diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2017-07-18 10:35:06 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2017-07-18 10:35:06 +0100 |
| commit | 6c4591566d6f1257683d2ccc94b9360ee8315474 (patch) | |
| tree | c75449f19abce8e4fc2828ff4e83d998525c9529 | |
| parent | a778cd5610b40eec037417565671d2717bc49def (diff) | |
| parent | e5a6a6e64e82a132cebef023d867085b0a2993d7 (diff) | |
| download | qemu-6c4591566d6f1257683d2ccc94b9360ee8315474.zip qemu-6c4591566d6f1257683d2ccc94b9360ee8315474.tar.gz qemu-6c4591566d6f1257683d2ccc94b9360ee8315474.tar.bz2 | |
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20170717' into staging
target-arm queue:
* new model of the ARM MPS2/MPS2+ FPGA based development board
* clean up DISAS_* exit conditions and fix various regressions
since commits e75449a346 8a6b28c7b5 (in particular including
ones which broke OP-TEE guests)
* make Cortex-M3 and M4 correctly default to 8 PMSA regions
# gpg: Signature made Mon 17 Jul 2017 13:43:45 BST
# gpg: using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg: aka "Peter Maydell <pmaydell@gmail.com>"
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* remotes/pmaydell/tags/pull-target-arm-20170717:
MAINTAINERS: Add entries for MPS2 board
hw/arm/mps2: Add ethernet
hw/arm/mps2: Add SCC
hw/misc/mps2_scc: Implement MPS2 Serial Communication Controller
hw/arm/mps2: Add timers
hw/char/cmsdk-apb-timer: Implement CMSDK APB timer device
hw/arm/mps2: Add UARTs
hw/char/cmsdk-apb-uart.c: Implement CMSDK APB UART
hw/arm/mps2: Implement skeleton mps2-an385 and mps2-an511 board models
target/arm: use DISAS_EXIT for eret handling
target/arm: use gen_goto_tb for ISB handling
target/arm/translate: ensure gen_goto_tb sets exit flags
target/arm/translate.h: expand comment on DISAS_EXIT
target/arm/translate: make DISAS_UPDATE match declared semantics
include/exec/exec-all: document common exit conditions
target/arm: Make Cortex-M3 and M4 default to 8 PMSA regions
qdev: support properties which don't set a default value
qdev-properties.h: Explicitly set the default value for arraylen properties
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | MAINTAINERS | 14 | ||||
| -rw-r--r-- | default-configs/arm-softmmu.mak | 6 | ||||
| -rw-r--r-- | hw/arm/Makefile.objs | 1 | ||||
| -rw-r--r-- | hw/arm/mps2.c | 385 | ||||
| -rw-r--r-- | hw/char/Makefile.objs | 1 | ||||
| -rw-r--r-- | hw/char/cmsdk-apb-uart.c | 403 | ||||
| -rw-r--r-- | hw/char/trace-events | 9 | ||||
| -rw-r--r-- | hw/core/qdev.c | 2 | ||||
| -rw-r--r-- | hw/misc/Makefile.objs | 1 | ||||
| -rw-r--r-- | hw/misc/mps2-scc.c | 310 | ||||
| -rw-r--r-- | hw/misc/trace-events | 8 | ||||
| -rw-r--r-- | hw/timer/Makefile.objs | 1 | ||||
| -rw-r--r-- | hw/timer/cmsdk-apb-timer.c | 253 | ||||
| -rw-r--r-- | hw/timer/trace-events | 5 | ||||
| -rw-r--r-- | include/exec/exec-all.h | 29 | ||||
| -rw-r--r-- | include/hw/char/cmsdk-apb-uart.h | 78 | ||||
| -rw-r--r-- | include/hw/misc/mps2-scc.h | 43 | ||||
| -rw-r--r-- | include/hw/qdev-core.h | 10 | ||||
| -rw-r--r-- | include/hw/qdev-properties.h | 21 | ||||
| -rw-r--r-- | include/hw/timer/cmsdk-apb-timer.h | 59 | ||||
| -rw-r--r-- | target/arm/cpu.c | 12 | ||||
| -rw-r--r-- | target/arm/translate-a64.c | 19 | ||||
| -rw-r--r-- | target/arm/translate.c | 22 | ||||
| -rw-r--r-- | target/arm/translate.h | 5 |
24 files changed, 1673 insertions, 24 deletions
diff --git a/MAINTAINERS b/MAINTAINERS index b9aa878..5ea273f 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -375,7 +375,7 @@ F: hw/*/allwinner* F: include/hw/*/allwinner* F: hw/arm/cubieboard.c -ARM PrimeCell +ARM PrimeCell and CMSDK devices M: Peter Maydell <peter.maydell@linaro.org> L: qemu-arm@nongnu.org S: Maintained @@ -389,6 +389,10 @@ F: hw/intc/pl190.c F: hw/sd/pl181.c F: hw/timer/pl031.c F: include/hw/arm/primecell.h +F: hw/timer/cmsdk-apb-timer.c +F: include/hw/timer/cmsdk-apb-timer.h +F: hw/char/cmsdk-apb-uart.c +F: include/hw/char/cmsdk-apb-uart.h ARM cores M: Peter Maydell <peter.maydell@linaro.org> @@ -450,6 +454,14 @@ S: Maintained F: hw/arm/integratorcp.c F: hw/misc/arm_integrator_debug.c +MPS2 +M: Peter Maydell <peter.maydell@linaro.org> +L: qemu-arm@nongnu.org +S: Maintained +F: hw/arm/mps2.c +F: hw/misc/mps2-scc.c +F: include/hw/misc/mps2-scc.h + Musicpal M: Jan Kiszka <jan.kiszka@web.de> L: qemu-arm@nongnu.org diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak index 93e995d..bbdd3c1 100644 --- a/default-configs/arm-softmmu.mak +++ b/default-configs/arm-softmmu.mak @@ -83,6 +83,7 @@ CONFIG_ONENAND=y CONFIG_TUSB6010=y CONFIG_IMX=y CONFIG_MAINSTONE=y +CONFIG_MPS2=y CONFIG_NSERIES=y CONFIG_RASPI=y CONFIG_REALVIEW=y @@ -95,6 +96,11 @@ CONFIG_STM32F2XX_ADC=y CONFIG_STM32F2XX_SPI=y CONFIG_STM32F205_SOC=y +CONFIG_CMSDK_APB_TIMER=y +CONFIG_CMSDK_APB_UART=y + +CONFIG_MPS2_SCC=y + CONFIG_VERSATILE_PCI=y CONFIG_VERSATILE_I2C=y diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs index 4c5c4ee..a2e56ec 100644 --- a/hw/arm/Makefile.objs +++ b/hw/arm/Makefile.objs @@ -18,3 +18,4 @@ obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o obj-$(CONFIG_ASPEED_SOC) += aspeed_soc.o aspeed.o +obj-$(CONFIG_MPS2) += mps2.o diff --git a/hw/arm/mps2.c b/hw/arm/mps2.c new file mode 100644 index 0000000..f727b43 --- /dev/null +++ b/hw/arm/mps2.c @@ -0,0 +1,385 @@ +/* + * ARM V2M MPS2 board emulation. + * + * Copyright (c) 2017 Linaro Limited + * Written by Peter Maydell + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 or + * (at your option) any later version. + */ + +/* The MPS2 and MPS2+ dev boards are FPGA based (the 2+ has a bigger + * FPGA but is otherwise the same as the 2). Since the CPU itself + * and most of the devices are in the FPGA, the details of the board + * as seen by the guest depend significantly on the FPGA image. + * We model the following FPGA images: + * "mps2-an385" -- Cortex-M3 as documented in ARM Application Note AN385 + * "mps2-an511" -- Cortex-M3 'DesignStart' as documented in AN511 + * + * Links to the TRM for the board itself and to the various Application + * Notes which document the FPGA images can be found here: + * https://developer.arm.com/products/system-design/development-boards/cortex-m-prototyping-system + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qemu/error-report.h" +#include "hw/arm/arm.h" +#include "hw/arm/armv7m.h" +#include "hw/or-irq.h" +#include "hw/boards.h" +#include "exec/address-spaces.h" +#include "sysemu/sysemu.h" +#include "hw/misc/unimp.h" +#include "hw/char/cmsdk-apb-uart.h" +#include "hw/timer/cmsdk-apb-timer.h" +#include "hw/misc/mps2-scc.h" +#include "hw/devices.h" +#include "net/net.h" + +typedef enum MPS2FPGAType { + FPGA_AN385, + FPGA_AN511, +} MPS2FPGAType; + +typedef struct { + MachineClass parent; + MPS2FPGAType fpga_type; + const char *cpu_model; + uint32_t scc_id; +} MPS2MachineClass; + +typedef