Implement a model of the Message Handling Unit (MHU) found in

the Arm SSE-200. This is a simple device which just contains

some registers which allow the two cores of the SSE-200

to raise interrupts on each other.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20190219125808.25174-2-peter.maydell@linaro.org

---

hw/misc/Makefile.objs | 1 +

include/hw/misc/armsse-mhu.h | 44 +++++++

hw/misc/armsse-mhu.c | 198 ++++++++++++++++++++++++++++++++

MAINTAINERS | 2 +

default-configs/arm-softmmu.mak | 1 +

hw/misc/trace-events | 4 +

6 files changed, 250 insertions(+)

create mode 100644 include/hw/misc/armsse-mhu.h

create mode 100644 hw/misc/armsse-mhu.c

diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs

index XXXXXXX..XXXXXXX 100644

--- a/hw/misc/Makefile.objs

+++ b/hw/misc/Makefile.objs

@@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_IOTKIT_SECCTL) += iotkit-secctl.o

obj-$(CONFIG_IOTKIT_SYSCTL) += iotkit-sysctl.o

obj-$(CONFIG_IOTKIT_SYSINFO) += iotkit-sysinfo.o

obj-$(CONFIG_ARMSSE_CPUID) += armsse-cpuid.o

+obj-$(CONFIG_ARMSSE_MHU) += armsse-mhu.o

obj-$(CONFIG_PVPANIC) += pvpanic.o

obj-$(CONFIG_AUX) += auxbus.o

diff --git a/include/hw/misc/armsse-mhu.h b/include/hw/misc/armsse-mhu.h

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/include/hw/misc/armsse-mhu.h

@@ -XXX,XX +XXX,XX @@

+/*

+ * ARM SSE-200 Message Handling Unit (MHU)

+ *

+ * Copyright (c) 2019 Linaro Limited

+ * Written by Peter Maydell

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License version 2 or

+ * (at your option) any later version.

+ */

+

+/*

+ * This is a model of the Message Handling Unit (MHU) which is part of the

+ * Arm SSE-200 and documented in

+ * http://infocenter.arm.com/help/topic/com.arm.doc.101104_0100_00_en/corelink_sse200_subsystem_for_embedded_technical_reference_manual_101104_0100_00_en.pdf

+ *

+ * QEMU interface:

+ * + sysbus MMIO region 0: the system information register bank

+ * + sysbus IRQ 0: interrupt for CPU 0

+ * + sysbus IRQ 1: interrupt for CPU 1

+ */

+

+#ifndef HW_MISC_SSE_MHU_H

+#define HW_MISC_SSE_MHU_H

+

+#include "hw/sysbus.h"

+

+#define TYPE_ARMSSE_MHU "armsse-mhu"

+#define ARMSSE_MHU(obj) OBJECT_CHECK(ARMSSEMHU, (obj), TYPE_ARMSSE_MHU)

+

+typedef struct ARMSSEMHU {

+ /*< private >*/

+ SysBusDevice parent_obj;

+

+ /*< public >*/

+ MemoryRegion iomem;

+ qemu_irq cpu0irq;

+ qemu_irq cpu1irq;

+

+ uint32_t cpu0intr;

+ uint32_t cpu1intr;

+} ARMSSEMHU;

+

+#endif

diff --git a/hw/misc/armsse-mhu.c b/hw/misc/armsse-mhu.c

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/hw/misc/armsse-mhu.c

@@ -XXX,XX +XXX,XX @@

+/*

+ * ARM SSE-200 Message Handling Unit (MHU)

+ *

+ * Copyright (c) 2019 Linaro Limited

+ * Written by Peter Maydell

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License version 2 or

+ * (at your option) any later version.

+ */

+

+/*

+ * This is a model of the Message Handling Unit (MHU) which is part of the

+ * Arm SSE-200 and documented in

+ * http://infocenter.arm.com/help/topic/com.arm.doc.101104_0100_00_en/corelink_sse200_subsystem_for_embedded_technical_reference_manual_101104_0100_00_en.pdf

+ */

+

+#include "qemu/osdep.h"

+#include "qemu/log.h"

+#include "trace.h"

+#include "qapi/error.h"

+#include "sysemu/sysemu.h"

+#include "hw/sysbus.h"

+#include "hw/registerfields.h"

+#include "hw/misc/armsse-mhu.h"

+

+REG32(CPU0INTR_STAT, 0x0)

+REG32(CPU0INTR_SET, 0x4)

+REG32(CPU0INTR_CLR, 0x8)

+REG32(CPU1INTR_STAT, 0x10)

+REG32(CPU1INTR_SET, 0x14)

+REG32(CPU1INTR_CLR, 0x18)

+REG32(PID4, 0xfd0)

