1
Second pull request of the week; mostly RTH's support for some
1
Hi; here's a target-arm pullreq. Mostly this is some decodetree
2
new-in-v8.1/v8.3 instructions, and my v8M board model.
2
conversion patches from me, plus a scattering of other bug fixes.
3
3
4
thanks
4
thanks
5
-- PMM
5
-- PMM
6
6
7
The following changes since commit 427cbc7e4136a061628cb4315cc8182ea36d772f:
7
The following changes since commit e3660cc1e3cb136af50c0eaaeac27943c2438d1d:
8
8
9
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2018-03-01 18:46:41 +0000)
9
Merge tag 'pull-loongarch-20230616' of https://gitlab.com/gaosong/qemu into staging (2023-06-16 12:30:16 +0200)
10
10
11
are available in the Git repository at:
11
are available in the Git repository at:
12
12
13
git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180302
13
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230619
14
14
15
for you to fetch changes up to e66a67bf28e1b4fce2e3d72a2610dbd48d9d3078:
15
for you to fetch changes up to 074259c0f2ac40042dce766d870318cc22f388eb:
16
16
17
target/arm: Enable ARM_FEATURE_V8_FCMA (2018-03-02 11:03:45 +0000)
17
hw/misc/bcm2835_property: Handle CORE_CLK_ID firmware property (2023-06-19 15:27:21 +0100)
18
18
19
----------------------------------------------------------------
19
----------------------------------------------------------------
20
target-arm queue:
20
target-arm queue:
21
* implement FCMA and RDM v8.1 and v8.3 instructions
21
* Fix return value from LDSMIN/LDSMAX 8/16 bit atomics
22
* enable Cortex-M33 v8M core, and provide new mps2-an505 board model
22
* Return correct result for LDG when ATA=0
23
that uses it
23
* Conversion of system insns, loads and stores to decodetree
24
* decodetree: Propagate return value from translate subroutines
24
* hw/intc/allwinner-a10-pic: Handle IRQ levels other than 0 or 1
25
* xlnx-zynqmp: Implement the RTC device
25
* hw/sd/allwinner-sdhost: Don't send non-boolean IRQ line levels
26
* hw/timer/nrf51_timer: Don't lose time when timer is queried in tight loop
27
* hw/arm/Kconfig: sbsa-ref uses Bochs display
28
* imx_serial: set wake bit when we receive a data byte
29
* docs: sbsa: document board to firmware interface
30
* hw/misc/bcm2835_property: avoid hard-coded constants
26
31
27
----------------------------------------------------------------
32
----------------------------------------------------------------
28
Alistair Francis (3):
33
Marcin Juszkiewicz (2):
29
xlnx-zynqmp-rtc: Initial commit
34
hw/arm/Kconfig: sbsa-ref uses Bochs display
30
xlnx-zynqmp-rtc: Add basic time support
35
docs: sbsa: document board to firmware interface
31
xlnx-zynqmp: Connect the RTC device
32
36
33
Peter Maydell (19):
37
Martin Kaiser (1):
34
loader: Add new load_ramdisk_as()
38
imx_serial: set wake bit when we receive a data byte
35
hw/arm/boot: Honour CPU's address space for image loads
36
hw/arm/armv7m: Honour CPU's address space for image loads
37
target/arm: Define an IDAU interface
38
armv7m: Forward idau property to CPU object
39
target/arm: Define init-svtor property for the reset secure VTOR value
40
armv7m: Forward init-svtor property to CPU object
41
target/arm: Add Cortex-M33
42
hw/misc/unimp: Move struct to header file
43
include/hw/or-irq.h: Add missing include guard
44
qdev: Add new qdev_init_gpio_in_named_with_opaque()
45
hw/core/split-irq: Device that splits IRQ lines
46
hw/misc/mps2-fpgaio: FPGA control block for MPS2 AN505
47
hw/misc/tz-ppc: Model TrustZone peripheral protection controller
48
hw/misc/iotkit-secctl: Arm IoT Kit security controller initial skeleton
49
hw/misc/iotkit-secctl: Add handling for PPCs
50
hw/misc/iotkit-secctl: Add remaining simple registers
51
hw/arm/iotkit: Model Arm IOT Kit
52
mps2-an505: New board model: MPS2 with AN505 Cortex-M33 FPGA image
53
39
54
Richard Henderson (17):
40
Peter Maydell (26):
55
decodetree: Propagate return value from translate subroutines
41
target/arm: Fix return value from LDSMIN/LDSMAX 8/16 bit atomics
56
target/arm: Add ARM_FEATURE_V8_RDM
42
target/arm: Return correct result for LDG when ATA=0
57
target/arm: Refactor disas_simd_indexed decode
43
target/arm: Pass memop to gen_mte_check1_mmuidx() in reg_imm9 decode
58
target/arm: Refactor disas_simd_indexed size checks
44
target/arm: Consistently use finalize_memop_asimd() for ASIMD loads/stores
59
target/arm: Decode aa64 armv8.1 scalar three same extra
45
target/arm: Convert hint instruction space to decodetree
60
target/arm: Decode aa64 armv8.1 three same extra
46
target/arm: Convert barrier insns to decodetree
61
target/arm: Decode aa64 armv8.1 scalar/vector x indexed element
47
target/arm: Convert CFINV, XAFLAG and AXFLAG to decodetree
62
target/arm: Decode aa32 armv8.1 three same
48
target/arm: Convert MSR (immediate) to decodetree
63
target/arm: Decode aa32 armv8.1 two reg and a scalar
49
target/arm: Convert MSR (reg), MRS, SYS, SYSL to decodetree
64
target/arm: Enable ARM_FEATURE_V8_RDM
50
target/arm: Convert exception generation instructions to decodetree
65
target/arm: Add ARM_FEATURE_V8_FCMA
51
target/arm: Convert load/store exclusive and ordered to decodetree
66
target/arm: Decode aa64 armv8.3 fcadd
52
target/arm: Convert LDXP, STXP, CASP, CAS to decodetree
67
target/arm: Decode aa64 armv8.3 fcmla
53
target/arm: Convert load reg (literal) group to decodetree
68
target/arm: Decode aa32 armv8.3 3-same
54
target/arm: Convert load/store-pair to decodetree
69
target/arm: Decode aa32 armv8.3 2-reg-index
55
target/arm: Convert ld/st reg+imm9 insns to decodetree
70
target/arm: Decode t32 simd 3reg and 2reg_scalar extension
56
target/arm: Convert LDR/STR with 12-bit immediate to decodetree
71
target/arm: Enable ARM_FEATURE_V8_FCMA
57
target/arm: Convert LDR/STR reg+reg to decodetree
58
target/arm: Convert atomic memory ops to decodetree
59
target/arm: Convert load (pointer auth) insns to decodetree
60
target/arm: Convert LDAPR/STLR (imm) to decodetree
61
target/arm: Convert load/store (multiple structures) to decodetree
62
target/arm: Convert load/store single structure to decodetree
63
target/arm: Convert load/store tags insns to decodetree
64
hw/intc/allwinner-a10-pic: Handle IRQ levels other than 0 or 1
65
hw/sd/allwinner-sdhost: Don't send non-boolean IRQ line levels
66
hw/timer/nrf51_timer: Don't lose time when timer is queried in tight loop
72
67
73
hw/arm/Makefile.objs | 2 +
68
Sergey Kambalin (4):
74
hw/core/Makefile.objs | 1 +
69
hw/arm/raspi: Import Linux raspi definitions as 'raspberrypi-fw-defs.h'
75
hw/misc/Makefile.objs | 4 +
70
hw/misc/bcm2835_property: Use 'raspberrypi-fw-defs.h' definitions
76
hw/timer/Makefile.objs | 1 +
71
hw/misc/bcm2835_property: Replace magic frequency values by definitions
77
target/arm/Makefile.objs | 2 +-
72
hw/misc/bcm2835_property: Handle CORE_CLK_ID firmware property
78
include/hw/arm/armv7m.h | 5 +
79
include/hw/arm/iotkit.h | 109 ++++++
80
include/hw/arm/xlnx-zynqmp.h | 2 +
81
include/hw/core/split-irq.h | 57 +++
82
include/hw/irq.h | 4 +-
83
include/hw/loader.h | 12 +-
84
include/hw/misc/iotkit-secctl.h | 103 ++++++
85
include/hw/misc/mps2-fpgaio.h | 43 +++
86
include/hw/misc/tz-ppc.h | 101 ++++++
87
include/hw/misc/unimp.h | 10 +
88
include/hw/or-irq.h | 5 +
89
include/hw/qdev-core.h | 30 +-
90
include/hw/timer/xlnx-zynqmp-rtc.h | 86 +++++
91
target/arm/cpu.h | 8 +
92
target/arm/helper.h | 31 ++
93
target/arm/idau.h | 61 ++++
94
hw/arm/armv7m.c | 35 +-
95
hw/arm/boot.c | 119 ++++---
96
hw/arm/iotkit.c | 598 +++++++++++++++++++++++++++++++
97
hw/arm/mps2-tz.c | 503 ++++++++++++++++++++++++++
98
hw/arm/xlnx-zynqmp.c | 14 +
99
hw/core/loader.c | 8 +-
100
hw/core/qdev.c | 8 +-
101
hw/core/split-irq.c | 89 +++++
102
hw/misc/iotkit-secctl.c | 704 +++++++++++++++++++++++++++++++++++++
103
hw/misc/mps2-fpgaio.c | 176 ++++++++++
104
hw/misc/tz-ppc.c | 302 ++++++++++++++++
105
hw/misc/unimp.c | 10 -
106
hw/timer/xlnx-zynqmp-rtc.c | 272 ++++++++++++++
107
linux-user/elfload.c | 2 +
108
target/arm/cpu.c | 66 +++-
109
target/arm/cpu64.c | 2 +
110
target/arm/helper.c | 28 +-
111
target/arm/translate-a64.c | 514 +++++++++++++++++++++------
112
target/arm/translate.c | 275 +++++++++++++--
113
target/arm/vec_helper.c | 429 ++++++++++++++++++++++
114
default-configs/arm-softmmu.mak | 5 +
115
hw/misc/trace-events | 24 ++
116
hw/timer/trace-events | 3 +
117
scripts/decodetree.py | 5 +-
118
45 files changed, 4668 insertions(+), 200 deletions(-)
119
create mode 100644 include/hw/arm/iotkit.h
120
create mode 100644 include/hw/core/split-irq.h
121
create mode 100644 include/hw/misc/iotkit-secctl.h
122
create mode 100644 include/hw/misc/mps2-fpgaio.h
123
create mode 100644 include/hw/misc/tz-ppc.h
124
create mode 100644 include/hw/timer/xlnx-zynqmp-rtc.h
125
create mode 100644 target/arm/idau.h
126
create mode 100644 hw/arm/iotkit.c
127
create mode 100644 hw/arm/mps2-tz.c
128
create mode 100644 hw/core/split-irq.c
129
create mode 100644 hw/misc/iotkit-secctl.c
130
create mode 100644 hw/misc/mps2-fpgaio.c
131
create mode 100644 hw/misc/tz-ppc.c
132
create mode 100644 hw/timer/xlnx-zynqmp-rtc.c
133
create mode 100644 target/arm/vec_helper.c
134
73
74
docs/system/arm/sbsa.rst | 38 +-
75
include/hw/arm/raspi_platform.h | 10 +
76
include/hw/char/imx_serial.h | 1 +
77
include/hw/misc/raspberrypi-fw-defs.h | 163 ++
78
target/arm/tcg/a64.decode | 403 ++++
79
hw/char/imx_serial.c | 5 +-
80
hw/intc/allwinner-a10-pic.c | 2 +-
81
hw/misc/bcm2835_property.c | 112 +-
82
hw/sd/allwinner-sdhost.c | 2 +-
83
hw/timer/nrf51_timer.c | 7 +-
84
target/arm/tcg/translate-a64.c | 3319 +++++++++++++++------------------
85
hw/arm/Kconfig | 1 +
86
12 files changed, 2157 insertions(+), 1906 deletions(-)
87
create mode 100644 include/hw/misc/raspberrypi-fw-defs.h
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
The atomic memory operations are supposed to return the old memory
2
data value in the destination register. This value is not
3
sign-extended, even if the operation is the signed minimum or
4
maximum. (In the pseudocode for the instructions the returned data
5
value is passed to ZeroExtend() to create the value in the register.)
2
6
3
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
We got this wrong because we were doing a 32-to-64 zero extend on the
4
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
result for 8 and 16 bit data values, rather than the correct amount
5
Message-id: 20180228193125.20577-6-richard.henderson@linaro.org
9
of zero extension.
10
11
Fix the bug by using ext8u and ext16u for the MO_8 and MO_16 data
12
sizes rather than ext32u.
13
14
Cc: qemu-stable@nongnu.org
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Message-id: 20230602155223.2040685-2-peter.maydell@linaro.org
7
---
18
---
8
target/arm/helper.h | 9 +++++
19
target/arm/tcg/translate-a64.c | 18 ++++++++++++++++--
9
target/arm/translate-a64.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++
20
1 file changed, 16 insertions(+), 2 deletions(-)
10
target/arm/vec_helper.c | 74 +++++++++++++++++++++++++++++++++++++++++
11
3 files changed, 166 insertions(+)
12
21
13
diff --git a/target/arm/helper.h b/target/arm/helper.h
22
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
14
index XXXXXXX..XXXXXXX 100644
23
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/helper.h
24
--- a/target/arm/tcg/translate-a64.c
16
+++ b/target/arm/helper.h
25
+++ b/target/arm/tcg/translate-a64.c
17
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(dc_zva, void, env, i64)
26
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_atomic(DisasContext *s, uint32_t insn,
18
DEF_HELPER_FLAGS_2(neon_pmull_64_lo, TCG_CALL_NO_RWG_SE, i64, i64, i64)
27
*/
19
DEF_HELPER_FLAGS_2(neon_pmull_64_hi, TCG_CALL_NO_RWG_SE, i64, i64, i64)
28
fn(tcg_rt, clean_addr, tcg_rs, get_mem_index(s), mop);
20
29
21
+DEF_HELPER_FLAGS_5(gvec_qrdmlah_s16, TCG_CALL_NO_RWG,
30
- if ((mop & MO_SIGN) && size != MO_64) {
22
+ void, ptr, ptr, ptr, ptr, i32)
31
- tcg_gen_ext32u_i64(tcg_rt, tcg_rt);
23
+DEF_HELPER_FLAGS_5(gvec_qrdmlsh_s16, TCG_CALL_NO_RWG,
32
+ if (mop & MO_SIGN) {
24
+ void, ptr, ptr, ptr, ptr, i32)
25
+DEF_HELPER_FLAGS_5(gvec_qrdmlah_s32, TCG_CALL_NO_RWG,
26
+ void, ptr, ptr, ptr, ptr, i32)
27
+DEF_HELPER_FLAGS_5(gvec_qrdmlsh_s32, TCG_CALL_NO_RWG,
28
+ void, ptr, ptr, ptr, ptr, i32)
29
+
30
#ifdef TARGET_AARCH64
31
#include "helper-a64.h"
32
#endif
33
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
34
index XXXXXXX..XXXXXXX 100644
35
--- a/target/arm/translate-a64.c
36
+++ b/target/arm/translate-a64.c
37
@@ -XXX,XX +XXX,XX @@ static void gen_gvec_op3(DisasContext *s, bool is_q, int rd,
38
vec_full_reg_size(s), gvec_op);
39
}
40
41
+/* Expand a 3-operand + env pointer operation using
42
+ * an out-of-line helper.
43
+ */
44
+static void gen_gvec_op3_env(DisasContext *s, bool is_q, int rd,
45
+ int rn, int rm, gen_helper_gvec_3_ptr *fn)
46
+{
47
+ tcg_gen_gvec_3_ptr(vec_full_reg_offset(s, rd),
48
+ vec_full_reg_offset(s, rn),
49
+ vec_full_reg_offset(s, rm), cpu_env,
50
+ is_q ? 16 : 8, vec_full_reg_size(s), 0, fn);
51
+}
52
+
53
/* Set ZF and NF based on a 64 bit result. This is alas fiddlier
54
* than the 32 bit equivalent.
55
*/
56
@@ -XXX,XX +XXX,XX @@ static void disas_simd_three_reg_same_fp16(DisasContext *s, uint32_t insn)
57
clear_vec_high(s, is_q, rd);
58
}
59
60
+/* AdvSIMD three same extra
61
+ * 31 30 29 28 24 23 22 21 20 16 15 14 11 10 9 5 4 0
62
+ * +---+---+---+-----------+------+---+------+---+--------+---+----+----+
63
+ * | 0 | Q | U | 0 1 1 1 0 | size | 0 | Rm | 1 | opcode | 1 | Rn | Rd |
64
+ * +---+---+---+-----------+------+---+------+---+--------+---+----+----+
65
+ */
66
+static void disas_simd_three_reg_same_extra(DisasContext *s, uint32_t insn)
67
+{
68
+ int rd = extract32(insn, 0, 5);
69
+ int rn = extract32(insn, 5, 5);
70
+ int opcode = extract32(insn, 11, 4);
71
+ int rm = extract32(insn, 16, 5);
72
+ int size = extract32(insn, 22, 2);
73
+ bool u = extract32(insn, 29, 1);
74
+ bool is_q = extract32(insn, 30, 1);
75
+ int feature;
76
+
77
+ switch (u * 16 + opcode) {
78
+ case 0x10: /* SQRDMLAH (vector) */
79
+ case 0x11: /* SQRDMLSH (vector) */
80
+ if (size != 1 && size != 2) {
81
+ unallocated_encoding(s);
82
+ return;
83
+ }
84
+ feature = ARM_FEATURE_V8_RDM;
85
+ break;
86
+ default:
87
+ unallocated_encoding(s);
88
+ return;
89
+ }
90
+ if (!arm_dc_feature(s, feature)) {
91
+ unallocated_encoding(s);
92
+ return;
93
+ }
94
+ if (!fp_access_check(s)) {
95
+ return;
96
+ }
97
+
98
+ switch (opcode) {
99
+ case 0x0: /* SQRDMLAH (vector) */
100
+ switch (size) {
33
+ switch (size) {
101
+ case 1:
34
+ case MO_8:
102
+ gen_gvec_op3_env(s, is_q, rd, rn, rm, gen_helper_gvec_qrdmlah_s16);
35
+ tcg_gen_ext8u_i64(tcg_rt, tcg_rt);
103
+ break;
36
+ break;
104
+ case 2:
37
+ case MO_16:
105
+ gen_gvec_op3_env(s, is_q, rd, rn, rm, gen_helper_gvec_qrdmlah_s32);
38
+ tcg_gen_ext16u_i64(tcg_rt, tcg_rt);
39
+ break;
40
+ case MO_32:
41
+ tcg_gen_ext32u_i64(tcg_rt, tcg_rt);
42
+ break;
43
+ case MO_64:
106
+ break;
44
+ break;
107
+ default:
45
+ default:
108
+ g_assert_not_reached();
46
+ g_assert_not_reached();
109
+ }
47
+ }
110
+ return;
48
}
111
+
112
+ case 0x1: /* SQRDMLSH (vector) */
113
+ switch (size) {
114
+ case 1:
115
+ gen_gvec_op3_env(s, is_q, rd, rn, rm, gen_helper_gvec_qrdmlsh_s16);
116
+ break;
117
+ case 2:
118
+ gen_gvec_op3_env(s, is_q, rd, rn, rm, gen_helper_gvec_qrdmlsh_s32);
119
+ break;
120
+ default:
121
+ g_assert_not_reached();
122
+ }
123
+ return;
124
+
125
+ default:
126
+ g_assert_not_reached();
127
+ }
128
+}
129
+
130
static void handle_2misc_widening(DisasContext *s, int opcode, bool is_q,
131
int size, int rn, int rd)
132
{
133
@@ -XXX,XX +XXX,XX @@ static void disas_crypto_three_reg_imm2(DisasContext *s, uint32_t insn)
134
static const AArch64DecodeTable data_proc_simd[] = {
135
/* pattern , mask , fn */
136
{ 0x0e200400, 0x9f200400, disas_simd_three_reg_same },
137
+ { 0x0e008400, 0x9f208400, disas_simd_three_reg_same_extra },
138
{ 0x0e200000, 0x9f200c00, disas_simd_three_reg_diff },
139
{ 0x0e200800, 0x9f3e0c00, disas_simd_two_reg_misc },
140
{ 0x0e300800, 0x9f3e0c00, disas_simd_across_lanes },
141
diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
142
index XXXXXXX..XXXXXXX 100644
143
--- a/target/arm/vec_helper.c
144
+++ b/target/arm/vec_helper.c
145
@@ -XXX,XX +XXX,XX @@
146
147
#define SET_QC() env->vfp.xregs[ARM_VFP_FPSCR] |= CPSR_Q
148
149
+static void clear_tail(void *vd, uintptr_t opr_sz, uintptr_t max_sz)
150
+{
151
+ uint64_t *d = vd + opr_sz;
152
+ uintptr_t i;
153
+
154
+ for (i = opr_sz; i < max_sz; i += 8) {
155
+ *d++ = 0;
156
+ }
157
+}
158
+
159
/* Signed saturating rounding doubling multiply-accumulate high half, 16-bit */
160
static uint16_t inl_qrdmlah_s16(CPUARMState *env, int16_t src1,
161
int16_t src2, int16_t src3)
162
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(neon_qrdmlah_s16)(CPUARMState *env, uint32_t src1,
163
return deposit32(e1, 16, 16, e2);
164
}
49
}
165
50
166
+void HELPER(gvec_qrdmlah_s16)(void *vd, void *vn, void *vm,
167
+ void *ve, uint32_t desc)
168
+{
169
+ uintptr_t opr_sz = simd_oprsz(desc);
170
+ int16_t *d = vd;
171
+ int16_t *n = vn;
172
+ int16_t *m = vm;
173
+ CPUARMState *env = ve;
174
+ uintptr_t i;
175
+
176
+ for (i = 0; i < opr_sz / 2; ++i) {
177
+ d[i] = inl_qrdmlah_s16(env, n[i], m[i], d[i]);
178
+ }
179
+ clear_tail(d, opr_sz, simd_maxsz(desc));
180
+}
181
+
182
/* Signed saturating rounding doubling multiply-subtract high half, 16-bit */
183
static uint16_t inl_qrdmlsh_s16(CPUARMState *env, int16_t src1,
184
int16_t src2, int16_t src3)
185
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(neon_qrdmlsh_s16)(CPUARMState *env, uint32_t src1,
186
return deposit32(e1, 16, 16, e2);
187
}
188
189
+void HELPER(gvec_qrdmlsh_s16)(void *vd, void *vn, void *vm,
190
+ void *ve, uint32_t desc)
191
+{
192
+ uintptr_t opr_sz = simd_oprsz(desc);
193
+ int16_t *d = vd;
194
+ int16_t *n = vn;
195
+ int16_t *m = vm;
196
+ CPUARMState *env = ve;
197
+ uintptr_t i;
198
+
199
+ for (i = 0; i < opr_sz / 2; ++i) {
200
+ d[i] = inl_qrdmlsh_s16(env, n[i], m[i], d[i]);
201
+ }
202
+ clear_tail(d, opr_sz, simd_maxsz(desc));
203
+}
204
+
205
/* Signed saturating rounding doubling multiply-accumulate high half, 32-bit */
206
uint32_t HELPER(neon_qrdmlah_s32)(CPUARMState *env, int32_t src1,
207
int32_t src2, int32_t src3)
208
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(neon_qrdmlah_s32)(CPUARMState *env, int32_t src1,
209
return ret;
210
}
211
212
+void HELPER(gvec_qrdmlah_s32)(void *vd, void *vn, void *vm,
213
+ void *ve, uint32_t desc)
214
+{
215
+ uintptr_t opr_sz = simd_oprsz(desc);
216
+ int32_t *d = vd;
217
+ int32_t *n = vn;
218
+ int32_t *m = vm;
219
+ CPUARMState *env = ve;
220
+ uintptr_t i;
221
+
222
+ for (i = 0; i < opr_sz / 4; ++i) {
223
+ d[i] = helper_neon_qrdmlah_s32(env, n[i], m[i], d[i]);
224
+ }
225
+ clear_tail(d, opr_sz, simd_maxsz(desc));
226
+}
227
+
228
/* Signed saturating rounding doubling multiply-subtract high half, 32-bit */
229
uint32_t HELPER(neon_qrdmlsh_s32)(CPUARMState *env, int32_t src1,
230
int32_t src2, int32_t src3)
231
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(neon_qrdmlsh_s32)(CPUARMState *env, int32_t src1,
232
}
233
return ret;
234
}
235
+
236
+void HELPER(gvec_qrdmlsh_s32)(void *vd, void *vn, void *vm,
237
+ void *ve, uint32_t desc)
238
+{
239
+ uintptr_t opr_sz = simd_oprsz(desc);
240
+ int32_t *d = vd;
241
+ int32_t *n = vn;
242
+ int32_t *m = vm;
243
+ CPUARMState *env = ve;
244
+ uintptr_t i;
245
+
246
+ for (i = 0; i < opr_sz / 4; ++i) {
247
+ d[i] = helper_neon_qrdmlsh_s32(env, n[i], m[i], d[i]);
248
+ }
249
+ clear_tail(d, opr_sz, simd_maxsz(desc));
250
+}
251
--
51
--
252
2.16.2
52
2.34.1
253
254
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
The LDG instruction loads the tag from a memory address (identified
2
by [Xn + offset]), and then merges that tag into the destination
3
register Xt. We implemented this correctly for the case when
4
allocation tags are enabled, but didn't get it right when ATA=0:
5
instead of merging the tag bits into Xt, we merged them into the
6
memory address [Xn + offset] and then set Xt to that.
2
7
3
Enable it for the "any" CPU used by *-linux-user.
8
Merge the tag bits into the old Xt value, as they should be.
4
9
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
Cc: qemu-stable@nongnu.org
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Fixes: c15294c1e36a7dd9b25 ("target/arm: Implement LDG, STG, ST2G instructions")
7
Message-id: 20180228193125.20577-17-richard.henderson@linaro.org
12
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
14
---
10
target/arm/cpu.c | 1 +
15
target/arm/tcg/translate-a64.c | 6 +++++-
11
target/arm/cpu64.c | 1 +
16
1 file changed, 5 insertions(+), 1 deletion(-)
12
2 files changed, 2 insertions(+)
13
17
14
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
18
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
15
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/cpu.c
20
--- a/target/arm/tcg/translate-a64.c
17
+++ b/target/arm/cpu.c
21
+++ b/target/arm/tcg/translate-a64.c
18
@@ -XXX,XX +XXX,XX @@ static void arm_any_initfn(Object *obj)
22
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_tag(DisasContext *s, uint32_t insn)
19
set_feature(&cpu->env, ARM_FEATURE_V8_PMULL);
23
if (s->ata) {
20
set_feature(&cpu->env, ARM_FEATURE_CRC);
24
gen_helper_ldg(tcg_rt, cpu_env, addr, tcg_rt);
21
set_feature(&cpu->env, ARM_FEATURE_V8_RDM);
25
} else {
22
+ set_feature(&cpu->env, ARM_FEATURE_V8_FCMA);
26
+ /*
23
cpu->midr = 0xffffffff;
27
+ * Tag access disabled: we must check for aborts on the load
24
}
28
+ * load from [rn+offset], and then insert a 0 tag into rt.
25
#endif
29
+ */
26
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
30
clean_addr = clean_data_tbi(s, addr);
27
index XXXXXXX..XXXXXXX 100644
31
gen_probe_access(s, clean_addr, MMU_DATA_LOAD, MO_8);
28
--- a/target/arm/cpu64.c
32
- gen_address_with_allocation_tag0(tcg_rt, addr);
29
+++ b/target/arm/cpu64.c
33
+ gen_address_with_allocation_tag0(tcg_rt, tcg_rt);
30
@@ -XXX,XX +XXX,XX @@ static void aarch64_any_initfn(Object *obj)
34
}
31
set_feature(&cpu->env, ARM_FEATURE_CRC);
35
} else {
32
set_feature(&cpu->env, ARM_FEATURE_V8_RDM);
36
tcg_rt = cpu_reg_sp(s, rt);
33
set_feature(&cpu->env, ARM_FEATURE_V8_FP16);
34
+ set_feature(&cpu->env, ARM_FEATURE_V8_FCMA);
35
cpu->ctr = 0x80038003; /* 32 byte I and D cacheline size, VIPT icache */
36
cpu->dcz_blocksize = 7; /* 512 bytes */
37
}
38
--
37
--
39
2.16.2
38
2.34.1
40
41
diff view generated by jsdifflib
1
The Cortex-M33 allows the system to specify the reset value of the
1
In disas_ldst_reg_imm9() we missed one place where a call to
2
secure Vector Table Offset Register (VTOR) by asserting config
2
a gen_mte_check* function should now be passed the memop we
3
signals. In particular, guest images for the MPS2 AN505 board rely
3
have created rather than just being passed the size. Fix this.
4
on the MPS2's initial VTOR being correct for that board.
5
Implement a QEMU property so board and SoC code can set the reset
6
value to the correct value.
7
4
5
Fixes: 0a9091424d ("target/arm: Pass memop to gen_mte_check1*")
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20180220180325.29818-7-peter.maydell@linaro.org
8
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
11
---
9
---
12
target/arm/cpu.h | 3 +++
10
target/arm/tcg/translate-a64.c | 2 +-
13
target/arm/cpu.c | 18 ++++++++++++++----
11
1 file changed, 1 insertion(+), 1 deletion(-)
14
2 files changed, 17 insertions(+), 4 deletions(-)
15
12
16
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
13
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
17
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/cpu.h
15
--- a/target/arm/tcg/translate-a64.c
19
+++ b/target/arm/cpu.h
16
+++ b/target/arm/tcg/translate-a64.c
20
@@ -XXX,XX +XXX,XX @@ struct ARMCPU {
17
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_imm9(DisasContext *s, uint32_t insn,
21
*/
18
22
uint32_t psci_conduit;
19
clean_addr = gen_mte_check1_mmuidx(s, dirty_addr, is_store,
23
20
writeback || rn != 31,
24
+ /* For v8M, initial value of the Secure VTOR */
21
- size, is_unpriv, memidx);
25
+ uint32_t init_svtor;
22
+ memop, is_unpriv, memidx);
26
+
23
27
/* [QEMU_]KVM_ARM_TARGET_* constant for this CPU, or
24
if (is_vector) {
28
* QEMU_KVM_ARM_TARGET_NONE if the kernel doesn't support this CPU type.
25
if (is_store) {
29
*/
30
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
31
index XXXXXXX..XXXXXXX 100644
32
--- a/target/arm/cpu.c
33
+++ b/target/arm/cpu.c
34
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(CPUState *s)
35
uint32_t initial_msp; /* Loaded from 0x0 */
36
uint32_t initial_pc; /* Loaded from 0x4 */
37
uint8_t *rom;
38
+ uint32_t vecbase;
39
40
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
41
env->v7m.secure = true;
42
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(CPUState *s)
43
/* Unlike A/R profile, M profile defines the reset LR value */
44
env->regs[14] = 0xffffffff;
45
46
- /* Load the initial SP and PC from the vector table at address 0 */
47
- rom = rom_ptr(0);
48
+ env->v7m.vecbase[M_REG_S] = cpu->init_svtor & 0xffffff80;
49
+
50
+ /* Load the initial SP and PC from offset 0 and 4 in the vector table */
51
+ vecbase = env->v7m.vecbase[env->v7m.secure];
52
+ rom = rom_ptr(vecbase);
53
if (rom) {
54
/* Address zero is covered by ROM which hasn't yet been
55
* copied into physical memory.
56
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(CPUState *s)
57
* it got copied into memory. In the latter case, rom_ptr
58
* will return a NULL pointer and we should use ldl_phys instead.
59
*/
60
- initial_msp = ldl_phys(s->as, 0);
61
- initial_pc = ldl_phys(s->as, 4);
62
+ initial_msp = ldl_phys(s->as, vecbase);
63
+ initial_pc = ldl_phys(s->as, vecbase + 4);
64
}
65
66
env->regs[13] = initial_msp & 0xFFFFFFFC;
67
@@ -XXX,XX +XXX,XX @@ static Property arm_cpu_pmsav7_dregion_property =
68
pmsav7_dregion,
69
qdev_prop_uint32, uint32_t);
70
71
+/* M profile: initial value of the Secure VTOR */
72
+static Property arm_cpu_initsvtor_property =
73
+ DEFINE_PROP_UINT32("init-svtor", ARMCPU, init_svtor, 0);
74
+
75
static void arm_cpu_post_init(Object *obj)
76
{
77
ARMCPU *cpu = ARM_CPU(obj);
78
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_post_init(Object *obj)
79
qdev_prop_allow_set_link_before_realize,
80
OBJ_PROP_LINK_UNREF_ON_RELEASE,
81
&error_abort);
82
+ qdev_property_add_static(DEVICE(obj), &arm_cpu_initsvtor_property,
83
+ &error_abort);
84
}
85
86
qdev_property_add_static(DEVICE(obj), &arm_cpu_cfgend_property,
87
--
26
--
88
2.16.2
27
2.34.1
89
28
90
29
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
In the recent refactoring we missed a few places which should be
2
calling finalize_memop_asimd() for ASIMD loads and stores but
3
instead are just calling finalize_memop(); fix these.
2
4
3
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
For the disas_ldst_single_struct() and disas_ldst_multiple_struct()
4
Message-id: 20180228193125.20577-13-richard.henderson@linaro.org
6
cases, this is not a behaviour change because there the size
7
is never MO_128 and the two finalize functions do the same thing.
8
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
[PMM: renamed e1/e2/e3/e4 to use the same naming as the version
10
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
of the pseudocode in the Arm ARM]
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
---
11
---
10
target/arm/helper.h | 11 ++++
12
target/arm/tcg/translate-a64.c | 10 ++++++----
11
target/arm/translate-a64.c | 94 +++++++++++++++++++++++++---
13
1 file changed, 6 insertions(+), 4 deletions(-)
12
target/arm/vec_helper.c | 149 +++++++++++++++++++++++++++++++++++++++++++++
13
3 files changed, 246 insertions(+), 8 deletions(-)
14
14
15
diff --git a/target/arm/helper.h b/target/arm/helper.h
15
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
16
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/helper.h
17
--- a/target/arm/tcg/translate-a64.c
18
+++ b/target/arm/helper.h
18
+++ b/target/arm/tcg/translate-a64.c
19
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_5(gvec_fcadds, TCG_CALL_NO_RWG,
19
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_roffset(DisasContext *s, uint32_t insn,
20
DEF_HELPER_FLAGS_5(gvec_fcaddd, TCG_CALL_NO_RWG,
20
if (!fp_access_check(s)) {
21
void, ptr, ptr, ptr, ptr, i32)
22
23
+DEF_HELPER_FLAGS_5(gvec_fcmlah, TCG_CALL_NO_RWG,
24
+ void, ptr, ptr, ptr, ptr, i32)
25
+DEF_HELPER_FLAGS_5(gvec_fcmlah_idx, TCG_CALL_NO_RWG,
26
+ void, ptr, ptr, ptr, ptr, i32)
27
+DEF_HELPER_FLAGS_5(gvec_fcmlas, TCG_CALL_NO_RWG,
28
+ void, ptr, ptr, ptr, ptr, i32)
29
+DEF_HELPER_FLAGS_5(gvec_fcmlas_idx, TCG_CALL_NO_RWG,
30
+ void, ptr, ptr, ptr, ptr, i32)
31
+DEF_HELPER_FLAGS_5(gvec_fcmlad, TCG_CALL_NO_RWG,
32
+ void, ptr, ptr, ptr, ptr, i32)
33
+
34
#ifdef TARGET_AARCH64
35
#include "helper-a64.h"
36
#endif
37
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
38
index XXXXXXX..XXXXXXX 100644
39
--- a/target/arm/translate-a64.c
40
+++ b/target/arm/translate-a64.c
41
@@ -XXX,XX +XXX,XX @@ static void disas_simd_three_reg_same_extra(DisasContext *s, uint32_t insn)
42
}
43
feature = ARM_FEATURE_V8_RDM;
44
break;
45
+ case 0x8: /* FCMLA, #0 */
46
+ case 0x9: /* FCMLA, #90 */
47
+ case 0xa: /* FCMLA, #180 */
48
+ case 0xb: /* FCMLA, #270 */
49
case 0xc: /* FCADD, #90 */
50
case 0xe: /* FCADD, #270 */
51
if (size == 0
52
@@ -XXX,XX +XXX,XX @@ static void disas_simd_three_reg_same_extra(DisasContext *s, uint32_t insn)
53
}
54
return;
55
56
+ case 0x8: /* FCMLA, #0 */
57
+ case 0x9: /* FCMLA, #90 */
58
+ case 0xa: /* FCMLA, #180 */
59
+ case 0xb: /* FCMLA, #270 */
60
+ rot = extract32(opcode, 0, 2);
61
+ switch (size) {
62
+ case 1:
63
+ gen_gvec_op3_fpst(s, is_q, rd, rn, rm, true, rot,
64
+ gen_helper_gvec_fcmlah);
65
+ break;
66
+ case 2:
67
+ gen_gvec_op3_fpst(s, is_q, rd, rn, rm, false, rot,
68
+ gen_helper_gvec_fcmlas);
69
+ break;
70
+ case 3:
71
+ gen_gvec_op3_fpst(s, is_q, rd, rn, rm, false, rot,
72
+ gen_helper_gvec_fcmlad);
73
+ break;
74
+ default:
75
+ g_assert_not_reached();
76
+ }
77
+ return;
78
+
79
case 0xc: /* FCADD, #90 */
80
case 0xe: /* FCADD, #270 */
81
rot = extract32(opcode, 1, 1);
82
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
83
int rn = extract32(insn, 5, 5);
84
int rd = extract32(insn, 0, 5);
85
bool is_long = false;
86
- bool is_fp = false;
87
+ int is_fp = 0;
88
bool is_fp16 = false;
89
int index;
90
TCGv_ptr fpst;
91
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
92
case 0x05: /* FMLS */
93
case 0x09: /* FMUL */
94
case 0x19: /* FMULX */
95
- is_fp = true;
96
+ is_fp = 1;
97
break;
98
case 0x1d: /* SQRDMLAH */
99
case 0x1f: /* SQRDMLSH */
100
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
101
return;
21
return;
102
}
22
}
103
break;
23
+ memop = finalize_memop_asimd(s, size);
104
+ case 0x11: /* FCMLA #0 */
24
} else {
105
+ case 0x13: /* FCMLA #90 */
25
if (size == 3 && opc == 2) {
106
+ case 0x15: /* FCMLA #180 */
26
/* PRFM - prefetch */
107
+ case 0x17: /* FCMLA #270 */
27
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_roffset(DisasContext *s, uint32_t insn,
108
+ if (!arm_dc_feature(s, ARM_FEATURE_V8_FCMA)) {
28
is_store = (opc == 0);
109
+ unallocated_encoding(s);
29
is_signed = !is_store && extract32(opc, 1, 1);
110
+ return;
30
is_extended = (size < 3) && extract32(opc, 0, 1);
111
+ }
31
+ memop = finalize_memop(s, size + is_signed * MO_SIGN);
112
+ is_fp = 2;
113
+ break;
114
default:
115
unallocated_encoding(s);
116
return;
117
}
32
}
118
33
119
- if (is_fp) {
34
if (rn == 31) {
120
+ switch (is_fp) {
35
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_roffset(DisasContext *s, uint32_t insn,
121
+ case 1: /* normal fp */
36
122
/* convert insn encoded size to TCGMemOp size */
37
tcg_gen_add_i64(dirty_addr, dirty_addr, tcg_rm);
123
switch (size) {
38
124
case 0: /* half-precision */
39
- memop = finalize_memop(s, size + is_signed * MO_SIGN);
125
- if (!arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
40
clean_addr = gen_mte_check1(s, dirty_addr, is_store, true, memop);
126
- unallocated_encoding(s);
41
127
- return;
42
if (is_vector) {
128
- }
43
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_unsigned_imm(DisasContext *s, uint32_t insn,
129
size = MO_16;
44
if (!fp_access_check(s)) {
130
+ is_fp16 = true;
131
break;
132
case MO_32: /* single precision */
133
case MO_64: /* double precision */
134
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
135
unallocated_encoding(s);
136
return;
45
return;
137
}
46
}
138
- } else {
47
+ memop = finalize_memop_asimd(s, size);
139
+ break;
48
} else {
140
+
49
if (size == 3 && opc == 2) {
141
+ case 2: /* complex fp */
50
/* PRFM - prefetch */
142
+ /* Each indexable element is a complex pair. */
51
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_unsigned_imm(DisasContext *s, uint32_t insn,
143
+ size <<= 1;
52
is_store = (opc == 0);
144
+ switch (size) {
53
is_signed = !is_store && extract32(opc, 1, 1);
145
+ case MO_32:
54
is_extended = (size < 3) && extract32(opc, 0, 1);
146
+ if (h && !is_q) {
55
+ memop = finalize_memop(s, size + is_signed * MO_SIGN);
147
+ unallocated_encoding(s);
148
+ return;
149
+ }
150
+ is_fp16 = true;
151
+ break;
152
+ case MO_64:
153
+ break;
154
+ default:
155
+ unallocated_encoding(s);
156
+ return;
157
+ }
158
+ break;
159
+
160
+ default: /* integer */
161
switch (size) {
162
case MO_8:
163
case MO_64:
164
unallocated_encoding(s);
165
return;
166
}
167
+ break;
168
+ }
169
+ if (is_fp16 && !arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
170
+ unallocated_encoding(s);
171
+ return;
172
}
56
}
173
57
174
/* Given TCGMemOp size, adjust register and indexing. */
58
if (rn == 31) {
175
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
59
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_unsigned_imm(DisasContext *s, uint32_t insn,
176
fpst = NULL;
60
offset = imm12 << size;
177
}
61
tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
178
62
179
+ switch (16 * u + opcode) {
63
- memop = finalize_memop(s, size + is_signed * MO_SIGN);
180
+ case 0x11: /* FCMLA #0 */
64
clean_addr = gen_mte_check1(s, dirty_addr, is_store, rn != 31, memop);
181
+ case 0x13: /* FCMLA #90 */
65
182
+ case 0x15: /* FCMLA #180 */
66
if (is_vector) {
183
+ case 0x17: /* FCMLA #270 */
67
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
184
+ tcg_gen_gvec_3_ptr(vec_full_reg_offset(s, rd),
68
* promote consecutive little-endian elements below.
185
+ vec_full_reg_offset(s, rn),
69
*/
186
+ vec_reg_offset(s, rm, index, size), fpst,
70
clean_addr = gen_mte_checkN(s, tcg_rn, is_store, is_postidx || rn != 31,
187
+ is_q ? 16 : 8, vec_full_reg_size(s),
71
- total, finalize_memop(s, size));
188
+ extract32(insn, 13, 2), /* rot */
72
+ total, finalize_memop_asimd(s, size));
189
+ size == MO_64
73
190
+ ? gen_helper_gvec_fcmlas_idx
74
/*
191
+ : gen_helper_gvec_fcmlah_idx);
75
* Consecutive little-endian elements from a single register
192
+ tcg_temp_free_ptr(fpst);
76
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
193
+ return;
77
total = selem << scale;
194
+ }
78
tcg_rn = cpu_reg_sp(s, rn);
195
+
79
196
if (size == 3) {
80
- mop = finalize_memop(s, scale);
197
TCGv_i64 tcg_idx = tcg_temp_new_i64();
81
+ mop = finalize_memop_asimd(s, scale);
198
int pass;
82
199
diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
83
clean_addr = gen_mte_checkN(s, tcg_rn, !is_load, is_postidx || rn != 31,
200
index XXXXXXX..XXXXXXX 100644
84
total, mop);
201
--- a/target/arm/vec_helper.c
202
+++ b/target/arm/vec_helper.c
203
@@ -XXX,XX +XXX,XX @@ void HELPER(gvec_fcaddd)(void *vd, void *vn, void *vm,
204
}
205
clear_tail(d, opr_sz, simd_maxsz(desc));
206
}
207
+
208
+void HELPER(gvec_fcmlah)(void *vd, void *vn, void *vm,
209
+ void *vfpst, uint32_t desc)
210
+{
211
+ uintptr_t opr_sz = simd_oprsz(desc);
212
+ float16 *d = vd;
213
+ float16 *n = vn;
214
+ float16 *m = vm;
215
+ float_status *fpst = vfpst;
216
+ intptr_t flip = extract32(desc, SIMD_DATA_SHIFT, 1);
217
+ uint32_t neg_imag = extract32(desc, SIMD_DATA_SHIFT + 1, 1);
218
+ uint32_t neg_real = flip ^ neg_imag;
219
+ uintptr_t i;
220
+
221
+ /* Shift boolean to the sign bit so we can xor to negate. */
222
+ neg_real <<= 15;
223
+ neg_imag <<= 15;
224
+
225
+ for (i = 0; i < opr_sz / 2; i += 2) {
226
+ float16 e2 = n[H2(i + flip)];
227
+ float16 e1 = m[H2(i + flip)] ^ neg_real;
228
+ float16 e4 = e2;
229
+ float16 e3 = m[H2(i + 1 - flip)] ^ neg_imag;
230
+
231
+ d[H2(i)] = float16_muladd(e2, e1, d[H2(i)], 0, fpst);
232
+ d[H2(i + 1)] = float16_muladd(e4, e3, d[H2(i + 1)], 0, fpst);
233
+ }
234
+ clear_tail(d, opr_sz, simd_maxsz(desc));
235
+}
236
+
237
+void HELPER(gvec_fcmlah_idx)(void *vd, void *vn, void *vm,
238
+ void *vfpst, uint32_t desc)
239
+{
240
+ uintptr_t opr_sz = simd_oprsz(desc);
241
+ float16 *d = vd;
242
+ float16 *n = vn;
243
+ float16 *m = vm;
244
+ float_status *fpst = vfpst;
245
+ intptr_t flip = extract32(desc, SIMD_DATA_SHIFT, 1);
246
+ uint32_t neg_imag = extract32(desc, SIMD_DATA_SHIFT + 1, 1);
247
+ uint32_t neg_real = flip ^ neg_imag;
248
+ uintptr_t i;
249
+ float16 e1 = m[H2(flip)];
250
+ float16 e3 = m[H2(1 - flip)];
251
+
252
+ /* Shift boolean to the sign bit so we can xor to negate. */
253
+ neg_real <<= 15;
254
+ neg_imag <<= 15;
255
+ e1 ^= neg_real;
256
+ e3 ^= neg_imag;
257
+
258
+ for (i = 0; i < opr_sz / 2; i += 2) {
259
+ float16 e2 = n[H2(i + flip)];
260
+ float16 e4 = e2;
261
+
262
+ d[H2(i)] = float16_muladd(e2, e1, d[H2(i)], 0, fpst);
263
+ d[H2(i + 1)] = float16_muladd(e4, e3, d[H2(i + 1)], 0, fpst);
264
+ }
265
+ clear_tail(d, opr_sz, simd_maxsz(desc));
266
+}
267
+
268
+void HELPER(gvec_fcmlas)(void *vd, void *vn, void *vm,
269
+ void *vfpst, uint32_t desc)
270
+{
271
+ uintptr_t opr_sz = simd_oprsz(desc);
272
+ float32 *d = vd;
273
+ float32 *n = vn;
274
+ float32 *m = vm;
275
+ float_status *fpst = vfpst;
276
+ intptr_t flip = extract32(desc, SIMD_DATA_SHIFT, 1);
277
+ uint32_t neg_imag = extract32(desc, SIMD_DATA_SHIFT + 1, 1);
278
+ uint32_t neg_real = flip ^ neg_imag;
279
+ uintptr_t i;
280
+
281
+ /* Shift boolean to the sign bit so we can xor to negate. */
282
+ neg_real <<= 31;
283
+ neg_imag <<= 31;
284
+
285
+ for (i = 0; i < opr_sz / 4; i += 2) {
286
+ float32 e2 = n[H4(i + flip)];
287
+ float32 e1 = m[H4(i + flip)] ^ neg_real;
288
+ float32 e4 = e2;
289
+ float32 e3 = m[H4(i + 1 - flip)] ^ neg_imag;
290
+
291
+ d[H4(i)] = float32_muladd(e2, e1, d[H4(i)], 0, fpst);
292
+ d[H4(i + 1)] = float32_muladd(e4, e3, d[H4(i + 1)], 0, fpst);
293
+ }
294
+ clear_tail(d, opr_sz, simd_maxsz(desc));
295
+}
296
+
297
+void HELPER(gvec_fcmlas_idx)(void *vd, void *vn, void *vm,
298
+ void *vfpst, uint32_t desc)
299
+{
300
+ uintptr_t opr_sz = simd_oprsz(desc);
301
+ float32 *d = vd;
302
+ float32 *n = vn;
303
+ float32 *m = vm;
304
+ float_status *fpst = vfpst;
305
+ intptr_t flip = extract32(desc, SIMD_DATA_SHIFT, 1);
306
+ uint32_t neg_imag = extract32(desc, SIMD_DATA_SHIFT + 1, 1);
307
+ uint32_t neg_real = flip ^ neg_imag;
308
+ uintptr_t i;
309
+ float32 e1 = m[H4(flip)];
310
+ float32 e3 = m[H4(1 - flip)];
311
+
312
+ /* Shift boolean to the sign bit so we can xor to negate. */
313
+ neg_real <<= 31;
314
+ neg_imag <<= 31;
315
+ e1 ^= neg_real;
316
+ e3 ^= neg_imag;
317
+
318
+ for (i = 0; i < opr_sz / 4; i += 2) {
319
+ float32 e2 = n[H4(i + flip)];
320
+ float32 e4 = e2;
321
+
322
+ d[H4(i)] = float32_muladd(e2, e1, d[H4(i)], 0, fpst);
323
+ d[H4(i + 1)] = float32_muladd(e4, e3, d[H4(i + 1)], 0, fpst);
324
+ }
325
+ clear_tail(d, opr_sz, simd_maxsz(desc));
326
+}
327
+
328
+void HELPER(gvec_fcmlad)(void *vd, void *vn, void *vm,
329
+ void *vfpst, uint32_t desc)
330
+{
331
+ uintptr_t opr_sz = simd_oprsz(desc);
332
+ float64 *d = vd;
333
+ float64 *n = vn;
334
+ float64 *m = vm;
335
+ float_status *fpst = vfpst;
336
+ intptr_t flip = extract32(desc, SIMD_DATA_SHIFT, 1);
337
+ uint64_t neg_imag = extract32(desc, SIMD_DATA_SHIFT + 1, 1);
338
+ uint64_t neg_real = flip ^ neg_imag;
339
+ uintptr_t i;
340
+
341
+ /* Shift boolean to the sign bit so we can xor to negate. */
342
+ neg_real <<= 63;
343
+ neg_imag <<= 63;
344
+
345
+ for (i = 0; i < opr_sz / 8; i += 2) {
346
+ float64 e2 = n[i + flip];
347
+ float64 e1 = m[i + flip] ^ neg_real;
348
+ float64 e4 = e2;
349
+ float64 e3 = m[i + 1 - flip] ^ neg_imag;
350
+
351
+ d[i] = float64_muladd(e2, e1, d[i], 0, fpst);
352
+ d[i + 1] = float64_muladd(e4, e3, d[i + 1], 0, fpst);
353
+ }
354
+ clear_tail(d, opr_sz, simd_maxsz(desc));
355
+}
356
--
85
--
357
2.16.2
86
2.34.1
358
359
diff view generated by jsdifflib
1
Create an "idau" property on the armv7m container object which
1
Convert the various instructions in the hint instruction space
2
we can forward to the CPU object. Annoyingly, we can't use
2
to decodetree.
3
object_property_add_alias() because the CPU object we want to
4
forward to doesn't exist until the armv7m container is realized.
5
3
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20180220180325.29818-6-peter.maydell@linaro.org
6
Message-id: 20230602155223.2040685-3-peter.maydell@linaro.org
9
---
7
---
10
include/hw/arm/armv7m.h | 3 +++
8
target/arm/tcg/a64.decode | 31 ++++
11
hw/arm/armv7m.c | 9 +++++++++
9
target/arm/tcg/translate-a64.c | 277 ++++++++++++++++++---------------
12
2 files changed, 12 insertions(+)
10
2 files changed, 185 insertions(+), 123 deletions(-)
13
11
14
diff --git a/include/hw/arm/armv7m.h b/include/hw/arm/armv7m.h
12
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
15
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
16
--- a/include/hw/arm/armv7m.h
14
--- a/target/arm/tcg/a64.decode
17
+++ b/include/hw/arm/armv7m.h
15
+++ b/target/arm/tcg/a64.decode
18
@@ -XXX,XX +XXX,XX @@
16
@@ -XXX,XX +XXX,XX @@ ERETA 1101011 0100 11111 00001 m:1 11111 11111 &reta # ERETAA, ERETAB
19
17
# the processor is in halting debug state (which we don't implement).
20
#include "hw/sysbus.h"
18
# The pattern is listed here as documentation.
21
#include "hw/intc/armv7m_nvic.h"
19
# DRPS 1101011 0101 11111 000000 11111 00000
22
+#include "target/arm/idau.h"
20
+
23
21
+# Hint instruction group
24
#define TYPE_BITBAND "ARM,bitband-memory"
22
+{
25
#define BITBAND(obj) OBJECT_CHECK(BitBandState, (obj), TYPE_BITBAND)
23
+ [
26
@@ -XXX,XX +XXX,XX @@ typedef struct {
24
+ YIELD 1101 0101 0000 0011 0010 0000 001 11111
27
* + Property "memory": MemoryRegion defining the physical address space
25
+ WFE 1101 0101 0000 0011 0010 0000 010 11111
28
* that CPU accesses see. (The NVIC, bitbanding and other CPU-internal
26
+ WFI 1101 0101 0000 0011 0010 0000 011 11111
29
* devices will be automatically layered on top of this view.)
27
+ # We implement WFE to never block, so our SEV/SEVL are NOPs
30
+ * + Property "idau": IDAU interface (forwarded to CPU object)
28
+ # SEV 1101 0101 0000 0011 0010 0000 100 11111
31
*/
29
+ # SEVL 1101 0101 0000 0011 0010 0000 101 11111
32
typedef struct ARMv7MState {
30
+ # Our DGL is a NOP because we don't merge memory accesses anyway.
33
/*< private >*/
31
+ # DGL 1101 0101 0000 0011 0010 0000 110 11111
34
@@ -XXX,XX +XXX,XX @@ typedef struct ARMv7MState {
32
+ XPACLRI 1101 0101 0000 0011 0010 0000 111 11111
35
char *cpu_type;
33
+ PACIA1716 1101 0101 0000 0011 0010 0001 000 11111
36
/* MemoryRegion the board provides to us (with its devices, RAM, etc) */
34
+ PACIB1716 1101 0101 0000 0011 0010 0001 010 11111
37
MemoryRegion *board_memory;
35
+ AUTIA1716 1101 0101 0000 0011 0010 0001 100 11111
38
+ Object *idau;
36
+ AUTIB1716 1101 0101 0000 0011 0010 0001 110 11111
39
} ARMv7MState;
37
+ ESB 1101 0101 0000 0011 0010 0010 000 11111
40
38
+ PACIAZ 1101 0101 0000 0011 0010 0011 000 11111
41
#endif
39
+ PACIASP 1101 0101 0000 0011 0010 0011 001 11111
42
diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
40
+ PACIBZ 1101 0101 0000 0011 0010 0011 010 11111
41
+ PACIBSP 1101 0101 0000 0011 0010 0011 011 11111
42
+ AUTIAZ 1101 0101 0000 0011 0010 0011 100 11111
43
+ AUTIASP 1101 0101 0000 0011 0010 0011 101 11111
44
+ AUTIBZ 1101 0101 0000 0011 0010 0011 110 11111
45
+ AUTIBSP 1101 0101 0000 0011 0010 0011 111 11111
46
+ ]
47
+ # The canonical NOP has CRm == op2 == 0, but all of the space
48
+ # that isn't specifically allocated to an instruction must NOP
49
+ NOP 1101 0101 0000 0011 0010 ---- --- 11111
50
+}
51
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
43
index XXXXXXX..XXXXXXX 100644
52
index XXXXXXX..XXXXXXX 100644
44
--- a/hw/arm/armv7m.c
53
--- a/target/arm/tcg/translate-a64.c
45
+++ b/hw/arm/armv7m.c
54
+++ b/target/arm/tcg/translate-a64.c
46
@@ -XXX,XX +XXX,XX @@
55
@@ -XXX,XX +XXX,XX @@ static bool trans_ERETA(DisasContext *s, arg_reta *a)
47
#include "sysemu/qtest.h"
56
return true;
48
#include "qemu/error-report.h"
57
}
49
#include "exec/address-spaces.h"
58
50
+#include "target/arm/idau.h"
59
-/* HINT instruction group, including various allocated HINTs */
51
60
-static void handle_hint(DisasContext *s, uint32_t insn,
52
/* Bitbanded IO. Each word corresponds to a single bit. */
61
- unsigned int op1, unsigned int op2, unsigned int crm)
53
62
+static bool trans_NOP(DisasContext *s, arg_NOP *a)
54
@@ -XXX,XX +XXX,XX @@ static void armv7m_realize(DeviceState *dev, Error **errp)
63
{
55
64
- unsigned int selector = crm << 3 | op2;
56
object_property_set_link(OBJECT(s->cpu), OBJECT(&s->container), "memory",
65
+ return true;
57
&error_abort);
66
+}
58
+ if (object_property_find(OBJECT(s->cpu), "idau", NULL)) {
67
59
+ object_property_set_link(OBJECT(s->cpu), s->idau, "idau", &err);
68
- if (op1 != 3) {
60
+ if (err != NULL) {
69
- unallocated_encoding(s);
61
+ error_propagate(errp, err);
70
- return;
62
+ return;
71
+static bool trans_YIELD(DisasContext *s, arg_YIELD *a)
63
+ }
72
+{
64
+ }
73
+ /*
65
object_property_set_bool(OBJECT(s->cpu), true, "realized", &err);
74
+ * When running in MTTCG we don't generate jumps to the yield and
66
if (err != NULL) {
75
+ * WFE helpers as it won't affect the scheduling of other vCPUs.
67
error_propagate(errp, err);
76
+ * If we wanted to more completely model WFE/SEV so we don't busy
68
@@ -XXX,XX +XXX,XX @@ static Property armv7m_properties[] = {
77
+ * spin unnecessarily we would need to do something more involved.
69
DEFINE_PROP_STRING("cpu-type", ARMv7MState, cpu_type),
78
+ */
70
DEFINE_PROP_LINK("memory", ARMv7MState, board_memory, TYPE_MEMORY_REGION,
79
+ if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
71
MemoryRegion *),
80
+ s->base.is_jmp = DISAS_YIELD;
72
+ DEFINE_PROP_LINK("idau", ARMv7MState, idau, TYPE_IDAU_INTERFACE, Object *),
81
}
73
DEFINE_PROP_END_OF_LIST(),
82
+ return true;
74
};
83
+}
75
84
85
- switch (selector) {
86
- case 0b00000: /* NOP */
87
- break;
88
- case 0b00011: /* WFI */
89
- s->base.is_jmp = DISAS_WFI;
90
- break;
91
- case 0b00001: /* YIELD */
92
- /* When running in MTTCG we don't generate jumps to the yield and
93
- * WFE helpers as it won't affect the scheduling of other vCPUs.
94
- * If we wanted to more completely model WFE/SEV so we don't busy
95
- * spin unnecessarily we would need to do something more involved.
96
+static bool trans_WFI(DisasContext *s, arg_WFI *a)
97
+{
98
+ s->base.is_jmp = DISAS_WFI;
99
+ return true;
100
+}
101
+
102
+static bool trans_WFE(DisasContext *s, arg_WFI *a)
103
+{
104
+ /*
105
+ * When running in MTTCG we don't generate jumps to the yield and
106
+ * WFE helpers as it won't affect the scheduling of other vCPUs.
107
+ * If we wanted to more completely model WFE/SEV so we don't busy
108
+ * spin unnecessarily we would need to do something more involved.
109
+ */
110
+ if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
111
+ s->base.is_jmp = DISAS_WFE;
112
+ }
113
+ return true;
114
+}
115
+
116
+static bool trans_XPACLRI(DisasContext *s, arg_XPACLRI *a)
117
+{
118
+ if (s->pauth_active) {
119
+ gen_helper_xpaci(cpu_X[30], cpu_env, cpu_X[30]);
120
+ }
121
+ return true;
122
+}
123
+
124
+static bool trans_PACIA1716(DisasContext *s, arg_PACIA1716 *a)
125
+{
126
+ if (s->pauth_active) {
127
+ gen_helper_pacia(cpu_X[17], cpu_env, cpu_X[17], cpu_X[16]);
128
+ }
129
+ return true;
130
+}
131
+
132
+static bool trans_PACIB1716(DisasContext *s, arg_PACIB1716 *a)
133
+{
134
+ if (s->pauth_active) {
135
+ gen_helper_pacib(cpu_X[17], cpu_env, cpu_X[17], cpu_X[16]);
136
+ }
137
+ return true;
138
+}
139
+
140
+static bool trans_AUTIA1716(DisasContext *s, arg_AUTIA1716 *a)
141
+{
142
+ if (s->pauth_active) {
143
+ gen_helper_autia(cpu_X[17], cpu_env, cpu_X[17], cpu_X[16]);
144
+ }
145
+ return true;
146
+}
147
+
148
+static bool trans_AUTIB1716(DisasContext *s, arg_AUTIB1716 *a)
149
+{
150
+ if (s->pauth_active) {
151
+ gen_helper_autib(cpu_X[17], cpu_env, cpu_X[17], cpu_X[16]);
152
+ }
153
+ return true;
154
+}
155
+
156
+static bool trans_ESB(DisasContext *s, arg_ESB *a)
157
+{
158
+ /* Without RAS, we must implement this as NOP. */
159
+ if (dc_isar_feature(aa64_ras, s)) {
160
+ /*
161
+ * QEMU does not have a source of physical SErrors,
162
+ * so we are only concerned with virtual SErrors.
163
+ * The pseudocode in the ARM for this case is
164
+ * if PSTATE.EL IN {EL0, EL1} && EL2Enabled() then
165
+ * AArch64.vESBOperation();
166
+ * Most of the condition can be evaluated at translation time.
167
+ * Test for EL2 present, and defer test for SEL2 to runtime.
168
*/
169
- if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
170
- s->base.is_jmp = DISAS_YIELD;
171
+ if (s->current_el <= 1 && arm_dc_feature(s, ARM_FEATURE_EL2)) {
172
+ gen_helper_vesb(cpu_env);
173
}
174
- break;
175
- case 0b00010: /* WFE */
176
- if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
177
- s->base.is_jmp = DISAS_WFE;
178
- }
179
- break;
180
- case 0b00100: /* SEV */
181
- case 0b00101: /* SEVL */
182
- case 0b00110: /* DGH */
183
- /* we treat all as NOP at least for now */
184
- break;
185
- case 0b00111: /* XPACLRI */
186
- if (s->pauth_active) {
187
- gen_helper_xpaci(cpu_X[30], cpu_env, cpu_X[30]);
188
- }
189
- break;
190
- case 0b01000: /* PACIA1716 */
191
- if (s->pauth_active) {
192
- gen_helper_pacia(cpu_X[17], cpu_env, cpu_X[17], cpu_X[16]);
193
- }
194
- break;
195
- case 0b01010: /* PACIB1716 */
196
- if (s->pauth_active) {
197
- gen_helper_pacib(cpu_X[17], cpu_env, cpu_X[17], cpu_X[16]);
198
- }
199
- break;
200
- case 0b01100: /* AUTIA1716 */
201
- if (s->pauth_active) {
202
- gen_helper_autia(cpu_X[17], cpu_env, cpu_X[17], cpu_X[16]);
203
- }
204
- break;
205
- case 0b01110: /* AUTIB1716 */
206
- if (s->pauth_active) {
207
- gen_helper_autib(cpu_X[17], cpu_env, cpu_X[17], cpu_X[16]);
208
- }
209
- break;
210
- case 0b10000: /* ESB */
211
- /* Without RAS, we must implement this as NOP. */
212
- if (dc_isar_feature(aa64_ras, s)) {
213
- /*
214
- * QEMU does not have a source of physical SErrors,
215
- * so we are only concerned with virtual SErrors.
216
- * The pseudocode in the ARM for this case is
217
- * if PSTATE.EL IN {EL0, EL1} && EL2Enabled() then
218
- * AArch64.vESBOperation();
219
- * Most of the condition can be evaluated at translation time.
220
- * Test for EL2 present, and defer test for SEL2 to runtime.
221
- */
222
- if (s->current_el <= 1 && arm_dc_feature(s, ARM_FEATURE_EL2)) {
223
- gen_helper_vesb(cpu_env);
224
- }
225
- }
226
- break;
227
- case 0b11000: /* PACIAZ */
228
- if (s->pauth_active) {
229
- gen_helper_pacia(cpu_X[30], cpu_env, cpu_X[30],
230
- tcg_constant_i64(0));
231
- }
232
- break;
233
- case 0b11001: /* PACIASP */
234
- if (s->pauth_active) {
235
- gen_helper_pacia(cpu_X[30], cpu_env, cpu_X[30], cpu_X[31]);
236
- }
237
- break;
238
- case 0b11010: /* PACIBZ */
239
- if (s->pauth_active) {
240
- gen_helper_pacib(cpu_X[30], cpu_env, cpu_X[30],
241
- tcg_constant_i64(0));
242
- }
243
- break;
244
- case 0b11011: /* PACIBSP */
245
- if (s->pauth_active) {
246
- gen_helper_pacib(cpu_X[30], cpu_env, cpu_X[30], cpu_X[31]);
247
- }
248
- break;
249
- case 0b11100: /* AUTIAZ */
250
- if (s->pauth_active) {
251
- gen_helper_autia(cpu_X[30], cpu_env, cpu_X[30],
252
- tcg_constant_i64(0));
253
- }
254
- break;
255
- case 0b11101: /* AUTIASP */
256
- if (s->pauth_active) {
257
- gen_helper_autia(cpu_X[30], cpu_env, cpu_X[30], cpu_X[31]);
258
- }
259
- break;
260
- case 0b11110: /* AUTIBZ */
261
- if (s->pauth_active) {
262
- gen_helper_autib(cpu_X[30], cpu_env, cpu_X[30],
263
- tcg_constant_i64(0));
264
- }
265
- break;
266
- case 0b11111: /* AUTIBSP */
267
- if (s->pauth_active) {
268
- gen_helper_autib(cpu_X[30], cpu_env, cpu_X[30], cpu_X[31]);
269
- }
270
- break;
271
- default:
272
- /* default specified as NOP equivalent */
273
- break;
274
}
275
+ return true;
276
+}
277
+
278
+static bool trans_PACIAZ(DisasContext *s, arg_PACIAZ *a)
279
+{
280
+ if (s->pauth_active) {
281
+ gen_helper_pacia(cpu_X[30], cpu_env, cpu_X[30], tcg_constant_i64(0));
282
+ }
283
+ return true;
284
+}
285
+
286
+static bool trans_PACIASP(DisasContext *s, arg_PACIASP *a)
287
+{
288
+ if (s->pauth_active) {
289
+ gen_helper_pacia(cpu_X[30], cpu_env, cpu_X[30], cpu_X[31]);
290
+ }
291
+ return true;
292
+}
293
+
294
+static bool trans_PACIBZ(DisasContext *s, arg_PACIBZ *a)
295
+{
296
+ if (s->pauth_active) {
297
+ gen_helper_pacib(cpu_X[30], cpu_env, cpu_X[30], tcg_constant_i64(0));
298
+ }
299
+ return true;
300
+}
301
+
302
+static bool trans_PACIBSP(DisasContext *s, arg_PACIBSP *a)
303
+{
304
+ if (s->pauth_active) {
305
+ gen_helper_pacib(cpu_X[30], cpu_env, cpu_X[30], cpu_X[31]);
306
+ }
307
+ return true;
308
+}
309
+
310
+static bool trans_AUTIAZ(DisasContext *s, arg_AUTIAZ *a)
311
+{
312
+ if (s->pauth_active) {
313
+ gen_helper_autia(cpu_X[30], cpu_env, cpu_X[30], tcg_constant_i64(0));
314
+ }
315
+ return true;
316
+}
317
+
318
+static bool trans_AUTIASP(DisasContext *s, arg_AUTIASP *a)
319
+{
320
+ if (s->pauth_active) {
321
+ gen_helper_autia(cpu_X[30], cpu_env, cpu_X[30], cpu_X[31]);
322
+ }
323
+ return true;
324
+}
325
+
326
+static bool trans_AUTIBZ(DisasContext *s, arg_AUTIBZ *a)
327
+{
328
+ if (s->pauth_active) {
329
+ gen_helper_autib(cpu_X[30], cpu_env, cpu_X[30], tcg_constant_i64(0));
330
+ }
331
+ return true;
332
+}
333
+
334
+static bool trans_AUTIBSP(DisasContext *s, arg_AUTIBSP *a)
335
+{
336
+ if (s->pauth_active) {
337
+ gen_helper_autib(cpu_X[30], cpu_env, cpu_X[30], cpu_X[31]);
338
+ }
339
+ return true;
340
}
341
342
static void gen_clrex(DisasContext *s, uint32_t insn)
343
@@ -XXX,XX +XXX,XX @@ static void disas_system(DisasContext *s, uint32_t insn)
344
return;
345
}
346
switch (crn) {
347
- case 2: /* HINT (including allocated hints like NOP, YIELD, etc) */
348
- handle_hint(s, insn, op1, op2, crm);
349
- break;
350
case 3: /* CLREX, DSB, DMB, ISB */
351
handle_sync(s, insn, op1, op2, crm);
352
break;
76
--
353
--
77
2.16.2
354
2.34.1
78
79
diff view generated by jsdifflib
1
The function qdev_init_gpio_in_named() passes the DeviceState pointer
1
Convert the insns in the "Barriers" instruction class to
2
as the opaque data pointor for the irq handler function. Usually
2
decodetree: CLREX, DSB, DMB, ISB and SB.
3
this is what you want, but in some cases it would be helpful to use
4
some other data pointer.
5
6
Add a new function qdev_init_gpio_in_named_with_opaque() which allows
7
the caller to specify the data pointer they want.
8
3
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
12
Message-id: 20180220180325.29818-12-peter.maydell@linaro.org
6
Message-id: 20230602155223.2040685-4-peter.maydell@linaro.org
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
13
---
8
---
14
include/hw/qdev-core.h | 30 ++++++++++++++++++++++++++++--
9
target/arm/tcg/a64.decode | 7 +++
15
hw/core/qdev.c | 8 +++++---
10
target/arm/tcg/translate-a64.c | 92 ++++++++++++++--------------------
16
2 files changed, 33 insertions(+), 5 deletions(-)
11
2 files changed, 46 insertions(+), 53 deletions(-)
17
12
18
diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
13
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
19
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
20
--- a/include/hw/qdev-core.h
15
--- a/target/arm/tcg/a64.decode
21
+++ b/include/hw/qdev-core.h
16
+++ b/target/arm/tcg/a64.decode
22
@@ -XXX,XX +XXX,XX @@ BusState *qdev_get_child_bus(DeviceState *dev, const char *name);
17
@@ -XXX,XX +XXX,XX @@ ERETA 1101011 0100 11111 00001 m:1 11111 11111 &reta # ERETAA, ERETAB
23
/* GPIO inputs also double as IRQ sinks. */
18
# that isn't specifically allocated to an instruction must NOP
24
void qdev_init_gpio_in(DeviceState *dev, qemu_irq_handler handler, int n);
19
NOP 1101 0101 0000 0011 0010 ---- --- 11111
25
void qdev_init_gpio_out(DeviceState *dev, qemu_irq *pins, int n);
20
}
26
-void qdev_init_gpio_in_named(DeviceState *dev, qemu_irq_handler handler,
27
- const char *name, int n);
28
void qdev_init_gpio_out_named(DeviceState *dev, qemu_irq *pins,
29
const char *name, int n);
30
+/**
31
+ * qdev_init_gpio_in_named_with_opaque: create an array of input GPIO lines
32
+ * for the specified device
33
+ *
34
+ * @dev: Device to create input GPIOs for
35
+ * @handler: Function to call when GPIO line value is set
36
+ * @opaque: Opaque data pointer to pass to @handler
37
+ * @name: Name of the GPIO input (must be unique for this device)
38
+ * @n: Number of GPIO lines in this input set
39
+ */
40
+void qdev_init_gpio_in_named_with_opaque(DeviceState *dev,
41
+ qemu_irq_handler handler,
42
+ void *opaque,
43
+ const char *name, int n);
44
+
21
+
45
+/**
22
+# Barriers
46
+ * qdev_init_gpio_in_named: create an array of input GPIO lines
23
+
47
+ * for the specified device
24
+CLREX 1101 0101 0000 0011 0011 ---- 010 11111
48
+ *
25
+DSB_DMB 1101 0101 0000 0011 0011 domain:2 types:2 10- 11111
49
+ * Like qdev_init_gpio_in_named_with_opaque(), but the opaque pointer
26
+ISB 1101 0101 0000 0011 0011 ---- 110 11111
50
+ * passed to the handler is @dev (which is the most commonly desired behaviour).
27
+SB 1101 0101 0000 0011 0011 0000 111 11111
51
+ */
28
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
52
+static inline void qdev_init_gpio_in_named(DeviceState *dev,
29
index XXXXXXX..XXXXXXX 100644
53
+ qemu_irq_handler handler,
30
--- a/target/arm/tcg/translate-a64.c
54
+ const char *name, int n)
31
+++ b/target/arm/tcg/translate-a64.c
32
@@ -XXX,XX +XXX,XX @@ static bool trans_AUTIBSP(DisasContext *s, arg_AUTIBSP *a)
33
return true;
34
}
35
36
-static void gen_clrex(DisasContext *s, uint32_t insn)
37
+static bool trans_CLREX(DisasContext *s, arg_CLREX *a)
38
{
39
tcg_gen_movi_i64(cpu_exclusive_addr, -1);
40
+ return true;
41
}
42
43
-/* CLREX, DSB, DMB, ISB */
44
-static void handle_sync(DisasContext *s, uint32_t insn,
45
- unsigned int op1, unsigned int op2, unsigned int crm)
46
+static bool trans_DSB_DMB(DisasContext *s, arg_DSB_DMB *a)
47
{
48
+ /* We handle DSB and DMB the same way */
49
TCGBar bar;
50
51
- if (op1 != 3) {
52
- unallocated_encoding(s);
53
- return;
54
+ switch (a->types) {
55
+ case 1: /* MBReqTypes_Reads */
56
+ bar = TCG_BAR_SC | TCG_MO_LD_LD | TCG_MO_LD_ST;
57
+ break;
58
+ case 2: /* MBReqTypes_Writes */
59
+ bar = TCG_BAR_SC | TCG_MO_ST_ST;
60
+ break;
61
+ default: /* MBReqTypes_All */
62
+ bar = TCG_BAR_SC | TCG_MO_ALL;
63
+ break;
64
}
65
+ tcg_gen_mb(bar);
66
+ return true;
67
+}
68
69
- switch (op2) {
70
- case 2: /* CLREX */
71
- gen_clrex(s, insn);
72
- return;
73
- case 4: /* DSB */
74
- case 5: /* DMB */
75
- switch (crm & 3) {
76
- case 1: /* MBReqTypes_Reads */
77
- bar = TCG_BAR_SC | TCG_MO_LD_LD | TCG_MO_LD_ST;
78
- break;
79
- case 2: /* MBReqTypes_Writes */
80
- bar = TCG_BAR_SC | TCG_MO_ST_ST;
81
- break;
82
- default: /* MBReqTypes_All */
83
- bar = TCG_BAR_SC | TCG_MO_ALL;
84
- break;
85
- }
86
- tcg_gen_mb(bar);
87
- return;
88
- case 6: /* ISB */
89
- /* We need to break the TB after this insn to execute
90
- * a self-modified code correctly and also to take
91
- * any pending interrupts immediately.