struct { + MachineState parent; + + ARMv7MState armv7m; + MemoryRegion psram; + MemoryRegion ssram1; + MemoryRegion ssram1_m; + MemoryRegion ssram23; + MemoryRegion ssram23_m; + MemoryRegion blockram; + MemoryRegion blockram_m1; + MemoryRegion blockram_m2; + MemoryRegion blockram_m3; + MemoryRegion sram; + MPS2SCC scc; +} MPS2MachineState; + +#define TYPE_MPS2_MACHINE "mps2" +#define TYPE_MPS2_AN385_MACHINE MACHINE_TYPE_NAME("mps2-an385") +#define TYPE_MPS2_AN511_MACHINE MACHINE_TYPE_NAME("mps2-an511") + +#define MPS2_MACHINE(obj) \ + OBJECT_CHECK(MPS2MachineState, obj, TYPE_MPS2_MACHINE) +#define MPS2_MACHINE_GET_CLASS(obj) \ + OBJECT_GET_CLASS(MPS2MachineClass, obj, TYPE_MPS2_MACHINE) +#define MPS2_MACHINE_CLASS(klass) \ + OBJECT_CLASS_CHECK(MPS2MachineClass, klass, TYPE_MPS2_MACHINE) + +/* Main SYSCLK frequency in Hz */ +#define SYSCLK_FRQ 25000000 + +/* Initialize the auxiliary RAM region @mr and map it into + * the memory map at @base. + */ +static void make_ram(MemoryRegion *mr, const char *name, + hwaddr base, hwaddr size) +{ + memory_region_init_ram(mr, NULL, name, size, &error_fatal); + memory_region_add_subregion(get_system_memory(), base, mr); +} + +/* Create an alias of an entire original MemoryRegion @orig + * located at @base in the memory map. + */ +static void make_ram_alias(MemoryRegion *mr, const char *name, + MemoryRegion *orig, hwaddr base) +{ + memory_region_init_alias(mr, NULL, name, orig, 0, + memory_region_size(orig)); + memory_region_add_subregion(get_system_memory(), base, mr); +} + +static void mps2_common_init(MachineState *machine) +{ + MPS2MachineState *mms = MPS2_MACHINE(machine); + MPS2MachineClass *mmc = MPS2_MACHINE_GET_CLASS(machine); + MemoryRegion *system_memory = get_system_memory(); + DeviceState *armv7m, *sccdev; + + if (!machine->cpu_model) { + machine->cpu_model = mmc->cpu_model; + } + + if (strcmp(machine->cpu_model, mmc->cpu_model) != 0) { + error_report("This board can only be used with CPU %s", mmc->cpu_model); + exit(1); + } + + /* The FPGA images have an odd combination of different RAMs, + * because in hardware they are different implementations and + * connected to different buses, giving varying performance/size + * tradeoffs. For QEMU they're all just RAM, though. We arbitrarily + * call the 16MB our "system memory", as it's the largest lump. + * + * Common to both boards: + * 0x21000000..0x21ffffff : PSRAM (16MB) + * AN385 only: + * 0x00000000 .. 0x003fffff : ZBT SSRAM1 + * 0x00400000 .. 0x007fffff : mirror of ZBT SSRAM1 + * 0x20000000 .. 0x203fffff : ZBT SSRAM 2&3 + * 0x20400000 .. 0x207fffff : mirror of ZBT SSRAM 2&3 + * 0x01000000 .. 0x01003fff : block RAM (16K) + * 0x01004000 .. 0x01007fff : mirror of above + * 0x01008000 .. 0x0100bfff : mirror of above + * 0x0100c000 .. 0x0100ffff : mirror of above + * AN511 only: + * 0x00000000 .. 0x0003ffff : FPGA block RAM + * 0x00400000 .. 0x007fffff : ZBT SSRAM1 + * 0x20000000 .. 0x2001ffff : SRAM + * 0x20400000 .. 0x207fffff : ZBT SSRAM 2&3 + * + * The AN385 has a feature where the lowest 16K can be mapped + * either to the bottom of the ZBT SSRAM1 or to the block RAM. + * This is of no use for QEMU so we don't implement it (as if + * zbt_boot_ctrl is always zero). + */ + memory_region_allocate_system_memory(&mms->psram, + NULL, "mps.ram", 0x1000000); + memory_region_add_subregion(system_memory, 0x21000000, &mms->psram); + + switch (mmc->fpga_type) { + case FPGA_AN385: + make_ram(&mms->ssram1, "mps.ssram1", 0x0, 0x400000); + make_ram_alias(&mms->ssram1_m, "mps.ssram1_m", &mms->ssram1, 0x400000); + make_ram(&mms->ssram23, "mps.ssram23", 0x20000000, 0x400000); + make_ram_alias(&mms->ssram23_m, "mps.ssram23_m", + &mms->ssram23, 0x20400000); + make_ram(&mms->blockram, "mps.blockram", 0x01000000, 0x4000); + make_ram_alias(&mms->blockram_m1, "mps.blockram_m1", + &mms->blockram, 0x01004000); + make_ram_alias(&mms->blockram_m2, "mps.blockram_m2", + &mms->blockram, 0x01008000); + make_ram_alias(&mms->blockram_m3, "mps.blockram_m3", + &mms->blockram, 0x0100c000); + break; + case FPGA_AN511: + make_ram(&mms->blockram, "mps.blockram", 0x0, 0x40000); + make_ram(&mms->ssram1, "mps.ssram1", 0x00400000, 0x00800000); + make_ram(&mms->sram, "mps.sram", 0x20000000, 0x20000); + make_ram(&mms->ssram23, "mps.ssram23", 0x20400000, 0x400000); + break; + default: + g_assert_not_reached(); + } + + object_initialize(&mms->armv7m, sizeof(mms->armv7m), TYPE_ARMV7M); + armv7m = DEVICE(&mms->armv7m); + qdev_set_parent_bus(armv7m, sysbus_get_default()); + switch (mmc->fpga_type) { + case FPGA_AN385: + qdev_prop_set_uint32(armv7m, "num-irq", 32); + break; + case FPGA_AN511: + qdev_prop_set_uint32(armv7m, "num-irq", 64); + break; + default: + g_assert_not_reached(); + } + qdev_prop_set_string(armv7m, "cpu-model", machine->cpu_model); + object_property_set_link(OBJECT(&mms->armv7m), OBJECT(system_memory), + "memory", &error_abort); + object_property_set_bool(OBJECT(&mms->armv7m), true, "realized", + &error_fatal); + + create_unimplemented_device("zbtsmram mirror", 0x00400000, 0x00400000); + create_unimplemented_device("RESERVED 1", 0x00800000, 0x00800000); + create_unimplemented_device("Block RAM", 0x01000000, 0x00010000); + create_unimplemented_device("RESERVED 2", 0x01010000, 0x1EFF0000); + create_unimplemented_device("RESERVED 3", 0x20800000, 0x00800000); + create_unimplemented_device("PSRAM", 0x21000000, 0x01000000); + /* These three ranges all cover multiple devices; we may implement + * some of them below (in which case the real device takes precedence + * over the unimplemented-region mapping). + */ + create_unimplemented_device("CMSDK APB peripheral region @0x40000000", + 0x40000000, 0x00010000); + create_unimplemented_device("CMSDK peripheral region @0x40010000", + 0x40010000, 0x00010000); + create_unimplemented_device("Extra peripheral region @0x40020000", + 0x40020000, 0x00010000); + create_unimplemented_device("RESERVED 4", 0x40030000, 0x001D0000); + create_unimplemented_device("VGA", 0x41000000, 0x0200000); + + switch (mmc->fpga_type) { + case FPGA_AN385: + { + /* The overflow IRQs for UARTs 0, 1 and 2 are ORed together. + * Overflow for UARTs 4 and 5 doesn't trigger any interrupt. + */ + Object *orgate; + DeviceState *orgate_dev; + int i; + + orgate = object_new(TYPE_OR_IRQ); + object_property_set_int(orgate, 6, "num-lines", &error_fatal); + object_property_set_bool(orgate, true, "realized", &error_fatal); + orgate_dev = DEVICE(orgate); + qdev_connect_gpio_out(orgate_dev, 0, qdev_get_gpio_in(armv7m, 12)); + + for (i = 0; i < 5; i++) { + static const hwaddr uartbase[] = {0x40004000, 0x40005000, + 0x40006000, 0x40007000, + 0x40009000}; + Chardev *uartchr = i < MAX_SERIAL_PORTS ? serial_hds[i] : NULL; + /* RX irq number; TX irq is always one greater */ + static const int uartirq[] = {0, 2, 4, 18, 20}; + qemu_irq txovrint = NULL, rxovrint = NULL; + + if (i < 3) { + txovrint = qdev_get_gpio_in(orgate_dev, i * 2); + rxovrint = qdev_get_gpio_in(orgate_dev, i * 2 + 1); + } + + cmsdk_apb_uart_create(uartbase[i], + qdev_get_gpio_in(armv7m, uartirq[i] + 1), + qdev_get_gpio_in(armv7m, uartirq[i]), + txovrint, rxovrint, + NULL, + uartchr, SYSCLK_FRQ); + } + break; + } + case FPGA_AN511: + { + /* The overflow IRQs for all UARTs are ORed together. + * Tx and Rx IRQs for each UART are ORed together. + */ + Object *orgate; + DeviceState *orgate_dev; + int i; + + orgate = object_new(TYPE_OR_IRQ); + object_property_set_int(orgate, 10, "num-lines", &error_fatal); + object_property_set_bool(orgate, true, "realized", &error_fatal); + orgate_dev = DEVICE(orgate); + qdev_connect_gpio_out(orgate_dev, 0, qdev_get_gpio_in(armv7m, 12)); + + for (i = 0; i < 5; i++) { + /* system irq numbers for the combined tx/rx for each UART */ + static const int uart_txrx_irqno[] = {0, 2, 45, 46, 56}; + static const hwaddr uartbase[] = {0x40004000, 0x40005000, + 0x4002c000, 0x4002d000, + 0x4002e000}; + Chardev *uartchr = i < MAX_SERIAL_PORTS ? serial_hds[i] : NULL; + Object *txrx_orgate; + DeviceState *txrx_orgate_dev; + + txrx_orgate = object_new(TYPE_OR_IRQ); + object_property_set_int(txrx_orgate, 2, "num-lines", &error_fatal); + object_property_set_bool(txrx_orgate, true, "realized", + &error_fatal); + txrx_orgate_dev = DEVICE(txrx_orgate); + qdev_connect_gpio_out(txrx_orgate_dev, 0, + qdev_get_gpio_in(armv7m, uart_txrx_irqno[i])); + cmsdk_apb_uart_create(uartbase[i], + qdev_get_gpio_in(txrx_orgate_dev, 0), + qdev_get_gpio_in(txrx_orgate_dev, 1), + qdev_get_gpio_in(orgate_dev, 0), + qdev_get_gpio_in(orgate_dev, 1), + NULL, + uartchr, SYSCLK_FRQ); + } + break; + } + default: + g_assert_not_reached(); + } + + cmsdk_apb_timer_create(0x40000000, qdev_get_gpio_in(armv7m, 8), SYSCLK_FRQ); + cmsdk_apb_timer_create(0x40001000, qdev_get_gpio_in(armv7m, 9), SYSCLK_FRQ); + + object_initialize(&mms->scc, sizeof(mms->scc), TYPE_MPS2_SCC); + sccdev = DEVICE(&mms->scc); + qdev_set_parent_bus(armv7m, sysbus_get_default()); + qdev_prop_set_uint32(sccdev, "scc-cfg4", 0x2); + qdev_prop_set_uint32(sccdev, "scc-aid", 0x02000008); + qdev_prop_set_uint32(sccdev, "scc-id", mmc->scc_id); + object_property_set_bool(OBJECT(&mms->scc), true, "realized", + &error_fatal); + sysbus_mmio_map(SYS_BUS_DEVICE(sccdev), 0, 0x4002f000); + + /* In hardware this is a LAN9220; the LAN9118 is software compatible + * except that it doesn't support the checksum-offload feature. + */ + lan9118_init(&nd_table[0], 0x40200000, + qdev_get_gpio_in(armv7m, + mmc->fpga_type == FPGA_AN385 ? 13 : 47)); + + system_clock_scale = NANOSECONDS_PER_SECOND / SYSCLK_FRQ; + + armv7m_load_kernel(ARM_CPU(first_cpu), machine->kernel_filename, + 0x400000); +} + +static void mps2_class_init(ObjectClass *oc, void *data) +{ + MachineClass *mc = MACHINE_CLASS(oc); + + mc->init = mps2_common_init; + mc->max_cpus = 1; +} + +static void mps2_an385_class_init(ObjectClass *oc, void *data) +{ + MachineClass *mc = MACHINE_CLASS(oc); + MPS2MachineClass *mmc = MPS2_MACHINE_CLASS(oc); + + mc->desc = "ARM MPS2 with AN385 FPGA image for Cortex-M3"; + mmc->fpga_type = FPGA_AN385; + mmc->cpu_model = "cortex-m3"; + mmc->scc_id = 0x41040000 | (385 << 4); +} + +static void mps2_an511_class_init(ObjectClass *oc, void *data) +{ + MachineClass *mc = MACHINE_CLASS(oc); + MPS2MachineClass *mmc = MPS2_MACHINE_CLASS(oc); + + mc->desc = "ARM MPS2 with AN511 DesignStart FPGA image for Cortex-M3"; + mmc->fpga_type = FPGA_AN511; + mmc->cpu_model = "cortex-m3"; + mmc->scc_id = 0x4104000 | (511 << 4); +} + +static const TypeInfo mps2_info = { + .name = TYPE_MPS2_MACHINE, + .parent = TYPE_MACHINE, + .abstract = true, + .instance_size = sizeof(MPS2MachineState), + .class_size = sizeof(MPS2MachineClass), + .class_init = mps2_class_init, +}; + +static const TypeInfo mps2_an385_info = { + .name = TYPE_MPS2_AN385_MACHINE, + .parent = TYPE_MPS2_MACHINE, + .class_init = mps2_an385_class_init, +}; + +static const TypeInfo mps2_an511_info = { + .name = TYPE_MPS2_AN511_MACHINE, + .parent = TYPE_MPS2_MACHINE, + .class_init = mps2_an511_class_init, +}; + +static void mps2_machine_init(void) +{ + type_register_static(&mps2_info); + type_register_static(&mps2_an385_info); + type_register_static(&mps2_an511_info); +} + +type_init(mps2_machine_init); diff --git a/hw/char/Makefile.objs b/hw/char/Makefile.objs index 55fcb68..1bcd37e 100644 --- a/hw/char/Makefile.objs +++ b/hw/char/Makefile.objs @@ -19,6 +19,7 @@ obj-$(CONFIG_DIGIC) += digic-uart.o obj-$(CONFIG_STM32F2XX_USART) += stm32f2xx_usart.o obj-$(CONFIG_RASPI) += bcm2835_aux.o +common-obj-$(CONFIG_CMSDK_APB_UART) += cmsdk-apb-uart.o common-obj-$(CONFIG_ETRAXFS) += etraxfs_ser.o common-obj-$(CONFIG_ISA_DEBUG) += debugcon.o common-obj-$(CONFIG_GRLIB) += grlib_apbuart.o diff --git a/hw/char/cmsdk-apb-uart.c b/hw/char/cmsdk-apb-uart.c new file mode 100644 index 0000000..1ad1e14 --- /dev/null +++ b/hw/char/cmsdk-apb-uart.c @@ -0,0 +1,403 @@ +/* + * ARM CMSDK APB UART emulation + * + * Copyright (c) 2017 Linaro Limited + * Written by Peter Maydell + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 or + * (at your option) any later version. + */ + +/* This is a model of the "APB UART" which is part of the Cortex-M + * System Design Kit (CMSDK) and documented in the Cortex-M System + * Design Kit Technical Reference Manual (ARM DDI0479C): + * https://developer.arm.com/products/system-design/system-design-kits/cortex-m-system-design-kit + */ + +#include "qemu/osdep.h" +#include "qemu/log.h" +#include "qapi/error.h" +#include "trace.h" +#include "hw/sysbus.h" +#include "hw/registerfields.h" +#include "chardev/char-fe.h" +#include "chardev/char-serial.h" +#include "hw/char/cmsdk-apb-uart.h" + +REG32(DATA, 0) +REG32(STATE, 4) + FIELD(STATE, TXFULL, 0, 1) + FIELD(STATE, RXFULL, 1, 1) + FIELD(STATE, TXOVERRUN, 2, 1) + FIELD(STATE, RXOVERRUN, 3, 1) +REG32(CTRL, 8) + FIELD(CTRL, TX_EN, 0, 1) + FIELD(CTRL, RX_EN, 1, 1) + FIELD(CTRL, TX_INTEN, 2, 1) + FIELD(CTRL, RX_INTEN, 3, 1) + FIELD(CTRL, TXO_INTEN, 4, 1) + FIELD(CTRL, RXO_INTEN, 5, 1) + FIELD(CTRL, HSTEST, 6, 1) +REG32(INTSTATUS, 0xc) + FIELD(INTSTATUS, TX, 0, 1) + FIELD(INTSTATUS, RX, 1, 1) + FIELD(INTSTATUS, TXO, 2, 1) + FIELD(INTSTATUS, RXO, 3, 1) +REG32(BAUDDIV, 0x10) +REG32(PID4, 0xFD0) +REG32(PID5, 0xFD4) +REG32(PID6, 0xFD8) +REG32(PID7, 0xFDC) +REG32(PID0, 0xFE0) +REG32(PID1, 0xFE4) +REG32(PID2, 0xFE8) +REG32(PID3, 0xFEC) +REG32(CID0, 0xFF0) +REG32(CID1, 0xFF4) +REG32(CID2, 0xFF8) +REG32(CID3, 0xFFC) + +/* PID/CID values */ +static const int uart_id[] = { + 0x04, 0x00, 0x00, 0x00, /* PID4..PID7 */ + 0x21, 0xb8, 0x1b, 0x00, /* PID0..PID3 */ + 0x0d, 0xf0, 0x05, 0xb1, /* CID0..CID3 */ +}; + +static bool uart_baudrate_ok(CMSDKAPBUART *s) +{ + /* The minimum permitted bauddiv