+REG32(PID5, 0xfd4)

+REG32(PID6, 0xfd8)

+REG32(PID7, 0xfdc)

+REG32(PID0, 0xfe0)

+REG32(PID1, 0xfe4)

+REG32(PID2, 0xfe8)

+REG32(PID3, 0xfec)

+REG32(CID0, 0xff0)

+REG32(CID1, 0xff4)

+REG32(CID2, 0xff8)

+REG32(CID3, 0xffc)

+

+/* Valid bits in the interrupt registers. If any are set the IRQ is raised */

+#define INTR_MASK 0xf

+

+/* PID/CID values */

+static const int armsse_mhu_id[] = {

+ 0x04, 0x00, 0x00, 0x00, /* PID4..PID7 */

+ 0x56, 0xb8, 0x0b, 0x00, /* PID0..PID3 */

+ 0x0d, 0xf0, 0x05, 0xb1, /* CID0..CID3 */

+};

+

+static void armsse_mhu_update(ARMSSEMHU *s)

+{

+ qemu_set_irq(s->cpu0irq, s->cpu0intr != 0);

+ qemu_set_irq(s->cpu1irq, s->cpu1intr != 0);

+}

+

+static uint64_t armsse_mhu_read(void *opaque, hwaddr offset, unsigned size)

+{

+ ARMSSEMHU *s = ARMSSE_MHU(opaque);

+ uint64_t r;

+

+ switch (offset) {

+ case A_CPU0INTR_STAT:

+ r = s->cpu0intr;

+ break;

+

+ case A_CPU1INTR_STAT:

+ r = s->cpu1intr;

+ break;

+

+ case A_PID4 ... A_CID3:

+ r = armsse_mhu_id[(offset - A_PID4) / 4];

+ break;

+

+ case A_CPU0INTR_SET:

+ case A_CPU0INTR_CLR:

+ case A_CPU1INTR_SET:

+ case A_CPU1INTR_CLR:

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "SSE MHU: read of write-only register at offset 0x%x\n",

+ (int)offset);

+ r = 0;

+ break;

+

+ default:

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "SSE MHU read: bad offset 0x%x\n", (int)offset);

+ r = 0;

+ break;

+ }

+ trace_armsse_mhu_read(offset, r, size);

+ return r;

+}

+

+static void armsse_mhu_write(void *opaque, hwaddr offset,

+ uint64_t value, unsigned size)

+{

+ ARMSSEMHU *s = ARMSSE_MHU(opaque);

+

+ trace_armsse_mhu_write(offset, value, size);

+

+ switch (offset) {

+ case A_CPU0INTR_SET:

+ s->cpu0intr |= (value & INTR_MASK);

+ break;

+ case A_CPU0INTR_CLR:

+ s->cpu0intr &= ~(value & INTR_MASK);

+ break;

+ case A_CPU1INTR_SET:

+ s->cpu1intr |= (value & INTR_MASK);

+ break;

+ case A_CPU1INTR_CLR:

+ s->cpu1intr &= ~(value & INTR_MASK);

+ break;

+

+ case A_CPU0INTR_STAT:

+ case A_CPU1INTR_STAT:

+ case A_PID4 ... A_CID3:

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "SSE MHU: write to read-only register at offset 0x%x\n",

+ (int)offset);

+ break;

+

+ default:

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "SSE MHU write: bad offset 0x%x\n", (int)offset);

+ break;

+ }

+

+ armsse_mhu_update(s);

+}

+

+static const MemoryRegionOps armsse_mhu_ops = {

+ .read = armsse_mhu_read,

+ .write = armsse_mhu_write,

+ .endianness = DEVICE_LITTLE_ENDIAN,

+ .valid.min_access_size = 4,

+ .valid.max_access_size = 4,

+};

+

+static void armsse_mhu_reset(DeviceState *dev)

+{

+ ARMSSEMHU *s = ARMSSE_MHU(dev);

+

+ s->cpu0intr = 0;

+ s->cpu1intr = 0;

+}

+

+static const VMStateDescription armsse_mhu_vmstate = {

+ .name = "armsse-mhu",

+ .version_id = 1,

+ .minimum_version_id = 1,

+ .fields = (VMStateField[]) {

+ VMSTATE_UINT32(cpu0intr, ARMSSEMHU),

+ VMSTATE_UINT32(cpu1intr, ARMSSEMHU),

+ VMSTATE_END_OF_LIST()

+ },

+};

+

+static void armsse_mhu_init(Object *obj)

+{

+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);

+ ARMSSEMHU *s = ARMSSE_MHU(obj);

+

+ memory_region_init_io(&s->iomem, obj, &armsse_mhu_ops,

+ s, "armsse-mhu", 0x1000);