92
- */
93
- reset_btype(s);
94
- gen_goto_tb(s, 0, 4);
95
- return;
96
+static bool trans_ISB(DisasContext *s, arg_ISB *a)
55
+{
97
+{
56
+ qdev_init_gpio_in_named_with_opaque(dev, handler, dev, name, n);
98
+ /*
99
+ * We need to break the TB after this insn to execute
100
+ * self-modifying code correctly and also to take
101
+ * any pending interrupts immediately.
102
+ */
103
+ reset_btype(s);
104
+ gen_goto_tb(s, 0, 4);
105
+ return true;
57
+}
106
+}
58
107
59
void qdev_pass_gpios(DeviceState *dev, DeviceState *container,
108
- case 7: /* SB */
60
const char *name);
109
- if (crm != 0 || !dc_isar_feature(aa64_sb, s)) {
61
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
110
- goto do_unallocated;
62
index XXXXXXX..XXXXXXX 100644
111
- }
63
--- a/hw/core/qdev.c
112
- /*
64
+++ b/hw/core/qdev.c
113
- * TODO: There is no speculation barrier opcode for TCG;
65
@@ -XXX,XX +XXX,XX @@ static NamedGPIOList *qdev_get_named_gpio_list(DeviceState *dev,
114
- * MB and end the TB instead.
66
return ngl;
115
- */
116
- tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
117
- gen_goto_tb(s, 0, 4);
118
- return;
119
-
120
- default:
121
- do_unallocated:
122
- unallocated_encoding(s);
123
- return;
124
+static bool trans_SB(DisasContext *s, arg_SB *a)
125
+{
126
+ if (!dc_isar_feature(aa64_sb, s)) {
127
+ return false;
128
}
129
+ /*
130
+ * TODO: There is no speculation barrier opcode for TCG;
131
+ * MB and end the TB instead.
132
+ */
133
+ tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
134
+ gen_goto_tb(s, 0, 4);
135
+ return true;
67
}
136
}
68
137
69
-void qdev_init_gpio_in_named(DeviceState *dev, qemu_irq_handler handler,
138
static void gen_xaflag(void)
70
- const char *name, int n)
139
@@ -XXX,XX +XXX,XX @@ static void disas_system(DisasContext *s, uint32_t insn)
71
+void qdev_init_gpio_in_named_with_opaque(DeviceState *dev,
140
return;
72
+ qemu_irq_handler handler,
141
}
73
+ void *opaque,
142
switch (crn) {
74
+ const char *name, int n)
143
- case 3: /* CLREX, DSB, DMB, ISB */
75
{
144
- handle_sync(s, insn, op1, op2, crm);
76
int i;
145
- break;
77
NamedGPIOList *gpio_list = qdev_get_named_gpio_list(dev, name);
146
case 4: /* MSR (immediate) */
78
147
handle_msr_i(s, insn, op1, op2, crm);
79
assert(gpio_list->num_out == 0 || !name);
148
break;
80
gpio_list->in = qemu_extend_irqs(gpio_list->in, gpio_list->num_in, handler,
81
- dev, n);
82
+ opaque, n);
83
84
if (!name) {
85
name = "unnamed-gpio-in";
86
--
149
--
87
2.16.2
150
2.34.1
88
151
89
152
diff view generated by jsdifflib
1
Define a new board model for the MPS2 with an AN505 FPGA image
1
Convert the CFINV, XAFLAG and AXFLAG insns to decodetree.
2
containing a Cortex-M33. Since the FPGA images for TrustZone
2
The old decoder handles these in handle_msr_i(), but
3
cores (AN505, and the similar AN519 for Cortex-M23) have a
3
the architecture defines them as separate instructions
4
significantly different layout of devices to the non-TrustZone
4
from MSR (immediate).
5
images, we use a new source file rather than shoehorning them
6
into the existing mps2.c.
7
5
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20180220180325.29818-20-peter.maydell@linaro.org
8
Message-id: 20230602155223.2040685-5-peter.maydell@linaro.org
11
---
9
---
12
hw/arm/Makefile.objs | 1 +
10
target/arm/tcg/a64.decode | 6 ++++
13
hw/arm/mps2-tz.c | 503 +++++++++++++++++++++++++++++++++++++++++++++++++++
11
target/arm/tcg/translate-a64.c | 53 +++++++++++++++++-----------------
14
2 files changed, 504 insertions(+)
12
2 files changed, 32 insertions(+), 27 deletions(-)
15
create mode 100644 hw/arm/mps2-tz.c
16
13
17
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
14
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
18
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
19
--- a/hw/arm/Makefile.objs
16
--- a/target/arm/tcg/a64.decode
20
+++ b/hw/arm/Makefile.objs
17
+++ b/target/arm/tcg/a64.decode
21
@@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
18
@@ -XXX,XX +XXX,XX @@ CLREX 1101 0101 0000 0011 0011 ---- 010 11111
22
obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
19
DSB_DMB 1101 0101 0000 0011 0011 domain:2 types:2 10- 11111
23
obj-$(CONFIG_ASPEED_SOC) += aspeed_soc.o aspeed.o
20
ISB 1101 0101 0000 0011 0011 ---- 110 11111
24
obj-$(CONFIG_MPS2) += mps2.o
21
SB 1101 0101 0000 0011 0011 0000 111 11111
25
+obj-$(CONFIG_MPS2) += mps2-tz.o
26
obj-$(CONFIG_MSF2) += msf2-soc.o msf2-som.o
27
obj-$(CONFIG_IOTKIT) += iotkit.o
28
diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
29
new file mode 100644
30
index XXXXXXX..XXXXXXX
31
--- /dev/null
32
+++ b/hw/arm/mps2-tz.c
33
@@ -XXX,XX +XXX,XX @@
34
+/*
35
+ * ARM V2M MPS2 board emulation, trustzone aware FPGA images
36
+ *
37
+ * Copyright (c) 2017 Linaro Limited
38
+ * Written by Peter Maydell
39
+ *
40
+ * This program is free software; you can redistribute it and/or modify
41
+ * it under the terms of the GNU General Public License version 2 or
42
+ * (at your option) any later version.
43
+ */
44
+
22
+
45
+/* The MPS2 and MPS2+ dev boards are FPGA based (the 2+ has a bigger
23
+# PSTATE
46
+ * FPGA but is otherwise the same as the 2). Since the CPU itself
47
+ * and most of the devices are in the FPGA, the details of the board
48
+ * as seen by the guest depend significantly on the FPGA image.
49
+ * This source file covers the following FPGA images, for TrustZone cores:
50
+ * "mps2-an505" -- Cortex-M33 as documented in ARM Application Note AN505
51
+ *
52
+ * Links to the TRM for the board itself and to the various Application
53
+ * Notes which document the FPGA images can be found here:
54
+ * https://developer.arm.com/products/system-design/development-boards/fpga-prototyping-boards/mps2
55
+ *
56
+ * Board TRM:
57
+ * http://infocenter.arm.com/help/topic/com.arm.doc.100112_0200_06_en/versatile_express_cortex_m_prototyping_systems_v2m_mps2_and_v2m_mps2plus_technical_reference_100112_0200_06_en.pdf
58
+ * Application Note AN505:
59
+ * http://infocenter.arm.com/help/topic/com.arm.doc.dai0505b/index.html
60
+ *
61
+ * The AN505 defers to the Cortex-M33 processor ARMv8M IoT Kit FVP User Guide
62
+ * (ARM ECM0601256) for the details of some of the device layout:
63
+ * http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ecm0601256/index.html
64
+ */
65
+
24
+
66
+#include "qemu/osdep.h"
25
+CFINV 1101 0101 0000 0 000 0100 0000 000 11111
67
+#include "qapi/error.h"
26
+XAFLAG 1101 0101 0000 0 000 0100 0000 001 11111
68
+#include "qemu/error-report.h"
27
+AXFLAG 1101 0101 0000 0 000 0100 0000 010 11111
69
+#include "hw/arm/arm.h"
28
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
70
+#include "hw/arm/armv7m.h"
29
index XXXXXXX..XXXXXXX 100644
71
+#include "hw/or-irq.h"
30
--- a/target/arm/tcg/translate-a64.c
72
+#include "hw/boards.h"
31
+++ b/target/arm/tcg/translate-a64.c
73
+#include "exec/address-spaces.h"
32
@@ -XXX,XX +XXX,XX @@ static bool trans_SB(DisasContext *s, arg_SB *a)
74
+#include "sysemu/sysemu.h"
33
return true;
75
+#include "hw/misc/unimp.h"
34
}
76
+#include "hw/char/cmsdk-apb-uart.h"
35
77
+#include "hw/timer/cmsdk-apb-timer.h"
36
-static void gen_xaflag(void)
78
+#include "hw/misc/mps2-scc.h"
37
+static bool trans_CFINV(DisasContext *s, arg_CFINV *a)
79
+#include "hw/misc/mps2-fpgaio.h"
38
{
80
+#include "hw/arm/iotkit.h"
39
- TCGv_i32 z = tcg_temp_new_i32();
81
+#include "hw/devices.h"
40
+ if (!dc_isar_feature(aa64_condm_4, s)) {
82
+#include "net/net.h"
41
+ return false;
83
+#include "hw/core/split-irq.h"
42
+ }
84
+
43
+ tcg_gen_xori_i32(cpu_CF, cpu_CF, 1);
85
+typedef enum MPS2TZFPGAType {
44
+ return true;
86
+ FPGA_AN505,
87
+} MPS2TZFPGAType;
88
+
89
+typedef struct {
90
+ MachineClass parent;
91
+ MPS2TZFPGAType fpga_type;
92
+ uint32_t scc_id;
93
+} MPS2TZMachineClass;
94
+
95
+typedef struct {
96
+ MachineState parent;
97
+
98
+ IoTKit iotkit;
99
+ MemoryRegion psram;
100
+ MemoryRegion ssram1;
101
+ MemoryRegion ssram1_m;
102
+ MemoryRegion ssram23;
103
+ MPS2SCC scc;
104
+ MPS2FPGAIO fpgaio;
105
+ TZPPC ppc[5];
106
+ UnimplementedDeviceState ssram_mpc[3];
107
+ UnimplementedDeviceState spi[5];
108
+ UnimplementedDeviceState i2c[4];
109
+ UnimplementedDeviceState i2s_audio;
110
+ UnimplementedDeviceState gpio[5];
111
+ UnimplementedDeviceState dma[4];
112
+ UnimplementedDeviceState gfx;
113
+ CMSDKAPBUART uart[5];
114
+ SplitIRQ sec_resp_splitter;
115
+ qemu_or_irq uart_irq_orgate;
116
+} MPS2TZMachineState;
117
+
118
+#define TYPE_MPS2TZ_MACHINE "mps2tz"
119
+#define TYPE_MPS2TZ_AN505_MACHINE MACHINE_TYPE_NAME("mps2-an505")
120
+
121
+#define MPS2TZ_MACHINE(obj) \
122
+ OBJECT_CHECK(MPS2TZMachineState, obj, TYPE_MPS2TZ_MACHINE)
123
+#define MPS2TZ_MACHINE_GET_CLASS(obj) \
124
+ OBJECT_GET_CLASS(MPS2TZMachineClass, obj, TYPE_MPS2TZ_MACHINE)
125
+#define MPS2TZ_MACHINE_CLASS(klass) \
126
+ OBJECT_CLASS_CHECK(MPS2TZMachineClass, klass, TYPE_MPS2TZ_MACHINE)
127
+
128
+/* Main SYSCLK frequency in Hz */
129
+#define SYSCLK_FRQ 20000000
130
+
131
+/* Initialize the auxiliary RAM region @mr and map it into
132
+ * the memory map at @base.
133
+ */
134
+static void make_ram(MemoryRegion *mr, const char *name,
135
+ hwaddr base, hwaddr size)
136
+{
137
+ memory_region_init_ram(mr, NULL, name, size, &error_fatal);
138
+ memory_region_add_subregion(get_system_memory(), base, mr);
139
+}
45
+}
140
+
46
+
141
+/* Create an alias of an entire original MemoryRegion @orig
47
+static bool trans_XAFLAG(DisasContext *s, arg_XAFLAG *a)
142
+ * located at @base in the memory map.
143
+ */
144
+static void make_ram_alias(MemoryRegion *mr, const char *name,
145
+ MemoryRegion *orig, hwaddr base)
146
+{
48
+{
147
+ memory_region_init_alias(mr, NULL, name, orig, 0,
49
+ TCGv_i32 z;
148
+ memory_region_size(orig));
149
+ memory_region_add_subregion(get_system_memory(), base, mr);
150
+}
151
+
50
+
152
+static void init_sysbus_child(Object *parent, const char *childname,
51
+ if (!dc_isar_feature(aa64_condm_5, s)) {
153
+ void *child, size_t childsize,
52
+ return false;
154
+ const char *childtype)
155
+{
156
+ object_initialize(child, childsize, childtype);
157
+ object_property_add_child(parent, childname, OBJECT(child), &error_abort);
158
+ qdev_set_parent_bus(DEVICE(child), sysbus_get_default());
159
+
160
+}
161
+
162
+/* Most of the devices in the AN505 FPGA image sit behind
163
+ * Peripheral Protection Controllers. These data structures
164
+ * define the layout of which devices sit behind which PPCs.
165
+ * The devfn for each port is a function which creates, configures
166
+ * and initializes the device, returning the MemoryRegion which
167
+ * needs to be plugged into the downstream end of the PPC port.
168
+ */
169
+typedef MemoryRegion *MakeDevFn(MPS2TZMachineState *mms, void *opaque,
170
+ const char *name, hwaddr size);
171
+
172
+typedef struct PPCPortInfo {
173
+ const char *name;
174
+ MakeDevFn *devfn;
175
+ void *opaque;
176
+ hwaddr addr;
177
+ hwaddr size;
178
+} PPCPortInfo;
179
+
180
+typedef struct PPCInfo {
181
+ const char *name;
182
+ PPCPortInfo ports[TZ_NUM_PORTS];
183
+} PPCInfo;
184
+
185
+static MemoryRegion *make_unimp_dev(MPS2TZMachineState *mms,
186
+ void *opaque,
187
+ const char *name, hwaddr size)
188
+{
189
+ /* Initialize, configure and realize a TYPE_UNIMPLEMENTED_DEVICE,
190
+ * and return a pointer to its MemoryRegion.
191
+ */
192
+ UnimplementedDeviceState *uds = opaque;
193
+
194
+ init_sysbus_child(OBJECT(mms), name, uds,
195
+ sizeof(UnimplementedDeviceState),
196
+ TYPE_UNIMPLEMENTED_DEVICE);
197
+ qdev_prop_set_string(DEVICE(uds), "name", name);
198
+ qdev_prop_set_uint64(DEVICE(uds), "size", size);
199
+ object_property_set_bool(OBJECT(uds), true, "realized", &error_fatal);
200
+ return sysbus_mmio_get_region(SYS_BUS_DEVICE(uds), 0);
201
+}
202
+
203
+static MemoryRegion *make_uart(MPS2TZMachineState *mms, void *opaque,
204
+ const char *name, hwaddr size)
205
+{
206
+ CMSDKAPBUART *uart = opaque;
207
+ int i = uart - &mms->uart[0];
208
+ Chardev *uartchr = i < MAX_SERIAL_PORTS ? serial_hds[i] : NULL;
209
+ int rxirqno = i * 2;
210
+ int txirqno = i * 2 + 1;
211
+ int combirqno = i + 10;
212
+ SysBusDevice *s;
213
+ DeviceState *iotkitdev = DEVICE(&mms->iotkit);
214
+ DeviceState *orgate_dev = DEVICE(&mms->uart_irq_orgate);
215
+
216
+ init_sysbus_child(OBJECT(mms), name, uart,
217
+ sizeof(mms->uart[0]), TYPE_CMSDK_APB_UART);
218
+ qdev_prop_set_chr(DEVICE(uart), "chardev", uartchr);
219
+ qdev_prop_set_uint32(DEVICE(uart), "pclk-frq", SYSCLK_FRQ);
220
+ object_property_set_bool(OBJECT(uart), true, "realized", &error_fatal);
221
+ s = SYS_BUS_DEVICE(uart);
222
+ sysbus_connect_irq(s, 0, qdev_get_gpio_in_named(iotkitdev,
223
+ "EXP_IRQ", txirqno));
224
+ sysbus_connect_irq(s, 1, qdev_get_gpio_in_named(iotkitdev,
225
+ "EXP_IRQ", rxirqno));
226
+ sysbus_connect_irq(s, 2, qdev_get_gpio_in(orgate_dev, i * 2));
227
+ sysbus_connect_irq(s, 3, qdev_get_gpio_in(orgate_dev, i * 2 + 1));
228
+ sysbus_connect_irq(s, 4, qdev_get_gpio_in_named(iotkitdev,
229
+ "EXP_IRQ", combirqno));
230
+ return sysbus_mmio_get_region(SYS_BUS_DEVICE(uart), 0);
231
+}
232
+
233
+static MemoryRegion *make_scc(MPS2TZMachineState *mms, void *opaque,
234
+ const char *name, hwaddr size)
235
+{
236
+ MPS2SCC *scc = opaque;
237
+ DeviceState *sccdev;
238
+ MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_GET_CLASS(mms);
239
+
240
+ object_initialize(scc, sizeof(mms->scc), TYPE_MPS2_SCC);
241
+ sccdev = DEVICE(scc);
242
+ qdev_set_parent_bus(sccdev, sysbus_get_default());
243
+ qdev_prop_set_uint32(sccdev, "scc-cfg4", 0x2);
244
+ qdev_prop_set_uint32(sccdev, "scc-aid", 0x02000008);
245
+ qdev_prop_set_uint32(sccdev, "scc-id", mmc->scc_id);
246
+ object_property_set_bool(OBJECT(scc), true, "realized", &error_fatal);
247
+ return sysbus_mmio_get_region(SYS_BUS_DEVICE(sccdev), 0);
248
+}
249
+
250
+static MemoryRegion *make_fpgaio(MPS2TZMachineState *mms, void *opaque,
251
+ const char *name, hwaddr size)
252
+{
253
+ MPS2FPGAIO *fpgaio = opaque;
254
+
255
+ object_initialize(fpgaio, sizeof(mms->fpgaio), TYPE_MPS2_FPGAIO);
256
+ qdev_set_parent_bus(DEVICE(fpgaio), sysbus_get_default());
257
+ object_property_set_bool(OBJECT(fpgaio), true, "realized", &error_fatal);
258
+ return sysbus_mmio_get_region(SYS_BUS_DEVICE(fpgaio), 0);
259
+}
260
+
261
+static void mps2tz_common_init(MachineState *machine)
262
+{
263
+ MPS2TZMachineState *mms = MPS2TZ_MACHINE(machine);
264
+ MachineClass *mc = MACHINE_GET_CLASS(machine);
265
+ MemoryRegion *system_memory = get_system_memory();
266
+ DeviceState *iotkitdev;
267
+ DeviceState *dev_splitter;
268
+ int i;
269
+
270
+ if (strcmp(machine->cpu_type, mc->default_cpu_type) != 0) {
271
+ error_report("This board can only be used with CPU %s",
272
+ mc->default_cpu_type);
273
+ exit(1);
274
+ }
53
+ }
275
+
54
+
276
+ init_sysbus_child(OBJECT(machine), "iotkit", &mms->iotkit,
55
+ z = tcg_temp_new_i32();
277
+ sizeof(mms->iotkit), TYPE_IOTKIT);
56
278
+ iotkitdev = DEVICE(&mms->iotkit);
57
tcg_gen_setcondi_i32(TCG_COND_EQ, z, cpu_ZF, 0);
279
+ object_property_set_link(OBJECT(&mms->iotkit), OBJECT(system_memory),
58
280
+ "memory", &error_abort);
59
@@ -XXX,XX +XXX,XX @@ static void gen_xaflag(void)
281
+ qdev_prop_set_uint32(iotkitdev, "EXP_NUMIRQ", 92);
60
282
+ qdev_prop_set_uint32(iotkitdev, "MAINCLK", SYSCLK_FRQ);
61
/* C | Z */
283
+ object_property_set_bool(OBJECT(&mms->iotkit), true, "realized",
62
tcg_gen_or_i32(cpu_CF, cpu_CF, z);
284
+ &error_fatal);
285
+
63
+
286
+ /* The sec_resp_cfg output from the IoTKit must be split into multiple
64
+ return true;
287
+ * lines, one for each of the PPCs we create here.
65
}
288
+ */
66
289
+ object_initialize(&mms->sec_resp_splitter, sizeof(mms->sec_resp_splitter),
67
-static void gen_axflag(void)
290
+ TYPE_SPLIT_IRQ);
68
+static bool trans_AXFLAG(DisasContext *s, arg_AXFLAG *a)
291
+ object_property_add_child(OBJECT(machine), "sec-resp-splitter",
69
{
292
+ OBJECT(&mms->sec_resp_splitter), &error_abort);
70
+ if (!dc_isar_feature(aa64_condm_5, s)) {
293
+ object_property_set_int(OBJECT(&mms->sec_resp_splitter), 5,
71
+ return false;
294
+ "num-lines", &error_fatal);
295
+ object_property_set_bool(OBJECT(&mms->sec_resp_splitter), true,
296
+ "realized", &error_fatal);
297
+ dev_splitter = DEVICE(&mms->sec_resp_splitter);
298
+ qdev_connect_gpio_out_named(iotkitdev, "sec_resp_cfg", 0,
299
+ qdev_get_gpio_in(dev_splitter, 0));
300
+
301
+ /* The IoTKit sets up much of the memory layout, including
302
+ * the aliases between secure and non-secure regions in the
303
+ * address space. The FPGA itself contains:
304
+ *
305
+ * 0x00000000..0x003fffff SSRAM1
306
+ * 0x00400000..0x007fffff alias of SSRAM1
307
+ * 0x28000000..0x283fffff 4MB SSRAM2 + SSRAM3
308
+ * 0x40100000..0x4fffffff AHB Master Expansion 1 interface devices
309
+ * 0x80000000..0x80ffffff 16MB PSRAM
310
+ */
311
+
312
+ /* The FPGA images have an odd combination of different RAMs,
313
+ * because in hardware they are different implementations and
314
+ * connected to different buses, giving varying performance/size
315
+ * tradeoffs. For QEMU they're all just RAM, though. We arbitrarily
316
+ * call the 16MB our "system memory", as it's the largest lump.
317
+ */
318
+ memory_region_allocate_system_memory(&mms->psram,
319
+ NULL, "mps.ram", 0x01000000);
320
+ memory_region_add_subregion(system_memory, 0x80000000, &mms->psram);
321
+
322
+ /* The SSRAM memories should all be behind Memory Protection Controllers,
323
+ * but we don't implement that yet.
324
+ */
325
+ make_ram(&mms->ssram1, "mps.ssram1", 0x00000000, 0x00400000);
326
+ make_ram_alias(&mms->ssram1_m, "mps.ssram1_m", &mms->ssram1, 0x00400000);
327
+
328
+ make_ram(&mms->ssram23, "mps.ssram23", 0x28000000, 0x00400000);
329
+
330
+ /* The overflow IRQs for all UARTs are ORed together.
331
+ * Tx, Rx and "combined" IRQs are sent to the NVIC separately.
332
+ * Create the OR gate for this.
333
+ */
334
+ object_initialize(&mms->uart_irq_orgate, sizeof(mms->uart_irq_orgate),
335
+ TYPE_OR_IRQ);
336
+ object_property_add_child(OBJECT(mms), "uart-irq-orgate",
337
+ OBJECT(&mms->uart_irq_orgate), &error_abort);
338
+ object_property_set_int(OBJECT(&mms->uart_irq_orgate), 10, "num-lines",
339
+ &error_fatal);
340
+ object_property_set_bool(OBJECT(&mms->uart_irq_orgate), true,
341
+ "realized", &error_fatal);
342
+ qdev_connect_gpio_out(DEVICE(&mms->uart_irq_orgate), 0,
343
+ qdev_get_gpio_in_named(iotkitdev, "EXP_IRQ", 15));
344
+
345
+ /* Most of the devices in the FPGA are behind Peripheral Protection
346
+ * Controllers. The required order for initializing things is:
347
+ * + initialize the PPC
348
+ * + initialize, configure and realize downstream devices
349
+ * + connect downstream device MemoryRegions to the PPC
350
+ * + realize the PPC
351
+ * + map the PPC's MemoryRegions to the places in the address map
352
+ * where the downstream devices should appear
353
+ * + wire up the PPC's control lines to the IoTKit object
354
+ */
355
+
356
+ const PPCInfo ppcs[] = { {
357
+ .name = "apb_ppcexp0",
358
+ .ports = {
359
+ { "ssram-mpc0", make_unimp_dev, &mms->ssram_mpc[0],
360
+ 0x58007000, 0x1000 },
361
+ { "ssram-mpc1", make_unimp_dev, &mms->ssram_mpc[1],
362
+ 0x58008000, 0x1000 },
363
+ { "ssram-mpc2", make_unimp_dev, &mms->ssram_mpc[2],
364
+ 0x58009000, 0x1000 },
365
+ },
366
+ }, {
367
+ .name = "apb_ppcexp1",
368
+ .ports = {
369
+ { "spi0", make_unimp_dev, &mms->spi[0], 0x40205000, 0x1000 },
370
+ { "spi1", make_unimp_dev, &mms->spi[1], 0x40206000, 0x1000 },
371
+ { "spi2", make_unimp_dev, &mms->spi[2], 0x40209000, 0x1000 },
372
+ { "spi3", make_unimp_dev, &mms->spi[3], 0x4020a000, 0x1000 },
373
+ { "spi4", make_unimp_dev, &mms->spi[4], 0x4020b000, 0x1000 },
374
+ { "uart0", make_uart, &mms->uart[0], 0x40200000, 0x1000 },
375
+ { "uart1", make_uart, &mms->uart[1], 0x40201000, 0x1000 },
376
+ { "uart2", make_uart, &mms->uart[2], 0x40202000, 0x1000 },
377
+ { "uart3", make_uart, &mms->uart[3], 0x40203000, 0x1000 },
378
+ { "uart4", make_uart, &mms->uart[4], 0x40204000, 0x1000 },
379
+ { "i2c0", make_unimp_dev, &mms->i2c[0], 0x40207000, 0x1000 },
380
+ { "i2c1", make_unimp_dev, &mms->i2c[1], 0x40208000, 0x1000 },
381
+ { "i2c2", make_unimp_dev, &mms->i2c[2], 0x4020c000, 0x1000 },
382
+ { "i2c3", make_unimp_dev, &mms->i2c[3], 0x4020d000, 0x1000 },
383
+ },
384
+ }, {
385
+ .name = "apb_ppcexp2",
386
+ .ports = {
387
+ { "scc", make_scc, &mms->scc, 0x40300000, 0x1000 },
388
+ { "i2s-audio", make_unimp_dev, &mms->i2s_audio,
389
+ 0x40301000, 0x1000 },
390
+ { "fpgaio", make_fpgaio, &mms->fpgaio, 0x40302000, 0x1000 },
391
+ },
392
+ }, {
393
+ .name = "ahb_ppcexp0",
394
+ .ports = {
395
+ { "gfx", make_unimp_dev, &mms->gfx, 0x41000000, 0x140000 },
396
+ { "gpio0", make_unimp_dev, &mms->gpio[0], 0x40100000, 0x1000 },
397
+ { "gpio1", make_unimp_dev, &mms->gpio[1], 0x40101000, 0x1000 },
398
+ { "gpio2", make_unimp_dev, &mms->gpio[2], 0x40102000, 0x1000 },
399
+ { "gpio3", make_unimp_dev, &mms->gpio[3], 0x40103000, 0x1000 },
400
+ { "gpio4", make_unimp_dev, &mms->gpio[4], 0x40104000, 0x1000 },
401
+ },
402
+ }, {
403
+ .name = "ahb_ppcexp1",
404
+ .ports = {
405
+ { "dma0", make_unimp_dev, &mms->dma[0], 0x40110000, 0x1000 },
406
+ { "dma1", make_unimp_dev, &mms->dma[1], 0x40111000, 0x1000 },
407
+ { "dma2", make_unimp_dev, &mms->dma[2], 0x40112000, 0x1000 },
408
+ { "dma3", make_unimp_dev, &mms->dma[3], 0x40113000, 0x1000 },
409
+ },
410
+ },
411
+ };
412
+
413
+ for (i = 0; i < ARRAY_SIZE(ppcs); i++) {
414
+ const PPCInfo *ppcinfo = &ppcs[i];
415
+ TZPPC *ppc = &mms->ppc[i];
416
+ DeviceState *ppcdev;
417
+ int port;
418
+ char *gpioname;
419
+
420
+ init_sysbus_child(OBJECT(machine), ppcinfo->name, ppc,
421
+ sizeof(TZPPC), TYPE_TZ_PPC);
422
+ ppcdev = DEVICE(ppc);
423
+
424
+ for (port = 0; port < TZ_NUM_PORTS; port++) {
425
+ const PPCPortInfo *pinfo = &ppcinfo->ports[port];
426
+ MemoryRegion *mr;
427
+ char *portname;
428
+
429
+ if (!pinfo->devfn) {
430
+ continue;
431
+ }
432
+
433
+ mr = pinfo->devfn(mms, pinfo->opaque, pinfo->name, pinfo->size);
434
+ portname = g_strdup_printf("port[%d]", port);
435
+ object_property_set_link(OBJECT(ppc), OBJECT(mr),
436
+ portname, &error_fatal);
437
+ g_free(portname);
438
+ }
439
+
440
+ object_property_set_bool(OBJECT(ppc), true, "realized", &error_fatal);
441
+
442
+ for (port = 0; port < TZ_NUM_PORTS; port++) {
443
+ const PPCPortInfo *pinfo = &ppcinfo->ports[port];
444
+
445
+ if (!pinfo->devfn) {
446
+ continue;
447
+ }
448
+ sysbus_mmio_map(SYS_BUS_DEVICE(ppc), port, pinfo->addr);
449
+
450
+ gpioname = g_strdup_printf("%s_nonsec", ppcinfo->name);
451
+ qdev_connect_gpio_out_named(iotkitdev, gpioname, port,
452
+ qdev_get_gpio_in_named(ppcdev,
453
+ "cfg_nonsec",
454
+ port));
455
+ g_free(gpioname);
456
+ gpioname = g_strdup_printf("%s_ap", ppcinfo->name);
457
+ qdev_connect_gpio_out_named(iotkitdev, gpioname, port,
458
+ qdev_get_gpio_in_named(ppcdev,
459
+ "cfg_ap", port));
460
+ g_free(gpioname);
461
+ }
462
+
463
+ gpioname = g_strdup_printf("%s_irq_enable", ppcinfo->name);
464
+ qdev_connect_gpio_out_named(iotkitdev, gpioname, 0,
465
+ qdev_get_gpio_in_named(ppcdev,
466
+ "irq_enable", 0));
467
+ g_free(gpioname);
468
+ gpioname = g_strdup_printf("%s_irq_clear", ppcinfo->name);
469
+ qdev_connect_gpio_out_named(iotkitdev, gpioname, 0,
470
+ qdev_get_gpio_in_named(ppcdev,
471
+ "irq_clear", 0));
472
+ g_free(gpioname);
473
+ gpioname = g_strdup_printf("%s_irq_status", ppcinfo->name);
474
+ qdev_connect_gpio_out_named(ppcdev, "irq", 0,
475
+ qdev_get_gpio_in_named(iotkitdev,
476
+ gpioname, 0));
477
+ g_free(gpioname);
478
+
479
+ qdev_connect_gpio_out(dev_splitter, i,
480
+ qdev_get_gpio_in_named(ppcdev,
481
+ "cfg_sec_resp", 0));
482
+ }
72
+ }
483
+
73
+
484
+ /* In hardware this is a LAN9220; the LAN9118 is software compatible
74
tcg_gen_sari_i32(cpu_VF, cpu_VF, 31); /* V ? -1 : 0 */
485
+ * except that it doesn't support the checksum-offload feature.
75
tcg_gen_andc_i32(cpu_CF, cpu_CF, cpu_VF); /* C & !V */
486
+ * The ethernet controller is not behind a PPC.
76
487
+ */
77
@@ -XXX,XX +XXX,XX @@ static void gen_axflag(void)
488
+ lan9118_init(&nd_table[0], 0x42000000,
78
489
+ qdev_get_gpio_in_named(iotkitdev, "EXP_IRQ", 16));
79
tcg_gen_movi_i32(cpu_NF, 0);
80
tcg_gen_movi_i32(cpu_VF, 0);
490
+
81
+
491
+ create_unimplemented_device("FPGA NS PC", 0x48007000, 0x1000);
82
+ return true;
492
+
83
}
493
+ armv7m_load_kernel(ARM_CPU(first_cpu), machine->kernel_filename, 0x400000);
84
494
+}
85
/* MSR (immediate) - move immediate to processor state field */
495
+
86
@@ -XXX,XX +XXX,XX @@ static void handle_msr_i(DisasContext *s, uint32_t insn,
496
+static void mps2tz_class_init(ObjectClass *oc, void *data)
87
s->base.is_jmp = DISAS_TOO_MANY;
497
+{
88
498
+ MachineClass *mc = MACHINE_CLASS(oc);
89
switch (op) {
499
+
90
- case 0x00: /* CFINV */
500
+ mc->init = mps2tz_common_init;
91
- if (crm != 0 || !dc_isar_feature(aa64_condm_4, s)) {
501
+ mc->max_cpus = 1;
92
- goto do_unallocated;
502
+}
93
- }
503
+
94
- tcg_gen_xori_i32(cpu_CF, cpu_CF, 1);
504
+static void mps2tz_an505_class_init(ObjectClass *oc, void *data)
95
- s->base.is_jmp = DISAS_NEXT;
505
+{
96
- break;
506
+ MachineClass *mc = MACHINE_CLASS(oc);
97
-
507
+ MPS2TZMachineClass *mmc = MPS2TZ_MACHINE_CLASS(oc);
98
- case 0x01: /* XAFlag */
508
+
99
- if (crm != 0 || !dc_isar_feature(aa64_condm_5, s)) {
509
+ mc->desc = "ARM MPS2 with AN505 FPGA image for Cortex-M33";
100
- goto do_unallocated;
510
+ mmc->fpga_type = FPGA_AN505;
101
- }
511
+ mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-m33");
102
- gen_xaflag();
512
+ mmc->scc_id = 0x41040000 | (505 << 4);
103
- s->base.is_jmp = DISAS_NEXT;
513
+}
104
- break;
514
+
105
-
515
+static const TypeInfo mps2tz_info = {
106
- case 0x02: /* AXFlag */
516
+ .name = TYPE_MPS2TZ_MACHINE,
107
- if (crm != 0 || !dc_isar_feature(aa64_condm_5, s)) {
517
+ .parent = TYPE_MACHINE,
108
- goto do_unallocated;
518
+ .abstract = true,
109
- }
519
+ .instance_size = sizeof(MPS2TZMachineState),
110
- gen_axflag();
520
+ .class_size = sizeof(MPS2TZMachineClass),
111
- s->base.is_jmp = DISAS_NEXT;
521
+ .class_init = mps2tz_class_init,
112
- break;
522
+};
113
-
523
+
114
case 0x03: /* UAO */
524
+static const TypeInfo mps2tz_an505_info = {
115
if (!dc_isar_feature(aa64_uao, s) || s->current_el == 0) {
525
+ .name = TYPE_MPS2TZ_AN505_MACHINE,
116
goto do_unallocated;
526
+ .parent = TYPE_MPS2TZ_MACHINE,
527
+ .class_init = mps2tz_an505_class_init,
528
+};
529
+
530
+static void mps2tz_machine_init(void)
531
+{
532
+ type_register_static(&mps2tz_info);
533
+ type_register_static(&mps2tz_an505_info);
534
+}
535
+
536
+type_init(mps2tz_machine_init);
537
--
117
--
538
2.16.2
118
2.34.1
539
540
diff view generated by jsdifflib
1
Add a function load_ramdisk_as() which behaves like the existing
1
Convert the MSR (immediate) insn to decodetree. Our implementation
2
load_ramdisk() but allows the caller to specify the AddressSpace
2
has basically no commonality between the different destinations,
3
to use. This matches the pattern we have already for various
3
so we decode the destination register in a64.decode.
4
other loader functions.
5
4
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20180220180325.29818-2-peter.maydell@linaro.org
7
Message-id: 20230602155223.2040685-6-peter.maydell@linaro.org
10
---
8
---
11
include/hw/loader.h | 12 +++++++++++-
9
target/arm/tcg/a64.decode | 13 ++
12
hw/core/loader.c | 8 +++++++-
10
target/arm/tcg/translate-a64.c | 251 ++++++++++++++++-----------------
13
2 files changed, 18 insertions(+), 2 deletions(-)
11
2 files changed, 136 insertions(+), 128 deletions(-)
14
12
15
diff --git a/include/hw/loader.h b/include/hw/loader.h
13
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
16
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
17
--- a/include/hw/loader.h
15
--- a/target/arm/tcg/a64.decode
18
+++ b/include/hw/loader.h
16
+++ b/target/arm/tcg/a64.decode
19
@@ -XXX,XX +XXX,XX @@ int load_uimage(const char *filename, hwaddr *ep,
17
@@ -XXX,XX +XXX,XX @@ SB 1101 0101 0000 0011 0011 0000 111 11111
20
void *translate_opaque);
18
CFINV 1101 0101 0000 0 000 0100 0000 000 11111
21
19
XAFLAG 1101 0101 0000 0 000 0100 0000 001 11111
22
/**
20
AXFLAG 1101 0101 0000 0 000 0100 0000 010 11111
23
- * load_ramdisk:
21
+
24
+ * load_ramdisk_as:
22
+# These are architecturally all "MSR (immediate)"; we decode the destination
25
* @filename: Path to the ramdisk image
23
+# register too because there is no commonality in our implementation.
26
* @addr: Memory address to load the ramdisk to
24
+@msr_i .... .... .... . ... .... imm:4 ... .....
27
* @max_sz: Maximum allowed ramdisk size (for non-u-boot ramdisks)
25
+MSR_i_UAO 1101 0101 0000 0 000 0100 .... 011 11111 @msr_i
28
+ * @as: The AddressSpace to load the ELF to. The value of address_space_memory
26
+MSR_i_PAN 1101 0101 0000 0 000 0100 .... 100 11111 @msr_i
29
+ * is used if nothing is supplied here.
27
+MSR_i_SPSEL 1101 0101 0000 0 000 0100 .... 101 11111 @msr_i
30
*
28
+MSR_i_SBSS 1101 0101 0000 0 011 0100 .... 001 11111 @msr_i
31
* Load a ramdisk image with U-Boot header to the specified memory
29
+MSR_i_DIT 1101 0101 0000 0 011 0100 .... 010 11111 @msr_i
32
* address.
30
+MSR_i_TCO 1101 0101 0000 0 011 0100 .... 100 11111 @msr_i
33
*
31
+MSR_i_DAIFSET 1101 0101 0000 0 011 0100 .... 110 11111 @msr_i
34
* Returns the size of the loaded image on success, -1 otherwise.
32
+MSR_i_DAIFCLEAR 1101 0101 0000 0 011 0100 .... 111 11111 @msr_i
35
*/
33
+MSR_i_SVCR 1101 0101 0000 0 011 0100 0 mask:2 imm:1 011 11111
36
+int load_ramdisk_as(const char *filename, hwaddr addr, uint64_t max_sz,
34
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
37
+ AddressSpace *as);
38
+
39
+/**
40
+ * load_ramdisk:
41
+ * Same as load_ramdisk_as(), but doesn't allow the caller to specify
42
+ * an AddressSpace.
43
+ */
44
int load_ramdisk(const char *filename, hwaddr addr, uint64_t max_sz);
45
46
ssize_t gunzip(void *dst, size_t dstlen, uint8_t *src, size_t srclen);
47
diff --git a/hw/core/loader.c b/hw/core/loader.c
48
index XXXXXXX..XXXXXXX 100644
35
index XXXXXXX..XXXXXXX 100644
49
--- a/hw/core/loader.c
36
--- a/target/arm/tcg/translate-a64.c
50
+++ b/hw/core/loader.c
37
+++ b/target/arm/tcg/translate-a64.c
51
@@ -XXX,XX +XXX,XX @@ int load_uimage_as(const char *filename, hwaddr *ep, hwaddr *loadaddr,
38
@@ -XXX,XX +XXX,XX @@ static bool trans_AXFLAG(DisasContext *s, arg_AXFLAG *a)
52
39
return true;
53
/* Load a ramdisk. */
40
}
54
int load_ramdisk(const char *filename, hwaddr addr, uint64_t max_sz)
41
55
+{
42
-/* MSR (immediate) - move immediate to processor state field */
56
+ return load_ramdisk_as(filename, addr, max_sz, NULL);
43
-static void handle_msr_i(DisasContext *s, uint32_t insn,
57
+}
44
- unsigned int op1, unsigned int op2, unsigned int crm)
58
+
45
+static bool trans_MSR_i_UAO(DisasContext *s, arg_i *a)
59
+int load_ramdisk_as(const char *filename, hwaddr addr, uint64_t max_sz,
60
+ AddressSpace *as)
61
{
46
{
62
return load_uboot_image(filename, NULL, &addr, NULL, IH_TYPE_RAMDISK,
47
- int op = op1 << 3 | op2;
63
- NULL, NULL, NULL);
48
-
64
+ NULL, NULL, as);
49
- /* End the TB by default, chaining is ok. */
50
- s->base.is_jmp = DISAS_TOO_MANY;
51
-
52
- switch (op) {
53
- case 0x03: /* UAO */
54
- if (!dc_isar_feature(aa64_uao, s) || s->current_el == 0) {
55
- goto do_unallocated;
56
- }
57
- if (crm & 1) {
58
- set_pstate_bits(PSTATE_UAO);
59
- } else {
60
- clear_pstate_bits(PSTATE_UAO);
61
- }
62
- gen_rebuild_hflags(s);
63
- break;
64
-
65
- case 0x04: /* PAN */
66
- if (!dc_isar_feature(aa64_pan, s) || s->current_el == 0) {
67
- goto do_unallocated;
68
- }
69
- if (crm & 1) {
70
- set_pstate_bits(PSTATE_PAN);
71
- } else {
72
- clear_pstate_bits(PSTATE_PAN);
73
- }
74
- gen_rebuild_hflags(s);
75
- break;
76
-
77
- case 0x05: /* SPSel */
78
- if (s->current_el == 0) {
79
- goto do_unallocated;
80
- }
81
- gen_helper_msr_i_spsel(cpu_env, tcg_constant_i32(crm & PSTATE_SP));
82
- break;
83
-
84
- case 0x19: /* SSBS */
85
- if (!dc_isar_feature(aa64_ssbs, s)) {
86
- goto do_unallocated;
87
- }
88
- if (crm & 1) {
89
- set_pstate_bits(PSTATE_SSBS);
90
- } else {
91
- clear_pstate_bits(PSTATE_SSBS);
92
- }
93
- /* Don't need to rebuild hflags since SSBS is a nop */
94
- break;
95
-
96
- case 0x1a: /* DIT */
97
- if (!dc_isar_feature(aa64_dit, s)) {
98
- goto do_unallocated;
99
- }
100
- if (crm & 1) {
101
- set_pstate_bits(PSTATE_DIT);
102
- } else {
103
- clear_pstate_bits(PSTATE_DIT);
104
- }
105
- /* There's no need to rebuild hflags because DIT is a nop */
106
- break;
107
-
108
- case 0x1e: /* DAIFSet */
109
- gen_helper_msr_i_daifset(cpu_env, tcg_constant_i32(crm));
110
- break;
111
-
112
- case 0x1f: /* DAIFClear */
113
- gen_helper_msr_i_daifclear(cpu_env, tcg_constant_i32(crm));
114
- /* For DAIFClear, exit the cpu loop to re-evaluate pending IRQs. */
115
- s->base.is_jmp = DISAS_UPDATE_EXIT;
116
- break;
117
-
118
- case 0x1c: /* TCO */
119
- if (dc_isar_feature(aa64_mte, s)) {
120
- /* Full MTE is enabled -- set the TCO bit as directed. */
121
- if (crm & 1) {
122
- set_pstate_bits(PSTATE_TCO);
123
- } else {
124
- clear_pstate_bits(PSTATE_TCO);
125
- }
126
- gen_rebuild_hflags(s);
127
- /* Many factors, including TCO, go into MTE_ACTIVE. */
128
- s->base.is_jmp = DISAS_UPDATE_NOCHAIN;
129
- } else if (dc_isar_feature(aa64_mte_insn_reg, s)) {
130
- /* Only "instructions accessible at EL0" -- PSTATE.TCO is WI. */
131
- s->base.is_jmp = DISAS_NEXT;
132
- } else {
133
- goto do_unallocated;
134
- }
135
- break;
136
-
137
- case 0x1b: /* SVCR* */
138
- if (!dc_isar_feature(aa64_sme, s) || crm < 2 || crm > 7) {
139
- goto do_unallocated;
140
- }
141
- if (sme_access_check(s)) {
142
- int old = s->pstate_sm | (s->pstate_za << 1);
143
- int new = (crm & 1) * 3;
144
- int msk = (crm >> 1) & 3;
145
-
146
- if ((old ^ new) & msk) {
147
- /* At least one bit changes. */
148
- gen_helper_set_svcr(cpu_env, tcg_constant_i32(new),
149
- tcg_constant_i32(msk));
150
- } else {
151
- s->base.is_jmp = DISAS_NEXT;
152
- }
153
- }
154
- break;
155
-
156
- default:
157
- do_unallocated:
158
- unallocated_encoding(s);
159
- return;
160
+ if (!dc_isar_feature(aa64_uao, s) || s->current_el == 0) {
161
+ return false;
162
}
163
+ if (a->imm & 1) {
164
+ set_pstate_bits(PSTATE_UAO);
165
+ } else {
166
+ clear_pstate_bits(PSTATE_UAO);
167
+ }
168
+ gen_rebuild_hflags(s);
169
+ s->base.is_jmp = DISAS_TOO_MANY;
170
+ return true;
171
+}
172
+
173
+static bool trans_MSR_i_PAN(DisasContext *s, arg_i *a)
174
+{
175
+ if (!dc_isar_feature(aa64_pan, s) || s->current_el == 0) {
176
+ return false;
177
+ }
178
+ if (a->imm & 1) {
179
+ set_pstate_bits(PSTATE_PAN);
180
+ } else {
181
+ clear_pstate_bits(PSTATE_PAN);
182
+ }
183
+ gen_rebuild_hflags(s);
184
+ s->base.is_jmp = DISAS_TOO_MANY;
185
+ return true;
186
+}
187
+
188
+static bool trans_MSR_i_SPSEL(DisasContext *s, arg_i *a)
189
+{
190
+ if (s->current_el == 0) {
191
+ return false;
192
+ }
193
+ gen_helper_msr_i_spsel(cpu_env, tcg_constant_i32(a->imm & PSTATE_SP));
194
+ s->base.is_jmp = DISAS_TOO_MANY;
195
+ return true;
196
+}
197
+
198
+static bool trans_MSR_i_SBSS(DisasContext *s, arg_i *a)
199
+{
200
+ if (!dc_isar_feature(aa64_ssbs, s)) {
201
+ return false;
202
+ }
203
+ if (a->imm & 1) {
204
+ set_pstate_bits(PSTATE_SSBS);
205
+ } else {
206
+ clear_pstate_bits(PSTATE_SSBS);
207
+ }
208
+ /* Don't need to rebuild hflags since SSBS is a nop */
209
+ s->base.is_jmp = DISAS_TOO_MANY;
210
+ return true;
211
+}
212
+
213
+static bool trans_MSR_i_DIT(DisasContext *s, arg_i *a)
214
+{
215
+ if (!dc_isar_feature(aa64_dit, s)) {
216
+ return false;
217
+ }
218
+ if (a->imm & 1) {
219
+ set_pstate_bits(PSTATE_DIT);
220
+ } else {
221
+ clear_pstate_bits(PSTATE_DIT);
222
+ }
223
+ /* There's no need to rebuild hflags because DIT is a nop */
224
+ s->base.is_jmp = DISAS_TOO_MANY;
225
+ return true;
226
+}
227
+
228
+static bool trans_MSR_i_TCO(DisasContext *s, arg_i *a)
229
+{
230
+ if (dc_isar_feature(aa64_mte, s)) {
231
+ /* Full MTE is enabled -- set the TCO bit as directed. */
232
+ if (a->imm & 1) {
233
+ set_pstate_bits(PSTATE_TCO);
234
+ } else {
235
+ clear_pstate_bits(PSTATE_TCO);
236
+ }
237
+ gen_rebuild_hflags(s);
238
+ /* Many factors, including TCO, go into MTE_ACTIVE. */
239
+ s->base.is_jmp = DISAS_UPDATE_NOCHAIN;
240
+ return true;
241
+ } else if (dc_isar_feature(aa64_mte_insn_reg, s)) {
242
+ /* Only "instructions accessible at EL0" -- PSTATE.TCO is WI. */
243
+ return true;
244
+ } else {
245
+ /* Insn not present */
246
+ return false;
247
+ }
248
+}
249
+
250
+static bool trans_MSR_i_DAIFSET(DisasContext *s, arg_i *a)
251
+{
252
+ gen_helper_msr_i_daifset(cpu_env, tcg_constant_i32(a->imm));
253
+ s->base.is_jmp = DISAS_TOO_MANY;
254
+ return true;
255
+}
256
+
257
+static bool trans_MSR_i_DAIFCLEAR(DisasContext *s, arg_i *a)
258
+{
259
+ gen_helper_msr_i_daifclear(cpu_env, tcg_constant_i32(a->imm));
260
+ /* Exit the cpu loop to re-evaluate pending IRQs. */
261
+ s->base.is_jmp = DISAS_UPDATE_EXIT;
262
+ return true;
263
+}
264
+
265
+static bool trans_MSR_i_SVCR(DisasContext *s, arg_MSR_i_SVCR *a)
266
+{
267
+ if (!dc_isar_feature(aa64_sme, s) || a->mask == 0) {
268
+ return false;
269
+ }
270
+ if (sme_access_check(s)) {
271
+ int old = s->pstate_sm | (s->pstate_za << 1);
272
+ int new = a->imm * 3;
273
+
274
+ if ((old ^ new) & a->mask) {
275
+ /* At least one bit changes. */
276
+ gen_helper_set_svcr(cpu_env, tcg_constant_i32(new),
277
+ tcg_constant_i32(a->mask));
278
+ s->base.is_jmp = DISAS_TOO_MANY;
279
+ }
280
+ }
281
+ return true;
65
}
282
}
66
283
67
/* Load a gzip-compressed kernel to a dynamically allocated buffer. */
284
static void gen_get_nzcv(TCGv_i64 tcg_rt)
285
@@ -XXX,XX +XXX,XX @@ static void disas_system(DisasContext *s, uint32_t insn)
286
rt = extract32(insn, 0, 5);
287
288
if (op0 == 0) {
289
- if (l || rt != 31) {
290
- unallocated_encoding(s);
291
- return;
292
- }
293
- switch (crn) {
294
- case 4: /* MSR (immediate) */
295
- handle_msr_i(s, insn, op1, op2, crm);
296
- break;
297
- default:
298
- unallocated_encoding(s);
299
- break;
300
- }
301
+ unallocated_encoding(s);
302
return;
303
}
304
handle_sys(s, insn, l, op0, op1, op2, crn, crm, rt);
68
--
305
--
69
2.16.2
306
2.34.1
70
71
diff view generated by jsdifflib
1
The IoTKit Security Controller includes various registers
1
Convert MSR (reg), MRS, SYS, SYSL to decodetree. For QEMU these are
2
that expose to software the controls for the Peripheral
2
all essentially the same instruction (system register access).
3
Protection Controllers in the system. Implement these.
4
3
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20180220180325.29818-17-peter.maydell@linaro.org
6
Message-id: 20230602155223.2040685-7-peter.maydell@linaro.org
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
8
---
8
---
9
include/hw/misc/iotkit-secctl.h | 64 +++++++++-
9
target/arm/tcg/a64.decode | 8 ++++++++
10
hw/misc/iotkit-secctl.c | 270 +++++++++++++++++++++++++++++++++++++---
10
target/arm/tcg/translate-a64.c | 32 +++++---------------------------
11
2 files changed, 315 insertions(+), 19 deletions(-)
11
2 files changed, 13 insertions(+), 27 deletions(-)
12
12
13
diff --git a/include/hw/misc/iotkit-secctl.h b/include/hw/misc/iotkit-secctl.h
13
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
14
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
15
--- a/include/hw/misc/iotkit-secctl.h
15
--- a/target/arm/tcg/a64.decode
16
+++ b/include/hw/misc/iotkit-secctl.h
16
+++ b/target/arm/tcg/a64.decode
17
@@ -XXX,XX +XXX,XX @@
17
@@ -XXX,XX +XXX,XX @@ MSR_i_TCO 1101 0101 0000 0 011 0100 .... 100 11111 @msr_i
18
* QEMU interface:
18
MSR_i_DAIFSET 1101 0101 0000 0 011 0100 .... 110 11111 @msr_i
19
* + sysbus MMIO region 0 is the "secure privilege control block" registers
19
MSR_i_DAIFCLEAR 1101 0101 0000 0 011 0100 .... 111 11111 @msr_i
20
* + sysbus MMIO region 1 is the "non-secure privilege control block" registers
20
MSR_i_SVCR 1101 0101 0000 0 011 0100 0 mask:2 imm:1 011 11111
21
+ * + named GPIO output "sec_resp_cfg" indicating whether blocked accesses
21
+
22
+ * should RAZ/WI or bus error
22
+# MRS, MSR (register), SYS, SYSL. These are all essentially the
23
+ * Controlling the 2 APB PPCs in the IoTKit:
23
+# same instruction as far as QEMU is concerned.
24
+ * + named GPIO outputs apb_ppc0_nonsec[0..2] and apb_ppc1_nonsec
24
+# NB: op0 is bits [20:19], but op0=0b00 is other insns, so we have
25
+ * + named GPIO outputs apb_ppc0_ap[0..2] and apb_ppc1_ap
25
+# to hand-decode it.
26
+ * + named GPIO outputs apb_ppc{0,1}_irq_enable
26
+SYS 1101 0101 00 l:1 01 op1:3 crn:4 crm:4 op2:3 rt:5 op0=1
27
+ * + named GPIO outputs apb_ppc{0,1}_irq_clear
27
+SYS 1101 0101 00 l:1 10 op1:3 crn:4 crm:4 op2:3 rt:5 op0=2
28
+ * + named GPIO inputs apb_ppc{0,1}_irq_status
28
+SYS 1101 0101 00 l:1 11 op1:3 crn:4 crm:4 op2:3 rt:5 op0=3
29
+ * Controlling each of the 4 expansion APB PPCs which a system using the IoTKit
29
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
30
+ * might provide:
30
index XXXXXXX..XXXXXXX 100644
31
+ * + named GPIO outputs apb_ppcexp{0,1,2,3}_nonsec[0..15]
31
--- a/target/arm/tcg/translate-a64.c
32
+ * + named GPIO outputs apb_ppcexp{0,1,2,3}_ap[0..15]
32
+++ b/target/arm/tcg/translate-a64.c
33
+ * + named GPIO outputs apb_ppcexp{0,1,2,3}_irq_enable
33
@@ -XXX,XX +XXX,XX @@ static void gen_sysreg_undef(DisasContext *s, bool isread,
34
+ * + named GPIO outputs apb_ppcexp{0,1,2,3}_irq_clear
34
* These are all essentially the same insn in 'read' and 'write'
35
+ * + named GPIO inputs apb_ppcexp{0,1,2,3}_irq_status
35
* versions, with varying op0 fields.
36
+ * Controlling each of the 4 expansion AHB PPCs which a system using the IoTKit
37
+ * might provide:
38
+ * + named GPIO outputs ahb_ppcexp{0,1,2,3}_nonsec[0..15]
39
+ * + named GPIO outputs ahb_ppcexp{0,1,2,3}_ap[0..15]
40
+ * + named GPIO outputs ahb_ppcexp{0,1,2,3}_irq_enable
41
+ * + named GPIO outputs ahb_ppcexp{0,1,2,3}_irq_clear
42
+ * + named GPIO inputs ahb_ppcexp{0,1,2,3}_irq_status
43
*/
36
*/
44
37
-static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
45
#ifndef IOTKIT_SECCTL_H
38
+static void handle_sys(DisasContext *s, bool isread,
46
@@ -XXX,XX +XXX,XX @@
39
unsigned int op0, unsigned int op1, unsigned int op2,
47
#define TYPE_IOTKIT_SECCTL "iotkit-secctl"
40
unsigned int crn, unsigned int crm, unsigned int rt)
48
#define IOTKIT_SECCTL(obj) OBJECT_CHECK(IoTKitSecCtl, (obj), TYPE_IOTKIT_SECCTL)
49
50
-typedef struct IoTKitSecCtl {
51
+#define IOTS_APB_PPC0_NUM_PORTS 3
52
+#define IOTS_APB_PPC1_NUM_PORTS 1
53
+#define IOTS_PPC_NUM_PORTS 16
54
+#define IOTS_NUM_APB_PPC 2
55
+#define IOTS_NUM_APB_EXP_PPC 4
56
+#define IOTS_NUM_AHB_EXP_PPC 4
57
+
58
+typedef struct IoTKitSecCtl IoTKitSecCtl;
59
+
60
+/* State and IRQ lines relating to a PPC. For the
61
+ * PPCs in the IoTKit not all the IRQ lines are used.
62
+ */
63
+typedef struct IoTKitSecCtlPPC {
64
+ qemu_irq nonsec[IOTS_PPC_NUM_PORTS];
65
+ qemu_irq ap[IOTS_PPC_NUM_PORTS];
66
+ qemu_irq irq_enable;
67
+ qemu_irq irq_clear;
68
+
69
+ uint32_t ns;
70
+ uint32_t sp;
71
+ uint32_t nsp;
72
+
73
+ /* Number of ports actually present */
74
+ int numports;
75
+ /* Offset of this PPC's interrupt bits in SECPPCINTSTAT */
76
+ int irq_bit_offset;
77
+ IoTKitSecCtl *parent;
78
+} IoTKitSecCtlPPC;
79
+
80
+struct IoTKitSecCtl {
81
/*< private >*/
82
SysBusDevice parent_obj;
83
84
/*< public >*/
85
+ qemu_irq sec_resp_cfg;
86
87
MemoryRegion s_regs;
88
MemoryRegion ns_regs;
89
-} IoTKitSecCtl;
90
+
91
+ uint32_t secppcintstat;
92
+ uint32_t secppcinten;
93
+ uint32_t secrespcfg;
94
+
95
+ IoTKitSecCtlPPC apb[IOTS_NUM_APB_PPC];
96
+ IoTKitSecCtlPPC apbexp[IOTS_NUM_APB_EXP_PPC];
97
+ IoTKitSecCtlPPC ahbexp[IOTS_NUM_APB_EXP_PPC];
98
+};
99
100
#endif
101
diff --git a/hw/misc/iotkit-secctl.c b/hw/misc/iotkit-secctl.c
102
index XXXXXXX..XXXXXXX 100644
103
--- a/hw/misc/iotkit-secctl.c
104
+++ b/hw/misc/iotkit-secctl.c
105
@@ -XXX,XX +XXX,XX @@ static const uint8_t iotkit_secctl_ns_idregs[] = {
106
0x0d, 0xf0, 0x05, 0xb1,
107
};
108
109
+/* The register sets for the various PPCs (AHB internal, APB internal,
110
+ * AHB expansion, APB expansion) are all set up so that they are
111
+ * in 16-aligned blocks so offsets 0xN0, 0xN4, 0xN8, 0xNC are PPCs
112
+ * 0, 1, 2, 3 of that type, so we can convert a register address offset
113
+ * into an an index into a PPC array easily.
114
+ */
115
+static inline int offset_to_ppc_idx(uint32_t offset)
116
+{
117
+ return extract32(offset, 2, 2);
118
+}
119
+
120
+typedef void PerPPCFunction(IoTKitSecCtlPPC *ppc);
121
+
122
+static void foreach_ppc(IoTKitSecCtl *s, PerPPCFunction *fn)
123
+{
124
+ int i;
125
+
126
+ for (i = 0; i < IOTS_NUM_APB_PPC; i++) {
127
+ fn(&s->apb[i]);
128
+ }
129
+ for (i = 0; i < IOTS_NUM_APB_EXP_PPC; i++) {
130
+ fn(&s->apbexp[i]);
131
+ }
132
+ for (i = 0; i < IOTS_NUM_AHB_EXP_PPC; i++) {
133
+ fn(&s->ahbexp[i]);
134
+ }
135
+}
136
+
137
static MemTxResult iotkit_secctl_s_read(void *opaque, hwaddr addr,
138
uint64_t *pdata,
139
unsigned size, MemTxAttrs attrs)
140
{
41
{
141
uint64_t r;
42
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
142
uint32_t offset = addr & ~0x3;
43
}
143
+ IoTKitSecCtl *s = IOTKIT_SECCTL(opaque);
144
145
switch (offset) {
146
case A_AHBNSPPC0:
147
@@ -XXX,XX +XXX,XX @@ static MemTxResult iotkit_secctl_s_read(void *opaque, hwaddr addr,
148
r = 0;
149
break;
150
case A_SECRESPCFG:
151
- case A_NSCCFG:
152
- case A_SECMPCINTSTATUS:
153
+ r = s->secrespcfg;
154
+ break;
155
case A_SECPPCINTSTAT:
156
+ r = s->secppcintstat;
157
+ break;
158
case A_SECPPCINTEN:
159
- case A_SECMSCINTSTAT:
160
- case A_SECMSCINTEN:
161
- case A_BRGINTSTAT:
162
- case A_BRGINTEN:
163
+ r = s->secppcinten;
164
+ break;
165
case A_AHBNSPPCEXP0:
166
case A_AHBNSPPCEXP1:
167
case A_AHBNSPPCEXP2:
168
case A_AHBNSPPCEXP3:
169
+ r = s->ahbexp[offset_to_ppc_idx(offset)].ns;
170
+ break;
171
case A_APBNSPPC0:
172
case A_APBNSPPC1:
173
+ r = s->apb[offset_to_ppc_idx(offset)].ns;
174
+ break;
175
case A_APBNSPPCEXP0:
176
case A_APBNSPPCEXP1:
177
case A_APBNSPPCEXP2:
178
case A_APBNSPPCEXP3:
179
+ r = s->apbexp[offset_to_ppc_idx(offset)].ns;
180
+ break;
181
case A_AHBSPPPCEXP0:
182
case A_AHBSPPPCEXP1:
183
case A_AHBSPPPCEXP2:
184
case A_AHBSPPPCEXP3:
185
+ r = s->apbexp[offset_to_ppc_idx(offset)].sp;
186
+ break;
187
case A_APBSPPPC0:
188
case A_APBSPPPC1:
189
+ r = s->apb[offset_to_ppc_idx(offset)].sp;
190
+ break;
191
case A_APBSPPPCEXP0:
192
case A_APBSPPPCEXP1:
193
case A_APBSPPPCEXP2:
194
case A_APBSPPPCEXP3:
195
+ r = s->apbexp[offset_to_ppc_idx(offset)].sp;
196
+ break;
197
+ case A_NSCCFG:
198
+ case A_SECMPCINTSTATUS:
199
+ case A_SECMSCINTSTAT:
200
+ case A_SECMSCINTEN:
201
+ case A_BRGINTSTAT:
202
+ case A_BRGINTEN:
203
case A_NSMSCEXP:
204
qemu_log_mask(LOG_UNIMP,
205
"IoTKit SecCtl S block read: "
206
@@ -XXX,XX +XXX,XX @@ static MemTxResult iotkit_secctl_s_read(void *opaque, hwaddr addr,
207
return MEMTX_OK;
208
}
44
}
209
45
210
+static void iotkit_secctl_update_ppc_ap(IoTKitSecCtlPPC *ppc)
46
-/* System
211
+{
47
- * 31 22 21 20 19 18 16 15 12 11 8 7 5 4 0
212
+ int i;
48
- * +---------------------+---+-----+-----+-------+-------+-----+------+
213
+
49
- * | 1 1 0 1 0 1 0 1 0 0 | L | op0 | op1 | CRn | CRm | op2 | Rt |
214
+ for (i = 0; i < ppc->numports; i++) {
50
- * +---------------------+---+-----+-----+-------+-------+-----+------+
215
+ bool v;
51
- */
216
+
52
-static void disas_system(DisasContext *s, uint32_t insn)
217
+ if (extract32(ppc->ns, i, 1)) {
53
+static bool trans_SYS(DisasContext *s, arg_SYS *a)
218
+ v = extract32(ppc->nsp, i, 1);
219
+ } else {
220
+ v = extract32(ppc->sp, i, 1);
221
+ }
222
+ qemu_set_irq(ppc->ap[i], v);
223
+ }
224
+}
225
+
226
+static void iotkit_secctl_ppc_ns_write(IoTKitSecCtlPPC *ppc, uint32_t value)
227
+{
228
+ int i;
229
+
230
+ ppc->ns = value & MAKE_64BIT_MASK(0, ppc->numports);
231
+ for (i = 0; i < ppc->numports; i++) {
232
+ qemu_set_irq(ppc->nonsec[i], extract32(ppc->ns, i, 1));
233
+ }
234
+ iotkit_secctl_update_ppc_ap(ppc);
235
+}
236
+
237
+static void iotkit_secctl_ppc_sp_write(IoTKitSecCtlPPC *ppc, uint32_t value)
238
+{
239
+ ppc->sp = value & MAKE_64BIT_MASK(0, ppc->numports);
240
+ iotkit_secctl_update_ppc_ap(ppc);
241
+}
242
+
243
+static void iotkit_secctl_ppc_nsp_write(IoTKitSecCtlPPC *ppc, uint32_t value)
244
+{
245
+ ppc->nsp = value & MAKE_64BIT_MASK(0, ppc->numports);
246
+ iotkit_secctl_update_ppc_ap(ppc);
247
+}
248
+
249
+static void iotkit_secctl_ppc_update_irq_clear(IoTKitSecCtlPPC *ppc)
250
+{
251
+ uint32_t value = ppc->parent->secppcintstat;
252
+
253
+ qemu_set_irq(ppc->irq_clear, extract32(value, ppc->irq_bit_offset, 1));
254
+}
255
+
256
+static void iotkit_secctl_ppc_update_irq_enable(IoTKitSecCtlPPC *ppc)
257
+{
258
+ uint32_t value = ppc->parent->secppcinten;
259
+
260
+ qemu_set_irq(ppc->irq_enable, extract32(value, ppc->irq_bit_offset, 1));
261
+}
262
+
263
static MemTxResult iotkit_secctl_s_write(void *opaque, hwaddr addr,
264
uint64_t value,
265
unsigned size, MemTxAttrs attrs)
266
{
54
{
267
+ IoTKitSecCtl *s = IOTKIT_SECCTL(opaque);
55
- unsigned int l, op0, op1, crn, crm, op2, rt;
268
uint32_t offset = addr;
56
- l = extract32(insn, 21, 1);
269
+ IoTKitSecCtlPPC *ppc;
57
- op0 = extract32(insn, 19, 2);
270
58
- op1 = extract32(insn, 16, 3);
271
trace_iotkit_secctl_s_write(offset, value, size);
59
- crn = extract32(insn, 12, 4);
272
60
- crm = extract32(insn, 8, 4);
273
@@ -XXX,XX +XXX,XX @@ static MemTxResult iotkit_secctl_s_write(void *opaque, hwaddr addr,
61
- op2 = extract32(insn, 5, 3);
274
62
- rt = extract32(insn, 0, 5);
275
switch (offset) {
63
-
276
case A_SECRESPCFG:
64
- if (op0 == 0) {
277
- case A_NSCCFG:
65
- unallocated_encoding(s);
278
+ value &= 1;
66
- return;
279
+ s->secrespcfg = value;
67
- }
280
+ qemu_set_irq(s->sec_resp_cfg, s->secrespcfg);
68
- handle_sys(s, insn, l, op0, op1, op2, crn, crm, rt);
281
+ break;
69
+ handle_sys(s, a->l, a->op0, a->op1, a->op2, a->crn, a->crm, a->rt);
282
case A_SECPPCINTCLR:
70
+ return true;
283
+ value &= 0x00f000f3;
284
+ foreach_ppc(s, iotkit_secctl_ppc_update_irq_clear);
285
+ break;
286
case A_SECPPCINTEN:
287
- case A_SECMSCINTCLR:
288
- case A_SECMSCINTEN:
289
- case A_BRGINTCLR:
290
- case A_BRGINTEN:
291
+ s->secppcinten = value & 0x00f000f3;
292
+ foreach_ppc(s, iotkit_secctl_ppc_update_irq_enable);
293
+ break;
294
case A_AHBNSPPCEXP0:
295
case A_AHBNSPPCEXP1:
296
case A_AHBNSPPCEXP2:
297
case A_AHBNSPPCEXP3:
298
+ ppc = &s->ahbexp[offset_to_ppc_idx(offset)];
299
+ iotkit_secctl_ppc_ns_write(ppc, value);
300
+ break;
301
case A_APBNSPPC0:
302
case A_APBNSPPC1:
303
+ ppc = &s->apb[offset_to_ppc_idx(offset)];
304
+ iotkit_secctl_ppc_ns_write(ppc, value);
305
+ break;
306
case A_APBNSPPCEXP0:
307
case A_APBNSPPCEXP1:
308
case A_APBNSPPCEXP2:
309
case A_APBNSPPCEXP3:
310
+ ppc = &s->apbexp[offset_to_ppc_idx(offset)];
311
+ iotkit_secctl_ppc_ns_write(ppc, value);
312
+ break;
313
case A_AHBSPPPCEXP0:
314
case A_AHBSPPPCEXP1:
315
case A_AHBSPPPCEXP2:
316
case A_AHBSPPPCEXP3:
317
+ ppc = &s->ahbexp[offset_to_ppc_idx(offset)];
318
+ iotkit_secctl_ppc_sp_write(ppc, value);
319
+ break;
320
case A_APBSPPPC0:
321
case A_APBSPPPC1:
322
+ ppc = &s->apb[offset_to_ppc_idx(offset)];
323
+ iotkit_secctl_ppc_sp_write(ppc, value);
324
+ break;
325
case A_APBSPPPCEXP0:
326
case A_APBSPPPCEXP1:
327
case A_APBSPPPCEXP2:
328
case A_APBSPPPCEXP3:
329
+ ppc = &s->apbexp[offset_to_ppc_idx(offset)];
330
+ iotkit_secctl_ppc_sp_write(ppc, value);
331
+ break;
332
+ case A_NSCCFG:
333
+ case A_SECMSCINTCLR:
334
+ case A_SECMSCINTEN:
335
+ case A_BRGINTCLR:
336
+ case A_BRGINTEN:
337
qemu_log_mask(LOG_UNIMP,
338
"IoTKit SecCtl S block write: "
339
"unimplemented offset 0x%x\n", offset);
340
@@ -XXX,XX +XXX,XX @@ static MemTxResult iotkit_secctl_ns_read(void *opaque, hwaddr addr,
341
uint64_t *pdata,
342
unsigned size, MemTxAttrs attrs)
343
{
344
+ IoTKitSecCtl *s = IOTKIT_SECCTL(opaque);
345
uint64_t r;
346
uint32_t offset = addr & ~0x3;
347
348
@@ -XXX,XX +XXX,XX @@ static MemTxResult iotkit_secctl_ns_read(void *opaque, hwaddr addr,
349
case A_AHBNSPPPCEXP1:
350
case A_AHBNSPPPCEXP2:
351
case A_AHBNSPPPCEXP3:
352
+ r = s->ahbexp[offset_to_ppc_idx(offset)].nsp;
353
+ break;
354
case A_APBNSPPPC0:
355
case A_APBNSPPPC1:
356
+ r = s->apb[offset_to_ppc_idx(offset)].nsp;
357
+ break;
358
case A_APBNSPPPCEXP0:
359
case A_APBNSPPPCEXP1:
360
case A_APBNSPPPCEXP2:
361
case A_APBNSPPPCEXP3:
362
- qemu_log_mask(LOG_UNIMP,
363
- "IoTKit SecCtl NS block read: "
364
- "unimplemented offset 0x%x\n", offset);
365
+ r = s->apbexp[offset_to_ppc_idx(offset)].nsp;
366
break;
367
case A_PID4:
368
case A_PID5:
369
@@ -XXX,XX +XXX,XX @@ static MemTxResult iotkit_secctl_ns_write(void *opaque, hwaddr addr,
370
uint64_t value,
371
unsigned size, MemTxAttrs attrs)
372
{
373
+ IoTKitSecCtl *s = IOTKIT_SECCTL(opaque);
374
uint32_t offset = addr;
375
+ IoTKitSecCtlPPC *ppc;
376
377
trace_iotkit_secctl_ns_write(offset, value, size);
378
379
@@ -XXX,XX +XXX,XX @@ static MemTxResult iotkit_secctl_ns_write(void *opaque, hwaddr addr,
380
case A_AHBNSPPPCEXP1:
381
case A_AHBNSPPPCEXP2:
382
case A_AHBNSPPPCEXP3:
383
+ ppc = &s->ahbexp[offset_to_ppc_idx(offset)];
384
+ iotkit_secctl_ppc_nsp_write(ppc, value);
385
+ break;
386
case A_APBNSPPPC0:
387
case A_APBNSPPPC1:
388
+ ppc = &s->apb[offset_to_ppc_idx(offset)];
389
+ iotkit_secctl_ppc_nsp_write(ppc, value);
390
+ break;
391
case A_APBNSPPPCEXP0:
392
case A_APBNSPPPCEXP1:
393
case A_APBNSPPPCEXP2:
394
case A_APBNSPPPCEXP3:
395
- qemu_log_mask(LOG_UNIMP,
396
- "IoTKit SecCtl NS block write: "
397
- "unimplemented offset 0x%x\n", offset);
398
+ ppc = &s->apbexp[offset_to_ppc_idx(offset)];
399
+ iotkit_secctl_ppc_nsp_write(ppc, value);
400
break;
401
case A_AHBNSPPPC0:
402
case A_PID4:
403
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps iotkit_secctl_ns_ops = {
404
.impl.max_access_size = 4,
405
};
406
407
+static void iotkit_secctl_reset_ppc(IoTKitSecCtlPPC *ppc)
408
+{
409
+ ppc->ns = 0;
410
+ ppc->sp = 0;
411
+ ppc->nsp = 0;
412
+}
413
+
414
static void iotkit_secctl_reset(DeviceState *dev)
415
{
416
+ IoTKitSecCtl *s = IOTKIT_SECCTL(dev);
417
418
+ s->secppcintstat = 0;
419
+ s->secppcinten = 0;
420
+ s->secrespcfg = 0;
421
+
422
+ foreach_ppc(s, iotkit_secctl_reset_ppc);
423
+}
424
+
425
+static void iotkit_secctl_ppc_irqstatus(void *opaque, int n, int level)
426
+{
427
+ IoTKitSecCtlPPC *ppc = opaque;
428
+ IoTKitSecCtl *s = IOTKIT_SECCTL(ppc->parent);
429
+ int irqbit = ppc->irq_bit_offset + n;
430
+
431
+ s->secppcintstat = deposit32(s->secppcintstat, irqbit, 1, level);
432
+}
433
+
434
+static void iotkit_secctl_init_ppc(IoTKitSecCtl *s,
435
+ IoTKitSecCtlPPC *ppc,
436
+ const char *name,
437
+ int numports,
438
+ int irq_bit_offset)
439
+{
440
+ char *gpioname;
441
+ DeviceState *dev = DEVICE(s);
442
+
443
+ ppc->numports = numports;
444
+ ppc->irq_bit_offset = irq_bit_offset;
445
+ ppc->parent = s;
446
+
447
+ gpioname = g_strdup_printf("%s_nonsec", name);
448
+ qdev_init_gpio_out_named(dev, ppc->nonsec, gpioname, numports);
449
+ g_free(gpioname);
450
+ gpioname = g_strdup_printf("%s_ap", name);
451
+ qdev_init_gpio_out_named(dev, ppc->ap, gpioname, numports);
452
+ g_free(gpioname);
453
+ gpioname = g_strdup_printf("%s_irq_enable", name);
454
+ qdev_init_gpio_out_named(dev, &ppc->irq_enable, gpioname, 1);
455
+ g_free(gpioname);
456
+ gpioname = g_strdup_printf("%s_irq_clear", name);
457
+ qdev_init_gpio_out_named(dev, &ppc->irq_clear, gpioname, 1);
458
+ g_free(gpioname);
459
+ gpioname = g_strdup_printf("%s_irq_status", name);
460
+ qdev_init_gpio_in_named_with_opaque(dev, iotkit_secctl_ppc_irqstatus,
461
+ ppc, gpioname, 1);
462
+ g_free(gpioname);
463
}
71
}
464
72
465
static void iotkit_secctl_init(Object *obj)
73
/* Exception generation
466
{
74
@@ -XXX,XX +XXX,XX @@ static void disas_b_exc_sys(DisasContext *s, uint32_t insn)
467
IoTKitSecCtl *s = IOTKIT_SECCTL(obj);
75
switch (extract32(insn, 25, 7)) {
468
SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
76
case 0x6a: /* Exception generation / System */
469
+ DeviceState *dev = DEVICE(obj);
77
if (insn & (1 << 24)) {
470
+ int i;
78
- if (extract32(insn, 22, 2) == 0) {
471
+
79
- disas_system(s, insn);
472
+ iotkit_secctl_init_ppc(s, &s->apb[0], "apb_ppc0",
80
- } else {
473
+ IOTS_APB_PPC0_NUM_PORTS, 0);
81
- unallocated_encoding(s);
474
+ iotkit_secctl_init_ppc(s, &s->apb[1], "apb_ppc1",
82
- }
475
+ IOTS_APB_PPC1_NUM_PORTS, 1);
83
+ unallocated_encoding(s);
476
+
84
} else {
477
+ for (i = 0; i < IOTS_NUM_APB_EXP_PPC; i++) {
85
disas_exc(s, insn);
478
+ IoTKitSecCtlPPC *ppc = &s->apbexp[i];
86
}
479
+ char *ppcname = g_strdup_printf("apb_ppcexp%d", i);
480
+ iotkit_secctl_init_ppc(s, ppc, ppcname, IOTS_PPC_NUM_PORTS, 4 + i);
481
+ g_free(ppcname);
482
+ }
483
+ for (i = 0; i < IOTS_NUM_AHB_EXP_PPC; i++) {
484
+ IoTKitSecCtlPPC *ppc = &s->ahbexp[i];
485
+ char *ppcname = g_strdup_printf("ahb_ppcexp%d", i);
486
+ iotkit_secctl_init_ppc(s, ppc, ppcname, IOTS_PPC_NUM_PORTS, 20 + i);
487
+ g_free(ppcname);
488
+ }
489
+
490
+ qdev_init_gpio_out_named(dev, &s->sec_resp_cfg, "sec_resp_cfg", 1);
491
492
memory_region_init_io(&s->s_regs, obj, &iotkit_secctl_s_ops,
493
s, "iotkit-secctl-s-regs", 0x1000);
494
@@ -XXX,XX +XXX,XX @@ static void iotkit_secctl_init(Object *obj)
495
sysbus_init_mmio(sbd, &s->ns_regs);
496
}
497
498
+static const VMStateDescription iotkit_secctl_ppc_vmstate = {
499
+ .name = "iotkit-secctl-ppc",
500
+ .version_id = 1,
501
+ .minimum_version_id = 1,
502
+ .fields = (VMStateField[]) {
503
+ VMSTATE_UINT32(ns, IoTKitSecCtlPPC),
504
+ VMSTATE_UINT32(sp, IoTKitSecCtlPPC),
505
+ VMSTATE_UINT32(nsp, IoTKitSecCtlPPC),
506
+ VMSTATE_END_OF_LIST()
507
+ }
508
+};
509
+
510
static const VMStateDescription iotkit_secctl_vmstate = {
511
.name = "iotkit-secctl",
512
.version_id = 1,
513
.minimum_version_id = 1,
514
.fields = (VMStateField[]) {
515
+ VMSTATE_UINT32(secppcintstat, IoTKitSecCtl),
516
+ VMSTATE_UINT32(secppcinten, IoTKitSecCtl),
517
+ VMSTATE_UINT32(secrespcfg, IoTKitSecCtl),
518
+ VMSTATE_STRUCT_ARRAY(apb, IoTKitSecCtl, IOTS_NUM_APB_PPC, 1,
519
+ iotkit_secctl_ppc_vmstate, IoTKitSecCtlPPC),
520
+ VMSTATE_STRUCT_ARRAY(apbexp, IoTKitSecCtl, IOTS_NUM_APB_EXP_PPC, 1,
521
+ iotkit_secctl_ppc_vmstate, IoTKitSecCtlPPC),
522
+ VMSTATE_STRUCT_ARRAY(ahbexp, IoTKitSecCtl, IOTS_NUM_AHB_EXP_PPC, 1,
523
+ iotkit_secctl_ppc_vmstate, IoTKitSecCtlPPC),
524
VMSTATE_END_OF_LIST()
525
}
526
};
527
--
87
--
528
2.16.2
88
2.34.1
529
89
530
90
diff view generated by jsdifflib
1
From: Alistair Francis <alistair.francis@xilinx.com>
1
Convert the exception generation instructions SVC, HVC, SMC, BRK and
2
HLT to decodetree.