setting is 16, so we just ignore + * settings below that (usually this means the device has just + * been reset and not yet programmed). + */ + return s->bauddiv >= 16 && s->bauddiv <= s->pclk_frq; +} + +static void uart_update_parameters(CMSDKAPBUART *s) +{ + QEMUSerialSetParams ssp; + + /* This UART is always 8N1 but the baud rate is programmable. */ + if (!uart_baudrate_ok(s)) { + return; + } + + ssp.data_bits = 8; + ssp.parity = 'N'; + ssp.stop_bits = 1; + ssp.speed = s->pclk_frq / s->bauddiv; + qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp); + trace_cmsdk_apb_uart_set_params(ssp.speed); +} + +static void cmsdk_apb_uart_update(CMSDKAPBUART *s) +{ + /* update outbound irqs, including handling the way the rxo and txo + * interrupt status bits are just logical AND of the overrun bit in + * STATE and the overrun interrupt enable bit in CTRL. + */ + uint32_t omask = (R_INTSTATUS_RXO_MASK | R_INTSTATUS_TXO_MASK); + s->intstatus &= ~omask; + s->intstatus |= (s->state & (s->ctrl >> 2) & omask); + + qemu_set_irq(s->txint, !!(s->intstatus & R_INTSTATUS_TX_MASK)); + qemu_set_irq(s->rxint, !!(s->intstatus & R_INTSTATUS_RX_MASK)); + qemu_set_irq(s->txovrint, !!(s->intstatus & R_INTSTATUS_TXO_MASK)); + qemu_set_irq(s->rxovrint, !!(s->intstatus & R_INTSTATUS_RXO_MASK)); + qemu_set_irq(s->uartint, !!(s->intstatus)); +} + +static int uart_can_receive(void *opaque) +{ + CMSDKAPBUART *s = CMSDK_APB_UART(opaque); + + /* We can take a char if RX is enabled and the buffer is empty */ + if (s->ctrl & R_CTRL_RX_EN_MASK && !(s->state & R_STATE_RXFULL_MASK)) { + return 1; + } + return 0; +} + +static void uart_receive(void *opaque, const uint8_t *buf, int size) +{ + CMSDKAPBUART *s = CMSDK_APB_UART(opaque); + + trace_cmsdk_apb_uart_receive(*buf); + + /* In fact uart_can_receive() ensures that we can't be + * called unless RX is enabled and the buffer is empty, + * but we include this logic as documentation of what the + * hardware does if a character arrives in these circumstances. + */ + if (!(s->ctrl & R_CTRL_RX_EN_MASK)) { + /* Just drop the character on the floor */ + return; + } + + if (s->state & R_STATE_RXFULL_MASK) { + s->state |= R_STATE_RXOVERRUN_MASK; + } + + s->rxbuf = *buf; + s->state |= R_STATE_RXFULL_MASK; + if (s->ctrl & R_CTRL_RX_INTEN_MASK) { + s->intstatus |= R_INTSTATUS_RX_MASK; + } + cmsdk_apb_uart_update(s); +} + +static uint64_t uart_read(void *opaque, hwaddr offset, unsigned size) +{ + CMSDKAPBUART *s = CMSDK_APB_UART(opaque); + uint64_t r; + + switch (offset) { + case A_DATA: + r = s->rxbuf; + s->state &= ~R_STATE_RXFULL_MASK; + cmsdk_apb_uart_update(s); + break; + case A_STATE: + r = s->state; + break; + case A_CTRL: + r = s->ctrl; + break; + case A_INTSTATUS: + r = s->intstatus; + break; + case A_BAUDDIV: + r = s->bauddiv; + break; + case A_PID4 ... A_CID3: + r = uart_id[(offset - A_PID4) / 4]; + break; + default: + qemu_log_mask(LOG_GUEST_ERROR, + "CMSDK APB UART read: bad offset %x\n", (int) offset); + r = 0; + break; + } + trace_cmsdk_apb_uart_read(offset, r, size); + return r; +} + +/* Try to send tx data, and arrange to be called back later if + * we can't (ie the char backend is busy/blocking). + */ +static gboolean uart_transmit(GIOChannel *chan, GIOCondition cond, void *opaque) +{ + CMSDKAPBUART *s = CMSDK_APB_UART(opaque); + int ret; + + s->watch_tag = 0; + + if (!(s->ctrl & R_CTRL_TX_EN_MASK) || !(s->state & R_STATE_TXFULL_MASK)) { + return FALSE; + } + + ret = qemu_chr_fe_write(&s->chr, &s->txbuf, 1); + if (ret <= 0) { + s->watch_tag = qemu_chr_fe_add_watch(&s->chr, G_IO_OUT | G_IO_HUP, + uart_transmit, s); + if (!s->watch_tag) { + /* Most common reason to be here is "no chardev backend": + * just insta-drain the buffer, so the serial output + * goes into a void, rather than blocking the guest. + */ + goto buffer_drained; + } + /* Transmit pending */ + trace_cmsdk_apb_uart_tx_pending(); + return FALSE; + } + +buffer_drained: + /* Character successfully sent */ + trace_cmsdk_apb_uart_tx(s->txbuf); + s->state &= ~R_STATE_TXFULL_MASK; + /* Going from TXFULL set to clear triggers the tx interrupt */ + if (s->ctrl & R_CTRL_TX_INTEN_MASK) { + s->intstatus |= R_INTSTATUS_TX_MASK; + } + cmsdk_apb_uart_update(s); + return FALSE; +} + +static void uart_cancel_transmit(CMSDKAPBUART *s) +{ + if (s->watch_tag) { + g_source_remove(s->watch_tag); + s->watch_tag = 0; + } +} + +static void uart_write(void *opaque, hwaddr offset, uint64_t value, + unsigned size) +{ + CMSDKAPBUART *s = CMSDK_APB_UART(opaque); + + trace_cmsdk_apb_uart_write(offset, value, size); + + switch (offset) { + case A_DATA: + s->txbuf = value; + if (s->state & R_STATE_TXFULL_MASK) { + /* Buffer already full -- note the overrun and let the + * existing pending transmit callback handle the new char. + */ + s->state |= R_STATE_TXOVERRUN_MASK; + cmsdk_apb_uart_update(s); + } else { + s->state |= R_STATE_TXFULL_MASK; + uart_transmit(NULL, G_IO_OUT, s); + } + break; + case A_STATE: + /* Bits 0 and 1 are read only; bits 2 and 3 are W1C */ + s->state &= ~(value & + (R_STATE_TXOVERRUN_MASK | R_STATE_RXOVERRUN_MASK)); + cmsdk_apb_uart_update(s); + break; + case A_CTRL: + s->ctrl = value & 0x7f; + if ((s->ctrl & R_CTRL_TX_EN_MASK) && !uart_baudrate_ok(s)) { + qemu_log_mask(LOG_GUEST_ERROR, + "CMSDK APB UART: Tx enabled with invalid baudrate\n"); + } + cmsdk_apb_uart_update(s); + break; + case A_INTSTATUS: + /* All bits are W1C. Clearing the overrun interrupt bits really + * clears the overrun status bits in the STATE register (which + * is then reflected into the intstatus value by the update function). + */ + s->state &= ~(value & (R_INTSTATUS_TXO_MASK | R_INTSTATUS_RXO_MASK)); + cmsdk_apb_uart_update(s); + break; + case A_BAUDDIV: + s->bauddiv = value & 0xFFFFF; + uart_update_parameters(s); + break; + case A_PID4 ... A_CID3: + qemu_log_mask(LOG_GUEST_ERROR, + "CMSDK APB UART write: write to RO offset 0x%x\n", + (int)offset); + break; + default: + qemu_log_mask(LOG_GUEST_ERROR, + "CMSDK APB UART write: bad offset 0x%x\n", (int) offset); + break; + } +} + +static const MemoryRegionOps uart_ops = { + .read = uart_read, + .write = uart_write, + .endianness = DEVICE_LITTLE_ENDIAN, +}; + +static void cmsdk_apb_uart_reset(DeviceState *dev) +{ + CMSDKAPBUART *s = CMSDK_APB_UART(dev); + + trace_cmsdk_apb_uart_reset(); + uart_cancel_transmit(s); + s->state = 0; + s->ctrl = 0; + s->intstatus = 0; + s->bauddiv = 0; + s->txbuf = 0; + s->rxbuf = 0; +} + +static void cmsdk_apb_uart_init(Object *obj) +{ + SysBusDevice *sbd = SYS_BUS_DEVICE(obj); + CMSDKAPBUART *s = CMSDK_APB_UART(obj); + + memory_region_init_io(&s->iomem, obj, &uart_ops, s, "uart", 0x1000); + sysbus_init_mmio(sbd, &s->iomem); + sysbus_init_irq(sbd, &s->txint); + sysbus_init_irq(sbd, &s->rxint); + sysbus_init_irq(sbd, &s->txovrint); + sysbus_init_irq(sbd, &s->rxovrint); + sysbus_init_irq(sbd, &s->uartint); +} + +static