+ sysbus_init_mmio(sbd, &s->iomem);

+ sysbus_init_irq(sbd, &s->cpu0irq);

+ sysbus_init_irq(sbd, &s->cpu1irq);

+}

+

+static void armsse_mhu_class_init(ObjectClass *klass, void *data)

+{

+ DeviceClass *dc = DEVICE_CLASS(klass);

+

+ dc->reset = armsse_mhu_reset;

+ dc->vmsd = &armsse_mhu_vmstate;

+}

+

+static const TypeInfo armsse_mhu_info = {

+ .name = TYPE_ARMSSE_MHU,

+ .parent = TYPE_SYS_BUS_DEVICE,

+ .instance_size = sizeof(ARMSSEMHU),

+ .instance_init = armsse_mhu_init,

+ .class_init = armsse_mhu_class_init,

+};

+

+static void armsse_mhu_register_types(void)

+{

+ type_register_static(&armsse_mhu_info);

+}

+

+type_init(armsse_mhu_register_types);

diff --git a/MAINTAINERS b/MAINTAINERS

index XXXXXXX..XXXXXXX 100644

--- a/MAINTAINERS

+++ b/MAINTAINERS

@@ -XXX,XX +XXX,XX @@ F: hw/misc/iotkit-sysinfo.c

F: include/hw/misc/iotkit-sysinfo.h

F: hw/misc/armsse-cpuid.c

F: include/hw/misc/armsse-cpuid.h

+F: hw/misc/armsse-mhu.c

+F: include/hw/misc/armsse-mhu.h

Musca

M: Peter Maydell <peter.maydell@linaro.org>

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak

index XXXXXXX..XXXXXXX 100644

--- a/default-configs/arm-softmmu.mak

+++ b/default-configs/arm-softmmu.mak

@@ -XXX,XX +XXX,XX @@ CONFIG_IOTKIT_SECCTL=y

CONFIG_IOTKIT_SYSCTL=y

CONFIG_IOTKIT_SYSINFO=y

CONFIG_ARMSSE_CPUID=y

+CONFIG_ARMSSE_MHU=y

CONFIG_VERSATILE=y

CONFIG_VERSATILE_PCI=y

diff --git a/hw/misc/trace-events b/hw/misc/trace-events

index XXXXXXX..XXXXXXX 100644

--- a/hw/misc/trace-events

+++ b/hw/misc/trace-events

@@ -XXX,XX +XXX,XX @@ iotkit_sysctl_reset(void) "IoTKit SysCtl: reset"

# hw/misc/armsse-cpuid.c

armsse_cpuid_read(uint64_t offset, uint64_t data, unsigned size) "SSE-200 CPU_IDENTITY read: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"

armsse_cpuid_write(uint64_t offset, uint64_t data, unsigned size) "SSE-200 CPU_IDENTITY write: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"

+

+# hw/misc/armsse-mhu.c

+armsse_mhu_read(uint64_t offset, uint64_t data, unsigned size) "SSE-200 MHU read: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"

+armsse_mhu_write(uint64_t offset, uint64_t data, unsigned size) "SSE-200 MHU write: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"

--

2.20.1

Currently the Arm arm-powerctl.h APIs allow:

* arm_set_cpu_on(), which powers on a CPU and sets its

initial PC and other startup state

* arm_reset_cpu(), which resets a CPU which is already on

(and fails if the CPU is powered off)

but there is no way to say "power on a CPU as if it had

just come out of reset and don't do anything else to it".

Add a new function arm_set_cpu_on_and_reset(), which does this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20190219125808.25174-5-peter.maydell@linaro.org

---

target/arm/arm-powerctl.h | 16 +++++++++++

target/arm/arm-powerctl.c | 56 +++++++++++++++++++++++++++++++++++++++

2 files changed, 72 insertions(+)

diff --git a/target/arm/arm-powerctl.h b/target/arm/arm-powerctl.h

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/arm-powerctl.h

+++ b/target/arm/arm-powerctl.h

@@ -XXX,XX +XXX,XX @@ int arm_set_cpu_off(uint64_t cpuid);

*/

int arm_reset_cpu(uint64_t cpuid);

+/*

+ * arm_set_cpu_on_and_reset:

+ * @cpuid: the id of the CPU we want to star

+ *

+ * Start the cpu designated by @cpuid and put it through its normal

+ * CPU reset process. The CPU will start in the way it is architected

+ * to start after a power-on reset.

+ *

+ * Returns: QEMU_ARM_POWERCTL_RET_SUCCESS on success.

+ * QEMU_ARM_POWERCTL_INVALID_PARAM if there is no CPU with that ID.