2
3
3
Allow the guest to determine the time set from the QEMU command line.
4
The old decoder decoded the halting-debug insnns DCPS1, DCPS2 and
5
DCPS3 just in order to then make them UNDEF; as with DRPS, we don't
6
bother to decode them, but document the patterns in a64.decode.
4
7
5
This includes adding a trace event to debug the new time.
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20230602155223.2040685-8-peter.maydell@linaro.org
11
---
12
target/arm/tcg/a64.decode | 15 +++
13
target/arm/tcg/translate-a64.c | 173 ++++++++++++---------------------
14
2 files changed, 79 insertions(+), 109 deletions(-)
6
15
7
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
16
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
8
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
include/hw/timer/xlnx-zynqmp-rtc.h | 2 ++
13
hw/timer/xlnx-zynqmp-rtc.c | 58 ++++++++++++++++++++++++++++++++++++++
14
hw/timer/trace-events | 3 ++
15
3 files changed, 63 insertions(+)
16
17
diff --git a/include/hw/timer/xlnx-zynqmp-rtc.h b/include/hw/timer/xlnx-zynqmp-rtc.h
18
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
19
--- a/include/hw/timer/xlnx-zynqmp-rtc.h
18
--- a/target/arm/tcg/a64.decode
20
+++ b/include/hw/timer/xlnx-zynqmp-rtc.h
19
+++ b/target/arm/tcg/a64.decode
21
@@ -XXX,XX +XXX,XX @@ typedef struct XlnxZynqMPRTC {
20
@@ -XXX,XX +XXX,XX @@ MSR_i_SVCR 1101 0101 0000 0 011 0100 0 mask:2 imm:1 011 11111
22
qemu_irq irq_rtc_int;
21
SYS 1101 0101 00 l:1 01 op1:3 crn:4 crm:4 op2:3 rt:5 op0=1
23
qemu_irq irq_addr_error_int;
22
SYS 1101 0101 00 l:1 10 op1:3 crn:4 crm:4 op2:3 rt:5 op0=2
24
23
SYS 1101 0101 00 l:1 11 op1:3 crn:4 crm:4 op2:3 rt:5 op0=3
25
+ uint32_t tick_offset;
24
+
26
+
25
+# Exception generation
27
uint32_t regs[XLNX_ZYNQMP_RTC_R_MAX];
26
+
28
RegisterInfo regs_info[XLNX_ZYNQMP_RTC_R_MAX];
27
+@i16 .... .... ... imm:16 ... .. &i
29
} XlnxZynqMPRTC;
28
+SVC 1101 0100 000 ................ 000 01 @i16
30
diff --git a/hw/timer/xlnx-zynqmp-rtc.c b/hw/timer/xlnx-zynqmp-rtc.c
29
+HVC 1101 0100 000 ................ 000 10 @i16
30
+SMC 1101 0100 000 ................ 000 11 @i16
31
+BRK 1101 0100 001 ................ 000 00 @i16
32
+HLT 1101 0100 010 ................ 000 00 @i16
33
+# These insns always UNDEF unless in halting debug state, which
34
+# we don't implement. So we don't need to decode them. The patterns
35
+# are listed here as documentation.
36
+# DCPS1 1101 0100 101 ................ 000 01 @i16
37
+# DCPS2 1101 0100 101 ................ 000 10 @i16
38
+# DCPS3 1101 0100 101 ................ 000 11 @i16
39
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
31
index XXXXXXX..XXXXXXX 100644
40
index XXXXXXX..XXXXXXX 100644
32
--- a/hw/timer/xlnx-zynqmp-rtc.c
41
--- a/target/arm/tcg/translate-a64.c
33
+++ b/hw/timer/xlnx-zynqmp-rtc.c
42
+++ b/target/arm/tcg/translate-a64.c
34
@@ -XXX,XX +XXX,XX @@
43
@@ -XXX,XX +XXX,XX @@ static bool trans_SYS(DisasContext *s, arg_SYS *a)
35
#include "hw/register.h"
44
return true;
36
#include "qemu/bitops.h"
37
#include "qemu/log.h"
38
+#include "hw/ptimer.h"
39
+#include "qemu/cutils.h"
40
+#include "sysemu/sysemu.h"
41
+#include "trace.h"
42
#include "hw/timer/xlnx-zynqmp-rtc.h"
43
44
#ifndef XLNX_ZYNQMP_RTC_ERR_DEBUG
45
@@ -XXX,XX +XXX,XX @@ static void addr_error_int_update_irq(XlnxZynqMPRTC *s)
46
qemu_set_irq(s->irq_addr_error_int, pending);
47
}
45
}
48
46
49
+static uint32_t rtc_get_count(XlnxZynqMPRTC *s)
47
-/* Exception generation
48
- *
49
- * 31 24 23 21 20 5 4 2 1 0
50
- * +-----------------+-----+------------------------+-----+----+
51
- * | 1 1 0 1 0 1 0 0 | opc | imm16 | op2 | LL |
52
- * +-----------------------+------------------------+----------+
53
- */
54
-static void disas_exc(DisasContext *s, uint32_t insn)
55
+static bool trans_SVC(DisasContext *s, arg_i *a)
56
{
57
- int opc = extract32(insn, 21, 3);
58
- int op2_ll = extract32(insn, 0, 5);
59
- int imm16 = extract32(insn, 5, 16);
60
- uint32_t syndrome;
61
-
62
- switch (opc) {
63
- case 0:
64
- /* For SVC, HVC and SMC we advance the single-step state
65
- * machine before taking the exception. This is architecturally
66
- * mandated, to ensure that single-stepping a system call
67
- * instruction works properly.
68
- */
69
- switch (op2_ll) {
70
- case 1: /* SVC */
71
- syndrome = syn_aa64_svc(imm16);
72
- if (s->fgt_svc) {
73
- gen_exception_insn_el(s, 0, EXCP_UDEF, syndrome, 2);
74
- break;
75
- }
76
- gen_ss_advance(s);
77
- gen_exception_insn(s, 4, EXCP_SWI, syndrome);
78
- break;
79
- case 2: /* HVC */
80
- if (s->current_el == 0) {
81
- unallocated_encoding(s);
82
- break;
83
- }
84
- /* The pre HVC helper handles cases when HVC gets trapped
85
- * as an undefined insn by runtime configuration.
86
- */
87
- gen_a64_update_pc(s, 0);
88
- gen_helper_pre_hvc(cpu_env);
89
- gen_ss_advance(s);
90
- gen_exception_insn_el(s, 4, EXCP_HVC, syn_aa64_hvc(imm16), 2);
91
- break;
92
- case 3: /* SMC */
93
- if (s->current_el == 0) {
94
- unallocated_encoding(s);
95
- break;
96
- }
97
- gen_a64_update_pc(s, 0);
98
- gen_helper_pre_smc(cpu_env, tcg_constant_i32(syn_aa64_smc(imm16)));
99
- gen_ss_advance(s);
100
- gen_exception_insn_el(s, 4, EXCP_SMC, syn_aa64_smc(imm16), 3);
101
- break;
102
- default:
103
- unallocated_encoding(s);
104
- break;
105
- }
106
- break;
107
- case 1:
108
- if (op2_ll != 0) {
109
- unallocated_encoding(s);
110
- break;
111
- }
112
- /* BRK */
113
- gen_exception_bkpt_insn(s, syn_aa64_bkpt(imm16));
114
- break;
115
- case 2:
116
- if (op2_ll != 0) {
117
- unallocated_encoding(s);
118
- break;
119
- }
120
- /* HLT. This has two purposes.
121
- * Architecturally, it is an external halting debug instruction.
122
- * Since QEMU doesn't implement external debug, we treat this as
123
- * it is required for halting debug disabled: it will UNDEF.
124
- * Secondly, "HLT 0xf000" is the A64 semihosting syscall instruction.
125
- */
126
- if (semihosting_enabled(s->current_el == 0) && imm16 == 0xf000) {
127
- gen_exception_internal_insn(s, EXCP_SEMIHOST);
128
- } else {
129
- unallocated_encoding(s);
130
- }
131
- break;
132
- case 5:
133
- if (op2_ll < 1 || op2_ll > 3) {
134
- unallocated_encoding(s);
135
- break;
136
- }
137
- /* DCPS1, DCPS2, DCPS3 */
138
- unallocated_encoding(s);
139
- break;
140
- default:
141
- unallocated_encoding(s);
142
- break;
143
+ /*
144
+ * For SVC, HVC and SMC we advance the single-step state
145
+ * machine before taking the exception. This is architecturally
146
+ * mandated, to ensure that single-stepping a system call
147
+ * instruction works properly.
148
+ */
149
+ uint32_t syndrome = syn_aa64_svc(a->imm);
150
+ if (s->fgt_svc) {
151
+ gen_exception_insn_el(s, 0, EXCP_UDEF, syndrome, 2);
152
+ return true;
153
}
154
+ gen_ss_advance(s);
155
+ gen_exception_insn(s, 4, EXCP_SWI, syndrome);
156
+ return true;
157
}
158
159
-/* Branches, exception generating and system instructions */
160
-static void disas_b_exc_sys(DisasContext *s, uint32_t insn)
161
+static bool trans_HVC(DisasContext *s, arg_i *a)
162
{
163
- switch (extract32(insn, 25, 7)) {
164
- case 0x6a: /* Exception generation / System */
165
- if (insn & (1 << 24)) {
166
- unallocated_encoding(s);
167
- } else {
168
- disas_exc(s, insn);
169
- }
170
- break;
171
- default:
172
+ if (s->current_el == 0) {
173
unallocated_encoding(s);
174
- break;
175
+ return true;
176
}
177
+ /*
178
+ * The pre HVC helper handles cases when HVC gets trapped
179
+ * as an undefined insn by runtime configuration.
180
+ */
181
+ gen_a64_update_pc(s, 0);
182
+ gen_helper_pre_hvc(cpu_env);
183
+ /* Architecture requires ss advance before we do the actual work */
184
+ gen_ss_advance(s);
185
+ gen_exception_insn_el(s, 4, EXCP_HVC, syn_aa64_hvc(a->imm), 2);
186
+ return true;
187
+}
188
+
189
+static bool trans_SMC(DisasContext *s, arg_i *a)
50
+{
190
+{
51
+ int64_t now = qemu_clock_get_ns(rtc_clock);
191
+ if (s->current_el == 0) {
52
+ return s->tick_offset + now / NANOSECONDS_PER_SECOND;
192
+ unallocated_encoding(s);
193
+ return true;
194
+ }
195
+ gen_a64_update_pc(s, 0);
196
+ gen_helper_pre_smc(cpu_env, tcg_constant_i32(syn_aa64_smc(a->imm)));
197
+ /* Architecture requires ss advance before we do the actual work */
198
+ gen_ss_advance(s);
199
+ gen_exception_insn_el(s, 4, EXCP_SMC, syn_aa64_smc(a->imm), 3);
200
+ return true;
53
+}
201
+}
54
+
202
+
55
+static uint64_t current_time_postr(RegisterInfo *reg, uint64_t val64)
203
+static bool trans_BRK(DisasContext *s, arg_i *a)
56
+{
204
+{
57
+ XlnxZynqMPRTC *s = XLNX_ZYNQMP_RTC(reg->opaque);
205
+ gen_exception_bkpt_insn(s, syn_aa64_bkpt(a->imm));
58
+
206
+ return true;
59
+ return rtc_get_count(s);
60
+}
207
+}
61
+
208
+
62
static void rtc_int_status_postw(RegisterInfo *reg, uint64_t val64)
209
+static bool trans_HLT(DisasContext *s, arg_i *a)
210
+{
211
+ /*
212
+ * HLT. This has two purposes.
213
+ * Architecturally, it is an external halting debug instruction.
214
+ * Since QEMU doesn't implement external debug, we treat this as
215
+ * it is required for halting debug disabled: it will UNDEF.
216
+ * Secondly, "HLT 0xf000" is the A64 semihosting syscall instruction.
217
+ */
218
+ if (semihosting_enabled(s->current_el == 0) && a->imm == 0xf000) {
219
+ gen_exception_internal_insn(s, EXCP_SEMIHOST);
220
+ } else {
221
+ unallocated_encoding(s);
222
+ }
223
+ return true;
224
}
225
226
/*
227
@@ -XXX,XX +XXX,XX @@ static bool btype_destination_ok(uint32_t insn, bool bt, int btype)
228
static void disas_a64_legacy(DisasContext *s, uint32_t insn)
63
{
229
{
64
XlnxZynqMPRTC *s = XLNX_ZYNQMP_RTC(reg->opaque);
230
switch (extract32(insn, 25, 4)) {
65
@@ -XXX,XX +XXX,XX @@ static uint64_t addr_error_int_dis_prew(RegisterInfo *reg, uint64_t val64)
231
- case 0xa: case 0xb: /* Branch, exception generation and system insns */
66
232
- disas_b_exc_sys(s, insn);
67
static const RegisterAccessInfo rtc_regs_info[] = {
233
- break;
68
{ .name = "SET_TIME_WRITE", .addr = A_SET_TIME_WRITE,
234
case 0x4:
69
+ .unimp = MAKE_64BIT_MASK(0, 32),
235
case 0x6:
70
},{ .name = "SET_TIME_READ", .addr = A_SET_TIME_READ,
236
case 0xc:
71
.ro = 0xffffffff,
72
+ .post_read = current_time_postr,
73
},{ .name = "CALIB_WRITE", .addr = A_CALIB_WRITE,
74
+ .unimp = MAKE_64BIT_MASK(0, 32),
75
},{ .name = "CALIB_READ", .addr = A_CALIB_READ,
76
.ro = 0x1fffff,
77
},{ .name = "CURRENT_TIME", .addr = A_CURRENT_TIME,
78
.ro = 0xffffffff,
79
+ .post_read = current_time_postr,
80
},{ .name = "CURRENT_TICK", .addr = A_CURRENT_TICK,
81
.ro = 0xffff,
82
},{ .name = "ALARM", .addr = A_ALARM,
83
@@ -XXX,XX +XXX,XX @@ static void rtc_init(Object *obj)
84
XlnxZynqMPRTC *s = XLNX_ZYNQMP_RTC(obj);
85
SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
86
RegisterInfoArray *reg_array;
87
+ struct tm current_tm;
88
89
memory_region_init(&s->iomem, obj, TYPE_XLNX_ZYNQMP_RTC,
90
XLNX_ZYNQMP_RTC_R_MAX * 4);
91
@@ -XXX,XX +XXX,XX @@ static void rtc_init(Object *obj)
92
sysbus_init_mmio(sbd, &s->iomem);
93
sysbus_init_irq(sbd, &s->irq_rtc_int);
94
sysbus_init_irq(sbd, &s->irq_addr_error_int);
95
+
96
+ qemu_get_timedate(&current_tm, 0);
97
+ s->tick_offset = mktimegm(&current_tm) -
98
+ qemu_clock_get_ns(rtc_clock) / NANOSECONDS_PER_SECOND;
99
+
100
+ trace_xlnx_zynqmp_rtc_gettime(current_tm.tm_year, current_tm.tm_mon,
101
+ current_tm.tm_mday, current_tm.tm_hour,
102
+ current_tm.tm_min, current_tm.tm_sec);
103
+}
104
+
105
+static int rtc_pre_save(void *opaque)
106
+{
107
+ XlnxZynqMPRTC *s = opaque;
108
+ int64_t now = qemu_clock_get_ns(rtc_clock) / NANOSECONDS_PER_SECOND;
109
+
110
+ /* Add the time at migration */
111
+ s->tick_offset = s->tick_offset + now;
112
+
113
+ return 0;
114
+}
115
+
116
+static int rtc_post_load(void *opaque, int version_id)
117
+{
118
+ XlnxZynqMPRTC *s = opaque;
119
+ int64_t now = qemu_clock_get_ns(rtc_clock) / NANOSECONDS_PER_SECOND;
120
+
121
+ /* Subtract the time after migration. This combined with the pre_save
122
+ * action results in us having subtracted the time that the guest was
123
+ * stopped to the offset.
124
+ */
125
+ s->tick_offset = s->tick_offset - now;
126
+
127
+ return 0;
128
}
129
130
static const VMStateDescription vmstate_rtc = {
131
.name = TYPE_XLNX_ZYNQMP_RTC,
132
.version_id = 1,
133
.minimum_version_id = 1,
134
+ .pre_save = rtc_pre_save,
135
+ .post_load = rtc_post_load,
136
.fields = (VMStateField[]) {
137
VMSTATE_UINT32_ARRAY(regs, XlnxZynqMPRTC, XLNX_ZYNQMP_RTC_R_MAX),
138
+ VMSTATE_UINT32(tick_offset, XlnxZynqMPRTC),
139
VMSTATE_END_OF_LIST(),
140
}
141
};
142
diff --git a/hw/timer/trace-events b/hw/timer/trace-events
143
index XXXXXXX..XXXXXXX 100644
144
--- a/hw/timer/trace-events
145
+++ b/hw/timer/trace-events
146
@@ -XXX,XX +XXX,XX @@ systick_write(uint64_t addr, uint32_t value, unsigned size) "systick write addr
147
cmsdk_apb_timer_read(uint64_t offset, uint64_t data, unsigned size) "CMSDK APB timer read: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"
148
cmsdk_apb_timer_write(uint64_t offset, uint64_t data, unsigned size) "CMSDK APB timer write: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"
149
cmsdk_apb_timer_reset(void) "CMSDK APB timer: reset"
150
+
151
+# hw/timer/xlnx-zynqmp-rtc.c
152
+xlnx_zynqmp_rtc_gettime(int year, int month, int day, int hour, int min, int sec) "Get time from host: %d-%d-%d %2d:%02d:%02d"
153
--
237
--
154
2.16.2
238
2.34.1
155
156
diff view generated by jsdifflib
1
In v8M, the Implementation Defined Attribution Unit (IDAU) is
1
Convert the instructions in the load/store exclusive (STXR,
2
a small piece of hardware typically implemented in the SoC
2
STLXR, LDXR, LDAXR) and load/store ordered (STLR, STLLR,
3
which provides board or SoC specific security attribution
3
LDAR, LDLAR) to decodetree.
4
information for each address that the CPU performs MPU/SAU
4
5
checks on. For QEMU, we model this with a QOM interface which
5
Note that for STLR, STLLR, LDAR, LDLAR this fixes an under-decoding
6
is implemented by the board or SoC object and connected to
6
in the legacy decoder where we were not checking that the RES1 bits
7
the CPU using a link property.
7
in the Rs and Rt2 fields were set.
8
8
9
This commit defines the new interface class, adds the link
9
The new function ldst_iss_sf() is equivalent to the existing
10
property to the CPU object, and makes the SAU checking
10
disas_ldst_compute_iss_sf(), but it takes the pre-decoded 'ext' field
11
code call the IDAU interface if one is present.
11
rather than taking an undecoded two-bit opc field and extracting
12
'ext' from it. Once all the loads and stores have been converted
13
to decodetree disas_ldst_compute_iss_sf() will be unused and
14
can be deleted.
12
15
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
15
Message-id: 20180220180325.29818-5-peter.maydell@linaro.org
18
Message-id: 20230602155223.2040685-9-peter.maydell@linaro.org
16
---
19
---
17
target/arm/cpu.h | 3 +++
20
target/arm/tcg/a64.decode | 11 +++
18
target/arm/idau.h | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++
21
target/arm/tcg/translate-a64.c | 154 ++++++++++++++++++++-------------
19
target/arm/cpu.c | 15 +++++++++++++
22
2 files changed, 103 insertions(+), 62 deletions(-)
20
target/arm/helper.c | 28 +++++++++++++++++++++---
23
21
4 files changed, 104 insertions(+), 3 deletions(-)
24
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
22
create mode 100644 target/arm/idau.h
23
24
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
25
index XXXXXXX..XXXXXXX 100644
25
index XXXXXXX..XXXXXXX 100644
26
--- a/target/arm/cpu.h
26
--- a/target/arm/tcg/a64.decode
27
+++ b/target/arm/cpu.h
27
+++ b/target/arm/tcg/a64.decode
28
@@ -XXX,XX +XXX,XX @@ struct ARMCPU {
28
@@ -XXX,XX +XXX,XX @@ HLT 1101 0100 010 ................ 000 00 @i16
29
/* MemoryRegion to use for secure physical accesses */
29
# DCPS1 1101 0100 101 ................ 000 01 @i16
30
MemoryRegion *secure_memory;
30
# DCPS2 1101 0100 101 ................ 000 10 @i16
31
31
# DCPS3 1101 0100 101 ................ 000 11 @i16
32
+ /* For v8M, pointer to the IDAU interface provided by board/SoC */
32
+
33
+ Object *idau;
33
+# Loads and stores
34
+
34
+
35
/* 'compatible' string for this CPU for Linux device trees */
35
+&stxr rn rt rt2 rs sz lasr
36
const char *dtb_compatible;
36
+&stlr rn rt sz lasr
37
37
+@stxr sz:2 ...... ... rs:5 lasr:1 rt2:5 rn:5 rt:5 &stxr
38
diff --git a/target/arm/idau.h b/target/arm/idau.h
38
+@stlr sz:2 ...... ... ..... lasr:1 ..... rn:5 rt:5 &stlr
39
new file mode 100644
39
+STXR .. 001000 000 ..... . ..... ..... ..... @stxr # inc STLXR
40
index XXXXXXX..XXXXXXX
40
+LDXR .. 001000 010 ..... . ..... ..... ..... @stxr # inc LDAXR
41
--- /dev/null
41
+STLR .. 001000 100 11111 . 11111 ..... ..... @stlr # inc STLLR
42
+++ b/target/arm/idau.h
42
+LDAR .. 001000 110 11111 . 11111 ..... ..... @stlr # inc LDLAR
43
@@ -XXX,XX +XXX,XX @@
43
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
44
+/*
44
index XXXXXXX..XXXXXXX 100644
45
+ * QEMU ARM CPU -- interface for the Arm v8M IDAU
45
--- a/target/arm/tcg/translate-a64.c
46
+ *
46
+++ b/target/arm/tcg/translate-a64.c
47
+ * Copyright (c) 2018 Linaro Ltd
47
@@ -XXX,XX +XXX,XX @@ static bool disas_ldst_compute_iss_sf(int size, bool is_signed, int opc)
48
+ *
48
return regsize == 64;
49
+ * This program is free software; you can redistribute it and/or
49
}
50
+ * modify it under the terms of the GNU General Public License
50
51
+ * as published by the Free Software Foundation; either version 2
51
+static bool ldst_iss_sf(int size, bool sign, bool ext)
52
+ * of the License, or (at your option) any later version.
52
+{
53
+ *
53
+
54
+ * This program is distributed in the hope that it will be useful,
54
+ if (sign) {
55
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
55
+ /*
56
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
56
+ * Signed loads are 64 bit results if we are not going to
57
+ * GNU General Public License for more details.
57
+ * do a zero-extend from 32 to 64 after the load.
58
+ *
58
+ * (For a store, sign and ext are always false.)
59
+ * You should have received a copy of the GNU General Public License
59
+ */
60
+ * along with this program; if not, see
60
+ return !ext;
61
+ * <http://www.gnu.org/licenses/gpl-2.0.html>
61
+ } else {
62
+ *
62
+ /* Unsigned loads/stores work at the specified size */
63
+ * In the v8M architecture, the IDAU is a small piece of hardware
63
+ return size == MO_64;
64
+ * typically implemented in the SoC which provides board or SoC
64
+ }
65
+ * specific security attribution information for each address that
65
+}
66
+ * the CPU performs MPU/SAU checks on. For QEMU, we model this with a
66
+
67
+ * QOM interface which is implemented by the board or SoC object and
67
+static bool trans_STXR(DisasContext *s, arg_stxr *a)
68
+ * connected to the CPU using a link property.
68
+{
69
+ */
69
+ if (a->rn == 31) {
70
+
70
+ gen_check_sp_alignment(s);
71
+#ifndef TARGET_ARM_IDAU_H
71
+ }
72
+#define TARGET_ARM_IDAU_H
72
+ if (a->lasr) {
73
+
73
+ tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
74
+#include "qom/object.h"
74
+ }
75
+
75
+ gen_store_exclusive(s, a->rs, a->rt, a->rt2, a->rn, a->sz, false);
76
+#define TYPE_IDAU_INTERFACE "idau-interface"
76
+ return true;
77
+#define IDAU_INTERFACE(obj) \
77
+}
78
+ INTERFACE_CHECK(IDAUInterface, (obj), TYPE_IDAU_INTERFACE)
78
+
79
+#define IDAU_INTERFACE_CLASS(class) \
79
+static bool trans_LDXR(DisasContext *s, arg_stxr *a)
80
+ OBJECT_CLASS_CHECK(IDAUInterfaceClass, (class), TYPE_IDAU_INTERFACE)
80
+{
81
+#define IDAU_INTERFACE_GET_CLASS(obj) \
81
+ if (a->rn == 31) {
82
+ OBJECT_GET_CLASS(IDAUInterfaceClass, (obj), TYPE_IDAU_INTERFACE)
82
+ gen_check_sp_alignment(s);
83
+
83
+ }
84
+typedef struct IDAUInterface {
84
+ gen_load_exclusive(s, a->rt, a->rt2, a->rn, a->sz, false);
85
+ Object parent;
85
+ if (a->lasr) {
86
+} IDAUInterface;
86
+ tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
87
+
87
+ }
88
+#define IREGION_NOTVALID -1
88
+ return true;
89
+
89
+}
90
+typedef struct IDAUInterfaceClass {
90
+
91
+ InterfaceClass parent;
91
+static bool trans_STLR(DisasContext *s, arg_stlr *a)
92
+
92
+{
93
+ /* Check the specified address and return the IDAU security information
93
+ TCGv_i64 clean_addr;
94
+ * for it by filling in iregion, exempt, ns and nsc:
94
+ MemOp memop;
95
+ * iregion: IDAU region number, or IREGION_NOTVALID if not valid
95
+ bool iss_sf = ldst_iss_sf(a->sz, false, false);
96
+ * exempt: true if address is exempt from security attribution
96
+
97
+ * ns: true if the address is NonSecure
97
+ /*
98
+ * nsc: true if the address is NonSecure-callable
98
+ * StoreLORelease is the same as Store-Release for QEMU, but
99
+ * needs the feature-test.
99
+ */
100
+ */
100
+ void (*check)(IDAUInterface *ii, uint32_t address, int *iregion,
101
+ if (!a->lasr && !dc_isar_feature(aa64_lor, s)) {
101
+ bool *exempt, bool *ns, bool *nsc);
102
+ return false;
102
+} IDAUInterfaceClass;
103
+ }
103
+
104
+ /* Generate ISS for non-exclusive accesses including LASR. */
104
+#endif
105
+ if (a->rn == 31) {
105
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
106
+ gen_check_sp_alignment(s);
106
index XXXXXXX..XXXXXXX 100644
107
+ }
107
--- a/target/arm/cpu.c
108
+ tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
108
+++ b/target/arm/cpu.c
109
+ memop = check_ordered_align(s, a->rn, 0, true, a->sz);
109
@@ -XXX,XX +XXX,XX @@
110
+ clean_addr = gen_mte_check1(s, cpu_reg_sp(s, a->rn),
110
*/
111
+ true, a->rn != 31, memop);
111
112
+ do_gpr_st(s, cpu_reg(s, a->rt), clean_addr, memop, true, a->rt,
112
#include "qemu/osdep.h"
113
+ iss_sf, a->lasr);
113
+#include "target/arm/idau.h"
114
+ return true;
114
#include "qemu/error-report.h"
115
+}
115
#include "qapi/error.h"
116
+
116
#include "cpu.h"
117
+static bool trans_LDAR(DisasContext *s, arg_stlr *a)
117
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_post_init(Object *obj)
118
+{
119
+ TCGv_i64 clean_addr;
120
+ MemOp memop;
121
+ bool iss_sf = ldst_iss_sf(a->sz, false, false);
122
+
123
+ /* LoadLOAcquire is the same as Load-Acquire for QEMU. */
124
+ if (!a->lasr && !dc_isar_feature(aa64_lor, s)) {
125
+ return false;
126
+ }
127
+ /* Generate ISS for non-exclusive accesses including LASR. */
128
+ if (a->rn == 31) {
129
+ gen_check_sp_alignment(s);
130
+ }
131
+ memop = check_ordered_align(s, a->rn, 0, false, a->sz);
132
+ clean_addr = gen_mte_check1(s, cpu_reg_sp(s, a->rn),
133
+ false, a->rn != 31, memop);
134
+ do_gpr_ld(s, cpu_reg(s, a->rt), clean_addr, memop, false, true,
135
+ a->rt, iss_sf, a->lasr);
136
+ tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
137
+ return true;
138
+}
139
+
140
/* Load/store exclusive
141
*
142
* 31 30 29 24 23 22 21 20 16 15 14 10 9 5 4 0
143
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
144
int is_lasr = extract32(insn, 15, 1);
145
int o2_L_o1_o0 = extract32(insn, 21, 3) * 2 | is_lasr;
146
int size = extract32(insn, 30, 2);
147
- TCGv_i64 clean_addr;
148
- MemOp memop;
149
150
switch (o2_L_o1_o0) {
151
- case 0x0: /* STXR */
152
- case 0x1: /* STLXR */
153
- if (rn == 31) {
154
- gen_check_sp_alignment(s);
155
- }
156
- if (is_lasr) {
157
- tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
158
- }
159
- gen_store_exclusive(s, rs, rt, rt2, rn, size, false);
160
- return;
161
-
162
- case 0x4: /* LDXR */
163
- case 0x5: /* LDAXR */
164
- if (rn == 31) {
165
- gen_check_sp_alignment(s);
166
- }
167
- gen_load_exclusive(s, rt, rt2, rn, size, false);
168
- if (is_lasr) {
169
- tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
170
- }
171
- return;
172
-
173
- case 0x8: /* STLLR */
174
- if (!dc_isar_feature(aa64_lor, s)) {
175
- break;
176
- }
177
- /* StoreLORelease is the same as Store-Release for QEMU. */
178
- /* fall through */
179
- case 0x9: /* STLR */
180
- /* Generate ISS for non-exclusive accesses including LASR. */
181
- if (rn == 31) {
182
- gen_check_sp_alignment(s);
183
- }
184
- tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
185
- memop = check_ordered_align(s, rn, 0, true, size);
186
- clean_addr = gen_mte_check1(s, cpu_reg_sp(s, rn),
187
- true, rn != 31, memop);
188
- do_gpr_st(s, cpu_reg(s, rt), clean_addr, memop, true, rt,
189
- disas_ldst_compute_iss_sf(size, false, 0), is_lasr);
190
- return;
191
-
192
- case 0xc: /* LDLAR */
193
- if (!dc_isar_feature(aa64_lor, s)) {
194
- break;
195
- }
196
- /* LoadLOAcquire is the same as Load-Acquire for QEMU. */
197
- /* fall through */
198
- case 0xd: /* LDAR */
199
- /* Generate ISS for non-exclusive accesses including LASR. */
200
- if (rn == 31) {
201
- gen_check_sp_alignment(s);
202
- }
203
- memop = check_ordered_align(s, rn, 0, false, size);
204
- clean_addr = gen_mte_check1(s, cpu_reg_sp(s, rn),
205
- false, rn != 31, memop);
206
- do_gpr_ld(s, cpu_reg(s, rt), clean_addr, memop, false, true,
207
- rt, disas_ldst_compute_iss_sf(size, false, 0), is_lasr);
208
- tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
209
- return;
210
-
211
case 0x2: case 0x3: /* CASP / STXP */
212
if (size & 2) { /* STXP / STLXP */
213
if (rn == 31) {
214
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
215
return;
118
}
216
}
217
break;
218
+ default:
219
+ /* Handled in decodetree */
220
+ break;
119
}
221
}
120
222
unallocated_encoding(s);
121
+ if (arm_feature(&cpu->env, ARM_FEATURE_M_SECURITY)) {
122
+ object_property_add_link(obj, "idau", TYPE_IDAU_INTERFACE, &cpu->idau,
123
+ qdev_prop_allow_set_link_before_realize,
124
+ OBJ_PROP_LINK_UNREF_ON_RELEASE,
125
+ &error_abort);
126
+ }
127
+
128
qdev_property_add_static(DEVICE(obj), &arm_cpu_cfgend_property,
129
&error_abort);
130
}
131
@@ -XXX,XX +XXX,XX @@ static const TypeInfo arm_cpu_type_info = {
132
.class_init = arm_cpu_class_init,
133
};
134
135
+static const TypeInfo idau_interface_type_info = {
136
+ .name = TYPE_IDAU_INTERFACE,
137
+ .parent = TYPE_INTERFACE,
138
+ .class_size = sizeof(IDAUInterfaceClass),
139
+};
140
+
141
static void arm_cpu_register_types(void)
142
{
143
const ARMCPUInfo *info = arm_cpus;
144
145
type_register_static(&arm_cpu_type_info);
146
+ type_register_static(&idau_interface_type_info);
147
148
while (info->name) {
149
cpu_register(info);
150
diff --git a/target/arm/helper.c b/target/arm/helper.c
151
index XXXXXXX..XXXXXXX 100644
152
--- a/target/arm/helper.c
153
+++ b/target/arm/helper.c
154
@@ -XXX,XX +XXX,XX @@
155
#include "qemu/osdep.h"
156
+#include "target/arm/idau.h"
157
#include "trace.h"
158
#include "cpu.h"
159
#include "internals.h"
160
@@ -XXX,XX +XXX,XX @@ static void v8m_security_lookup(CPUARMState *env, uint32_t address,
161
*/
162
ARMCPU *cpu = arm_env_get_cpu(env);
163
int r;
164
+ bool idau_exempt = false, idau_ns = true, idau_nsc = true;
165
+ int idau_region = IREGION_NOTVALID;
166
167
- /* TODO: implement IDAU */
168
+ if (cpu->idau) {
169
+ IDAUInterfaceClass *iic = IDAU_INTERFACE_GET_CLASS(cpu->idau);
170
+ IDAUInterface *ii = IDAU_INTERFACE(cpu->idau);
171
+
172
+ iic->check(ii, address, &idau_region, &idau_exempt, &idau_ns,
173
+ &idau_nsc);
174
+ }
175
176
if (access_type == MMU_INST_FETCH && extract32(address, 28, 4) == 0xf) {
177
/* 0xf0000000..0xffffffff is always S for insn fetches */
178
return;
179
}
180
181
- if (v8m_is_sau_exempt(env, address, access_type)) {
182
+ if (idau_exempt || v8m_is_sau_exempt(env, address, access_type)) {
183
sattrs->ns = !regime_is_secure(env, mmu_idx);
184
return;
185
}
186
187
+ if (idau_region != IREGION_NOTVALID) {
188
+ sattrs->irvalid = true;
189
+ sattrs->iregion = idau_region;
190
+ }
191
+
192
switch (env->sau.ctrl & 3) {
193
case 0: /* SAU.ENABLE == 0, SAU.ALLNS == 0 */
194
break;
195
@@ -XXX,XX +XXX,XX @@ static void v8m_security_lookup(CPUARMState *env, uint32_t address,
196
}
197
}
198
199
- /* TODO when we support the IDAU then it may override the result here */
200
+ /* The IDAU will override the SAU lookup results if it specifies
201
+ * higher security than the SAU does.
202
+ */
203
+ if (!idau_ns) {
204
+ if (sattrs->ns || (!idau_nsc && sattrs->nsc)) {
205
+ sattrs->ns = false;
206
+ sattrs->nsc = idau_nsc;
207
+ }
208
+ }
209
break;
210
}
211
}
223
}
212
--
224
--
213
2.16.2
225
2.34.1
214
215
diff view generated by jsdifflib
1
Add a model of the TrustZone peripheral protection controller (PPC),
1
Convert the load/store exclusive pair (LDXP, STXP, LDAXP, STLXP),
2
which is used to gate transactions to non-TZ-aware peripherals so
2
compare-and-swap pair (CASP, CASPA, CASPAL, CASPL), and compare-and
3
that secure software can configure them to not be accessible to
3
swap (CAS, CASA, CASAL, CASL) instructions to decodetree.
4
non-secure software.
5
4
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20180220180325.29818-15-peter.maydell@linaro.org
7
Message-id: 20230602155223.2040685-10-peter.maydell@linaro.org
9
---
8
---
10
hw/misc/Makefile.objs | 2 +
9
target/arm/tcg/a64.decode | 11 +++
11
include/hw/misc/tz-ppc.h | 101 ++++++++++++++
10
target/arm/tcg/translate-a64.c | 121 ++++++++++++---------------------
12
hw/misc/tz-ppc.c | 302 ++++++++++++++++++++++++++++++++++++++++
11
2 files changed, 53 insertions(+), 79 deletions(-)
13
default-configs/arm-softmmu.mak | 2 +
14
hw/misc/trace-events | 11 ++
15
5 files changed, 418 insertions(+)
16
create mode 100644 include/hw/misc/tz-ppc.h
17
create mode 100644 hw/misc/tz-ppc.c
18
12
19
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
13
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
20
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
21
--- a/hw/misc/Makefile.objs
15
--- a/target/arm/tcg/a64.decode
22
+++ b/hw/misc/Makefile.objs
16
+++ b/target/arm/tcg/a64.decode
23
@@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_MIPS_ITU) += mips_itu.o
17
@@ -XXX,XX +XXX,XX @@ HLT 1101 0100 010 ................ 000 00 @i16
24
obj-$(CONFIG_MPS2_FPGAIO) += mps2-fpgaio.o
18
&stlr rn rt sz lasr
25
obj-$(CONFIG_MPS2_SCC) += mps2-scc.o
19
@stxr sz:2 ...... ... rs:5 lasr:1 rt2:5 rn:5 rt:5 &stxr
26
20
@stlr sz:2 ...... ... ..... lasr:1 ..... rn:5 rt:5 &stlr
27
+obj-$(CONFIG_TZ_PPC) += tz-ppc.o
21
+%imm1_30_p2 30:1 !function=plus_2
22
+@stxp .. ...... ... rs:5 lasr:1 rt2:5 rn:5 rt:5 &stxr sz=%imm1_30_p2
23
STXR .. 001000 000 ..... . ..... ..... ..... @stxr # inc STLXR
24
LDXR .. 001000 010 ..... . ..... ..... ..... @stxr # inc LDAXR
25
STLR .. 001000 100 11111 . 11111 ..... ..... @stlr # inc STLLR
26
LDAR .. 001000 110 11111 . 11111 ..... ..... @stlr # inc LDLAR
28
+
27
+
29
obj-$(CONFIG_PVPANIC) += pvpanic.o
28
+STXP 1 . 001000 001 ..... . ..... ..... ..... @stxp # inc STLXP
30
obj-$(CONFIG_HYPERV_TESTDEV) += hyperv_testdev.o
29
+LDXP 1 . 001000 011 ..... . ..... ..... ..... @stxp # inc LDAXP
31
obj-$(CONFIG_AUX) += auxbus.o
32
diff --git a/include/hw/misc/tz-ppc.h b/include/hw/misc/tz-ppc.h
33
new file mode 100644
34
index XXXXXXX..XXXXXXX
35
--- /dev/null
36
+++ b/include/hw/misc/tz-ppc.h
37
@@ -XXX,XX +XXX,XX @@
38
+/*
39
+ * ARM TrustZone peripheral protection controller emulation
40
+ *
41
+ * Copyright (c) 2018 Linaro Limited
42
+ * Written by Peter Maydell
43
+ *
44
+ * This program is free software; you can redistribute it and/or modify
45
+ * it under the terms of the GNU General Public License version 2 or
46
+ * (at your option) any later version.
47
+ */
48
+
30
+
49
+/* This is a model of the TrustZone peripheral protection controller (PPC).
31
+# CASP, CASPA, CASPAL, CASPL (we don't decode the bits that determine
50
+ * It is documented in the ARM CoreLink SIE-200 System IP for Embedded TRM
32
+# acquire/release semantics because QEMU's cmpxchg always has those)
51
+ * (DDI 0571G):
33
+CASP 0 . 001000 0 - 1 rs:5 - 11111 rn:5 rt:5 sz=%imm1_30_p2
52
+ * https://developer.arm.com/products/architecture/m-profile/docs/ddi0571/g
34
+# CAS, CASA, CASAL, CASL
53
+ *
35
+CAS sz:2 001000 1 - 1 rs:5 - 11111 rn:5 rt:5
54
+ * The PPC sits in front of peripherals and allows secure software to
36
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
55
+ * configure it to either pass through or reject transactions.
37
index XXXXXXX..XXXXXXX 100644
56
+ * Rejected transactions may be configured to either be aborted, or to
38
--- a/target/arm/tcg/translate-a64.c
57
+ * behave as RAZ/WI. An interrupt can be signalled for a rejected transaction.
39
+++ b/target/arm/tcg/translate-a64.c
58
+ *
40
@@ -XXX,XX +XXX,XX @@ static bool trans_LDAR(DisasContext *s, arg_stlr *a)
59
+ * The PPC has no register interface -- it is configured purely by a
41
return true;
60
+ * collection of input signals from other hardware in the system. Typically
42
}
61
+ * they are either hardwired or exposed in an ad-hoc register interface by
43
62
+ * the SoC that uses the PPC.
44
-/* Load/store exclusive
63
+ *
45
- *
64
+ * This QEMU model can be used to model either the AHB5 or APB4 TZ PPC,
46
- * 31 30 29 24 23 22 21 20 16 15 14 10 9 5 4 0
65
+ * since the only difference between them is that the AHB version has a
47
- * +-----+-------------+----+---+----+------+----+-------+------+------+
66
+ * "default" port which has no security checks applied. In QEMU the default
48
- * | sz | 0 0 1 0 0 0 | o2 | L | o1 | Rs | o0 | Rt2 | Rn | Rt |
67
+ * port can be emulated simply by wiring its downstream devices directly
49
- * +-----+-------------+----+---+----+------+----+-------+------+------+
68
+ * into the parent address space, since the PPC does not need to intercept
50
- *
69
+ * transactions there.
51
- * sz: 00 -> 8 bit, 01 -> 16 bit, 10 -> 32 bit, 11 -> 64 bit
70
+ *
52
- * L: 0 -> store, 1 -> load
71
+ * In the hardware, selection of which downstream port to use is done by
53
- * o2: 0 -> exclusive, 1 -> not
72
+ * the user's decode logic asserting one of the hsel[] signals. In QEMU,
54
- * o1: 0 -> single register, 1 -> register pair
73
+ * we provide 16 MMIO regions, one per port, and the user maps these into
55
- * o0: 1 -> load-acquire/store-release, 0 -> not
74
+ * the desired addresses to implement the address decode.
56
- */
75
+ *
57
-static void disas_ldst_excl(DisasContext *s, uint32_t insn)
76
+ * QEMU interface:
58
+static bool trans_STXP(DisasContext *s, arg_stxr *a)
77
+ * + sysbus MMIO regions 0..15: MemoryRegions defining the upstream end
59
{
78
+ * of each of the 16 ports of the PPC
60
- int rt = extract32(insn, 0, 5);
79
+ * + Property "port[0..15]": MemoryRegion defining the downstream device(s)
61
- int rn = extract32(insn, 5, 5);
80
+ * for each of the 16 ports of the PPC
62
- int rt2 = extract32(insn, 10, 5);
81
+ * + Named GPIO inputs "cfg_nonsec[0..15]": set to 1 if the port should be
63
- int rs = extract32(insn, 16, 5);
82
+ * accessible to NonSecure transactions
64
- int is_lasr = extract32(insn, 15, 1);
83
+ * + Named GPIO inputs "cfg_ap[0..15]": set to 1 if the port should be
65
- int o2_L_o1_o0 = extract32(insn, 21, 3) * 2 | is_lasr;
84
+ * accessible to non-privileged transactions
66
- int size = extract32(insn, 30, 2);
85
+ * + Named GPIO input "cfg_sec_resp": set to 1 if a rejected transaction should
67
-
86
+ * result in a transaction error, or 0 for the transaction to RAZ/WI
68
- switch (o2_L_o1_o0) {
87
+ * + Named GPIO input "irq_enable": set to 1 to enable interrupts
69
- case 0x2: case 0x3: /* CASP / STXP */
88
+ * + Named GPIO input "irq_clear": set to 1 to clear a pending interrupt
70
- if (size & 2) { /* STXP / STLXP */
89
+ * + Named GPIO output "irq": set for a transaction-failed interrupt
71
- if (rn == 31) {
90
+ * + Property "NONSEC_MASK": if a bit is set in this mask then accesses to
72
- gen_check_sp_alignment(s);
91
+ * the associated port do not have the TZ security check performed. (This
73
- }
92
+ * corresponds to the hardware allowing this to be set as a Verilog
74
- if (is_lasr) {
93
+ * parameter.)
75
- tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
94
+ */
76
- }
95
+
77
- gen_store_exclusive(s, rs, rt, rt2, rn, size, true);
96
+#ifndef TZ_PPC_H
78
- return;
97
+#define TZ_PPC_H
79
- }
98
+
80
- if (rt2 == 31
99
+#include "hw/sysbus.h"
81
- && ((rt | rs) & 1) == 0
100
+
82
- && dc_isar_feature(aa64_atomics, s)) {
101
+#define TYPE_TZ_PPC "tz-ppc"
83
- /* CASP / CASPL */
102
+#define TZ_PPC(obj) OBJECT_CHECK(TZPPC, (obj), TYPE_TZ_PPC)
84
- gen_compare_and_swap_pair(s, rs, rt, rn, size | 2);
103
+
85
- return;
104
+#define TZ_NUM_PORTS 16
86
- }
105
+
87
- break;
106
+typedef struct TZPPC TZPPC;
88
-
107
+
89
- case 0x6: case 0x7: /* CASPA / LDXP */
108
+typedef struct TZPPCPort {
90
- if (size & 2) { /* LDXP / LDAXP */
109
+ TZPPC *ppc;
91
- if (rn == 31) {
110
+ MemoryRegion upstream;
92
- gen_check_sp_alignment(s);
111
+ AddressSpace downstream_as;
93
- }
112
+ MemoryRegion *downstream;
94
- gen_load_exclusive(s, rt, rt2, rn, size, true);
113
+} TZPPCPort;
95
- if (is_lasr) {
114
+
96
- tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
115
+struct TZPPC {
97
- }
116
+ /*< private >*/
98
- return;
117
+ SysBusDevice parent_obj;
99
- }
118
+
100
- if (rt2 == 31
119
+ /*< public >*/
101
- && ((rt | rs) & 1) == 0
120
+
102
- && dc_isar_feature(aa64_atomics, s)) {
121
+ /* State: these just track the values of our input signals */
103
- /* CASPA / CASPAL */
122
+ bool cfg_nonsec[TZ_NUM_PORTS];
104
- gen_compare_and_swap_pair(s, rs, rt, rn, size | 2);
123
+ bool cfg_ap[TZ_NUM_PORTS];
105
- return;
124
+ bool cfg_sec_resp;
106
- }
125
+ bool irq_enable;
107
- break;
126
+ bool irq_clear;
108
-
127
+ /* State: are we asserting irq ? */
109
- case 0xa: /* CAS */
128
+ bool irq_status;
110
- case 0xb: /* CASL */
129
+
111
- case 0xe: /* CASA */
130
+ qemu_irq irq;
112
- case 0xf: /* CASAL */
131
+
113
- if (rt2 == 31 && dc_isar_feature(aa64_atomics, s)) {
132
+ /* Properties */
114
- gen_compare_and_swap(s, rs, rt, rn, size);
133
+ uint32_t nonsec_mask;
115
- return;
134
+
116
- }
135
+ TZPPCPort port[TZ_NUM_PORTS];
117
- break;
136
+};
118
- default:
137
+
119
- /* Handled in decodetree */
138
+#endif
120
- break;
139
diff --git a/hw/misc/tz-ppc.c b/hw/misc/tz-ppc.c
121
+ if (a->rn == 31) {
140
new file mode 100644
122
+ gen_check_sp_alignment(s);
141
index XXXXXXX..XXXXXXX
123
}
142
--- /dev/null
124
- unallocated_encoding(s);
143
+++ b/hw/misc/tz-ppc.c
125
+ if (a->lasr) {
144
@@ -XXX,XX +XXX,XX @@
126
+ tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
145
+/*
127
+ }
146
+ * ARM TrustZone peripheral protection controller emulation
128
+ gen_store_exclusive(s, a->rs, a->rt, a->rt2, a->rn, a->sz, true);
147
+ *
129
+ return true;
148
+ * Copyright (c) 2018 Linaro Limited
149
+ * Written by Peter Maydell
150
+ *
151
+ * This program is free software; you can redistribute it and/or modify
152
+ * it under the terms of the GNU General Public License version 2 or
153
+ * (at your option) any later version.
154
+ */
155
+
156
+#include "qemu/osdep.h"
157
+#include "qemu/log.h"
158
+#include "qapi/error.h"
159
+#include "trace.h"
160
+#include "hw/sysbus.h"
161
+#include "hw/registerfields.h"
162
+#include "hw/misc/tz-ppc.h"
163
+
164
+static void tz_ppc_update_irq(TZPPC *s)
165
+{
166
+ bool level = s->irq_status && s->irq_enable;
167
+
168
+ trace_tz_ppc_update_irq(level);
169
+ qemu_set_irq(s->irq, level);
170
+}
130
+}
171
+
131
+
172
+static void tz_ppc_cfg_nonsec(void *opaque, int n, int level)
132
+static bool trans_LDXP(DisasContext *s, arg_stxr *a)
173
+{
133
+{
174
+ TZPPC *s = TZ_PPC(opaque);
134
+ if (a->rn == 31) {
175
+
135
+ gen_check_sp_alignment(s);
176
+ assert(n < TZ_NUM_PORTS);
177
+ trace_tz_ppc_cfg_nonsec(n, level);
178
+ s->cfg_nonsec[n] = level;
179
+}
180
+
181
+static void tz_ppc_cfg_ap(void *opaque, int n, int level)
182
+{
183
+ TZPPC *s = TZ_PPC(opaque);
184
+
185
+ assert(n < TZ_NUM_PORTS);
186
+ trace_tz_ppc_cfg_ap(n, level);
187
+ s->cfg_ap[n] = level;
188
+}
189
+
190
+static void tz_ppc_cfg_sec_resp(void *opaque, int n, int level)
191
+{
192
+ TZPPC *s = TZ_PPC(opaque);
193
+
194
+ trace_tz_ppc_cfg_sec_resp(level);
195
+ s->cfg_sec_resp = level;
196
+}
197
+
198
+static void tz_ppc_irq_enable(void *opaque, int n, int level)
199
+{
200
+ TZPPC *s = TZ_PPC(opaque);
201
+
202
+ trace_tz_ppc_irq_enable(level);
203
+ s->irq_enable = level;
204
+ tz_ppc_update_irq(s);
205
+}
206
+
207
+static void tz_ppc_irq_clear(void *opaque, int n, int level)
208
+{
209
+ TZPPC *s = TZ_PPC(opaque);
210
+
211
+ trace_tz_ppc_irq_clear(level);
212
+
213
+ s->irq_clear = level;
214
+ if (level) {
215
+ s->irq_status = false;
216
+ tz_ppc_update_irq(s);
217
+ }
136
+ }
218
+}
137
+ gen_load_exclusive(s, a->rt, a->rt2, a->rn, a->sz, true);
219
+
138
+ if (a->lasr) {
220
+static bool tz_ppc_check(TZPPC *s, int n, MemTxAttrs attrs)
139
+ tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
221
+{
222
+ /* Check whether to allow an access to port n; return true if
223
+ * the check passes, and false if the transaction must be blocked.
224
+ * If the latter, the caller must check cfg_sec_resp to determine
225
+ * whether to abort or RAZ/WI the transaction.
226
+ * The checks are:
227
+ * + nonsec_mask suppresses any check of the secure attribute
228
+ * + otherwise, block if cfg_nonsec is 1 and transaction is secure,
229
+ * or if cfg_nonsec is 0 and transaction is non-secure
230
+ * + block if transaction is usermode and cfg_ap is 0
231
+ */
232
+ if ((attrs.secure == s->cfg_nonsec[n] && !(s->nonsec_mask & (1 << n))) ||
233
+ (attrs.user && !s->cfg_ap[n])) {
234
+ /* Block the transaction. */
235
+ if (!s->irq_clear) {
236
+ /* Note that holding irq_clear high suppresses interrupts */
237
+ s->irq_status = true;
238
+ tz_ppc_update_irq(s);
239
+ }
240
+ return false;
241
+ }
140
+ }
242
+ return true;
141
+ return true;
243
+}
142
+}
244
+
143
+
245
+static MemTxResult tz_ppc_read(void *opaque, hwaddr addr, uint64_t *pdata,
144
+static bool trans_CASP(DisasContext *s, arg_CASP *a)
246
+ unsigned size, MemTxAttrs attrs)
247
+{
145
+{
248
+ TZPPCPort *p = opaque;
146
+ if (!dc_isar_feature(aa64_atomics, s)) {
249
+ TZPPC *s = p->ppc;
147
+ return false;
250
+ int n = p - s->port;
148
+ }
251
+ AddressSpace *as = &p->downstream_as;
149
+ if (((a->rt | a->rs) & 1) != 0) {
252
+ uint64_t data;
150
+ return false;
253
+ MemTxResult res;
254
+
255
+ if (!tz_ppc_check(s, n, attrs)) {
256
+ trace_tz_ppc_read_blocked(n, addr, attrs.secure, attrs.user);
257
+ if (s->cfg_sec_resp) {
258
+ return MEMTX_ERROR;
259
+ } else {
260
+ *pdata = 0;
261
+ return MEMTX_OK;
262
+ }
263
+ }
151
+ }
264
+
152
+
265
+ switch (size) {
153
+ gen_compare_and_swap_pair(s, a->rs, a->rt, a->rn, a->sz);
266
+ case 1:
154
+ return true;
267
+ data = address_space_ldub(as, addr, attrs, &res);
268
+ break;
269
+ case 2:
270
+ data = address_space_lduw_le(as, addr, attrs, &res);
271
+ break;
272
+ case 4:
273
+ data = address_space_ldl_le(as, addr, attrs, &res);
274
+ break;
275
+ case 8:
276
+ data = address_space_ldq_le(as, addr, attrs, &res);
277
+ break;
278
+ default:
279
+ g_assert_not_reached();
280
+ }
281
+ *pdata = data;
282
+ return res;
283
+}
155
+}
284
+
156
+
285
+static MemTxResult tz_ppc_write(void *opaque, hwaddr addr, uint64_t val,
157
+static bool trans_CAS(DisasContext *s, arg_CAS *a)
286
+ unsigned size, MemTxAttrs attrs)
287
+{
158
+{
288
+ TZPPCPort *p = opaque;
159
+ if (!dc_isar_feature(aa64_atomics, s)) {
289
+ TZPPC *s = p->ppc;
160
+ return false;
290
+ AddressSpace *as = &p->downstream_as;
291
+ int n = p - s->port;
292
+ MemTxResult res;
293
+
294
+ if (!tz_ppc_check(s, n, attrs)) {
295
+ trace_tz_ppc_write_blocked(n, addr, attrs.secure, attrs.user);
296
+ if (s->cfg_sec_resp) {
297
+ return MEMTX_ERROR;
298
+ } else {
299
+ return MEMTX_OK;
300
+ }
301
+ }
161
+ }
302
+
162
+ gen_compare_and_swap(s, a->rs, a->rt, a->rn, a->sz);
303
+ switch (size) {
163
+ return true;
304
+ case 1:
164
}
305
+ address_space_stb(as, addr, val, attrs, &res);
165
306
+ break;
166
/*
307
+ case 2:
167
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_tag(DisasContext *s, uint32_t insn)
308
+ address_space_stw_le(as, addr, val, attrs, &res);
168
static void disas_ldst(DisasContext *s, uint32_t insn)
309
+ break;
169
{
310
+ case 4:
170
switch (extract32(insn, 24, 6)) {
311
+ address_space_stl_le(as, addr, val, attrs, &res);
171
- case 0x08: /* Load/store exclusive */
312
+ break;
172
- disas_ldst_excl(s, insn);
313
+ case 8:
173
- break;
314
+ address_space_stq_le(as, addr, val, attrs, &res);
174
case 0x18: case 0x1c: /* Load register (literal) */
315
+ break;
175
disas_ld_lit(s, insn);
316
+ default:
176
break;
317
+ g_assert_not_reached();
318
+ }
319
+ return res;
320
+}
321
+
322
+static const MemoryRegionOps tz_ppc_ops = {
323
+ .read_with_attrs = tz_ppc_read,
324
+ .write_with_attrs = tz_ppc_write,
325
+ .endianness = DEVICE_LITTLE_ENDIAN,
326
+};
327
+
328
+static void tz_ppc_reset(DeviceState *dev)
329
+{
330
+ TZPPC *s = TZ_PPC(dev);
331
+
332
+ trace_tz_ppc_reset();
333
+ s->cfg_sec_resp = false;
334
+ memset(s->cfg_nonsec, 0, sizeof(s->cfg_nonsec));
335
+ memset(s->cfg_ap, 0, sizeof(s->cfg_ap));
336
+}
337
+
338
+static void tz_ppc_init(Object *obj)
339
+{
340
+ DeviceState *dev = DEVICE(obj);
341
+ TZPPC *s = TZ_PPC(obj);
342
+
343
+ qdev_init_gpio_in_named(dev, tz_ppc_cfg_nonsec, "cfg_nonsec", TZ_NUM_PORTS);
344
+ qdev_init_gpio_in_named(dev, tz_ppc_cfg_ap, "cfg_ap", TZ_NUM_PORTS);
345
+ qdev_init_gpio_in_named(dev, tz_ppc_cfg_sec_resp, "cfg_sec_resp", 1);
346
+ qdev_init_gpio_in_named(dev, tz_ppc_irq_enable, "irq_enable", 1);
347
+ qdev_init_gpio_in_named(dev, tz_ppc_irq_clear, "irq_clear", 1);
348
+ qdev_init_gpio_out_named(dev, &s->irq, "irq", 1);
349
+}
350
+
351
+static void tz_ppc_realize(DeviceState *dev, Error **errp)
352
+{
353
+ Object *obj = OBJECT(dev);
354
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
355
+ TZPPC *s = TZ_PPC(dev);
356
+ int i;
357
+
358
+ /* We can't create the upstream end of the port until realize,
359
+ * as we don't know the size of the MR used as the downstream until then.
360
+ */
361
+ for (i = 0; i < TZ_NUM_PORTS; i++) {
362
+ TZPPCPort *port = &s->port[i];
363
+ char *name;
364
+ uint64_t size;
365
+
366
+ if (!port->downstream) {
367
+ continue;
368
+ }
369
+
370
+ name = g_strdup_printf("tz-ppc-port[%d]", i);
371
+
372
+ port->ppc = s;
373
+ address_space_init(&port->downstream_as, port->downstream, name);
374
+
375
+ size = memory_region_size(port->downstream);
376
+ memory_region_init_io(&port->upstream, obj, &tz_ppc_ops,
377
+ port, name, size);
378
+ sysbus_init_mmio(sbd, &port->upstream);
379
+ g_free(name);
380
+ }
381
+}
382
+
383
+static const VMStateDescription tz_ppc_vmstate = {
384
+ .name = "tz-ppc",
385
+ .version_id = 1,
386
+ .minimum_version_id = 1,
387
+ .fields = (VMStateField[]) {
388
+ VMSTATE_BOOL_ARRAY(cfg_nonsec, TZPPC, 16),
389
+ VMSTATE_BOOL_ARRAY(cfg_ap, TZPPC, 16),
390
+ VMSTATE_BOOL(cfg_sec_resp, TZPPC),
391
+ VMSTATE_BOOL(irq_enable, TZPPC),
392
+ VMSTATE_BOOL(irq_clear, TZPPC),
393
+ VMSTATE_BOOL(irq_status, TZPPC),
394
+ VMSTATE_END_OF_LIST()
395
+ }
396
+};
397
+
398
+#define DEFINE_PORT(N) \
399
+ DEFINE_PROP_LINK("port[" #N "]", TZPPC, port[N].downstream, \
400
+ TYPE_MEMORY_REGION, MemoryRegion *)
401
+
402
+static Property tz_ppc_properties[] = {
403
+ DEFINE_PROP_UINT32("NONSEC_MASK", TZPPC, nonsec_mask, 0),
404
+ DEFINE_PORT(0),
405
+ DEFINE_PORT(1),
406
+ DEFINE_PORT(2),
407
+ DEFINE_PORT(3),
408
+ DEFINE_PORT(4),
409
+ DEFINE_PORT(5),
410
+ DEFINE_PORT(6),
411
+ DEFINE_PORT(7),
412
+ DEFINE_PORT(8),
413
+ DEFINE_PORT(9),
414
+ DEFINE_PORT(10),
415
+ DEFINE_PORT(11),
416
+ DEFINE_PORT(12),
417
+ DEFINE_PORT(13),
418
+ DEFINE_PORT(14),
419
+ DEFINE_PORT(15),
420
+ DEFINE_PROP_END_OF_LIST(),
421
+};
422
+
423
+static void tz_ppc_class_init(ObjectClass *klass, void *data)
424
+{
425
+ DeviceClass *dc = DEVICE_CLASS(klass);
426
+
427
+ dc->realize = tz_ppc_realize;
428
+ dc->vmsd = &tz_ppc_vmstate;
429
+ dc->reset = tz_ppc_reset;
430
+ dc->props = tz_ppc_properties;
431
+}
432
+
433
+static const TypeInfo tz_ppc_info = {
434
+ .name = TYPE_TZ_PPC,
435
+ .parent = TYPE_SYS_BUS_DEVICE,
436
+ .instance_size = sizeof(TZPPC),
437
+ .instance_init = tz_ppc_init,
438
+ .class_init = tz_ppc_class_init,
439
+};
440
+
441
+static void tz_ppc_register_types(void)
442
+{
443
+ type_register_static(&tz_ppc_info);
444
+}
445
+
446
+type_init(tz_ppc_register_types);
447
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
448
index XXXXXXX..XXXXXXX 100644
449
--- a/default-configs/arm-softmmu.mak
450
+++ b/default-configs/arm-softmmu.mak
451
@@ -XXX,XX +XXX,XX @@ CONFIG_CMSDK_APB_UART=y
452
CONFIG_MPS2_FPGAIO=y
453
CONFIG_MPS2_SCC=y
454
455
+CONFIG_TZ_PPC=y
456
+
457
CONFIG_VERSATILE_PCI=y
458
CONFIG_VERSATILE_I2C=y
459
460
diff --git a/hw/misc/trace-events b/hw/misc/trace-events
461
index XXXXXXX..XXXXXXX 100644
462
--- a/hw/misc/trace-events
463
+++ b/hw/misc/trace-events
464
@@ -XXX,XX +XXX,XX @@ mos6522_get_next_irq_time(uint16_t latch, int64_t d, int64_t delta) "latch=%d co
465
mos6522_set_sr_int(void) "set sr_int"
466
mos6522_write(uint64_t addr, uint64_t val) "reg=0x%"PRIx64 " val=0x%"PRIx64
467
mos6522_read(uint64_t addr, unsigned val) "reg=0x%"PRIx64 " val=0x%x"
468
+
469
+# hw/misc/tz-ppc.c
470
+tz_ppc_reset(void) "TZ PPC: reset"
471
+tz_ppc_cfg_nonsec(int n, int level) "TZ PPC: cfg_nonsec[%d] = %d"
472
+tz_ppc_cfg_ap(int n, int level) "TZ PPC: cfg_ap[%d] = %d"
473
+tz_ppc_cfg_sec_resp(int level) "TZ PPC: cfg_sec_resp = %d"
474
+tz_ppc_irq_enable(int level) "TZ PPC: int_enable = %d"
475
+tz_ppc_irq_clear(int level) "TZ PPC: int_clear = %d"
476
+tz_ppc_update_irq(int level) "TZ PPC: setting irq line to %d"
477
+tz_ppc_read_blocked(int n, hwaddr offset, bool secure, bool user) "TZ PPC: port %d offset 0x%" HWADDR_PRIx " read (secure %d user %d) blocked"
478
+tz_ppc_write_blocked(int n, hwaddr offset, bool secure, bool user) "TZ PPC: port %d offset 0x%" HWADDR_PRIx " write (secure %d user %d) blocked"
479
--
177
--
480
2.16.2
178
2.34.1
481
482
diff view generated by jsdifflib
1
Add a Cortex-M33 definition. The M33 is an M profile CPU
1
Convert the "Load register (literal)" instruction class to
2
which implements the ARM v8M architecture, including the
2
decodetree.
3
M profile Security Extension.
4
3
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20180220180325.29818-9-peter.maydell@linaro.org
6
Message-id: 20230602155223.2040685-11-peter.maydell@linaro.org
8
---
7
---
9
target/arm/cpu.c | 31 +++++++++++++++++++++++++++++++
8
target/arm/tcg/a64.decode | 13 ++++++
10
1 file changed, 31 insertions(+)
9
target/arm/tcg/translate-a64.c | 76 ++++++++++------------------------
10
2 files changed, 35 insertions(+), 54 deletions(-)
11
11
12
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
12
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
13
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
14
--- a/target/arm/cpu.c
14
--- a/target/arm/tcg/a64.decode
15
+++ b/target/arm/cpu.c
15
+++ b/target/arm/tcg/a64.decode
16
@@ -XXX,XX +XXX,XX @@ static void cortex_m4_initfn(Object *obj)
16
@@ -XXX,XX +XXX,XX @@ LDXP 1 . 001000 011 ..... . ..... ..... ..... @stxp # inc LDAXP
17
cpu->id_isar5 = 0x00000000;
17
CASP 0 . 001000 0 - 1 rs:5 - 11111 rn:5 rt:5 sz=%imm1_30_p2
18
# CAS, CASA, CASAL, CASL
19
CAS sz:2 001000 1 - 1 rs:5 - 11111 rn:5 rt:5
20
+
21
+&ldlit rt imm sz sign
22
+@ldlit .. ... . .. ................... rt:5 &ldlit imm=%imm19
23
+
24
+LD_lit 00 011 0 00 ................... ..... @ldlit sz=2 sign=0
25
+LD_lit 01 011 0 00 ................... ..... @ldlit sz=3 sign=0
26
+LD_lit 10 011 0 00 ................... ..... @ldlit sz=2 sign=1
27
+LD_lit_v 00 011 1 00 ................... ..... @ldlit sz=2 sign=0
28
+LD_lit_v 01 011 1 00 ................... ..... @ldlit sz=3 sign=0
29
+LD_lit_v 10 011 1 00 ................... ..... @ldlit sz=4 sign=0
30
+
31
+# PRFM
32
+NOP 11 011 0 00 ------------------- -----
33
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
34
index XXXXXXX..XXXXXXX 100644
35
--- a/target/arm/tcg/translate-a64.c
36
+++ b/target/arm/tcg/translate-a64.c
37
@@ -XXX,XX +XXX,XX @@ static bool trans_CAS(DisasContext *s, arg_CAS *a)
38
return true;
18
}
39
}
19
40
20
+static void cortex_m33_initfn(Object *obj)
41
-/*
21
+{
42
- * Load register (literal)
22
+ ARMCPU *cpu = ARM_CPU(obj);
43
- *
44
- * 31 30 29 27 26 25 24 23 5 4 0
45
- * +-----+-------+---+-----+-------------------+-------+
46
- * | opc | 0 1 1 | V | 0 0 | imm19 | Rt |
47
- * +-----+-------+---+-----+-------------------+-------+
48
- *
49
- * V: 1 -> vector (simd/fp)
50
- * opc (non-vector): 00 -> 32 bit, 01 -> 64 bit,
51
- * 10-> 32 bit signed, 11 -> prefetch
52
- * opc (vector): 00 -> 32 bit, 01 -> 64 bit, 10 -> 128 bit (11 unallocated)
53
- */
54
-static void disas_ld_lit(DisasContext *s, uint32_t insn)
55
+static bool trans_LD_lit(DisasContext *s, arg_ldlit *a)
56
{
57
- int rt = extract32(insn, 0, 5);
58
- int64_t imm = sextract32(insn, 5, 19) << 2;
59
- bool is_vector = extract32(insn, 26, 1);
60
- int opc = extract32(insn, 30, 2);
61
- bool is_signed = false;
62
- int size = 2;
63
- TCGv_i64 tcg_rt, clean_addr;
64
+ bool iss_sf = ldst_iss_sf(a->sz, a->sign, false);
65
+ TCGv_i64 tcg_rt = cpu_reg(s, a->rt);
66
+ TCGv_i64 clean_addr = tcg_temp_new_i64();
67
+ MemOp memop = finalize_memop(s, a->sz + a->sign * MO_SIGN);
23
+
68
+
24
+ set_feature(&cpu->env, ARM_FEATURE_V8);
69
+ gen_pc_plus_diff(s, clean_addr, a->imm);
25
+ set_feature(&cpu->env, ARM_FEATURE_M);
70
+ do_gpr_ld(s, tcg_rt, clean_addr, memop,
26
+ set_feature(&cpu->env, ARM_FEATURE_M_SECURITY);
71
+ false, true, a->rt, iss_sf, false);
27
+ set_feature(&cpu->env, ARM_FEATURE_THUMB_DSP);
72
+ return true;
28
+ cpu->midr = 0x410fd213; /* r0p3 */
29
+ cpu->pmsav7_dregion = 16;
30
+ cpu->sau_sregion = 8;
31
+ cpu->id_pfr0 = 0x00000030;
32
+ cpu->id_pfr1 = 0x00000210;
33
+ cpu->id_dfr0 = 0x00200000;
34
+ cpu->id_afr0 = 0x00000000;
35
+ cpu->id_mmfr0 = 0x00101F40;
36
+ cpu->id_mmfr1 = 0x00000000;
37
+ cpu->id_mmfr2 = 0x01000000;
38
+ cpu->id_mmfr3 = 0x00000000;
39
+ cpu->id_isar0 = 0x01101110;
40
+ cpu->id_isar1 = 0x02212000;
41
+ cpu->id_isar2 = 0x20232232;
42
+ cpu->id_isar3 = 0x01111131;
43
+ cpu->id_isar4 = 0x01310132;
44
+ cpu->id_isar5 = 0x00000000;
45
+ cpu->clidr = 0x00000000;
46
+ cpu->ctr = 0x8000c000;
47
+}
73
+}
48
+
74
+
49
static void arm_v7m_class_init(ObjectClass *oc, void *data)
75
+static bool trans_LD_lit_v(DisasContext *s, arg_ldlit *a)
76
+{
77
+ /* Load register (literal), vector version */
78
+ TCGv_i64 clean_addr;
79
MemOp memop;
80
81
- if (is_vector) {
82
- if (opc == 3) {
83
- unallocated_encoding(s);
84
- return;
85
- }
86
- size = 2 + opc;
87
- if (!fp_access_check(s)) {
88
- return;
89
- }
90
- memop = finalize_memop_asimd(s, size);
91
- } else {
92
- if (opc == 3) {
93
- /* PRFM (literal) : prefetch */
94
- return;
95
- }
96
- size = 2 + extract32(opc, 0, 1);
97
- is_signed = extract32(opc, 1, 1);
98
- memop = finalize_memop(s, size + is_signed * MO_SIGN);
99
+ if (!fp_access_check(s)) {
100
+ return true;
101
}
102
-
103
- tcg_rt = cpu_reg(s, rt);
104
-
105
+ memop = finalize_memop_asimd(s, a->sz);
106
clean_addr = tcg_temp_new_i64();
107
- gen_pc_plus_diff(s, clean_addr, imm);
108
-
109
- if (is_vector) {
110
- do_fp_ld(s, rt, clean_addr, memop);
111
- } else {
112
- /* Only unsigned 32bit loads target 32bit registers. */
113
- bool iss_sf = opc != 0;
114
- do_gpr_ld(s, tcg_rt, clean_addr, memop, false, true, rt, iss_sf, false);
115
- }
116
+ gen_pc_plus_diff(s, clean_addr, a->imm);
117
+ do_fp_ld(s, a->rt, clean_addr, memop);
118
+ return true;
119
}
120
121
/*
122
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_tag(DisasContext *s, uint32_t insn)
123
static void disas_ldst(DisasContext *s, uint32_t insn)
50
{
124
{
51
CPUClass *cc = CPU_CLASS(oc);
125
switch (extract32(insn, 24, 6)) {
52
@@ -XXX,XX +XXX,XX @@ static const ARMCPUInfo arm_cpus[] = {
126
- case 0x18: case 0x1c: /* Load register (literal) */
53
.class_init = arm_v7m_class_init },
127
- disas_ld_lit(s, insn);
54
{ .name = "cortex-m4", .initfn = cortex_m4_initfn,
128
- break;
55
.class_init = arm_v7m_class_init },
129
case 0x28: case 0x29:
56
+ { .name = "cortex-m33", .initfn = cortex_m33_initfn,
130
case 0x2c: case 0x2d: /* Load/store pair (all forms) */
57
+ .class_init = arm_v7m_class_init },
131
disas_ldst_pair(s, insn);
58
{ .name = "cortex-r5", .initfn = cortex_r5_initfn },
59
{ .name = "cortex-a7", .initfn = cortex_a7_initfn },
60
{ .name = "cortex-a8", .initfn = cortex_a8_initfn },
61
--
132
--
62
2.16.2
133
2.34.1
63
64
diff view generated by jsdifflib
1
In some board or SoC models it is necessary to split a qemu_irq line
1
Convert the load/store register pair insns (LDP, STP,
2
so that one input can feed multiple outputs. We currently have
2
LDNP, STNP, LDPSW, STGP) to decodetree.
