommu_idx == iommu_idx) { break; } @@ -XXX,XX +XXX,XX @@ static void tcg_register_iommu_notifier(CPUState *cpu, if (i == cpu->iommu_notifiers->len) { /* Not found, add a new entry at the end of the array */ cpu->iommu_notifiers = g_array_set_size(cpu->iommu_notifiers, i + 1); - notifier = &g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier, i); + notifier = g_new0(TCGIOMMUNotifier, 1); + g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier *, i) = notifier; notifier->mr = mr; notifier->iommu_idx = iommu_idx; @@ -XXX,XX +XXX,XX @@ static void tcg_iommu_free_notifier_list(CPUState *cpu) TCGIOMMUNotifier *notifier; for (i = 0; i < cpu->iommu_notifiers->len; i++) { - notifier = &g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier, i); + notifier = g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier *, i); memory_region_unregister_iommu_notifier(notifier->mr, &notifier->n); + g_free(notifier); } g_array_free(cpu->iommu_notifiers, true); } @@ -XXX,XX +XXX,XX @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp) vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu); } - cpu->iommu_notifiers = g_array_new(false, true, sizeof(TCGIOMMUNotifier)); + cpu->iommu_notifiers = g_array_new(false, true, sizeof(TCGIOMMUNotifier *)); #endif } -- 2.20.1 The FCMLA (by element) instruction exists in the "vector x indexed element" encoding group, but not in the "scalar x indexed element" group. Correctly UNDEF the unallocated encodings. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Message-id: 20190129140411.682-2-peter.maydell@linaro.org --- target/arm/translate-a64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn) case 0x13: /* FCMLA #90 */ case 0x15: /* FCMLA #180 */ case 0x17: /* FCMLA #270 */ - if (!dc_isar_feature(aa64_fcma, s)) { + if (is_scalar || !dc_isar_feature(aa64_fcma, s)) { unallocated_encoding(s); return; } -- 2.20.1 In disas_simd_indexed(), for the case of "complex fp", each indexable element is a complex pair, so the total size is twice that indicated in the 'size' field in the encoding. We were trying to do this "double the size" operation with a left shift by 1, but this is incorrect because the 'size' field is a MO_8/MO_16/MO_32/MO_64 value, and doubling the size should be done by a simple increment. This meant we were mishandling FCMLA (by element) of values where the real and imaginary parts are 32-bit floats, and would incorrectly UNDEF this encoding. (No other insns take this code path, and for 16-bit floats it happens that 1 << 1 and 1 + 1 are both the same). Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Message-id: 20190129140411.682-3-peter.maydell@linaro.org --- target/arm/translate-a64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn) case 2: /* complex fp */ /* Each indexable element is a complex pair. */ - size <<= 1; + size += 1; switch (size) { case MO_32: if (h && !is_q) { -- 2.20.1 From: Aaron Lindsay OS <aaron@os.amperecomputing.com> Whenever we notice that a counter overflow has occurred, send an interrupt. This is made more reliable with the addition of a timer in a follow-on commit. Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190124162401.5111-2-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/helper.c | 61 +++++++++++++++++++++++++++++++++++++-------- 1 file changed, 51 insertions(+), 10 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v6_cp_reginfo[] = { /* Definitions for the PMU registers */ #define PMCRN_MASK 0xf800 #define PMCRN_SHIFT 11 +#define PMCRLC 0x40 #define PMCRDP 0x10 #define PMCRD 0x8 #define PMCRC 0x4 @@ -XXX,XX +XXX,XX @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter) return enabled && !prohibited && !filtered; } +static void pmu_update_irq(CPUARMState *env) +{ + ARMCPU *cpu = arm_env_get_cpu(env); + qemu_set_irq(cpu->pmu_interrupt, (env->cp15.c9_pmcr & PMCRE) && + (env->cp15.c9_pminten & env->cp15.c9_pmovsr)); +} + /* * Ensure c15_ccnt is the guest-visible count so that operations such as * enabling/disabling the counter or filtering, modifying the count itself, @@ -XXX,XX +XXX,XX @@ void pmccntr_op_start(CPUARMState *env) eff_cycles /= 64; } - env->cp15.c15_ccnt = eff_cycles - env->cp15.c15_ccnt_delta; + uint64_t new_pmccntr = eff_cycles - env->cp15.c15_ccnt_delta; + + uint64_t overflow_mask = env->cp15.c9_pmcr & PMCRLC ? \ + 1ull << 63 : 1ull << 31; + if (env->cp15.c15_ccnt & ~new_pmccntr & overflow_mask) { + env->cp15.c9_pmovsr |= (1 << 31); + pmu_update_irq(env); + } + + env->cp15.c15_ccnt = new_pmccntr; } env->cp15.c15_ccnt_delta = cycles; } @@ -XXX,XX +XXX,XX @@ static void pmevcntr_op_start(CPUARMState *env, uint8_t counter) } if (pmu_counter_enabled(env, counter)) { - env->cp15.c14_pmevcntr[counter] = - count - env->cp15.c14_pmevcntr_delta[counter]; + uint32_t new_pmevcntr = count - env->cp15.c14_pmevcntr_delta[counter]; + + if (env->cp15.c14_pmevcntr[counter] & ~new_pmevcntr & INT32_MIN) { + env->cp15.c9_pmovsr |= (1 << counter); + pmu_update_irq(env); + } + env->cp15.c14_pmevcntr[counter] = new_pmevcntr; } env->cp15.c14_pmevcntr_delta[counter] = count; } @@ -XXX,XX +XXX,XX @@ static void pmswinc_write(CPUARMState *env, const ARMCPRegInfo *ri, /* counter is SW_INCR */ (env->cp15.c14_pmevtyper[i] & PMXEVTYPER_EVTCOUNT) == 0x0) { pmevcntr_op_start(env, i); - env->cp15.c14_pmevcntr[i]++; + + /* + * Detect if this write causes an overflow since we can't predict + * PMSWINC overflows like we can for other events + */ + uint32_t new_pmswinc = env->cp15.c14_pmevcntr[i] + 1; + + if (env->cp15.c14_pmevcntr[i] & ~new_pmswinc & INT32_MIN) { + env->cp15.c9_pmovsr |= (1 << i); + pmu_update_irq(env); + } + + env->cp15.c14_pmevcntr[i] = new_pmswinc; + pmevcntr_op_finish(env, i); } } @@ -XXX,XX +XXX,XX @@ static void pmovsr_write(CPUARMState *env, const ARMCPRegInfo *ri, { value &= pmu_counter_mask(env); env->cp15.c9_pmovsr &= ~value; + pmu_update_irq(env); } static void pmovsset_write(CPUARMState *env, const ARMCPRegInfo *ri, @@ -XXX,XX +XXX,XX @@ static void pmovsset_write(CPUARMState *env, const ARMCPRegInfo *ri, { value &= pmu_counter_mask(env); env->cp15.c9_pmovsr |= value; + pmu_update_irq(env); } static void pmevtyper_write(CPUARMState *env, const ARMCPRegInfo *ri, @@ -XXX,XX +XXX,XX @@ static void pmintenset_write(CPUARMState *env, const ARMCPRegInfo *ri, /* We have no event counters so only the C bit can be changed */ value &= pmu_counter_mask(env); env->cp15.c9_pminten |= value; + pmu_update_irq(env); } static void pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri, @@ -XXX,XX +XXX,XX @@ static void pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri, { value &= pmu_counter_mask(env); env->cp15.c9_pminten &= ~value; + pmu_update_irq(env); } static void vbar_write(CPUARMState *env, const ARMCPRegInfo *ri, @@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = { .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten), .writefn = pmcntenclr_write }, { .name = "PMOVSR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 3, - .access = PL0_RW, + .access = PL0_RW, .type = ARM_CP_IO, .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmovsr), .accessfn = pmreg_access, .writefn = pmovsr_write, @@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = { { .name = "PMOVSCLR_EL0", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 3, .access = PL0_RW, .accessfn = pmreg_access, - .type = ARM_CP_ALIAS, + .type = ARM_CP_ALIAS | ARM_CP_IO, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr), .writefn = pmovsr_write, .raw_writefn = raw_write }, { .name = "PMSWINC", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 4, - .access = PL0_W, .accessfn = pmreg_access_swinc, .type = ARM_CP_NO_RAW, + .access = PL0_W, .accessfn = pmreg_access_swinc, + .type = ARM_CP_NO_RAW | ARM_CP_IO, .writefn = pmswinc_write }, { .name = "PMSWINC_EL0", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 4, - .access = PL0_W, .accessfn = pmreg_access_swinc, .type = ARM_CP_NO_RAW, + .access = PL0_W, .accessfn = pmreg_access_swinc, + .type = ARM_CP_NO_RAW | ARM_CP_IO, .writefn = pmswinc_write }, { .name = "PMSELR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 5, .access = PL0_RW, .type = ARM_CP_ALIAS, @@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pmovsset_cp_reginfo[] = { /* PMOVSSET is not implemented in v7 before v7ve */ { .name = "PMOVSSET", .cp = 15, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 3, .access = PL0_RW, .accessfn = pmreg_access, - .type = ARM_CP_ALIAS, + .type = ARM_CP_ALIAS | ARM_CP_IO, .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmovsr), .writefn = pmovsset_write, .raw_writefn = raw_write }, { .name = "PMOVSSET_EL0", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 14, .opc2 = 3, .access = PL0_RW, .accessfn = pmreg_access, - .type = ARM_CP_ALIAS, + .type = ARM_CP_ALIAS | ARM_CP_IO, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr), .writefn = pmovsset_write, .raw_writefn = raw_write }, -- 2.20.1 From: Aaron Lindsay OS <aaron@os.amperecomputing.com> Make PMU overflow interrupts more accurate by using a timer to predict when they will overflow rather than waiting for an event to occur which allows us to otherwise check them. Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190124162401.5111-3-aaron@os.amperecomputing.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 10 +++++++ target/arm/cpu.c | 12 ++++++++ target/arm/helper.c | 72 +++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 92 insertions(+), 2 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ struct ARMCPU { /* Timers used by the generic (architected) timer */ QEMUTimer *gt_timer[NUM_GTIMERS]; + /* + * Timer used by the PMU. Its state is restored after migration by + * pmu_op_finish() - it does not need other handling during migration + */ + QEMUTimer *pmu_timer; /* GPIO outputs for generic timer */ qemu_irq gt_timer_outputs[NUM_GTIMERS]; /* GPIO output for GICv3 maintenance interrupt signal */ @@ -XXX,XX +XXX,XX @@ void pmccntr_op_finish(CPUARMState *env); void pmu_op_start(CPUARMState *env); void pmu_op_finish(CPUARMState *env); +/* + * Called when a PMU counter is due to overflow + */ +void arm_pmu_timer_cb(void *opaque); + /** * Functions to register as EL change hooks for PMU mode filtering */ diff --git a/target/arm/cpu.c b/target/arm/cpu.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -XXX,XX +XXX,XX @@ static void arm_cpu_finalizefn(Object *obj) QLIST_REMOVE(hook, node); g_free(hook); } +#ifndef CONFIG_USER_ONLY + if (cpu->pmu_timer) { + timer_del(cpu->pmu_timer); + timer_deinit(cpu->pmu_timer); + timer_free(cpu->pmu_timer); + } +#endif } static void arm_cpu_realizefn(DeviceState *dev, Error **errp) @@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp) arm_register_pre_el_change_hook(cpu, &pmu_pre_el_change, 0); arm_register_el_change_hook(cpu, &pmu_post_el_change, 0); } + +#ifndef CONFIG_USER_ONLY + cpu->pmu_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, arm_pmu_timer_cb, + cpu); +#endif } else { cpu->id_aa64dfr0 &= ~0xf00; cpu->pmceid0 = 0; diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ typedef struct pm_event { * counters hold a difference from the return value from this function */ uint64_t (*get_count)(CPUARMState *); + /* + * Return how many nanoseconds it will take (at a minimum) for count events + * to occur. A negative value indicates the counter will never overflow, or + * that the counter has otherwise arranged for the overflow bit to be set + * and the PMU interrupt to be raised on overflow. + */ + int64_t (*ns_per_count)(uint64_t); } pm_event; static bool event_always_supported(CPUARMState *env) @@ -XXX,XX +XXX,XX @@ static uint64_t swinc_get_count(CPUARMState *env) return 0; } +static int64_t swinc_ns_per(uint64_t ignored) +{ + return -1; +} + /* * Return the underlying cycle count for the PMU cycle counters. If we're in * usermode, simply return 0. @@ -XXX,XX +XXX,XX @@ static uint64_t cycles_get_count(CPUARMState *env) } #ifndef CONFIG_USER_ONLY +static int64_t cycles_ns_per(uint64_t cycles) +{ + return (ARM_CPU_FREQ / NANOSECONDS_PER_SECOND) * cycles; +} + static bool instructions_supported(CPUARMState *env) { return use_icount == 1 /* Precise instruction counting */; @@ -XXX,XX +XXX,XX @@ static uint64_t instructions_get_count(CPUARMState *env) { return (uint64_t)cpu_get_icount_raw(); } + +static int64_t instructions_ns_per(uint64_t icount) +{ + return cpu_icount_to_ns((int64_t)icount); +} #endif static const pm_event pm_events[] = { { .number = 0x000, /* SW_INCR */ .supported = event_always_supported, .get_count = swinc_get_count, + .ns_per_count = swinc_ns_per, }, #ifndef CONFIG_USER_ONLY { .number = 0x008, /* INST_RETIRED, Instruction architecturally executed */ .supported = instructions_supported, .get_count = instructions_get_count, + .ns_per_count = instructions_ns_per, }, { .number = 0x011, /* CPU_CYCLES, Cycle */ .supported = event_always_supported, .get_count = cycles_get_count, + .ns_per_count = cycles_ns_per, } #endif }; @@ -XXX,XX +XXX,XX @@ void pmccntr_op_start(CPUARMState *env) void pmccntr_op_finish(CPUARMState *env) { if (pmu_counter_enabled(env, 31)) { - uint64_t prev_cycles = env->cp15.c15_ccnt_delta; +#ifndef CONFIG_USER_ONLY + /* Calculate when the counter will next overflow */ + uint64_t remaining_cycles = -env->cp15.c15_ccnt; + if (!