void cmsdk_apb_uart_realize(DeviceState *dev, Error **errp) +{ + CMSDKAPBUART *s = CMSDK_APB_UART(dev); + + if (s->pclk_frq == 0) { + error_setg(errp, "CMSDK APB UART: pclk-frq property must be set"); + return; + } + + /* This UART has no flow control, so we do not need to register + * an event handler to deal with CHR_EVENT_BREAK. + */ + qemu_chr_fe_set_handlers(&s->chr, uart_can_receive, uart_receive, + NULL, NULL, s, NULL, true); +} + +static int cmsdk_apb_uart_post_load(void *opaque, int version_id) +{ + CMSDKAPBUART *s = CMSDK_APB_UART(opaque); + + /* If we have a pending character, arrange to resend it. */ + if (s->state & R_STATE_TXFULL_MASK) { + s->watch_tag = qemu_chr_fe_add_watch(&s->chr, G_IO_OUT | G_IO_HUP, + uart_transmit, s); + } + uart_update_parameters(s); + return 0; +} + +static const VMStateDescription cmsdk_apb_uart_vmstate = { + .name = "cmsdk-apb-uart", + .version_id = 1, + .minimum_version_id = 1, + .post_load = cmsdk_apb_uart_post_load, + .fields = (VMStateField[]) { + VMSTATE_UINT32(state, CMSDKAPBUART), + VMSTATE_UINT32(ctrl, CMSDKAPBUART), + VMSTATE_UINT32(intstatus, CMSDKAPBUART), + VMSTATE_UINT32(bauddiv, CMSDKAPBUART), + VMSTATE_UINT8(txbuf, CMSDKAPBUART), + VMSTATE_UINT8(rxbuf, CMSDKAPBUART), + VMSTATE_END_OF_LIST() + } +}; + +static Property cmsdk_apb_uart_properties[] = { + DEFINE_PROP_CHR("chardev", CMSDKAPBUART, chr), + DEFINE_PROP_UINT32("pclk-frq", CMSDKAPBUART, pclk_frq, 0), + DEFINE_PROP_END_OF_LIST(), +}; + +static void cmsdk_apb_uart_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + + dc->realize = cmsdk_apb_uart_realize; + dc->vmsd = &cmsdk_apb_uart_vmstate; + dc->reset = cmsdk_apb_uart_reset; + dc->props = cmsdk_apb_uart_properties; +} + +static const TypeInfo cmsdk_apb_uart_info = { + .name = TYPE_CMSDK_APB_UART, + .parent = TYPE_SYS_BUS_DEVICE, + .instance_size = sizeof(CMSDKAPBUART), + .instance_init = cmsdk_apb_uart_init, + .class_init = cmsdk_apb_uart_class_init, +}; + +static void cmsdk_apb_uart_register_types(void) +{ + type_register_static(&cmsdk_apb_uart_info); +} + +type_init(cmsdk_apb_uart_register_types); diff --git a/hw/char/trace-events b/hw/char/trace-events index 7fd48bb..daf4ee4 100644 --- a/hw/char/trace-events +++ b/hw/char/trace-events @@ -56,3 +56,12 @@ pl011_write(uint32_t addr, uint32_t value) "addr 0x%08x value 0x%08x" pl011_can_receive(uint32_t lcr, int read_count, int r) "LCR %08x read_count %d returning %d" pl011_put_fifo(uint32_t c, int read_count) "new char 0x%x read_count now %d" pl011_put_fifo_full(void) "FIFO now full, RXFF set" + +# hw/char/cmsdk_apb_uart.c +cmsdk_apb_uart_read(uint64_t offset, uint64_t data, unsigned size) "CMSDK APB UART read: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u" +cmsdk_apb_uart_write(uint64_t offset, uint64_t data, unsigned size) "CMSDK APB UART write: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u" +cmsdk_apb_uart_reset(void) "CMSDK APB UART: reset" +cmsdk_apb_uart_receive(uint8_t c) "CMSDK APB UART: got character 0x%x from backend" +cmsdk_apb_uart_tx_pending(void) "CMSDK APB UART: character send to backend pending" +cmsdk_apb_uart_tx(uint8_t c) "CMSDK APB UART: character 0x%x sent to backend" +cmsdk_apb_uart_set_params(int speed) "CMSDK APB UART: params set to %d 8N1" diff --git a/hw/core/qdev.c b/hw/core/qdev.c index ec63fe0..606ab53 100644 --- a/hw/core/qdev.c +++ b/hw/core/qdev.c @@ -800,7 +800,7 @@ void qdev_property_add_static(DeviceState *dev, Property *prop, prop->info->description, &error_abort); - if (prop->info->set_default_value) { + if (prop->set_default) { prop->info->set_default_value(obj, prop); } } diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs index 7e373db..3b91d32 100644 --- a/hw/misc/Makefile.objs +++ b/hw/misc/Makefile.objs @@ -52,6 +52,7 @@ obj-$(CONFIG_STM32F2XX_SYSCFG) += stm32f2xx_syscfg.o obj-$(CONFIG_MIPS_CPS) += mips_cmgcr.o obj-$(CONFIG_MIPS_CPS) += mips_cpc.o obj-$(CONFIG_MIPS_ITU) += mips_itu.o +obj-$(CONFIG_MPS2_SCC) += mps2-scc.o obj-$(CONFIG_PVPANIC) += pvpanic.o obj-$(CONFIG_HYPERV_TESTDEV) += hyperv_testdev.o diff --git a/hw/misc/mps2-scc.c b/hw/misc/mps2-scc.c new file mode 100644 index 0000000..cc58d26 --- /dev/null +++ b/hw/misc/mps2-scc.c @@ -0,0 +1,310 @@ +/* + * ARM MPS2 SCC emulation + * + * Copyright (c) 2017 Linaro Limited + * Written by Peter Maydell + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 or + * (at your option) any later version. + */ + +/* This is a model of the SCC (Serial Communication Controller) + * found in the FPGA images of MPS2 development boards. + * + * Documentation of it can be found in the MPS2 TRM: + * http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.100112_0100_03_en/index.html + * and also in the Application Notes documenting individual FPGA images. + */ + +#include "qemu/osdep.h" +#include "qemu/log.h" +#include "qapi/error.h" +#include "trace.h" +#include "hw/sysbus.h" +#include "hw/registerfields.h" +#include "hw/misc/mps2-scc.h" + +REG32(CFG0, 0) +REG32(CFG1, 4) +REG32(CFG3, 0xc) +REG32(CFG4, 0x10) +REG32(CFGDATA_RTN, 0xa0) +REG32(CFGDATA_OUT, 0xa4) +REG32(CFGCTRL, 0xa8) + FIELD(CFGCTRL, DEVICE, 0, 12) + FIELD(CFGCTRL, RES1, 12, 8) + FIELD(CFGCTRL, FUNCTION, 20, 6) + FIELD(CFGCTRL, RES2, 26, 4) + FIELD(CFGCTRL, WRITE, 30, 1) + FIELD(CFGCTRL, START, 31, 1) +REG32(CFGSTAT, 0xac) + FIELD(CFGSTAT, DONE, 0, 1) + FIELD(CFGSTAT, ERROR, 1, 1) +REG32(DLL, 0x100) +REG32(AID, 0xFF8) +REG32(ID, 0xFFC) + +/* Handle a write via the SYS_CFG channel to the specified function/device. + * Return false on error (reported to guest via SYS_CFGCTRL ERROR bit). + */ +static bool scc_cfg_write(MPS2SCC *s, unsigned function, + unsigned device, uint32_t value) +{ + trace_mps2_scc_cfg_write(function, device, value); + + if (function != 1 || device >= NUM_OSCCLK) { + qemu_log_mask(LOG_GUEST_ERROR, + "MPS2 SCC config write: bad function %d device %d\n", + function, device); + return false; + } + + s->oscclk[device] = value; + return true; +} + +/* Handle a read via the SYS_CFG channel to the specified function/device. + * Return false on error (reported to guest via SYS_CFGCTRL ERROR bit), + * or set *value on success. + */ +static bool scc_cfg_read(MPS2SCC *s, unsigned function, + unsigned device, uint32_t *value) +{ + if (function != 1 || device >= NUM_OSCCLK) { + qemu_log_mask(LOG_GUEST_ERROR, + "MPS2 SCC config read: bad function %d device %d\n", + function, device); + return false; + } + + *value = s->oscclk[device]; + + trace_mps2_scc_cfg_read(function, device, *value); + return true; +} + +static uint64_t mps2_scc_read(void *opaque, hwaddr offset, unsigned size) +{ + MPS2SCC *s = MPS2_SCC(opaque); + uint64_t r; + + switch (offset) { + case A_CFG0: + r = s->cfg0; + break; + case A_CFG1: + r = s->cfg1; + break; + case A_CFG3: + /* These are user-settable