3
qemu_irq_split() for this, but that has several deficiencies:
4
* it can only handle splitting a line into two
5
* it unavoidably leaks memory, so it can't be used
6
in a device that can be deleted
7
8
Implement a qdev device that encapsulates splitting of IRQs, with a
9
configurable number of outputs. (This is in some ways the inverse of
10
the TYPE_OR_IRQ device.)
11
3
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Message-id: 20230602155223.2040685-12-peter.maydell@linaro.org
13
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
14
Message-id: 20180220180325.29818-13-peter.maydell@linaro.org
15
---
7
---
16
hw/core/Makefile.objs | 1 +
8
target/arm/tcg/a64.decode | 61 +++++
17
include/hw/core/split-irq.h | 57 +++++++++++++++++++++++++++++
9
target/arm/tcg/translate-a64.c | 422 ++++++++++++++++-----------------
18
include/hw/irq.h | 4 +-
10
2 files changed, 268 insertions(+), 215 deletions(-)
19
hw/core/split-irq.c | 89 +++++++++++++++++++++++++++++++++++++++++++++
20
4 files changed, 150 insertions(+), 1 deletion(-)
21
create mode 100644 include/hw/core/split-irq.h
22
create mode 100644 hw/core/split-irq.c
23
11
24
diff --git a/hw/core/Makefile.objs b/hw/core/Makefile.objs
12
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
25
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
26
--- a/hw/core/Makefile.objs
14
--- a/target/arm/tcg/a64.decode
27
+++ b/hw/core/Makefile.objs
15
+++ b/target/arm/tcg/a64.decode
28
@@ -XXX,XX +XXX,XX @@ common-obj-$(CONFIG_FITLOADER) += loader-fit.o
16
@@ -XXX,XX +XXX,XX @@ LD_lit_v 10 011 1 00 ................... ..... @ldlit sz=4 sign=0
29
common-obj-$(CONFIG_SOFTMMU) += qdev-properties-system.o
17
30
common-obj-$(CONFIG_SOFTMMU) += register.o
18
# PRFM
31
common-obj-$(CONFIG_SOFTMMU) += or-irq.o
19
NOP 11 011 0 00 ------------------- -----
32
+common-obj-$(CONFIG_SOFTMMU) += split-irq.o
20
+
33
common-obj-$(CONFIG_PLATFORM_BUS) += platform-bus.o
21
+&ldstpair rt2 rt rn imm sz sign w p
34
22
+@ldstpair .. ... . ... . imm:s7 rt2:5 rn:5 rt:5 &ldstpair
35
obj-$(CONFIG_SOFTMMU) += generic-loader.o
23
+
36
diff --git a/include/hw/core/split-irq.h b/include/hw/core/split-irq.h
24
+# STNP, LDNP: Signed offset, non-temporal hint. We don't emulate caches
37
new file mode 100644
25
+# so we ignore hints about data access patterns, and handle these like
38
index XXXXXXX..XXXXXXX
26
+# plain signed offset.
39
--- /dev/null
27
+STP 00 101 0 000 0 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=0 w=0
40
+++ b/include/hw/core/split-irq.h
28
+LDP 00 101 0 000 1 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=0 w=0
41
@@ -XXX,XX +XXX,XX @@
29
+STP 10 101 0 000 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=0
42
+/*
30
+LDP 10 101 0 000 1 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=0
43
+ * IRQ splitter device.
31
+STP_v 00 101 1 000 0 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=0 w=0
44
+ *
32
+LDP_v 00 101 1 000 1 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=0 w=0
45
+ * Copyright (c) 2018 Linaro Limited.
33
+STP_v 01 101 1 000 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=0
46
+ * Written by Peter Maydell
34
+LDP_v 01 101 1 000 1 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=0
47
+ *
35
+STP_v 10 101 1 000 0 ....... ..... ..... ..... @ldstpair sz=4 sign=0 p=0 w=0
48
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
36
+LDP_v 10 101 1 000 1 ....... ..... ..... ..... @ldstpair sz=4 sign=0 p=0 w=0
49
+ * of this software and associated documentation files (the "Software"), to deal
37
+
50
+ * in the Software without restriction, including without limitation the rights
38
+# STP and LDP: post-indexed
51
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
39
+STP 00 101 0 001 0 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=1 w=1
52
+ * copies of the Software, and to permit persons to whom the Software is
40
+LDP 00 101 0 001 1 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=1 w=1
53
+ * furnished to do so, subject to the following conditions:
41
+LDP 01 101 0 001 1 ....... ..... ..... ..... @ldstpair sz=2 sign=1 p=1 w=1
54
+ *
42
+STP 10 101 0 001 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=1 w=1
55
+ * The above copyright notice and this permission notice shall be included in
43
+LDP 10 101 0 001 1 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=1 w=1
56
+ * all copies or substantial portions of the Software.
44
+STP_v 00 101 1 001 0 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=1 w=1
57
+ *
45
+LDP_v 00 101 1 001 1 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=1 w=1
58
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
46
+STP_v 01 101 1 001 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=1 w=1
59
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
47
+LDP_v 01 101 1 001 1 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=1 w=1
60
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
48
+STP_v 10 101 1 001 0 ....... ..... ..... ..... @ldstpair sz=4 sign=0 p=1 w=1
61
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
49
+LDP_v 10 101 1 001 1 ....... ..... ..... ..... @ldstpair sz=4 sign=0 p=1 w=1
62
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
50
+
63
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
51
+# STP and LDP: offset
64
+ * THE SOFTWARE.
52
+STP 00 101 0 010 0 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=0 w=0
65
+ */
53
+LDP 00 101 0 010 1 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=0 w=0
66
+
54
+LDP 01 101 0 010 1 ....... ..... ..... ..... @ldstpair sz=2 sign=1 p=0 w=0
67
+/* This is a simple device which has one GPIO input line and multiple
55
+STP 10 101 0 010 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=0
68
+ * GPIO output lines. Any change on the input line is forwarded to all
56
+LDP 10 101 0 010 1 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=0
69
+ * of the outputs.
57
+STP_v 00 101 1 010 0 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=0 w=0
70
+ *
58
+LDP_v 00 101 1 010 1 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=0 w=0
71
+ * QEMU interface:
59
+STP_v 01 101 1 010 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=0
72
+ * + one unnamed GPIO input: the input line
60
+LDP_v 01 101 1 010 1 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=0
73
+ * + N unnamed GPIO outputs: the output lines
61
+STP_v 10 101 1 010 0 ....... ..... ..... ..... @ldstpair sz=4 sign=0 p=0 w=0
74
+ * + QOM property "num-lines": sets the number of output lines
62
+LDP_v 10 101 1 010 1 ....... ..... ..... ..... @ldstpair sz=4 sign=0 p=0 w=0
75
+ */
63
+
76
+#ifndef HW_SPLIT_IRQ_H
64
+# STP and LDP: pre-indexed
77
+#define HW_SPLIT_IRQ_H
65
+STP 00 101 0 011 0 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=0 w=1
78
+
66
+LDP 00 101 0 011 1 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=0 w=1
79
+#include "hw/irq.h"
67
+LDP 01 101 0 011 1 ....... ..... ..... ..... @ldstpair sz=2 sign=1 p=0 w=1
80
+#include "hw/sysbus.h"
68
+STP 10 101 0 011 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=1
81
+#include "qom/object.h"
69
+LDP 10 101 0 011 1 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=1
82
+
70
+STP_v 00 101 1 011 0 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=0 w=1
83
+#define TYPE_SPLIT_IRQ "split-irq"
71
+LDP_v 00 101 1 011 1 ....... ..... ..... ..... @ldstpair sz=2 sign=0 p=0 w=1
84
+
72
+STP_v 01 101 1 011 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=1
85
+#define MAX_SPLIT_LINES 16
73
+LDP_v 01 101 1 011 1 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=1
86
+
74
+STP_v 10 101 1 011 0 ....... ..... ..... ..... @ldstpair sz=4 sign=0 p=0 w=1
87
+typedef struct SplitIRQ SplitIRQ;
75
+LDP_v 10 101 1 011 1 ....... ..... ..... ..... @ldstpair sz=4 sign=0 p=0 w=1
88
+
76
+
89
+#define SPLIT_IRQ(obj) OBJECT_CHECK(SplitIRQ, (obj), TYPE_SPLIT_IRQ)
77
+# STGP: store tag and pair
90
+
78
+STGP 01 101 0 001 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=1 w=1
91
+struct SplitIRQ {
79
+STGP 01 101 0 010 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=0
92
+ DeviceState parent_obj;
80
+STGP 01 101 0 011 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=1
93
+
81
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
94
+ qemu_irq out_irq[MAX_SPLIT_LINES];
95
+ uint16_t num_lines;
96
+};
97
+
98
+#endif
99
diff --git a/include/hw/irq.h b/include/hw/irq.h
100
index XXXXXXX..XXXXXXX 100644
82
index XXXXXXX..XXXXXXX 100644
101
--- a/include/hw/irq.h
83
--- a/target/arm/tcg/translate-a64.c
102
+++ b/include/hw/irq.h
84
+++ b/target/arm/tcg/translate-a64.c
103
@@ -XXX,XX +XXX,XX @@ void qemu_free_irq(qemu_irq irq);
85
@@ -XXX,XX +XXX,XX @@ static bool trans_LD_lit_v(DisasContext *s, arg_ldlit *a)
104
/* Returns a new IRQ with opposite polarity. */
86
return true;
105
qemu_irq qemu_irq_invert(qemu_irq irq);
87
}
106
88
107
-/* Returns a new IRQ which feeds into both the passed IRQs */
89
-/*
108
+/* Returns a new IRQ which feeds into both the passed IRQs.
90
- * LDNP (Load Pair - non-temporal hint)
109
+ * It's probably better to use the TYPE_SPLIT_IRQ device instead.
91
- * LDP (Load Pair - non vector)
110
+ */
92
- * LDPSW (Load Pair Signed Word - non vector)
111
qemu_irq qemu_irq_split(qemu_irq irq1, qemu_irq irq2);
93
- * STNP (Store Pair - non-temporal hint)
112
94
- * STP (Store Pair - non vector)
113
/* Returns a new IRQ set which connects 1:1 to another IRQ set, which
95
- * LDNP (Load Pair of SIMD&FP - non-temporal hint)
114
diff --git a/hw/core/split-irq.c b/hw/core/split-irq.c
96
- * LDP (Load Pair of SIMD&FP)
115
new file mode 100644
97
- * STNP (Store Pair of SIMD&FP - non-temporal hint)
116
index XXXXXXX..XXXXXXX
98
- * STP (Store Pair of SIMD&FP)
117
--- /dev/null
99
- *
118
+++ b/hw/core/split-irq.c
100
- * 31 30 29 27 26 25 24 23 22 21 15 14 10 9 5 4 0
119
@@ -XXX,XX +XXX,XX @@
101
- * +-----+-------+---+---+-------+---+-----------------------------+
120
+/*
102
- * | opc | 1 0 1 | V | 0 | index | L | imm7 | Rt2 | Rn | Rt |
121
+ * IRQ splitter device.
103
- * +-----+-------+---+---+-------+---+-------+-------+------+------+
122
+ *
104
- *
123
+ * Copyright (c) 2018 Linaro Limited.
105
- * opc: LDP/STP/LDNP/STNP 00 -> 32 bit, 10 -> 64 bit
124
+ * Written by Peter Maydell
106
- * LDPSW/STGP 01
125
+ *
107
- * LDP/STP/LDNP/STNP (SIMD) 00 -> 32 bit, 01 -> 64 bit, 10 -> 128 bit
126
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
108
- * V: 0 -> GPR, 1 -> Vector
127
+ * of this software and associated documentation files (the "Software"), to deal
109
- * idx: 00 -> signed offset with non-temporal hint, 01 -> post-index,
128
+ * in the Software without restriction, including without limitation the rights
110
- * 10 -> signed offset, 11 -> pre-index
129
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
111
- * L: 0 -> Store 1 -> Load
130
+ * copies of the Software, and to permit persons to whom the Software is
112
- *
131
+ * furnished to do so, subject to the following conditions:
113
- * Rt, Rt2 = GPR or SIMD registers to be stored
132
+ *
114
- * Rn = general purpose register containing address
133
+ * The above copyright notice and this permission notice shall be included in
115
- * imm7 = signed offset (multiple of 4 or 8 depending on size)
134
+ * all copies or substantial portions of the Software.
116
- */
135
+ *
117
-static void disas_ldst_pair(DisasContext *s, uint32_t insn)
136
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
118
+static void op_addr_ldstpair_pre(DisasContext *s, arg_ldstpair *a,
137
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
119
+ TCGv_i64 *clean_addr, TCGv_i64 *dirty_addr,
138
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
120
+ uint64_t offset, bool is_store, MemOp mop)
139
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
121
{
140
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
122
- int rt = extract32(insn, 0, 5);
141
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
123
- int rn = extract32(insn, 5, 5);
142
+ * THE SOFTWARE.
124
- int rt2 = extract32(insn, 10, 5);
143
+ */
125
- uint64_t offset = sextract64(insn, 15, 7);
144
+
126
- int index = extract32(insn, 23, 2);
145
+#include "qemu/osdep.h"
127
- bool is_vector = extract32(insn, 26, 1);
146
+#include "hw/core/split-irq.h"
128
- bool is_load = extract32(insn, 22, 1);
147
+#include "qapi/error.h"
129
- int opc = extract32(insn, 30, 2);
148
+
130
- bool is_signed = false;
149
+static void split_irq_handler(void *opaque, int n, int level)
131
- bool postindex = false;
132
- bool wback = false;
133
- bool set_tag = false;
134
- TCGv_i64 clean_addr, dirty_addr;
135
- MemOp mop;
136
- int size;
137
-
138
- if (opc == 3) {
139
- unallocated_encoding(s);
140
- return;
141
- }
142
-
143
- if (is_vector) {
144
- size = 2 + opc;
145
- } else if (opc == 1 && !is_load) {
146
- /* STGP */
147
- if (!dc_isar_feature(aa64_mte_insn_reg, s) || index == 0) {
148
- unallocated_encoding(s);
149
- return;
150
- }
151
- size = 3;
152
- set_tag = true;
153
- } else {
154
- size = 2 + extract32(opc, 1, 1);
155
- is_signed = extract32(opc, 0, 1);
156
- if (!is_load && is_signed) {
157
- unallocated_encoding(s);
158
- return;
159
- }
160
- }
161
-
162
- switch (index) {
163
- case 1: /* post-index */
164
- postindex = true;
165
- wback = true;
166
- break;
167
- case 0:
168
- /* signed offset with "non-temporal" hint. Since we don't emulate
169
- * caches we don't care about hints to the cache system about
170
- * data access patterns, and handle this identically to plain
171
- * signed offset.
172
- */
173
- if (is_signed) {
174
- /* There is no non-temporal-hint version of LDPSW */
175
- unallocated_encoding(s);
176
- return;
177
- }
178
- postindex = false;
179
- break;
180
- case 2: /* signed offset, rn not updated */
181
- postindex = false;
182
- break;
183
- case 3: /* pre-index */
184
- postindex = false;
185
- wback = true;
186
- break;
187
- }
188
-
189
- if (is_vector && !fp_access_check(s)) {
190
- return;
191
- }
192
-
193
- offset <<= (set_tag ? LOG2_TAG_GRANULE : size);
194
-
195
- if (rn == 31) {
196
+ if (a->rn == 31) {
197
gen_check_sp_alignment(s);
198
}
199
200
- dirty_addr = read_cpu_reg_sp(s, rn, 1);
201
- if (!postindex) {
202
+ *dirty_addr = read_cpu_reg_sp(s, a->rn, 1);
203
+ if (!a->p) {
204
+ tcg_gen_addi_i64(*dirty_addr, *dirty_addr, offset);
205
+ }
206
+
207
+ *clean_addr = gen_mte_checkN(s, *dirty_addr, is_store,
208
+ (a->w || a->rn != 31), 2 << a->sz, mop);
209
+}
210
+
211
+static void op_addr_ldstpair_post(DisasContext *s, arg_ldstpair *a,
212
+ TCGv_i64 dirty_addr, uint64_t offset)
150
+{
213
+{
151
+ SplitIRQ *s = SPLIT_IRQ(opaque);
214
+ if (a->w) {
152
+ int i;
215
+ if (a->p) {
153
+
216
+ tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
154
+ for (i = 0; i < s->num_lines; i++) {
217
+ }
155
+ qemu_set_irq(s->out_irq[i], level);
218
+ tcg_gen_mov_i64(cpu_reg_sp(s, a->rn), dirty_addr);
156
+ }
219
+ }
157
+}
220
+}
158
+
221
+
159
+static void split_irq_init(Object *obj)
222
+static bool trans_STP(DisasContext *s, arg_ldstpair *a)
160
+{
223
+{
161
+ qdev_init_gpio_in(DEVICE(obj), split_irq_handler, 1);
224
+ uint64_t offset = a->imm << a->sz;
225
+ TCGv_i64 clean_addr, dirty_addr, tcg_rt, tcg_rt2;
226
+ MemOp mop = finalize_memop(s, a->sz);
227
+
228
+ op_addr_ldstpair_pre(s, a, &clean_addr, &dirty_addr, offset, true, mop);
229
+ tcg_rt = cpu_reg(s, a->rt);
230
+ tcg_rt2 = cpu_reg(s, a->rt2);
231
+ /*
232
+ * We built mop above for the single logical access -- rebuild it
233
+ * now for the paired operation.
234
+ *
235
+ * With LSE2, non-sign-extending pairs are treated atomically if
236
+ * aligned, and if unaligned one of the pair will be completely
237
+ * within a 16-byte block and that element will be atomic.
238
+ * Otherwise each element is separately atomic.
239
+ * In all cases, issue one operation with the correct atomicity.
240
+ */
241
+ mop = a->sz + 1;
242
+ if (s->align_mem) {
243
+ mop |= (a->sz == 2 ? MO_ALIGN_4 : MO_ALIGN_8);
244
+ }
245
+ mop = finalize_memop_pair(s, mop);
246
+ if (a->sz == 2) {
247
+ TCGv_i64 tmp = tcg_temp_new_i64();
248
+
249
+ if (s->be_data == MO_LE) {
250
+ tcg_gen_concat32_i64(tmp, tcg_rt, tcg_rt2);
251
+ } else {
252
+ tcg_gen_concat32_i64(tmp, tcg_rt2, tcg_rt);
253
+ }
254
+ tcg_gen_qemu_st_i64(tmp, clean_addr, get_mem_index(s), mop);
255
+ } else {
256
+ TCGv_i128 tmp = tcg_temp_new_i128();
257
+
258
+ if (s->be_data == MO_LE) {
259
+ tcg_gen_concat_i64_i128(tmp, tcg_rt, tcg_rt2);
260
+ } else {
261
+ tcg_gen_concat_i64_i128(tmp, tcg_rt2, tcg_rt);
262
+ }
263
+ tcg_gen_qemu_st_i128(tmp, clean_addr, get_mem_index(s), mop);
264
+ }
265
+ op_addr_ldstpair_post(s, a, dirty_addr, offset);
266
+ return true;
162
+}
267
+}
163
+
268
+
164
+static void split_irq_realize(DeviceState *dev, Error **errp)
269
+static bool trans_LDP(DisasContext *s, arg_ldstpair *a)
165
+{
270
+{
166
+ SplitIRQ *s = SPLIT_IRQ(dev);
271
+ uint64_t offset = a->imm << a->sz;
167
+
272
+ TCGv_i64 clean_addr, dirty_addr, tcg_rt, tcg_rt2;
168
+ if (s->num_lines < 1 || s->num_lines >= MAX_SPLIT_LINES) {
273
+ MemOp mop = finalize_memop(s, a->sz);
169
+ error_setg(errp,
274
+
170
+ "IRQ splitter number of lines %d is not between 1 and %d",
275
+ op_addr_ldstpair_pre(s, a, &clean_addr, &dirty_addr, offset, false, mop);
171
+ s->num_lines, MAX_SPLIT_LINES);
276
+ tcg_rt = cpu_reg(s, a->rt);
172
+ return;
277
+ tcg_rt2 = cpu_reg(s, a->rt2);
173
+ }
278
+
174
+
279
+ /*
175
+ qdev_init_gpio_out(dev, s->out_irq, s->num_lines);
280
+ * We built mop above for the single logical access -- rebuild it
281
+ * now for the paired operation.
282
+ *
283
+ * With LSE2, non-sign-extending pairs are treated atomically if
284
+ * aligned, and if unaligned one of the pair will be completely
285
+ * within a 16-byte block and that element will be atomic.
286
+ * Otherwise each element is separately atomic.
287
+ * In all cases, issue one operation with the correct atomicity.
288
+ *
289
+ * This treats sign-extending loads like zero-extending loads,
290
+ * since that reuses the most code below.
291
+ */
292
+ mop = a->sz + 1;
293
+ if (s->align_mem) {
294
+ mop |= (a->sz == 2 ? MO_ALIGN_4 : MO_ALIGN_8);
295
+ }
296
+ mop = finalize_memop_pair(s, mop);
297
+ if (a->sz == 2) {
298
+ int o2 = s->be_data == MO_LE ? 32 : 0;
299
+ int o1 = o2 ^ 32;
300
+
301
+ tcg_gen_qemu_ld_i64(tcg_rt, clean_addr, get_mem_index(s), mop);
302
+ if (a->sign) {
303
+ tcg_gen_sextract_i64(tcg_rt2, tcg_rt, o2, 32);
304
+ tcg_gen_sextract_i64(tcg_rt, tcg_rt, o1, 32);
305
+ } else {
306
+ tcg_gen_extract_i64(tcg_rt2, tcg_rt, o2, 32);
307
+ tcg_gen_extract_i64(tcg_rt, tcg_rt, o1, 32);
308
+ }
309
+ } else {
310
+ TCGv_i128 tmp = tcg_temp_new_i128();
311
+
312
+ tcg_gen_qemu_ld_i128(tmp, clean_addr, get_mem_index(s), mop);
313
+ if (s->be_data == MO_LE) {
314
+ tcg_gen_extr_i128_i64(tcg_rt, tcg_rt2, tmp);
315
+ } else {
316
+ tcg_gen_extr_i128_i64(tcg_rt2, tcg_rt, tmp);
317
+ }
318
+ }
319
+ op_addr_ldstpair_post(s, a, dirty_addr, offset);
320
+ return true;
176
+}
321
+}
177
+
322
+
178
+static Property split_irq_properties[] = {
323
+static bool trans_STP_v(DisasContext *s, arg_ldstpair *a)
179
+ DEFINE_PROP_UINT16("num-lines", SplitIRQ, num_lines, 1),
180
+ DEFINE_PROP_END_OF_LIST(),
181
+};
182
+
183
+static void split_irq_class_init(ObjectClass *klass, void *data)
184
+{
324
+{
185
+ DeviceClass *dc = DEVICE_CLASS(klass);
325
+ uint64_t offset = a->imm << a->sz;
186
+
326
+ TCGv_i64 clean_addr, dirty_addr;
187
+ /* No state to reset or migrate */
327
+ MemOp mop;
188
+ dc->props = split_irq_properties;
328
+
189
+ dc->realize = split_irq_realize;
329
+ if (!fp_access_check(s)) {
190
+
330
+ return true;
191
+ /* Reason: Needs to be wired up to work */
331
+ }
192
+ dc->user_creatable = false;
332
+
333
+ /* LSE2 does not merge FP pairs; leave these as separate operations. */
334
+ mop = finalize_memop_asimd(s, a->sz);
335
+ op_addr_ldstpair_pre(s, a, &clean_addr, &dirty_addr, offset, true, mop);
336
+ do_fp_st(s, a->rt, clean_addr, mop);
337
+ tcg_gen_addi_i64(clean_addr, clean_addr, 1 << a->sz);
338
+ do_fp_st(s, a->rt2, clean_addr, mop);
339
+ op_addr_ldstpair_post(s, a, dirty_addr, offset);
340
+ return true;
193
+}
341
+}
194
+
342
+
195
+static const TypeInfo split_irq_type_info = {
343
+static bool trans_LDP_v(DisasContext *s, arg_ldstpair *a)
196
+ .name = TYPE_SPLIT_IRQ,
197
+ .parent = TYPE_DEVICE,
198
+ .instance_size = sizeof(SplitIRQ),
199
+ .instance_init = split_irq_init,
200
+ .class_init = split_irq_class_init,
201
+};
202
+
203
+static void split_irq_register_types(void)
204
+{
344
+{
205
+ type_register_static(&split_irq_type_info);
345
+ uint64_t offset = a->imm << a->sz;
346
+ TCGv_i64 clean_addr, dirty_addr;
347
+ MemOp mop;
348
+
349
+ if (!fp_access_check(s)) {
350
+ return true;
351
+ }
352
+
353
+ /* LSE2 does not merge FP pairs; leave these as separate operations. */
354
+ mop = finalize_memop_asimd(s, a->sz);
355
+ op_addr_ldstpair_pre(s, a, &clean_addr, &dirty_addr, offset, false, mop);
356
+ do_fp_ld(s, a->rt, clean_addr, mop);
357
+ tcg_gen_addi_i64(clean_addr, clean_addr, 1 << a->sz);
358
+ do_fp_ld(s, a->rt2, clean_addr, mop);
359
+ op_addr_ldstpair_post(s, a, dirty_addr, offset);
360
+ return true;
206
+}
361
+}
207
+
362
+
208
+type_init(split_irq_register_types)
363
+static bool trans_STGP(DisasContext *s, arg_ldstpair *a)
364
+{
365
+ TCGv_i64 clean_addr, dirty_addr, tcg_rt, tcg_rt2;
366
+ uint64_t offset = a->imm << LOG2_TAG_GRANULE;
367
+ MemOp mop;
368
+ TCGv_i128 tmp;
369
+
370
+ if (!dc_isar_feature(aa64_mte_insn_reg, s)) {
371
+ return false;
372
+ }
373
+
374
+ if (a->rn == 31) {
375
+ gen_check_sp_alignment(s);
376
+ }
377
+
378
+ dirty_addr = read_cpu_reg_sp(s, a->rn, 1);
379
+ if (!a->p) {
380
tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
381
}
382
383
- if (set_tag) {
384
- if (!s->ata) {
385
- /*
386
- * TODO: We could rely on the stores below, at least for
387
- * system mode, if we arrange to add MO_ALIGN_16.
388
- */
389
- gen_helper_stg_stub(cpu_env, dirty_addr);
390
- } else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
391
- gen_helper_stg_parallel(cpu_env, dirty_addr, dirty_addr);
392
- } else {
393
- gen_helper_stg(cpu_env, dirty_addr, dirty_addr);
394
- }
395
- }
396
-
397
- if (is_vector) {
398
- mop = finalize_memop_asimd(s, size);
399
- } else {
400
- mop = finalize_memop(s, size);
401
- }
402
- clean_addr = gen_mte_checkN(s, dirty_addr, !is_load,
403
- (wback || rn != 31) && !set_tag,
404
- 2 << size, mop);
405
-
406
- if (is_vector) {
407
- /* LSE2 does not merge FP pairs; leave these as separate operations. */
408
- if (is_load) {
409
- do_fp_ld(s, rt, clean_addr, mop);
410
- } else {
411
- do_fp_st(s, rt, clean_addr, mop);
412
- }
413
- tcg_gen_addi_i64(clean_addr, clean_addr, 1 << size);
414
- if (is_load) {
415
- do_fp_ld(s, rt2, clean_addr, mop);
416
- } else {
417
- do_fp_st(s, rt2, clean_addr, mop);
418
- }
419
- } else {
420
- TCGv_i64 tcg_rt = cpu_reg(s, rt);
421
- TCGv_i64 tcg_rt2 = cpu_reg(s, rt2);
422
-
423
+ if (!s->ata) {
424
/*
425
- * We built mop above for the single logical access -- rebuild it
426
- * now for the paired operation.
427
- *
428
- * With LSE2, non-sign-extending pairs are treated atomically if
429
- * aligned, and if unaligned one of the pair will be completely
430
- * within a 16-byte block and that element will be atomic.
431
- * Otherwise each element is separately atomic.
432
- * In all cases, issue one operation with the correct atomicity.
433
- *
434
- * This treats sign-extending loads like zero-extending loads,
435
- * since that reuses the most code below.
436
+ * TODO: We could rely on the stores below, at least for
437
+ * system mode, if we arrange to add MO_ALIGN_16.
438
*/
439
- mop = size + 1;
440
- if (s->align_mem) {
441
- mop |= (size == 2 ? MO_ALIGN_4 : MO_ALIGN_8);
442
- }
443
- mop = finalize_memop_pair(s, mop);
444
-
445
- if (is_load) {
446
- if (size == 2) {
447
- int o2 = s->be_data == MO_LE ? 32 : 0;
448
- int o1 = o2 ^ 32;
449
-
450
- tcg_gen_qemu_ld_i64(tcg_rt, clean_addr, get_mem_index(s), mop);
451
- if (is_signed) {
452
- tcg_gen_sextract_i64(tcg_rt2, tcg_rt, o2, 32);
453
- tcg_gen_sextract_i64(tcg_rt, tcg_rt, o1, 32);
454
- } else {
455
- tcg_gen_extract_i64(tcg_rt2, tcg_rt, o2, 32);
456
- tcg_gen_extract_i64(tcg_rt, tcg_rt, o1, 32);
457
- }
458
- } else {
459
- TCGv_i128 tmp = tcg_temp_new_i128();
460
-
461
- tcg_gen_qemu_ld_i128(tmp, clean_addr, get_mem_index(s), mop);
462
- if (s->be_data == MO_LE) {
463
- tcg_gen_extr_i128_i64(tcg_rt, tcg_rt2, tmp);
464
- } else {
465
- tcg_gen_extr_i128_i64(tcg_rt2, tcg_rt, tmp);
466
- }
467
- }
468
- } else {
469
- if (size == 2) {
470
- TCGv_i64 tmp = tcg_temp_new_i64();
471
-
472
- if (s->be_data == MO_LE) {
473
- tcg_gen_concat32_i64(tmp, tcg_rt, tcg_rt2);
474
- } else {
475
- tcg_gen_concat32_i64(tmp, tcg_rt2, tcg_rt);
476
- }
477
- tcg_gen_qemu_st_i64(tmp, clean_addr, get_mem_index(s), mop);
478
- } else {
479
- TCGv_i128 tmp = tcg_temp_new_i128();
480
-
481
- if (s->be_data == MO_LE) {
482
- tcg_gen_concat_i64_i128(tmp, tcg_rt, tcg_rt2);
483
- } else {
484
- tcg_gen_concat_i64_i128(tmp, tcg_rt2, tcg_rt);
485
- }
486
- tcg_gen_qemu_st_i128(tmp, clean_addr, get_mem_index(s), mop);
487
- }
488
- }
489
+ gen_helper_stg_stub(cpu_env, dirty_addr);
490
+ } else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
491
+ gen_helper_stg_parallel(cpu_env, dirty_addr, dirty_addr);
492
+ } else {
493
+ gen_helper_stg(cpu_env, dirty_addr, dirty_addr);
494
}
495
496
- if (wback) {
497
- if (postindex) {
498
- tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
499
- }
500
- tcg_gen_mov_i64(cpu_reg_sp(s, rn), dirty_addr);
501
+ mop = finalize_memop(s, a->sz);
502
+ clean_addr = gen_mte_checkN(s, dirty_addr, true, false, 2 << a->sz, mop);
503
+
504
+ tcg_rt = cpu_reg(s, a->rt);
505
+ tcg_rt2 = cpu_reg(s, a->rt2);
506
+
507
+ assert(a->sz == 3);
508
+
509
+ tmp = tcg_temp_new_i128();
510
+ if (s->be_data == MO_LE) {
511
+ tcg_gen_concat_i64_i128(tmp, tcg_rt, tcg_rt2);
512
+ } else {
513
+ tcg_gen_concat_i64_i128(tmp, tcg_rt2, tcg_rt);
514
}
515
+ tcg_gen_qemu_st_i128(tmp, clean_addr, get_mem_index(s), mop);
516
+
517
+ op_addr_ldstpair_post(s, a, dirty_addr, offset);
518
+ return true;
519
}
520
521
/*
522
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_tag(DisasContext *s, uint32_t insn)
523
static void disas_ldst(DisasContext *s, uint32_t insn)
524
{
525
switch (extract32(insn, 24, 6)) {
526
- case 0x28: case 0x29:
527
- case 0x2c: case 0x2d: /* Load/store pair (all forms) */
528
- disas_ldst_pair(s, insn);
529
- break;
530
case 0x38: case 0x39:
531
case 0x3c: case 0x3d: /* Load/store register (all forms) */
532
disas_ldst_reg(s, insn);
209
--
533
--
210
2.16.2
534
2.34.1
211
212
diff view generated by jsdifflib
1
Instead of loading guest images to the system address space, use the
1
Convert the load and store instructions which use a 9-bit
2
CPU's address space. This is important if we're trying to load the
2
immediate offset to decodetree.
3
file to memory or via an alias memory region that is provided by an
4
SoC object and thus not mapped into the system address space.
5
3
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20180220180325.29818-4-peter.maydell@linaro.org
6
Message-id: 20230602155223.2040685-13-peter.maydell@linaro.org
10
---
7
---
11
hw/arm/armv7m.c | 17 ++++++++++++++---
8
target/arm/tcg/a64.decode | 69 +++++++++++
12
1 file changed, 14 insertions(+), 3 deletions(-)
9
target/arm/tcg/translate-a64.c | 206 ++++++++++++++-------------------
10
2 files changed, 153 insertions(+), 122 deletions(-)
13
11
14
diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
12
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
15
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/arm/armv7m.c
14
--- a/target/arm/tcg/a64.decode
17
+++ b/hw/arm/armv7m.c
15
+++ b/target/arm/tcg/a64.decode
18
@@ -XXX,XX +XXX,XX @@ void armv7m_load_kernel(ARMCPU *cpu, const char *kernel_filename, int mem_size)
16
@@ -XXX,XX +XXX,XX @@ LDP_v 10 101 1 011 1 ....... ..... ..... ..... @ldstpair sz=4 sign=0 p
19
uint64_t entry;
17
STGP 01 101 0 001 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=1 w=1
20
uint64_t lowaddr;
18
STGP 01 101 0 010 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=0
21
int big_endian;
19
STGP 01 101 0 011 0 ....... ..... ..... ..... @ldstpair sz=3 sign=0 p=0 w=1
22
+ AddressSpace *as;
20
+
23
+ int asidx;
21
+# Load/store register (unscaled immediate)
24
+ CPUState *cs = CPU(cpu);
22
+&ldst_imm rt rn imm sz sign w p unpriv ext
25
23
+@ldst_imm .. ... . .. .. . imm:s9 .. rn:5 rt:5 &ldst_imm unpriv=0 p=0 w=0
26
#ifdef TARGET_WORDS_BIGENDIAN
24
+@ldst_imm_pre .. ... . .. .. . imm:s9 .. rn:5 rt:5 &ldst_imm unpriv=0 p=0 w=1
27
big_endian = 1;
25
+@ldst_imm_post .. ... . .. .. . imm:s9 .. rn:5 rt:5 &ldst_imm unpriv=0 p=1 w=1
28
@@ -XXX,XX +XXX,XX @@ void armv7m_load_kernel(ARMCPU *cpu, const char *kernel_filename, int mem_size)
26
+@ldst_imm_user .. ... . .. .. . imm:s9 .. rn:5 rt:5 &ldst_imm unpriv=1 p=0 w=0
29
exit(1);
27
+
28
+STR_i sz:2 111 0 00 00 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=0
29
+LDR_i 00 111 0 00 01 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=1 sz=0
30
+LDR_i 01 111 0 00 01 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=1 sz=1
31
+LDR_i 10 111 0 00 01 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=1 sz=2
32
+LDR_i 11 111 0 00 01 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=0 sz=3
33
+LDR_i 00 111 0 00 10 0 ......... 00 ..... ..... @ldst_imm sign=1 ext=0 sz=0
34
+LDR_i 01 111 0 00 10 0 ......... 00 ..... ..... @ldst_imm sign=1 ext=0 sz=1
35
+LDR_i 10 111 0 00 10 0 ......... 00 ..... ..... @ldst_imm sign=1 ext=0 sz=2
36
+LDR_i 00 111 0 00 11 0 ......... 00 ..... ..... @ldst_imm sign=1 ext=1 sz=0
37
+LDR_i 01 111 0 00 11 0 ......... 00 ..... ..... @ldst_imm sign=1 ext=1 sz=1
38
+
39
+STR_i sz:2 111 0 00 00 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=0
40
+LDR_i 00 111 0 00 01 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=1 sz=0
41
+LDR_i 01 111 0 00 01 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=1 sz=1
42
+LDR_i 10 111 0 00 01 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=1 sz=2
43
+LDR_i 11 111 0 00 01 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=0 sz=3
44
+LDR_i 00 111 0 00 10 0 ......... 01 ..... ..... @ldst_imm_post sign=1 ext=0 sz=0
45
+LDR_i 01 111 0 00 10 0 ......... 01 ..... ..... @ldst_imm_post sign=1 ext=0 sz=1
46
+LDR_i 10 111 0 00 10 0 ......... 01 ..... ..... @ldst_imm_post sign=1 ext=0 sz=2
47
+LDR_i 00 111 0 00 11 0 ......... 01 ..... ..... @ldst_imm_post sign=1 ext=1 sz=0
48
+LDR_i 01 111 0 00 11 0 ......... 01 ..... ..... @ldst_imm_post sign=1 ext=1 sz=1
49
+
50
+STR_i sz:2 111 0 00 00 0 ......... 10 ..... ..... @ldst_imm_user sign=0 ext=0
51
+LDR_i 00 111 0 00 01 0 ......... 10 ..... ..... @ldst_imm_user sign=0 ext=1 sz=0
52
+LDR_i 01 111 0 00 01 0 ......... 10 ..... ..... @ldst_imm_user sign=0 ext=1 sz=1
53
+LDR_i 10 111 0 00 01 0 ......... 10 ..... ..... @ldst_imm_user sign=0 ext=1 sz=2
54
+LDR_i 11 111 0 00 01 0 ......... 10 ..... ..... @ldst_imm_user sign=0 ext=0 sz=3
55
+LDR_i 00 111 0 00 10 0 ......... 10 ..... ..... @ldst_imm_user sign=1 ext=0 sz=0
56
+LDR_i 01 111 0 00 10 0 ......... 10 ..... ..... @ldst_imm_user sign=1 ext=0 sz=1
57
+LDR_i 10 111 0 00 10 0 ......... 10 ..... ..... @ldst_imm_user sign=1 ext=0 sz=2
58
+LDR_i 00 111 0 00 11 0 ......... 10 ..... ..... @ldst_imm_user sign=1 ext=1 sz=0
59
+LDR_i 01 111 0 00 11 0 ......... 10 ..... ..... @ldst_imm_user sign=1 ext=1 sz=1
60
+
61
+STR_i sz:2 111 0 00 00 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0
62
+LDR_i 00 111 0 00 01 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=1 sz=0
63
+LDR_i 01 111 0 00 01 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=1 sz=1
64
+LDR_i 10 111 0 00 01 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=1 sz=2
65
+LDR_i 11 111 0 00 01 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0 sz=3
66
+LDR_i 00 111 0 00 10 0 ......... 11 ..... ..... @ldst_imm_pre sign=1 ext=0 sz=0
67
+LDR_i 01 111 0 00 10 0 ......... 11 ..... ..... @ldst_imm_pre sign=1 ext=0 sz=1
68
+LDR_i 10 111 0 00 10 0 ......... 11 ..... ..... @ldst_imm_pre sign=1 ext=0 sz=2
69
+LDR_i 00 111 0 00 11 0 ......... 11 ..... ..... @ldst_imm_pre sign=1 ext=1 sz=0
70
+LDR_i 01 111 0 00 11 0 ......... 11 ..... ..... @ldst_imm_pre sign=1 ext=1 sz=1
71
+
72
+# PRFM : prefetch memory: a no-op for QEMU
73
+NOP 11 111 0 00 10 0 --------- 00 ----- -----
74
+
75
+STR_v_i sz:2 111 1 00 00 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=0
76
+STR_v_i 00 111 1 00 10 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=0 sz=4
77
+LDR_v_i sz:2 111 1 00 01 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=0
78
+LDR_v_i 00 111 1 00 11 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=0 sz=4
79
+
80
+STR_v_i sz:2 111 1 00 00 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=0
81
+STR_v_i 00 111 1 00 10 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=0 sz=4
82
+LDR_v_i sz:2 111 1 00 01 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=0
83
+LDR_v_i 00 111 1 00 11 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=0 sz=4
84
+
85
+STR_v_i sz:2 111 1 00 00 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0
86
+STR_v_i 00 111 1 00 10 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0 sz=4
87
+LDR_v_i sz:2 111 1 00 01 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0
88
+LDR_v_i 00 111 1 00 11 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0 sz=4
89
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
90
index XXXXXXX..XXXXXXX 100644
91
--- a/target/arm/tcg/translate-a64.c
92
+++ b/target/arm/tcg/translate-a64.c
93
@@ -XXX,XX +XXX,XX @@ static bool trans_STGP(DisasContext *s, arg_ldstpair *a)
94
return true;
95
}
96
97
-/*
98
- * Load/store (immediate post-indexed)
99
- * Load/store (immediate pre-indexed)
100
- * Load/store (unscaled immediate)
101
- *
102
- * 31 30 29 27 26 25 24 23 22 21 20 12 11 10 9 5 4 0
103
- * +----+-------+---+-----+-----+---+--------+-----+------+------+
104
- * |size| 1 1 1 | V | 0 0 | opc | 0 | imm9 | idx | Rn | Rt |
105
- * +----+-------+---+-----+-----+---+--------+-----+------+------+
106
- *
107
- * idx = 01 -> post-indexed, 11 pre-indexed, 00 unscaled imm. (no writeback)
108
- 10 -> unprivileged
109
- * V = 0 -> non-vector
110
- * size: 00 -> 8 bit, 01 -> 16 bit, 10 -> 32 bit, 11 -> 64bit
111
- * opc: 00 -> store, 01 -> loadu, 10 -> loads 64, 11 -> loads 32
112
- */
113
-static void disas_ldst_reg_imm9(DisasContext *s, uint32_t insn,
114
- int opc,
115
- int size,
116
- int rt,
117
- bool is_vector)
118
+static void op_addr_ldst_imm_pre(DisasContext *s, arg_ldst_imm *a,
119
+ TCGv_i64 *clean_addr, TCGv_i64 *dirty_addr,
120
+ uint64_t offset, bool is_store, MemOp mop)
121
{
122
- int rn = extract32(insn, 5, 5);
123
- int imm9 = sextract32(insn, 12, 9);
124
- int idx = extract32(insn, 10, 2);
125
- bool is_signed = false;
126
- bool is_store = false;
127
- bool is_extended = false;
128
- bool is_unpriv = (idx == 2);
129
- bool iss_valid;
130
- bool post_index;
131
- bool writeback;
132
int memidx;
133
- MemOp memop;
134
- TCGv_i64 clean_addr, dirty_addr;
135
136
- if (is_vector) {
137
- size |= (opc & 2) << 1;
138
- if (size > 4 || is_unpriv) {
139
- unallocated_encoding(s);
140
- return;
141
- }
142
- is_store = ((opc & 1) == 0);
143
- if (!fp_access_check(s)) {
144
- return;
145
- }
146
- memop = finalize_memop_asimd(s, size);
147
- } else {
148
- if (size == 3 && opc == 2) {
149
- /* PRFM - prefetch */
150
- if (idx != 0) {
151
- unallocated_encoding(s);
152
- return;
153
- }
154
- return;
155
- }
156
- if (opc == 3 && size > 1) {
157
- unallocated_encoding(s);
158
- return;
159
- }
160
- is_store = (opc == 0);
161
- is_signed = !is_store && extract32(opc, 1, 1);
162
- is_extended = (size < 3) && extract32(opc, 0, 1);
163
- memop = finalize_memop(s, size + is_signed * MO_SIGN);
164
- }
165
-
166
- switch (idx) {
167
- case 0:
168
- case 2:
169
- post_index = false;
170
- writeback = false;
171
- break;
172
- case 1:
173
- post_index = true;
174
- writeback = true;
175
- break;
176
- case 3:
177
- post_index = false;
178
- writeback = true;
179
- break;
180
- default:
181
- g_assert_not_reached();
182
- }
183
-
184
- iss_valid = !is_vector && !writeback;
185
-
186
- if (rn == 31) {
187
+ if (a->rn == 31) {
188
gen_check_sp_alignment(s);
30
}
189
}
31
190
32
+ if (arm_feature(&cpu->env, ARM_FEATURE_EL3)) {
191
- dirty_addr = read_cpu_reg_sp(s, rn, 1);
33
+ asidx = ARMASIdx_S;
192
- if (!post_index) {
34
+ } else {
193
- tcg_gen_addi_i64(dirty_addr, dirty_addr, imm9);
35
+ asidx = ARMASIdx_NS;
194
+ *dirty_addr = read_cpu_reg_sp(s, a->rn, 1);
195
+ if (!a->p) {
196
+ tcg_gen_addi_i64(*dirty_addr, *dirty_addr, offset);
197
}
198
+ memidx = a->unpriv ? get_a64_user_mem_index(s) : get_mem_index(s);
199
+ *clean_addr = gen_mte_check1_mmuidx(s, *dirty_addr, is_store,
200
+ a->w || a->rn != 31,
201
+ mop, a->unpriv, memidx);
202
+}
203
204
- memidx = is_unpriv ? get_a64_user_mem_index(s) : get_mem_index(s);
205
-
206
- clean_addr = gen_mte_check1_mmuidx(s, dirty_addr, is_store,
207
- writeback || rn != 31,
208
- memop, is_unpriv, memidx);
209
-
210
- if (is_vector) {
211
- if (is_store) {
212
- do_fp_st(s, rt, clean_addr, memop);
213
- } else {
214
- do_fp_ld(s, rt, clean_addr, memop);
215
- }
216
- } else {
217
- TCGv_i64 tcg_rt = cpu_reg(s, rt);
218
- bool iss_sf = disas_ldst_compute_iss_sf(size, is_signed, opc);
219
-
220
- if (is_store) {
221
- do_gpr_st_memidx(s, tcg_rt, clean_addr, memop, memidx,
222
- iss_valid, rt, iss_sf, false);
223
- } else {
224
- do_gpr_ld_memidx(s, tcg_rt, clean_addr, memop,
225
- is_extended, memidx,
226
- iss_valid, rt, iss_sf, false);
227
+static void op_addr_ldst_imm_post(DisasContext *s, arg_ldst_imm *a,
228
+ TCGv_i64 dirty_addr, uint64_t offset)
229
+{
230
+ if (a->w) {
231
+ if (a->p) {
232
+ tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
233
}
234
+ tcg_gen_mov_i64(cpu_reg_sp(s, a->rn), dirty_addr);
235
}
236
+}
237
238
- if (writeback) {
239
- TCGv_i64 tcg_rn = cpu_reg_sp(s, rn);
240
- if (post_index) {
241
- tcg_gen_addi_i64(dirty_addr, dirty_addr, imm9);
242
- }
243
- tcg_gen_mov_i64(tcg_rn, dirty_addr);
244
+static bool trans_STR_i(DisasContext *s, arg_ldst_imm *a)
245
+{
246
+ bool iss_sf, iss_valid = !a->w;
247
+ TCGv_i64 clean_addr, dirty_addr, tcg_rt;
248
+ int memidx = a->unpriv ? get_a64_user_mem_index(s) : get_mem_index(s);
249
+ MemOp mop = finalize_memop(s, a->sz + a->sign * MO_SIGN);
250
+
251
+ op_addr_ldst_imm_pre(s, a, &clean_addr, &dirty_addr, a->imm, true, mop);
252
+
253
+ tcg_rt = cpu_reg(s, a->rt);
254
+ iss_sf = ldst_iss_sf(a->sz, a->sign, a->ext);
255
+
256
+ do_gpr_st_memidx(s, tcg_rt, clean_addr, mop, memidx,
257
+ iss_valid, a->rt, iss_sf, false);
258
+ op_addr_ldst_imm_post(s, a, dirty_addr, a->imm);
259
+ return true;
260
+}
261
+
262
+static bool trans_LDR_i(DisasContext *s, arg_ldst_imm *a)
263
+{
264
+ bool iss_sf, iss_valid = !a->w;
265
+ TCGv_i64 clean_addr, dirty_addr, tcg_rt;
266
+ int memidx = a->unpriv ? get_a64_user_mem_index(s) : get_mem_index(s);
267
+ MemOp mop = finalize_memop(s, a->sz + a->sign * MO_SIGN);
268
+
269
+ op_addr_ldst_imm_pre(s, a, &clean_addr, &dirty_addr, a->imm, false, mop);
270
+
271
+ tcg_rt = cpu_reg(s, a->rt);
272
+ iss_sf = ldst_iss_sf(a->sz, a->sign, a->ext);
273
+
274
+ do_gpr_ld_memidx(s, tcg_rt, clean_addr, mop,
275
+ a->ext, memidx, iss_valid, a->rt, iss_sf, false);
276
+ op_addr_ldst_imm_post(s, a, dirty_addr, a->imm);
277
+ return true;
278
+}
279
+
280
+static bool trans_STR_v_i(DisasContext *s, arg_ldst_imm *a)
281
+{
282
+ TCGv_i64 clean_addr, dirty_addr;
283
+ MemOp mop;
284
+
285
+ if (!fp_access_check(s)) {
286
+ return true;
287
}
288
+ mop = finalize_memop_asimd(s, a->sz);
289
+ op_addr_ldst_imm_pre(s, a, &clean_addr, &dirty_addr, a->imm, true, mop);
290
+ do_fp_st(s, a->rt, clean_addr, mop);
291
+ op_addr_ldst_imm_post(s, a, dirty_addr, a->imm);
292
+ return true;
293
+}
294
+
295
+static bool trans_LDR_v_i(DisasContext *s, arg_ldst_imm *a)
296
+{
297
+ TCGv_i64 clean_addr, dirty_addr;
298
+ MemOp mop;
299
+
300
+ if (!fp_access_check(s)) {
301
+ return true;
36
+ }
302
+ }
37
+ as = cpu_get_address_space(cs, asidx);
303
+ mop = finalize_memop_asimd(s, a->sz);
38
+
304
+ op_addr_ldst_imm_pre(s, a, &clean_addr, &dirty_addr, a->imm, false, mop);
39
if (kernel_filename) {
305
+ do_fp_ld(s, a->rt, clean_addr, mop);
40
- image_size = load_elf(kernel_filename, NULL, NULL, &entry, &lowaddr,
306
+ op_addr_ldst_imm_post(s, a, dirty_addr, a->imm);
41
- NULL, big_endian, EM_ARM, 1, 0);
307
+ return true;
42
+ image_size = load_elf_as(kernel_filename, NULL, NULL, &entry, &lowaddr,
308
}
43
+ NULL, big_endian, EM_ARM, 1, 0, as);
309
44
if (image_size < 0) {
310
/*
45
- image_size = load_image_targphys(kernel_filename, 0, mem_size);
311
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg(DisasContext *s, uint32_t insn)
46
+ image_size = load_image_targphys_as(kernel_filename, 0,
312
switch (extract32(insn, 24, 2)) {
47
+ mem_size, as);
313
case 0:
48
lowaddr = 0;
314
if (extract32(insn, 21, 1) == 0) {
315
- /* Load/store register (unscaled immediate)
316
- * Load/store immediate pre/post-indexed
317
- * Load/store register unprivileged
318
- */
319
- disas_ldst_reg_imm9(s, insn, opc, size, rt, is_vector);
320
- return;
321
+ break;
49
}
322
}
50
if (image_size < 0) {
323
switch (extract32(insn, 10, 2)) {
324
case 0:
51
--
325
--
52
2.16.2
326
2.34.1
53
54
diff view generated by jsdifflib
1
The Arm IoT Kit includes a "security controller" which is largely a
1
Convert the LDR and STR instructions which use a 12-bit immediate
2
collection of registers for controlling the PPCs and other bits of
2
offset to decodetree. We can reuse the existing LDR and STR
3
glue in the system. This commit provides the initial skeleton of the
3
trans functions for these.
4
device, implementing just the ID registers, and a couple of read-only
5
read-as-zero registers.
6
4
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20180220180325.29818-16-peter.maydell@linaro.org
7
Message-id: 20230602155223.2040685-14-peter.maydell@linaro.org
10
---
8
---
11
hw/misc/Makefile.objs | 1 +
9
target/arm/tcg/a64.decode | 25 ++++++++
12
include/hw/misc/iotkit-secctl.h | 39 ++++
10
target/arm/tcg/translate-a64.c | 104 +++++----------------------------
13
hw/misc/iotkit-secctl.c | 448 ++++++++++++++++++++++++++++++++++++++++
11
2 files changed, 41 insertions(+), 88 deletions(-)
14
default-configs/arm-softmmu.mak | 1 +
15
hw/misc/trace-events | 7 +
16
5 files changed, 496 insertions(+)
17
create mode 100644 include/hw/misc/iotkit-secctl.h
18
create mode 100644 hw/misc/iotkit-secctl.c
19
12
20
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
13
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
21
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
22
--- a/hw/misc/Makefile.objs
15
--- a/target/arm/tcg/a64.decode
23
+++ b/hw/misc/Makefile.objs
16
+++ b/target/arm/tcg/a64.decode
24
@@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_MPS2_FPGAIO) += mps2-fpgaio.o
17
@@ -XXX,XX +XXX,XX @@ STR_v_i sz:2 111 1 00 00 0 ......... 11 ..... ..... @ldst_imm_pre sign=0
25
obj-$(CONFIG_MPS2_SCC) += mps2-scc.o
18
STR_v_i 00 111 1 00 10 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0 sz=4
26
19
LDR_v_i sz:2 111 1 00 01 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0
27
obj-$(CONFIG_TZ_PPC) += tz-ppc.o
20
LDR_v_i 00 111 1 00 11 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0 sz=4
28
+obj-$(CONFIG_IOTKIT_SECCTL) += iotkit-secctl.o
21
+
29
22
+# Load/store with an unsigned 12 bit immediate, which is scaled by the
30
obj-$(CONFIG_PVPANIC) += pvpanic.o
23
+# element size. The function gets the sz:imm and returns the scaled immediate.
31
obj-$(CONFIG_HYPERV_TESTDEV) += hyperv_testdev.o
24
+%uimm_scaled 10:12 sz:3 !function=uimm_scaled
32
diff --git a/include/hw/misc/iotkit-secctl.h b/include/hw/misc/iotkit-secctl.h
25
+
33
new file mode 100644
26
+@ldst_uimm .. ... . .. .. ............ rn:5 rt:5 &ldst_imm unpriv=0 p=0 w=0 imm=%uimm_scaled
34
index XXXXXXX..XXXXXXX
27
+
35
--- /dev/null
28
+STR_i sz:2 111 0 01 00 ............ ..... ..... @ldst_uimm sign=0 ext=0
36
+++ b/include/hw/misc/iotkit-secctl.h
29
+LDR_i 00 111 0 01 01 ............ ..... ..... @ldst_uimm sign=0 ext=1 sz=0
37
@@ -XXX,XX +XXX,XX @@
30
+LDR_i 01 111 0 01 01 ............ ..... ..... @ldst_uimm sign=0 ext=1 sz=1
31
+LDR_i 10 111 0 01 01 ............ ..... ..... @ldst_uimm sign=0 ext=1 sz=2
32
+LDR_i 11 111 0 01 01 ............ ..... ..... @ldst_uimm sign=0 ext=0 sz=3
33
+LDR_i 00 111 0 01 10 ............ ..... ..... @ldst_uimm sign=1 ext=0 sz=0
34
+LDR_i 01 111 0 01 10 ............ ..... ..... @ldst_uimm sign=1 ext=0 sz=1
35
+LDR_i 10 111 0 01 10 ............ ..... ..... @ldst_uimm sign=1 ext=0 sz=2
36
+LDR_i 00 111 0 01 11 ............ ..... ..... @ldst_uimm sign=1 ext=1 sz=0
37
+LDR_i 01 111 0 01 11 ............ ..... ..... @ldst_uimm sign=1 ext=1 sz=1
38
+
39
+# PRFM
40
+NOP 11 111 0 01 10 ------------ ----- -----
41
+
42
+STR_v_i sz:2 111 1 01 00 ............ ..... ..... @ldst_uimm sign=0 ext=0
43
+STR_v_i 00 111 1 01 10 ............ ..... ..... @ldst_uimm sign=0 ext=0 sz=4
44
+LDR_v_i sz:2 111 1 01 01 ............ ..... ..... @ldst_uimm sign=0 ext=0
45
+LDR_v_i 00 111 1 01 11 ............ ..... ..... @ldst_uimm sign=0 ext=0 sz=4
46
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
47
index XXXXXXX..XXXXXXX 100644
48
--- a/target/arm/tcg/translate-a64.c
49
+++ b/target/arm/tcg/translate-a64.c
50
@@ -XXX,XX +XXX,XX @@ enum a64_shift_type {
51
A64_SHIFT_TYPE_ROR = 3
52
};
53
38
+/*
54
+/*
39
+ * ARM IoT Kit security controller
55
+ * Helpers for extracting complex instruction fields
40
+ *
41
+ * Copyright (c) 2018 Linaro Limited
42
+ * Written by Peter Maydell
43
+ *
44
+ * This program is free software; you can redistribute it and/or modify
45
+ * it under the terms of the GNU General Public License version 2 or
46
+ * (at your option) any later version.
47
+ */
56
+ */
48
+
57
+
49
+/* This is a model of the security controller which is part of the
58
+/*
50
+ * Arm IoT Kit and documented in
59
+ * For load/store with an unsigned 12 bit immediate scaled by the element
51
+ * http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ecm0601256/index.html
60
+ * size. The input has the immediate field in bits [14:3] and the element
52
+ *
61
+ * size in [2:0].
53
+ * QEMU interface:
54
+ * + sysbus MMIO region 0 is the "secure privilege control block" registers
55
+ * + sysbus MMIO region 1 is the "non-secure privilege control block" registers
56
+ */
62
+ */
57
+
63
+static int uimm_scaled(DisasContext *s, int x)
58
+#ifndef IOTKIT_SECCTL_H
59
+#define IOTKIT_SECCTL_H
60
+
61
+#include "hw/sysbus.h"
62
+
63
+#define TYPE_IOTKIT_SECCTL "iotkit-secctl"
64
+#define IOTKIT_SECCTL(obj) OBJECT_CHECK(IoTKitSecCtl, (obj), TYPE_IOTKIT_SECCTL)
65
+
66
+typedef struct IoTKitSecCtl {
67
+ /*< private >*/
68
+ SysBusDevice parent_obj;
69
+
70
+ /*< public >*/
71
+
72
+ MemoryRegion s_regs;
73
+ MemoryRegion ns_regs;
74
+} IoTKitSecCtl;
75
+
76
+#endif
77
diff --git a/hw/misc/iotkit-secctl.c b/hw/misc/iotkit-secctl.c
78
new file mode 100644
79
index XXXXXXX..XXXXXXX
80
--- /dev/null
81
+++ b/hw/misc/iotkit-secctl.c
82
@@ -XXX,XX +XXX,XX @@
83
+/*
84
+ * Arm IoT Kit security controller
85
+ *
86
+ * Copyright (c) 2018 Linaro Limited
87
+ * Written by Peter Maydell
88
+ *
89
+ * This program is free software; you can redistribute it and/or modify
90
+ * it under the terms of the GNU General Public License version 2 or
91
+ * (at your option) any later version.
92
+ */
93
+
94
+#include "qemu/osdep.h"
95
+#include "qemu/log.h"
96
+#include "qapi/error.h"
97
+#include "trace.h"
98
+#include "hw/sysbus.h"
99
+#include "hw/registerfields.h"
100
+#include "hw/misc/iotkit-secctl.h"
101
+
102
+/* Registers in the secure privilege control block */
103
+REG32(SECRESPCFG, 0x10)
104
+REG32(NSCCFG, 0x14)
105
+REG32(SECMPCINTSTATUS, 0x1c)
106
+REG32(SECPPCINTSTAT, 0x20)
107
+REG32(SECPPCINTCLR, 0x24)
108
+REG32(SECPPCINTEN, 0x28)
109
+REG32(SECMSCINTSTAT, 0x30)
110
+REG32(SECMSCINTCLR, 0x34)
111
+REG32(SECMSCINTEN, 0x38)
112
+REG32(BRGINTSTAT, 0x40)
113
+REG32(BRGINTCLR, 0x44)
114
+REG32(BRGINTEN, 0x48)
115
+REG32(AHBNSPPC0, 0x50)
116
+REG32(AHBNSPPCEXP0, 0x60)
117
+REG32(AHBNSPPCEXP1, 0x64)
118
+REG32(AHBNSPPCEXP2, 0x68)
119
+REG32(AHBNSPPCEXP3, 0x6c)
120
+REG32(APBNSPPC0, 0x70)
121
+REG32(APBNSPPC1, 0x74)
122
+REG32(APBNSPPCEXP0, 0x80)
123
+REG32(APBNSPPCEXP1, 0x84)
124
+REG32(APBNSPPCEXP2, 0x88)
125
+REG32(APBNSPPCEXP3, 0x8c)
126
+REG32(AHBSPPPC0, 0x90)
127
+REG32(AHBSPPPCEXP0, 0xa0)
128
+REG32(AHBSPPPCEXP1, 0xa4)
129
+REG32(AHBSPPPCEXP2, 0xa8)
130
+REG32(AHBSPPPCEXP3, 0xac)
131
+REG32(APBSPPPC0, 0xb0)
132
+REG32(APBSPPPC1, 0xb4)
133
+REG32(APBSPPPCEXP0, 0xc0)
134
+REG32(APBSPPPCEXP1, 0xc4)
135
+REG32(APBSPPPCEXP2, 0xc8)
136
+REG32(APBSPPPCEXP3, 0xcc)
137
+REG32(NSMSCEXP, 0xd0)
138
+REG32(PID4, 0xfd0)
139
+REG32(PID5, 0xfd4)
140
+REG32(PID6, 0xfd8)
141
+REG32(PID7, 0xfdc)
142
+REG32(PID0, 0xfe0)
143
+REG32(PID1, 0xfe4)
144
+REG32(PID2, 0xfe8)
145
+REG32(PID3, 0xfec)
146
+REG32(CID0, 0xff0)
147
+REG32(CID1, 0xff4)
148
+REG32(CID2, 0xff8)
149
+REG32(CID3, 0xffc)
150
+
151
+/* Registers in the non-secure privilege control block */
152
+REG32(AHBNSPPPC0, 0x90)
153
+REG32(AHBNSPPPCEXP0, 0xa0)
154
+REG32(AHBNSPPPCEXP1, 0xa4)
155
+REG32(AHBNSPPPCEXP2, 0xa8)
156
+REG32(AHBNSPPPCEXP3, 0xac)
157
+REG32(APBNSPPPC0, 0xb0)
158
+REG32(APBNSPPPC1, 0xb4)
159
+REG32(APBNSPPPCEXP0, 0xc0)
160
+REG32(APBNSPPPCEXP1, 0xc4)
161
+REG32(APBNSPPPCEXP2, 0xc8)
162
+REG32(APBNSPPPCEXP3, 0xcc)
163
+/* PID and CID registers are also present in the NS block */
164
+
165
+static const uint8_t iotkit_secctl_s_idregs[] = {
166
+ 0x04, 0x00, 0x00, 0x00,
167
+ 0x52, 0xb8, 0x0b, 0x00,
168
+ 0x0d, 0xf0, 0x05, 0xb1,
169
+};
170
+
171
+static const uint8_t iotkit_secctl_ns_idregs[] = {
172
+ 0x04, 0x00, 0x00, 0x00,
173
+ 0x53, 0xb8, 0x0b, 0x00,
174
+ 0x0d, 0xf0, 0x05, 0xb1,
175
+};
176
+
177
+static MemTxResult iotkit_secctl_s_read(void *opaque, hwaddr addr,
178
+ uint64_t *pdata,
179
+ unsigned size, MemTxAttrs attrs)
180
+{
64
+{
181
+ uint64_t r;
65
+ unsigned imm = x >> 3;
182
+ uint32_t offset = addr & ~0x3;
66
+ unsigned scale = extract32(x, 0, 3);
183
+
67
+ return imm << scale;
184
+ switch (offset) {
185
+ case A_AHBNSPPC0:
186
+ case A_AHBSPPPC0:
187
+ r = 0;
188
+ break;
189
+ case A_SECRESPCFG:
190
+ case A_NSCCFG:
191
+ case A_SECMPCINTSTATUS:
192
+ case A_SECPPCINTSTAT:
193
+ case A_SECPPCINTEN:
194
+ case A_SECMSCINTSTAT:
195
+ case A_SECMSCINTEN:
196
+ case A_BRGINTSTAT:
197
+ case A_BRGINTEN:
198
+ case A_AHBNSPPCEXP0:
199
+ case A_AHBNSPPCEXP1:
200
+ case A_AHBNSPPCEXP2:
201
+ case A_AHBNSPPCEXP3:
202
+ case A_APBNSPPC0:
203
+ case A_APBNSPPC1:
204
+ case A_APBNSPPCEXP0:
205
+ case A_APBNSPPCEXP1:
206
+ case A_APBNSPPCEXP2:
207
+ case A_APBNSPPCEXP3:
208
+ case A_AHBSPPPCEXP0:
209
+ case A_AHBSPPPCEXP1:
210
+ case A_AHBSPPPCEXP2:
211
+ case A_AHBSPPPCEXP3:
212
+ case A_APBSPPPC0:
213
+ case A_APBSPPPC1:
214
+ case A_APBSPPPCEXP0:
215
+ case A_APBSPPPCEXP1:
216
+ case A_APBSPPPCEXP2:
217
+ case A_APBSPPPCEXP3:
218
+ case A_NSMSCEXP:
219
+ qemu_log_mask(LOG_UNIMP,
220
+ "IoTKit SecCtl S block read: "
221
+ "unimplemented offset 0x%x\n", offset);
222
+ r = 0;
223
+ break;
224
+ case A_PID4:
225
+ case A_PID5:
226
+ case A_PID6:
227
+ case A_PID7:
228
+ case A_PID0:
229
+ case A_PID1:
230
+ case A_PID2:
231
+ case A_PID3:
232
+ case A_CID0:
233
+ case A_CID1:
234
+ case A_CID2:
235
+ case A_CID3:
236
+ r = iotkit_secctl_s_idregs[(offset - A_PID4) / 4];
237
+ break;
238
+ case A_SECPPCINTCLR:
239
+ case A_SECMSCINTCLR:
240
+ case A_BRGINTCLR:
241
+ qemu_log_mask(LOG_GUEST_ERROR,
242
+ "IotKit SecCtl S block read: write-only offset 0x%x\n",
243
+ offset);
244
+ r = 0;
245
+ break;
246
+ default:
247
+ qemu_log_mask(LOG_GUEST_ERROR,
248
+ "IotKit SecCtl S block read: bad offset 0x%x\n", offset);
249
+ r = 0;
250
+ break;
251
+ }
252
+
253
+ if (size != 4) {
254
+ /* None of our registers are access-sensitive, so just pull the right
255
+ * byte out of the word read result.
256
+ */
257
+ r = extract32(r, (addr & 3) * 8, size * 8);
258
+ }
259
+
260
+ trace_iotkit_secctl_s_read(offset, r, size);
261
+ *pdata = r;
262
+ return MEMTX_OK;
263
+}
68
+}
264
+
69
+
265
+static MemTxResult iotkit_secctl_s_write(void *opaque, hwaddr addr,
70
/*
266
+ uint64_t value,
71
* Include the generated decoders.
267
+ unsigned size, MemTxAttrs attrs)
72
*/
268
+{
73
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_roffset(DisasContext *s, uint32_t insn,
269
+ uint32_t offset = addr;
74
}
270
+
75
}
271
+ trace_iotkit_secctl_s_write(offset, value, size);
76
272
+
77
-/*
273
+ if (size != 4) {
78
- * Load/store (unsigned immediate)
274
+ /* Byte and halfword writes are ignored */
79
- *
275
+ qemu_log_mask(LOG_GUEST_ERROR,
80
- * 31 30 29 27 26 25 24 23 22 21 10 9 5
276
+ "IotKit SecCtl S block write: bad size, ignored\n");
81
- * +----+-------+---+-----+-----+------------+-------+------+
277
+ return MEMTX_OK;
82
- * |size| 1 1 1 | V | 0 1 | opc | imm12 | Rn | Rt |
278
+ }
83
- * +----+-------+---+-----+-----+------------+-------+------+
279
+
84
- *
280
+ switch (offset) {
85
- * For non-vector:
281
+ case A_SECRESPCFG:
86
- * size: 00-> byte, 01 -> 16 bit, 10 -> 32bit, 11 -> 64bit
282
+ case A_NSCCFG:
87
- * opc: 00 -> store, 01 -> loadu, 10 -> loads 64, 11 -> loads 32
283
+ case A_SECPPCINTCLR:
88
- * For vector:
284
+ case A_SECPPCINTEN:
89
- * size is opc<1>:size<1:0> so 100 -> 128 bit; 110 and 111 unallocated
285
+ case A_SECMSCINTCLR:
90
- * opc<0>: 0 -> store, 1 -> load
286
+ case A_SECMSCINTEN:
91
- * Rn: base address register (inc SP)
287
+ case A_BRGINTCLR:
92
- * Rt: target register
288
+ case A_BRGINTEN:
93
- */
289
+ case A_AHBNSPPCEXP0:
94
-static void disas_ldst_reg_unsigned_imm(DisasContext *s, uint32_t insn,
290
+ case A_AHBNSPPCEXP1:
95
- int opc,
291
+ case A_AHBNSPPCEXP2:
96
- int size,
292
+ case A_AHBNSPPCEXP3:
97
- int rt,
293
+ case A_APBNSPPC0:
98
- bool is_vector)
294
+ case A_APBNSPPC1:
99
-{
295
+ case A_APBNSPPCEXP0:
100
- int rn = extract32(insn, 5, 5);
296
+ case A_APBNSPPCEXP1:
101
- unsigned int imm12 = extract32(insn, 10, 12);
297
+ case A_APBNSPPCEXP2:
102
- unsigned int offset;
298
+ case A_APBNSPPCEXP3:
103
- TCGv_i64 clean_addr, dirty_addr;
299
+ case A_AHBSPPPCEXP0:
104
- bool is_store;
300
+ case A_AHBSPPPCEXP1:
105
- bool is_signed = false;
301
+ case A_AHBSPPPCEXP2:
106
- bool is_extended = false;
302
+ case A_AHBSPPPCEXP3:
107
- MemOp memop;
303
+ case A_APBSPPPC0:
108
-
304
+ case A_APBSPPPC1:
109
- if (is_vector) {
305
+ case A_APBSPPPCEXP0:
110
- size |= (opc & 2) << 1;
306
+ case A_APBSPPPCEXP1:
111
- if (size > 4) {
307
+ case A_APBSPPPCEXP2:
112
- unallocated_encoding(s);
308
+ case A_APBSPPPCEXP3:
113
- return;
309
+ qemu_log_mask(LOG_UNIMP,
114
- }
310
+ "IoTKit SecCtl S block write: "
115
- is_store = !extract32(opc, 0, 1);
311
+ "unimplemented offset 0x%x\n", offset);
116
- if (!fp_access_check(s)) {
312
+ break;
117
- return;
313
+ case A_SECMPCINTSTATUS:
118
- }
314
+ case A_SECPPCINTSTAT:
119
- memop = finalize_memop_asimd(s, size);
315
+ case A_SECMSCINTSTAT:
120
- } else {
316
+ case A_BRGINTSTAT:
121
- if (size == 3 && opc == 2) {
317
+ case A_AHBNSPPC0:
122
- /* PRFM - prefetch */
318
+ case A_AHBSPPPC0:
123
- return;
319
+ case A_NSMSCEXP:
124
- }
320
+ case A_PID4:
125
- if (opc == 3 && size > 1) {
321
+ case A_PID5:
126
- unallocated_encoding(s);
322
+ case A_PID6:
127
- return;
323
+ case A_PID7:
128
- }
324
+ case A_PID0:
129
- is_store = (opc == 0);
325
+ case A_PID1:
130
- is_signed = !is_store && extract32(opc, 1, 1);
326
+ case A_PID2:
131
- is_extended = (size < 3) && extract32(opc, 0, 1);
327
+ case A_PID3:
132
- memop = finalize_memop(s, size + is_signed * MO_SIGN);
328
+ case A_CID0:
133
- }
329
+ case A_CID1:
134
-
330
+ case A_CID2:
135
- if (rn == 31) {
331
+ case A_CID3:
136
- gen_check_sp_alignment(s);
332
+ qemu_log_mask(LOG_GUEST_ERROR,
137
- }
333
+ "IoTKit SecCtl S block write: "
138
- dirty_addr = read_cpu_reg_sp(s, rn, 1);
334
+ "read-only offset 0x%x\n", offset);
139
- offset = imm12 << size;
335
+ break;
140
- tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
336
+ default:
141
-
337
+ qemu_log_mask(LOG_GUEST_ERROR,
142
- clean_addr = gen_mte_check1(s, dirty_addr, is_store, rn != 31, memop);
338
+ "IotKit SecCtl S block write: bad offset 0x%x\n",
143
-
339
+ offset);
144
- if (is_vector) {
340
+ break;
145
- if (is_store) {
341
+ }
146
- do_fp_st(s, rt, clean_addr, memop);
342
+
147
- } else {
343
+ return MEMTX_OK;
148
- do_fp_ld(s, rt, clean_addr, memop);
344
+}
149
- }
345
+
150
- } else {
346
+static MemTxResult iotkit_secctl_ns_read(void *opaque, hwaddr addr,
151
- TCGv_i64 tcg_rt = cpu_reg(s, rt);
347
+ uint64_t *pdata,
152
- bool iss_sf = disas_ldst_compute_iss_sf(size, is_signed, opc);
348
+ unsigned size, MemTxAttrs attrs)
153
- if (is_store) {
349
+{
154
- do_gpr_st(s, tcg_rt, clean_addr, memop, true, rt, iss_sf, false);
350
+ uint64_t r;
155
- } else {
351
+ uint32_t offset = addr & ~0x3;
156
- do_gpr_ld(s, tcg_rt, clean_addr, memop,
352
+
157
- is_extended, true, rt, iss_sf, false);
353
+ switch (offset) {
158
- }
354
+ case A_AHBNSPPPC0:
159
- }
355
+ r = 0;
160
-}
356
+ break;
161
-
357
+ case A_AHBNSPPPCEXP0:
162
/* Atomic memory operations
358
+ case A_AHBNSPPPCEXP1:
163
*
359
+ case A_AHBNSPPPCEXP2:
164
* 31 30 27 26 24 22 21 16 15 12 10 5 0
360
+ case A_AHBNSPPPCEXP3:
165
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg(DisasContext *s, uint32_t insn)
361
+ case A_APBNSPPPC0:
166
return;
362
+ case A_APBNSPPPC1:
167
}
363
+ case A_APBNSPPPCEXP0:
168
break;
364
+ case A_APBNSPPPCEXP1:
169
- case 1:
365
+ case A_APBNSPPPCEXP2:
170
- disas_ldst_reg_unsigned_imm(s, insn, opc, size, rt, is_vector);
366
+ case A_APBNSPPPCEXP3:
171
- return;
367
+ qemu_log_mask(LOG_UNIMP,
172
}
368
+ "IoTKit SecCtl NS block read: "
173
unallocated_encoding(s);
369
+ "unimplemented offset 0x%x\n", offset);
174
}
370
+ break;
371
+ case A_PID4:
372
+ case A_PID5:
373
+ case A_PID6:
374
+ case A_PID7:
375
+ case A_PID0:
376
+ case A_PID1:
377
+ case A_PID2:
378
+ case A_PID3:
379
+ case A_CID0:
380
+ case A_CID1:
381
+ case A_CID2:
382
+ case A_CID3:
383
+ r = iotkit_secctl_ns_idregs[(offset - A_PID4) / 4];
384
+ break;
385
+ default:
386
+ qemu_log_mask(LOG_GUEST_ERROR,
387
+ "IotKit SecCtl NS block write: bad offset 0x%x\n",
388
+ offset);
389
+ r = 0;
390
+ break;
391
+ }
392
+
393
+ if (size != 4) {
394
+ /* None of our registers are access-sensitive, so just pull the right
395
+ * byte out of the word read result.