(env->cp15.c9_pmcr & PMCRLC)) { + remaining_cycles = (uint32_t)remaining_cycles; + } + int64_t overflow_in = cycles_ns_per(remaining_cycles); + if (overflow_in > 0) { + int64_t overflow_at = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + + overflow_in; + ARMCPU *cpu = arm_env_get_cpu(env); + timer_mod_anticipate_ns(cpu->pmu_timer, overflow_at); + } +#endif + + uint64_t prev_cycles = env->cp15.c15_ccnt_delta; if (env->cp15.c9_pmcr & PMCRD) { /* Increment once every 64 processor clock cycles */ prev_cycles /= 64; } - env->cp15.c15_ccnt_delta = prev_cycles - env->cp15.c15_ccnt; } } @@ -XXX,XX +XXX,XX @@ static void pmevcntr_op_start(CPUARMState *env, uint8_t counter) static void pmevcntr_op_finish(CPUARMState *env, uint8_t counter) { if (pmu_counter_enabled(env, counter)) { +#ifndef CONFIG_USER_ONLY + uint16_t event = env->cp15.c14_pmevtyper[counter] & PMXEVTYPER_EVTCOUNT; + uint16_t event_idx = supported_event_map[event]; + uint64_t delta = UINT32_MAX - + (uint32_t)env->cp15.c14_pmevcntr[counter] + 1; + int64_t overflow_in = pm_events[event_idx].ns_per_count(delta); + + if (overflow_in > 0) { + int64_t overflow_at = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + + overflow_in; + ARMCPU *cpu = arm_env_get_cpu(env); + timer_mod_anticipate_ns(cpu->pmu_timer, overflow_at); + } +#endif + env->cp15.c14_pmevcntr_delta[counter] -= env->cp15.c14_pmevcntr[counter]; } @@ -XXX,XX +XXX,XX @@ void pmu_post_el_change(ARMCPU *cpu, void *ignored) pmu_op_finish(&cpu->env); } +void arm_pmu_timer_cb(void *opaque) +{ + ARMCPU *cpu = opaque; + + /* + * Update all the counter values based on the current underlying counts, + * triggering interrupts to be raised, if necessary. pmu_op_finish() also + * has the effect of setting the cpu->pmu_timer to the next earliest time a + * counter may expire. + */ + pmu_op_start(&cpu->env); + pmu_op_finish(&cpu->env); +} + static void pmcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> These bits become writable with the ARMv8.3-PAuth extension. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190129143511.12311-1-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/helper.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) if (cpu_isar_feature(aa64_lor, cpu)) { valid_mask |= SCR_TLOR; } + if (cpu_isar_feature(aa64_pauth, cpu)) { + valid_mask |= SCR_API | SCR_APK; + } /* Clear all-context RES0 bits. */ value &= valid_mask; @@ -XXX,XX +XXX,XX @@ static void hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) if (cpu_isar_feature(aa64_lor, cpu)) { valid_mask |= HCR_TLOR; } + if (cpu_isar_feature(aa64_pauth, cpu)) { + valid_mask |= HCR_API | HCR_APK; + } /* Clear RES0 bits. */ value &= valid_mask; -- 2.20.1 From: Julia Suvorova <jusual@mail.ru> Until now, the set_pc logic was unclear, which raised questions about whether it should be used directly, applying a value to PC or adding additional checks, for example, set the Thumb bit in Arm cpu. Let's set the set_pc logic for “Configure the PC, as was done in the ELF file” and implement synchronize_with_tb hook for preserving PC to cpu_tb_exec. Signed-off-by: Julia Suvorova <jusual@mail.ru> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20190129121817.7109-1-jusual@mail.ru Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/qom/cpu.h | 16 ++++++++++++++-- hw/arm/boot.c | 4 ---- target/arm/arm-powerctl.c | 3 --- target/arm/cpu.c | 26 +++++++++++++++++++++++++- target/arm/cpu64.c | 15 --------------- 5 files changed, 39 insertions(+), 25 deletions(-) diff --git a/include/qom/cpu.h b/include/qom/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/include/qom/cpu.h +++ b/include/qom/cpu.h @@ -XXX,XX +XXX,XX @@ struct TranslationBlock; * @get_arch_id: Callback for getting architecture-dependent CPU ID. * @get_paging_enabled: Callback for inquiring whether paging is enabled. * @get_memory_mapping: Callback for obtaining the memory mappings. - * @set_pc: Callback for setting the Program Counter register. + * @set_pc: Callback for setting the Program Counter register. This + * should have the semantics used by the target architecture when + * setting the PC from a source such as an ELF file entry point; + * for example on Arm it will also set the Thumb mode bit based + * on the least significant bit of the new PC value. + * If the target behaviour here is anything other than "set + * the PC register to the value passed in" then the target must + * also implement the synchronize_from_tb hook. * @synchronize_from_tb: Callback for synchronizing state from a TCG - * #TranslationBlock. + * #TranslationBlock. This is called when we abandon execution + * of a TB before starting it, and must set all parts of the CPU + * state which the previous TB in the chain may not have updated. + * This always includes at least the program counter; some targets + * will need to do more. If this hook is not implemented then the + * default is to call @set_pc(tb->pc). * @handle_mmu_fault: Callback for handling an MMU fault. * @get_phys_page_debug: Callback for obtaining a physical address. * @get_phys_page_attrs_debug: Callback for obtaining a physical address and the diff --git a/hw/arm/boot.c b/hw/arm/boot.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque) g_assert_not_reached(); } - if (!env->aarch64) { - env->thumb = info->entry & 1; - entry &= 0xfffffffe; - } cpu_set_pc(cs, entry); } else { /* If we are booting Linux then we need to check whether we are diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/arm-powerctl.c +++ b/target/arm/arm-powerctl.c @@ -XXX,XX +XXX,XX @@ static void arm_set_cpu_on_async_work(CPUState *target_cpu_state, if (info->target_aa64) { target_cpu->env.xregs[0] = info->context_id; - target_cpu->env.thumb = false; } else { target_cpu->env.regs[0] = info->context_id; - target_cpu->env.thumb = info->entry & 1; - info->entry &= 0xfffffffe; } /* Start the new CPU at the requested address */ diff --git a/target/arm/cpu.c b/target/arm/cpu.