+ * QEMU_ARM_POWERCTL_ALREADY_ON if the CPU is already on.

+ * QEMU_ARM_POWERCTL_ON_PENDING if the CPU is already partway through

+ * powering on.

+ */

+int arm_set_cpu_on_and_reset(uint64_t cpuid);

+

#endif

diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/arm-powerctl.c

+++ b/target/arm/arm-powerctl.c

@@ -XXX,XX +XXX,XX @@ int arm_set_cpu_on(uint64_t cpuid, uint64_t entry, uint64_t context_id,

return QEMU_ARM_POWERCTL_RET_SUCCESS;

}

+static void arm_set_cpu_on_and_reset_async_work(CPUState *target_cpu_state,

+ run_on_cpu_data data)

+{

+ ARMCPU *target_cpu = ARM_CPU(target_cpu_state);

+

+ /* Initialize the cpu we are turning on */

+ cpu_reset(target_cpu_state);

+ target_cpu_state->halted = 0;

+

+ /* Finally set the power status */

+ assert(qemu_mutex_iothread_locked());

+ target_cpu->power_state = PSCI_ON;

+}

+

+int arm_set_cpu_on_and_reset(uint64_t cpuid)

+{

+ CPUState *target_cpu_state;

+ ARMCPU *target_cpu;

+

+ assert(qemu_mutex_iothread_locked());

+

+ /* Retrieve the cpu we are powering up */

+ target_cpu_state = arm_get_cpu_by_id(cpuid);

+ if (!target_cpu_state) {

+ /* The cpu was not found */

+ return QEMU_ARM_POWERCTL_INVALID_PARAM;

+ }

+

+ target_cpu = ARM_CPU(target_cpu_state);

+ if (target_cpu->power_state == PSCI_ON) {

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "[ARM]%s: CPU %" PRId64 " is already on\n",

+ __func__, cpuid);

+ return QEMU_ARM_POWERCTL_ALREADY_ON;

+ }

+

+ /*

+ * If another CPU has powered the target on we are in the state

+ * ON_PENDING and additional attempts to power on the CPU should

+ * fail (see 6.6 Implementation CPU_ON/CPU_OFF races in the PSCI

+ * spec)

+ */

+ if (target_cpu->power_state == PSCI_ON_PENDING) {

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "[ARM]%s: CPU %" PRId64 " is already powering on\n",

+ __func__, cpuid);

+ return QEMU_ARM_POWERCTL_ON_PENDING;

+ }

+

+ async_run_on_cpu(target_cpu_state, arm_set_cpu_on_and_reset_async_work,

+ RUN_ON_CPU_NULL);

+

+ /* We are good to go */

+ return QEMU_ARM_POWERCTL_RET_SUCCESS;

+}

+

static void arm_set_cpu_off_async_work(CPUState *target_cpu_state,

run_on_cpu_data data)

{

--

2.20.1

The iotkit-sysctl device has a register it names INITSVRTOR0.

This is actually a typo present in the IoTKit documentation

and also in part of the SSE-200 documentation: it should be

INITSVTOR0 because it is specifying the initial value of the

Secure VTOR register in the CPU. Correct the typo.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20190219125808.25174-6-peter.maydell@linaro.org

---

include/hw/misc/iotkit-sysctl.h | 2 +-

hw/misc/iotkit-sysctl.c | 16 ++++++++--------

2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/include/hw/misc/iotkit-sysctl.h b/include/hw/misc/iotkit-sysctl.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/misc/iotkit-sysctl.h

+++ b/include/hw/misc/iotkit-sysctl.h

@@ -XXX,XX +XXX,XX @@ typedef struct IoTKitSysCtl {

uint32_t reset_syndrome;

uint32_t reset_mask;

uint32_t gretreg;

- uint32_t initsvrtor0;

+ uint32_t initsvtor0;

uint32_t cpuwait;

uint32_t wicctrl;

} IoTKitSysCtl;

diff --git a/hw/misc/iotkit-sysctl.c b/hw/misc/iotkit-sysctl.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/misc/iotkit-sysctl.c

+++ b/hw/misc/iotkit-sysctl.c

@@ -XXX,XX +XXX,XX @@ REG32(RESET_MASK, 0x104)

REG32(SWRESET, 0x108)

FIELD(SWRESET, SWRESETREQ, 9, 1)

REG32(GRETREG, 0x10c)

-REG32(INITSVRTOR0, 0x110)

+REG32(INITSVTOR0, 0x110)

REG32(CPUWAIT, 0x118)

REG32(BUSWAIT, 0x11c)

REG32(WICCTRL, 0x120)

@@ -XXX,XX +XXX,XX @@ static uint64_t iotkit_sysctl_read(void *opaque, hwaddr offset,