396
+ */
397
+ r = extract32(r, (addr & 3) * 8, size * 8);
398
+ }
399
+
400
+ trace_iotkit_secctl_ns_read(offset, r, size);
401
+ *pdata = r;
402
+ return MEMTX_OK;
403
+}
404
+
405
+static MemTxResult iotkit_secctl_ns_write(void *opaque, hwaddr addr,
406
+ uint64_t value,
407
+ unsigned size, MemTxAttrs attrs)
408
+{
409
+ uint32_t offset = addr;
410
+
411
+ trace_iotkit_secctl_ns_write(offset, value, size);
412
+
413
+ if (size != 4) {
414
+ /* Byte and halfword writes are ignored */
415
+ qemu_log_mask(LOG_GUEST_ERROR,
416
+ "IotKit SecCtl NS block write: bad size, ignored\n");
417
+ return MEMTX_OK;
418
+ }
419
+
420
+ switch (offset) {
421
+ case A_AHBNSPPPCEXP0:
422
+ case A_AHBNSPPPCEXP1:
423
+ case A_AHBNSPPPCEXP2:
424
+ case A_AHBNSPPPCEXP3:
425
+ case A_APBNSPPPC0:
426
+ case A_APBNSPPPC1:
427
+ case A_APBNSPPPCEXP0:
428
+ case A_APBNSPPPCEXP1:
429
+ case A_APBNSPPPCEXP2:
430
+ case A_APBNSPPPCEXP3:
431
+ qemu_log_mask(LOG_UNIMP,
432
+ "IoTKit SecCtl NS block write: "
433
+ "unimplemented offset 0x%x\n", offset);
434
+ break;
435
+ case A_AHBNSPPPC0:
436
+ case A_PID4:
437
+ case A_PID5:
438
+ case A_PID6:
439
+ case A_PID7:
440
+ case A_PID0:
441
+ case A_PID1:
442
+ case A_PID2:
443
+ case A_PID3:
444
+ case A_CID0:
445
+ case A_CID1:
446
+ case A_CID2:
447
+ case A_CID3:
448
+ qemu_log_mask(LOG_GUEST_ERROR,
449
+ "IoTKit SecCtl NS block write: "
450
+ "read-only offset 0x%x\n", offset);
451
+ break;
452
+ default:
453
+ qemu_log_mask(LOG_GUEST_ERROR,
454
+ "IotKit SecCtl NS block write: bad offset 0x%x\n",
455
+ offset);
456
+ break;
457
+ }
458
+
459
+ return MEMTX_OK;
460
+}
461
+
462
+static const MemoryRegionOps iotkit_secctl_s_ops = {
463
+ .read_with_attrs = iotkit_secctl_s_read,
464
+ .write_with_attrs = iotkit_secctl_s_write,
465
+ .endianness = DEVICE_LITTLE_ENDIAN,
466
+ .valid.min_access_size = 1,
467
+ .valid.max_access_size = 4,
468
+ .impl.min_access_size = 1,
469
+ .impl.max_access_size = 4,
470
+};
471
+
472
+static const MemoryRegionOps iotkit_secctl_ns_ops = {
473
+ .read_with_attrs = iotkit_secctl_ns_read,
474
+ .write_with_attrs = iotkit_secctl_ns_write,
475
+ .endianness = DEVICE_LITTLE_ENDIAN,
476
+ .valid.min_access_size = 1,
477
+ .valid.max_access_size = 4,
478
+ .impl.min_access_size = 1,
479
+ .impl.max_access_size = 4,
480
+};
481
+
482
+static void iotkit_secctl_reset(DeviceState *dev)
483
+{
484
+
485
+}
486
+
487
+static void iotkit_secctl_init(Object *obj)
488
+{
489
+ IoTKitSecCtl *s = IOTKIT_SECCTL(obj);
490
+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
491
+
492
+ memory_region_init_io(&s->s_regs, obj, &iotkit_secctl_s_ops,
493
+ s, "iotkit-secctl-s-regs", 0x1000);
494
+ memory_region_init_io(&s->ns_regs, obj, &iotkit_secctl_ns_ops,
495
+ s, "iotkit-secctl-ns-regs", 0x1000);
496
+ sysbus_init_mmio(sbd, &s->s_regs);
497
+ sysbus_init_mmio(sbd, &s->ns_regs);
498
+}
499
+
500
+static const VMStateDescription iotkit_secctl_vmstate = {
501
+ .name = "iotkit-secctl",
502
+ .version_id = 1,
503
+ .minimum_version_id = 1,
504
+ .fields = (VMStateField[]) {
505
+ VMSTATE_END_OF_LIST()
506
+ }
507
+};
508
+
509
+static void iotkit_secctl_class_init(ObjectClass *klass, void *data)
510
+{
511
+ DeviceClass *dc = DEVICE_CLASS(klass);
512
+
513
+ dc->vmsd = &iotkit_secctl_vmstate;
514
+ dc->reset = iotkit_secctl_reset;
515
+}
516
+
517
+static const TypeInfo iotkit_secctl_info = {
518
+ .name = TYPE_IOTKIT_SECCTL,
519
+ .parent = TYPE_SYS_BUS_DEVICE,
520
+ .instance_size = sizeof(IoTKitSecCtl),
521
+ .instance_init = iotkit_secctl_init,
522
+ .class_init = iotkit_secctl_class_init,
523
+};
524
+
525
+static void iotkit_secctl_register_types(void)
526
+{
527
+ type_register_static(&iotkit_secctl_info);
528
+}
529
+
530
+type_init(iotkit_secctl_register_types);
531
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
532
index XXXXXXX..XXXXXXX 100644
533
--- a/default-configs/arm-softmmu.mak
534
+++ b/default-configs/arm-softmmu.mak
535
@@ -XXX,XX +XXX,XX @@ CONFIG_MPS2_FPGAIO=y
536
CONFIG_MPS2_SCC=y
537
538
CONFIG_TZ_PPC=y
539
+CONFIG_IOTKIT_SECCTL=y
540
541
CONFIG_VERSATILE_PCI=y
542
CONFIG_VERSATILE_I2C=y
543
diff --git a/hw/misc/trace-events b/hw/misc/trace-events
544
index XXXXXXX..XXXXXXX 100644
545
--- a/hw/misc/trace-events
546
+++ b/hw/misc/trace-events
547
@@ -XXX,XX +XXX,XX @@ tz_ppc_irq_clear(int level) "TZ PPC: int_clear = %d"
548
tz_ppc_update_irq(int level) "TZ PPC: setting irq line to %d"
549
tz_ppc_read_blocked(int n, hwaddr offset, bool secure, bool user) "TZ PPC: port %d offset 0x%" HWADDR_PRIx " read (secure %d user %d) blocked"
550
tz_ppc_write_blocked(int n, hwaddr offset, bool secure, bool user) "TZ PPC: port %d offset 0x%" HWADDR_PRIx " write (secure %d user %d) blocked"
551
+
552
+# hw/misc/iotkit-secctl.c
553
+iotkit_secctl_s_read(uint32_t offset, uint64_t data, unsigned size) "IoTKit SecCtl S regs read: offset 0x%x data 0x%" PRIx64 " size %u"
554
+iotkit_secctl_s_write(uint32_t offset, uint64_t data, unsigned size) "IoTKit SecCtl S regs write: offset 0x%x data 0x%" PRIx64 " size %u"
555
+iotkit_secctl_ns_read(uint32_t offset, uint64_t data, unsigned size) "IoTKit SecCtl NS regs read: offset 0x%x data 0x%" PRIx64 " size %u"
556
+iotkit_secctl_ns_write(uint32_t offset, uint64_t data, unsigned size) "IoTKit SecCtl NS regs write: offset 0x%x data 0x%" PRIx64 " size %u"
557
+iotkit_secctl_reset(void) "IoTKit SecCtl: reset"
558
--
175
--
559
2.16.2
176
2.34.1
560
561
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
Convert the LDR and STR instructions which take a register
2
plus register offset to decodetree.
2
3
3
The integer size check was already outside of the opcode switch;
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
move the floating-point size check outside as well. Unify the
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
size vs index adjustment between fp and integer paths.
6
Message-id: 20230602155223.2040685-15-peter.maydell@linaro.org
7
---
8
target/arm/tcg/a64.decode | 22 +++++
9
target/arm/tcg/translate-a64.c | 173 +++++++++++++++------------------
10
2 files changed, 103 insertions(+), 92 deletions(-)
6
11
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
12
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Message-id: 20180228193125.20577-4-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
target/arm/translate-a64.c | 65 +++++++++++++++++++++++-----------------------
13
1 file changed, 32 insertions(+), 33 deletions(-)
14
15
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
16
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/translate-a64.c
14
--- a/target/arm/tcg/a64.decode
18
+++ b/target/arm/translate-a64.c
15
+++ b/target/arm/tcg/a64.decode
19
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
16
@@ -XXX,XX +XXX,XX @@ STR_v_i sz:2 111 1 01 00 ............ ..... ..... @ldst_uimm sign=0 ext=
20
case 0x05: /* FMLS */
17
STR_v_i 00 111 1 01 10 ............ ..... ..... @ldst_uimm sign=0 ext=0 sz=4
21
case 0x09: /* FMUL */
18
LDR_v_i sz:2 111 1 01 01 ............ ..... ..... @ldst_uimm sign=0 ext=0
22
case 0x19: /* FMULX */
19
LDR_v_i 00 111 1 01 11 ............ ..... ..... @ldst_uimm sign=0 ext=0 sz=4
23
- if (size == 1) {
20
+
21
+# Load/store with register offset
22
+&ldst rm rn rt sign ext sz opt s
23
+@ldst .. ... . .. .. . rm:5 opt:3 s:1 .. rn:5 rt:5 &ldst
24
+STR sz:2 111 0 00 00 1 ..... ... . 10 ..... ..... @ldst sign=0 ext=0
25
+LDR 00 111 0 00 01 1 ..... ... . 10 ..... ..... @ldst sign=0 ext=1 sz=0
26
+LDR 01 111 0 00 01 1 ..... ... . 10 ..... ..... @ldst sign=0 ext=1 sz=1
27
+LDR 10 111 0 00 01 1 ..... ... . 10 ..... ..... @ldst sign=0 ext=1 sz=2
28
+LDR 11 111 0 00 01 1 ..... ... . 10 ..... ..... @ldst sign=0 ext=0 sz=3
29
+LDR 00 111 0 00 10 1 ..... ... . 10 ..... ..... @ldst sign=1 ext=0 sz=0
30
+LDR 01 111 0 00 10 1 ..... ... . 10 ..... ..... @ldst sign=1 ext=0 sz=1
31
+LDR 10 111 0 00 10 1 ..... ... . 10 ..... ..... @ldst sign=1 ext=0 sz=2
32
+LDR 00 111 0 00 11 1 ..... ... . 10 ..... ..... @ldst sign=1 ext=1 sz=0
33
+LDR 01 111 0 00 11 1 ..... ... . 10 ..... ..... @ldst sign=1 ext=1 sz=1
34
+
35
+# PRFM
36
+NOP 11 111 0 00 10 1 ----- -1- - 10 ----- -----
37
+
38
+STR_v sz:2 111 1 00 00 1 ..... ... . 10 ..... ..... @ldst sign=0 ext=0
39
+STR_v 00 111 1 00 10 1 ..... ... . 10 ..... ..... @ldst sign=0 ext=0 sz=4
40
+LDR_v sz:2 111 1 00 01 1 ..... ... . 10 ..... ..... @ldst sign=0 ext=0
41
+LDR_v 00 111 1 00 11 1 ..... ... . 10 ..... ..... @ldst sign=0 ext=0 sz=4
42
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
43
index XXXXXXX..XXXXXXX 100644
44
--- a/target/arm/tcg/translate-a64.c
45
+++ b/target/arm/tcg/translate-a64.c
46
@@ -XXX,XX +XXX,XX @@ static bool trans_LDR_v_i(DisasContext *s, arg_ldst_imm *a)
47
return true;
48
}
49
50
-/*
51
- * Load/store (register offset)
52
- *
53
- * 31 30 29 27 26 25 24 23 22 21 20 16 15 13 12 11 10 9 5 4 0
54
- * +----+-------+---+-----+-----+---+------+-----+--+-----+----+----+
55
- * |size| 1 1 1 | V | 0 0 | opc | 1 | Rm | opt | S| 1 0 | Rn | Rt |
56
- * +----+-------+---+-----+-----+---+------+-----+--+-----+----+----+
57
- *
58
- * For non-vector:
59
- * size: 00-> byte, 01 -> 16 bit, 10 -> 32bit, 11 -> 64bit
60
- * opc: 00 -> store, 01 -> loadu, 10 -> loads 64, 11 -> loads 32
61
- * For vector:
62
- * size is opc<1>:size<1:0> so 100 -> 128 bit; 110 and 111 unallocated
63
- * opc<0>: 0 -> store, 1 -> load
64
- * V: 1 -> vector/simd
65
- * opt: extend encoding (see DecodeRegExtend)
66
- * S: if S=1 then scale (essentially index by sizeof(size))
67
- * Rt: register to transfer into/out of
68
- * Rn: address register or SP for base
69
- * Rm: offset register or ZR for offset
70
- */
71
-static void disas_ldst_reg_roffset(DisasContext *s, uint32_t insn,
72
- int opc,
73
- int size,
74
- int rt,
75
- bool is_vector)
76
+static void op_addr_ldst_pre(DisasContext *s, arg_ldst *a,
77
+ TCGv_i64 *clean_addr, TCGv_i64 *dirty_addr,
78
+ bool is_store, MemOp memop)
79
{
80
- int rn = extract32(insn, 5, 5);
81
- int shift = extract32(insn, 12, 1);
82
- int rm = extract32(insn, 16, 5);
83
- int opt = extract32(insn, 13, 3);
84
- bool is_signed = false;
85
- bool is_store = false;
86
- bool is_extended = false;
87
- TCGv_i64 tcg_rm, clean_addr, dirty_addr;
88
- MemOp memop;
89
+ TCGv_i64 tcg_rm;
90
91
- if (extract32(opt, 1, 1) == 0) {
92
- unallocated_encoding(s);
93
- return;
94
- }
95
-
96
- if (is_vector) {
97
- size |= (opc & 2) << 1;
98
- if (size > 4) {
24
- unallocated_encoding(s);
99
- unallocated_encoding(s);
25
- return;
100
- return;
26
- }
101
- }
27
is_fp = true;
102
- is_store = !extract32(opc, 0, 1);
28
break;
103
- if (!fp_access_check(s)) {
29
default:
104
- return;
30
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
105
- }
31
if (is_fp) {
106
- memop = finalize_memop_asimd(s, size);
32
/* convert insn encoded size to TCGMemOp size */
107
- } else {
33
switch (size) {
108
- if (size == 3 && opc == 2) {
34
- case 2: /* single precision */
109
- /* PRFM - prefetch */
35
- size = MO_32;
110
- return;
36
- index = h << 1 | l;
111
- }
37
- rm |= (m << 4);
112
- if (opc == 3 && size > 1) {
38
- break;
39
- case 3: /* double precision */
40
- size = MO_64;
41
- if (l || !is_q) {
42
+ case 0: /* half-precision */
43
+ if (!arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
44
unallocated_encoding(s);
45
return;
46
}
47
- index = h;
48
- rm |= (m << 4);
49
- break;
50
- case 0: /* half precision */
51
size = MO_16;
52
- index = h << 2 | l << 1 | m;
53
- is_fp16 = true;
54
- if (arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
55
- break;
56
- }
57
- /* fallthru */
58
- default: /* unallocated */
59
- unallocated_encoding(s);
113
- unallocated_encoding(s);
60
- return;
114
- return;
61
- }
115
- }
116
- is_store = (opc == 0);
117
- is_signed = !is_store && extract32(opc, 1, 1);
118
- is_extended = (size < 3) && extract32(opc, 0, 1);
119
- memop = finalize_memop(s, size + is_signed * MO_SIGN);
120
- }
121
-
122
- if (rn == 31) {
123
+ if (a->rn == 31) {
124
gen_check_sp_alignment(s);
125
}
126
- dirty_addr = read_cpu_reg_sp(s, rn, 1);
127
+ *dirty_addr = read_cpu_reg_sp(s, a->rn, 1);
128
129
- tcg_rm = read_cpu_reg(s, rm, 1);
130
- ext_and_shift_reg(tcg_rm, tcg_rm, opt, shift ? size : 0);
131
+ tcg_rm = read_cpu_reg(s, a->rm, 1);
132
+ ext_and_shift_reg(tcg_rm, tcg_rm, a->opt, a->s ? a->sz : 0);
133
134
- tcg_gen_add_i64(dirty_addr, dirty_addr, tcg_rm);
135
+ tcg_gen_add_i64(*dirty_addr, *dirty_addr, tcg_rm);
136
+ *clean_addr = gen_mte_check1(s, *dirty_addr, is_store, true, memop);
137
+}
138
139
- clean_addr = gen_mte_check1(s, dirty_addr, is_store, true, memop);
140
+static bool trans_LDR(DisasContext *s, arg_ldst *a)
141
+{
142
+ TCGv_i64 clean_addr, dirty_addr, tcg_rt;
143
+ bool iss_sf = ldst_iss_sf(a->sz, a->sign, a->ext);
144
+ MemOp memop;
145
146
- if (is_vector) {
147
- if (is_store) {
148
- do_fp_st(s, rt, clean_addr, memop);
149
- } else {
150
- do_fp_ld(s, rt, clean_addr, memop);
151
- }
62
- } else {
152
- } else {
63
- switch (size) {
153
- TCGv_i64 tcg_rt = cpu_reg(s, rt);
64
- case 1:
154
- bool iss_sf = disas_ldst_compute_iss_sf(size, is_signed, opc);
65
- index = h << 2 | l << 1 | m;
155
-
66
break;
156
- if (is_store) {
67
- case 2:
157
- do_gpr_st(s, tcg_rt, clean_addr, memop,
68
- index = h << 1 | l;
158
- true, rt, iss_sf, false);
69
- rm |= (m << 4);
159
- } else {
70
+ case MO_32: /* single precision */
160
- do_gpr_ld(s, tcg_rt, clean_addr, memop,
71
+ case MO_64: /* double precision */
161
- is_extended, true, rt, iss_sf, false);
72
break;
162
- }
163
+ if (extract32(a->opt, 1, 1) == 0) {
164
+ return false;
165
}
166
+
167
+ memop = finalize_memop(s, a->sz + a->sign * MO_SIGN);
168
+ op_addr_ldst_pre(s, a, &clean_addr, &dirty_addr, false, memop);
169
+ tcg_rt = cpu_reg(s, a->rt);
170
+ do_gpr_ld(s, tcg_rt, clean_addr, memop,
171
+ a->ext, true, a->rt, iss_sf, false);
172
+ return true;
173
+}
174
+
175
+static bool trans_STR(DisasContext *s, arg_ldst *a)
176
+{
177
+ TCGv_i64 clean_addr, dirty_addr, tcg_rt;
178
+ bool iss_sf = ldst_iss_sf(a->sz, a->sign, a->ext);
179
+ MemOp memop;
180
+
181
+ if (extract32(a->opt, 1, 1) == 0) {
182
+ return false;
183
+ }
184
+
185
+ memop = finalize_memop(s, a->sz);
186
+ op_addr_ldst_pre(s, a, &clean_addr, &dirty_addr, true, memop);
187
+ tcg_rt = cpu_reg(s, a->rt);
188
+ do_gpr_st(s, tcg_rt, clean_addr, memop, true, a->rt, iss_sf, false);
189
+ return true;
190
+}
191
+
192
+static bool trans_LDR_v(DisasContext *s, arg_ldst *a)
193
+{
194
+ TCGv_i64 clean_addr, dirty_addr;
195
+ MemOp memop;
196
+
197
+ if (extract32(a->opt, 1, 1) == 0) {
198
+ return false;
199
+ }
200
+
201
+ if (!fp_access_check(s)) {
202
+ return true;
203
+ }
204
+
205
+ memop = finalize_memop_asimd(s, a->sz);
206
+ op_addr_ldst_pre(s, a, &clean_addr, &dirty_addr, false, memop);
207
+ do_fp_ld(s, a->rt, clean_addr, memop);
208
+ return true;
209
+}
210
+
211
+static bool trans_STR_v(DisasContext *s, arg_ldst *a)
212
+{
213
+ TCGv_i64 clean_addr, dirty_addr;
214
+ MemOp memop;
215
+
216
+ if (extract32(a->opt, 1, 1) == 0) {
217
+ return false;
218
+ }
219
+
220
+ if (!fp_access_check(s)) {
221
+ return true;
222
+ }
223
+
224
+ memop = finalize_memop_asimd(s, a->sz);
225
+ op_addr_ldst_pre(s, a, &clean_addr, &dirty_addr, true, memop);
226
+ do_fp_st(s, a->rt, clean_addr, memop);
227
+ return true;
228
}
229
230
/* Atomic memory operations
231
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_ldapr_stlr(DisasContext *s, uint32_t insn)
232
static void disas_ldst_reg(DisasContext *s, uint32_t insn)
233
{
234
int rt = extract32(insn, 0, 5);
235
- int opc = extract32(insn, 22, 2);
236
bool is_vector = extract32(insn, 26, 1);
237
int size = extract32(insn, 30, 2);
238
239
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg(DisasContext *s, uint32_t insn)
240
disas_ldst_atomic(s, insn, size, rt, is_vector);
241
return;
242
case 2:
243
- disas_ldst_reg_roffset(s, insn, opc, size, rt, is_vector);
244
- return;
245
+ break;
73
default:
246
default:
74
unallocated_encoding(s);
247
disas_ldst_pac(s, insn, size, rt, is_vector);
75
return;
248
return;
76
}
77
+ } else {
78
+ switch (size) {
79
+ case MO_8:
80
+ case MO_64:
81
+ unallocated_encoding(s);
82
+ return;
83
+ }
84
+ }
85
+
86
+ /* Given TCGMemOp size, adjust register and indexing. */
87
+ switch (size) {
88
+ case MO_16:
89
+ index = h << 2 | l << 1 | m;
90
+ break;
91
+ case MO_32:
92
+ index = h << 1 | l;
93
+ rm |= m << 4;
94
+ break;
95
+ case MO_64:
96
+ if (l || !is_q) {
97
+ unallocated_encoding(s);
98
+ return;
99
+ }
100
+ index = h;
101
+ rm |= m << 4;
102
+ break;
103
+ default:
104
+ g_assert_not_reached();
105
}
106
107
if (!fp_access_check(s)) {
108
--
249
--
109
2.16.2
250
2.34.1
110
111
diff view generated by jsdifflib
1
From: Alistair Francis <alistair.francis@xilinx.com>
1
Convert the insns in the atomic memory operations group to
2
decodetree.
2
3
3
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
4
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Message-id: 20230602155223.2040685-16-peter.maydell@linaro.org
7
---
7
---
8
include/hw/arm/xlnx-zynqmp.h | 2 ++
8
target/arm/tcg/a64.decode | 15 ++++
9
hw/arm/xlnx-zynqmp.c | 14 ++++++++++++++
9
target/arm/tcg/translate-a64.c | 153 ++++++++++++---------------------
10
2 files changed, 16 insertions(+)
10
2 files changed, 70 insertions(+), 98 deletions(-)
11
11
12
diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
12
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
13
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
14
--- a/include/hw/arm/xlnx-zynqmp.h
14
--- a/target/arm/tcg/a64.decode
15
+++ b/include/hw/arm/xlnx-zynqmp.h
15
+++ b/target/arm/tcg/a64.decode
16
@@ -XXX,XX +XXX,XX @@
16
@@ -XXX,XX +XXX,XX @@ STR_v sz:2 111 1 00 00 1 ..... ... . 10 ..... ..... @ldst sign=0 ext=0
17
#include "hw/dma/xlnx_dpdma.h"
17
STR_v 00 111 1 00 10 1 ..... ... . 10 ..... ..... @ldst sign=0 ext=0 sz=4
18
#include "hw/display/xlnx_dp.h"
18
LDR_v sz:2 111 1 00 01 1 ..... ... . 10 ..... ..... @ldst sign=0 ext=0
19
#include "hw/intc/xlnx-zynqmp-ipi.h"
19
LDR_v 00 111 1 00 11 1 ..... ... . 10 ..... ..... @ldst sign=0 ext=0 sz=4
20
+#include "hw/timer/xlnx-zynqmp-rtc.h"
20
+
21
21
+# Atomic memory operations
22
#define TYPE_XLNX_ZYNQMP "xlnx,zynqmp"
22
+&atomic rs rn rt a r sz
23
#define XLNX_ZYNQMP(obj) OBJECT_CHECK(XlnxZynqMPState, (obj), \
23
+@atomic sz:2 ... . .. a:1 r:1 . rs:5 . ... .. rn:5 rt:5 &atomic
24
@@ -XXX,XX +XXX,XX @@ typedef struct XlnxZynqMPState {
24
+LDADD .. 111 0 00 . . 1 ..... 0000 00 ..... ..... @atomic
25
XlnxDPState dp;
25
+LDCLR .. 111 0 00 . . 1 ..... 0001 00 ..... ..... @atomic
26
XlnxDPDMAState dpdma;
26
+LDEOR .. 111 0 00 . . 1 ..... 0010 00 ..... ..... @atomic
27
XlnxZynqMPIPI ipi;
27
+LDSET .. 111 0 00 . . 1 ..... 0011 00 ..... ..... @atomic
28
+ XlnxZynqMPRTC rtc;
28
+LDSMAX .. 111 0 00 . . 1 ..... 0100 00 ..... ..... @atomic
29
29
+LDSMIN .. 111 0 00 . . 1 ..... 0101 00 ..... ..... @atomic
30
char *boot_cpu;
30
+LDUMAX .. 111 0 00 . . 1 ..... 0110 00 ..... ..... @atomic
31
ARMCPU *boot_cpu_ptr;
31
+LDUMIN .. 111 0 00 . . 1 ..... 0111 00 ..... ..... @atomic
32
diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
32
+SWP .. 111 0 00 . . 1 ..... 1000 00 ..... ..... @atomic
33
+
34
+LDAPR sz:2 111 0 00 1 0 1 11111 1100 00 rn:5 rt:5
35
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
33
index XXXXXXX..XXXXXXX 100644
36
index XXXXXXX..XXXXXXX 100644
34
--- a/hw/arm/xlnx-zynqmp.c
37
--- a/target/arm/tcg/translate-a64.c
35
+++ b/hw/arm/xlnx-zynqmp.c
38
+++ b/target/arm/tcg/translate-a64.c
36
@@ -XXX,XX +XXX,XX @@
39
@@ -XXX,XX +XXX,XX @@ static bool trans_STR_v(DisasContext *s, arg_ldst *a)
37
#define IPI_ADDR 0xFF300000
40
return true;
38
#define IPI_IRQ 64
39
40
+#define RTC_ADDR 0xffa60000
41
+#define RTC_IRQ 26
42
+
43
#define SDHCI_CAPABILITIES 0x280737ec6481 /* Datasheet: UG1085 (v1.7) */
44
45
static const uint64_t gem_addr[XLNX_ZYNQMP_NUM_GEMS] = {
46
@@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_init(Object *obj)
47
48
object_initialize(&s->ipi, sizeof(s->ipi), TYPE_XLNX_ZYNQMP_IPI);
49
qdev_set_parent_bus(DEVICE(&s->ipi), sysbus_get_default());
50
+
51
+ object_initialize(&s->rtc, sizeof(s->rtc), TYPE_XLNX_ZYNQMP_RTC);
52
+ qdev_set_parent_bus(DEVICE(&s->rtc), sysbus_get_default());
53
}
41
}
54
42
55
static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)
43
-/* Atomic memory operations
56
@@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)
44
- *
45
- * 31 30 27 26 24 22 21 16 15 12 10 5 0
46
- * +------+-------+---+-----+-----+---+----+----+-----+-----+----+-----+
47
- * | size | 1 1 1 | V | 0 0 | A R | 1 | Rs | o3 | opc | 0 0 | Rn | Rt |
48
- * +------+-------+---+-----+-----+--------+----+-----+-----+----+-----+
49
- *
50
- * Rt: the result register
51
- * Rn: base address or SP
52
- * Rs: the source register for the operation
53
- * V: vector flag (always 0 as of v8.3)
54
- * A: acquire flag
55
- * R: release flag
56
- */
57
-static void disas_ldst_atomic(DisasContext *s, uint32_t insn,
58
- int size, int rt, bool is_vector)
59
+
60
+static bool do_atomic_ld(DisasContext *s, arg_atomic *a, AtomicThreeOpFn *fn,
61
+ int sign, bool invert)
62
{
63
- int rs = extract32(insn, 16, 5);
64
- int rn = extract32(insn, 5, 5);
65
- int o3_opc = extract32(insn, 12, 4);
66
- bool r = extract32(insn, 22, 1);
67
- bool a = extract32(insn, 23, 1);
68
- TCGv_i64 tcg_rs, tcg_rt, clean_addr;
69
- AtomicThreeOpFn *fn = NULL;
70
- MemOp mop = size;
71
+ MemOp mop = a->sz | sign;
72
+ TCGv_i64 clean_addr, tcg_rs, tcg_rt;
73
74
- if (is_vector || !dc_isar_feature(aa64_atomics, s)) {
75
- unallocated_encoding(s);
76
- return;
77
- }
78
- switch (o3_opc) {
79
- case 000: /* LDADD */
80
- fn = tcg_gen_atomic_fetch_add_i64;
81
- break;
82
- case 001: /* LDCLR */
83
- fn = tcg_gen_atomic_fetch_and_i64;
84
- break;
85
- case 002: /* LDEOR */
86
- fn = tcg_gen_atomic_fetch_xor_i64;
87
- break;
88
- case 003: /* LDSET */
89
- fn = tcg_gen_atomic_fetch_or_i64;
90
- break;
91
- case 004: /* LDSMAX */
92
- fn = tcg_gen_atomic_fetch_smax_i64;
93
- mop |= MO_SIGN;
94
- break;
95
- case 005: /* LDSMIN */
96
- fn = tcg_gen_atomic_fetch_smin_i64;
97
- mop |= MO_SIGN;
98
- break;
99
- case 006: /* LDUMAX */
100
- fn = tcg_gen_atomic_fetch_umax_i64;
101
- break;
102
- case 007: /* LDUMIN */
103
- fn = tcg_gen_atomic_fetch_umin_i64;
104
- break;
105
- case 010: /* SWP */
106
- fn = tcg_gen_atomic_xchg_i64;
107
- break;
108
- case 014: /* LDAPR, LDAPRH, LDAPRB */
109
- if (!dc_isar_feature(aa64_rcpc_8_3, s) ||
110
- rs != 31 || a != 1 || r != 0) {
111
- unallocated_encoding(s);
112
- return;
113
- }
114
- break;
115
- default:
116
- unallocated_encoding(s);
117
- return;
118
- }
119
-
120
- if (rn == 31) {
121
+ if (a->rn == 31) {
122
gen_check_sp_alignment(s);
57
}
123
}
58
sysbus_mmio_map(SYS_BUS_DEVICE(&s->ipi), 0, IPI_ADDR);
124
-
59
sysbus_connect_irq(SYS_BUS_DEVICE(&s->ipi), 0, gic_spi[IPI_IRQ]);
125
- mop = check_atomic_align(s, rn, mop);
60
+
126
- clean_addr = gen_mte_check1(s, cpu_reg_sp(s, rn), false, rn != 31, mop);
61
+ object_property_set_bool(OBJECT(&s->rtc), true, "realized", &err);
127
-
62
+ if (err) {
128
- if (o3_opc == 014) {
63
+ error_propagate(errp, err);
129
- /*
64
+ return;
130
- * LDAPR* are a special case because they are a simple load, not a
131
- * fetch-and-do-something op.
132
- * The architectural consistency requirements here are weaker than
133
- * full load-acquire (we only need "load-acquire processor consistent"),
134
- * but we choose to implement them as full LDAQ.
135
- */
136
- do_gpr_ld(s, cpu_reg(s, rt), clean_addr, mop, false,
137
- true, rt, disas_ldst_compute_iss_sf(size, false, 0), true);
138
- tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
139
- return;
140
- }
141
-
142
- tcg_rs = read_cpu_reg(s, rs, true);
143
- tcg_rt = cpu_reg(s, rt);
144
-
145
- if (o3_opc == 1) { /* LDCLR */
146
+ mop = check_atomic_align(s, a->rn, mop);
147
+ clean_addr = gen_mte_check1(s, cpu_reg_sp(s, a->rn), false,
148
+ a->rn != 31, mop);
149
+ tcg_rs = read_cpu_reg(s, a->rs, true);
150
+ tcg_rt = cpu_reg(s, a->rt);
151
+ if (invert) {
152
tcg_gen_not_i64(tcg_rs, tcg_rs);
153
}
154
-
155
- /* The tcg atomic primitives are all full barriers. Therefore we
156
+ /*
157
+ * The tcg atomic primitives are all full barriers. Therefore we
158
* can ignore the Acquire and Release bits of this instruction.
159
*/
160
fn(tcg_rt, clean_addr, tcg_rs, get_mem_index(s), mop);
161
162
if (mop & MO_SIGN) {
163
- switch (size) {
164
+ switch (a->sz) {
165
case MO_8:
166
tcg_gen_ext8u_i64(tcg_rt, tcg_rt);
167
break;
168
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_atomic(DisasContext *s, uint32_t insn,
169
g_assert_not_reached();
170
}
171
}
172
+ return true;
173
+}
174
+
175
+TRANS_FEAT(LDADD, aa64_atomics, do_atomic_ld, a, tcg_gen_atomic_fetch_add_i64, 0, false)
176
+TRANS_FEAT(LDCLR, aa64_atomics, do_atomic_ld, a, tcg_gen_atomic_fetch_and_i64, 0, true)
177
+TRANS_FEAT(LDEOR, aa64_atomics, do_atomic_ld, a, tcg_gen_atomic_fetch_xor_i64, 0, false)
178
+TRANS_FEAT(LDSET, aa64_atomics, do_atomic_ld, a, tcg_gen_atomic_fetch_or_i64, 0, false)
179
+TRANS_FEAT(LDSMAX, aa64_atomics, do_atomic_ld, a, tcg_gen_atomic_fetch_smax_i64, MO_SIGN, false)
180
+TRANS_FEAT(LDSMIN, aa64_atomics, do_atomic_ld, a, tcg_gen_atomic_fetch_smin_i64, MO_SIGN, false)
181
+TRANS_FEAT(LDUMAX, aa64_atomics, do_atomic_ld, a, tcg_gen_atomic_fetch_umax_i64, 0, false)
182
+TRANS_FEAT(LDUMIN, aa64_atomics, do_atomic_ld, a, tcg_gen_atomic_fetch_umin_i64, 0, false)
183
+TRANS_FEAT(SWP, aa64_atomics, do_atomic_ld, a, tcg_gen_atomic_xchg_i64, 0, false)
184
+
185
+static bool trans_LDAPR(DisasContext *s, arg_LDAPR *a)
186
+{
187
+ bool iss_sf = ldst_iss_sf(a->sz, false, false);
188
+ TCGv_i64 clean_addr;
189
+ MemOp mop;
190
+
191
+ if (!dc_isar_feature(aa64_atomics, s) ||
192
+ !dc_isar_feature(aa64_rcpc_8_3, s)) {
193
+ return false;
65
+ }
194
+ }
66
+ sysbus_mmio_map(SYS_BUS_DEVICE(&s->rtc), 0, RTC_ADDR);
195
+ if (a->rn == 31) {
67
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->rtc), 0, gic_spi[RTC_IRQ]);
196
+ gen_check_sp_alignment(s);
197
+ }
198
+ mop = check_atomic_align(s, a->rn, a->sz);
199
+ clean_addr = gen_mte_check1(s, cpu_reg_sp(s, a->rn), false,
200
+ a->rn != 31, mop);
201
+ /*
202
+ * LDAPR* are a special case because they are a simple load, not a
203
+ * fetch-and-do-something op.
204
+ * The architectural consistency requirements here are weaker than
205
+ * full load-acquire (we only need "load-acquire processor consistent"),
206
+ * but we choose to implement them as full LDAQ.
207
+ */
208
+ do_gpr_ld(s, cpu_reg(s, a->rt), clean_addr, mop, false,
209
+ true, a->rt, iss_sf, true);
210
+ tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
211
+ return true;
68
}
212
}
69
213
70
static Property xlnx_zynqmp_props[] = {
214
/*
215
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg(DisasContext *s, uint32_t insn)
216
}
217
switch (extract32(insn, 10, 2)) {
218
case 0:
219
- disas_ldst_atomic(s, insn, size, rt, is_vector);
220
- return;
221
case 2:
222
break;
223
default:
71
--
224
--
72
2.16.2
225
2.34.1
73
74
diff view generated by jsdifflib
1
Instead of loading kernels, device trees, and the like to
1
Convert the instructions in the load/store register (pointer
2
the system address space, use the CPU's address space. This
2
authentication) group ot decodetree: LDRAA, LDRAB.
3
is important if we're trying to load the file to memory or
4
via an alias memory region that is provided by an SoC
5
object and thus not mapped into the system address space.
6
3
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
5
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20180220180325.29818-3-peter.maydell@linaro.org
7
Message-id: 20230602155223.2040685-17-peter.maydell@linaro.org
11
---
8
---
12
hw/arm/boot.c | 119 +++++++++++++++++++++++++++++++++++++---------------------
9
target/arm/tcg/a64.decode | 7 +++
13
1 file changed, 76 insertions(+), 43 deletions(-)
10
target/arm/tcg/translate-a64.c | 83 +++++++---------------------------
11
2 files changed, 23 insertions(+), 67 deletions(-)
14
12
15
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
13
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
16
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
17
--- a/hw/arm/boot.c
15
--- a/target/arm/tcg/a64.decode
18
+++ b/hw/arm/boot.c
16
+++ b/target/arm/tcg/a64.decode
19
@@ -XXX,XX +XXX,XX @@
17
@@ -XXX,XX +XXX,XX @@ LDUMIN .. 111 0 00 . . 1 ..... 0111 00 ..... ..... @atomic
20
#define ARM64_TEXT_OFFSET_OFFSET 8
18
SWP .. 111 0 00 . . 1 ..... 1000 00 ..... ..... @atomic
21
#define ARM64_MAGIC_OFFSET 56
19
22
20
LDAPR sz:2 111 0 00 1 0 1 11111 1100 00 rn:5 rt:5
23
+static AddressSpace *arm_boot_address_space(ARMCPU *cpu,
24
+ const struct arm_boot_info *info)
25
+{
26
+ /* Return the address space to use for bootloader reads and writes.
27
+ * We prefer the secure address space if the CPU has it and we're
28
+ * going to boot the guest into it.
29
+ */
30
+ int asidx;
31
+ CPUState *cs = CPU(cpu);
32
+
21
+
33
+ if (arm_feature(&cpu->env, ARM_FEATURE_EL3) && info->secure_boot) {
22
+# Load/store register (pointer authentication)
34
+ asidx = ARMASIdx_S;
35
+ } else {
36
+ asidx = ARMASIdx_NS;
37
+ }
38
+
23
+
39
+ return cpu_get_address_space(cs, asidx);
24
+# LDRA immediate is 10 bits signed and scaled, but the bits aren't all contiguous
40
+}
25
+%ldra_imm 22:s1 12:9 !function=times_2
41
+
26
+
42
typedef enum {
27
+LDRA 11 111 0 00 m:1 . 1 ......... w:1 1 rn:5 rt:5 imm=%ldra_imm
43
FIXUP_NONE = 0, /* do nothing */
28
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
44
FIXUP_TERMINATOR, /* end of insns */
29
index XXXXXXX..XXXXXXX 100644
45
@@ -XXX,XX +XXX,XX @@ static const ARMInsnFixup smpboot[] = {
30
--- a/target/arm/tcg/translate-a64.c
46
};
31
+++ b/target/arm/tcg/translate-a64.c
47
32
@@ -XXX,XX +XXX,XX @@ static bool trans_LDAPR(DisasContext *s, arg_LDAPR *a)
48
static void write_bootloader(const char *name, hwaddr addr,
33
return true;
49
- const ARMInsnFixup *insns, uint32_t *fixupcontext)
34
}
50
+ const ARMInsnFixup *insns, uint32_t *fixupcontext,
35
51
+ AddressSpace *as)
36
-/*
37
- * PAC memory operations
38
- *
39
- * 31 30 27 26 24 22 21 12 11 10 5 0
40
- * +------+-------+---+-----+-----+---+--------+---+---+----+-----+
41
- * | size | 1 1 1 | V | 0 0 | M S | 1 | imm9 | W | 1 | Rn | Rt |
42
- * +------+-------+---+-----+-----+---+--------+---+---+----+-----+
43
- *
44
- * Rt: the result register
45
- * Rn: base address or SP
46
- * V: vector flag (always 0 as of v8.3)
47
- * M: clear for key DA, set for key DB
48
- * W: pre-indexing flag
49
- * S: sign for imm9.
50
- */
51
-static void disas_ldst_pac(DisasContext *s, uint32_t insn,
52
- int size, int rt, bool is_vector)
53
+static bool trans_LDRA(DisasContext *s, arg_LDRA *a)
52
{
54
{
53
/* Fix up the specified bootloader fragment and write it into
55
- int rn = extract32(insn, 5, 5);
54
* guest memory using rom_add_blob_fixed(). fixupcontext is
56
- bool is_wback = extract32(insn, 11, 1);
55
@@ -XXX,XX +XXX,XX @@ static void write_bootloader(const char *name, hwaddr addr,
57
- bool use_key_a = !extract32(insn, 23, 1);
56
code[i] = tswap32(insn);
58
- int offset;
59
TCGv_i64 clean_addr, dirty_addr, tcg_rt;
60
MemOp memop;
61
62
- if (size != 3 || is_vector || !dc_isar_feature(aa64_pauth, s)) {
63
- unallocated_encoding(s);
64
- return;
65
+ /* Load with pointer authentication */
66
+ if (!dc_isar_feature(aa64_pauth, s)) {
67
+ return false;
57
}
68
}
58
69
59
- rom_add_blob_fixed(name, code, len * sizeof(uint32_t), addr);
70
- if (rn == 31) {
60
+ rom_add_blob_fixed_as(name, code, len * sizeof(uint32_t), addr, as);
71
+ if (a->rn == 31) {
61
72
gen_check_sp_alignment(s);
62
g_free(code);
63
}
64
@@ -XXX,XX +XXX,XX @@ static void default_write_secondary(ARMCPU *cpu,
65
const struct arm_boot_info *info)
66
{
67
uint32_t fixupcontext[FIXUP_MAX];
68
+ AddressSpace *as = arm_boot_address_space(cpu, info);
69
70
fixupcontext[FIXUP_GIC_CPU_IF] = info->gic_cpu_if_addr;
71
fixupcontext[FIXUP_BOOTREG] = info->smp_bootreg_addr;
72
@@ -XXX,XX +XXX,XX @@ static void default_write_secondary(ARMCPU *cpu,
73
}
73
}
74
74
- dirty_addr = read_cpu_reg_sp(s, rn, 1);
75
write_bootloader("smpboot", info->smp_loader_start,
75
+ dirty_addr = read_cpu_reg_sp(s, a->rn, 1);
76
- smpboot, fixupcontext);
76
77
+ smpboot, fixupcontext, as);
77
if (s->pauth_active) {
78
}
78
- if (use_key_a) {
79
79
+ if (!a->m) {
80
void arm_write_secure_board_setup_dummy_smc(ARMCPU *cpu,
80
gen_helper_autda(dirty_addr, cpu_env, dirty_addr,
81
const struct arm_boot_info *info,
81
tcg_constant_i64(0));
82
hwaddr mvbar_addr)
82
} else {
83
{
83
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_pac(DisasContext *s, uint32_t insn,
84
+ AddressSpace *as = arm_boot_address_space(cpu, info);
85
int n;
86
uint32_t mvbar_blob[] = {
87
/* mvbar_addr: secure monitor vectors
88
@@ -XXX,XX +XXX,XX @@ void arm_write_secure_board_setup_dummy_smc(ARMCPU *cpu,
89
for (n = 0; n < ARRAY_SIZE(mvbar_blob); n++) {
90
mvbar_blob[n] = tswap32(mvbar_blob[n]);
91
}
92
- rom_add_blob_fixed("board-setup-mvbar", mvbar_blob, sizeof(mvbar_blob),
93
- mvbar_addr);
94
+ rom_add_blob_fixed_as("board-setup-mvbar", mvbar_blob, sizeof(mvbar_blob),
95
+ mvbar_addr, as);
96
97
for (n = 0; n < ARRAY_SIZE(board_setup_blob); n++) {
98
board_setup_blob[n] = tswap32(board_setup_blob[n]);
99
}
100
- rom_add_blob_fixed("board-setup", board_setup_blob,
101
- sizeof(board_setup_blob), info->board_setup_addr);
102
+ rom_add_blob_fixed_as("board-setup", board_setup_blob,
103
+ sizeof(board_setup_blob), info->board_setup_addr, as);
104
}
105
106
static void default_reset_secondary(ARMCPU *cpu,
107
const struct arm_boot_info *info)
108
{
109
+ AddressSpace *as = arm_boot_address_space(cpu, info);
110
CPUState *cs = CPU(cpu);
111
112
- address_space_stl_notdirty(&address_space_memory, info->smp_bootreg_addr,
113
+ address_space_stl_notdirty(as, info->smp_bootreg_addr,
114
0, MEMTXATTRS_UNSPECIFIED, NULL);
115
cpu_set_pc(cs, info->smp_loader_start);
116
}
117
@@ -XXX,XX +XXX,XX @@ static inline bool have_dtb(const struct arm_boot_info *info)
118
}
119
120
#define WRITE_WORD(p, value) do { \
121
- address_space_stl_notdirty(&address_space_memory, p, value, \
122
+ address_space_stl_notdirty(as, p, value, \
123
MEMTXATTRS_UNSPECIFIED, NULL); \
124
p += 4; \
125
} while (0)
126
127
-static void set_kernel_args(const struct arm_boot_info *info)
128
+static void set_kernel_args(const struct arm_boot_info *info, AddressSpace *as)
129
{
130
int initrd_size = info->initrd_size;
131
hwaddr base = info->loader_start;
132
@@ -XXX,XX +XXX,XX @@ static void set_kernel_args(const struct arm_boot_info *info)
133
int cmdline_size;
134
135
cmdline_size = strlen(info->kernel_cmdline);
136
- cpu_physical_memory_write(p + 8, info->kernel_cmdline,
137
- cmdline_size + 1);
138
+ address_space_write(as, p + 8, MEMTXATTRS_UNSPECIFIED,
139
+ (const uint8_t *)info->kernel_cmdline,
140
+ cmdline_size + 1);
141
cmdline_size = (cmdline_size >> 2) + 1;
142
WRITE_WORD(p, cmdline_size + 2);
143
WRITE_WORD(p, 0x54410009);
144
@@ -XXX,XX +XXX,XX @@ static void set_kernel_args(const struct arm_boot_info *info)
145
atag_board_len = (info->atag_board(info, atag_board_buf) + 3) & ~3;
146
WRITE_WORD(p, (atag_board_len + 8) >> 2);
147
WRITE_WORD(p, 0x414f4d50);
148
- cpu_physical_memory_write(p, atag_board_buf, atag_board_len);
149
+ address_space_write(as, p, MEMTXATTRS_UNSPECIFIED,
150
+ atag_board_buf, atag_board_len);
151
p += atag_board_len;
152
}
153
/* ATAG_END */
154
@@ -XXX,XX +XXX,XX @@ static void set_kernel_args(const struct arm_boot_info *info)
155
WRITE_WORD(p, 0);
156
}
157
158
-static void set_kernel_args_old(const struct arm_boot_info *info)
159
+static void set_kernel_args_old(const struct arm_boot_info *info,
160
+ AddressSpace *as)
161
{
162
hwaddr p;
163
const char *s;
164
@@ -XXX,XX +XXX,XX @@ static void set_kernel_args_old(const struct arm_boot_info *info)
165
}
166
s = info->kernel_cmdline;
167
if (s) {
168
- cpu_physical_memory_write(p, s, strlen(s) + 1);
169
+ address_space_write(as, p, MEMTXATTRS_UNSPECIFIED,
170
+ (const uint8_t *)s, strlen(s) + 1);
171
} else {
172
WRITE_WORD(p, 0);
173
}
174
@@ -XXX,XX +XXX,XX @@ static void fdt_add_psci_node(void *fdt)
175
* @addr: the address to load the image at
176
* @binfo: struct describing the boot environment
177
* @addr_limit: upper limit of the available memory area at @addr
178
+ * @as: address space to load image to
179
*
180
* Load a device tree supplied by the machine or by the user with the
181
* '-dtb' command line option, and put it at offset @addr in target
182
@@ -XXX,XX +XXX,XX @@ static void fdt_add_psci_node(void *fdt)
183
* Note: Must not be called unless have_dtb(binfo) is true.
184
*/
185
static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
186
- hwaddr addr_limit)
187
+ hwaddr addr_limit, AddressSpace *as)
188
{
189
void *fdt = NULL;
190
int size, rc;
191
@@ -XXX,XX +XXX,XX @@ static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
192
/* Put the DTB into the memory map as a ROM image: this will ensure
193
* the DTB is copied again upon reset, even if addr points into RAM.
194
*/
195
- rom_add_blob_fixed("dtb", fdt, size, addr);
196
+ rom_add_blob_fixed_as("dtb", fdt, size, addr, as);
197
198
g_free(fdt);
199
200
@@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque)
201
}
202
203
if (cs == first_cpu) {
204
+ AddressSpace *as = arm_boot_address_space(cpu, info);
205
+
206
cpu_set_pc(cs, info->loader_start);
207
208
if (!have_dtb(info)) {
209
if (old_param) {
210
- set_kernel_args_old(info);
211
+ set_kernel_args_old(info, as);
212
} else {
213
- set_kernel_args(info);
214
+ set_kernel_args(info, as);
215
}
216
}
217
} else {
218
@@ -XXX,XX +XXX,XX @@ static int do_arm_linux_init(Object *obj, void *opaque)
219
220
static uint64_t arm_load_elf(struct arm_boot_info *info, uint64_t *pentry,
221
uint64_t *lowaddr, uint64_t *highaddr,
222
- int elf_machine)
223
+ int elf_machine, AddressSpace *as)
224
{
225
bool elf_is64;
226
union {
227
@@ -XXX,XX +XXX,XX @@ static uint64_t arm_load_elf(struct arm_boot_info *info, uint64_t *pentry,
228
}
84
}
229
}
85
}
230
86
231
- ret = load_elf(info->kernel_filename, NULL, NULL,
87
- /* Form the 10-bit signed, scaled offset. */
232
- pentry, lowaddr, highaddr, big_endian, elf_machine,
88
- offset = (extract32(insn, 22, 1) << 9) | extract32(insn, 12, 9);
233
- 1, data_swab);
89
- offset = sextract32(offset << size, 0, 10 + size);
234
+ ret = load_elf_as(info->kernel_filename, NULL, NULL,
90
- tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
235
+ pentry, lowaddr, highaddr, big_endian, elf_machine,
91
+ tcg_gen_addi_i64(dirty_addr, dirty_addr, a->imm);
236
+ 1, data_swab, as);
92
237
if (ret <= 0) {
93
- memop = finalize_memop(s, size);
238
/* The header loaded but the image didn't */
94
+ memop = finalize_memop(s, MO_64);
239
exit(1);
95
240
@@ -XXX,XX +XXX,XX @@ static uint64_t arm_load_elf(struct arm_boot_info *info, uint64_t *pentry,
96
/* Note that "clean" and "dirty" here refer to TBI not PAC. */
97
clean_addr = gen_mte_check1(s, dirty_addr, false,
98
- is_wback || rn != 31, memop);
99
+ a->w || a->rn != 31, memop);
100
101
- tcg_rt = cpu_reg(s, rt);
102
+ tcg_rt = cpu_reg(s, a->rt);
103
do_gpr_ld(s, tcg_rt, clean_addr, memop,
104
- /* extend */ false, /* iss_valid */ !is_wback,
105
- /* iss_srt */ rt, /* iss_sf */ true, /* iss_ar */ false);
106
+ /* extend */ false, /* iss_valid */ !a->w,
107
+ /* iss_srt */ a->rt, /* iss_sf */ true, /* iss_ar */ false);
108
109
- if (is_wback) {
110
- tcg_gen_mov_i64(cpu_reg_sp(s, rn), dirty_addr);
111
+ if (a->w) {
112
+ tcg_gen_mov_i64(cpu_reg_sp(s, a->rn), dirty_addr);
113
}
114
+ return true;
241
}
115
}
242
116
243
static uint64_t load_aarch64_image(const char *filename, hwaddr mem_base,
117
/*
244
- hwaddr *entry)
118
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_ldapr_stlr(DisasContext *s, uint32_t insn)
245
+ hwaddr *entry, AddressSpace *as)
119
}
120
}
121
122
-/* Load/store register (all forms) */
123
-static void disas_ldst_reg(DisasContext *s, uint32_t insn)
124
-{
125
- int rt = extract32(insn, 0, 5);
126
- bool is_vector = extract32(insn, 26, 1);
127
- int size = extract32(insn, 30, 2);
128
-
129
- switch (extract32(insn, 24, 2)) {
130
- case 0:
131
- if (extract32(insn, 21, 1) == 0) {
132
- break;
133
- }
134
- switch (extract32(insn, 10, 2)) {
135
- case 0:
136
- case 2:
137
- break;
138
- default:
139
- disas_ldst_pac(s, insn, size, rt, is_vector);
140
- return;
141
- }
142
- break;
143
- }
144
- unallocated_encoding(s);
145
-}
146
-
147
/* AdvSIMD load/store multiple structures
148
*
149
* 31 30 29 23 22 21 16 15 12 11 10 9 5 4 0
150
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_tag(DisasContext *s, uint32_t insn)
151
static void disas_ldst(DisasContext *s, uint32_t insn)
246
{
152
{
247
hwaddr kernel_load_offset = KERNEL64_LOAD_ADDR;
153
switch (extract32(insn, 24, 6)) {
248
uint8_t *buffer;
154
- case 0x38: case 0x39:
249
@@ -XXX,XX +XXX,XX @@ static uint64_t load_aarch64_image(const char *filename, hwaddr mem_base,
155
- case 0x3c: case 0x3d: /* Load/store register (all forms) */
250
}
156
- disas_ldst_reg(s, insn);
251
157
- break;
252
*entry = mem_base + kernel_load_offset;
158
case 0x0c: /* AdvSIMD load/store multiple structures */
253
- rom_add_blob_fixed(filename, buffer, size, *entry);
159
disas_ldst_multiple_struct(s, insn);
254
+ rom_add_blob_fixed_as(filename, buffer, size, *entry, as);
160
break;
255
256
g_free(buffer);
257
258
@@ -XXX,XX +XXX,XX @@ static void arm_load_kernel_notify(Notifier *notifier, void *data)
259
ARMCPU *cpu = n->cpu;
260
struct arm_boot_info *info =
261
container_of(n, struct arm_boot_info, load_kernel_notifier);
262
+ AddressSpace *as = arm_boot_address_space(cpu, info);
263
264
/* The board code is not supposed to set secure_board_setup unless
265
* running its code in secure mode is actually possible, and KVM
266
@@ -XXX,XX +XXX,XX @@ static void arm_load_kernel_notify(Notifier *notifier, void *data)
267
* the kernel is supposed to be loaded by the bootloader), copy the
268
* DTB to the base of RAM for the bootloader to pick up.
269
*/
270
- if (load_dtb(info->loader_start, info, 0) < 0) {
271
+ if (load_dtb(info->loader_start, info, 0, as) < 0) {
272
exit(1);
273
}
274
}
275
@@ -XXX,XX +XXX,XX @@ static void arm_load_kernel_notify(Notifier *notifier, void *data)
276
277
/* Assume that raw images are linux kernels, and ELF images are not. */
278
kernel_size = arm_load_elf(info, &elf_entry, &elf_low_addr,
279
- &elf_high_addr, elf_machine);
280
+ &elf_high_addr, elf_machine, as);
281
if (kernel_size > 0 && have_dtb(info)) {
282
/* If there is still some room left at the base of RAM, try and put
283
* the DTB there like we do for images loaded with -bios or -pflash.
284
@@ -XXX,XX +XXX,XX @@ static void arm_load_kernel_notify(Notifier *notifier, void *data)
285
if (elf_low_addr < info->loader_start) {
286
elf_low_addr = 0;
287
}
288
- if (load_dtb(info->loader_start, info, elf_low_addr) < 0) {
289
+ if (load_dtb(info->loader_start, info, elf_low_addr, as) < 0) {
290
exit(1);
291
}
292
}
293
}
294
entry = elf_entry;
295
if (kernel_size < 0) {
296
- kernel_size = load_uimage(info->kernel_filename, &entry, NULL,
297
- &is_linux, NULL, NULL);
298
+ kernel_size = load_uimage_as(info->kernel_filename, &entry, NULL,
299
+ &is_linux, NULL, NULL, as);
300
}
301
if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64) && kernel_size < 0) {
302
kernel_size = load_aarch64_image(info->kernel_filename,
303
- info->loader_start, &entry);
304
+ info->loader_start, &entry, as);
305
is_linux = 1;
306
} else if (kernel_size < 0) {
307
/* 32-bit ARM */
308
entry = info->loader_start + KERNEL_LOAD_ADDR;
309
- kernel_size = load_image_targphys(info->kernel_filename, entry,
310
- info->ram_size - KERNEL_LOAD_ADDR);
311
+ kernel_size = load_image_targphys_as(info->kernel_filename, entry,
312
+ info->ram_size - KERNEL_LOAD_ADDR,
313
+ as);
314
is_linux = 1;
315
}
316
if (kernel_size < 0) {
317
@@ -XXX,XX +XXX,XX @@ static void arm_load_kernel_notify(Notifier *notifier, void *data)
318
uint32_t fixupcontext[FIXUP_MAX];
319
320
if (info->initrd_filename) {
321
- initrd_size = load_ramdisk(info->initrd_filename,
322
- info->initrd_start,
323
- info->ram_size -
324
- info->initrd_start);
325
+ initrd_size = load_ramdisk_as(info->initrd_filename,
326
+ info->initrd_start,
327
+ info->ram_size - info->initrd_start,
328
+ as);
329
if (initrd_size < 0) {
330
- initrd_size = load_image_targphys(info->initrd_filename,
331
- info->initrd_start,
332
- info->ram_size -
333
- info->initrd_start);
334
+ initrd_size = load_image_targphys_as(info->initrd_filename,
335
+ info->initrd_start,
336
+ info->ram_size -
337
+ info->initrd_start,
338
+ as);
339
}
340
if (initrd_size < 0) {
341
error_report("could not load initrd '%s'",
342
@@ -XXX,XX +XXX,XX @@ static void arm_load_kernel_notify(Notifier *notifier, void *data)
343
344
/* Place the DTB after the initrd in memory with alignment. */
345
dtb_start = QEMU_ALIGN_UP(info->initrd_start + initrd_size, align);
346
- if (load_dtb(dtb_start, info, 0) < 0) {
347
+ if (load_dtb(dtb_start, info, 0, as) < 0) {
348
exit(1);
349
}
350
fixupcontext[FIXUP_ARGPTR] = dtb_start;
351
@@ -XXX,XX +XXX,XX @@ static void arm_load_kernel_notify(Notifier *notifier, void *data)
352
fixupcontext[FIXUP_ENTRYPOINT] = entry;
353
354
write_bootloader("bootloader", info->loader_start,
355
- primary_loader, fixupcontext);
356
+ primary_loader, fixupcontext, as);
357
358
if (info->nb_cpus > 1) {
359
info->write_secondary_boot(cpu, info);
360
--
161
--
361
2.16.2
162
2.34.1
362
163
363
164
diff view generated by jsdifflib
1
The MPS2 AN505 FPGA image includes a "FPGA control block"
1
Convert the instructions in the LDAPR/STLR (unscaled immediate)
2
which is a small set of registers handling LEDs, buttons
2
group to decodetree.
3
and some counters.
4
3
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20180220180325.29818-14-peter.maydell@linaro.org
6
Message-id: 20230602155223.2040685-18-peter.maydell@linaro.org
8
---
7
---
9
hw/misc/Makefile.objs | 1 +
8
target/arm/tcg/a64.decode | 10 +++
10
include/hw/misc/mps2-fpgaio.h | 43 ++++++++++
9
target/arm/tcg/translate-a64.c | 132 ++++++++++++---------------------
11
hw/misc/mps2-fpgaio.c | 176 ++++++++++++++++++++++++++++++++++++++++
10
2 files changed, 56 insertions(+), 86 deletions(-)
12
default-configs/arm-softmmu.mak | 1 +
13
hw/misc/trace-events | 6 ++
14
5 files changed, 227 insertions(+)
15
create mode 100644 include/hw/misc/mps2-fpgaio.h
16
create mode 100644 hw/misc/mps2-fpgaio.c
17
11
18
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
12
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
19
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
20
--- a/hw/misc/Makefile.objs
14
--- a/target/arm/tcg/a64.decode
21
+++ b/hw/misc/Makefile.objs
15
+++ b/target/arm/tcg/a64.decode
22
@@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_STM32F2XX_SYSCFG) += stm32f2xx_syscfg.o
16
@@ -XXX,XX +XXX,XX @@ LDAPR sz:2 111 0 00 1 0 1 11111 1100 00 rn:5 rt:5
23
obj-$(CONFIG_MIPS_CPS) += mips_cmgcr.o
17
%ldra_imm 22:s1 12:9 !function=times_2
24
obj-$(CONFIG_MIPS_CPS) += mips_cpc.o
18
25
obj-$(CONFIG_MIPS_ITU) += mips_itu.o
19
LDRA 11 111 0 00 m:1 . 1 ......... w:1 1 rn:5 rt:5 imm=%ldra_imm
26
+obj-$(CONFIG_MPS2_FPGAIO) += mps2-fpgaio.o
20
+
27
obj-$(CONFIG_MPS2_SCC) += mps2-scc.o
21
+&ldapr_stlr_i rn rt imm sz sign ext
28
22
+@ldapr_stlr_i .. ...... .. . imm:9 .. rn:5 rt:5 &ldapr_stlr_i
29
obj-$(CONFIG_PVPANIC) += pvpanic.o
23
+STLR_i sz:2 011001 00 0 ......... 00 ..... ..... @ldapr_stlr_i sign=0 ext=0
30
diff --git a/include/hw/misc/mps2-fpgaio.h b/include/hw/misc/mps2-fpgaio.h
24
+LDAPR_i sz:2 011001 01 0 ......... 00 ..... ..... @ldapr_stlr_i sign=0 ext=0
31
new file mode 100644
25
+LDAPR_i 00 011001 10 0 ......... 00 ..... ..... @ldapr_stlr_i sign=1 ext=0 sz=0
32
index XXXXXXX..XXXXXXX
26
+LDAPR_i 01 011001 10 0 ......... 00 ..... ..... @ldapr_stlr_i sign=1 ext=0 sz=1
33
--- /dev/null
27
+LDAPR_i 10 011001 10 0 ......... 00 ..... ..... @ldapr_stlr_i sign=1 ext=0 sz=2
34
+++ b/include/hw/misc/mps2-fpgaio.h
28
+LDAPR_i 00 011001 11 0 ......... 00 ..... ..... @ldapr_stlr_i sign=1 ext=1 sz=0
35
@@ -XXX,XX +XXX,XX @@
29
+LDAPR_i 01 011001 11 0 ......... 00 ..... ..... @ldapr_stlr_i sign=1 ext=1 sz=1
30
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
31
index XXXXXXX..XXXXXXX 100644
32
--- a/target/arm/tcg/translate-a64.c
33
+++ b/target/arm/tcg/translate-a64.c
34
@@ -XXX,XX +XXX,XX @@ static void gen_compare_and_swap_pair(DisasContext *s, int rs, int rt,
35
}
36
}
37
38
-/* Update the Sixty-Four bit (SF) registersize. This logic is derived
36
+/*
39
+/*
37
+ * ARM MPS2 FPGAIO emulation
40
+ * Compute the ISS.SF bit for syndrome information if an exception
38
+ *
41
+ * is taken on a load or store. This indicates whether the instruction
39
+ * Copyright (c) 2018 Linaro Limited
42
+ * is accessing a 32-bit or 64-bit register. This logic is derived
40
+ * Written by Peter Maydell
43
* from the ARMv8 specs for LDR (Shared decode for all encodings).
41
+ *
44
*/
42
+ * This program is free software; you can redistribute it and/or modify
45
-static bool disas_ldst_compute_iss_sf(int size, bool is_signed, int opc)
43
+ * it under the terms of the GNU General Public License version 2 or
46
-{
44
+ * (at your option) any later version.
47
- int opc0 = extract32(opc, 0, 1);
45
+ */
48
- int regsize;
46
+
49
-
47
+/* This is a model of the FPGAIO register block in the AN505
50
- if (is_signed) {
48
+ * FPGA image for the MPS2 dev board; it is documented in the
51
- regsize = opc0 ? 32 : 64;
49
+ * application note:
52
- } else {
50
+ * http://infocenter.arm.com/help/topic/com.arm.doc.dai0505b/index.html
53
- regsize = size == 3 ? 64 : 32;
51
+ *
54
- }
52
+ * QEMU interface:
55
- return regsize == 64;
53
+ * + sysbus MMIO region 0: the register bank
56
-}
54
+ */
57
-
55
+
58
static bool ldst_iss_sf(int size, bool sign, bool ext)
56
+#ifndef MPS2_FPGAIO_H
59
{
57
+#define MPS2_FPGAIO_H
60
58
+
61
@@ -XXX,XX +XXX,XX @@ static bool trans_LDRA(DisasContext *s, arg_LDRA *a)
59
+#include "hw/sysbus.h"
62
return true;
60
+
63
}
61
+#define TYPE_MPS2_FPGAIO "mps2-fpgaio"
64
62
+#define MPS2_FPGAIO(obj) OBJECT_CHECK(MPS2FPGAIO, (obj), TYPE_MPS2_FPGAIO)
65
-/*
63
+
66
- * LDAPR/STLR (unscaled immediate)
64
+typedef struct {
67
- *
65
+ /*< private >*/
68
- * 31 30 24 22 21 12 10 5 0
66
+ SysBusDevice parent_obj;
69
- * +------+-------------+-----+---+--------+-----+----+-----+
67
+
70
- * | size | 0 1 1 0 0 1 | opc | 0 | imm9 | 0 0 | Rn | Rt |
68
+ /*< public >*/
71
- * +------+-------------+-----+---+--------+-----+----+-----+
69
+ MemoryRegion iomem;
72
- *
70
+
73
- * Rt: source or destination register
71
+ uint32_t led0;
74
- * Rn: base register
72
+ uint32_t prescale;
75
- * imm9: unscaled immediate offset
73
+ uint32_t misc;
76
- * opc: 00: STLUR*, 01/10/11: various LDAPUR*
74
+
77
- * size: size of load/store
75
+ uint32_t prescale_clk;
78
- */
76
+} MPS2FPGAIO;
79
-static void disas_ldst_ldapr_stlr(DisasContext *s, uint32_t insn)
77
+
80
+static bool trans_LDAPR_i(DisasContext *s, arg_ldapr_stlr_i *a)
78
+#endif
81
{
79
diff --git a/hw/misc/mps2-fpgaio.c b/hw/misc/mps2-fpgaio.c
82
- int rt = extract32(insn, 0, 5);
80
new file mode 100644
83
- int rn = extract32(insn, 5, 5);
81
index XXXXXXX..XXXXXXX
84
- int offset = sextract32(insn, 12, 9);
82
--- /dev/null
85
- int opc = extract32(insn, 22, 2);
83
+++ b/hw/misc/mps2-fpgaio.c
86
- int size = extract32(insn, 30, 2);
84
@@ -XXX,XX +XXX,XX @@
87
TCGv_i64 clean_addr, dirty_addr;
85
+/*
88
- bool is_store = false;
86
+ * ARM MPS2 AN505 FPGAIO emulation
89
- bool extend = false;
87
+ *
90
- bool iss_sf;
88
+ * Copyright (c) 2018 Linaro Limited
91
- MemOp mop = size;
89
+ * Written by Peter Maydell
92
+ MemOp mop = a->sz | (a->sign ? MO_SIGN : 0);
90
+ *
93
+ bool iss_sf = ldst_iss_sf(a->sz, a->sign, a->ext);
91
+ * This program is free software; you can redistribute it and/or modify
94
92
+ * it under the terms of the GNU General Public License version 2 or
95
if (!dc_isar_feature(aa64_rcpc_8_4, s)) {
93
+ * (at your option) any later version.
96
- unallocated_encoding(s);
94
+ */
97
- return;
95
+
98
+ return false;
96
+/* This is a model of the "FPGA system control and I/O" block found
99
}
97
+ * in the AN505 FPGA image for the MPS2 devboard.
100
98
+ * It is documented in AN505:
101
- switch (opc) {
99
+ * http://infocenter.arm.com/help/topic/com.arm.doc.dai0505b/index.html
102
- case 0: /* STLURB */
100
+ */
103
- is_store = true;
101
+
104
- break;
102
+#include "qemu/osdep.h"
105
- case 1: /* LDAPUR* */
103
+#include "qemu/log.h"
106
- break;
104
+#include "qapi/error.h"
107
- case 2: /* LDAPURS* 64-bit variant */
105
+#include "trace.h"
108
- if (size == 3) {
106
+#include "hw/sysbus.h"
109
- unallocated_encoding(s);
107
+#include "hw/registerfields.h"
110
- return;
108
+#include "hw/misc/mps2-fpgaio.h"
111
- }
109
+
112
- mop |= MO_SIGN;
110
+REG32(LED0, 0)
113
- break;
111
+REG32(BUTTON, 8)
114
- case 3: /* LDAPURS* 32-bit variant */
112
+REG32(CLK1HZ, 0x10)
115
- if (size > 1) {
113
+REG32(CLK100HZ, 0x14)
116
- unallocated_encoding(s);
114
+REG32(COUNTER, 0x18)
117
- return;
115
+REG32(PRESCALE, 0x1c)
118
- }
116
+REG32(PSCNTR, 0x20)
119
- mop |= MO_SIGN;
117
+REG32(MISC, 0x4c)
120
- extend = true; /* zero-extend 32->64 after signed load */
118
+
121
- break;
119
+static uint64_t mps2_fpgaio_read(void *opaque, hwaddr offset, unsigned size)
122
- default:
123
- g_assert_not_reached();
124
- }
125
-
126
- iss_sf = disas_ldst_compute_iss_sf(size, (mop & MO_SIGN) != 0, opc);
127
-
128
- if (rn == 31) {
129
+ if (a->rn == 31) {
130
gen_check_sp_alignment(s);
131
}
132
133
- mop = check_ordered_align(s, rn, offset, is_store, mop);
134
-
135
- dirty_addr = read_cpu_reg_sp(s, rn, 1);
136
- tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
137
+ mop = check_ordered_align(s, a->rn, a->imm, false, mop);
138
+ dirty_addr = read_cpu_reg_sp(s, a->rn, 1);
139
+ tcg_gen_addi_i64(dirty_addr, dirty_addr, a->imm);
140
clean_addr = clean_data_tbi(s, dirty_addr);
141
142
- if (is_store) {
143
- /* Store-Release semantics */
144
- tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
145
- do_gpr_st(s, cpu_reg(s, rt), clean_addr, mop, true, rt, iss_sf, true);
146
- } else {
147
- /*
148
- * Load-AcquirePC semantics; we implement as the slightly more
149
- * restrictive Load-Acquire.
150
- */
151
- do_gpr_ld(s, cpu_reg(s, rt), clean_addr, mop,
152
- extend, true, rt, iss_sf, true);
153
- tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
154
+ /*
155
+ * Load-AcquirePC semantics; we implement as the slightly more
156
+ * restrictive Load-Acquire.