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -XXX,XX +XXX,XX @@ static void arm_cpu_set_pc(CPUState *cs, vaddr value) { ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; - cpu->env.regs[15] = value; + if (is_a64(env)) { + env->pc = value; + env->thumb = 0; + } else { + env->regs[15] = value & ~1; + env->thumb = value & 1; + } +} + +static void arm_cpu_synchronize_from_tb(CPUState *cs, TranslationBlock *tb) +{ + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + + /* + * It's OK to look at env for the current mode here, because it's + * never possible for an AArch64 TB to chain to an AArch32 TB. + */ + if (is_a64(env)) { + env->pc = tb->pc; + } else { + env->regs[15] = tb->pc; + } } static bool arm_cpu_has_work(CPUState *cs) @@ -XXX,XX +XXX,XX @@ static void arm_cpu_class_init(ObjectClass *oc, void *data) cc->cpu_exec_interrupt = arm_cpu_exec_interrupt; cc->dump_state = arm_cpu_dump_state; cc->set_pc = arm_cpu_set_pc; + cc->synchronize_from_tb = arm_cpu_synchronize_from_tb; cc->gdb_read_register = arm_cpu_gdb_read_register; cc->gdb_write_register = arm_cpu_gdb_write_register; #ifdef CONFIG_USER_ONLY diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_cpu_finalizefn(Object *obj) { } -static void aarch64_cpu_set_pc(CPUState *cs, vaddr value) -{ - ARMCPU *cpu = ARM_CPU(cs); - /* It's OK to look at env for the current mode here, because it's - * never possible for an AArch64 TB to chain to an AArch32 TB. - * (Otherwise we would need to use synchronize_from_tb instead.) - */ - if (is_a64(&cpu->env)) { - cpu->env.pc = value; - } else { - cpu->env.regs[15] = value; - } -} - static gchar *aarch64_gdb_arch_name(CPUState *cs) { return g_strdup("aarch64"); @@ -XXX,XX +XXX,XX @@ static void aarch64_cpu_class_init(ObjectClass *oc, void *data) CPUClass *cc = CPU_CLASS(oc); cc->cpu_exec_interrupt = arm_cpu_exec_interrupt; - cc->set_pc = aarch64_cpu_set_pc; cc->gdb_read_register = aarch64_cpu_gdb_read_register; cc->gdb_write_register = aarch64_cpu_gdb_write_register; cc->gdb_num_core_regs = 34; -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> Drop the pac properties. This approach cannot work as written because the properties are applied before arm_cpu_reset, which zeros SCTLR_EL1 (amongst everything else). We can re-introduce the properties if they turn out to be useful. But since linux 5.0 enables all of the keys, they may not be. Fixes: 1ae9cfbd470 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.c | 3 +++ target/arm/cpu64.c | 60 ---------------------------------------------- 2 files changed, 3 insertions(+), 60 deletions(-) diff --git a/target/arm/cpu.c b/target/arm/cpu.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(CPUState *s) env->pstate = PSTATE_MODE_EL0t; /* Userspace expects access to DC ZVA, CTL_EL0 and the cache ops */ env->cp15.sctlr_el[1] |= SCTLR_UCT | SCTLR_UCI | SCTLR_DZE; + /* Enable all PAC keys. */ + env->cp15.sctlr_el[1] |= (SCTLR_EnIA | SCTLR_EnIB | + SCTLR_EnDA | SCTLR_EnDB); /* Enable all PAC instructions */ env->cp15.hcr_el2 |= HCR_API; env->cp15.scr_el3 |= SCR_API; diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ static void cpu_max_set_sve_vq(Object *obj, Visitor *v, const char *name, error_propagate(errp, err); } -#ifdef CONFIG_USER_ONLY -static void cpu_max_get_packey(Object *obj, Visitor *v, const char *name, - void *opaque, Error **errp) -{ - ARMCPU *cpu = ARM_CPU(obj); - const uint64_t *bit = opaque; - bool enabled = (cpu->env.cp15.sctlr_el[1] & *bit) != 0; - - visit_type_bool(v, name, &enabled, errp); -} - -static void cpu_max_set_packey(Object *obj, Visitor *v, const char *name, - void *opaque, Error **errp) -{ - ARMCPU *cpu = ARM_CPU(obj); - Error *err = NULL; - const uint64_t *bit = opaque; - bool enabled; - - visit_type_bool(v, name, &enabled, errp); - - if (!err) { - if (enabled) { - cpu->env.cp15.sctlr_el[1] |= *bit; - } else { - cpu->env.cp15.sctlr_el[1] &= ~*bit; - } - } - error_propagate(errp, err); -} -#endif - /* -cpu max: if KVM is enabled, like -cpu host (best possible with this host); * otherwise, a CPU with as many features enabled as our emulation supports. * The version of '-cpu max' for qemu-system-arm is defined in cpu.c; @@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj) */ cpu->ctr = 0x80038003; /* 32 byte I and D cacheline size, VIPT icache */ cpu->dcz_blocksize = 7; /* 512 bytes */ - - /* - * Note that Linux will enable enable all of the keys at once. - * But doing it this way will allow experimentation beyond that. - */ - { - static const uint64_t apia_bit = SCTLR_EnIA; - static const uint64_t apib_bit = SCTLR_EnIB; - static const uint64_t apda_bit = SCTLR_EnDA; - static const uint64_t apdb_bit = SCTLR_EnDB; - - object_property_add(obj, "apia", "bool", cpu_max_get_packey, - cpu_max_set_packey, NULL, - (void *)&apia_bit, &error_fatal); - object_property_add(obj, "apib", "bool", cpu_max_get_packey, - cpu_max_set_packey, NULL, - (void *)&apib_bit, &error_fatal); - object_property_add(obj, "apda", "bool", cpu_max_get_packey, - cpu_max_set_packey, NULL, - (void *)&apda_bit, &error_fatal); - object_property_add(obj, "apdb", "bool", cpu_max_get_packey, - cpu_max_set_packey, NULL, - (void *)&apdb_bit, &error_fatal); - - /* Enable all PAC keys by default. */ - cpu->env.cp15.sctlr_el[1] |= SCTLR_EnIA | SCTLR_EnIB; - cpu->env.cp15.sctlr_el[1] |= SCTLR_EnDA | SCTLR_EnDB; - } #endif cpu->sve_max_vq = ARM_MAX_VQ; -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- linux-user/elfload.