157
+ */
158
+ do_gpr_ld(s, cpu_reg(s, a->rt), clean_addr, mop, a->ext, true,
159
+ a->rt, iss_sf, true);
160
+ tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
161
+ return true;
162
+}
163
+
164
+static bool trans_STLR_i(DisasContext *s, arg_ldapr_stlr_i *a)
120
+{
165
+{
121
+ MPS2FPGAIO *s = MPS2_FPGAIO(opaque);
166
+ TCGv_i64 clean_addr, dirty_addr;
122
+ uint64_t r;
167
+ MemOp mop = a->sz;
123
+
168
+ bool iss_sf = ldst_iss_sf(a->sz, a->sign, a->ext);
124
+ switch (offset) {
169
+
125
+ case A_LED0:
170
+ if (!dc_isar_feature(aa64_rcpc_8_4, s)) {
126
+ r = s->led0;
171
+ return false;
127
+ break;
172
}
128
+ case A_BUTTON:
173
+
129
+ /* User-pressable board buttons. We don't model that, so just return
174
+ /* TODO: ARMv8.4-LSE SCTLR.nAA */
130
+ * zeroes.
175
+
131
+ */
176
+ if (a->rn == 31) {
132
+ r = 0;
177
+ gen_check_sp_alignment(s);
133
+ break;
134
+ case A_PRESCALE:
135
+ r = s->prescale;
136
+ break;
137
+ case A_MISC:
138
+ r = s->misc;
139
+ break;
140
+ case A_CLK1HZ:
141
+ case A_CLK100HZ:
142
+ case A_COUNTER:
143
+ case A_PSCNTR:
144
+ /* These are all upcounters of various frequencies. */
145
+ qemu_log_mask(LOG_UNIMP, "MPS2 FPGAIO: counters unimplemented\n");
146
+ r = 0;
147
+ break;
148
+ default:
149
+ qemu_log_mask(LOG_GUEST_ERROR,
150
+ "MPS2 FPGAIO read: bad offset %x\n", (int) offset);
151
+ r = 0;
152
+ break;
153
+ }
178
+ }
154
+
179
+
155
+ trace_mps2_fpgaio_read(offset, r, size);
180
+ mop = check_ordered_align(s, a->rn, a->imm, true, mop);
156
+ return r;
181
+ dirty_addr = read_cpu_reg_sp(s, a->rn, 1);
157
+}
182
+ tcg_gen_addi_i64(dirty_addr, dirty_addr, a->imm);
158
+
183
+ clean_addr = clean_data_tbi(s, dirty_addr);
159
+static void mps2_fpgaio_write(void *opaque, hwaddr offset, uint64_t value,
184
+
160
+ unsigned size)
185
+ /* Store-Release semantics */
161
+{
186
+ tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
162
+ MPS2FPGAIO *s = MPS2_FPGAIO(opaque);
187
+ do_gpr_st(s, cpu_reg(s, a->rt), clean_addr, mop, true, a->rt, iss_sf, true);
163
+
188
+ return true;
164
+ trace_mps2_fpgaio_write(offset, value, size);
189
}
165
+
190
166
+ switch (offset) {
191
/* AdvSIMD load/store multiple structures
167
+ case A_LED0:
192
@@ -XXX,XX +XXX,XX @@ static void disas_ldst(DisasContext *s, uint32_t insn)
168
+ /* LED bits [1:0] control board LEDs. We don't currently have
193
case 0x19:
169
+ * a mechanism for displaying this graphically, so use a trace event.
194
if (extract32(insn, 21, 1) != 0) {
170
+ */
195
disas_ldst_tag(s, insn);
171
+ trace_mps2_fpgaio_leds(value & 0x02 ? '*' : '.',
196
- } else if (extract32(insn, 10, 2) == 0) {
172
+ value & 0x01 ? '*' : '.');
197
- disas_ldst_ldapr_stlr(s, insn);
173
+ s->led0 = value & 0x3;
198
} else {
174
+ break;
199
unallocated_encoding(s);
175
+ case A_PRESCALE:
200
}
176
+ s->prescale = value;
177
+ break;
178
+ case A_MISC:
179
+ /* These are control bits for some of the other devices on the
180
+ * board (SPI, CLCD, etc). We don't implement that yet, so just
181
+ * make the bits read as written.
182
+ */
183
+ qemu_log_mask(LOG_UNIMP,
184
+ "MPS2 FPGAIO: MISC control bits unimplemented\n");
185
+ s->misc = value;
186
+ break;
187
+ default:
188
+ qemu_log_mask(LOG_GUEST_ERROR,
189
+ "MPS2 FPGAIO write: bad offset 0x%x\n", (int) offset);
190
+ break;
191
+ }
192
+}
193
+
194
+static const MemoryRegionOps mps2_fpgaio_ops = {
195
+ .read = mps2_fpgaio_read,
196
+ .write = mps2_fpgaio_write,
197
+ .endianness = DEVICE_LITTLE_ENDIAN,
198
+};
199
+
200
+static void mps2_fpgaio_reset(DeviceState *dev)
201
+{
202
+ MPS2FPGAIO *s = MPS2_FPGAIO(dev);
203
+
204
+ trace_mps2_fpgaio_reset();
205
+ s->led0 = 0;
206
+ s->prescale = 0;
207
+ s->misc = 0;
208
+}
209
+
210
+static void mps2_fpgaio_init(Object *obj)
211
+{
212
+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
213
+ MPS2FPGAIO *s = MPS2_FPGAIO(obj);
214
+
215
+ memory_region_init_io(&s->iomem, obj, &mps2_fpgaio_ops, s,
216
+ "mps2-fpgaio", 0x1000);
217
+ sysbus_init_mmio(sbd, &s->iomem);
218
+}
219
+
220
+static const VMStateDescription mps2_fpgaio_vmstate = {
221
+ .name = "mps2-fpgaio",
222
+ .version_id = 1,
223
+ .minimum_version_id = 1,
224
+ .fields = (VMStateField[]) {
225
+ VMSTATE_UINT32(led0, MPS2FPGAIO),
226
+ VMSTATE_UINT32(prescale, MPS2FPGAIO),
227
+ VMSTATE_UINT32(misc, MPS2FPGAIO),
228
+ VMSTATE_END_OF_LIST()
229
+ }
230
+};
231
+
232
+static Property mps2_fpgaio_properties[] = {
233
+ /* Frequency of the prescale counter */
234
+ DEFINE_PROP_UINT32("prescale-clk", MPS2FPGAIO, prescale_clk, 20000000),
235
+ DEFINE_PROP_END_OF_LIST(),
236
+};
237
+
238
+static void mps2_fpgaio_class_init(ObjectClass *klass, void *data)
239
+{
240
+ DeviceClass *dc = DEVICE_CLASS(klass);
241
+
242
+ dc->vmsd = &mps2_fpgaio_vmstate;
243
+ dc->reset = mps2_fpgaio_reset;
244
+ dc->props = mps2_fpgaio_properties;
245
+}
246
+
247
+static const TypeInfo mps2_fpgaio_info = {
248
+ .name = TYPE_MPS2_FPGAIO,
249
+ .parent = TYPE_SYS_BUS_DEVICE,
250
+ .instance_size = sizeof(MPS2FPGAIO),
251
+ .instance_init = mps2_fpgaio_init,
252
+ .class_init = mps2_fpgaio_class_init,
253
+};
254
+
255
+static void mps2_fpgaio_register_types(void)
256
+{
257
+ type_register_static(&mps2_fpgaio_info);
258
+}
259
+
260
+type_init(mps2_fpgaio_register_types);
261
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
262
index XXXXXXX..XXXXXXX 100644
263
--- a/default-configs/arm-softmmu.mak
264
+++ b/default-configs/arm-softmmu.mak
265
@@ -XXX,XX +XXX,XX @@ CONFIG_STM32F205_SOC=y
266
CONFIG_CMSDK_APB_TIMER=y
267
CONFIG_CMSDK_APB_UART=y
268
269
+CONFIG_MPS2_FPGAIO=y
270
CONFIG_MPS2_SCC=y
271
272
CONFIG_VERSATILE_PCI=y
273
diff --git a/hw/misc/trace-events b/hw/misc/trace-events
274
index XXXXXXX..XXXXXXX 100644
275
--- a/hw/misc/trace-events
276
+++ b/hw/misc/trace-events
277
@@ -XXX,XX +XXX,XX @@ mps2_scc_leds(char led7, char led6, char led5, char led4, char led3, char led2,
278
mps2_scc_cfg_write(unsigned function, unsigned device, uint32_t value) "MPS2 SCC config write: function %d device %d data 0x%" PRIx32
279
mps2_scc_cfg_read(unsigned function, unsigned device, uint32_t value) "MPS2 SCC config read: function %d device %d data 0x%" PRIx32
280
281
+# hw/misc/mps2_fpgaio.c
282
+mps2_fpgaio_read(uint64_t offset, uint64_t data, unsigned size) "MPS2 FPGAIO read: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"
283
+mps2_fpgaio_write(uint64_t offset, uint64_t data, unsigned size) "MPS2 FPGAIO write: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"
284
+mps2_fpgaio_reset(void) "MPS2 FPGAIO: reset"
285
+mps2_fpgaio_leds(char led1, char led0) "MPS2 FPGAIO LEDs: %c%c"
286
+
287
# hw/misc/msf2-sysreg.c
288
msf2_sysreg_write(uint64_t offset, uint32_t val, uint32_t prev) "msf2-sysreg write: addr 0x%08" HWADDR_PRIx " data 0x%" PRIx32 " prev 0x%" PRIx32
289
msf2_sysreg_read(uint64_t offset, uint32_t val) "msf2-sysreg read: addr 0x%08" HWADDR_PRIx " data 0x%08" PRIx32
290
--
201
--
291
2.16.2
202
2.34.1
292
293
diff view generated by jsdifflib
1
Create an "init-svtor" property on the armv7m container
1
Convert the instructions in the ASIMD load/store multiple structures
2
object which we can forward to the CPU object.
2
instruction classes to decodetree.
3
3
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Message-id: 20180220180325.29818-8-peter.maydell@linaro.org
6
Message-id: 20230602155223.2040685-19-peter.maydell@linaro.org
7
---
7
---
8
include/hw/arm/armv7m.h | 2 ++
8
target/arm/tcg/a64.decode | 20 +++
9
hw/arm/armv7m.c | 9 +++++++++
9
target/arm/tcg/translate-a64.c | 222 ++++++++++++++++-----------------
10
2 files changed, 11 insertions(+)
10
2 files changed, 131 insertions(+), 111 deletions(-)
11
11
12
diff --git a/include/hw/arm/armv7m.h b/include/hw/arm/armv7m.h
12
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
13
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
14
--- a/include/hw/arm/armv7m.h
14
--- a/target/arm/tcg/a64.decode
15
+++ b/include/hw/arm/armv7m.h
15
+++ b/target/arm/tcg/a64.decode
16
@@ -XXX,XX +XXX,XX @@ typedef struct {
16
@@ -XXX,XX +XXX,XX @@ LDAPR_i 01 011001 10 0 ......... 00 ..... ..... @ldapr_stlr_i sign=1 ext
17
* that CPU accesses see. (The NVIC, bitbanding and other CPU-internal
17
LDAPR_i 10 011001 10 0 ......... 00 ..... ..... @ldapr_stlr_i sign=1 ext=0 sz=2
18
* devices will be automatically layered on top of this view.)
18
LDAPR_i 00 011001 11 0 ......... 00 ..... ..... @ldapr_stlr_i sign=1 ext=1 sz=0
19
* + Property "idau": IDAU interface (forwarded to CPU object)
19
LDAPR_i 01 011001 11 0 ......... 00 ..... ..... @ldapr_stlr_i sign=1 ext=1 sz=1
20
+ * + Property "init-svtor": secure VTOR reset value (forwarded to CPU object)
20
+
21
*/
21
+# Load/store multiple structures
22
typedef struct ARMv7MState {
22
+# The 4-bit opcode in [15:12] encodes repeat count and structure elements
23
/*< private >*/
23
+&ldst_mult rm rn rt sz q p rpt selem
24
@@ -XXX,XX +XXX,XX @@ typedef struct ARMv7MState {
24
+@ldst_mult . q:1 ...... p:1 . . rm:5 .... sz:2 rn:5 rt:5 &ldst_mult
25
/* MemoryRegion the board provides to us (with its devices, RAM, etc) */
25
+ST_mult 0 . 001100 . 0 0 ..... 0000 .. ..... ..... @ldst_mult rpt=1 selem=4
26
MemoryRegion *board_memory;
26
+ST_mult 0 . 001100 . 0 0 ..... 0010 .. ..... ..... @ldst_mult rpt=4 selem=1
27
Object *idau;
27
+ST_mult 0 . 001100 . 0 0 ..... 0100 .. ..... ..... @ldst_mult rpt=1 selem=3
28
+ uint32_t init_svtor;
28
+ST_mult 0 . 001100 . 0 0 ..... 0110 .. ..... ..... @ldst_mult rpt=3 selem=1
29
} ARMv7MState;
29
+ST_mult 0 . 001100 . 0 0 ..... 0111 .. ..... ..... @ldst_mult rpt=1 selem=1
30
30
+ST_mult 0 . 001100 . 0 0 ..... 1000 .. ..... ..... @ldst_mult rpt=1 selem=2
31
#endif
31
+ST_mult 0 . 001100 . 0 0 ..... 1010 .. ..... ..... @ldst_mult rpt=2 selem=1
32
diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
32
+
33
+LD_mult 0 . 001100 . 1 0 ..... 0000 .. ..... ..... @ldst_mult rpt=1 selem=4
34
+LD_mult 0 . 001100 . 1 0 ..... 0010 .. ..... ..... @ldst_mult rpt=4 selem=1
35
+LD_mult 0 . 001100 . 1 0 ..... 0100 .. ..... ..... @ldst_mult rpt=1 selem=3
36
+LD_mult 0 . 001100 . 1 0 ..... 0110 .. ..... ..... @ldst_mult rpt=3 selem=1
37
+LD_mult 0 . 001100 . 1 0 ..... 0111 .. ..... ..... @ldst_mult rpt=1 selem=1
38
+LD_mult 0 . 001100 . 1 0 ..... 1000 .. ..... ..... @ldst_mult rpt=1 selem=2
39
+LD_mult 0 . 001100 . 1 0 ..... 1010 .. ..... ..... @ldst_mult rpt=2 selem=1
40
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
33
index XXXXXXX..XXXXXXX 100644
41
index XXXXXXX..XXXXXXX 100644
34
--- a/hw/arm/armv7m.c
42
--- a/target/arm/tcg/translate-a64.c
35
+++ b/hw/arm/armv7m.c
43
+++ b/target/arm/tcg/translate-a64.c
36
@@ -XXX,XX +XXX,XX @@ static void armv7m_realize(DeviceState *dev, Error **errp)
44
@@ -XXX,XX +XXX,XX @@ static bool trans_STLR_i(DisasContext *s, arg_ldapr_stlr_i *a)
37
return;
45
return true;
46
}
47
48
-/* AdvSIMD load/store multiple structures
49
- *
50
- * 31 30 29 23 22 21 16 15 12 11 10 9 5 4 0
51
- * +---+---+---------------+---+-------------+--------+------+------+------+
52
- * | 0 | Q | 0 0 1 1 0 0 0 | L | 0 0 0 0 0 0 | opcode | size | Rn | Rt |
53
- * +---+---+---------------+---+-------------+--------+------+------+------+
54
- *
55
- * AdvSIMD load/store multiple structures (post-indexed)
56
- *
57
- * 31 30 29 23 22 21 20 16 15 12 11 10 9 5 4 0
58
- * +---+---+---------------+---+---+---------+--------+------+------+------+
59
- * | 0 | Q | 0 0 1 1 0 0 1 | L | 0 | Rm | opcode | size | Rn | Rt |
60
- * +---+---+---------------+---+---+---------+--------+------+------+------+
61
- *
62
- * Rt: first (or only) SIMD&FP register to be transferred
63
- * Rn: base address or SP
64
- * Rm (post-index only): post-index register (when !31) or size dependent #imm
65
- */
66
-static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
67
+static bool trans_LD_mult(DisasContext *s, arg_ldst_mult *a)
68
{
69
- int rt = extract32(insn, 0, 5);
70
- int rn = extract32(insn, 5, 5);
71
- int rm = extract32(insn, 16, 5);
72
- int size = extract32(insn, 10, 2);
73
- int opcode = extract32(insn, 12, 4);
74
- bool is_store = !extract32(insn, 22, 1);
75
- bool is_postidx = extract32(insn, 23, 1);
76
- bool is_q = extract32(insn, 30, 1);
77
TCGv_i64 clean_addr, tcg_rn, tcg_ebytes;
78
MemOp endian, align, mop;
79
80
int total; /* total bytes */
81
int elements; /* elements per vector */
82
- int rpt; /* num iterations */
83
- int selem; /* structure elements */
84
int r;
85
+ int size = a->sz;
86
87
- if (extract32(insn, 31, 1) || extract32(insn, 21, 1)) {
88
- unallocated_encoding(s);
89
- return;
90
+ if (!a->p && a->rm != 0) {
91
+ /* For non-postindexed accesses the Rm field must be 0 */
92
+ return false;
93
}
94
-
95
- if (!is_postidx && rm != 0) {
96
- unallocated_encoding(s);
97
- return;
98
+ if (size == 3 && !a->q && a->selem != 1) {
99
+ return false;
100
}
101
-
102
- /* From the shared decode logic */
103
- switch (opcode) {
104
- case 0x0:
105
- rpt = 1;
106
- selem = 4;
107
- break;
108
- case 0x2:
109
- rpt = 4;
110
- selem = 1;
111
- break;
112
- case 0x4:
113
- rpt = 1;
114
- selem = 3;
115
- break;
116
- case 0x6:
117
- rpt = 3;
118
- selem = 1;
119
- break;
120
- case 0x7:
121
- rpt = 1;
122
- selem = 1;
123
- break;
124
- case 0x8:
125
- rpt = 1;
126
- selem = 2;
127
- break;
128
- case 0xa:
129
- rpt = 2;
130
- selem = 1;
131
- break;
132
- default:
133
- unallocated_encoding(s);
134
- return;
135
- }
136
-
137
- if (size == 3 && !is_q && selem != 1) {
138
- /* reserved */
139
- unallocated_encoding(s);
140
- return;
141
- }
142
-
143
if (!fp_access_check(s)) {
144
- return;
145
+ return true;
146
}
147
148
- if (rn == 31) {
149
+ if (a->rn == 31) {
150
gen_check_sp_alignment(s);
151
}
152
153
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
154
endian = MO_LE;
155
}
156
157
- total = rpt * selem * (is_q ? 16 : 8);
158
- tcg_rn = cpu_reg_sp(s, rn);
159
+ total = a->rpt * a->selem * (a->q ? 16 : 8);
160
+ tcg_rn = cpu_reg_sp(s, a->rn);
161
162
/*
163
* Issue the MTE check vs the logical repeat count, before we
164
* promote consecutive little-endian elements below.
165
*/
166
- clean_addr = gen_mte_checkN(s, tcg_rn, is_store, is_postidx || rn != 31,
167
- total, finalize_memop_asimd(s, size));
168
+ clean_addr = gen_mte_checkN(s, tcg_rn, false, a->p || a->rn != 31, total,
169
+ finalize_memop_asimd(s, size));
170
171
/*
172
* Consecutive little-endian elements from a single register
173
* can be promoted to a larger little-endian operation.
174
*/
175
align = MO_ALIGN;
176
- if (selem == 1 && endian == MO_LE) {
177
+ if (a->selem == 1 && endian == MO_LE) {
178
align = pow2_align(size);
179
size = 3;
180
}
181
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
182
}
183
mop = endian | size | align;
184
185
- elements = (is_q ? 16 : 8) >> size;
186
+ elements = (a->q ? 16 : 8) >> size;
187
tcg_ebytes = tcg_constant_i64(1 << size);
188
- for (r = 0; r < rpt; r++) {
189
+ for (r = 0; r < a->rpt; r++) {
190
int e;
191
for (e = 0; e < elements; e++) {
192
int xs;
193
- for (xs = 0; xs < selem; xs++) {
194
- int tt = (rt + r + xs) % 32;
195
- if (is_store) {
196
- do_vec_st(s, tt, e, clean_addr, mop);
197
- } else {
198
- do_vec_ld(s, tt, e, clean_addr, mop);
199
- }
200
+ for (xs = 0; xs < a->selem; xs++) {
201
+ int tt = (a->rt + r + xs) % 32;
202
+ do_vec_ld(s, tt, e, clean_addr, mop);
203
tcg_gen_add_i64(clean_addr, clean_addr, tcg_ebytes);
204
}
38
}
205
}
39
}
206
}
40
+ if (object_property_find(OBJECT(s->cpu), "init-svtor", NULL)) {
207
41
+ object_property_set_uint(OBJECT(s->cpu), s->init_svtor,
208
- if (!is_store) {
42
+ "init-svtor", &err);
209
- /* For non-quad operations, setting a slice of the low
43
+ if (err != NULL) {
210
- * 64 bits of the register clears the high 64 bits (in
44
+ error_propagate(errp, err);
211
- * the ARM ARM pseudocode this is implicit in the fact
45
+ return;
212
- * that 'rval' is a 64 bit wide variable).
213
- * For quad operations, we might still need to zero the
214
- * high bits of SVE.
215
- */
216
- for (r = 0; r < rpt * selem; r++) {
217
- int tt = (rt + r) % 32;
218
- clear_vec_high(s, is_q, tt);
219
+ /*
220
+ * For non-quad operations, setting a slice of the low 64 bits of
221
+ * the register clears the high 64 bits (in the ARM ARM pseudocode
222
+ * this is implicit in the fact that 'rval' is a 64 bit wide
223
+ * variable). For quad operations, we might still need to zero
224
+ * the high bits of SVE.
225
+ */
226
+ for (r = 0; r < a->rpt * a->selem; r++) {
227
+ int tt = (a->rt + r) % 32;
228
+ clear_vec_high(s, a->q, tt);
229
+ }
230
+
231
+ if (a->p) {
232
+ if (a->rm == 31) {
233
+ tcg_gen_addi_i64(tcg_rn, tcg_rn, total);
234
+ } else {
235
+ tcg_gen_add_i64(tcg_rn, tcg_rn, cpu_reg(s, a->rm));
46
+ }
236
+ }
47
+ }
237
+ }
48
object_property_set_bool(OBJECT(s->cpu), true, "realized", &err);
238
+ return true;
49
if (err != NULL) {
239
+}
50
error_propagate(errp, err);
240
+
51
@@ -XXX,XX +XXX,XX @@ static Property armv7m_properties[] = {
241
+static bool trans_ST_mult(DisasContext *s, arg_ldst_mult *a)
52
DEFINE_PROP_LINK("memory", ARMv7MState, board_memory, TYPE_MEMORY_REGION,
242
+{
53
MemoryRegion *),
243
+ TCGv_i64 clean_addr, tcg_rn, tcg_ebytes;
54
DEFINE_PROP_LINK("idau", ARMv7MState, idau, TYPE_IDAU_INTERFACE, Object *),
244
+ MemOp endian, align, mop;
55
+ DEFINE_PROP_UINT32("init-svtor", ARMv7MState, init_svtor, 0),
245
+
56
DEFINE_PROP_END_OF_LIST(),
246
+ int total; /* total bytes */
57
};
247
+ int elements; /* elements per vector */
58
248
+ int r;
249
+ int size = a->sz;
250
+
251
+ if (!a->p && a->rm != 0) {
252
+ /* For non-postindexed accesses the Rm field must be 0 */
253
+ return false;
254
+ }
255
+ if (size == 3 && !a->q && a->selem != 1) {
256
+ return false;
257
+ }
258
+ if (!fp_access_check(s)) {
259
+ return true;
260
+ }
261
+
262
+ if (a->rn == 31) {
263
+ gen_check_sp_alignment(s);
264
+ }
265
+
266
+ /* For our purposes, bytes are always little-endian. */
267
+ endian = s->be_data;
268
+ if (size == 0) {
269
+ endian = MO_LE;
270
+ }
271
+
272
+ total = a->rpt * a->selem * (a->q ? 16 : 8);
273
+ tcg_rn = cpu_reg_sp(s, a->rn);
274
+
275
+ /*
276
+ * Issue the MTE check vs the logical repeat count, before we
277
+ * promote consecutive little-endian elements below.
278
+ */
279
+ clean_addr = gen_mte_checkN(s, tcg_rn, true, a->p || a->rn != 31, total,
280
+ finalize_memop_asimd(s, size));
281
+
282
+ /*
283
+ * Consecutive little-endian elements from a single register
284
+ * can be promoted to a larger little-endian operation.
285
+ */
286
+ align = MO_ALIGN;
287
+ if (a->selem == 1 && endian == MO_LE) {
288
+ align = pow2_align(size);
289
+ size = 3;
290
+ }
291
+ if (!s->align_mem) {
292
+ align = 0;
293
+ }
294
+ mop = endian | size | align;
295
+
296
+ elements = (a->q ? 16 : 8) >> size;
297
+ tcg_ebytes = tcg_constant_i64(1 << size);
298
+ for (r = 0; r < a->rpt; r++) {
299
+ int e;
300
+ for (e = 0; e < elements; e++) {
301
+ int xs;
302
+ for (xs = 0; xs < a->selem; xs++) {
303
+ int tt = (a->rt + r + xs) % 32;
304
+ do_vec_st(s, tt, e, clean_addr, mop);
305
+ tcg_gen_add_i64(clean_addr, clean_addr, tcg_ebytes);
306
+ }
307
}
308
}
309
310
- if (is_postidx) {
311
- if (rm == 31) {
312
+ if (a->p) {
313
+ if (a->rm == 31) {
314
tcg_gen_addi_i64(tcg_rn, tcg_rn, total);
315
} else {
316
- tcg_gen_add_i64(tcg_rn, tcg_rn, cpu_reg(s, rm));
317
+ tcg_gen_add_i64(tcg_rn, tcg_rn, cpu_reg(s, a->rm));
318
}
319
}
320
+ return true;
321
}
322
323
/* AdvSIMD load/store single structure
324
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_tag(DisasContext *s, uint32_t insn)
325
static void disas_ldst(DisasContext *s, uint32_t insn)
326
{
327
switch (extract32(insn, 24, 6)) {
328
- case 0x0c: /* AdvSIMD load/store multiple structures */
329
- disas_ldst_multiple_struct(s, insn);
330
- break;
331
case 0x0d: /* AdvSIMD load/store single structure */
332
disas_ldst_single_struct(s, insn);
333
break;
59
--
334
--
60
2.16.2
335
2.34.1
61
62
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
Convert the ASIMD load/store single structure insns to decodetree.
2
2
3
Include the U bit in the switches rather than testing separately.
3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Message-id: 20230602155223.2040685-20-peter.maydell@linaro.org
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
---
7
target/arm/tcg/a64.decode | 34 +++++
8
target/arm/tcg/translate-a64.c | 219 +++++++++++++++------------------
9
2 files changed, 136 insertions(+), 117 deletions(-)
4
10
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Message-id: 20180228193125.20577-3-richard.henderson@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
target/arm/translate-a64.c | 129 +++++++++++++++++++++------------------------
11
1 file changed, 61 insertions(+), 68 deletions(-)
12
13
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
14
index XXXXXXX..XXXXXXX 100644
12
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/translate-a64.c
13
--- a/target/arm/tcg/a64.decode
16
+++ b/target/arm/translate-a64.c
14
+++ b/target/arm/tcg/a64.decode
17
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
15
@@ -XXX,XX +XXX,XX @@ LD_mult 0 . 001100 . 1 0 ..... 0110 .. ..... ..... @ldst_mult rpt=3 sele
18
int index;
16
LD_mult 0 . 001100 . 1 0 ..... 0111 .. ..... ..... @ldst_mult rpt=1 selem=1
19
TCGv_ptr fpst;
17
LD_mult 0 . 001100 . 1 0 ..... 1000 .. ..... ..... @ldst_mult rpt=1 selem=2
20
18
LD_mult 0 . 001100 . 1 0 ..... 1010 .. ..... ..... @ldst_mult rpt=2 selem=1
21
- switch (opcode) {
19
+
22
- case 0x0: /* MLA */
20
+# Load/store single structure
23
- case 0x4: /* MLS */
21
+&ldst_single rm rn rt p selem index scale
24
- if (!u || is_scalar) {
22
+
25
+ switch (16 * u + opcode) {
23
+%ldst_single_selem 13:1 21:1 !function=plus_1
26
+ case 0x08: /* MUL */
24
+
27
+ case 0x10: /* MLA */
25
+%ldst_single_index_b 30:1 10:3
28
+ case 0x14: /* MLS */
26
+%ldst_single_index_h 30:1 11:2
29
+ if (is_scalar) {
27
+%ldst_single_index_s 30:1 12:1
30
unallocated_encoding(s);
28
+
31
return;
29
+@ldst_single_b .. ...... p:1 .. rm:5 ...... rn:5 rt:5 \
32
}
30
+ &ldst_single scale=0 selem=%ldst_single_selem \
33
break;
31
+ index=%ldst_single_index_b
34
- case 0x2: /* SMLAL, SMLAL2, UMLAL, UMLAL2 */
32
+@ldst_single_h .. ...... p:1 .. rm:5 ...... rn:5 rt:5 \
35
- case 0x6: /* SMLSL, SMLSL2, UMLSL, UMLSL2 */
33
+ &ldst_single scale=1 selem=%ldst_single_selem \
36
- case 0xa: /* SMULL, SMULL2, UMULL, UMULL2 */
34
+ index=%ldst_single_index_h
37
+ case 0x02: /* SMLAL, SMLAL2 */
35
+@ldst_single_s .. ...... p:1 .. rm:5 ...... rn:5 rt:5 \
38
+ case 0x12: /* UMLAL, UMLAL2 */
36
+ &ldst_single scale=2 selem=%ldst_single_selem \
39
+ case 0x06: /* SMLSL, SMLSL2 */
37
+ index=%ldst_single_index_s
40
+ case 0x16: /* UMLSL, UMLSL2 */
38
+@ldst_single_d . index:1 ...... p:1 .. rm:5 ...... rn:5 rt:5 \
41
+ case 0x0a: /* SMULL, SMULL2 */
39
+ &ldst_single scale=3 selem=%ldst_single_selem
42
+ case 0x1a: /* UMULL, UMULL2 */
40
+
43
if (is_scalar) {
41
+ST_single 0 . 001101 . 0 . ..... 00 . ... ..... ..... @ldst_single_b
44
unallocated_encoding(s);
42
+ST_single 0 . 001101 . 0 . ..... 01 . ..0 ..... ..... @ldst_single_h
45
return;
43
+ST_single 0 . 001101 . 0 . ..... 10 . .00 ..... ..... @ldst_single_s
46
}
44
+ST_single 0 . 001101 . 0 . ..... 10 . 001 ..... ..... @ldst_single_d
47
is_long = true;
45
+
48
break;
46
+LD_single 0 . 001101 . 1 . ..... 00 . ... ..... ..... @ldst_single_b
49
- case 0x3: /* SQDMLAL, SQDMLAL2 */
47
+LD_single 0 . 001101 . 1 . ..... 01 . ..0 ..... ..... @ldst_single_h
50
- case 0x7: /* SQDMLSL, SQDMLSL2 */
48
+LD_single 0 . 001101 . 1 . ..... 10 . .00 ..... ..... @ldst_single_s
51
- case 0xb: /* SQDMULL, SQDMULL2 */
49
+LD_single 0 . 001101 . 1 . ..... 10 . 001 ..... ..... @ldst_single_d
52
+ case 0x03: /* SQDMLAL, SQDMLAL2 */
50
+
53
+ case 0x07: /* SQDMLSL, SQDMLSL2 */
51
+# Replicating load case
54
+ case 0x0b: /* SQDMULL, SQDMULL2 */
52
+LD_single_repl 0 q:1 001101 p:1 1 . rm:5 11 . 0 scale:2 rn:5 rt:5 selem=%ldst_single_selem
55
is_long = true;
53
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
56
- /* fall through */
54
index XXXXXXX..XXXXXXX 100644
57
- case 0xc: /* SQDMULH */
55
--- a/target/arm/tcg/translate-a64.c
58
- case 0xd: /* SQRDMULH */
56
+++ b/target/arm/tcg/translate-a64.c
59
- if (u) {
57
@@ -XXX,XX +XXX,XX @@ static bool trans_ST_mult(DisasContext *s, arg_ldst_mult *a)
58
return true;
59
}
60
61
-/* AdvSIMD load/store single structure
62
- *
63
- * 31 30 29 23 22 21 20 16 15 13 12 11 10 9 5 4 0
64
- * +---+---+---------------+-----+-----------+-----+---+------+------+------+
65
- * | 0 | Q | 0 0 1 1 0 1 0 | L R | 0 0 0 0 0 | opc | S | size | Rn | Rt |
66
- * +---+---+---------------+-----+-----------+-----+---+------+------+------+
67
- *
68
- * AdvSIMD load/store single structure (post-indexed)
69
- *
70
- * 31 30 29 23 22 21 20 16 15 13 12 11 10 9 5 4 0
71
- * +---+---+---------------+-----+-----------+-----+---+------+------+------+
72
- * | 0 | Q | 0 0 1 1 0 1 1 | L R | Rm | opc | S | size | Rn | Rt |
73
- * +---+---+---------------+-----+-----------+-----+---+------+------+------+
74
- *
75
- * Rt: first (or only) SIMD&FP register to be transferred
76
- * Rn: base address or SP
77
- * Rm (post-index only): post-index register (when !31) or size dependent #imm
78
- * index = encoded in Q:S:size dependent on size
79
- *
80
- * lane_size = encoded in R, opc
81
- * transfer width = encoded in opc, S, size
82
- */
83
-static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
84
+static bool trans_ST_single(DisasContext *s, arg_ldst_single *a)
85
{
86
- int rt = extract32(insn, 0, 5);
87
- int rn = extract32(insn, 5, 5);
88
- int rm = extract32(insn, 16, 5);
89
- int size = extract32(insn, 10, 2);
90
- int S = extract32(insn, 12, 1);
91
- int opc = extract32(insn, 13, 3);
92
- int R = extract32(insn, 21, 1);
93
- int is_load = extract32(insn, 22, 1);
94
- int is_postidx = extract32(insn, 23, 1);
95
- int is_q = extract32(insn, 30, 1);
96
-
97
- int scale = extract32(opc, 1, 2);
98
- int selem = (extract32(opc, 0, 1) << 1 | R) + 1;
99
- bool replicate = false;
100
- int index = is_q << 3 | S << 2 | size;
101
- int xs, total;
102
+ int xs, total, rt;
103
TCGv_i64 clean_addr, tcg_rn, tcg_ebytes;
104
MemOp mop;
105
106
- if (extract32(insn, 31, 1)) {
107
- unallocated_encoding(s);
108
- return;
109
+ if (!a->p && a->rm != 0) {
110
+ return false;
111
}
112
- if (!is_postidx && rm != 0) {
113
- unallocated_encoding(s);
114
- return;
115
- }
116
-
117
- switch (scale) {
118
- case 3:
119
- if (!is_load || S) {
60
- unallocated_encoding(s);
120
- unallocated_encoding(s);
61
- return;
121
- return;
62
- }
122
- }
63
break;
123
- scale = size;
64
- case 0x8: /* MUL */
124
- replicate = true;
65
- if (u || is_scalar) {
125
- break;
126
- case 0:
127
- break;
128
- case 1:
129
- if (extract32(size, 0, 1)) {
66
- unallocated_encoding(s);
130
- unallocated_encoding(s);
67
- return;
131
- return;
68
- }
132
- }
69
+ case 0x0c: /* SQDMULH */
133
- index >>= 1;
70
+ case 0x0d: /* SQRDMULH */
134
- break;
71
break;
135
- case 2:
72
- case 0x1: /* FMLA */
136
- if (extract32(size, 1, 1)) {
73
- case 0x5: /* FMLS */
74
- if (u) {
75
- unallocated_encoding(s);
137
- unallocated_encoding(s);
76
- return;
138
- return;
77
- }
139
- }
78
- /* fall through */
140
- if (!extract32(size, 0, 1)) {
79
- case 0x9: /* FMUL, FMULX */
141
- index >>= 2;
80
+ case 0x01: /* FMLA */
142
- } else {
81
+ case 0x05: /* FMLS */
143
- if (S) {
82
+ case 0x09: /* FMUL */
144
- unallocated_encoding(s);
83
+ case 0x19: /* FMULX */
145
- return;
84
if (size == 1) {
146
- }
85
unallocated_encoding(s);
147
- index >>= 3;
86
return;
148
- scale = 3;
87
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
149
- }
88
150
- break;
89
read_vec_element(s, tcg_op, rn, pass, MO_64);
151
- default:
90
152
- g_assert_not_reached();
91
- switch (opcode) {
153
- }
92
- case 0x5: /* FMLS */
154
-
93
+ switch (16 * u + opcode) {
155
if (!fp_access_check(s)) {
94
+ case 0x05: /* FMLS */
156
- return;
95
/* As usual for ARM, separate negation for fused multiply-add */
157
+ return true;
96
gen_helper_vfp_negd(tcg_op, tcg_op);
158
}
97
/* fall through */
159
98
- case 0x1: /* FMLA */
160
- if (rn == 31) {
99
+ case 0x01: /* FMLA */
161
+ if (a->rn == 31) {
100
read_vec_element(s, tcg_res, rd, pass, MO_64);
162
gen_check_sp_alignment(s);
101
gen_helper_vfp_muladdd(tcg_res, tcg_op, tcg_idx, tcg_res, fpst);
163
}
102
break;
164
103
- case 0x9: /* FMUL, FMULX */
165
- total = selem << scale;
104
- if (u) {
166
- tcg_rn = cpu_reg_sp(s, rn);
105
- gen_helper_vfp_mulxd(tcg_res, tcg_op, tcg_idx, fpst);
167
+ total = a->selem << a->scale;
106
- } else {
168
+ tcg_rn = cpu_reg_sp(s, a->rn);
107
- gen_helper_vfp_muld(tcg_res, tcg_op, tcg_idx, fpst);
169
108
- }
170
- mop = finalize_memop_asimd(s, scale);
109
+ case 0x09: /* FMUL */
171
-
110
+ gen_helper_vfp_muld(tcg_res, tcg_op, tcg_idx, fpst);
172
- clean_addr = gen_mte_checkN(s, tcg_rn, !is_load, is_postidx || rn != 31,
111
+ break;
173
+ mop = finalize_memop_asimd(s, a->scale);
112
+ case 0x19: /* FMULX */
174
+ clean_addr = gen_mte_checkN(s, tcg_rn, true, a->p || a->rn != 31,
113
+ gen_helper_vfp_mulxd(tcg_res, tcg_op, tcg_idx, fpst);
175
total, mop);
114
break;
176
115
default:
177
- tcg_ebytes = tcg_constant_i64(1 << scale);
116
g_assert_not_reached();
178
- for (xs = 0; xs < selem; xs++) {
117
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
179
- if (replicate) {
118
180
- /* Load and replicate to all elements */
119
read_vec_element_i32(s, tcg_op, rn, pass, is_scalar ? size : MO_32);
181
- TCGv_i64 tcg_tmp = tcg_temp_new_i64();
120
182
-
121
- switch (opcode) {
183
- tcg_gen_qemu_ld_i64(tcg_tmp, clean_addr, get_mem_index(s), mop);
122
- case 0x0: /* MLA */
184
- tcg_gen_gvec_dup_i64(scale, vec_full_reg_offset(s, rt),
123
- case 0x4: /* MLS */
185
- (is_q + 1) * 8, vec_full_reg_size(s),
124
- case 0x8: /* MUL */
186
- tcg_tmp);
125
+ switch (16 * u + opcode) {
187
- } else {
126
+ case 0x08: /* MUL */
188
- /* Load/store one element per register */
127
+ case 0x10: /* MLA */
189
- if (is_load) {
128
+ case 0x14: /* MLS */
190
- do_vec_ld(s, rt, index, clean_addr, mop);
129
{
191
- } else {
130
static NeonGenTwoOpFn * const fns[2][2] = {
192
- do_vec_st(s, rt, index, clean_addr, mop);
131
{ gen_helper_neon_add_u16, gen_helper_neon_sub_u16 },
193
- }
132
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
194
- }
133
genfn(tcg_res, tcg_op, tcg_res);
195
+ tcg_ebytes = tcg_constant_i64(1 << a->scale);
134
break;
196
+ for (xs = 0, rt = a->rt; xs < a->selem; xs++, rt = (rt + 1) % 32) {
135
}
197
+ do_vec_st(s, rt, a->index, clean_addr, mop);
136
- case 0x5: /* FMLS */
198
tcg_gen_add_i64(clean_addr, clean_addr, tcg_ebytes);
137
- case 0x1: /* FMLA */
199
- rt = (rt + 1) % 32;
138
+ case 0x05: /* FMLS */
200
}
139
+ case 0x01: /* FMLA */
201
140
read_vec_element_i32(s, tcg_res, rd, pass,
202
- if (is_postidx) {
141
is_scalar ? size : MO_32);
203
- if (rm == 31) {
142
switch (size) {
204
+ if (a->p) {
143
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
205
+ if (a->rm == 31) {
144
g_assert_not_reached();
206
tcg_gen_addi_i64(tcg_rn, tcg_rn, total);
145
}
207
} else {
146
break;
208
- tcg_gen_add_i64(tcg_rn, tcg_rn, cpu_reg(s, rm));
147
- case 0x9: /* FMUL, FMULX */
209
+ tcg_gen_add_i64(tcg_rn, tcg_rn, cpu_reg(s, a->rm));
148
+ case 0x09: /* FMUL */
210
}
149
switch (size) {
211
}
150
case 1:
212
+ return true;
151
- if (u) {
213
+}
152
- if (is_scalar) {
214
+
153
- gen_helper_advsimd_mulxh(tcg_res, tcg_op,
215
+static bool trans_LD_single(DisasContext *s, arg_ldst_single *a)
154
- tcg_idx, fpst);
216
+{
155
- } else {
217
+ int xs, total, rt;
156
- gen_helper_advsimd_mulx2h(tcg_res, tcg_op,
218
+ TCGv_i64 clean_addr, tcg_rn, tcg_ebytes;
157
- tcg_idx, fpst);
219
+ MemOp mop;
158
- }
220
+
159
+ if (is_scalar) {
221
+ if (!a->p && a->rm != 0) {
160
+ gen_helper_advsimd_mulh(tcg_res, tcg_op,
222
+ return false;
161
+ tcg_idx, fpst);
223
+ }
162
} else {
224
+ if (!fp_access_check(s)) {
163
- if (is_scalar) {
225
+ return true;
164
- gen_helper_advsimd_mulh(tcg_res, tcg_op,
226
+ }
165
- tcg_idx, fpst);
227
+
166
- } else {
228
+ if (a->rn == 31) {
167
- gen_helper_advsimd_mul2h(tcg_res, tcg_op,
229
+ gen_check_sp_alignment(s);
168
- tcg_idx, fpst);
230
+ }
169
- }
231
+
170
+ gen_helper_advsimd_mul2h(tcg_res, tcg_op,
232
+ total = a->selem << a->scale;
171
+ tcg_idx, fpst);
233
+ tcg_rn = cpu_reg_sp(s, a->rn);
172
}
234
+
173
break;
235
+ mop = finalize_memop_asimd(s, a->scale);
174
case 2:
236
+ clean_addr = gen_mte_checkN(s, tcg_rn, false, a->p || a->rn != 31,
175
- if (u) {
237
+ total, mop);
176
- gen_helper_vfp_mulxs(tcg_res, tcg_op, tcg_idx, fpst);
238
+
177
- } else {
239
+ tcg_ebytes = tcg_constant_i64(1 << a->scale);
178
- gen_helper_vfp_muls(tcg_res, tcg_op, tcg_idx, fpst);
240
+ for (xs = 0, rt = a->rt; xs < a->selem; xs++, rt = (rt + 1) % 32) {
179
- }
241
+ do_vec_ld(s, rt, a->index, clean_addr, mop);
180
+ gen_helper_vfp_muls(tcg_res, tcg_op, tcg_idx, fpst);
242
+ tcg_gen_add_i64(clean_addr, clean_addr, tcg_ebytes);
181
break;
243
+ }
182
default:
244
+
183
g_assert_not_reached();
245
+ if (a->p) {
184
}
246
+ if (a->rm == 31) {
185
break;
247
+ tcg_gen_addi_i64(tcg_rn, tcg_rn, total);
186
- case 0xc: /* SQDMULH */
248
+ } else {
187
+ case 0x19: /* FMULX */
249
+ tcg_gen_add_i64(tcg_rn, tcg_rn, cpu_reg(s, a->rm));
188
+ switch (size) {
250
+ }
189
+ case 1:
251
+ }
190
+ if (is_scalar) {
252
+ return true;
191
+ gen_helper_advsimd_mulxh(tcg_res, tcg_op,
253
+}
192
+ tcg_idx, fpst);
254
+
193
+ } else {
255
+static bool trans_LD_single_repl(DisasContext *s, arg_LD_single_repl *a)
194
+ gen_helper_advsimd_mulx2h(tcg_res, tcg_op,
256
+{
195
+ tcg_idx, fpst);
257
+ int xs, total, rt;
196
+ }
258
+ TCGv_i64 clean_addr, tcg_rn, tcg_ebytes;
197
+ break;
259
+ MemOp mop;
198
+ case 2:
260
+
199
+ gen_helper_vfp_mulxs(tcg_res, tcg_op, tcg_idx, fpst);
261
+ if (!a->p && a->rm != 0) {
200
+ break;
262
+ return false;
201
+ default:
263
+ }
202
+ g_assert_not_reached();
264
+ if (!fp_access_check(s)) {
203
+ }
265
+ return true;
204
+ break;
266
+ }
205
+ case 0x0c: /* SQDMULH */
267
+
206
if (size == 1) {
268
+ if (a->rn == 31) {
207
gen_helper_neon_qdmulh_s16(tcg_res, cpu_env,
269
+ gen_check_sp_alignment(s);
208
tcg_op, tcg_idx);
270
+ }
209
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
271
+
210
tcg_op, tcg_idx);
272
+ total = a->selem << a->scale;
211
}
273
+ tcg_rn = cpu_reg_sp(s, a->rn);
212
break;
274
+
213
- case 0xd: /* SQRDMULH */
275
+ mop = finalize_memop_asimd(s, a->scale);
214
+ case 0x0d: /* SQRDMULH */
276
+ clean_addr = gen_mte_checkN(s, tcg_rn, false, a->p || a->rn != 31,
215
if (size == 1) {
277
+ total, mop);
216
gen_helper_neon_qrdmulh_s16(tcg_res, cpu_env,
278
+
217
tcg_op, tcg_idx);
279
+ tcg_ebytes = tcg_constant_i64(1 << a->scale);
280
+ for (xs = 0, rt = a->rt; xs < a->selem; xs++, rt = (rt + 1) % 32) {
281
+ /* Load and replicate to all elements */
282
+ TCGv_i64 tcg_tmp = tcg_temp_new_i64();
283
+
284
+ tcg_gen_qemu_ld_i64(tcg_tmp, clean_addr, get_mem_index(s), mop);
285
+ tcg_gen_gvec_dup_i64(a->scale, vec_full_reg_offset(s, rt),
286
+ (a->q + 1) * 8, vec_full_reg_size(s), tcg_tmp);
287
+ tcg_gen_add_i64(clean_addr, clean_addr, tcg_ebytes);
288
+ }
289
+
290
+ if (a->p) {
291
+ if (a->rm == 31) {
292
+ tcg_gen_addi_i64(tcg_rn, tcg_rn, total);
293
+ } else {
294
+ tcg_gen_add_i64(tcg_rn, tcg_rn, cpu_reg(s, a->rm));
295
+ }
296
+ }
297
+ return true;
298
}
299
300
/*
301
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_tag(DisasContext *s, uint32_t insn)
302
static void disas_ldst(DisasContext *s, uint32_t insn)
303
{
304
switch (extract32(insn, 24, 6)) {
305
- case 0x0d: /* AdvSIMD load/store single structure */
306
- disas_ldst_single_struct(s, insn);
307
- break;
308
case 0x19:
309
if (extract32(insn, 21, 1) != 0) {
310
disas_ldst_tag(s, insn);
218
--
311
--
219
2.16.2
312
2.34.1
220
221
diff view generated by jsdifflib
1
Model the Arm IoT Kit documented in
1
Convert the instructions in the load/store memory tags instruction
2
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ecm0601256/index.html
2
group to decodetree.
3
4
The Arm IoT Kit is a subsystem which includes a CPU and some devices,
5
and is intended be extended by adding extra devices to form a
6
complete system. It is used in the MPS2 board's AN505 image for the
7
Cortex-M33.
8
3
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
11
Message-id: 20180220180325.29818-19-peter.maydell@linaro.org
6
Message-id: 20230602155223.2040685-21-peter.maydell@linaro.org
12
---
7
---
13
hw/arm/Makefile.objs | 1 +
8
target/arm/tcg/a64.decode | 25 +++
14
include/hw/arm/iotkit.h | 109 ++++++++
9
target/arm/tcg/translate-a64.c | 360 ++++++++++++++++-----------------
15
hw/arm/iotkit.c | 598 ++++++++++++++++++++++++++++++++++++++++
10
2 files changed, 199 insertions(+), 186 deletions(-)
16
default-configs/arm-softmmu.mak | 1 +
17
4 files changed, 709 insertions(+)
18
create mode 100644 include/hw/arm/iotkit.h
19
create mode 100644 hw/arm/iotkit.c
20
11
21
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
12
diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode
22
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
23
--- a/hw/arm/Makefile.objs
14
--- a/target/arm/tcg/a64.decode
24
+++ b/hw/arm/Makefile.objs
15
+++ b/target/arm/tcg/a64.decode
25
@@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
16
@@ -XXX,XX +XXX,XX @@ LD_single 0 . 001101 . 1 . ..... 10 . 001 ..... ..... @ldst_single_d
26
obj-$(CONFIG_ASPEED_SOC) += aspeed_soc.o aspeed.o
17
27
obj-$(CONFIG_MPS2) += mps2.o
18
# Replicating load case
28
obj-$(CONFIG_MSF2) += msf2-soc.o msf2-som.o
19
LD_single_repl 0 q:1 001101 p:1 1 . rm:5 11 . 0 scale:2 rn:5 rt:5 selem=%ldst_single_selem
29
+obj-$(CONFIG_IOTKIT) += iotkit.o
20
+
30
diff --git a/include/hw/arm/iotkit.h b/include/hw/arm/iotkit.h
21
+%tag_offset 12:s9 !function=scale_by_log2_tag_granule
31
new file mode 100644
22
+&ldst_tag rn rt imm p w
32
index XXXXXXX..XXXXXXX
23
+@ldst_tag ........ .. . ......... .. rn:5 rt:5 &ldst_tag imm=%tag_offset
33
--- /dev/null
24
+@ldst_tag_mult ........ .. . 000000000 .. rn:5 rt:5 &ldst_tag imm=0
34
+++ b/include/hw/arm/iotkit.h
25
+
35
@@ -XXX,XX +XXX,XX @@
26
+STZGM 11011001 00 1 ......... 00 ..... ..... @ldst_tag_mult p=0 w=0
36
+/*
27
+STG 11011001 00 1 ......... 01 ..... ..... @ldst_tag p=1 w=1
37
+ * ARM IoT Kit
28
+STG 11011001 00 1 ......... 10 ..... ..... @ldst_tag p=0 w=0
38
+ *
29
+STG 11011001 00 1 ......... 11 ..... ..... @ldst_tag p=0 w=1
39
+ * Copyright (c) 2018 Linaro Limited
30
+
40
+ * Written by Peter Maydell
31
+LDG 11011001 01 1 ......... 00 ..... ..... @ldst_tag p=0 w=0
41
+ *
32
+STZG 11011001 01 1 ......... 01 ..... ..... @ldst_tag p=1 w=1
42
+ * This program is free software; you can redistribute it and/or modify
33
+STZG 11011001 01 1 ......... 10 ..... ..... @ldst_tag p=0 w=0
43
+ * it under the terms of the GNU General Public License version 2 or
34
+STZG 11011001 01 1 ......... 11 ..... ..... @ldst_tag p=0 w=1
44
+ * (at your option) any later version.
35
+
45
+ */
36
+STGM 11011001 10 1 ......... 00 ..... ..... @ldst_tag_mult p=0 w=0
46
+
37
+ST2G 11011001 10 1 ......... 01 ..... ..... @ldst_tag p=1 w=1
47
+/* This is a model of the Arm IoT Kit which is documented in
38
+ST2G 11011001 10 1 ......... 10 ..... ..... @ldst_tag p=0 w=0
48
+ * http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ecm0601256/index.html
39
+ST2G 11011001 10 1 ......... 11 ..... ..... @ldst_tag p=0 w=1
49
+ * It contains:
40
+
50
+ * a Cortex-M33
41
+LDGM 11011001 11 1 ......... 00 ..... ..... @ldst_tag_mult p=0 w=0
51
+ * the IDAU
42
+STZ2G 11011001 11 1 ......... 01 ..... ..... @ldst_tag p=1 w=1
52
+ * some timers and watchdogs
43
+STZ2G 11011001 11 1 ......... 10 ..... ..... @ldst_tag p=0 w=0
53
+ * two peripheral protection controllers
44
+STZ2G 11011001 11 1 ......... 11 ..... ..... @ldst_tag p=0 w=1
54
+ * a memory protection controller
45
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
55
+ * a security controller
46
index XXXXXXX..XXXXXXX 100644
56
+ * a bus fabric which arranges that some parts of the address
47
--- a/target/arm/tcg/translate-a64.c
57
+ * space are secure and non-secure aliases of each other
48
+++ b/target/arm/tcg/translate-a64.c
58
+ *
49
@@ -XXX,XX +XXX,XX @@ static int uimm_scaled(DisasContext *s, int x)
59
+ * QEMU interface:
50
return imm << scale;
60
+ * + QOM property "memory" is a MemoryRegion containing the devices provided
51
}
61
+ * by the board model.
52
62
+ * + QOM property "MAINCLK" is the frequency of the main system clock
53
+/* For load/store memory tags: scale offset by LOG2_TAG_GRANULE */
63
+ * + QOM property "EXP_NUMIRQ" sets the number of expansion interrupts
54
+static int scale_by_log2_tag_granule(DisasContext *s, int x)
64
+ * + Named GPIO inputs "EXP_IRQ" 0..n are the expansion interrupts, which
65
+ * are wired to the NVIC lines 32 .. n+32
66
+ * Controlling up to 4 AHB expansion PPBs which a system using the IoTKit
67
+ * might provide:
68
+ * + named GPIO outputs apb_ppcexp{0,1,2,3}_nonsec[0..15]
69
+ * + named GPIO outputs apb_ppcexp{0,1,2,3}_ap[0..15]
70
+ * + named GPIO outputs apb_ppcexp{0,1,2,3}_irq_enable
71
+ * + named GPIO outputs apb_ppcexp{0,1,2,3}_irq_clear
72
+ * + named GPIO inputs apb_ppcexp{0,1,2,3}_irq_status
73
+ * Controlling each of the 4 expansion AHB PPCs which a system using the IoTKit
74
+ * might provide:
75
+ * + named GPIO outputs ahb_ppcexp{0,1,2,3}_nonsec[0..15]
76
+ * + named GPIO outputs ahb_ppcexp{0,1,2,3}_ap[0..15]
77
+ * + named GPIO outputs ahb_ppcexp{0,1,2,3}_irq_enable
78
+ * + named GPIO outputs ahb_ppcexp{0,1,2,3}_irq_clear
79
+ * + named GPIO inputs ahb_ppcexp{0,1,2,3}_irq_status
80
+ */
81
+
82
+#ifndef IOTKIT_H
83
+#define IOTKIT_H
84
+
85
+#include "hw/sysbus.h"
86
+#include "hw/arm/armv7m.h"
87
+#include "hw/misc/iotkit-secctl.h"
88
+#include "hw/misc/tz-ppc.h"
89
+#include "hw/timer/cmsdk-apb-timer.h"
90
+#include "hw/misc/unimp.h"
91
+#include "hw/or-irq.h"
92
+#include "hw/core/split-irq.h"
93
+
94
+#define TYPE_IOTKIT "iotkit"
95
+#define IOTKIT(obj) OBJECT_CHECK(IoTKit, (obj), TYPE_IOTKIT)
96
+
97
+/* We have an IRQ splitter and an OR gate input for each external PPC
98
+ * and the 2 internal PPCs
99
+ */
100
+#define NUM_EXTERNAL_PPCS (IOTS_NUM_AHB_EXP_PPC + IOTS_NUM_APB_EXP_PPC)
101
+#define NUM_PPCS (NUM_EXTERNAL_PPCS + 2)
102
+
103
+typedef struct IoTKit {
104
+ /*< private >*/
105
+ SysBusDevice parent_obj;
106
+
107
+ /*< public >*/
108
+ ARMv7MState armv7m;
109
+ IoTKitSecCtl secctl;
110
+ TZPPC apb_ppc0;
111
+ TZPPC apb_ppc1;
112
+ CMSDKAPBTIMER timer0;
113
+ CMSDKAPBTIMER timer1;
114
+ qemu_or_irq ppc_irq_orgate;
115
+ SplitIRQ sec_resp_splitter;
116
+ SplitIRQ ppc_irq_splitter[NUM_PPCS];
117
+
118
+ UnimplementedDeviceState dualtimer;
119
+ UnimplementedDeviceState s32ktimer;
120
+
121
+ MemoryRegion container;
122
+ MemoryRegion alias1;
123
+ MemoryRegion alias2;
124
+ MemoryRegion alias3;
125
+ MemoryRegion sram0;
126
+
127
+ qemu_irq *exp_irqs;
128
+ qemu_irq ppc0_irq;
129
+ qemu_irq ppc1_irq;
130
+ qemu_irq sec_resp_cfg;
131
+ qemu_irq sec_resp_cfg_in;
132
+ qemu_irq nsc_cfg_in;
133
+
134
+ qemu_irq irq_status_in[NUM_EXTERNAL_PPCS];
135
+
136
+ uint32_t nsccfg;
137
+
138
+ /* Properties */
139
+ MemoryRegion *board_memory;
140
+ uint32_t exp_numirq;
141
+ uint32_t mainclk_frq;
142
+} IoTKit;
143
+
144
+#endif
145
diff --git a/hw/arm/iotkit.c b/hw/arm/iotkit.c
146
new file mode 100644
147
index XXXXXXX..XXXXXXX
148
--- /dev/null
149
+++ b/hw/arm/iotkit.c
150
@@ -XXX,XX +XXX,XX @@
151
+/*
152
+ * Arm IoT Kit
153
+ *
154
+ * Copyright (c) 2018 Linaro Limited
155
+ * Written by Peter Maydell
156
+ *
157
+ * This program is free software; you can redistribute it and/or modify
158
+ * it under the terms of the GNU General Public License version 2 or
159
+ * (at your option) any later version.
160
+ */
161
+
162
+#include "qemu/osdep.h"
163
+#include "qemu/log.h"
164
+#include "qapi/error.h"
165
+#include "trace.h"
166
+#include "hw/sysbus.h"
167
+#include "hw/registerfields.h"
168
+#include "hw/arm/iotkit.h"
169
+#include "hw/misc/unimp.h"
170
+#include "hw/arm/arm.h"
171
+
172
+/* Create an alias region of @size bytes starting at @base
173
+ * which mirrors the memory starting at @orig.
174
+ */
175
+static void make_alias(IoTKit *s, MemoryRegion *mr, const char *name,
176
+ hwaddr base, hwaddr size, hwaddr orig)
177
+{
55
+{
178
+ memory_region_init_alias(mr, NULL, name, &s->container, orig, size);
56
+ return x << LOG2_TAG_GRANULE;
179
+ /* The alias is even lower priority than unimplemented_device regions */
180
+ memory_region_add_subregion_overlap(&s->container, base, mr, -1500);
181
+}
57
+}
182
+
58
+
183
+static void init_sysbus_child(Object *parent, const char *childname,
59
/*
184
+ void *child, size_t childsize,
60
* Include the generated decoders.
185
+ const char *childtype)
61
*/
62
@@ -XXX,XX +XXX,XX @@ static bool trans_LD_single_repl(DisasContext *s, arg_LD_single_repl *a)
63
return true;
64
}
65
66
-/*
67
- * Load/Store memory tags
68
- *
69
- * 31 30 29 24 22 21 12 10 5 0
70
- * +-----+-------------+-----+---+------+-----+------+------+
71
- * | 1 1 | 0 1 1 0 0 1 | op1 | 1 | imm9 | op2 | Rn | Rt |
72
- * +-----+-------------+-----+---+------+-----+------+------+
73
- */
74
-static void disas_ldst_tag(DisasContext *s, uint32_t insn)
75
+static bool trans_STZGM(DisasContext *s, arg_ldst_tag *a)
76
{
77
- int rt = extract32(insn, 0, 5);
78
- int rn = extract32(insn, 5, 5);
79
- uint64_t offset = sextract64(insn, 12, 9) << LOG2_TAG_GRANULE;
80
- int op2 = extract32(insn, 10, 2);
81
- int op1 = extract32(insn, 22, 2);
82
- bool is_load = false, is_pair = false, is_zero = false, is_mult = false;
83
- int index = 0;
84
TCGv_i64 addr, clean_addr, tcg_rt;
85
+ int size = 4 << s->dcz_blocksize;
86
87
- /* We checked insn bits [29:24,21] in the caller. */
88
- if (extract32(insn, 30, 2) != 3) {
89
- goto do_unallocated;
90
+ if (!dc_isar_feature(aa64_mte, s)) {
91
+ return false;
92
+ }
93
+ if (s->current_el == 0) {
94
+ return false;
95
}
96
97
- /*
98
- * @index is a tri-state variable which has 3 states:
99
- * < 0 : post-index, writeback
100
- * = 0 : signed offset
101
- * > 0 : pre-index, writeback
102
- */
103
- switch (op1) {
104
- case 0:
105
- if (op2 != 0) {
106
- /* STG */
107
- index = op2 - 2;
108
- } else {
109
- /* STZGM */
110
- if (s->current_el == 0 || offset != 0) {
111
- goto do_unallocated;
112
- }
113
- is_mult = is_zero = true;
114
- }
115
- break;
116
- case 1:
117
- if (op2 != 0) {
118
- /* STZG */
119
- is_zero = true;
120
- index = op2 - 2;
121
- } else {
122
- /* LDG */
123
- is_load = true;
124
- }
125
- break;
126
- case 2:
127
- if (op2 != 0) {
128
- /* ST2G */
129
- is_pair = true;
130
- index = op2 - 2;
131
- } else {
132
- /* STGM */
133
- if (s->current_el == 0 || offset != 0) {
134
- goto do_unallocated;
135
- }
136
- is_mult = true;
137
- }
138
- break;
139
- case 3:
140
- if (op2 != 0) {
141
- /* STZ2G */
142
- is_pair = is_zero = true;
143
- index = op2 - 2;
144
- } else {
145
- /* LDGM */
146
- if (s->current_el == 0 || offset != 0) {
147
- goto do_unallocated;
148
- }
149
- is_mult = is_load = true;
150
- }
151
- break;
152
-
153
- default:
154
- do_unallocated:
155
- unallocated_encoding(s);
156
- return;
157
- }
158
-
159
- if (is_mult
160
- ? !dc_isar_feature(aa64_mte, s)
161
- : !dc_isar_feature(aa64_mte_insn_reg, s)) {
162
- goto do_unallocated;
163
- }
164
-
165
- if (rn == 31) {
166
+ if (a->rn == 31) {
167
gen_check_sp_alignment(s);
168
}
169
170
- addr = read_cpu_reg_sp(s, rn, true);
171
- if (index >= 0) {
172
+ addr = read_cpu_reg_sp(s, a->rn, true);
173
+ tcg_gen_addi_i64(addr, addr, a->imm);
174
+ tcg_rt = cpu_reg(s, a->rt);
175
+
176
+ if (s->ata) {
177
+ gen_helper_stzgm_tags(cpu_env, addr, tcg_rt);
178
+ }
179
+ /*
180
+ * The non-tags portion of STZGM is mostly like DC_ZVA,
181
+ * except the alignment happens before the access.
182
+ */
183
+ clean_addr = clean_data_tbi(s, addr);
184
+ tcg_gen_andi_i64(clean_addr, clean_addr, -size);
185
+ gen_helper_dc_zva(cpu_env, clean_addr);
186
+ return true;
187
+}
188
+
189
+static bool trans_STGM(DisasContext *s, arg_ldst_tag *a)
186
+{
190
+{
187
+ object_initialize(child, childsize, childtype);
191
+ TCGv_i64 addr, clean_addr, tcg_rt;
188
+ object_property_add_child(parent, childname, OBJECT(child), &error_abort);
192
+
189
+ qdev_set_parent_bus(DEVICE(child), sysbus_get_default());
193
+ if (!dc_isar_feature(aa64_mte, s)) {
194
+ return false;
195
+ }
196
+ if (s->current_el == 0) {
197
+ return false;
198
+ }
199
+
200
+ if (a->rn == 31) {
201
+ gen_check_sp_alignment(s);
202
+ }
203
+
204
+ addr = read_cpu_reg_sp(s, a->rn, true);
205
+ tcg_gen_addi_i64(addr, addr, a->imm);
206
+ tcg_rt = cpu_reg(s, a->rt);
207
+
208
+ if (s->ata) {
209
+ gen_helper_stgm(cpu_env, addr, tcg_rt);
210
+ } else {
211
+ MMUAccessType acc = MMU_DATA_STORE;
212
+ int size = 4 << GMID_EL1_BS;
213
+
214
+ clean_addr = clean_data_tbi(s, addr);
215
+ tcg_gen_andi_i64(clean_addr, clean_addr, -size);
216
+ gen_probe_access(s, clean_addr, acc, size);
217
+ }
218
+ return true;
190
+}
219
+}
191
+
220
+
192
+static void irq_status_forwarder(void *opaque, int n, int level)
221
+static bool trans_LDGM(DisasContext *s, arg_ldst_tag *a)
193
+{
222
+{
194
+ qemu_irq destirq = opaque;
223
+ TCGv_i64 addr, clean_addr, tcg_rt;
195
+
224
+
196
+ qemu_set_irq(destirq, level);
225
+ if (!dc_isar_feature(aa64_mte, s)) {
226
+ return false;
227
+ }
228
+ if (s->current_el == 0) {
229
+ return false;
230
+ }
231
+
232
+ if (a->rn == 31) {
233
+ gen_check_sp_alignment(s);
234
+ }
235
+
236
+ addr = read_cpu_reg_sp(s, a->rn, true);
237
+ tcg_gen_addi_i64(addr, addr, a->imm);
238
+ tcg_rt = cpu_reg(s, a->rt);
239
+
240
+ if (s->ata) {
241
+ gen_helper_ldgm(tcg_rt, cpu_env, addr);
242
+ } else {
243
+ MMUAccessType acc = MMU_DATA_LOAD;
244
+ int size = 4 << GMID_EL1_BS;
245
+
246
+ clean_addr = clean_data_tbi(s, addr);
247
+ tcg_gen_andi_i64(clean_addr, clean_addr, -size);
248
+ gen_probe_access(s, clean_addr, acc, size);
249
+ /* The result tags are zeros. */
250
+ tcg_gen_movi_i64(tcg_rt, 0);
251
+ }
252
+ return true;
197
+}
253
+}
198
+
254
+
199
+static void nsccfg_handler(void *opaque, int n, int level)
255
+static bool trans_LDG(DisasContext *s, arg_ldst_tag *a)
200
+{
256
+{
201
+ IoTKit *s = IOTKIT(opaque);
257
+ TCGv_i64 addr, clean_addr, tcg_rt;
202
+
258
+
203
+ s->nsccfg = level;
259
+ if (!dc_isar_feature(aa64_mte_insn_reg, s)) {
260
+ return false;
261
+ }
262
+
263
+ if (a->rn == 31) {
264
+ gen_check_sp_alignment(s);
265
+ }
266
+
267
+ addr = read_cpu_reg_sp(s, a->rn, true);
268
+ if (!a->p) {
269
/* pre-index or signed offset */
270
- tcg_gen_addi_i64(addr, addr, offset);
271
+ tcg_gen_addi_i64(addr, addr, a->imm);
272
}
273
274
- if (is_mult) {
275
- tcg_rt = cpu_reg(s, rt);
276
+ tcg_gen_andi_i64(addr, addr, -TAG_GRANULE);
277
+ tcg_rt = cpu_reg(s, a->rt);
278
+ if (s->ata) {
279
+ gen_helper_ldg(tcg_rt, cpu_env, addr, tcg_rt);
280
+ } else {
281
+ /*
282
+ * Tag access disabled: we must check for aborts on the load
283
+ * load from [rn+offset], and then insert a 0 tag into rt.
284
+ */
285
+ clean_addr = clean_data_tbi(s, addr);
286
+ gen_probe_access(s, clean_addr, MMU_DATA_LOAD, MO_8);
287
+ gen_address_with_allocation_tag0(tcg_rt, tcg_rt);
288
+ }
289
290
- if (is_zero) {
291
- int size = 4 << s->dcz_blocksize;
292
-
293
- if (s->ata) {
294
- gen_helper_stzgm_tags(cpu_env, addr, tcg_rt);
295
- }
296
- /*
297
- * The non-tags portion of STZGM is mostly like DC_ZVA,
298
- * except the alignment happens before the access.
299
- */
300
- clean_addr = clean_data_tbi(s, addr);
301
- tcg_gen_andi_i64(clean_addr, clean_addr, -size);
302
- gen_helper_dc_zva(cpu_env, clean_addr);
303
- } else if (s->ata) {
304
- if (is_load) {
305
- gen_helper_ldgm(tcg_rt, cpu_env, addr);
306
- } else {
307
- gen_helper_stgm(cpu_env, addr, tcg_rt);
308
- }
309
- } else {
310
- MMUAccessType acc = is_load ? MMU_DATA_LOAD : MMU_DATA_STORE;
311
- int size = 4 << GMID_EL1_BS;
312
-
313
- clean_addr = clean_data_tbi(s, addr);
314
- tcg_gen_andi_i64(clean_addr, clean_addr, -size);
315
- gen_probe_access(s, clean_addr, acc, size);
316
-
317
- if (is_load) {
318
- /* The result tags are zeros. */
319
- tcg_gen_movi_i64(tcg_rt, 0);
320
- }
321
+ if (a->w) {
322
+ /* pre-index or post-index */
323
+ if (a->p) {
324
+ /* post-index */
325
+ tcg_gen_addi_i64(addr, addr, a->imm);
326
}
327
- return;
328
+ tcg_gen_mov_i64(cpu_reg_sp(s, a->rn), addr);
329
+ }
330
+ return true;
204
+}
331
+}
205
+
332
+
206
+static void iotkit_forward_ppc(IoTKit *s, const char *ppcname, int ppcnum)
333
+static bool do_STG(DisasContext *s, arg_ldst_tag *a, bool is_zero, bool is_pair)
207
+{
334
+{
208
+ /* Each of the 4 AHB and 4 APB PPCs that might be present in a
335
+ TCGv_i64 addr, tcg_rt;
209
+ * system using the IoTKit has a collection of control lines which
336
+
210
+ * are provided by the security controller and which we want to
337
+ if (a->rn == 31) {
211
+ * expose as control lines on the IoTKit device itself, so the
338
+ gen_check_sp_alignment(s);
212
+ * code using the IoTKit can wire them up to the PPCs.
339
}
213
+ */
340
214
+ SplitIRQ *splitter = &s->ppc_irq_splitter[ppcnum];
341
- if (is_load) {
215
+ DeviceState *iotkitdev = DEVICE(s);
342
- tcg_gen_andi_i64(addr, addr, -TAG_GRANULE);
216
+ DeviceState *dev_secctl = DEVICE(&s->secctl);
343
- tcg_rt = cpu_reg(s, rt);
217
+ DeviceState *dev_splitter = DEVICE(splitter);
344
- if (s->ata) {
218
+ char *name;
345
- gen_helper_ldg(tcg_rt, cpu_env, addr, tcg_rt);
219
+
346
+ addr = read_cpu_reg_sp(s, a->rn, true);
220
+ name = g_strdup_printf("%s_nonsec", ppcname);
347
+ if (!a->p) {
221
+ qdev_pass_gpios(dev_secctl, iotkitdev, name);
348
+ /* pre-index or signed offset */
222
+ g_free(name);
349
+ tcg_gen_addi_i64(addr, addr, a->imm);
223
+ name = g_strdup_printf("%s_ap", ppcname);
350
+ }
224
+ qdev_pass_gpios(dev_secctl, iotkitdev, name);
351
+ tcg_rt = cpu_reg_sp(s, a->rt);
225
+ g_free(name);
352
+ if (!s->ata) {
226
+ name = g_strdup_printf("%s_irq_enable", ppcname);
353
+ /*
227
+ qdev_pass_gpios(dev_secctl, iotkitdev, name);
354
+ * For STG and ST2G, we need to check alignment and probe memory.
228
+ g_free(name);
355
+ * TODO: For STZG and STZ2G, we could rely on the stores below,
229
+ name = g_strdup_printf("%s_irq_clear", ppcname);
356
+ * at least for system mode; user-only won't enforce alignment.
230
+ qdev_pass_gpios(dev_secctl, iotkitdev, name);
357
+ */
231
+ g_free(name);
358
+ if (is_pair) {
232
+
359
+ gen_helper_st2g_stub(cpu_env, addr);
233
+ /* irq_status is a little more tricky, because we need to
360
} else {
234
+ * split it so we can send it both to the security controller
361
- /*
235
+ * and to our OR gate for the NVIC interrupt line.
362
- * Tag access disabled: we must check for aborts on the load
236
+ * Connect up the splitter's outputs, and create a GPIO input
363
- * load from [rn+offset], and then insert a 0 tag into rt.
237
+ * which will pass the line state to the input splitter.
364
- */
238
+ */
365
- clean_addr = clean_data_tbi(s, addr);
239
+ name = g_strdup_printf("%s_irq_status", ppcname);
366
- gen_probe_access(s, clean_addr, MMU_DATA_LOAD, MO_8);
240
+ qdev_connect_gpio_out(dev_splitter, 0,
367
- gen_address_with_allocation_tag0(tcg_rt, tcg_rt);
241
+ qdev_get_gpio_in_named(dev_secctl,
368
+ gen_helper_stg_stub(cpu_env, addr);
242
+ name, 0));
243
+ qdev_connect_gpio_out(dev_splitter, 1,
244
+ qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), ppcnum));
245
+ s->irq_status_in[ppcnum] = qdev_get_gpio_in(dev_splitter, 0);
246
+ qdev_init_gpio_in_named_with_opaque(iotkitdev, irq_status_forwarder,
247
+ s->irq_status_in[ppcnum], name, 1);
248
+ g_free(name);
249
+}
250
+
251
+static void iotkit_forward_sec_resp_cfg(IoTKit *s)
252
+{
253
+ /* Forward the 3rd output from the splitter device as a
254
+ * named GPIO output of the iotkit object.
255
+ */
256
+ DeviceState *dev = DEVICE(s);
257
+ DeviceState *dev_splitter = DEVICE(&s->sec_resp_splitter);
258
+
259
+ qdev_init_gpio_out_named(dev, &s->sec_resp_cfg, "sec_resp_cfg", 1);
260
+ s->sec_resp_cfg_in = qemu_allocate_irq(irq_status_forwarder,
261
+ s->sec_resp_cfg, 1);
262
+ qdev_connect_gpio_out(dev_splitter, 2, s->sec_resp_cfg_in);
263
+}
264
+
265
+static void iotkit_init(Object *obj)
266
+{
267
+ IoTKit *s = IOTKIT(obj);
268
+ int i;
269
+
270
+ memory_region_init(&s->container, obj, "iotkit-container", UINT64_MAX);
271
+
272
+ init_sysbus_child(obj, "armv7m", &s->armv7m, sizeof(s->armv7m),
273
+ TYPE_ARMV7M);
274
+ qdev_prop_set_string(DEVICE(&s->armv7m), "cpu-type",
275
+ ARM_CPU_TYPE_NAME("cortex-m33"));
276
+
277
+ init_sysbus_child(obj, "secctl", &s->secctl, sizeof(s->secctl),
278
+ TYPE_IOTKIT_SECCTL);
279
+ init_sysbus_child(obj, "apb-ppc0", &s->apb_ppc0, sizeof(s->apb_ppc0),
280
+ TYPE_TZ_PPC);
281
+ init_sysbus_child(obj, "apb-ppc1", &s->apb_ppc1, sizeof(s->apb_ppc1),
282
+ TYPE_TZ_PPC);
283
+ init_sysbus_child(obj, "timer0", &s->timer0, sizeof(s->timer0),
284
+ TYPE_CMSDK_APB_TIMER);
285
+ init_sysbus_child(obj, "timer1", &s->timer1, sizeof(s->timer1),
286
+ TYPE_CMSDK_APB_TIMER);
287
+ init_sysbus_child(obj, "dualtimer", &s->dualtimer, sizeof(s->dualtimer),
288
+ TYPE_UNIMPLEMENTED_DEVICE);
289
+ object_initialize(&s->ppc_irq_orgate, sizeof(s->ppc_irq_orgate),
290
+ TYPE_OR_IRQ);
291
+ object_property_add_child(obj, "ppc-irq-orgate",
292
+ OBJECT(&s->ppc_irq_orgate), &error_abort);
293
+ object_initialize(&s->sec_resp_splitter, sizeof(s->sec_resp_splitter),
294
+ TYPE_SPLIT_IRQ);
295
+ object_property_add_child(obj, "sec-resp-splitter",
296
+ OBJECT(&s->sec_resp_splitter), &error_abort);
297
+ for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) {
298
+ char *name = g_strdup_printf("ppc-irq-splitter-%d", i);
299
+ SplitIRQ *splitter = &s->ppc_irq_splitter[i];
300
+
301
+ object_initialize(splitter, sizeof(*splitter), TYPE_SPLIT_IRQ);
302
+ object_property_add_child(obj, name, OBJECT(splitter), &error_abort);
303
+ }
304
+ init_sysbus_child(obj, "s32ktimer", &s->s32ktimer, sizeof(s->s32ktimer),
305
+ TYPE_UNIMPLEMENTED_DEVICE);
306
+}
307
+
308
+static void iotkit_exp_irq(void *opaque, int n, int level)
309
+{
310
+ IoTKit *s = IOTKIT(opaque);
311
+
312
+ qemu_set_irq(s->exp_irqs[n], level);
313
+}
314
+
315
+static void iotkit_realize(DeviceState *dev, Error **errp)
316
+{
317
+ IoTKit *s = IOTKIT(dev);
318
+ int i;
319
+ MemoryRegion *mr;
320
+ Error *err = NULL;
321
+ SysBusDevice *sbd_apb_ppc0;
322
+ SysBusDevice *sbd_secctl;
323
+ DeviceState *dev_apb_ppc0;
324
+ DeviceState *dev_apb_ppc1;
325
+ DeviceState *dev_secctl;
326
+ DeviceState *dev_splitter;
327
+
328
+ if (!s->board_memory) {
329
+ error_setg(errp, "memory property was not set");
330
+ return;
331
+ }
332
+
333
+ if (!s->mainclk_frq) {
334
+ error_setg(errp, "MAINCLK property was not set");
335
+ return;
336
+ }
337
+
338
+ /* Handling of which devices should be available only to secure
339
+ * code is usually done differently for M profile than for A profile.
340
+ * Instead of putting some devices only into the secure address space,
341
+ * devices exist in both address spaces but with hard-wired security
342
+ * permissions that will cause the CPU to fault for non-secure accesses.
343
+ *
344
+ * The IoTKit has an IDAU (Implementation Defined Access Unit),
345
+ * which specifies hard-wired security permissions for different
346
+ * areas of the physical address space. For the IoTKit IDAU, the
347
+ * top 4 bits of the physical address are the IDAU region ID, and
348
+ * if bit 28 (ie the lowest bit of the ID) is 0 then this is an NS
349
+ * region, otherwise it is an S region.
350
+ *
351
+ * The various devices and RAMs are generally all mapped twice,
352
+ * once into a region that the IDAU defines as secure and once
353
+ * into a non-secure region. They sit behind either a Memory
354
+ * Protection Controller (for RAM) or a Peripheral Protection
355
+ * Controller (for devices), which allow a more fine grained
356
+ * configuration of whether non-secure accesses are permitted.
357
+ *
358
+ * (The other place that guest software can configure security
359
+ * permissions is in the architected SAU (Security Attribution
360
+ * Unit), which is entirely inside the CPU. The IDAU can upgrade
361
+ * the security attributes for a region to more restrictive than
362
+ * the SAU specifies, but cannot downgrade them.)
363
+ *
364
+ * 0x10000000..0x1fffffff alias of 0x00000000..0x0fffffff
365
+ * 0x20000000..0x2007ffff 32KB FPGA block RAM
366
+ * 0x30000000..0x3fffffff alias of 0x20000000..0x2fffffff
367
+ * 0x40000000..0x4000ffff base peripheral region 1
368
+ * 0x40010000..0x4001ffff CPU peripherals (none for IoTKit)
369
+ * 0x40020000..0x4002ffff system control element peripherals
370
+ * 0x40080000..0x400fffff base peripheral region 2
371
+ * 0x50000000..0x5fffffff alias of 0x40000000..0x4fffffff
372
+ */
373
+
374
+ memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -1);
375
+
376
+ qdev_prop_set_uint32(DEVICE(&s->armv7m), "num-irq", s->exp_numirq + 32);
377
+ /* In real hardware the initial Secure VTOR is set from the INITSVTOR0
378
+ * register in the IoT Kit System Control Register block, and the
379
+ * initial value of that is in turn specifiable by the FPGA that
380
+ * instantiates the IoT Kit. In QEMU we don't implement this wrinkle,
381
+ * and simply set the CPU's init-svtor to the IoT Kit default value.
382
+ */
383
+ qdev_prop_set_uint32(DEVICE(&s->armv7m), "init-svtor", 0x10000000);
384
+ object_property_set_link(OBJECT(&s->armv7m), OBJECT(&s->container),
385
+ "memory", &err);
386
+ if (err) {
387
+ error_propagate(errp, err);
388
+ return;
389
+ }
390
+ object_property_set_link(OBJECT(&s->armv7m), OBJECT(s), "idau", &err);
391
+ if (err) {
392
+ error_propagate(errp, err);
393
+ return;
394
+ }
395
+ object_property_set_bool(OBJECT(&s->armv7m), true, "realized", &err);
396
+ if (err) {
397
+ error_propagate(errp, err);
398
+ return;
399
+ }
400
+
401
+ /* Connect our EXP_IRQ GPIOs to the NVIC's lines 32 and up. */
402
+ s->exp_irqs = g_new(qemu_irq, s->exp_numirq);
403
+ for (i = 0; i < s->exp_numirq; i++) {
404
+ s->exp_irqs[i] = qdev_get_gpio_in(DEVICE(&s->armv7m), i + 32);
405
+ }
406
+ qdev_init_gpio_in_named(dev, iotkit_exp_irq, "EXP_IRQ", s->exp_numirq);
407
+
408
+ /* Set up the big aliases first */
409
+ make_alias(s, &s->alias1, "alias 1", 0x10000000, 0x10000000, 0x00000000);
410
+ make_alias(s, &s->alias2, "alias 2", 0x30000000, 0x10000000, 0x20000000);
411
+ /* The 0x50000000..0x5fffffff region is not a pure alias: it has
412
+ * a few extra devices that only appear there (generally the
413
+ * control interfaces for the protection controllers).
414
+ * We implement this by mapping those devices over the top of this
415
+ * alias MR at a higher priority.
416
+ */
417
+ make_alias(s, &s->alias3, "alias 3", 0x50000000, 0x10000000, 0x40000000);
418
+
419
+ /* This RAM should be behind a Memory Protection Controller, but we
420
+ * don't implement that yet.
421
+ */
422
+ memory_region_init_ram(&s->sram0, NULL, "iotkit.sram0", 0x00008000, &err);
423
+ if (err) {
424
+ error_propagate(errp, err);
425
+ return;
426
+ }
427
+ memory_region_add_subregion(&s->container, 0x20000000, &s->sram0);
428
+
429
+ /* Security controller */
430
+ object_property_set_bool(OBJECT(&s->secctl), true, "realized", &err);
431
+ if (err) {
432
+ error_propagate(errp, err);
433
+ return;
434
+ }
435
+ sbd_secctl = SYS_BUS_DEVICE(&s->secctl);
436
+ dev_secctl = DEVICE(&s->secctl);
437
+ sysbus_mmio_map(sbd_secctl, 0, 0x50080000);
438
+ sysbus_mmio_map(sbd_secctl, 1, 0x40080000);
439
+
440
+ s->nsc_cfg_in = qemu_allocate_irq(nsccfg_handler, s, 1);
441
+ qdev_connect_gpio_out_named(dev_secctl, "nsc_cfg", 0, s->nsc_cfg_in);
442
+
443
+ /* The sec_resp_cfg output from the security controller must be split into
444
+ * multiple lines, one for each of the PPCs within the IoTKit and one
445
+ * that will be an output from the IoTKit to the system.
446
+ */
447
+ object_property_set_int(OBJECT(&s->sec_resp_splitter), 3,
448
+ "num-lines", &err);
449
+ if (err) {
450
+ error_propagate(errp, err);
451
+ return;
452
+ }
453
+ object_property_set_bool(OBJECT(&s->sec_resp_splitter), true,
454
+ "realized", &err);
455
+ if (err) {
456
+ error_propagate(errp, err);
457
+ return;
458
+ }
459
+ dev_splitter = DEVICE(&s->sec_resp_splitter);
460
+ qdev_connect_gpio_out_named(dev_secctl, "sec_resp_cfg", 0,
461
+ qdev_get_gpio_in(dev_splitter, 0));
462
+
463
+ /* Devices behind APB PPC0:
464
+ * 0x40000000: timer0
465
+ * 0x40001000: timer1
466
+ * 0x40002000: dual timer
467
+ * We must configure and realize each downstream device and connect
468
+ * it to the appropriate PPC port; then we can realize the PPC and
469
+ * map its upstream ends to the right place in the container.
470
+ */
471
+ qdev_prop_set_uint32(DEVICE(&s->timer0), "pclk-frq", s->mainclk_frq);
472
+ object_property_set_bool(OBJECT(&s->timer0), true, "realized", &err);
473
+ if (err) {
474
+ error_propagate(errp, err);
475
+ return;
476
+ }
477
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->timer0), 0,
478
+ qdev_get_gpio_in(DEVICE(&s->armv7m), 3));
479
+ mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->timer0), 0);
480
+ object_property_set_link(OBJECT(&s->apb_ppc0), OBJECT(mr), "port[0]", &err);
481
+ if (err) {
482
+ error_propagate(errp, err);
483
+ return;
484
+ }
485
+
486
+ qdev_prop_set_uint32(DEVICE(&s->timer1), "pclk-frq", s->mainclk_frq);
487
+ object_property_set_bool(OBJECT(&s->timer1), true, "realized", &err);
488
+ if (err) {
489
+ error_propagate(errp, err);
490
+ return;
491
+ }
492
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->timer1), 0,
493
+ qdev_get_gpio_in(DEVICE(&s->armv7m), 3));
494
+ mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->timer1), 0);
495
+ object_property_set_link(OBJECT(&s->apb_ppc0), OBJECT(mr), "port[1]", &err);
496
+ if (err) {
497
+ error_propagate(errp, err);
498
+ return;
499
+ }
500
+
501
+ qdev_prop_set_string(DEVICE(&s->dualtimer), "name", "Dual timer");
502
+ qdev_prop_set_uint64(DEVICE(&s->dualtimer), "size", 0x1000);
503
+ object_property_set_bool(OBJECT(&s->dualtimer), true, "realized", &err);
504
+ if (err) {
505
+ error_propagate(errp, err);
506
+ return;
507
+ }
508
+ mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->dualtimer), 0);
509
+ object_property_set_link(OBJECT(&s->apb_ppc0), OBJECT(mr), "port[2]", &err);
510
+ if (err) {
511
+ error_propagate(errp, err);
512
+ return;
513
+ }
514
+
515
+ object_property_set_bool(OBJECT(&s->apb_ppc0), true, "realized", &err);
516
+ if (err) {
517
+ error_propagate(errp, err);
518
+ return;
519
+ }
520
+
521
+ sbd_apb_ppc0 = SYS_BUS_DEVICE(&s->apb_ppc0);
522
+ dev_apb_ppc0 = DEVICE(&s->apb_ppc0);
523
+
524
+ mr = sysbus_mmio_get_region(sbd_apb_ppc0, 0);
525
+ memory_region_add_subregion(&s->container, 0x40000000, mr);
526
+ mr = sysbus_mmio_get_region(sbd_apb_ppc0, 1);
527
+ memory_region_add_subregion(&s->container, 0x40001000, mr);
528
+ mr = sysbus_mmio_get_region(sbd_apb_ppc0, 2);
529
+ memory_region_add_subregion(&s->container, 0x40002000, mr);
530
+ for (i = 0; i < IOTS_APB_PPC0_NUM_PORTS; i++) {
531
+ qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_nonsec", i,
532
+ qdev_get_gpio_in_named(dev_apb_ppc0,
533
+ "cfg_nonsec", i));
534
+ qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_ap", i,
535
+ qdev_get_gpio_in_named(dev_apb_ppc0,
536
+ "cfg_ap", i));
537
+ }
538
+ qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_enable", 0,
539
+ qdev_get_gpio_in_named(dev_apb_ppc0,
540
+ "irq_enable", 0));
541
+ qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_clear", 0,
542
+ qdev_get_gpio_in_named(dev_apb_ppc0,
543
+ "irq_clear", 0));
544
+ qdev_connect_gpio_out(dev_splitter, 0,
545
+ qdev_get_gpio_in_named(dev_apb_ppc0,
546
+ "cfg_sec_resp", 0));
547
+
548
+ /* All the PPC irq lines (from the 2 internal PPCs and the 8 external
549
+ * ones) are sent individually to the security controller, and also
550
+ * ORed together to give a single combined PPC interrupt to the NVIC.
551
+ */
552
+ object_property_set_int(OBJECT(&s->ppc_irq_orgate),
553
+ NUM_PPCS, "num-lines", &err);
554
+ if (err) {
555
+ error_propagate(errp, err);
556
+ return;
557
+ }
558
+ object_property_set_bool(OBJECT(&s->ppc_irq_orgate), true,
559
+ "realized", &err);
560
+ if (err) {
561
+ error_propagate(errp, err);
562
+ return;
563
+ }
564
+ qdev_connect_gpio_out(DEVICE(&s->ppc_irq_orgate), 0,
565
+ qdev_get_gpio_in(DEVICE(&s->armv7m), 10));
566
+
567
+ /* 0x40010000 .. 0x4001ffff: private CPU region: unused in IoTKit */
568
+
569
+ /* 0x40020000 .. 0x4002ffff : IoTKit system control peripheral region */
570
+ /* Devices behind APB PPC1:
571
+ * 0x4002f000: S32K timer
572
+ */
573
+ qdev_prop_set_string(DEVICE(&s->s32ktimer), "name", "S32KTIMER");
574
+ qdev_prop_set_uint64(DEVICE(&s->s32ktimer), "size", 0x1000);
575
+ object_property_set_bool(OBJECT(&s->s32ktimer), true, "realized", &err);
576
+ if (err) {
577
+ error_propagate(errp, err);
578
+ return;
579
+ }
580
+ mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->s32ktimer), 0);
581
+ object_property_set_link(OBJECT(&s->apb_ppc1), OBJECT(mr), "port[0]", &err);
582
+ if (err) {
583
+ error_propagate(errp, err);
584
+ return;
585
+ }
586
+
587
+ object_property_set_bool(OBJECT(&s->apb_ppc1), true, "realized", &err);
588
+ if (err) {
589
+ error_propagate(errp, err);
590
+ return;
591
+ }
592
+ mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->apb_ppc1), 0);
593
+ memory_region_add_subregion(&s->container, 0x4002f000, mr);
594
+
595
+ dev_apb_ppc1 = DEVICE(&s->apb_ppc1);
596
+ qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_nonsec", 0,
597
+ qdev_get_gpio_in_named(dev_apb_ppc1,
598
+ "cfg_nonsec", 0));
599
+ qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_ap", 0,
600
+ qdev_get_gpio_in_named(dev_apb_ppc1,
601
+ "cfg_ap", 0));
602
+ qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_enable", 0,
603
+ qdev_get_gpio_in_named(dev_apb_ppc1,
604
+ "irq_enable", 0));
605
+ qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_clear", 0,
606
+ qdev_get_gpio_in_named(dev_apb_ppc1,
607
+ "irq_clear", 0));
608
+ qdev_connect_gpio_out(dev_splitter, 1,
609
+ qdev_get_gpio_in_named(dev_apb_ppc1,
610
+ "cfg_sec_resp", 0));
611
+
612
+ /* Using create_unimplemented_device() maps the stub into the
613
+ * system address space rather than into our container, but the
614
+ * overall effect to the guest is the same.
615
+ */
616
+ create_unimplemented_device("SYSINFO", 0x40020000, 0x1000);
617
+
618
+ create_unimplemented_device("SYSCONTROL", 0x50021000, 0x1000);
619
+ create_unimplemented_device("S32KWATCHDOG", 0x5002e000, 0x1000);
620
+
621
+ /* 0x40080000 .. 0x4008ffff : IoTKit second Base peripheral region */
622
+
623
+ create_unimplemented_device("NS watchdog", 0x40081000, 0x1000);
624
+ create_unimplemented_device("S watchdog", 0x50081000, 0x1000);
625
+
626
+ create_unimplemented_device("SRAM0 MPC", 0x50083000, 0x1000);
627
+
628
+ for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) {
629
+ Object *splitter = OBJECT(&s->ppc_irq_splitter[i]);
630
+
631
+ object_property_set_int(splitter, 2, "num-lines", &err);
632
+ if (err) {
633
+ error_propagate(errp, err);
634
+ return;
635
+ }
369
+ }
636
+ object_property_set_bool(splitter, true, "realized", &err);
370
+ } else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
637
+ if (err) {
371
+ if (is_pair) {
638
+ error_propagate(errp, err);
372
+ gen_helper_st2g_parallel(cpu_env, addr, tcg_rt);
639
+ return;
373
+ } else {
640
+ }
374
+ gen_helper_stg_parallel(cpu_env, addr, tcg_rt);
641
+ }
375
}
642
+
376
} else {
643
+ for (i = 0; i < IOTS_NUM_AHB_EXP_PPC; i++) {
377
- tcg_rt = cpu_reg_sp(s, rt);
644
+ char *ppcname = g_strdup_printf("ahb_ppcexp%d", i);
378
- if (!s->ata) {
645
+
379
- /*
646
+ iotkit_forward_ppc(s, ppcname, i);
380
- * For STG and ST2G, we need to check alignment and probe memory.
647
+ g_free(ppcname);
381
- * TODO: For STZG and STZ2G, we could rely on the stores below,
648
+ }
382
- * at least for system mode; user-only won't enforce alignment.
649
+
383
- */
650
+ for (i = 0; i < IOTS_NUM_APB_EXP_PPC; i++) {
384
- if (is_pair) {
651
+ char *ppcname = g_strdup_printf("apb_ppcexp%d", i);
385
- gen_helper_st2g_stub(cpu_env, addr);
652
+
386
- } else {
653
+ iotkit_forward_ppc(s, ppcname, i + IOTS_NUM_AHB_EXP_PPC);
387
- gen_helper_stg_stub(cpu_env, addr);
654
+ g_free(ppcname);
388
- }
655
+ }
389
- } else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
656
+
390
- if (is_pair) {
657
+ for (i = NUM_EXTERNAL_PPCS; i < NUM_PPCS; i++) {
391
- gen_helper_st2g_parallel(cpu_env, addr, tcg_rt);
658
+ /* Wire up IRQ splitter for internal PPCs */
392
- } else {
659
+ DeviceState *devs = DEVICE(&s->ppc_irq_splitter[i]);
393
- gen_helper_stg_parallel(cpu_env, addr, tcg_rt);
660
+ char *gpioname = g_strdup_printf("apb_ppc%d_irq_status",
394
- }
661
+ i - NUM_EXTERNAL_PPCS);
395
+ if (is_pair) {
662
+ TZPPC *ppc = (i == NUM_EXTERNAL_PPCS) ? &s->apb_ppc0 : &s->apb_ppc1;
396
+ gen_helper_st2g(cpu_env, addr, tcg_rt);
663
+
397
} else {
664
+ qdev_connect_gpio_out(devs, 0,
398
- if (is_pair) {
665
+ qdev_get_gpio_in_named(dev_secctl, gpioname, 0));
399
- gen_helper_st2g(cpu_env, addr, tcg_rt);
666
+ qdev_connect_gpio_out(devs, 1,
400
- } else {
667
+ qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), i));
401
- gen_helper_stg(cpu_env, addr, tcg_rt);
668
+ qdev_connect_gpio_out_named(DEVICE(ppc), "irq", 0,
402
- }
669
+ qdev_get_gpio_in(devs, 0));
403
+ gen_helper_stg(cpu_env, addr, tcg_rt);
670
+ }
404
}
671
+
405
}
672
+ iotkit_forward_sec_resp_cfg(s);
406
673
+
407
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_tag(DisasContext *s, uint32_t insn)
674
+ system_clock_scale = NANOSECONDS_PER_SECOND / s->mainclk_frq;
408
}
675
+}
409
}
676
+
410
677
+static void iotkit_idau_check(IDAUInterface *ii, uint32_t address,
411
- if (index != 0) {
678
+ int *iregion, bool *exempt, bool *ns, bool *nsc)
412
+ if (a->w) {
679
+{
413
/* pre-index or post-index */
680
+ /* For IoTKit systems the IDAU responses are simple logical functions
414
- if (index < 0) {
681
+ * of the address bits. The NSC attribute is guest-adjustable via the
415
+ if (a->p) {
682
+ * NSCCFG register in the security controller.
416
/* post-index */
683
+ */
417
- tcg_gen_addi_i64(addr, addr, offset);
684
+ IoTKit *s = IOTKIT(ii);
418
+ tcg_gen_addi_i64(addr, addr, a->imm);
685
+ int region = extract32(address, 28, 4);
419
}
686
+
420
- tcg_gen_mov_i64(cpu_reg_sp(s, rn), addr);
687
+ *ns = !(region & 1);
421
+ tcg_gen_mov_i64(cpu_reg_sp(s, a->rn), addr);
688
+ *nsc = (region == 1 && (s->nsccfg & 1)) || (region == 3 && (s->nsccfg & 2));
422
}
689
+ /* 0xe0000000..0xe00fffff and 0xf0000000..0xf00fffff are exempt */
423
+ return true;
690
+ *exempt = (address & 0xeff00000) == 0xe0000000;
424
}
691
+ *iregion = region;
425
692
+}
426
-/* Loads and stores */
693
+
427
-static void disas_ldst(DisasContext *s, uint32_t insn)
694
+static const VMStateDescription iotkit_vmstate = {
428
-{
695
+ .name = "iotkit",
429
- switch (extract32(insn, 24, 6)) {
696
+ .version_id = 1,
430
- case 0x19:
697
+ .minimum_version_id = 1,
431
- if (extract32(insn, 21, 1) != 0) {
698
+ .fields = (VMStateField[]) {
432
- disas_ldst_tag(s, insn);
699
+ VMSTATE_UINT32(nsccfg, IoTKit),
433
- } else {
700
+ VMSTATE_END_OF_LIST()
434
- unallocated_encoding(s);
701
+ }
435
- }
702
+};
436
- break;
703
+
437
- default:
704
+static Property iotkit_properties[] = {
438
- unallocated_encoding(s);
705
+ DEFINE_PROP_LINK("memory", IoTKit, board_memory, TYPE_MEMORY_REGION,
439
- break;
706
+ MemoryRegion *),
440
- }
707
+ DEFINE_PROP_UINT32("EXP_NUMIRQ", IoTKit, exp_numirq, 64),
441
-}
708
+ DEFINE_PROP_UINT32("MAINCLK", IoTKit, mainclk_frq, 0),
442
+TRANS_FEAT(STG, aa64_mte_insn_reg, do_STG, a, false, false)
709
+ DEFINE_PROP_END_OF_LIST()
443
+TRANS_FEAT(STZG, aa64_mte_insn_reg, do_STG, a, true, false)
710
+};
444
+TRANS_FEAT(ST2G, aa64_mte_insn_reg, do_STG, a, false, true)
711
+
445
+TRANS_FEAT(STZ2G, aa64_mte_insn_reg, do_STG, a, true, true)
712
+static void iotkit_reset(DeviceState *dev)
446
713
+{
447
typedef void ArithTwoOp(TCGv_i64, TCGv_i64, TCGv_i64);
714
+ IoTKit *s = IOTKIT(dev);
448
715
+
449
@@ -XXX,XX +XXX,XX @@ static bool btype_destination_ok(uint32_t insn, bool bt, int btype)
716
+ s->nsccfg = 0;
450
static void disas_a64_legacy(DisasContext *s, uint32_t insn)
717
+}
451
{
718
+
452
switch (extract32(insn, 25, 4)) {
719
+static void iotkit_class_init(ObjectClass *klass, void *data)
453
- case 0x4:
720
+{
454
- case 0x6:
721
+ DeviceClass *dc = DEVICE_CLASS(klass);
455
- case 0xc:
722
+ IDAUInterfaceClass *iic = IDAU_INTERFACE_CLASS(klass);
456
- case 0xe: /* Loads and stores */
723
+
457
- disas_ldst(s, insn);
724
+ dc->realize = iotkit_realize;
458
- break;
725
+ dc->vmsd = &iotkit_vmstate;
459
case 0x5:
726
+ dc->props = iotkit_properties;
460
case 0xd: /* Data processing - register */
727
+ dc->reset = iotkit_reset;
461
disas_data_proc_reg(s, insn);
728
+ iic->check = iotkit_idau_check;
729
+}
730
+
731
+static const TypeInfo iotkit_info = {
732
+ .name = TYPE_IOTKIT,
733
+ .parent = TYPE_SYS_BUS_DEVICE,
734
+ .instance_size = sizeof(IoTKit),
735
+ .instance_init = iotkit_init,
736
+ .class_init = iotkit_class_init,
737
+ .interfaces = (InterfaceInfo[]) {
738
+ { TYPE_IDAU_INTERFACE },
739
+ { }
740
+ }
741
+};
742
+
743
+static void iotkit_register_types(void)
744
+{
745
+ type_register_static(&iotkit_info);
746
+}
747
+
748
+type_init(iotkit_register_types);
749
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
750
index XXXXXXX..XXXXXXX 100644
751
--- a/default-configs/arm-softmmu.mak
752
+++ b/default-configs/arm-softmmu.mak
753
@@ -XXX,XX +XXX,XX @@ CONFIG_MPS2_FPGAIO=y
754
CONFIG_MPS2_SCC=y
755
756
CONFIG_TZ_PPC=y
757
+CONFIG_IOTKIT=y
758
CONFIG_IOTKIT_SECCTL=y
759
760
CONFIG_VERSATILE_PCI=y
761
--
462
--
762
2.16.2
463
2.34.1
763
764
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
In commit 2c5fa0778c3b430 we fixed an endianness bug in the Allwinner
2
A10 PIC model; however in the process we introduced a regression.
3
This is because the old code was robust against the incoming 'level'
4
argument being something other than 0 or 1, whereas the new code was
5
not.
2
6
3
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
In particular, the allwinner-sdhost code treats its IRQ line
4
Message-id: 20180228193125.20577-15-richard.henderson@linaro.org
8
as 0-vs-non-0 rather than 0-vs-1, so when the SD controller
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
set its IRQ line for any reason other than transmit the
10
interrupt controller would ignore it. The observed effect
11
was a guest timeout when rebooting the guest kernel.
12
13
Handle level values other than 0 or 1, to restore the old
14
behaviour.
15
16
Fixes: 2c5fa0778c3b430 ("hw/intc/allwinner-a10-pic: Don't use set_bit()/clear_bit()")
17
Cc: qemu-stable@nongnu.org
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
20
Tested-by: Guenter Roeck <linux@roeck-us.net>
21
Message-id: 20230606104609.3692557-2-peter.maydell@linaro.org
7
---
22
---
8
target/arm/translate.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++
23
hw/intc/allwinner-a10-pic.c | 2 +-
9
1 file changed, 61 insertions(+)
24
1 file changed, 1 insertion(+), 1 deletion(-)
10
25
11
diff --git a/target/arm/translate.c b/target/arm/translate.c
26
diff --git a/hw/intc/allwinner-a10-pic.c b/hw/intc/allwinner-a10-pic.c
12
index XXXXXXX..XXXXXXX 100644
27
index XXXXXXX..XXXXXXX 100644
13
--- a/target/arm/translate.c
28
--- a/hw/intc/allwinner-a10-pic.c
14
+++ b/target/arm/translate.c
29
+++ b/hw/intc/allwinner-a10-pic.c
15
@@ -XXX,XX +XXX,XX @@ static int disas_neon_insn_3same_ext(DisasContext *s, uint32_t insn)
30
@@ -XXX,XX +XXX,XX @@ static void aw_a10_pic_set_irq(void *opaque, int irq, int level)
16
return 0;
31
AwA10PICState *s = opaque;
32
uint32_t *pending_reg = &s->irq_pending[irq / 32];
33
34
- *pending_reg = deposit32(*pending_reg, irq % 32, 1, level);
35
+ *pending_reg = deposit32(*pending_reg, irq % 32, 1, !!level);
36
aw_a10_pic_update(s);
17
}
37
}
18
38
19
+/* Advanced SIMD two registers and a scalar extension.
20
+ * 31 24 23 22 20 16 12 11 10 9 8 3 0
21
+ * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
22
+ * | 1 1 1 1 1 1 1 0 | o1 | D | o2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
23
+ * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
24
+ *
25
+ */
26
+
27
+static int disas_neon_insn_2reg_scalar_ext(DisasContext *s, uint32_t insn)
28
+{
29
+ int rd, rn, rm, rot, size, opr_sz;
30
+ TCGv_ptr fpst;
31
+ bool q;
32
+
33
+ q = extract32(insn, 6, 1);
34
+ VFP_DREG_D(rd, insn);
35
+ VFP_DREG_N(rn, insn);
36
+ VFP_DREG_M(rm, insn);
37
+ if ((rd | rn) & q) {
38
+ return 1;
39
+ }
40
+
41
+ if ((insn & 0xff000f10) == 0xfe000800) {
42
+ /* VCMLA (indexed) -- 1111 1110 S.RR .... .... 1000 ...0 .... */
43
+ rot = extract32(insn, 20, 2);
44
+ size = extract32(insn, 23, 1);
45
+ if (!arm_dc_feature(s, ARM_FEATURE_V8_FCMA)
46
+ || (!size && !arm_dc_feature(s, ARM_FEATURE_V8_FP16))) {
47
+ return 1;
48
+ }
49
+ } else {
50
+ return 1;
51
+ }
52
+
53
+ if (s->fp_excp_el) {
54
+ gen_exception_insn(s, 4, EXCP_UDEF,
55
+ syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
56
+ return 0;
57
+ }
58
+ if (!s->vfp_enabled) {
59
+ return 1;
60
+ }
61
+
62
+ opr_sz = (1 + q) * 8;
63
+ fpst = get_fpstatus_ptr(1);
64
+ tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd),
65
+ vfp_reg_offset(1, rn),
66
+ vfp_reg_offset(1, rm), fpst,
67
+ opr_sz, opr_sz, rot,
68
+ size ? gen_helper_gvec_fcmlas_idx
69
+ : gen_helper_gvec_fcmlah_idx);
70
+ tcg_temp_free_ptr(fpst);
71
+ return 0;
72
+}
73
+
74
static int disas_coproc_insn(DisasContext *s, uint32_t insn)
75
{
76
int cpnum, is64, crn, crm, opc1, opc2, isread, rt, rt2;
77
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
78
goto illegal_op;
79
}
80
return;
81
+ } else if ((insn & 0x0f000a00) == 0x0e000800
82
+ && arm_dc_feature(s, ARM_FEATURE_V8)) {
83
+ if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
84
+ goto illegal_op;
85
+ }
86
+ return;
87
} else if ((insn & 0x0fe00000) == 0x0c400000) {
88
/* Coprocessor double register transfer. */
89
ARCH(5TE);
90
--
39
--
91
2.16.2
40
2.34.1
92
41
93
42
diff view generated by jsdifflib
1
Add remaining easy registers to iotkit-secctl:
1
QEMU allows qemu_irq lines to transfer arbitrary integers. However
2
* NSCCFG just routes its two bits out to external GPIO lines
2
the convention is that for a simple IRQ line the values transferred
3
* BRGINSTAT/BRGINTCLR/BRGINTEN can be dummies, because QEMU's
3
are always 0 and 1. The A10 SD controller device instead assumes a
4
bus fabric can never report errors
4
0-vs-non-0 convention, which happens to work with the interrupt
5
controller it is wired up to.
6
7
Coerce the value to boolean to follow our usual convention.
5
8
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Message-id: 20180220180325.29818-18-peter.maydell@linaro.org
10
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
11
Tested-by: Guenter Roeck <linux@roeck-us.net>
12
Message-id: 20230606104609.3692557-3-peter.maydell@linaro.org
8
---
13
---
9
include/hw/misc/iotkit-secctl.h | 4 ++++
14
hw/sd/allwinner-sdhost.c | 2 +-
10
hw/misc/iotkit-secctl.c | 32 ++++++++++++++++++++++++++------
15
1 file changed, 1 insertion(+), 1 deletion(-)
11
2 files changed, 30 insertions(+), 6 deletions(-)
12
16
13
diff --git a/include/hw/misc/iotkit-secctl.h b/include/hw/misc/iotkit-secctl.h
17
diff --git a/hw/sd/allwinner-sdhost.c b/hw/sd/allwinner-sdhost.c
14
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
15
--- a/include/hw/misc/iotkit-secctl.h
19
--- a/hw/sd/allwinner-sdhost.c
16
+++ b/include/hw/misc/iotkit-secctl.h
20
+++ b/hw/sd/allwinner-sdhost.c
17
@@ -XXX,XX +XXX,XX @@
21
@@ -XXX,XX +XXX,XX @@ static void allwinner_sdhost_update_irq(AwSdHostState *s)
18
* + sysbus MMIO region 1 is the "non-secure privilege control block" registers
19
* + named GPIO output "sec_resp_cfg" indicating whether blocked accesses
20
* should RAZ/WI or bus error
21
+ * + named GPIO output "nsc_cfg" whose value tracks the NSCCFG register value
22
* Controlling the 2 APB PPCs in the IoTKit:
23
* + named GPIO outputs apb_ppc0_nonsec[0..2] and apb_ppc1_nonsec
24
* + named GPIO outputs apb_ppc0_ap[0..2] and apb_ppc1_ap
25
@@ -XXX,XX +XXX,XX @@ struct IoTKitSecCtl {
26
27
/*< public >*/
28
qemu_irq sec_resp_cfg;
29
+ qemu_irq nsc_cfg_irq;
30
31
MemoryRegion s_regs;
32
MemoryRegion ns_regs;
33
@@ -XXX,XX +XXX,XX @@ struct IoTKitSecCtl {
34
uint32_t secppcintstat;
35
uint32_t secppcinten;
36
uint32_t secrespcfg;
37
+ uint32_t nsccfg;
38
+ uint32_t brginten;
39
40
IoTKitSecCtlPPC apb[IOTS_NUM_APB_PPC];
41
IoTKitSecCtlPPC apbexp[IOTS_NUM_APB_EXP_PPC];
42
diff --git a/hw/misc/iotkit-secctl.c b/hw/misc/iotkit-secctl.c
43
index XXXXXXX..XXXXXXX 100644
44
--- a/hw/misc/iotkit-secctl.c
45
+++ b/hw/misc/iotkit-secctl.c
46
@@ -XXX,XX +XXX,XX @@ static MemTxResult iotkit_secctl_s_read(void *opaque, hwaddr addr,
47
case A_SECRESPCFG:
48
r = s->secrespcfg;
49
break;
50
+ case A_NSCCFG:
51
+ r = s->nsccfg;
52
+ break;
53
case A_SECPPCINTSTAT:
54
r = s->secppcintstat;
55
break;
56
case A_SECPPCINTEN:
57
r = s->secppcinten;
58
break;
59
+ case A_BRGINTSTAT:
60
+ /* QEMU's bus fabric can never report errors as it doesn't buffer
61
+ * writes, so we never report bridge interrupts.
62
+ */
63
+ r = 0;
64
+ break;
65
+ case A_BRGINTEN:
66
+ r = s->brginten;
67
+ break;
68
case A_AHBNSPPCEXP0:
69
case A_AHBNSPPCEXP1:
70
case A_AHBNSPPCEXP2:
71
@@ -XXX,XX +XXX,XX @@ static MemTxResult iotkit_secctl_s_read(void *opaque, hwaddr addr,
72
case A_APBSPPPCEXP3:
73
r = s->apbexp[offset_to_ppc_idx(offset)].sp;
74
break;
75
- case A_NSCCFG:
76
case A_SECMPCINTSTATUS:
77
case A_SECMSCINTSTAT:
78
case A_SECMSCINTEN:
79
- case A_BRGINTSTAT:
80
- case A_BRGINTEN:
81
case A_NSMSCEXP:
82
qemu_log_mask(LOG_UNIMP,
83
"IoTKit SecCtl S block read: "
84
@@ -XXX,XX +XXX,XX @@ static MemTxResult iotkit_secctl_s_write(void *opaque, hwaddr addr,
85
}
22
}
86
23
87
switch (offset) {
24
trace_allwinner_sdhost_update_irq(irq);
88
+ case A_NSCCFG:
25
- qemu_set_irq(s->irq, irq);
89
+ s->nsccfg = value & 3;
26
+ qemu_set_irq(s->irq, !!irq);
90
+ qemu_set_irq(s->nsc_cfg_irq, s->nsccfg);
91
+ break;
92
case A_SECRESPCFG:
93
value &= 1;
94
s->secrespcfg = value;
95
@@ -XXX,XX +XXX,XX @@ static MemTxResult iotkit_secctl_s_write(void *opaque, hwaddr addr,
96
s->secppcinten = value & 0x00f000f3;
97
foreach_ppc(s, iotkit_secctl_ppc_update_irq_enable);
98
break;
99
+ case A_BRGINTCLR:
100
+ break;
101
+ case A_BRGINTEN:
102
+ s->brginten = value & 0xffff0000;
103
+ break;
104
case A_AHBNSPPCEXP0:
105
case A_AHBNSPPCEXP1:
106
case A_AHBNSPPCEXP2:
107
@@ -XXX,XX +XXX,XX @@ static MemTxResult iotkit_secctl_s_write(void *opaque, hwaddr addr,
108
ppc = &s->apbexp[offset_to_ppc_idx(offset)];
109
iotkit_secctl_ppc_sp_write(ppc, value);
110
break;
111
- case A_NSCCFG:
112
case A_SECMSCINTCLR:
113
case A_SECMSCINTEN:
114
- case A_BRGINTCLR:
115
- case A_BRGINTEN:
116
qemu_log_mask(LOG_UNIMP,
117
"IoTKit SecCtl S block write: "
118
"unimplemented offset 0x%x\n", offset);
119
@@ -XXX,XX +XXX,XX @@ static void iotkit_secctl_reset(DeviceState *dev)
120
s->secppcintstat = 0;
121
s->secppcinten = 0;
122
s->secrespcfg = 0;
123
+ s->nsccfg = 0;
124
+ s->brginten = 0;
125
126
foreach_ppc(s, iotkit_secctl_reset_ppc);
127
}
27
}
128
@@ -XXX,XX +XXX,XX @@ static void iotkit_secctl_init(Object *obj)
28
129
}
29
static void allwinner_sdhost_update_transfer_cnt(AwSdHostState *s,
130
131
qdev_init_gpio_out_named(dev, &s->sec_resp_cfg, "sec_resp_cfg", 1);
132
+ qdev_init_gpio_out_named(dev, &s->nsc_cfg_irq, "nsc_cfg", 1);
133
134
memory_region_init_io(&s->s_regs, obj, &iotkit_secctl_s_ops,
135
s, "iotkit-secctl-s-regs", 0x1000);
136
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription iotkit_secctl_vmstate = {
137
VMSTATE_UINT32(secppcintstat, IoTKitSecCtl),
138
VMSTATE_UINT32(secppcinten, IoTKitSecCtl),
139
VMSTATE_UINT32(secrespcfg, IoTKitSecCtl),
140
+ VMSTATE_UINT32(nsccfg, IoTKitSecCtl),
141
+ VMSTATE_UINT32(brginten, IoTKitSecCtl),
142
VMSTATE_STRUCT_ARRAY(apb, IoTKitSecCtl, IOTS_NUM_APB_PPC, 1,
143
iotkit_secctl_ppc_vmstate, IoTKitSecCtlPPC),
144
VMSTATE_STRUCT_ARRAY(apbexp, IoTKitSecCtl, IOTS_NUM_APB_EXP_PPC, 1,
145
--
30
--
146
2.16.2
31
2.34.1
147
32
148
33
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
The nrf51_timer has a free-running counter which we implement using
2
the pattern of using two fields (update_counter_ns, counter) to track
3
the last point at which we calculated the counter value, and the
4
counter value at that time. Then we can find the current counter
5
value by converting the difference in wall-clock time between then
6
and now to a tick count that we need to add to the counter value.
2
7
3
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Unfortunately the nrf51_timer's implementation of this has a bug
4
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
which means it loses time every time update_counter() is called.
5
Message-id: 20180228193125.20577-14-richard.henderson@linaro.org
10
After updating s->counter it always sets s->update_counter_ns to
11
'now', even though the actual point when s->counter hit the new value
12
will be some point in the past (half a tick, say). In the worst case
13
(guest code in a tight loop reading the counter, icount mode) the
14
counter is continually queried less than a tick after it was last
15
read, so s->counter never advances but s->update_counter_ns does, and
16
the guest never makes forward progress.
17
18
The fix for this is to only advance update_counter_ns to the
19
timestamp of the last tick, not all the way to 'now'. (This is the
20
pattern used in hw/misc/mps2-fpgaio.c's counter.)
21
22
Cc: qemu-stable@nongnu.org
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
24
Reviewed-by: Joel Stanley <joel@jms.id.au>
25
Message-id: 20230606134917.3782215-1-peter.maydell@linaro.org
7
---
26
---
8
target/arm/translate.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++
27
hw/timer/nrf51_timer.c | 7 ++++++-
9
1 file changed, 68 insertions(+)
28
1 file changed, 6 insertions(+), 1 deletion(-)
10
29
11
diff --git a/target/arm/translate.c b/target/arm/translate.c
30
diff --git a/hw/timer/nrf51_timer.c b/hw/timer/nrf51_timer.c
12
index XXXXXXX..XXXXXXX 100644
31
index XXXXXXX..XXXXXXX 100644
13
--- a/target/arm/translate.c
32
--- a/hw/timer/nrf51_timer.c
14
+++ b/target/arm/translate.c
33
+++ b/hw/timer/nrf51_timer.c
15
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
34
@@ -XXX,XX +XXX,XX @@ static uint32_t update_counter(NRF51TimerState *s, int64_t now)
16
return 0;
35
uint32_t ticks = ns_to_ticks(s, now - s->update_counter_ns);
36
37
s->counter = (s->counter + ticks) % BIT(bitwidths[s->bitmode]);
38
- s->update_counter_ns = now;
39
+ /*
40
+ * Only advance the sync time to the timestamp of the last tick,
41
+ * not all the way to 'now', so we don't lose time if we do
42
+ * multiple resyncs in a single tick.
43
+ */
44
+ s->update_counter_ns += ticks_to_ns(s, ticks);
45
return ticks;
17
}
46
}
18
47
19
+/* Advanced SIMD three registers of the same length extension.
20
+ * 31 25 23 22 20 16 12 11 10 9 8 3 0
21
+ * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
22
+ * | 1 1 1 1 1 1 0 | op1 | D | op2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
23
+ * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
24
+ */
25
+static int disas_neon_insn_3same_ext(DisasContext *s, uint32_t insn)
26
+{
27
+ gen_helper_gvec_3_ptr *fn_gvec_ptr;
28
+ int rd, rn, rm, rot, size, opr_sz;
29
+ TCGv_ptr fpst;
30
+ bool q;
31
+
32
+ q = extract32(insn, 6, 1);
33
+ VFP_DREG_D(rd, insn);
34
+ VFP_DREG_N(rn, insn);
35
+ VFP_DREG_M(rm, insn);
36
+ if ((rd | rn | rm) & q) {
37
+ return 1;
38
+ }
39
+
40
+ if ((insn & 0xfe200f10) == 0xfc200800) {
41
+ /* VCMLA -- 1111 110R R.1S .... .... 1000 ...0 .... */
42
+ size = extract32(insn, 20, 1);
43
+ rot = extract32(insn, 23, 2);
44
+ if (!arm_dc_feature(s, ARM_FEATURE_V8_FCMA)
45
+ || (!size && !arm_dc_feature(s, ARM_FEATURE_V8_FP16))) {
46
+ return 1;
47
+ }
48
+ fn_gvec_ptr = size ? gen_helper_gvec_fcmlas : gen_helper_gvec_fcmlah;
49
+ } else if ((insn & 0xfea00f10) == 0xfc800800) {
50
+ /* VCADD -- 1111 110R 1.0S .... .... 1000 ...0 .... */
51
+ size = extract32(insn, 20, 1);
52
+ rot = extract32(insn, 24, 1);
53
+ if (!arm_dc_feature(s, ARM_FEATURE_V8_FCMA)
54
+ || (!size && !arm_dc_feature(s, ARM_FEATURE_V8_FP16))) {
55
+ return 1;
56
+ }
57
+ fn_gvec_ptr = size ? gen_helper_gvec_fcadds : gen_helper_gvec_fcaddh;
58
+ } else {
59
+ return 1;
60
+ }
61
+
62
+ if (s->fp_excp_el) {
63
+ gen_exception_insn(s, 4, EXCP_UDEF,
64
+ syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
65
+ return 0;
66
+ }
67
+ if (!s->vfp_enabled) {
68
+ return 1;
69
+ }
70
+
71
+ opr_sz = (1 + q) * 8;
72
+ fpst = get_fpstatus_ptr(1);
73
+ tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd),
74
+ vfp_reg_offset(1, rn),
75
+ vfp_reg_offset(1, rm), fpst,
76
+ opr_sz, opr_sz, rot, fn_gvec_ptr);
77
+ tcg_temp_free_ptr(fpst);
78
+ return 0;
79
+}
80
+
81
static int disas_coproc_insn(DisasContext *s, uint32_t insn)
82
{
83
int cpnum, is64, crn, crm, opc1, opc2, isread, rt, rt2;
84
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
85
}
86
}
87
}
88
+ } else if ((insn & 0x0e000a00) == 0x0c000800
89
+ && arm_dc_feature(s, ARM_FEATURE_V8)) {
90
+ if (disas_neon_insn_3same_ext(s, insn)) {
91
+ goto illegal_op;
92
+ }
93
+ return;
94
} else if ((insn & 0x0fe00000) == 0x0c400000) {
95
/* Coprocessor double register transfer. */
96
ARCH(5TE);
97
--
48
--
98
2.16.2
49
2.34.1
99
100
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
2
2
3
Happily, the bits are in the same places compared to a32.
3
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
4
4
Reviewed-by: Thomas Huth <thuth@redhat.com>
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
Message-id: 20230607092112.655098-1-marcin.juszkiewicz@linaro.org
6
Message-id: 20180228193125.20577-16-richard.henderson@linaro.org
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
7
---
10
target/arm/translate.c | 14 +++++++++++++-
8
hw/arm/Kconfig | 1 +
11
1 file changed, 13 insertions(+), 1 deletion(-)
9
1 file changed, 1 insertion(+)
12
10
13
diff --git a/target/arm/translate.c b/target/arm/translate.c
11
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
14
index XXXXXXX..XXXXXXX 100644
12
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/translate.c
13
--- a/hw/arm/Kconfig
16
+++ b/target/arm/translate.c
14
+++ b/hw/arm/Kconfig
17
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
15
@@ -XXX,XX +XXX,XX @@ config SBSA_REF
18
default_exception_el(s));
16
select PL061 # GPIO
19
break;
17
select USB_EHCI_SYSBUS
20
}
18
select WDT_SBSA
21
- if (((insn >> 24) & 3) == 3) {
19
+ select BOCHS_DISPLAY
22
+ if ((insn & 0xfe000a00) == 0xfc000800
20
23
+ && arm_dc_feature(s, ARM_FEATURE_V8)) {
21
config SABRELITE
24
+ /* The Thumb2 and ARM encodings are identical. */
22
bool
25
+ if (disas_neon_insn_3same_ext(s, insn)) {
26
+ goto illegal_op;
27
+ }
28
+ } else if ((insn & 0xff000a00) == 0xfe000800
29
+ && arm_dc_feature(s, ARM_FEATURE_V8)) {
30
+ /* The Thumb2 and ARM encodings are identical. */
31
+ if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
32
+ goto illegal_op;
33
+ }
34
+ } else if (((insn >> 24) & 3) == 3) {
35
/* Translate into the equivalent ARM encoding. */
36
insn = (insn & 0xe2ffffff) | ((insn & (1 << 28)) >> 4) | (1 << 28);
37
if (disas_neon_data_insn(s, insn)) {
38
--
23
--
39
2.16.2
24
2.34.1
40
41
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Martin Kaiser <martin@kaiser.cx>
2
2
3
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
3
The Linux kernel added a flood check for RX data recently in commit
4
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
4
496a4471b7c3 ("serial: imx: work-around for hardware RX flood"). This
5
Message-id: 20180228193125.20577-12-richard.henderson@linaro.org
5
check uses the wake bit in the UART status register 2. The wake bit
6
indicates that the receiver detected a start bit on the RX line. If the
7
kernel sees a number of RX interrupts without the wake bit being set, it
8
treats this as spurious data and resets the UART port. imx_serial does
9
never set the wake bit and triggers the kernel's flood check.
10
11
This patch adds support for the wake bit. wake is set when we receive a
12
new character (it's not set for break events). It seems that wake is
13
cleared by the kernel driver, the hardware does not have to clear it
14
automatically after data was read.
15
16
The wake bit can be configured as an interrupt source. Support this
17
mechanism as well.
18
19
Co-developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
20
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
21
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
22
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
24
---
8
target/arm/helper.h | 7 ++++
25
include/hw/char/imx_serial.h | 1 +
9
target/arm/translate-a64.c | 48 ++++++++++++++++++++++-
26
hw/char/imx_serial.c | 5 ++++-
10
target/arm/vec_helper.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++
27
2 files changed, 5 insertions(+), 1 deletion(-)
11
3 files changed, 151 insertions(+), 1 deletion(-)
12
28
13
diff --git a/target/arm/helper.h b/target/arm/helper.h
29
diff --git a/include/hw/char/imx_serial.h b/include/hw/char/imx_serial.h
14
index XXXXXXX..XXXXXXX 100644
30
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/helper.h
31
--- a/include/hw/char/imx_serial.h
16
+++ b/target/arm/helper.h
32
+++ b/include/hw/char/imx_serial.h
17
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_5(gvec_qrdmlah_s32, TCG_CALL_NO_RWG,
33
@@ -XXX,XX +XXX,XX @@ OBJECT_DECLARE_SIMPLE_TYPE(IMXSerialState, IMX_SERIAL)
18
DEF_HELPER_FLAGS_5(gvec_qrdmlsh_s32, TCG_CALL_NO_RWG,
34
19
void, ptr, ptr, ptr, ptr, i32)
35
#define UCR4_DREN BIT(0) /* Receive Data Ready interrupt enable */
20
36
#define UCR4_TCEN BIT(3) /* TX complete interrupt enable */
21
+DEF_HELPER_FLAGS_5(gvec_fcaddh, TCG_CALL_NO_RWG,
37
+#define UCR4_WKEN BIT(7) /* WAKE interrupt enable */
22
+ void, ptr, ptr, ptr, ptr, i32)
38
23
+DEF_HELPER_FLAGS_5(gvec_fcadds, TCG_CALL_NO_RWG,
39
#define UTS1_TXEMPTY (1<<6)
24
+ void, ptr, ptr, ptr, ptr, i32)
40
#define UTS1_RXEMPTY (1<<5)
25
+DEF_HELPER_FLAGS_5(gvec_fcaddd, TCG_CALL_NO_RWG,
41
diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
26
+ void, ptr, ptr, ptr, ptr, i32)
42
index XXXXXXX..XXXXXXX 100644
43
--- a/hw/char/imx_serial.c
44
+++ b/hw/char/imx_serial.c
45
@@ -XXX,XX +XXX,XX @@ static void imx_update(IMXSerialState *s)
46
* TCEN and TXDC are both bit 3
47
* RDR and DREN are both bit 0
48
*/
49
- mask |= s->ucr4 & (UCR4_TCEN | UCR4_DREN);
50
+ mask |= s->ucr4 & (UCR4_WKEN | UCR4_TCEN | UCR4_DREN);
51
52
usr2 = s->usr2 & mask;
53
54
@@ -XXX,XX +XXX,XX @@ static void imx_put_data(void *opaque, uint32_t value)
55
56
static void imx_receive(void *opaque, const uint8_t *buf, int size)
57
{
58
+ IMXSerialState *s = (IMXSerialState *)opaque;
27
+
59
+
28
#ifdef TARGET_AARCH64
60
+ s->usr2 |= USR2_WAKE;
29
#include "helper-a64.h"
61
imx_put_data(opaque, *buf);
30
#endif
31
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
32
index XXXXXXX..XXXXXXX 100644
33
--- a/target/arm/translate-a64.c
34
+++ b/target/arm/translate-a64.c
35
@@ -XXX,XX +XXX,XX @@ static void gen_gvec_op3_env(DisasContext *s, bool is_q, int rd,
36
is_q ? 16 : 8, vec_full_reg_size(s), 0, fn);
37
}
62
}
38
63
39
+/* Expand a 3-operand + fpstatus pointer + simd data value operation using
40
+ * an out-of-line helper.
41
+ */
42
+static void gen_gvec_op3_fpst(DisasContext *s, bool is_q, int rd, int rn,
43
+ int rm, bool is_fp16, int data,
44
+ gen_helper_gvec_3_ptr *fn)
45
+{
46
+ TCGv_ptr fpst = get_fpstatus_ptr(is_fp16);
47
+ tcg_gen_gvec_3_ptr(vec_full_reg_offset(s, rd),
48
+ vec_full_reg_offset(s, rn),
49
+ vec_full_reg_offset(s, rm), fpst,
50
+ is_q ? 16 : 8, vec_full_reg_size(s), data, fn);
51
+ tcg_temp_free_ptr(fpst);
52
+}
53
+
54
/* Set ZF and NF based on a 64 bit result. This is alas fiddlier
55
* than the 32 bit equivalent.
56
*/
57
@@ -XXX,XX +XXX,XX @@ static void disas_simd_three_reg_same_extra(DisasContext *s, uint32_t insn)
58
int size = extract32(insn, 22, 2);
59
bool u = extract32(insn, 29, 1);
60
bool is_q = extract32(insn, 30, 1);
61
- int feature;
62
+ int feature, rot;
63
64
switch (u * 16 + opcode) {
65
case 0x10: /* SQRDMLAH (vector) */
66
@@ -XXX,XX +XXX,XX @@ static void disas_simd_three_reg_same_extra(DisasContext *s, uint32_t insn)
67
}
68
feature = ARM_FEATURE_V8_RDM;
69
break;
70
+ case 0xc: /* FCADD, #90 */
71
+ case 0xe: /* FCADD, #270 */
72
+ if (size == 0
73
+ || (size == 1 && !arm_dc_feature(s, ARM_FEATURE_V8_FP16))
74
+ || (size == 3 && !is_q)) {
75
+ unallocated_encoding(s);
76
+ return;
77
+ }
78
+ feature = ARM_FEATURE_V8_FCMA;
79
+ break;
80
default:
81
unallocated_encoding(s);
82
return;
83
@@ -XXX,XX +XXX,XX @@ static void disas_simd_three_reg_same_extra(DisasContext *s, uint32_t insn)
84
}
85
return;
86
87
+ case 0xc: /* FCADD, #90 */
88
+ case 0xe: /* FCADD, #270 */
89
+ rot = extract32(opcode, 1, 1);
90
+ switch (size) {
91
+ case 1:
92
+ gen_gvec_op3_fpst(s, is_q, rd, rn, rm, size == 1, rot,
93
+ gen_helper_gvec_fcaddh);
94
+ break;
95
+ case 2:
96
+ gen_gvec_op3_fpst(s, is_q, rd, rn, rm, size == 1, rot,
97
+ gen_helper_gvec_fcadds);
98
+ break;
99
+ case 3:
100
+ gen_gvec_op3_fpst(s, is_q, rd, rn, rm, size == 1, rot,
101
+ gen_helper_gvec_fcaddd);
102
+ break;
103
+ default:
104
+ g_assert_not_reached();
105
+ }
106
+ return;
107
+
108
default:
109
g_assert_not_reached();
110
}
111
diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
112
index XXXXXXX..XXXXXXX 100644
113
--- a/target/arm/vec_helper.c
114
+++ b/target/arm/vec_helper.c
115
@@ -XXX,XX +XXX,XX @@
116
#include "exec/exec-all.h"
117
#include "exec/helper-proto.h"
118
#include "tcg/tcg-gvec-desc.h"
119
+#include "fpu/softfloat.h"
120
121
122
+/* Note that vector data is stored in host-endian 64-bit chunks,
123
+ so addressing units smaller than that needs a host-endian fixup. */
124
+#ifdef HOST_WORDS_BIGENDIAN
125
+#define H1(x) ((x) ^ 7)
126
+#define H2(x) ((x) ^ 3)
127
+#define H4(x) ((x) ^ 1)
128
+#else
129
+#define H1(x) (x)
130
+#define H2(x) (x)
131
+#define H4(x) (x)
132
+#endif
133
+
134
#define SET_QC() env->vfp.xregs[ARM_VFP_FPSCR] |= CPSR_Q
135
136
static void clear_tail(void *vd, uintptr_t opr_sz, uintptr_t max_sz)
137
@@ -XXX,XX +XXX,XX @@ void HELPER(gvec_qrdmlsh_s32)(void *vd, void *vn, void *vm,
138
}
139
clear_tail(d, opr_sz, simd_maxsz(desc));
140
}
141
+
142
+void HELPER(gvec_fcaddh)(void *vd, void *vn, void *vm,
143
+ void *vfpst, uint32_t desc)
144
+{
145
+ uintptr_t opr_sz = simd_oprsz(desc);
146
+ float16 *d = vd;
147
+ float16 *n = vn;
148
+ float16 *m = vm;
149
+ float_status *fpst = vfpst;
150
+ uint32_t neg_real = extract32(desc, SIMD_DATA_SHIFT, 1);
151
+ uint32_t neg_imag = neg_real ^ 1;
152
+ uintptr_t i;
153
+
154
+ /* Shift boolean to the sign bit so we can xor to negate. */
155
+ neg_real <<= 15;
156
+ neg_imag <<= 15;
157
+
158
+ for (i = 0; i < opr_sz / 2; i += 2) {
159
+ float16 e0 = n[H2(i)];
160
+ float16 e1 = m[H2(i + 1)] ^ neg_imag;
161
+ float16 e2 = n[H2(i + 1)];
162
+ float16 e3 = m[H2(i)] ^ neg_real;
163
+
164
+ d[H2(i)] = float16_add(e0, e1, fpst);
165
+ d[H2(i + 1)] = float16_add(e2, e3, fpst);
166
+ }
167
+ clear_tail(d, opr_sz, simd_maxsz(desc));
168
+}
169
+
170
+void HELPER(gvec_fcadds)(void *vd, void *vn, void *vm,
171
+ void *vfpst, uint32_t desc)
172
+{
173
+ uintptr_t opr_sz = simd_oprsz(desc);
174
+ float32 *d = vd;
175
+ float32 *n = vn;
176
+ float32 *m = vm;
177
+ float_status *fpst = vfpst;
178
+ uint32_t neg_real = extract32(desc, SIMD_DATA_SHIFT, 1);
179
+ uint32_t neg_imag = neg_real ^ 1;
180
+ uintptr_t i;
181
+
182
+ /* Shift boolean to the sign bit so we can xor to negate. */
183
+ neg_real <<= 31;
184
+ neg_imag <<= 31;
185
+
186
+ for (i = 0; i < opr_sz / 4; i += 2) {
187
+ float32 e0 = n[H4(i)];
188
+ float32 e1 = m[H4(i + 1)] ^ neg_imag;
189
+ float32 e2 = n[H4(i + 1)];
190
+ float32 e3 = m[H4(i)] ^ neg_real;
191
+
192
+ d[H4(i)] = float32_add(e0, e1, fpst);
193
+ d[H4(i + 1)] = float32_add(e2, e3, fpst);
194
+ }
195
+ clear_tail(d, opr_sz, simd_maxsz(desc));
196
+}
197
+
198
+void HELPER(gvec_fcaddd)(void *vd, void *vn, void *vm,
199
+ void *vfpst, uint32_t desc)
200
+{
201
+ uintptr_t opr_sz = simd_oprsz(desc);
202
+ float64 *d = vd;
203
+ float64 *n = vn;
204
+ float64 *m = vm;
205
+ float_status *fpst = vfpst;
206
+ uint64_t neg_real = extract64(desc, SIMD_DATA_SHIFT, 1);
207
+ uint64_t neg_imag = neg_real ^ 1;
208
+ uintptr_t i;
209
+
210
+ /* Shift boolean to the sign bit so we can xor to negate. */
211
+ neg_real <<= 63;
212
+ neg_imag <<= 63;
213
+
214
+ for (i = 0; i < opr_sz / 8; i += 2) {
215
+ float64 e0 = n[i];
216
+ float64 e1 = m[i + 1] ^ neg_imag;
217
+ float64 e2 = n[i + 1];
218
+ float64 e3 = m[i] ^ neg_real;
219
+
220
+ d[i] = float64_add(e0, e1, fpst);
221
+ d[i + 1] = float64_add(e2, e3, fpst);
222
+ }
223
+ clear_tail(d, opr_sz, simd_maxsz(desc));
224
+}
225
--
64
--
226
2.16.2
65
2.34.1
227
66
228
67
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
2
2
3
We plan to add more hardware information into DeviceTree to limit amount
4
of hardcoded values in firmware.
5
6
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
7
Message-id: 20230531171834.236569-1-marcin.juszkiewicz@linaro.org
8
[PMM: fix format nits, add text about platform version fields from
9
a comment in the C source file]
3
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
Message-id: 20180228193125.20577-8-richard.henderson@linaro.org
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
12
---
8
target/arm/translate.c | 86 +++++++++++++++++++++++++++++++++++++++-----------
13
docs/system/arm/sbsa.rst | 38 +++++++++++++++++++++++++++++++-------
9
1 file changed, 67 insertions(+), 19 deletions(-)
14
1 file changed, 31 insertions(+), 7 deletions(-)
10
15
11
diff --git a/target/arm/translate.c b/target/arm/translate.c
16
diff --git a/docs/system/arm/sbsa.rst b/docs/system/arm/sbsa.rst
12
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
13
--- a/target/arm/translate.c
18
--- a/docs/system/arm/sbsa.rst
14
+++ b/target/arm/translate.c
19
+++ b/docs/system/arm/sbsa.rst
15
@@ -XXX,XX +XXX,XX @@
20
@@ -XXX,XX +XXX,XX @@ any real hardware the ``sbsa-ref`` board intends to look like real
16
#include "disas/disas.h"
21
hardware. The `Server Base System Architecture
17
#include "exec/exec-all.h"
22
<https://developer.arm.com/documentation/den0029/latest>`_ defines a
18
#include "tcg-op.h"
23
minimum base line of hardware support and importantly how the firmware
19
+#include "tcg-op-gvec.h"
24
-reports that to any operating system. It is a static system that
20
#include "qemu/log.h"
25
-reports a very minimal DT to the firmware for non-discoverable
21
#include "qemu/bitops.h"
26
-information about components affected by the qemu command line (i.e.
22
#include "arm_ldst.h"
27
-cpus and memory). As a result it must have a firmware specifically
23
@@ -XXX,XX +XXX,XX @@ static void gen_neon_narrow_op(int op, int u, int size,
28
-built to expect a certain hardware layout (as you would in a real
24
#define NEON_3R_VPMAX 20
29
-machine).
25
#define NEON_3R_VPMIN 21
30
+reports that to any operating system.
26
#define NEON_3R_VQDMULH_VQRDMULH 22
31
27
-#define NEON_3R_VPADD 23
32
It is intended to be a machine for developing firmware and testing
28
+#define NEON_3R_VPADD_VQRDMLAH 23
33
standards compliance with operating systems.
29
#define NEON_3R_SHA 24 /* SHA1C,SHA1P,SHA1M,SHA1SU0,SHA256H{2},SHA256SU1 */
34
@@ -XXX,XX +XXX,XX @@ standards compliance with operating systems.
30
-#define NEON_3R_VFM 25 /* VFMA, VFMS : float fused multiply-add */
35
Supported devices
31
+#define NEON_3R_VFM_VQRDMLSH 25 /* VFMA, VFMS, VQRDMLSH */
36
"""""""""""""""""
32
#define NEON_3R_FLOAT_ARITH 26 /* float VADD, VSUB, VPADD, VABD */
37
33
#define NEON_3R_FLOAT_MULTIPLY 27 /* float VMLA, VMLS, VMUL */
38
-The sbsa-ref board supports:
34
#define NEON_3R_FLOAT_CMP 28 /* float VCEQ, VCGE, VCGT */
39
+The ``sbsa-ref`` board supports:
35
@@ -XXX,XX +XXX,XX @@ static const uint8_t neon_3r_sizes[] = {
40
36
[NEON_3R_VPMAX] = 0x7,
41
- A configurable number of AArch64 CPUs
37
[NEON_3R_VPMIN] = 0x7,
42
- GIC version 3
38
[NEON_3R_VQDMULH_VQRDMULH] = 0x6,
43
@@ -XXX,XX +XXX,XX @@ The sbsa-ref board supports:
39
- [NEON_3R_VPADD] = 0x7,
44
- Bochs display adapter on PCIe bus
40
+ [NEON_3R_VPADD_VQRDMLAH] = 0x7,
45
- A generic SBSA watchdog device
41
[NEON_3R_SHA] = 0xf, /* size field encodes op type */
42
- [NEON_3R_VFM] = 0x5, /* size bit 1 encodes op */
43
+ [NEON_3R_VFM_VQRDMLSH] = 0x7, /* For VFM, size bit 1 encodes op */
44
[NEON_3R_FLOAT_ARITH] = 0x5, /* size bit 1 encodes op */
45
[NEON_3R_FLOAT_MULTIPLY] = 0x5, /* size bit 1 encodes op */
46
[NEON_3R_FLOAT_CMP] = 0x5, /* size bit 1 encodes op */
47
@@ -XXX,XX +XXX,XX @@ static const uint8_t neon_2rm_sizes[] = {
48
[NEON_2RM_VCVT_UF] = 0x4,
49
};
50
46
51
+
47
+
52
+/* Expand v8.1 simd helper. */
48
+Board to firmware interface
53
+static int do_v81_helper(DisasContext *s, gen_helper_gvec_3_ptr *fn,
49
+"""""""""""""""""""""""""""
54
+ int q, int rd, int rn, int rm)
55
+{
56
+ if (arm_dc_feature(s, ARM_FEATURE_V8_RDM)) {
57
+ int opr_sz = (1 + q) * 8;
58
+ tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd),
59
+ vfp_reg_offset(1, rn),
60
+ vfp_reg_offset(1, rm), cpu_env,
61
+ opr_sz, opr_sz, 0, fn);
62
+ return 0;
63
+ }
64
+ return 1;
65
+}
66
+
50
+
67
/* Translate a NEON data processing instruction. Return nonzero if the
51
+``sbsa-ref`` is a static system that reports a very minimal devicetree to the
68
instruction is invalid.
52
+firmware for non-discoverable information about system components. This
69
We process data in a mixture of 32-bit and 64-bit chunks.
53
+includes both internal hardware and parts affected by the qemu command line
70
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
54
+(i.e. CPUs and memory). As a result it must have a firmware specifically built
71
if (q && ((rd | rn | rm) & 1)) {
55
+to expect a certain hardware layout (as you would in a real machine).
72
return 1;
73
}
74
- /*
75
- * The SHA-1/SHA-256 3-register instructions require special treatment
76
- * here, as their size field is overloaded as an op type selector, and
77
- * they all consume their input in a single pass.
78
- */
79
- if (op == NEON_3R_SHA) {
80
+ switch (op) {
81
+ case NEON_3R_SHA:
82
+ /* The SHA-1/SHA-256 3-register instructions require special
83
+ * treatment here, as their size field is overloaded as an
84
+ * op type selector, and they all consume their input in a
85
+ * single pass.
86
+ */
87
if (!q) {
88
return 1;
89
}
90
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
91
tcg_temp_free_ptr(ptr2);
92
tcg_temp_free_ptr(ptr3);
93
return 0;
94
+
56
+
95
+ case NEON_3R_VPADD_VQRDMLAH:
57
+DeviceTree information
96
+ if (!u) {
58
+''''''''''''''''''''''
97
+ break; /* VPADD */
98
+ }
99
+ /* VQRDMLAH */
100
+ switch (size) {
101
+ case 1:
102
+ return do_v81_helper(s, gen_helper_gvec_qrdmlah_s16,
103
+ q, rd, rn, rm);
104
+ case 2:
105
+ return do_v81_helper(s, gen_helper_gvec_qrdmlah_s32,
106
+ q, rd, rn, rm);
107
+ }
108
+ return 1;
109
+
59
+
110
+ case NEON_3R_VFM_VQRDMLSH:
60
+The devicetree provided by the board model to the firmware is not intended
111
+ if (!u) {
61
+to be a complete compliant DT. It currently reports:
112
+ /* VFM, VFMS */
62
+
113
+ if (size == 1) {
63
+ - CPUs
114
+ return 1;
64
+ - memory
115
+ }
65
+ - platform version
116
+ break;
66
+ - GIC addresses
117
+ }
67
+
118
+ /* VQRDMLSH */
68
+The platform version is only for informing platform firmware about
119
+ switch (size) {
69
+what kind of ``sbsa-ref`` board it is running on. It is neither
120
+ case 1:
70
+a QEMU versioned machine type nor a reflection of the level of the
121
+ return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s16,
71
+SBSA/SystemReady SR support provided.
122
+ q, rd, rn, rm);
72
+
123
+ case 2:
73
+The ``machine-version-major`` value is updated when changes breaking
124
+ return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s32,
74
+fw compatibility are introduced. The ``machine-version-minor`` value
125
+ q, rd, rn, rm);
75
+is updated when features are added that don't break fw compatibility.
126
+ }
127
+ return 1;
128
}
129
if (size == 3 && op != NEON_3R_LOGIC) {
130
/* 64-bit element instructions. */
131
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
132
rm = rtmp;
133
}
134
break;
135
- case NEON_3R_VPADD:
136
- if (u) {
137
- return 1;
138
- }
139
- /* Fall through */
140
+ case NEON_3R_VPADD_VQRDMLAH:
141
case NEON_3R_VPMAX:
142
case NEON_3R_VPMIN:
143
pairwise = 1;
144
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
145
return 1;
146
}
147
break;
148
- case NEON_3R_VFM:
149
- if (!arm_dc_feature(s, ARM_FEATURE_VFP4) || u) {
150
+ case NEON_3R_VFM_VQRDMLSH:
151
+ if (!arm_dc_feature(s, ARM_FEATURE_VFP4)) {
152
return 1;
153
}
154
break;
155
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
156
}
157
}
158
break;
159
- case NEON_3R_VPADD:
160
+ case NEON_3R_VPADD_VQRDMLAH:
161
switch (size) {
162
case 0: gen_helper_neon_padd_u8(tmp, tmp, tmp2); break;
163
case 1: gen_helper_neon_padd_u16(tmp, tmp, tmp2); break;
164
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
165
}
166
}
167
break;
168
- case NEON_3R_VFM:
169
+ case NEON_3R_VFM_VQRDMLSH:
170
{
171
/* VFMA, VFMS: fused multiply-add */
172
TCGv_ptr fpstatus = get_fpstatus_ptr(1);
173
--
76
--
174
2.16.2
77
2.34.1
175
176
diff view generated by jsdifflib
1
From: Alistair Francis <alistair.francis@xilinx.com>
1
From: Sergey Kambalin <sergey.kambalin@auriga.com>
2
2
3
Initial commit of the ZynqMP RTC device.
3
Signed-off-by: Sergey Kambalin <sergey.kambalin@auriga.com>
4
4
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
5
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
5
Acked-by: Richard Henderson <richard.henderson@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
6
Message-id: 20230612223456.33824-2-philmd@linaro.org
7
Message-Id: <20230531155258.8361-1-sergey.kambalin@auriga.com>
8
[PMD: Split from bigger patch: 1/4]
9
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
11
---
9
hw/timer/Makefile.objs | 1 +
12
include/hw/misc/raspberrypi-fw-defs.h | 163 ++++++++++++++++++++++++++
10
include/hw/timer/xlnx-zynqmp-rtc.h | 84 +++++++++++++++
13
1 file changed, 163 insertions(+)
11
hw/timer/xlnx-zynqmp-rtc.c | 214 +++++++++++++++++++++++++++++++++++++
14
create mode 100644 include/hw/misc/raspberrypi-fw-defs.h
12
3 files changed, 299 insertions(+)
13
create mode 100644 include/hw/timer/xlnx-zynqmp-rtc.h
14
create mode 100644 hw/timer/xlnx-zynqmp-rtc.c
15
15
16
diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
16
diff --git a/include/hw/misc/raspberrypi-fw-defs.h b/include/hw/misc/raspberrypi-fw-defs.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/hw/timer/Makefile.objs
19
+++ b/hw/timer/Makefile.objs
20
@@ -XXX,XX +XXX,XX @@ common-obj-$(CONFIG_IMX) += imx_epit.o
21
common-obj-$(CONFIG_IMX) += imx_gpt.o
22
common-obj-$(CONFIG_LM32) += lm32_timer.o
23
common-obj-$(CONFIG_MILKYMIST) += milkymist-sysctl.o
24
+common-obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp-rtc.o
25
26
obj-$(CONFIG_ALTERA_TIMER) += altera_timer.o
27
obj-$(CONFIG_EXYNOS4) += exynos4210_mct.o
28
diff --git a/include/hw/timer/xlnx-zynqmp-rtc.h b/include/hw/timer/xlnx-zynqmp-rtc.h
29
new file mode 100644
17
new file mode 100644
30
index XXXXXXX..XXXXXXX
18
index XXXXXXX..XXXXXXX
31
--- /dev/null
19
--- /dev/null
32
+++ b/include/hw/timer/xlnx-zynqmp-rtc.h
20
+++ b/include/hw/misc/raspberrypi-fw-defs.h
33
@@ -XXX,XX +XXX,XX @@
21
@@ -XXX,XX +XXX,XX @@
34
+/*
22
+/*
35
+ * QEMU model of the Xilinx ZynqMP Real Time Clock (RTC).
23
+ * Raspberry Pi firmware definitions
36
+ *
24
+ *
37
+ * Copyright (c) 2017 Xilinx Inc.