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/linux-user/elfload.c b/linux-user/elfload.c index XXXXXXX..XXXXXXX 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -XXX,XX +XXX,XX @@ enum { ARM_HWCAP_A64_ASIMDDP = 1 << 20, ARM_HWCAP_A64_SHA512 = 1 << 21, ARM_HWCAP_A64_SVE = 1 << 22, + ARM_HWCAP_A64_ASIMDFHM = 1 << 23, + ARM_HWCAP_A64_DIT = 1 << 24, + ARM_HWCAP_A64_USCAT = 1 << 25, + ARM_HWCAP_A64_ILRCPC = 1 << 26, + ARM_HWCAP_A64_FLAGM = 1 << 27, + ARM_HWCAP_A64_SSBS = 1 << 28, + ARM_HWCAP_A64_SB = 1 << 29, + ARM_HWCAP_A64_PACA = 1 << 30, + ARM_HWCAP_A64_PACG = 1UL << 31, }; #define ELF_HWCAP get_elf_hwcap() -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- linux-user/elfload.c | 1 + 1 file changed, 1 insertion(+) diff --git a/linux-user/elfload.c b/linux-user/elfload.c index XXXXXXX..XXXXXXX 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -XXX,XX +XXX,XX @@ static uint32_t get_elf_hwcap(void) GET_FEATURE_ID(aa64_dp, ARM_HWCAP_A64_ASIMDDP); GET_FEATURE_ID(aa64_fcma, ARM_HWCAP_A64_FCMA); GET_FEATURE_ID(aa64_sve, ARM_HWCAP_A64_SVE); + GET_FEATURE_ID(aa64_pauth, ARM_HWCAP_A64_PACA | ARM_HWCAP_A64_PACG); #undef GET_FEATURE_ID -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> Initialize the keys to a non-zero value on process start. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- linux-user/aarch64/target_syscall.h | 2 ++ linux-user/aarch64/cpu_loop.c | 31 +++++++++++++++++++++++++++-- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/linux-user/aarch64/target_syscall.h b/linux-user/aarch64/target_syscall.h index XXXXXXX..XXXXXXX 100644 --- a/linux-user/aarch64/target_syscall.h +++ b/linux-user/aarch64/target_syscall.h @@ -XXX,XX +XXX,XX @@ struct target_pt_regs { #define TARGET_PR_SVE_SET_VL 50 #define TARGET_PR_SVE_GET_VL 51 +void arm_init_pauth_key(ARMPACKey *key); + #endif /* AARCH64_TARGET_SYSCALL_H */ diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c index XXXXXXX..XXXXXXX 100644 --- a/linux-user/aarch64/cpu_loop.c +++ b/linux-user/aarch64/cpu_loop.c @@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env) } } +static uint64_t arm_rand64(void) +{ + int shift = 64 - clz64(RAND_MAX); + int i, n = 64 / shift + (64 % shift != 0); + uint64_t ret = 0; + + for (i = 0; i < n; i++) { + ret = (ret << shift) | rand(); + } + return ret; +} + +void arm_init_pauth_key(ARMPACKey *key) +{ + key->lo = arm_rand64(); + key->hi = arm_rand64(); +} + void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs) { - CPUState *cpu = ENV_GET_CPU(env); - TaskState *ts = cpu->opaque; + ARMCPU *cpu = arm_env_get_cpu(env); + CPUState *cs = CPU(cpu); + TaskState *ts = cs->opaque; struct image_info *info = ts->info; int i; @@ -XXX,XX +XXX,XX @@ void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs) } #endif + if (cpu_isar_feature(aa64_pauth, cpu)) { + arm_init_pauth_key(&env->apia_key); + arm_init_pauth_key(&env->apib_key); + arm_init_pauth_key(&env->apda_key); + arm_init_pauth_key(&env->apdb_key); + arm_init_pauth_key(&env->apga_key); + } + ts->stack_base = info->start_stack; ts->heap_base = info->brk; /* This will be filled in on the first SYS_HEAPINFO call. */ -- 2.20.1 From: Remi Denis-Courmont <remi.denis.courmont@huawei.com> Since QEMU does not support the ARMv8.2-LVA, Large Virtual Address, extension (yet), the VA address space is 48-bits plus a sign bit. User mode can only handle the positive half of the address space, so that makes a limit of 48 bits. (With LVA, it would be 53 and 52 bits respectively.) The incorrectly large address space conflicts with PAuth instructions, which use bits 48-54 and 56-63 for the pointer authentication code. This also conflicts with (as yet unsupported by QEMU) data tagging and with the ARMv8.5-MTE extension. Signed-off-by: Remi Denis-Courmont <remi.denis.courmont@huawei.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ bool write_cpustate_to_list(ARMCPU *cpu); #if defined(TARGET_AARCH64) # define TARGET_PHYS_ADDR_SPACE_BITS 48 -# define TARGET_VIRT_ADDR_SPACE_BITS 64 +# define TARGET_VIRT_ADDR_SPACE_BITS 48 #else # define TARGET_PHYS_ADDR_SPACE_BITS 40 # define TARGET_VIRT_ADDR_SPACE_BITS 32 -- 2.20.1 From: Remi Denis-Courmont <remi.denis.courmont@huawei.com> A flawed test lead to the instructions always being treated as unallocated encodings. Fixes: https://bugs.launchpad.net/bugs/1813460 Signed-off-by: Remi Denis-Courmont <remi.denis.courmont@huawei.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/translate-a64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn) if (!dc_isar_feature(aa64_pauth, s)) { goto do_unallocated; } - if (op3 != 2 || op3 != 3) { + if ((op3 & ~1) != 2) { goto do_unallocated; } if (s->pauth_active) { -- 2.20.1 From: Steffen Görtz <contrib@steffen-goertz.de> The nRF51 contains three regions of non-volatile memory (NVM): - CODE (R/W): contains code - FICR (R): Factory information like code size, chip id etc. - UICR (R/W): Changeable configuration data. Lock bits, Code protection configuration, Bootloader address, Nordic SoftRadio configuration, Firmware configuration. Read and write access to the memories is managed by the Non-volatile memory controller. Memory schema: [ CPU ] -+- [ NVM, either FICR, UICR or CODE ] | | \- [ NVMC ] Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20190201023357.22596-2-stefanha@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/nvram/Makefile.objs | 1 + include/hw/nvram/nrf51_nvm.h | 64 ++++++ hw/nvram/nrf51_nvm.c | 388 +++++++++++++++++++++++++++++++++++ 3 files changed, 453 insertions(+) create mode 100644 include/hw/nvram/nrf51_nvm.h create mode 100644 hw/nvram/nrf51_nvm.c diff --git a/hw/nvram/Makefile.objs b/hw/nvram/Makefile.objs index XXXXXXX..XXXXXXX 100644 --- a/hw/nvram/Makefile.objs +++ b/hw/nvram/Makefile.objs @@ -XXX,XX +XXX,XX @@ common-obj-y += fw_cfg.o common-obj-y += chrp_nvram.o common-obj-$(CONFIG_MAC_NVRAM) += mac_nvram.o obj-$(CONFIG_PSERIES) += spapr_nvram.o +obj-$(CONFIG_NRF51_SOC) += nrf51_nvm.o diff --git a/include/hw/nvram/nrf51_nvm.h b/include/hw/nvram/nrf51_nvm.h new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/include/hw/nvram/nrf51_nvm.h @@ -XXX,XX +XXX,XX @@ +/* + * Nordic Semiconductor nRF51 non-volatile memory + * + * It provides an interface to erase regions in flash memory. + * Furthermore it provides the user and factory information registers. + * + * QEMU interface: + * + sysbus MMIO regions 0: NVMC peripheral registers + * + sysbus MMIO regions 1: FICR peripheral registers + * + sysbus MMIO regions 2: UICR peripheral registers + * + flash-size property: flash size in bytes. + * + * Accuracy of the peripheral model: + * + Code regions (MPU configuration) are disregarded. + * + * Copyright 2018 Steffen Görtz <contrib@steffen-goertz.de> + * + * This code is licensed under the GPL version 2 or later. See + * the COPYING file in the top-level directory. + * + */ +#ifndef NRF51_NVM_H +#define NRF51_NVM_H + +#include "hw/sysbus.h" +#define TYPE_NRF51_NVM "nrf51_soc.nvm" +#define NRF51_NVM(obj) OBJECT_CHECK(NRF51NVMState, (obj), TYPE_NRF51_NVM) + +#define NRF51_UICR_FIXTURE_SIZE 64 + +#define NRF51_NVMC_SIZE 0x1000 + +#define NRF51_NVMC_READY 0x400 +#define NRF51_NVMC_READY_READY 0x01 +#define NRF51_NVMC_CONFIG 0x504 +#define NRF51_NVMC_CONFIG_MASK 0x03 +#define NRF51_NVMC_CONFIG_WEN 0x01 +#define NRF51_NVMC_CONFIG_EEN 0x02 +#define NRF51_NVMC_ERASEPCR1 0x508 +#define NRF51_NVMC_ERASEPCR0 0x510 +#define NRF51_NVMC_ERASEALL 0x50C +#define NRF51_NVMC_ERASEUICR 0x514 +#define NRF51_NVMC_ERASE 0x01 + +#define NRF51_UICR_SIZE 0x100 + +typedef struct NRF51NVMState { + SysBusDevice parent_obj; + + MemoryRegion mmio; + MemoryRegion ficr; + MemoryRegion uicr; + MemoryRegion flash; + + uint32_t uicr_content[NRF51_UICR_FIXTURE_SIZE]; + uint32_t flash_size; + uint8_t *storage; + + uint32_t config; + +} NRF51NVMState; + + +#endif diff --git a/hw/nvram/nrf51_nvm.c b/hw/nvram/nrf51_nvm.c new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/hw/nvram/nrf51_nvm.c @@ -XXX,XX +XXX,XX @@ +/* + * Nordic Semiconductor nRF51 non-volatile memory + * + * It provides an interface to erase regions in flash memory. + * Furthermore it provides the user and factory information registers. + * + * Reference Manual: http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf + * + * See nRF51 reference manual and product sheet sections: + * + Non-Volatile Memory Controller (NVMC) + * + Factory Information Configuration Registers (FICR) + * + User Information Configuration Registers (UICR) + * + * Copyright 2018 Steffen Görtz <contrib@steffen-goertz.de> + * + * This code is licensed under the GPL version 2 or later. See + * the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qemu/log.h" +#include "exec/address-spaces.h" +#include "hw/arm/nrf51.h" +#include "hw/nvram/nrf51_nvm.h" + +/* + * FICR Registers Assignments + * CODEPAGESIZE 0x010 + * CODESIZE 0x014 + * CLENR0 0x028 + * PPFC 0x02C + * NUMRAMBLOCK 0x034 + * SIZERAMBLOCKS 0x038 + * SIZERAMBLOCK[0] 0x038 + * SIZERAMBLOCK[1] 0x03C + * SIZERAMBLOCK[2] 0x040 + * SIZERAMBLOCK[3] 0x044 + * CONFIGID 0x05C + * DEVICEID[0] 0x060 + * DEVICEID[1] 0x064 + * ER[0] 0x080 + * ER[1] 0x084 + * ER[2] 0x088 + * ER[3] 0x08C + * IR[0] 0x090 + * IR[1] 0x094 + * IR[2] 0x098 + * IR[3] 0x09C + * DEVICEADDRTYPE 0x0A0 + * DEVICEADDR[0] 0x0A4 + * DEVICEADDR[1] 0x0A8 + * OVERRIDEEN 0x0AC + * NRF_1MBIT[0] 0x0B0 + * NRF_1MBIT[1] 0x0B4 + * NRF_1MBIT[2] 0x0B8 + * NRF_1MBIT[3] 0x0BC + * NRF_1MBIT[4] 0x0C0 + * BLE_1MBIT[0] 0x0EC + * BLE_1MBIT[1] 0x0F0 + * BLE_1MBIT[2] 0x0F4 + * BLE_1MBIT[3] 0x0F8 + * BLE_1MBIT[4] 0x0FC + */ +static const uint32_t ficr_content[64] = { + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000400, + 0x00000100, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002, 0x00002000, + 0x00002000, 0x00002000, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003, + 0x12345678, 0x9ABCDEF1, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF +}; + +static uint64_t ficr_read(void *opaque, hwaddr offset, unsigned int size) +{ + assert(offset < sizeof(ficr_content)); + return ficr_content[offset / 4]; +} + +static void ficr_write(void *opaque, hwaddr offset, uint64_t value, + unsigned int size) +{ + /* Intentionally do nothing */ +} + +static const MemoryRegionOps ficr_ops = { + .read = ficr_read, + .write = ficr_write, + .impl.min_access_size = 4, + .impl.max_access_size = 4, + .endianness = DEVICE_LITTLE_ENDIAN +}; + +/* + * UICR Registers Assignments + * CLENR0 0x000 + * RBPCONF 0x004 + * XTALFREQ 0x008 + * FWID 0x010 + * BOOTLOADERADDR 0x014 + * NRFFW[0] 0x014 + * NRFFW[1] 0x018 + * NRFFW[2] 0x01C + * NRFFW[3] 0x020 + * NRFFW[4] 0x024 + * NRFFW[5] 0x028 + * NRFFW[6] 0x02C + * NRFFW[7] 0x030 + * NRFFW[8] 0x034 + * NRFFW[9] 0x038 + * NRFFW[10] 0x03C + * NRFFW[11] 0x040 + * NRFFW[12] 0x044 + * NRFFW[13] 0x048 + * NRFFW[14] 0x04C + * NRFHW[0] 0x050 + * NRFHW[1] 0x054 + * NRFHW[2] 0x058 + * NRFHW[3] 0x05C + * NRFHW[4] 0x060 + * NRFHW[5] 0x064 + * NRFHW[6] 0x068 + * NRFHW[7] 0x06C + * NRFHW[8] 0x070 + * NRFHW[9] 0x074 + * NRFHW[10] 0x078 + * NRFHW[11] 0x07C + * CUSTOMER[0] 0x080 + * CUSTOMER[1] 0x084 + * CUSTOMER[2] 0x088 + * CUSTOMER[3] 0x08C + * CUSTOMER[4] 0x090 + * CUSTOMER[5] 0x094 + * CUSTOMER[6] 0x098 + * CUSTOMER[7] 0x09C + * CUSTOMER[8] 0x0A0 + * CUSTOMER[9] 0x0A4 + * CUSTOMER[10] 0x0A8 + * CUSTOMER[11] 0x0AC + * CUSTOMER[12] 0x0B0 + * CUSTOMER[13] 0x0B4 + * CUSTOMER[14] 0x0B8 + * CUSTOMER[15] 0x0BC + * CUSTOMER[16] 0x0C0 + * CUSTOMER[17] 0x0C4 + * CUSTOMER[18] 0x0C8 + * CUSTOMER[19] 0x0CC + * CUSTOMER[20] 0x0D0 + * CUSTOMER[21] 0x0D4 + * CUSTOMER[22] 0x0D8 + * CUSTOMER[23] 0x0DC + * CUSTOMER[24] 0x0E0 + * CUSTOMER[25] 0x0E4 + * CUSTOMER[26] 0x0E8 + * CUSTOMER[27] 0x0EC + * CUSTOMER[28] 0x0F0 + * CUSTOMER[29] 0x0F4 + * CUSTOMER[30] 0x0F8 + * CUSTOMER[31] 0x0FC + */ + +static uint64_t uicr_read(void *opaque, hwaddr offset, unsigned int size) +{ + NRF51NVMState *s = NRF51_NVM(opaque); + + assert(offset < sizeof(s->uicr_content)); + return s->uicr_content[offset / 4]; +} + +static void uicr_write(void *opaque, hwaddr offset, uint64_t value, + unsigned int size) +{ + NRF51NVMState *s = NRF51_NVM(opaque); + + assert(offset < sizeof(s->uicr_content)); + s->uicr_content[offset / 4] = value; +} + +static const MemoryRegionOps uicr_ops = { + .read = uicr_read, + .write = uicr_write, + .impl.min_access_size = 4, + .impl.max_access_size = 4, + .endianness = DEVICE_LITTLE_ENDIAN +}; + + +static uint64_t io_read(void *opaque, hwaddr offset, unsigned int size) +{ + NRF51NVMState *s = NRF51_NVM(opaque); + uint64_t r = 0; + + switch (offset) { + case NRF51_NVMC_READY: + r = NRF51_NVMC_READY_READY; + break; + case NRF51_NVMC_CONFIG: + r = s->config; + break; + default: + qemu_log_mask(LOG_GUEST_ERROR, + "%s: bad read offset 0x%" HWADDR_PRIx "\n", __func__, offset); + break; + } + + return r; +} + +static void io_write(void *opaque, hwaddr offset, uint64_t value, + unsigned int size) +{ + NRF51NVMState *s = NRF51_NVM(opaque); + + switch (offset) { + case NRF51_NVMC_CONFIG: + s->config = value & NRF51_NVMC_CONFIG_MASK; + break; + case NRF51_NVMC_ERASEPCR0: + case NRF51_NVMC_ERASEPCR1: + if (s->config & NRF51_NVMC_CONFIG_EEN) { + /* Mask in-page sub address */ + value &= ~(NRF51_PAGE_SIZE - 1); + if (value <= (s->flash_size - NRF51_PAGE_SIZE)) { + memset(s->storage + value, 0xFF, NRF51_PAGE_SIZE); + memory_region_flush_rom_device(&s->flash, value, + NRF51_PAGE_SIZE); + } + } else { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Flash erase at 0x%" HWADDR_PRIx" while flash not erasable.