25
+ * Copyright (C) 2022 Auriga LLC, based on Linux kernel
26
+ * `include/soc/bcm2835/raspberrypi-firmware.h` (Copyright © 2015 Broadcom)
38
+ *
27
+ *
39
+ * Written-by: Alistair Francis <alistair.francis@xilinx.com>
28
+ * SPDX-License-Identifier: GPL-2.0-or-later
40
+ *
41
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
42
+ * of this software and associated documentation files (the "Software"), to deal
43
+ * in the Software without restriction, including without limitation the rights
44
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
45
+ * copies of the Software, and to permit persons to whom the Software is
46
+ * furnished to do so, subject to the following conditions:
47
+ *
48
+ * The above copyright notice and this permission notice shall be included in
49
+ * all copies or substantial portions of the Software.
50
+ *
51
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
52
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
53
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
54
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
55
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
56
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
57
+ * THE SOFTWARE.
58
+ */
29
+ */
59
+
30
+
60
+#include "hw/register.h"
31
+#ifndef INCLUDE_HW_MISC_RASPBERRYPI_FW_DEFS_H_
61
+
32
+#define INCLUDE_HW_MISC_RASPBERRYPI_FW_DEFS_H_
62
+#define TYPE_XLNX_ZYNQMP_RTC "xlnx-zynmp.rtc"
63
+
64
+#define XLNX_ZYNQMP_RTC(obj) \
65
+ OBJECT_CHECK(XlnxZynqMPRTC, (obj), TYPE_XLNX_ZYNQMP_RTC)
66
+
67
+REG32(SET_TIME_WRITE, 0x0)
68
+REG32(SET_TIME_READ, 0x4)
69
+REG32(CALIB_WRITE, 0x8)
70
+ FIELD(CALIB_WRITE, FRACTION_EN, 20, 1)
71
+ FIELD(CALIB_WRITE, FRACTION_DATA, 16, 4)
72
+ FIELD(CALIB_WRITE, MAX_TICK, 0, 16)
73
+REG32(CALIB_READ, 0xc)
74
+ FIELD(CALIB_READ, FRACTION_EN, 20, 1)
75
+ FIELD(CALIB_READ, FRACTION_DATA, 16, 4)
76
+ FIELD(CALIB_READ, MAX_TICK, 0, 16)
77
+REG32(CURRENT_TIME, 0x10)
78
+REG32(CURRENT_TICK, 0x14)
79
+ FIELD(CURRENT_TICK, VALUE, 0, 16)
80
+REG32(ALARM, 0x18)
81
+REG32(RTC_INT_STATUS, 0x20)
82
+ FIELD(RTC_INT_STATUS, ALARM, 1, 1)
83
+ FIELD(RTC_INT_STATUS, SECONDS, 0, 1)
84
+REG32(RTC_INT_MASK, 0x24)
85
+ FIELD(RTC_INT_MASK, ALARM, 1, 1)
86
+ FIELD(RTC_INT_MASK, SECONDS, 0, 1)
87
+REG32(RTC_INT_EN, 0x28)
88
+ FIELD(RTC_INT_EN, ALARM, 1, 1)
89
+ FIELD(RTC_INT_EN, SECONDS, 0, 1)
90
+REG32(RTC_INT_DIS, 0x2c)
91
+ FIELD(RTC_INT_DIS, ALARM, 1, 1)
92
+ FIELD(RTC_INT_DIS, SECONDS, 0, 1)
93
+REG32(ADDR_ERROR, 0x30)
94
+ FIELD(ADDR_ERROR, STATUS, 0, 1)
95
+REG32(ADDR_ERROR_INT_MASK, 0x34)
96
+ FIELD(ADDR_ERROR_INT_MASK, MASK, 0, 1)
97
+REG32(ADDR_ERROR_INT_EN, 0x38)
98
+ FIELD(ADDR_ERROR_INT_EN, MASK, 0, 1)
99
+REG32(ADDR_ERROR_INT_DIS, 0x3c)
100
+ FIELD(ADDR_ERROR_INT_DIS, MASK, 0, 1)
101
+REG32(CONTROL, 0x40)
102
+ FIELD(CONTROL, BATTERY_DISABLE, 31, 1)
103
+ FIELD(CONTROL, OSC_CNTRL, 24, 4)
104
+ FIELD(CONTROL, SLVERR_ENABLE, 0, 1)
105
+REG32(SAFETY_CHK, 0x50)
106
+
107
+#define XLNX_ZYNQMP_RTC_R_MAX (R_SAFETY_CHK + 1)
108
+
109
+typedef struct XlnxZynqMPRTC {
110
+ SysBusDevice parent_obj;
111
+ MemoryRegion iomem;
112
+ qemu_irq irq_rtc_int;
113
+ qemu_irq irq_addr_error_int;
114
+
115
+ uint32_t regs[XLNX_ZYNQMP_RTC_R_MAX];
116
+ RegisterInfo regs_info[XLNX_ZYNQMP_RTC_R_MAX];
117
+} XlnxZynqMPRTC;
118
diff --git a/hw/timer/xlnx-zynqmp-rtc.c b/hw/timer/xlnx-zynqmp-rtc.c
119
new file mode 100644
120
index XXXXXXX..XXXXXXX
121
--- /dev/null
122
+++ b/hw/timer/xlnx-zynqmp-rtc.c
123
@@ -XXX,XX +XXX,XX @@
124
+/*
125
+ * QEMU model of the Xilinx ZynqMP Real Time Clock (RTC).
126
+ *
127
+ * Copyright (c) 2017 Xilinx Inc.
128
+ *
129
+ * Written-by: Alistair Francis <alistair.francis@xilinx.com>
130
+ *
131
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
132
+ * of this software and associated documentation files (the "Software"), to deal
133
+ * in the Software without restriction, including without limitation the rights
134
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
135
+ * copies of the Software, and to permit persons to whom the Software is
136
+ * furnished to do so, subject to the following conditions:
137
+ *
138
+ * The above copyright notice and this permission notice shall be included in
139
+ * all copies or substantial portions of the Software.
140
+ *
141
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
142
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
143
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
144
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
145
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
146
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
147
+ * THE SOFTWARE.
148
+ */
149
+
33
+
150
+#include "qemu/osdep.h"
34
+#include "qemu/osdep.h"
151
+#include "hw/sysbus.h"
152
+#include "hw/register.h"
153
+#include "qemu/bitops.h"
154
+#include "qemu/log.h"
155
+#include "hw/timer/xlnx-zynqmp-rtc.h"
156
+
35
+
157
+#ifndef XLNX_ZYNQMP_RTC_ERR_DEBUG
36
+enum rpi_firmware_property_tag {
158
+#define XLNX_ZYNQMP_RTC_ERR_DEBUG 0
37
+ RPI_FWREQ_PROPERTY_END = 0,
159
+#endif
38
+ RPI_FWREQ_GET_FIRMWARE_REVISION = 0x00000001,
39
+ RPI_FWREQ_GET_FIRMWARE_VARIANT = 0x00000002,
40
+ RPI_FWREQ_GET_FIRMWARE_HASH = 0x00000003,
160
+
41
+
161
+static void rtc_int_update_irq(XlnxZynqMPRTC *s)
42
+ RPI_FWREQ_SET_CURSOR_INFO = 0x00008010,
162
+{
43
+ RPI_FWREQ_SET_CURSOR_STATE = 0x00008011,
163
+ bool pending = s->regs[R_RTC_INT_STATUS] & ~s->regs[R_RTC_INT_MASK];
164
+ qemu_set_irq(s->irq_rtc_int, pending);
165
+}
166
+
44
+
167
+static void addr_error_int_update_irq(XlnxZynqMPRTC *s)
45
+ RPI_FWREQ_GET_BOARD_MODEL = 0x00010001,
168
+{
46
+ RPI_FWREQ_GET_BOARD_REVISION = 0x00010002,
169
+ bool pending = s->regs[R_ADDR_ERROR] & ~s->regs[R_ADDR_ERROR_INT_MASK];
47
+ RPI_FWREQ_GET_BOARD_MAC_ADDRESS = 0x00010003,
170
+ qemu_set_irq(s->irq_addr_error_int, pending);
48
+ RPI_FWREQ_GET_BOARD_SERIAL = 0x00010004,
171
+}
49
+ RPI_FWREQ_GET_ARM_MEMORY = 0x00010005,
50
+ RPI_FWREQ_GET_VC_MEMORY = 0x00010006,
51
+ RPI_FWREQ_GET_CLOCKS = 0x00010007,
52
+ RPI_FWREQ_GET_POWER_STATE = 0x00020001,
53
+ RPI_FWREQ_GET_TIMING = 0x00020002,
54
+ RPI_FWREQ_SET_POWER_STATE = 0x00028001,
55
+ RPI_FWREQ_GET_CLOCK_STATE = 0x00030001,
56
+ RPI_FWREQ_GET_CLOCK_RATE = 0x00030002,
57
+ RPI_FWREQ_GET_VOLTAGE = 0x00030003,
58
+ RPI_FWREQ_GET_MAX_CLOCK_RATE = 0x00030004,
59
+ RPI_FWREQ_GET_MAX_VOLTAGE = 0x00030005,
60
+ RPI_FWREQ_GET_TEMPERATURE = 0x00030006,
61
+ RPI_FWREQ_GET_MIN_CLOCK_RATE = 0x00030007,
62
+ RPI_FWREQ_GET_MIN_VOLTAGE = 0x00030008,
63
+ RPI_FWREQ_GET_TURBO = 0x00030009,
64
+ RPI_FWREQ_GET_MAX_TEMPERATURE = 0x0003000a,
65
+ RPI_FWREQ_GET_STC = 0x0003000b,
66
+ RPI_FWREQ_ALLOCATE_MEMORY = 0x0003000c,
67
+ RPI_FWREQ_LOCK_MEMORY = 0x0003000d,
68
+ RPI_FWREQ_UNLOCK_MEMORY = 0x0003000e,
69
+ RPI_FWREQ_RELEASE_MEMORY = 0x0003000f,
70
+ RPI_FWREQ_EXECUTE_CODE = 0x00030010,
71
+ RPI_FWREQ_EXECUTE_QPU = 0x00030011,
72
+ RPI_FWREQ_SET_ENABLE_QPU = 0x00030012,
73
+ RPI_FWREQ_GET_DISPMANX_RESOURCE_MEM_HANDLE = 0x00030014,
74
+ RPI_FWREQ_GET_EDID_BLOCK = 0x00030020,
75
+ RPI_FWREQ_GET_CUSTOMER_OTP = 0x00030021,
76
+ RPI_FWREQ_GET_EDID_BLOCK_DISPLAY = 0x00030023,
77
+ RPI_FWREQ_GET_DOMAIN_STATE = 0x00030030,
78
+ RPI_FWREQ_GET_THROTTLED = 0x00030046,
79
+ RPI_FWREQ_GET_CLOCK_MEASURED = 0x00030047,
80
+ RPI_FWREQ_NOTIFY_REBOOT = 0x00030048,
81
+ RPI_FWREQ_SET_CLOCK_STATE = 0x00038001,
82
+ RPI_FWREQ_SET_CLOCK_RATE = 0x00038002,
83
+ RPI_FWREQ_SET_VOLTAGE = 0x00038003,
84
+ RPI_FWREQ_SET_MAX_CLOCK_RATE = 0x00038004,
85
+ RPI_FWREQ_SET_MIN_CLOCK_RATE = 0x00038007,
86
+ RPI_FWREQ_SET_TURBO = 0x00038009,
87
+ RPI_FWREQ_SET_CUSTOMER_OTP = 0x00038021,
88
+ RPI_FWREQ_SET_DOMAIN_STATE = 0x00038030,
89
+ RPI_FWREQ_GET_GPIO_STATE = 0x00030041,
90
+ RPI_FWREQ_SET_GPIO_STATE = 0x00038041,
91
+ RPI_FWREQ_SET_SDHOST_CLOCK = 0x00038042,
92
+ RPI_FWREQ_GET_GPIO_CONFIG = 0x00030043,
93
+ RPI_FWREQ_SET_GPIO_CONFIG = 0x00038043,
94
+ RPI_FWREQ_GET_PERIPH_REG = 0x00030045,
95
+ RPI_FWREQ_SET_PERIPH_REG = 0x00038045,
96
+ RPI_FWREQ_GET_POE_HAT_VAL = 0x00030049,
97
+ RPI_FWREQ_SET_POE_HAT_VAL = 0x00038049,
98
+ RPI_FWREQ_SET_POE_HAT_VAL_OLD = 0x00030050,
99
+ RPI_FWREQ_NOTIFY_XHCI_RESET = 0x00030058,
100
+ RPI_FWREQ_GET_REBOOT_FLAGS = 0x00030064,
101
+ RPI_FWREQ_SET_REBOOT_FLAGS = 0x00038064,
102
+ RPI_FWREQ_NOTIFY_DISPLAY_DONE = 0x00030066,
172
+
103
+
173
+static void rtc_int_status_postw(RegisterInfo *reg, uint64_t val64)
104
+ /* Dispmanx TAGS */
174
+{
105
+ RPI_FWREQ_FRAMEBUFFER_ALLOCATE = 0x00040001,
175
+ XlnxZynqMPRTC *s = XLNX_ZYNQMP_RTC(reg->opaque);
106
+ RPI_FWREQ_FRAMEBUFFER_BLANK = 0x00040002,
176
+ rtc_int_update_irq(s);
107
+ RPI_FWREQ_FRAMEBUFFER_GET_PHYSICAL_WIDTH_HEIGHT = 0x00040003,
177
+}
108
+ RPI_FWREQ_FRAMEBUFFER_GET_VIRTUAL_WIDTH_HEIGHT = 0x00040004,
109
+ RPI_FWREQ_FRAMEBUFFER_GET_DEPTH = 0x00040005,
110
+ RPI_FWREQ_FRAMEBUFFER_GET_PIXEL_ORDER = 0x00040006,
111
+ RPI_FWREQ_FRAMEBUFFER_GET_ALPHA_MODE = 0x00040007,
112
+ RPI_FWREQ_FRAMEBUFFER_GET_PITCH = 0x00040008,
113
+ RPI_FWREQ_FRAMEBUFFER_GET_VIRTUAL_OFFSET = 0x00040009,
114
+ RPI_FWREQ_FRAMEBUFFER_GET_OVERSCAN = 0x0004000a,
115
+ RPI_FWREQ_FRAMEBUFFER_GET_PALETTE = 0x0004000b,
116
+ RPI_FWREQ_FRAMEBUFFER_GET_LAYER = 0x0004000c,
117
+ RPI_FWREQ_FRAMEBUFFER_GET_TRANSFORM = 0x0004000d,
118
+ RPI_FWREQ_FRAMEBUFFER_GET_VSYNC = 0x0004000e,
119
+ RPI_FWREQ_FRAMEBUFFER_GET_TOUCHBUF = 0x0004000f,
120
+ RPI_FWREQ_FRAMEBUFFER_GET_GPIOVIRTBUF = 0x00040010,
121
+ RPI_FWREQ_FRAMEBUFFER_RELEASE = 0x00048001,
122
+ RPI_FWREQ_FRAMEBUFFER_GET_DISPLAY_ID = 0x00040016,
123
+ RPI_FWREQ_FRAMEBUFFER_SET_DISPLAY_NUM = 0x00048013,
124
+ RPI_FWREQ_FRAMEBUFFER_GET_NUM_DISPLAYS = 0x00040013,
125
+ RPI_FWREQ_FRAMEBUFFER_GET_DISPLAY_SETTINGS = 0x00040014,
126
+ RPI_FWREQ_FRAMEBUFFER_TEST_PHYSICAL_WIDTH_HEIGHT = 0x00044003,
127
+ RPI_FWREQ_FRAMEBUFFER_TEST_VIRTUAL_WIDTH_HEIGHT = 0x00044004,
128
+ RPI_FWREQ_FRAMEBUFFER_TEST_DEPTH = 0x00044005,
129
+ RPI_FWREQ_FRAMEBUFFER_TEST_PIXEL_ORDER = 0x00044006,
130
+ RPI_FWREQ_FRAMEBUFFER_TEST_ALPHA_MODE = 0x00044007,
131
+ RPI_FWREQ_FRAMEBUFFER_TEST_VIRTUAL_OFFSET = 0x00044009,
132
+ RPI_FWREQ_FRAMEBUFFER_TEST_OVERSCAN = 0x0004400a,
133
+ RPI_FWREQ_FRAMEBUFFER_TEST_PALETTE = 0x0004400b,
134
+ RPI_FWREQ_FRAMEBUFFER_TEST_LAYER = 0x0004400c,
135
+ RPI_FWREQ_FRAMEBUFFER_TEST_TRANSFORM = 0x0004400d,
136
+ RPI_FWREQ_FRAMEBUFFER_TEST_VSYNC = 0x0004400e,
137
+ RPI_FWREQ_FRAMEBUFFER_SET_PHYSICAL_WIDTH_HEIGHT = 0x00048003,
138
+ RPI_FWREQ_FRAMEBUFFER_SET_VIRTUAL_WIDTH_HEIGHT = 0x00048004,
139
+ RPI_FWREQ_FRAMEBUFFER_SET_DEPTH = 0x00048005,
140
+ RPI_FWREQ_FRAMEBUFFER_SET_PIXEL_ORDER = 0x00048006,
141
+ RPI_FWREQ_FRAMEBUFFER_SET_ALPHA_MODE = 0x00048007,
142
+ RPI_FWREQ_FRAMEBUFFER_SET_PITCH = 0x00048008,
143
+ RPI_FWREQ_FRAMEBUFFER_SET_VIRTUAL_OFFSET = 0x00048009,
144
+ RPI_FWREQ_FRAMEBUFFER_SET_OVERSCAN = 0x0004800a,
145
+ RPI_FWREQ_FRAMEBUFFER_SET_PALETTE = 0x0004800b,
178
+
146
+
179
+static uint64_t rtc_int_en_prew(RegisterInfo *reg, uint64_t val64)
147
+ RPI_FWREQ_FRAMEBUFFER_SET_TOUCHBUF = 0x0004801f,
180
+{
148
+ RPI_FWREQ_FRAMEBUFFER_SET_GPIOVIRTBUF = 0x00048020,
181
+ XlnxZynqMPRTC *s = XLNX_ZYNQMP_RTC(reg->opaque);
149
+ RPI_FWREQ_FRAMEBUFFER_SET_VSYNC = 0x0004800e,
150
+ RPI_FWREQ_FRAMEBUFFER_SET_LAYER = 0x0004800c,
151
+ RPI_FWREQ_FRAMEBUFFER_SET_TRANSFORM = 0x0004800d,
152
+ RPI_FWREQ_FRAMEBUFFER_SET_BACKLIGHT = 0x0004800f,
182
+
153
+
183
+ s->regs[R_RTC_INT_MASK] &= (uint32_t) ~val64;
154
+ RPI_FWREQ_VCHIQ_INIT = 0x00048010,
184
+ rtc_int_update_irq(s);
185
+ return 0;
186
+}
187
+
155
+
188
+static uint64_t rtc_int_dis_prew(RegisterInfo *reg, uint64_t val64)
156
+ RPI_FWREQ_SET_PLANE = 0x00048015,
189
+{
157
+ RPI_FWREQ_GET_DISPLAY_TIMING = 0x00040017,
190
+ XlnxZynqMPRTC *s = XLNX_ZYNQMP_RTC(reg->opaque);
158
+ RPI_FWREQ_SET_TIMING = 0x00048017,
191
+
159
+ RPI_FWREQ_GET_DISPLAY_CFG = 0x00040018,
192
+ s->regs[R_RTC_INT_MASK] |= (uint32_t) val64;
160
+ RPI_FWREQ_SET_DISPLAY_POWER = 0x00048019,
193
+ rtc_int_update_irq(s);
161
+ RPI_FWREQ_GET_COMMAND_LINE = 0x00050001,
194
+ return 0;
162
+ RPI_FWREQ_GET_DMA_CHANNELS = 0x00060001,
195
+}
196
+
197
+static void addr_error_postw(RegisterInfo *reg, uint64_t val64)
198
+{
199
+ XlnxZynqMPRTC *s = XLNX_ZYNQMP_RTC(reg->opaque);
200
+ addr_error_int_update_irq(s);
201
+}
202
+
203
+static uint64_t addr_error_int_en_prew(RegisterInfo *reg, uint64_t val64)
204
+{
205
+ XlnxZynqMPRTC *s = XLNX_ZYNQMP_RTC(reg->opaque);
206
+
207
+ s->regs[R_ADDR_ERROR_INT_MASK] &= (uint32_t) ~val64;
208
+ addr_error_int_update_irq(s);
209
+ return 0;
210
+}
211
+
212
+static uint64_t addr_error_int_dis_prew(RegisterInfo *reg, uint64_t val64)
213
+{
214
+ XlnxZynqMPRTC *s = XLNX_ZYNQMP_RTC(reg->opaque);
215
+
216
+ s->regs[R_ADDR_ERROR_INT_MASK] |= (uint32_t) val64;
217
+ addr_error_int_update_irq(s);
218
+ return 0;
219
+}
220
+
221
+static const RegisterAccessInfo rtc_regs_info[] = {
222
+ { .name = "SET_TIME_WRITE", .addr = A_SET_TIME_WRITE,
223
+ },{ .name = "SET_TIME_READ", .addr = A_SET_TIME_READ,
224
+ .ro = 0xffffffff,
225
+ },{ .name = "CALIB_WRITE", .addr = A_CALIB_WRITE,
226
+ },{ .name = "CALIB_READ", .addr = A_CALIB_READ,
227
+ .ro = 0x1fffff,
228
+ },{ .name = "CURRENT_TIME", .addr = A_CURRENT_TIME,
229
+ .ro = 0xffffffff,
230
+ },{ .name = "CURRENT_TICK", .addr = A_CURRENT_TICK,
231
+ .ro = 0xffff,
232
+ },{ .name = "ALARM", .addr = A_ALARM,
233
+ },{ .name = "RTC_INT_STATUS", .addr = A_RTC_INT_STATUS,
234
+ .w1c = 0x3,
235
+ .post_write = rtc_int_status_postw,
236
+ },{ .name = "RTC_INT_MASK", .addr = A_RTC_INT_MASK,
237
+ .reset = 0x3,
238
+ .ro = 0x3,
239
+ },{ .name = "RTC_INT_EN", .addr = A_RTC_INT_EN,
240
+ .pre_write = rtc_int_en_prew,
241
+ },{ .name = "RTC_INT_DIS", .addr = A_RTC_INT_DIS,
242
+ .pre_write = rtc_int_dis_prew,
243
+ },{ .name = "ADDR_ERROR", .addr = A_ADDR_ERROR,
244
+ .w1c = 0x1,
245
+ .post_write = addr_error_postw,
246
+ },{ .name = "ADDR_ERROR_INT_MASK", .addr = A_ADDR_ERROR_INT_MASK,
247
+ .reset = 0x1,
248
+ .ro = 0x1,
249
+ },{ .name = "ADDR_ERROR_INT_EN", .addr = A_ADDR_ERROR_INT_EN,
250
+ .pre_write = addr_error_int_en_prew,
251
+ },{ .name = "ADDR_ERROR_INT_DIS", .addr = A_ADDR_ERROR_INT_DIS,
252
+ .pre_write = addr_error_int_dis_prew,
253
+ },{ .name = "CONTROL", .addr = A_CONTROL,
254
+ .reset = 0x1000000,
255
+ .rsvd = 0x70fffffe,
256
+ },{ .name = "SAFETY_CHK", .addr = A_SAFETY_CHK,
257
+ }
258
+};
163
+};
259
+
164
+
260
+static void rtc_reset(DeviceState *dev)
165
+enum rpi_firmware_clk_id {
261
+{
166
+ RPI_FIRMWARE_EMMC_CLK_ID = 1,
262
+ XlnxZynqMPRTC *s = XLNX_ZYNQMP_RTC(dev);
167
+ RPI_FIRMWARE_UART_CLK_ID,
263
+ unsigned int i;
168
+ RPI_FIRMWARE_ARM_CLK_ID,
264
+
169
+ RPI_FIRMWARE_CORE_CLK_ID,
265
+ for (i = 0; i < ARRAY_SIZE(s->regs_info); ++i) {
170
+ RPI_FIRMWARE_V3D_CLK_ID,
266
+ register_reset(&s->regs_info[i]);
171
+ RPI_FIRMWARE_H264_CLK_ID,
267
+ }
172
+ RPI_FIRMWARE_ISP_CLK_ID,
268
+
173
+ RPI_FIRMWARE_SDRAM_CLK_ID,
269
+ rtc_int_update_irq(s);
174
+ RPI_FIRMWARE_PIXEL_CLK_ID,
270
+ addr_error_int_update_irq(s);
175
+ RPI_FIRMWARE_PWM_CLK_ID,
271
+}
176
+ RPI_FIRMWARE_HEVC_CLK_ID,
272
+
177
+ RPI_FIRMWARE_EMMC2_CLK_ID,
273
+static const MemoryRegionOps rtc_ops = {
178
+ RPI_FIRMWARE_M2MC_CLK_ID,
274
+ .read = register_read_memory,
179
+ RPI_FIRMWARE_PIXEL_BVB_CLK_ID,
275
+ .write = register_write_memory,
180
+ RPI_FIRMWARE_VEC_CLK_ID,
276
+ .endianness = DEVICE_LITTLE_ENDIAN,
181
+ RPI_FIRMWARE_NUM_CLK_ID,
277
+ .valid = {
278
+ .min_access_size = 4,
279
+ .max_access_size = 4,
280
+ },
281
+};
182
+};
282
+
183
+
283
+static void rtc_init(Object *obj)
184
+#endif /* INCLUDE_HW_MISC_RASPBERRYPI_FW_DEFS_H_ */
284
+{
285
+ XlnxZynqMPRTC *s = XLNX_ZYNQMP_RTC(obj);
286
+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
287
+ RegisterInfoArray *reg_array;
288
+
289
+ memory_region_init(&s->iomem, obj, TYPE_XLNX_ZYNQMP_RTC,
290
+ XLNX_ZYNQMP_RTC_R_MAX * 4);
291
+ reg_array =
292
+ register_init_block32(DEVICE(obj), rtc_regs_info,
293
+ ARRAY_SIZE(rtc_regs_info),
294
+ s->regs_info, s->regs,
295
+ &rtc_ops,
296
+ XLNX_ZYNQMP_RTC_ERR_DEBUG,
297
+ XLNX_ZYNQMP_RTC_R_MAX * 4);
298
+ memory_region_add_subregion(&s->iomem,
299
+ 0x0,
300
+ &reg_array->mem);
301
+ sysbus_init_mmio(sbd, &s->iomem);
302
+ sysbus_init_irq(sbd, &s->irq_rtc_int);
303
+ sysbus_init_irq(sbd, &s->irq_addr_error_int);
304
+}
305
+
306
+static const VMStateDescription vmstate_rtc = {
307
+ .name = TYPE_XLNX_ZYNQMP_RTC,
308
+ .version_id = 1,
309
+ .minimum_version_id = 1,
310
+ .fields = (VMStateField[]) {
311
+ VMSTATE_UINT32_ARRAY(regs, XlnxZynqMPRTC, XLNX_ZYNQMP_RTC_R_MAX),
312
+ VMSTATE_END_OF_LIST(),
313
+ }
314
+};
315
+
316
+static void rtc_class_init(ObjectClass *klass, void *data)
317
+{
318
+ DeviceClass *dc = DEVICE_CLASS(klass);
319
+
320
+ dc->reset = rtc_reset;
321
+ dc->vmsd = &vmstate_rtc;
322
+}
323
+
324
+static const TypeInfo rtc_info = {
325
+ .name = TYPE_XLNX_ZYNQMP_RTC,
326
+ .parent = TYPE_SYS_BUS_DEVICE,
327
+ .instance_size = sizeof(XlnxZynqMPRTC),
328
+ .class_init = rtc_class_init,
329
+ .instance_init = rtc_init,
330
+};
331
+
332
+static void rtc_register_types(void)
333
+{
334
+ type_register_static(&rtc_info);
335
+}
336
+
337
+type_init(rtc_register_types)
338
--
185
--
339
2.16.2
186
2.34.1
340
187
341
188
diff view generated by jsdifflib
Deleted patch
1
From: Richard Henderson <richard.henderson@linaro.org>
2
1
3
Allow the translate subroutines to return false for invalid insns.
4
5
At present we can of course invoke an invalid insn exception from within
6
the translate subroutine, but in the short term this consolidates code.
7
In the long term it would allow the decodetree language to support
8
overlapping patterns for ISA extensions.
9
10
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
Message-id: 20180227232618.2908-1-richard.henderson@linaro.org
12
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
15
scripts/decodetree.py | 5 ++---
16
1 file changed, 2 insertions(+), 3 deletions(-)
17
18
diff --git a/scripts/decodetree.py b/scripts/decodetree.py
19
index XXXXXXX..XXXXXXX 100755
20
--- a/scripts/decodetree.py
21
+++ b/scripts/decodetree.py
22
@@ -XXX,XX +XXX,XX @@ class Pattern(General):
23
global translate_prefix
24
output('typedef ', self.base.base.struct_name(),
25
' arg_', self.name, ';\n')
26
- output(translate_scope, 'void ', translate_prefix, '_', self.name,
27
+ output(translate_scope, 'bool ', translate_prefix, '_', self.name,
28
'(DisasContext *ctx, arg_', self.name,
29
' *a, ', insntype, ' insn);\n')
30
31
@@ -XXX,XX +XXX,XX @@ class Pattern(General):
32
output(ind, self.base.extract_name(), '(&u.f_', arg, ', insn);\n')
33
for n, f in self.fields.items():
34
output(ind, 'u.f_', arg, '.', n, ' = ', f.str_extract(), ';\n')
35
- output(ind, translate_prefix, '_', self.name,
36
+ output(ind, 'return ', translate_prefix, '_', self.name,
37
'(ctx, &u.f_', arg, ', insn);\n')
38
- output(ind, 'return true;\n')
39
# end Pattern
40
41
42
--
43
2.16.2
44
45
diff view generated by jsdifflib
Deleted patch
1
Move the definition of the struct for the unimplemented-device
2
from unimp.c to unimp.h, so that users can embed the struct
3
in their own device structs if they prefer.
4
1
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20180220180325.29818-10-peter.maydell@linaro.org
9
---
10
include/hw/misc/unimp.h | 10 ++++++++++
11
hw/misc/unimp.c | 10 ----------
12
2 files changed, 10 insertions(+), 10 deletions(-)
13
14
diff --git a/include/hw/misc/unimp.h b/include/hw/misc/unimp.h
15
index XXXXXXX..XXXXXXX 100644
16
--- a/include/hw/misc/unimp.h
17
+++ b/include/hw/misc/unimp.h
18
@@ -XXX,XX +XXX,XX @@
19
20
#define TYPE_UNIMPLEMENTED_DEVICE "unimplemented-device"
21
22
+#define UNIMPLEMENTED_DEVICE(obj) \
23
+ OBJECT_CHECK(UnimplementedDeviceState, (obj), TYPE_UNIMPLEMENTED_DEVICE)
24
+
25
+typedef struct {
26
+ SysBusDevice parent_obj;
27
+ MemoryRegion iomem;
28
+ char *name;
29
+ uint64_t size;
30
+} UnimplementedDeviceState;
31
+
32
/**
33
* create_unimplemented_device: create and map a dummy device
34
* @name: name of the device for debug logging
35
diff --git a/hw/misc/unimp.c b/hw/misc/unimp.c
36
index XXXXXXX..XXXXXXX 100644
37
--- a/hw/misc/unimp.c
38
+++ b/hw/misc/unimp.c
39
@@ -XXX,XX +XXX,XX @@
40
#include "qemu/log.h"
41
#include "qapi/error.h"
42
43
-#define UNIMPLEMENTED_DEVICE(obj) \
44
- OBJECT_CHECK(UnimplementedDeviceState, (obj), TYPE_UNIMPLEMENTED_DEVICE)
45
-
46
-typedef struct {
47
- SysBusDevice parent_obj;
48
- MemoryRegion iomem;
49
- char *name;
50
- uint64_t size;
51
-} UnimplementedDeviceState;
52
-
53
static uint64_t unimp_read(void *opaque, hwaddr offset, unsigned size)
54
{
55
UnimplementedDeviceState *s = UNIMPLEMENTED_DEVICE(opaque);
56
--
57
2.16.2
58
59
diff view generated by jsdifflib
Deleted patch
1
The or-irq.h header file is missing the customary guard against
2
multiple inclusion, which means compilation fails if it gets
3
included twice. Fix the omission.
4
1
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20180220180325.29818-11-peter.maydell@linaro.org
9
---
10
include/hw/or-irq.h | 5 +++++
11
1 file changed, 5 insertions(+)
12
13
diff --git a/include/hw/or-irq.h b/include/hw/or-irq.h
14
index XXXXXXX..XXXXXXX 100644
15
--- a/include/hw/or-irq.h
16
+++ b/include/hw/or-irq.h
17
@@ -XXX,XX +XXX,XX @@
18
* THE SOFTWARE.
19
*/
20
21
+#ifndef HW_OR_IRQ_H
22
+#define HW_OR_IRQ_H
23
+
24
#include "hw/irq.h"
25
#include "hw/sysbus.h"
26
#include "qom/object.h"
27
@@ -XXX,XX +XXX,XX @@ struct OrIRQState {
28
bool levels[MAX_OR_LINES];
29
uint16_t num_lines;
30
};
31
+
32
+#endif
33
--
34
2.16.2
35
36
diff view generated by jsdifflib
Deleted patch
1
From: Richard Henderson <richard.henderson@linaro.org>
2
1
3
Not enabled anywhere yet.
4
5
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20180228193125.20577-2-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
target/arm/cpu.h | 1 +
12
linux-user/elfload.c | 1 +
13
2 files changed, 2 insertions(+)
14
15
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
16
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/cpu.h
18
+++ b/target/arm/cpu.h
19
@@ -XXX,XX +XXX,XX @@ enum arm_features {
20
ARM_FEATURE_V8_SHA3, /* implements SHA3 part of v8 Crypto Extensions */
21
ARM_FEATURE_V8_SM3, /* implements SM3 part of v8 Crypto Extensions */
22
ARM_FEATURE_V8_SM4, /* implements SM4 part of v8 Crypto Extensions */
23
+ ARM_FEATURE_V8_RDM, /* implements v8.1 simd round multiply */
24
ARM_FEATURE_V8_FP16, /* implements v8.2 half-precision float */
25
};
26
27
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
28
index XXXXXXX..XXXXXXX 100644
29
--- a/linux-user/elfload.c
30
+++ b/linux-user/elfload.c
31
@@ -XXX,XX +XXX,XX @@ static uint32_t get_elf_hwcap(void)
32
GET_FEATURE(ARM_FEATURE_V8_SHA512, ARM_HWCAP_A64_SHA512);
33
GET_FEATURE(ARM_FEATURE_V8_FP16,
34
ARM_HWCAP_A64_FPHP | ARM_HWCAP_A64_ASIMDHP);
35
+ GET_FEATURE(ARM_FEATURE_V8_RDM, ARM_HWCAP_A64_ASIMDRDM);
36
#undef GET_FEATURE
37
38
return hwcaps;
39
--
40
2.16.2
41
42
diff view generated by jsdifflib
Deleted patch
1
From: Richard Henderson <richard.henderson@linaro.org>
2
1
3
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
4
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
Message-id: 20180228193125.20577-5-richard.henderson@linaro.org
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
target/arm/Makefile.objs | 2 +-
9
target/arm/helper.h | 4 ++
10
target/arm/translate-a64.c | 84 ++++++++++++++++++++++++++++++++++
11
target/arm/vec_helper.c | 109 +++++++++++++++++++++++++++++++++++++++++++++
12
4 files changed, 198 insertions(+), 1 deletion(-)
13
create mode 100644 target/arm/vec_helper.c
14
15
diff --git a/target/arm/Makefile.objs b/target/arm/Makefile.objs
16
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/Makefile.objs
18
+++ b/target/arm/Makefile.objs
19
@@ -XXX,XX +XXX,XX @@ obj-$(call land,$(CONFIG_KVM),$(call lnot,$(TARGET_AARCH64))) += kvm32.o
20
obj-$(call land,$(CONFIG_KVM),$(TARGET_AARCH64)) += kvm64.o
21
obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
22
obj-y += translate.o op_helper.o helper.o cpu.o
23
-obj-y += neon_helper.o iwmmxt_helper.o
24
+obj-y += neon_helper.o iwmmxt_helper.o vec_helper.o
25
obj-y += gdbstub.o
26
obj-$(TARGET_AARCH64) += cpu64.o translate-a64.o helper-a64.o gdbstub64.o
27
obj-y += crypto_helper.o
28
diff --git a/target/arm/helper.h b/target/arm/helper.h
29
index XXXXXXX..XXXXXXX 100644
30
--- a/target/arm/helper.h
31
+++ b/target/arm/helper.h
32
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_1(neon_rbit_u8, TCG_CALL_NO_RWG_SE, i32, i32)
33
34
DEF_HELPER_3(neon_qdmulh_s16, i32, env, i32, i32)
35
DEF_HELPER_3(neon_qrdmulh_s16, i32, env, i32, i32)
36
+DEF_HELPER_4(neon_qrdmlah_s16, i32, env, i32, i32, i32)
37
+DEF_HELPER_4(neon_qrdmlsh_s16, i32, env, i32, i32, i32)
38
DEF_HELPER_3(neon_qdmulh_s32, i32, env, i32, i32)
39
DEF_HELPER_3(neon_qrdmulh_s32, i32, env, i32, i32)
40
+DEF_HELPER_4(neon_qrdmlah_s32, i32, env, s32, s32, s32)
41
+DEF_HELPER_4(neon_qrdmlsh_s32, i32, env, s32, s32, s32)
42
43
DEF_HELPER_1(neon_narrow_u8, i32, i64)
44
DEF_HELPER_1(neon_narrow_u16, i32, i64)
45
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
46
index XXXXXXX..XXXXXXX 100644
47
--- a/target/arm/translate-a64.c
48
+++ b/target/arm/translate-a64.c
49
@@ -XXX,XX +XXX,XX @@ static void disas_simd_scalar_three_reg_same_fp16(DisasContext *s,
50
tcg_temp_free_ptr(fpst);
51
}
52
53
+/* AdvSIMD scalar three same extra
54
+ * 31 30 29 28 24 23 22 21 20 16 15 14 11 10 9 5 4 0
55
+ * +-----+---+-----------+------+---+------+---+--------+---+----+----+
56
+ * | 0 1 | U | 1 1 1 1 0 | size | 0 | Rm | 1 | opcode | 1 | Rn | Rd |
57
+ * +-----+---+-----------+------+---+------+---+--------+---+----+----+
58
+ */
59
+static void disas_simd_scalar_three_reg_same_extra(DisasContext *s,
60
+ uint32_t insn)
61
+{
62
+ int rd = extract32(insn, 0, 5);
63
+ int rn = extract32(insn, 5, 5);
64
+ int opcode = extract32(insn, 11, 4);
65
+ int rm = extract32(insn, 16, 5);
66
+ int size = extract32(insn, 22, 2);
67
+ bool u = extract32(insn, 29, 1);
68
+ TCGv_i32 ele1, ele2, ele3;
69
+ TCGv_i64 res;
70
+ int feature;
71
+
72
+ switch (u * 16 + opcode) {
73
+ case 0x10: /* SQRDMLAH (vector) */
74
+ case 0x11: /* SQRDMLSH (vector) */
75
+ if (size != 1 && size != 2) {
76
+ unallocated_encoding(s);
77
+ return;
78
+ }
79
+ feature = ARM_FEATURE_V8_RDM;
80
+ break;
81
+ default:
82
+ unallocated_encoding(s);
83
+ return;
84
+ }
85
+ if (!arm_dc_feature(s, feature)) {
86
+ unallocated_encoding(s);
87
+ return;
88
+ }
89
+ if (!fp_access_check(s)) {
90
+ return;
91
+ }
92
+
93
+ /* Do a single operation on the lowest element in the vector.
94
+ * We use the standard Neon helpers and rely on 0 OP 0 == 0
95
+ * with no side effects for all these operations.
96
+ * OPTME: special-purpose helpers would avoid doing some
97
+ * unnecessary work in the helper for the 16 bit cases.
98
+ */
99
+ ele1 = tcg_temp_new_i32();
100
+ ele2 = tcg_temp_new_i32();
101
+ ele3 = tcg_temp_new_i32();
102
+
103
+ read_vec_element_i32(s, ele1, rn, 0, size);
104
+ read_vec_element_i32(s, ele2, rm, 0, size);
105
+ read_vec_element_i32(s, ele3, rd, 0, size);
106
+
107
+ switch (opcode) {
108
+ case 0x0: /* SQRDMLAH */
109
+ if (size == 1) {
110
+ gen_helper_neon_qrdmlah_s16(ele3, cpu_env, ele1, ele2, ele3);
111
+ } else {
112
+ gen_helper_neon_qrdmlah_s32(ele3, cpu_env, ele1, ele2, ele3);
113
+ }
114
+ break;
115
+ case 0x1: /* SQRDMLSH */
116
+ if (size == 1) {
117
+ gen_helper_neon_qrdmlsh_s16(ele3, cpu_env, ele1, ele2, ele3);
118
+ } else {
119
+ gen_helper_neon_qrdmlsh_s32(ele3, cpu_env, ele1, ele2, ele3);
120
+ }
121
+ break;
122
+ default:
123
+ g_assert_not_reached();
124
+ }
125
+ tcg_temp_free_i32(ele1);
126
+ tcg_temp_free_i32(ele2);
127
+
128
+ res = tcg_temp_new_i64();
129
+ tcg_gen_extu_i32_i64(res, ele3);
130
+ tcg_temp_free_i32(ele3);
131
+
132
+ write_fp_dreg(s, rd, res);
133
+ tcg_temp_free_i64(res);
134
+}
135
+
136
static void handle_2misc_64(DisasContext *s, int opcode, bool u,
137
TCGv_i64 tcg_rd, TCGv_i64 tcg_rn,
138
TCGv_i32 tcg_rmode, TCGv_ptr tcg_fpstatus)
139
@@ -XXX,XX +XXX,XX @@ static const AArch64DecodeTable data_proc_simd[] = {
140
{ 0x0e000800, 0xbf208c00, disas_simd_zip_trn },
141
{ 0x2e000000, 0xbf208400, disas_simd_ext },
142
{ 0x5e200400, 0xdf200400, disas_simd_scalar_three_reg_same },
143
+ { 0x5e008400, 0xdf208400, disas_simd_scalar_three_reg_same_extra },
144
{ 0x5e200000, 0xdf200c00, disas_simd_scalar_three_reg_diff },
145
{ 0x5e200800, 0xdf3e0c00, disas_simd_scalar_two_reg_misc },
146
{ 0x5e300800, 0xdf3e0c00, disas_simd_scalar_pairwise },
147
diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
148
new file mode 100644
149
index XXXXXXX..XXXXXXX
150
--- /dev/null
151
+++ b/target/arm/vec_helper.c
152
@@ -XXX,XX +XXX,XX @@
153
+/*
154
+ * ARM AdvSIMD / SVE Vector Operations
155
+ *
156
+ * Copyright (c) 2018 Linaro
157
+ *
158
+ * This library is free software; you can redistribute it and/or
159
+ * modify it under the terms of the GNU Lesser General Public
160
+ * License as published by the Free Software Foundation; either
161
+ * version 2 of the License, or (at your option) any later version.
162
+ *
163
+ * This library is distributed in the hope that it will be useful,
164
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
165
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
166
+ * Lesser General Public License for more details.
167
+ *
168
+ * You should have received a copy of the GNU Lesser General Public
169
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
170
+ */
171
+
172
+#include "qemu/osdep.h"
173
+#include "cpu.h"
174
+#include "exec/exec-all.h"
175
+#include "exec/helper-proto.h"
176
+#include "tcg/tcg-gvec-desc.h"
177
+
178
+
179
+#define SET_QC() env->vfp.xregs[ARM_VFP_FPSCR] |= CPSR_Q
180
+
181
+/* Signed saturating rounding doubling multiply-accumulate high half, 16-bit */
182
+static uint16_t inl_qrdmlah_s16(CPUARMState *env, int16_t src1,
183
+ int16_t src2, int16_t src3)
184
+{
185
+ /* Simplify:
186
+ * = ((a3 << 16) + ((e1 * e2) << 1) + (1 << 15)) >> 16
187
+ * = ((a3 << 15) + (e1 * e2) + (1 << 14)) >> 15
188
+ */
189
+ int32_t ret = (int32_t)src1 * src2;
190
+ ret = ((int32_t)src3 << 15) + ret + (1 << 14);
191
+ ret >>= 15;
192
+ if (ret != (int16_t)ret) {
193
+ SET_QC();
194
+ ret = (ret < 0 ? -0x8000 : 0x7fff);
195
+ }
196
+ return ret;
197
+}
198
+
199
+uint32_t HELPER(neon_qrdmlah_s16)(CPUARMState *env, uint32_t src1,
200
+ uint32_t src2, uint32_t src3)
201
+{
202
+ uint16_t e1 = inl_qrdmlah_s16(env, src1, src2, src3);
203
+ uint16_t e2 = inl_qrdmlah_s16(env, src1 >> 16, src2 >> 16, src3 >> 16);
204
+ return deposit32(e1, 16, 16, e2);
205
+}
206
+
207
+/* Signed saturating rounding doubling multiply-subtract high half, 16-bit */
208
+static uint16_t inl_qrdmlsh_s16(CPUARMState *env, int16_t src1,
209
+ int16_t src2, int16_t src3)
210
+{
211
+ /* Similarly, using subtraction:
212
+ * = ((a3 << 16) - ((e1 * e2) << 1) + (1 << 15)) >> 16
213
+ * = ((a3 << 15) - (e1 * e2) + (1 << 14)) >> 15
214
+ */
215
+ int32_t ret = (int32_t)src1 * src2;
216
+ ret = ((int32_t)src3 << 15) - ret + (1 << 14);
217
+ ret >>= 15;
218
+ if (ret != (int16_t)ret) {
219
+ SET_QC();
220
+ ret = (ret < 0 ? -0x8000 : 0x7fff);
221
+ }
222
+ return ret;
223
+}
224
+
225
+uint32_t HELPER(neon_qrdmlsh_s16)(CPUARMState *env, uint32_t src1,
226
+ uint32_t src2, uint32_t src3)
227
+{
228
+ uint16_t e1 = inl_qrdmlsh_s16(env, src1, src2, src3);
229
+ uint16_t e2 = inl_qrdmlsh_s16(env, src1 >> 16, src2 >> 16, src3 >> 16);
230
+ return deposit32(e1, 16, 16, e2);
231
+}
232
+
233
+/* Signed saturating rounding doubling multiply-accumulate high half, 32-bit */
234
+uint32_t HELPER(neon_qrdmlah_s32)(CPUARMState *env, int32_t src1,
235
+ int32_t src2, int32_t src3)
236
+{
237
+ /* Simplify similarly to int_qrdmlah_s16 above. */
238
+ int64_t ret = (int64_t)src1 * src2;
239
+ ret = ((int64_t)src3 << 31) + ret + (1 << 30);
240
+ ret >>= 31;
241
+ if (ret != (int32_t)ret) {
242
+ SET_QC();
243
+ ret = (ret < 0 ? INT32_MIN : INT32_MAX);
244
+ }
245
+ return ret;
246
+}
247
+
248
+/* Signed saturating rounding doubling multiply-subtract high half, 32-bit */
249
+uint32_t HELPER(neon_qrdmlsh_s32)(CPUARMState *env, int32_t src1,
250
+ int32_t src2, int32_t src3)
251
+{
252
+ /* Simplify similarly to int_qrdmlsh_s16 above. */
253
+ int64_t ret = (int64_t)src1 * src2;
254
+ ret = ((int64_t)src3 << 31) - ret + (1 << 30);
255
+ ret >>= 31;
256
+ if (ret != (int32_t)ret) {
257
+ SET_QC();
258
+ ret = (ret < 0 ? INT32_MIN : INT32_MAX);
259
+ }
260
+ return ret;
261
+}
262
--
263
2.16.2
264
265
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Sergey Kambalin <sergey.kambalin@auriga.com>
2
2
3
Not enabled anywhere yet.
3
Replace magic property values by a proper definition,
4
4
removing redundant comments.
5
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
5
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Signed-off-by: Sergey Kambalin <sergey.kambalin@auriga.com>
7
Message-id: 20180228193125.20577-11-richard.henderson@linaro.org
7
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20230612223456.33824-3-philmd@linaro.org
10
Message-Id: <20230531155258.8361-1-sergey.kambalin@auriga.com>
11
[PMD: Split from bigger patch: 2/4]
12
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
14
---
10
target/arm/cpu.h | 1 +
15
hw/misc/bcm2835_property.c | 101 +++++++++++++++++++------------------
11
linux-user/elfload.c | 1 +
16
1 file changed, 51 insertions(+), 50 deletions(-)
12
2 files changed, 2 insertions(+)
17
13
18
diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c
14
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
15
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/cpu.h
20
--- a/hw/misc/bcm2835_property.c
17
+++ b/target/arm/cpu.h
21
+++ b/hw/misc/bcm2835_property.c
18
@@ -XXX,XX +XXX,XX @@ enum arm_features {
22
@@ -XXX,XX +XXX,XX @@
19
ARM_FEATURE_V8_SM4, /* implements SM4 part of v8 Crypto Extensions */
23
#include "migration/vmstate.h"
20
ARM_FEATURE_V8_RDM, /* implements v8.1 simd round multiply */
24
#include "hw/irq.h"
21
ARM_FEATURE_V8_FP16, /* implements v8.2 half-precision float */
25
#include "hw/misc/bcm2835_mbox_defs.h"
22
+ ARM_FEATURE_V8_FCMA, /* has complex number part of v8.3 extensions. */
26
+#include "hw/misc/raspberrypi-fw-defs.h"
23
};
27
#include "sysemu/dma.h"
24
28
#include "qemu/log.h"
25
static inline int arm_feature(CPUARMState *env, int feature)
29
#include "qemu/module.h"
26
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
30
@@ -XXX,XX +XXX,XX @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
27
index XXXXXXX..XXXXXXX 100644
31
/* @(value + 8) : Request/response indicator */
28
--- a/linux-user/elfload.c
32
resplen = 0;
29
+++ b/linux-user/elfload.c
33
switch (tag) {
30
@@ -XXX,XX +XXX,XX @@ static uint32_t get_elf_hwcap(void)
34
- case 0x00000000: /* End tag */
31
GET_FEATURE(ARM_FEATURE_V8_FP16,
35
+ case RPI_FWREQ_PROPERTY_END:
32
ARM_HWCAP_A64_FPHP | ARM_HWCAP_A64_ASIMDHP);
36
break;
33
GET_FEATURE(ARM_FEATURE_V8_RDM, ARM_HWCAP_A64_ASIMDRDM);
37
- case 0x00000001: /* Get firmware revision */
34
+ GET_FEATURE(ARM_FEATURE_V8_FCMA, ARM_HWCAP_A64_FCMA);
38
+ case RPI_FWREQ_GET_FIRMWARE_REVISION:
35
#undef GET_FEATURE
39
stl_le_phys(&s->dma_as, value + 12, 346337);
36
40
resplen = 4;
37
return hwcaps;
41
break;
42
- case 0x00010001: /* Get board model */
43
+ case RPI_FWREQ_GET_BOARD_MODEL:
44
qemu_log_mask(LOG_UNIMP,
45
"bcm2835_property: 0x%08x get board model NYI\n",
46
tag);
47
resplen = 4;
48
break;
49
- case 0x00010002: /* Get board revision */
50
+ case RPI_FWREQ_GET_BOARD_REVISION:
51
stl_le_phys(&s->dma_as, value + 12, s->board_rev);
52
resplen = 4;
53
break;
54
- case 0x00010003: /* Get board MAC address */
55
+ case RPI_FWREQ_GET_BOARD_MAC_ADDRESS:
56
resplen = sizeof(s->macaddr.a);
57
dma_memory_write(&s->dma_as, value + 12, s->macaddr.a, resplen,
58
MEMTXATTRS_UNSPECIFIED);
59
break;
60
- case 0x00010004: /* Get board serial */
61
+ case RPI_FWREQ_GET_BOARD_SERIAL:
62
qemu_log_mask(LOG_UNIMP,
63
"bcm2835_property: 0x%08x get board serial NYI\n",
64
tag);
65
resplen = 8;
66
break;
67
- case 0x00010005: /* Get ARM memory */
68
+ case RPI_FWREQ_GET_ARM_MEMORY:
69
/* base */
70
stl_le_phys(&s->dma_as, value + 12, 0);
71
/* size */
72
stl_le_phys(&s->dma_as, value + 16, s->fbdev->vcram_base);
73
resplen = 8;
74
break;
75
- case 0x00010006: /* Get VC memory */
76
+ case RPI_FWREQ_GET_VC_MEMORY:
77
/* base */
78
stl_le_phys(&s->dma_as, value + 12, s->fbdev->vcram_base);
79
/* size */
80
stl_le_phys(&s->dma_as, value + 16, s->fbdev->vcram_size);
81
resplen = 8;
82
break;
83
- case 0x00028001: /* Set power state */
84
+ case RPI_FWREQ_SET_POWER_STATE:
85
/* Assume that whatever device they asked for exists,
86
* and we'll just claim we set it to the desired state
87
*/
88
@@ -XXX,XX +XXX,XX @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
89
90
/* Clocks */
91
92
- case 0x00030001: /* Get clock state */
93
+ case RPI_FWREQ_GET_CLOCK_STATE:
94
stl_le_phys(&s->dma_as, value + 16, 0x1);
95
resplen = 8;
96
break;
97
98
- case 0x00038001: /* Set clock state */
99
+ case RPI_FWREQ_SET_CLOCK_STATE:
100
qemu_log_mask(LOG_UNIMP,
101
"bcm2835_property: 0x%08x set clock state NYI\n",
102
tag);
103
resplen = 8;
104
break;
105
106
- case 0x00030002: /* Get clock rate */
107
- case 0x00030004: /* Get max clock rate */
108
- case 0x00030007: /* Get min clock rate */
109
+ case RPI_FWREQ_GET_CLOCK_RATE:
110
+ case RPI_FWREQ_GET_MAX_CLOCK_RATE:
111
+ case RPI_FWREQ_GET_MIN_CLOCK_RATE:
112
switch (ldl_le_phys(&s->dma_as, value + 12)) {
113
- case 1: /* EMMC */
114
+ case RPI_FIRMWARE_EMMC_CLK_ID:
115
stl_le_phys(&s->dma_as, value + 16, 50000000);
116
break;
117
- case 2: /* UART */
118
+ case RPI_FIRMWARE_UART_CLK_ID:
119
stl_le_phys(&s->dma_as, value + 16, 3000000);
120
break;
121
default:
122
@@ -XXX,XX +XXX,XX @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
123
resplen = 8;
124
break;
125
126
- case 0x00038002: /* Set clock rate */
127
- case 0x00038004: /* Set max clock rate */
128
- case 0x00038007: /* Set min clock rate */
129
+ case RPI_FWREQ_SET_CLOCK_RATE:
130
+ case RPI_FWREQ_SET_MAX_CLOCK_RATE:
131
+ case RPI_FWREQ_SET_MIN_CLOCK_RATE:
132
qemu_log_mask(LOG_UNIMP,
133
"bcm2835_property: 0x%08x set clock rate NYI\n",
134
tag);
135
@@ -XXX,XX +XXX,XX @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
136
137
/* Temperature */
138
139
- case 0x00030006: /* Get temperature */
140
+ case RPI_FWREQ_GET_TEMPERATURE:
141
stl_le_phys(&s->dma_as, value + 16, 25000);
142
resplen = 8;
143
break;
144
145
- case 0x0003000A: /* Get max temperature */
146
+ case RPI_FWREQ_GET_MAX_TEMPERATURE:
147
stl_le_phys(&s->dma_as, value + 16, 99000);
148
resplen = 8;
149
break;
150
151
/* Frame buffer */
152
153
- case 0x00040001: /* Allocate buffer */
154
+ case RPI_FWREQ_FRAMEBUFFER_ALLOCATE:
155
stl_le_phys(&s->dma_as, value + 12, fbconfig.base);
156
stl_le_phys(&s->dma_as, value + 16,
157
bcm2835_fb_get_size(&fbconfig));
158
resplen = 8;
159
break;
160
- case 0x00048001: /* Release buffer */
161
+ case RPI_FWREQ_FRAMEBUFFER_RELEASE:
162
resplen = 0;
163
break;
164
- case 0x00040002: /* Blank screen */
165
+ case RPI_FWREQ_FRAMEBUFFER_BLANK:
166
resplen = 4;
167
break;
168
- case 0x00044003: /* Test physical display width/height */
169
- case 0x00044004: /* Test virtual display width/height */
170
+ case RPI_FWREQ_FRAMEBUFFER_TEST_PHYSICAL_WIDTH_HEIGHT:
171
+ case RPI_FWREQ_FRAMEBUFFER_TEST_VIRTUAL_WIDTH_HEIGHT:
172
resplen = 8;
173
break;
174
- case 0x00048003: /* Set physical display width/height */
175
+ case RPI_FWREQ_FRAMEBUFFER_SET_PHYSICAL_WIDTH_HEIGHT:
176
fbconfig.xres = ldl_le_phys(&s->dma_as, value + 12);
177
fbconfig.yres = ldl_le_phys(&s->dma_as, value + 16);
178
bcm2835_fb_validate_config(&fbconfig);
179
fbconfig_updated = true;
180
/* fall through */
181
- case 0x00040003: /* Get physical display width/height */
182
+ case RPI_FWREQ_FRAMEBUFFER_GET_PHYSICAL_WIDTH_HEIGHT:
183
stl_le_phys(&s->dma_as, value + 12, fbconfig.xres);
184
stl_le_phys(&s->dma_as, value + 16, fbconfig.yres);
185
resplen = 8;
186
break;
187
- case 0x00048004: /* Set virtual display width/height */
188
+ case RPI_FWREQ_FRAMEBUFFER_SET_VIRTUAL_WIDTH_HEIGHT:
189
fbconfig.xres_virtual = ldl_le_phys(&s->dma_as, value + 12);
190
fbconfig.yres_virtual = ldl_le_phys(&s->dma_as, value + 16);
191
bcm2835_fb_validate_config(&fbconfig);
192
fbconfig_updated = true;
193
/* fall through */
194
- case 0x00040004: /* Get virtual display width/height */
195
+ case RPI_FWREQ_FRAMEBUFFER_GET_VIRTUAL_WIDTH_HEIGHT:
196
stl_le_phys(&s->dma_as, value + 12, fbconfig.xres_virtual);
197
stl_le_phys(&s->dma_as, value + 16, fbconfig.yres_virtual);
198
resplen = 8;
199
break;
200
- case 0x00044005: /* Test depth */
201
+ case RPI_FWREQ_FRAMEBUFFER_TEST_DEPTH:
202
resplen = 4;
203
break;
204
- case 0x00048005: /* Set depth */
205
+ case RPI_FWREQ_FRAMEBUFFER_SET_DEPTH:
206
fbconfig.bpp = ldl_le_phys(&s->dma_as, value + 12);
207
bcm2835_fb_validate_config(&fbconfig);
208
fbconfig_updated = true;
209
/* fall through */
210
- case 0x00040005: /* Get depth */
211
+ case RPI_FWREQ_FRAMEBUFFER_GET_DEPTH:
212
stl_le_phys(&s->dma_as, value + 12, fbconfig.bpp);
213
resplen = 4;
214
break;
215
- case 0x00044006: /* Test pixel order */
216
+ case RPI_FWREQ_FRAMEBUFFER_TEST_PIXEL_ORDER:
217
resplen = 4;
218
break;
219
- case 0x00048006: /* Set pixel order */
220
+ case RPI_FWREQ_FRAMEBUFFER_SET_PIXEL_ORDER:
221
fbconfig.pixo = ldl_le_phys(&s->dma_as, value + 12);
222
bcm2835_fb_validate_config(&fbconfig);
223
fbconfig_updated = true;
224
/* fall through */
225
- case 0x00040006: /* Get pixel order */
226
+ case RPI_FWREQ_FRAMEBUFFER_GET_PIXEL_ORDER:
227
stl_le_phys(&s->dma_as, value + 12, fbconfig.pixo);
228
resplen = 4;
229
break;
230
- case 0x00044007: /* Test pixel alpha */
231
+ case RPI_FWREQ_FRAMEBUFFER_TEST_ALPHA_MODE:
232
resplen = 4;
233
break;
234
- case 0x00048007: /* Set alpha */
235
+ case RPI_FWREQ_FRAMEBUFFER_SET_ALPHA_MODE:
236
fbconfig.alpha = ldl_le_phys(&s->dma_as, value + 12);
237
bcm2835_fb_validate_config(&fbconfig);
238
fbconfig_updated = true;
239
/* fall through */
240
- case 0x00040007: /* Get alpha */
241
+ case RPI_FWREQ_FRAMEBUFFER_GET_ALPHA_MODE:
242
stl_le_phys(&s->dma_as, value + 12, fbconfig.alpha);
243
resplen = 4;
244
break;
245
- case 0x00040008: /* Get pitch */
246
+ case RPI_FWREQ_FRAMEBUFFER_GET_PITCH:
247
stl_le_phys(&s->dma_as, value + 12,
248
bcm2835_fb_get_pitch(&fbconfig));
249
resplen = 4;
250
break;
251
- case 0x00044009: /* Test virtual offset */
252
+ case RPI_FWREQ_FRAMEBUFFER_TEST_VIRTUAL_OFFSET:
253
resplen = 8;
254
break;
255
- case 0x00048009: /* Set virtual offset */
256
+ case RPI_FWREQ_FRAMEBUFFER_SET_VIRTUAL_OFFSET:
257
fbconfig.xoffset = ldl_le_phys(&s->dma_as, value + 12);
258
fbconfig.yoffset = ldl_le_phys(&s->dma_as, value + 16);
259
bcm2835_fb_validate_config(&fbconfig);
260
fbconfig_updated = true;
261
/* fall through */
262
- case 0x00040009: /* Get virtual offset */
263
+ case RPI_FWREQ_FRAMEBUFFER_GET_VIRTUAL_OFFSET:
264
stl_le_phys(&s->dma_as, value + 12, fbconfig.xoffset);
265
stl_le_phys(&s->dma_as, value + 16, fbconfig.yoffset);
266
resplen = 8;
267
break;
268
- case 0x0004000a: /* Get/Test/Set overscan */
269
- case 0x0004400a:
270
- case 0x0004800a:
271
+ case RPI_FWREQ_FRAMEBUFFER_GET_OVERSCAN:
272
+ case RPI_FWREQ_FRAMEBUFFER_TEST_OVERSCAN:
273
+ case RPI_FWREQ_FRAMEBUFFER_SET_OVERSCAN:
274
stl_le_phys(&s->dma_as, value + 12, 0);
275
stl_le_phys(&s->dma_as, value + 16, 0);
276
stl_le_phys(&s->dma_as, value + 20, 0);
277
stl_le_phys(&s->dma_as, value + 24, 0);
278
resplen = 16;
279
break;
280
- case 0x0004800b: /* Set palette */
281
+ case RPI_FWREQ_FRAMEBUFFER_SET_PALETTE:
282
offset = ldl_le_phys(&s->dma_as, value + 12);
283
length = ldl_le_phys(&s->dma_as, value + 16);
284
n = 0;
285
@@ -XXX,XX +XXX,XX @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
286
stl_le_phys(&s->dma_as, value + 12, 0);
287
resplen = 4;
288
break;
289
- case 0x00040013: /* Get number of displays */
290
+ case RPI_FWREQ_FRAMEBUFFER_GET_NUM_DISPLAYS:
291
stl_le_phys(&s->dma_as, value + 12, 1);
292
resplen = 4;
293
break;
294
295
- case 0x00060001: /* Get DMA channels */
296
+ case RPI_FWREQ_GET_DMA_CHANNELS:
297
/* channels 2-5 */
298
stl_le_phys(&s->dma_as, value + 12, 0x003C);
299
resplen = 4;
300
break;
301
302
- case 0x00050001: /* Get command line */
303
+ case RPI_FWREQ_GET_COMMAND_LINE:
304
/*
305
* We follow the firmware behaviour: no NUL terminator is
306
* written to the buffer, and if the buffer is too short
38
--
307
--
39
2.16.2
308
2.34.1
40
309
41
310
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Sergey Kambalin <sergey.kambalin@auriga.com>
2
2
3
Enable it for the "any" CPU used by *-linux-user.
3
Signed-off-by: Sergey Kambalin <sergey.kambalin@auriga.com>
4
4
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Message-id: 20230612223456.33824-4-philmd@linaro.org
7
Message-id: 20180228193125.20577-10-richard.henderson@linaro.org
7
Message-Id: <20230531155258.8361-1-sergey.kambalin@auriga.com>
8
[PMD: Split from bigger patch: 4/4]
9
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
11
---
10
target/arm/cpu.c | 1 +
12
include/hw/arm/raspi_platform.h | 5 +++++
11
target/arm/cpu64.c | 1 +
13
hw/misc/bcm2835_property.c | 8 +++++---
12
2 files changed, 2 insertions(+)
14
2 files changed, 10 insertions(+), 3 deletions(-)
13
15
14
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
16
diff --git a/include/hw/arm/raspi_platform.h b/include/hw/arm/raspi_platform.h
15
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/cpu.c
18
--- a/include/hw/arm/raspi_platform.h
17
+++ b/target/arm/cpu.c
19
+++ b/include/hw/arm/raspi_platform.h
18
@@ -XXX,XX +XXX,XX @@ static void arm_any_initfn(Object *obj)
20
@@ -XXX,XX +XXX,XX @@
19
set_feature(&cpu->env, ARM_FEATURE_V8_SHA256);
21
#define INTERRUPT_ILLEGAL_TYPE0 6
20
set_feature(&cpu->env, ARM_FEATURE_V8_PMULL);
22
#define INTERRUPT_ILLEGAL_TYPE1 7
21
set_feature(&cpu->env, ARM_FEATURE_CRC);
23
22
+ set_feature(&cpu->env, ARM_FEATURE_V8_RDM);
24
+/* Clock rates */
23
cpu->midr = 0xffffffff;
25
+#define RPI_FIRMWARE_EMMC_CLK_RATE 50000000
24
}
26
+#define RPI_FIRMWARE_UART_CLK_RATE 3000000
27
+#define RPI_FIRMWARE_DEFAULT_CLK_RATE 700000000
28
+
25
#endif
29
#endif
26
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
30
diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c
27
index XXXXXXX..XXXXXXX 100644
31
index XXXXXXX..XXXXXXX 100644
28
--- a/target/arm/cpu64.c
32
--- a/hw/misc/bcm2835_property.c
29
+++ b/target/arm/cpu64.c
33
+++ b/hw/misc/bcm2835_property.c
30
@@ -XXX,XX +XXX,XX @@ static void aarch64_any_initfn(Object *obj)
34
@@ -XXX,XX +XXX,XX @@
31
set_feature(&cpu->env, ARM_FEATURE_V8_SM4);
35
#include "qemu/log.h"
32
set_feature(&cpu->env, ARM_FEATURE_V8_PMULL);
36
#include "qemu/module.h"
33
set_feature(&cpu->env, ARM_FEATURE_CRC);
37
#include "trace.h"
34
+ set_feature(&cpu->env, ARM_FEATURE_V8_RDM);
38
+#include "hw/arm/raspi_platform.h"
35
set_feature(&cpu->env, ARM_FEATURE_V8_FP16);
39
36
cpu->ctr = 0x80038003; /* 32 byte I and D cacheline size, VIPT icache */
40
/* https://github.com/raspberrypi/firmware/wiki/Mailbox-property-interface */
37
cpu->dcz_blocksize = 7; /* 512 bytes */
41
42
@@ -XXX,XX +XXX,XX @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
43
case RPI_FWREQ_GET_MIN_CLOCK_RATE:
44
switch (ldl_le_phys(&s->dma_as, value + 12)) {
45
case RPI_FIRMWARE_EMMC_CLK_ID:
46
- stl_le_phys(&s->dma_as, value + 16, 50000000);
47
+ stl_le_phys(&s->dma_as, value + 16, RPI_FIRMWARE_EMMC_CLK_RATE);
48
break;
49
case RPI_FIRMWARE_UART_CLK_ID:
50
- stl_le_phys(&s->dma_as, value + 16, 3000000);
51
+ stl_le_phys(&s->dma_as, value + 16, RPI_FIRMWARE_UART_CLK_RATE);
52
break;
53
default:
54
- stl_le_phys(&s->dma_as, value + 16, 700000000);
55
+ stl_le_phys(&s->dma_as, value + 16,
56
+ RPI_FIRMWARE_DEFAULT_CLK_RATE);
57
break;
58
}
59
resplen = 8;
38
--
60
--
39
2.16.2
61
2.34.1
40
62
41
63
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Sergey Kambalin <sergey.kambalin@auriga.com>
2
2
3
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
3
Signed-off-by: Sergey Kambalin <sergey.kambalin@auriga.com>
4
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
4
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
5
Message-id: 20180228193125.20577-7-richard.henderson@linaro.org
5
Message-id: 20230612223456.33824-5-philmd@linaro.org
6
Message-Id: <20230531155258.8361-1-sergey.kambalin@auriga.com>
7
[PMD: Split from bigger patch: 3/4]
8
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9
[PMM: added a comment about RPI_FIRMWARE_CORE_CLK_RATE
10
really being SoC-specific]
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
13
---
8
target/arm/translate-a64.c | 29 +++++++++++++++++++++++++++++
14
include/hw/arm/raspi_platform.h | 5 +++++
9
1 file changed, 29 insertions(+)
15
hw/misc/bcm2835_property.c | 3 +++
16
2 files changed, 8 insertions(+)
10
17
11
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
18
diff --git a/include/hw/arm/raspi_platform.h b/include/hw/arm/raspi_platform.h
12
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
13
--- a/target/arm/translate-a64.c
20
--- a/include/hw/arm/raspi_platform.h
14
+++ b/target/arm/translate-a64.c
21
+++ b/include/hw/arm/raspi_platform.h
15
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
22
@@ -XXX,XX +XXX,XX @@
16
case 0x19: /* FMULX */
23
/* Clock rates */
17
is_fp = true;
24
#define RPI_FIRMWARE_EMMC_CLK_RATE 50000000
18
break;
25
#define RPI_FIRMWARE_UART_CLK_RATE 3000000
19
+ case 0x1d: /* SQRDMLAH */
26
+/*
20
+ case 0x1f: /* SQRDMLSH */
27
+ * TODO: this is really SoC-specific; we might want to
21
+ if (!arm_dc_feature(s, ARM_FEATURE_V8_RDM)) {
28
+ * set it per-SoC if it turns out any guests care.
22
+ unallocated_encoding(s);
29
+ */
23
+ return;
30
+#define RPI_FIRMWARE_CORE_CLK_RATE 350000000
24
+ }
31
#define RPI_FIRMWARE_DEFAULT_CLK_RATE 700000000
25
+ break;
32
26
default:
33
#endif
27
unallocated_encoding(s);
34
diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c
28
return;
35
index XXXXXXX..XXXXXXX 100644
29
@@ -XXX,XX +XXX,XX @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn)
36
--- a/hw/misc/bcm2835_property.c
30
tcg_op, tcg_idx);
37
+++ b/hw/misc/bcm2835_property.c
31
}
38
@@ -XXX,XX +XXX,XX @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
39
case RPI_FIRMWARE_UART_CLK_ID:
40
stl_le_phys(&s->dma_as, value + 16, RPI_FIRMWARE_UART_CLK_RATE);
32
break;
41
break;
33
+ case 0x1d: /* SQRDMLAH */
42
+ case RPI_FIRMWARE_CORE_CLK_ID:
34
+ read_vec_element_i32(s, tcg_res, rd, pass,
43
+ stl_le_phys(&s->dma_as, value + 16, RPI_FIRMWARE_CORE_CLK_RATE);
35
+ is_scalar ? size : MO_32);
36
+ if (size == 1) {
37
+ gen_helper_neon_qrdmlah_s16(tcg_res, cpu_env,
38
+ tcg_op, tcg_idx, tcg_res);
39
+ } else {
40
+ gen_helper_neon_qrdmlah_s32(tcg_res, cpu_env,
41
+ tcg_op, tcg_idx, tcg_res);
42
+ }
43
+ break;
44
+ case 0x1f: /* SQRDMLSH */
45
+ read_vec_element_i32(s, tcg_res, rd, pass,
46
+ is_scalar ? size : MO_32);
47
+ if (size == 1) {
48
+ gen_helper_neon_qrdmlsh_s16(tcg_res, cpu_env,
49
+ tcg_op, tcg_idx, tcg_res);
50
+ } else {
51
+ gen_helper_neon_qrdmlsh_s32(tcg_res, cpu_env,
52
+ tcg_op, tcg_idx, tcg_res);
53
+ }
54
+ break;
44
+ break;
55
default:
45
default:
56
g_assert_not_reached();
46
stl_le_phys(&s->dma_as, value + 16,
57
}
47
RPI_FIRMWARE_DEFAULT_CLK_RATE);
58
--
48
--
59
2.16.2
49
2.34.1
60
50
61
51
diff view generated by jsdifflib
Deleted patch
1
From: Richard Henderson <richard.henderson@linaro.org>
2
1
3
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
4
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
Message-id: 20180228193125.20577-9-richard.henderson@linaro.org
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
target/arm/translate.c | 46 ++++++++++++++++++++++++++++++++++++++++++----
9
1 file changed, 42 insertions(+), 4 deletions(-)
10
11
diff --git a/target/arm/translate.c b/target/arm/translate.c
12
index XXXXXXX..XXXXXXX 100644
13
--- a/target/arm/translate.c
14
+++ b/target/arm/translate.c
15
@@ -XXX,XX +XXX,XX @@ static const char *regnames[] =
16
{ "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
17
"r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" };
18
19
+/* Function prototypes for gen_ functions calling Neon helpers. */
20
+typedef void NeonGenThreeOpEnvFn(TCGv_i32, TCGv_env, TCGv_i32,
21
+ TCGv_i32, TCGv_i32);
22
+
23
/* initialize TCG globals. */
24
void arm_translate_init(void)
25
{
26
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
27
}
28
neon_store_reg64(cpu_V0, rd + pass);
29
}
30
-
31
-
32
break;
33
- default: /* 14 and 15 are RESERVED */
34
- return 1;
35
+ case 14: /* VQRDMLAH scalar */
36
+ case 15: /* VQRDMLSH scalar */
37
+ {
38
+ NeonGenThreeOpEnvFn *fn;
39
+
40
+ if (!arm_dc_feature(s, ARM_FEATURE_V8_RDM)) {
41
+ return 1;
42
+ }
43
+ if (u && ((rd | rn) & 1)) {
44
+ return 1;
45
+ }
46
+ if (op == 14) {
47
+ if (size == 1) {
48
+ fn = gen_helper_neon_qrdmlah_s16;
49
+ } else {
50
+ fn = gen_helper_neon_qrdmlah_s32;
51
+ }
52
+ } else {
53
+ if (size == 1) {
54
+ fn = gen_helper_neon_qrdmlsh_s16;
55
+ } else {
56
+ fn = gen_helper_neon_qrdmlsh_s32;
57
+ }
58
+ }
59
+
60
+ tmp2 = neon_get_scalar(size, rm);
61
+ for (pass = 0; pass < (u ? 4 : 2); pass++) {
62
+ tmp = neon_load_reg(rn, pass);
63
+ tmp3 = neon_load_reg(rd, pass);
64
+ fn(tmp, cpu_env, tmp, tmp2, tmp3);
65
+ tcg_temp_free_i32(tmp3);
66
+ neon_store_reg(rd, pass, tmp);
67
+ }
68
+ tcg_temp_free_i32(tmp2);
69
+ }
70
+ break;
71
+ default:
72
+ g_assert_not_reached();
73
}
74
}
75
} else { /* size == 3 */
76
--
77
2.16.2
78
79
diff view generated by jsdifflib