\n", + __func__, offset); + } + break; + case NRF51_NVMC_ERASEALL: + if (value == NRF51_NVMC_ERASE) { + if (s->config & NRF51_NVMC_CONFIG_EEN) { + memset(s->storage, 0xFF, s->flash_size); + memory_region_flush_rom_device(&s->flash, 0, s->flash_size); + memset(s->uicr_content, 0xFF, sizeof(s->uicr_content)); + } else { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Flash not erasable.\n", + __func__); + } + } + break; + case NRF51_NVMC_ERASEUICR: + if (value == NRF51_NVMC_ERASE) { + memset(s->uicr_content, 0xFF, sizeof(s->uicr_content)); + } + break; + + default: + qemu_log_mask(LOG_GUEST_ERROR, + "%s: bad write offset 0x%" HWADDR_PRIx "\n", __func__, offset); + } +} + +static const MemoryRegionOps io_ops = { + .read = io_read, + .write = io_write, + .impl.min_access_size = 4, + .impl.max_access_size = 4, + .endianness = DEVICE_LITTLE_ENDIAN, +}; + + +static void flash_write(void *opaque, hwaddr offset, uint64_t value, + unsigned int size) +{ + NRF51NVMState *s = NRF51_NVM(opaque); + + if (s->config & NRF51_NVMC_CONFIG_WEN) { + uint32_t oldval; + + assert(offset + size <= s->flash_size); + + /* NOR Flash only allows bits to be flipped from 1's to 0's on write */ + oldval = ldl_le_p(s->storage + offset); + oldval &= value; + stl_le_p(s->storage + offset, oldval); + + memory_region_flush_rom_device(&s->flash, offset, size); + } else { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Flash write 0x%" HWADDR_PRIx" while flash not writable.\n", + __func__, offset); + } +} + + + +static const MemoryRegionOps flash_ops = { + .write = flash_write, + .valid.min_access_size = 4, + .valid.max_access_size = 4, + .endianness = DEVICE_LITTLE_ENDIAN, +}; + +static void nrf51_nvm_init(Object *obj) +{ + NRF51NVMState *s = NRF51_NVM(obj); + SysBusDevice *sbd = SYS_BUS_DEVICE(obj); + + memory_region_init_io(&s->mmio, obj, &io_ops, s, "nrf51_soc.nvmc", + NRF51_NVMC_SIZE); + sysbus_init_mmio(sbd, &s->mmio); + + memory_region_init_io(&s->ficr, obj, &ficr_ops, s, "nrf51_soc.ficr", + sizeof(ficr_content)); + sysbus_init_mmio(sbd, &s->ficr); + + memory_region_init_io(&s->uicr, obj, &uicr_ops, s, "nrf51_soc.uicr", + sizeof(s->uicr_content)); + sysbus_init_mmio(sbd, &s->uicr); +} + +static void nrf51_nvm_realize(DeviceState *dev, Error **errp) +{ + NRF51NVMState *s = NRF51_NVM(dev); + Error *err = NULL; + + memory_region_init_rom_device(&s->flash, OBJECT(dev), &flash_ops, s, + "nrf51_soc.flash", s->flash_size, &err); + if (err) { + error_propagate(errp, err); + return; + } + + s->storage = memory_region_get_ram_ptr(&s->flash); + sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->flash); +} + +static void nrf51_nvm_reset(DeviceState *dev) +{ + NRF51NVMState *s = NRF51_NVM(dev); + + s->config = 0x00; + memset(s->uicr_content, 0xFF, sizeof(s->uicr_content)); +} + +static Property nrf51_nvm_properties[] = { + DEFINE_PROP_UINT32("flash-size", NRF51NVMState, flash_size, 0x40000), + DEFINE_PROP_END_OF_LIST(), +}; + +static const VMStateDescription vmstate_nvm = { + .name = "nrf51_soc.nvm", + .version_id = 1, + .minimum_version_id = 1, + .fields = (VMStateField[]) { + VMSTATE_UINT32_ARRAY(uicr_content, NRF51NVMState, + NRF51_UICR_FIXTURE_SIZE), + VMSTATE_UINT32(config, NRF51NVMState), + VMSTATE_END_OF_LIST() + } +}; + +static void nrf51_nvm_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + + dc->props = nrf51_nvm_properties; + dc->vmsd = &vmstate_nvm; + dc->realize = nrf51_nvm_realize; + dc->reset = nrf51_nvm_reset; +} + +static const TypeInfo nrf51_nvm_info = { + .name = TYPE_NRF51_NVM, + .parent = TYPE_SYS_BUS_DEVICE, + .instance_size = sizeof(NRF51NVMState), + .instance_init = nrf51_nvm_init, + .class_init = nrf51_nvm_class_init +}; + +static void nrf51_nvm_register_types(void) +{ + type_register_static(&nrf51_nvm_info); +} + +type_init(nrf51_nvm_register_types) -- 2.20.1 From: Steffen Görtz <contrib@steffen-goertz.de> Instantiates UICR, FICR, FLASH and NVMC in nRF51 SOC. Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20190201023357.22596-3-stefanha@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/arm/nrf51_soc.h | 2 ++ hw/arm/nrf51_soc.c | 41 +++++++++++++++++++++++++++----------- 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/include/hw/arm/nrf51_soc.h b/include/hw/arm/nrf51_soc.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/nrf51_soc.h +++ b/include/hw/arm/nrf51_soc.h @@ -XXX,XX +XXX,XX @@ #include "hw/char/nrf51_uart.h" #include "hw/misc/nrf51_rng.h" #include "hw/gpio/nrf51_gpio.h" +#include "hw/nvram/nrf51_nvm.h" #include "hw/timer/nrf51_timer.h" #define TYPE_NRF51_SOC "nrf51-soc" @@ -XXX,XX +XXX,XX @@ typedef struct NRF51State { NRF51UARTState uart; NRF51RNGState rng; + NRF51NVMState nvm; NRF51GPIOState gpio; NRF51TimerState timer[NRF51_NUM_TIMERS]; diff --git a/hw/arm/nrf51_soc.c b/hw/arm/nrf51_soc.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/nrf51_soc.c +++ b/hw/arm/nrf51_soc.c @@ -XXX,XX +XXX,XX @@ * are supported in the future, add a sub-class of NRF51SoC for * the specific variants */ -#define NRF51822_FLASH_SIZE (256 * NRF51_PAGE_SIZE) -#define NRF51822_SRAM_SIZE (16 * NRF51_PAGE_SIZE) +#define NRF51822_FLASH_PAGES 256 +#define NRF51822_SRAM_PAGES 16 +#define NRF51822_FLASH_SIZE (NRF51822_FLASH_PAGES * NRF51_PAGE_SIZE) +#define NRF51822_SRAM_SIZE (NRF51822_SRAM_PAGES * NRF51_PAGE_SIZE) #define BASE_TO_IRQ(base) ((base >> 12) & 0x1F) @@ -XXX,XX +XXX,XX @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error **errp) memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -1); - memory_region_init_rom(&s->flash, OBJECT(s), "nrf51.flash", s->flash_size, - &err); - if (err) { - error_propagate(errp, err); - return; - } - memory_region_add_subregion(&s->container, NRF51_FLASH_BASE, &s->flash); - memory_region_init_ram(&s->sram, OBJECT(s), "nrf51.sram", s->sram_size, &err); if (err) { @@ -XXX,XX +XXX,XX @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error **errp) qdev_get_gpio_in(DEVICE(&s->cpu), BASE_TO_IRQ(NRF51_RNG_BASE))); + /* UICR, FICR, NVMC, FLASH */ + object_property_set_uint(OBJECT(&s->nvm), s->flash_size, "flash-size", + &err); + if (err) { + error_propagate(errp, err); + return; + } + + object_property_set_bool(OBJECT(&s->nvm), true, "realized", &err); + if (err) { + error_propagate(errp, err); + return; + } + + mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->nvm), 0); + memory_region_add_subregion_overlap(&s->container, NRF51_NVMC_BASE, mr, 0); + mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->nvm), 1); + memory_region_add_subregion_overlap(&s->container, NRF51_FICR_BASE, mr, 0); + mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->nvm), 2); + memory_region_add_subregion_overlap(&s->container, NRF51_UICR_BASE, mr, 0); + mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->nvm), 3); + memory_region_add_subregion_overlap(&s->container, NRF51_FLASH_BASE, mr, 0); + /* GPIO */ object_property_set_bool(OBJECT(&s->gpio), true, "realized", &err); if (err) { @@ -XXX,XX +XXX,XX @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error **errp) create_unimplemented_device("nrf51_soc.io", NRF51_IOMEM_BASE, NRF51_IOMEM_SIZE); - create_unimplemented_device("nrf51_soc.ficr", NRF51_FICR_BASE, - NRF51_FICR_SIZE); create_unimplemented_device("nrf51_soc.private", NRF51_PRIVATE_BASE, NRF51_PRIVATE_SIZE); } @@ -XXX,XX +XXX,XX @@ static void nrf51_soc_init(Object *obj) sysbus_init_child_obj(obj, "rng", &s->rng, sizeof(s->rng), TYPE_NRF51_RNG); + sysbus_init_child_obj(obj, "nvm", &s->nvm, sizeof(s->nvm), TYPE_NRF51_NVM); + sysbus_init_child_obj(obj, "gpio", &s->gpio, sizeof(s->gpio), TYPE_NRF51_GPIO); -- 2.20.1 From: Steffen Görtz <contrib@steffen-goertz.de> Signed-off-by: Steffen Görtz <contrib@steffen-goertz.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Acked-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20190201023357.22596-4-stefanha@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- tests/microbit-test.c | 108 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) diff --git a/tests/microbit-test.c b/tests/microbit-test.c index XXXXXXX..XXXXXXX 100644 --- a/tests/microbit-test.c +++ b/tests/microbit-test.c @@ -XXX,XX +XXX,XX @@ #include "hw/arm/nrf51.h" #include "hw/char/nrf51_uart.h" #include "hw/gpio/nrf51_gpio.h" +#include "hw/nvram/nrf51_nvm.h" #include "hw/timer/nrf51_timer.h" #include "hw/i2c/microbit_i2c.h" @@ -XXX,XX +XXX,XX @@ static void test_microbit_i2c(void) qtest_quit(qts); } +#define FLASH_SIZE (256 * NRF51_PAGE_SIZE) + +static void fill_and_erase(QTestState *qts, hwaddr base, hwaddr size, + uint32_t address_reg) +{ + hwaddr i; + + /* Erase Page */ + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x02); + qtest_writel(qts, NRF51_NVMC_BASE + address_reg, base); + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00); + + /* Check memory */ + for (i = 0; i < size / 4; i++) { + g_assert_cmpuint(qtest_readl(qts, base + i * 4), ==, 0xFFFFFFFF); + } + + /* Fill memory */ + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x01); + for (i = 0; i < size / 4; i++) { + qtest_writel(qts, base + i * 4, i); + g_assert_cmpuint(qtest_readl(qts, base + i * 4), ==, i); + } + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00); +} + +static void test_nrf51_nvmc(void) +{ + uint32_t value; + hwaddr i; + QTestState *qts = qtest_init("-M microbit"); + + /* Test always ready */ + value = qtest_readl(qts, NRF51_NVMC_BASE + NRF51_NVMC_READY); + g_assert_cmpuint(value & 0x01, ==, 0x01); + + /* Test write-read config register */ + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x03); + g_assert_cmpuint(qtest_readl(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG), + ==, 0x03); + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00); + g_assert_cmpuint(qtest_readl(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG), + ==, 0x00); + + /* Test PCR0 */ + fill_and_erase(qts, NRF51_FLASH_BASE, NRF51_PAGE_SIZE, + NRF51_NVMC_ERASEPCR0); + fill_and_erase(qts, NRF51_FLASH_BASE + NRF51_PAGE_SIZE, + NRF51_PAGE_SIZE, NRF51_NVMC_ERASEPCR0); + + /* Test PCR1 */ + fill_and_erase(qts, NRF51_FLASH_BASE, NRF51_PAGE_SIZE, + NRF51_NVMC_ERASEPCR1); + fill_and_erase(qts, NRF51_FLASH_BASE + NRF51_PAGE_SIZE, + NRF51_PAGE_SIZE, NRF51_NVMC_ERASEPCR1); + + /* Erase all */ + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x02); + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_ERASEALL, 0x01); + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00); + + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x01); + for (i = 0; i < FLASH_SIZE / 4; i++) { + qtest_writel(qts, NRF51_FLASH_BASE + i * 4, i); + g_assert_cmpuint(qtest_readl(qts, NRF51_FLASH_BASE + i * 4), ==, i); + } + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00); + + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x02); + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_ERASEALL, 0x01); + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00); + + for (i = 0; i < FLASH_SIZE / 4; i++) { + g_assert_cmpuint(qtest_readl(qts, NRF51_FLASH_BASE + i * 4), + ==, 0xFFFFFFFF); + } + + /* Erase UICR */ + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x02); + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_ERASEUICR, 0x01); + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00); + + for (i = 0; i < NRF51_UICR_SIZE / 4; i++) { + g_assert_cmpuint(qtest_readl(qts, NRF51_UICR_BASE + i * 4), + ==, 0xFFFFFFFF); + } + + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x01); + for (i = 0; i < NRF51_UICR_SIZE / 4; i++) { + qtest_writel(qts, NRF51_UICR_BASE + i * 4, i); + g_assert_cmpuint(qtest_readl(qts, NRF51_UICR_BASE + i * 4), ==, i); + } + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00); + + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x02); + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_ERASEUICR, 0x01); + qtest_writel(qts, NRF51_NVMC_BASE + NRF51_NVMC_CONFIG, 0x00); + + for (i = 0; i < NRF51_UICR_SIZE / 4; i++) { + g_assert_cmpuint(qtest_readl(qts, NRF51_UICR_BASE + i * 4), + ==, 0xFFFFFFFF); + } + + qtest_quit(qts); +} + static void test_nrf51_gpio(void) { size_t i; @@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv) qtest_add_func("/microbit/nrf51/uart", test_nrf51_uart); qtest_add_func("/microbit/nrf51/gpio", test_nrf51_gpio); + qtest_add_func("/microbit/nrf51/nvmc", test_nrf51_nvmc); qtest_add_func("/microbit/nrf51/timer", test_nrf51_timer); qtest_add_func("/microbit/microbit/i2c", test_microbit_i2c); -- 2.20.1