DIP switches on the board. We don't + * model that, so just return zeroes. + */ + r = 0; + break; + case A_CFG4: + r = s->cfg4; + break; + case A_CFGDATA_RTN: + r = s->cfgdata_rtn; + break; + case A_CFGDATA_OUT: + r = s->cfgdata_out; + break; + case A_CFGCTRL: + r = s->cfgctrl; + break; + case A_CFGSTAT: + r = s->cfgstat; + break; + case A_DLL: + r = s->dll; + break; + case A_AID: + r = s->aid; + break; + case A_ID: + r = s->id; + break; + default: + qemu_log_mask(LOG_GUEST_ERROR, + "MPS2 SCC read: bad offset %x\n", (int) offset); + r = 0; + break; + } + + trace_mps2_scc_read(offset, r, size); + return r; +} + +static void mps2_scc_write(void *opaque, hwaddr offset, uint64_t value, + unsigned size) +{ + MPS2SCC *s = MPS2_SCC(opaque); + + trace_mps2_scc_write(offset, value, size); + + switch (offset) { + case A_CFG0: + /* TODO on some boards bit 0 controls RAM remapping */ + s->cfg0 = value; + break; + case A_CFG1: + /* CFG1 bits [7:0] control the board LEDs. We don't currently have + * a mechanism for displaying this graphically, so use a trace event. + */ + trace_mps2_scc_leds(value & 0x80 ? '*' : '.', + value & 0x40 ? '*' : '.', + value & 0x20 ? '*' : '.', + value & 0x10 ? '*' : '.', + value & 0x08 ? '*' : '.', + value & 0x04 ? '*' : '.', + value & 0x02 ? '*' : '.', + value & 0x01 ? '*' : '.'); + s->cfg1 = value; + break; + case A_CFGDATA_OUT: + s->cfgdata_out = value; + break; + case A_CFGCTRL: + /* Writing to CFGCTRL clears SYS_CFGSTAT */ + s->cfgstat = 0; + s->cfgctrl = value & ~(R_CFGCTRL_RES1_MASK | + R_CFGCTRL_RES2_MASK | + R_CFGCTRL_START_MASK); + + if (value & R_CFGCTRL_START_MASK) { + /* Start bit set -- do a read or write (instantaneously) */ + int device = extract32(s->cfgctrl, R_CFGCTRL_DEVICE_SHIFT, + R_CFGCTRL_DEVICE_LENGTH); + int function = extract32(s->cfgctrl, R_CFGCTRL_FUNCTION_SHIFT, + R_CFGCTRL_FUNCTION_LENGTH); + + s->cfgstat = R_CFGSTAT_DONE_MASK; + if (s->cfgctrl & R_CFGCTRL_WRITE_MASK) { + if (!scc_cfg_write(s, function, device, s->cfgdata_out)) { + s->cfgstat |= R_CFGSTAT_ERROR_MASK; + } + } else { + uint32_t result; + if (!scc_cfg_read(s, function, device, &result)) { + s->cfgstat |= R_CFGSTAT_ERROR_MASK; + } else { + s->cfgdata_rtn = result; + } + } + } + break; + case A_DLL: + /* DLL stands for Digital Locked Loop. + * Bits [31:24] (DLL_LOCK_MASK) are writable, and indicate a + * mask of which of the DLL_LOCKED bits [16:23] should be ORed + * together to determine the ALL_UNMASKED_DLLS_LOCKED bit [0]. + * For QEMU, our DLLs are always locked, so we can leave bit 0 + * as 1 always and don't need to recalculate it. + */ + s->dll = deposit32(s->dll, 24, 8, extract32(value, 24, 8)); + break; + default: + qemu_log_mask(LOG_GUEST_ERROR, + "MPS2 SCC write: bad offset 0x%x\n", (int) offset); + break; + } +} + +static const MemoryRegionOps mps2_scc_ops = { + .read = mps2_scc_read, + .write = mps2_scc_write, + .endianness = DEVICE_LITTLE_ENDIAN, +}; + +static void mps2_scc_reset(DeviceState *dev) +{ + MPS2SCC *s = MPS2_SCC(dev); + int i; + + trace_mps2_scc_reset(); + s->cfg0 = 0; + s->cfg1 = 0; + s->cfgdata_rtn = 0; + s->cfgdata_out = 0; + s->cfgctrl = 0x100000; + s->cfgstat = 0; + s->dll = 0xffff0001; + for (i = 0; i < NUM_OSCCLK; i++) { + s->oscclk[i] = s->oscclk_reset[i]; + } +} + +static void mps2_scc_init(Object *obj) +{ + SysBusDevice *sbd = SYS_BUS_DEVICE(obj); + MPS2SCC *s = MPS2_SCC(obj); + + memory_region_init_io(&s->iomem, obj, &mps2_scc_ops, s, "mps2-scc", 0x1000); + sysbus_init_mmio(sbd, &s->iomem); +} + +static void mps2_scc_realize(DeviceState *dev, Error **errp) +{ +} + +static const VMStateDescription mps2_scc_vmstate = { + .name = "mps2-scc", + .version_id = 1, + .minimum_version_id = 1, + .fields = (VMStateField[]) { + VMSTATE_UINT32(cfg0, MPS2SCC), + VMSTATE_UINT32(cfg1, MPS2SCC), + VMSTATE_UINT32(cfgdata_rtn, MPS2SCC), + VMSTATE_UINT32(cfgdata_out, MPS2SCC), + VMSTATE_UINT32(cfgctrl, MPS2SCC), + VMSTATE_UINT32(cfgstat, MPS2SCC), + VMSTATE_UINT32(dll, MPS2SCC), + VMSTATE_UINT32_ARRAY(oscclk, MPS2SCC, NUM_OSCCLK), + VMSTATE_END_OF_LIST() + } +}; + +static Property mps2_scc_properties[] = { + /* Values for various read-only ID registers (which are specific + * to the board model or FPGA image) + */ + DEFINE_PROP_UINT32("scc-cfg4", MPS2SCC, aid, 0), + DEFINE_PROP_UINT32("scc-aid", MPS2SCC, aid, 0), + DEFINE_PROP_UINT32("scc-id", MPS2SCC, aid, 0), + /* These are the initial settings for the source clocks on the board. + * In hardware they can be configured via a config file read by the + * motherboard configuration controller to suit the FPGA image. + * These default values are used by most of the standard FPGA images. + */ + DEFINE_PROP_UINT32("oscclk0", MPS2SCC, oscclk_reset[0], 50000000), + DEFINE_PROP_UINT32("oscclk1", MPS2SCC, oscclk_reset[1], 24576000), + DEFINE_PROP_UINT32("oscclk2", MPS2SCC, oscclk_reset[2], 25000000), + DEFINE_PROP_END_OF_LIST(), +}; + +static void mps2_scc_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + + dc->realize = mps2_scc_realize; + dc->vmsd = &mps2_scc_vmstate; + dc->reset = mps2_scc_reset; + dc->props = mps2_scc_properties; +} + +static const TypeInfo mps2_scc_info = { + .name = TYPE_MPS2_SCC, + .parent = TYPE_SYS_BUS_DEVICE, + .instance_size = sizeof(MPS2SCC), + .instance_init = mps2_scc_init, + .class_init = mps2_scc_class_init, +}; + +static void mps2_scc_register_types(void) +{ + type_register_static(&mps2_scc_info); +} + +type_init(mps2_scc_register_types); diff --git a/hw/misc/trace-events b/hw/misc/trace-events index 0cc556c..28b8cd1 100644 --- a/hw/misc/trace-events +++ b/hw/misc/trace-events @@ -53,3 +53,11 @@ milkymist_pfpu_pulse_irq(void) "Pulse IRQ" # hw/misc/aspeed_scu.c aspeed_scu_write(uint64_t offset, unsigned size, uint32_t data) "To 0x%" PRIx64 " of size %u: 0x%" PRIx32 + +# hw/misc/mps2_scc.c +mps2_scc_read(uint64_t offset, uint64_t data, unsigned size) "MPS2 SCC read: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u" +mps2_scc_write(uint64_t offset, uint64_t data, unsigned size) "MPS2 SCC write: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u" +mps2_scc_reset(void) "MPS2 SCC: reset" +mps2_scc_leds(char led7, char led6, char led5, char led4, char led3, char led2, char led1, char led0) "MPS2 SCC LEDs: %c%c%c%c%c%c%c%c" +mps2_scc_cfg_write(unsigned function, unsigned device, uint32_t value) "MPS2 SCC config write: function %d device %d data 0x%" PRIx32 +mps2_scc_cfg_read(unsigned function, unsigned device, uint32_t value) "MPS2 SCC config read: function %d device %d data 0x%" PRIx32 diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs index dd6f27e..15cce1c 100644 --- a/hw/timer/Makefile.objs +++ b/hw/timer/Makefile.objs @@ -41,3 +41,4 @@ common-obj-$(CONFIG_STM32F2XX_TIMER) += stm32f2xx_timer.o common-obj-$(CONFIG_ASPEED_SOC) += aspeed_timer.o common-obj-$(CONFIG_SUN4V_RTC) += sun4v-rtc.o +common-obj-$(CONFIG_CMSDK_APB_TIMER) += cmsdk-apb-timer.o diff --git a/hw/timer/cmsdk-apb-timer.c b/hw/timer/cmsdk-apb-timer.c new file mode 100644 index 0000000..9878746 --- /dev/null +++ b/hw/timer/cmsdk-apb-timer.c @@ -0,0 +1,253 @@ +/* + * ARM CMSDK APB timer emulation + * + * Copyright (c) 2017 Linaro Limited + * Written by Peter Maydell + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 or + * (at your option) any later version. + */ + +/* This is a model of the "APB timer" which is part of the Cortex-M + * System Design Kit (CMSDK) and documented in the Cortex-M System + * Design Kit Technical Reference Manual (ARM DDI0479C): + * https://developer.arm.com/products/system-design/system-design-kits/cortex-m-system-design-kit + * + * The hardware has an EXTIN input wire, which can be configured + * by the guest to act either as a 'timer enable' (timer does not run + * when EXTIN is low), or as a 'timer clock' (timer runs at frequency + * of EXTIN clock, not PCLK frequency). We don't model this. + * + * The documentation is not very clear about the exact behaviour; + * we choose to implement that the interrupt is triggered when + * the counter goes from 1 to 0, that the counter then holds at 0 + * for one clock cycle before reloading from the RELOAD register, + * and that if the RELOAD register is 0 this does not cause an + * interrupt (as there is no further 1->0 transition). + */ + +#include "qemu/osdep.h" +#include "qemu/log.h" +#include "qemu/main-loop.h" +#include "qapi/error.h" +#include "trace.h" +#include "hw/sysbus.h" +#include "hw/registerfields.h" +#include "hw/timer/cmsdk-apb-timer.h" + +REG32(CTRL, 0) + FIELD(CTRL, EN, 0, 1) + FIELD(CTRL, SELEXTEN, 1, 1) + FIELD(CTRL, SELEXTCLK, 2, 1) + FIELD(CTRL, IRQEN, 3, 1) +REG32(VALUE, 4) +REG32(RELOAD, 8) +REG32(INTSTATUS, 0xc) + FIELD(INTSTATUS, IRQ, 0, 1) +REG32(PID4, 0xFD0) +REG32(PID5, 0xFD4) +REG32(PID6, 0xFD8) +REG32(PID7, 0xFDC) +REG32(PID0, 0xFE0) +REG32(PID1, 0xFE4) +REG32(PID2, 0xFE8) +REG32(PID3, 0xFEC) +REG32(CID0, 0xFF0) +REG32(CID1, 0xFF4) +REG32(CID2, 0xFF8) +REG32(CID3, 0xFFC) + +/* PID/CID values */ +static const int timer_id[] = { + 0x04, 0x00, 0x00, 0x00, /* PID4..PID7 */ + 0x22, 0xb8, 0x1b, 0x00, /* PID0..PID3 */ + 0x0d, 0xf0, 0x05, 0xb1, /* CID0..CID3 */ +}; + +static void cmsdk_apb_timer_update(CMSDKAPBTIMER *s) +{ + qemu_set_irq(s->timerint, !!(s->intstatus & R_INTSTATUS_IRQ_MASK)); +} + +static uint64_t cmsdk_apb_timer_read(void *opaque, hwaddr offset, unsigned size) +{ + CMSDKAPBTIMER *s = CMSDK_APB_TIMER(opaque); + uint64_t r; + + switch (offset) { + case A_CTRL: + r = s->ctrl; + break; + case A_VALUE: + r = ptimer_get_count(s->timer); + break; + case A_RELOAD: + r = ptimer_get_limit(s->timer); + break; + case A_INTSTATUS: + r = s->intstatus; + break; + case A_PID4 ... A_CID3: + r = timer_id[(offset - A_PID4) / 4]; + break; + default: + qemu_log_mask(LOG_GUEST_ERROR, + "CMSDK APB timer read: bad offset %x\n", (int) offset); + r = 0; + break; + } + trace_cmsdk_apb_timer_read(offset, r, size); + return r; +} + +static void cmsdk_apb_timer_write(void *opaque, hwaddr offset, uint64_t value, + unsigned size) +{ + CMSDKAPBTIMER *s = CMSDK_APB_TIMER(opaque); + + trace_cmsdk_apb_timer_write(offset, value, size); + + switch (offset) { + case A_CTRL: + if (value & 6) { + /* Bits [1] and [2] enable using EXTIN as either clock or + * an enable line. We don't model this. + */ + qemu_log_mask(LOG_UNIMP, + "CMSDK APB timer: EXTIN input not supported\n"); + } + s->ctrl = value & 0xf; + if (s->ctrl & R_CTRL_EN_MASK) { + ptimer_run(s->timer, 0); + } else { + ptimer_stop(s->timer); + } + break; + case A_RELOAD: + /* Writing to reload also sets the current timer value */ + ptimer_set_limit(s->timer, value, 1); + break; + case A_VALUE: + ptimer_set_count(s->timer, value); + break; + case A_INTSTATUS: + /* Just one bit, which is W1C. */ + value &= 1; + s->intstatus &= ~value; + cmsdk_apb_timer_update(s); + break; + case A_PID4 ... A_CID3: + qemu_log_mask(LOG_GUEST_ERROR, + "CMSDK APB timer write: write to RO offset 0x%x\n", + (int)offset); + break; + default: + qemu_log_mask(LOG_GUEST_ERROR, + "CMSDK APB timer write: bad offset 0x%x\n", (int) offset); + break; + } +} + +static const MemoryRegionOps cmsdk_apb_timer_ops = { + .read = cmsdk_apb_timer_read, + .write = cmsdk_apb_timer_write, + .endianness = DEVICE_LITTLE_ENDIAN, +}; + +static void cmsdk_apb_timer_tick(void *opaque) +{ + CMSDKAPBTIMER *s = CMSDK_APB_TIMER(opaque); + + if (s->ctrl & R_CTRL_IRQEN_MASK) { + s->intstatus |= R_INTSTATUS_IRQ_MASK; + cmsdk_apb_timer_update(s); + } +} + +static void cmsdk_apb_timer_reset(DeviceState *dev) +{ + CMSDKAPBTIMER *s = CMSDK_APB_TIMER(dev); + + trace_cmsdk_apb_timer_reset(); + s->ctrl = 0; + s->intstatus = 0; + ptimer_stop(s->timer); + /* Set the limit and the count */ + ptimer_set_limit(s->timer, 0, 1); +} + +static void cmsdk_apb_timer_init(Object *obj) +{ + SysBusDevice *sbd = SYS_BUS_DEVICE(obj); + CMSDKAPBTIMER *s = CMSDK_APB_TIMER(obj); + + memory_region_init_io(&s->iomem, obj, &cmsdk_apb_timer_ops, + s, "cmsdk-apb-timer", 0x1000); + sysbus_init_mmio(sbd, &s->iomem); + sysbus_init_irq(sbd, &s->timerint); +} + +static void cmsdk_apb_timer_realize(DeviceState *dev, Error **errp) +{ + CMSDKAPBTIMER *s = CMSDK_APB_TIMER(dev); + QEMUBH *bh; + + if (s->pclk_frq == 0) { + error_setg(errp, "CMSDK APB timer: pclk-frq property must be set"); + return; + } + + bh = qemu_bh_new(cmsdk_apb_timer_tick, s); + s->timer = ptimer_init(bh, + PTIMER_POLICY_WRAP_AFTER_ONE_PERIOD | + PTIMER_POLICY_NO_IMMEDIATE_TRIGGER | + PTIMER_POLICY_NO_IMMEDIATE_RELOAD | + PTIMER_POLICY_NO_COUNTER_ROUND_DOWN); + + ptimer_set_freq(s->timer, s->pclk_frq); +} + +static const VMStateDescription cmsdk_apb_timer_vmstate = { + .name = "cmsdk-apb-timer", + .version_id = 1, + .minimum_version_id = 1, + .fields = (VMStateField[]) { + VMSTATE_PTIMER(timer, CMSDKAPBTIMER), + VMSTATE_UINT32(ctrl, CMSDKAPBTIMER), + VMSTATE_UINT32(value, CMSDKAPBTIMER), + VMSTATE_UINT32(reload, CMSDKAPBTIMER), + VMSTATE_UINT32(intstatus, CMSDKAPBTIMER), + VMSTATE_END_OF_LIST() + } +}; + +static Property cmsdk_apb_timer_properties[] = { + DEFINE_PROP_UINT32("pclk-frq", CMSDKAPBTIMER, pclk_frq, 0), + DEFINE_PROP_END_OF_LIST(), +}; + +static void cmsdk_apb_timer_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + + dc->realize = cmsdk_apb_timer_realize; + dc->vmsd = &cmsdk_apb_timer_vmstate; + dc->reset = cmsdk_apb_timer_reset; + dc->props = cmsdk_apb_timer_properties; +} + +static const TypeInfo cmsdk_apb_timer_info = { + .name = TYPE_CMSDK_APB_TIMER, + .parent = TYPE_SYS_BUS_DEVICE, + .instance_size = sizeof(CMSDKAPBTIMER), + .instance_init = cmsdk_apb_timer_init, + .class_init = cmsdk_apb_timer_class_init, +}; + +static void cmsdk_apb_timer_register_types(void) +{ + type_register_static(&cmsdk_apb_timer_info); +} + +type_init(cmsdk_apb_timer_register_types); diff --git a/hw/timer/trace-events b/hw/timer/trace-events index d17cfe6..fd8196b 100644 --- a/hw/timer/trace-events +++ b/hw/timer/trace-events @@ -55,3 +55,8 @@ systick_reload(void) "systick reload" systick_timer_tick(void) "systick reload" systick_read(uint64_t addr, uint32_t value, unsigned size) "systick read addr 0x%" PRIx64 " data 0x%" PRIx32 " size %u" systick_write(uint64_t addr, uint32_t value, unsigned size) "systick write addr 0x%" PRIx64 " data 0x%" PRIx32 " size %u" + +# hw/char/cmsdk_apb_timer.c +cmsdk_apb_timer_read(uint64_t offset, uint64_t data, unsigned size) "CMSDK APB timer read: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u" +cmsdk_apb_timer_write(uint64_t offset, uint64_t data, unsigned size) "CMSDK APB timer write: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u" +cmsdk_apb_timer_reset(void) "CMSDK APB timer: reset" diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h index c09b365..87b1b74 100644 --- a/include/exec/exec-all.h +++ b/include/exec/exec-all.h @@ -35,11 +35,34 @@ typedef abi_ulong tb_page_addr_t; typedef ram_addr_t tb_page_addr_t; #endif -/* is_jmp field values */ +/* DisasContext is_jmp field values + * + * is_jmp starts as DISAS_NEXT. The translator will keep processing + * instructions until an exit condition is reached. If we reach the + * exit condition and is_jmp is still DISAS_NEXT (because of some + * other condition) we simply "jump" to the next address. + * The remaining exit cases are: + * + * DISAS_JUMP - Only the PC was modified dynamically (e.g computed) + * DISAS_TB_JUMP - Only the PC was modified statically (e.g. branch) + * + * In these cases as long as the PC is updated we can chain to the + * next TB either by exiting the loop or looking up the next TB via + * the loookup helper. + * + * DISAS_UPDATE - CPU State was modified dynamically + * + * This covers any other CPU state which necessities us exiting the + * TCG code to the main run-loop. Typically this includes anything + * that might change the interrupt state. + * + * Individual translators may define additional exit cases to deal + * with per-target special conditions. + */ #define DISAS_NEXT 0 /* next instruction can be analyzed */ #define DISAS_JUMP 1 /* only pc was modified dynamically */ -#define DISAS_UPDATE 2 /* cpu state was modified dynamically */ -#define DISAS_TB_JUMP 3 /* only pc was modified statically */ +#define DISAS_TB_JUMP 2 /* only pc was modified statically */ +#define DISAS_UPDATE 3 /* cpu state was modified dynamically */ #include "qemu/log.h" diff --git a/include/hw/char/cmsdk-apb-uart.h b/include/hw/char/cmsdk-apb-uart.h new file mode 100644 index 0000000..c41fba9 --- /dev/null +++ b/include/hw/char/cmsdk-apb-uart.h @@ -0,0 +1,78 @@ +/* + * ARM CMSDK APB UART emulation + * + * Copyright (c) 2017 Linaro Limited + * Written by Peter Maydell + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 or + * (at your option) any later version. + */ + +#ifndef CMSDK_APB_UART_H +#define CMSDK_APB_UART_H + +#include "hw/sysbus.h" +#include "chardev/char-fe.h" + +#define TYPE_CMSDK_APB_UART "cmsdk-apb-uart" +#define CMSDK_APB_UART(obj) OBJECT_CHECK(CMSDKAPBUART, (obj), \ + TYPE_CMSDK_APB_UART) + +typedef struct { + /*< private >*/ + SysBusDevice parent_obj; + + /*< public >*/ + MemoryRegion iomem; + CharBackend chr; + qemu_irq txint; + qemu_irq rxint; + qemu_irq txovrint; + qemu_irq rxovrint; + qemu_irq uartint; + guint watch_tag; + uint32_t pclk_frq; + + uint32_t state; + uint32_t ctrl; + uint32_t intstatus; + uint32_t bauddiv; + /* This UART has no FIFO, only a 1-character buffer for each of Tx and Rx */ + uint8_t txbuf; + uint8_t rxbuf; +} CMSDKAPBUART; + +/** + * cmsdk_apb_uart_create - convenience function to create TYPE_CMSDK_APB_UART + * @addr: location in system memory to map registers + * @chr: Chardev backend to connect UART to, or NULL if no backend + * @pclk_frq: frequency in Hz of the PCLK clock (used for calculating baud rate) + */ +static inline DeviceState *cmsdk_apb_uart_create(hwaddr addr, + qemu_irq txint, + qemu_irq rxint, + qemu_irq txovrint, + qemu_irq rxovrint, + qemu_irq uartint, + Chardev *chr, + uint32_t pclk_frq) +{ + DeviceState *dev; + SysBusDevice *s; + + dev = qdev_create(NULL, TYPE_CMSDK_APB_UART); + s = SYS_BUS_DEVICE(dev); + qdev_prop_set_chr(dev, "chardev", chr); + qdev_prop_set_uint32(dev, "pclk-frq", pclk_frq); + qdev_init_nofail(dev); + sysbus_mmio_map(s, 0, addr); + sysbus_connect_irq(s, 0, txint); + sysbus_connect_irq(s, 1, rxint); + sysbus_connect_irq(s, 2, txovrint); + sysbus_connect_irq(s, 3, rxovrint); + sysbus_connect_irq(s, 4, uartint); + return dev; +} + +#endif diff --git a/include/hw/misc/mps2-scc.h b/include/hw/misc/mps2-scc.h new file mode 100644 index 0000000..7045473 --- /dev/null +++ b/include/hw/misc/mps2-scc.h @@ -0,0 +1,43 @@ +/* + * ARM MPS2 SCC emulation + * + * Copyright (c) 2017 Linaro Limited + * Written by Peter Maydell + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 or + * (at your option) any later version. + */ + +#ifndef MPS2_SCC_H +#define MPS2_SCC_H + +#include "hw/sysbus.h" + +#define TYPE_MPS2_SCC "mps2-scc" +#define MPS2_SCC(obj) OBJECT_CHECK(MPS2SCC, (obj), TYPE_MPS2_SCC) + +#define NUM_OSCCLK 3 + +typedef struct { + /*< private >*/ + SysBusDevice parent_obj; + + /*< public >*/ + MemoryRegion iomem; + + uint32_t cfg0; + uint32_t cfg1; + uint32_t cfg4; + uint32_t cfgdata_rtn; + uint32_t cfgdata_out; + uint32_t cfgctrl; + uint32_t cfgstat; + uint32_t dll; + uint32_t aid; + uint32_t id; + uint32_t oscclk[NUM_OSCCLK]; + uint32_t oscclk_reset[NUM_OSCCLK]; +} MPS2SCC; + +#endif diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h index 5348815..ae31728 100644 --- a/include/hw/qdev-core.h +++ b/include/hw/qdev-core.h @@ -221,11 +221,21 @@ struct BusState { QLIST_ENTRY(BusState) sibling; }; +/** + * Property: + * @set_default: true if the default value should be set from @defval, + * in which case @info->set_default_value must not be NULL + * (if false then no default value is set by the property system + * and the field retains whatever value it was given by instance_init). + * @defval: default value for the property. This is used only if @set_default + * is true. + */ struct Property { const char *name; const PropertyInfo *info; ptrdiff_t offset; uint8_t bitnr; + bool set_default; union { int64_t i; uint64_t u; diff --git a/include/hw/qdev-properties.h b/include/hw/qdev-properties.h index f6692d5..3929796 100644 --- a/include/hw/qdev-properties.h +++ b/include/hw/qdev-properties.h @@ -44,15 +44,24 @@ extern const PropertyInfo qdev_prop_link; .info = &(_prop), \ .offset = offsetof(_state, _field) \ + type_check(_type,typeof_field(_state, _field)), \ + .set_default = true, \ .defval.i = (_type)_defval, \ } +#define DEFINE_PROP_SIGNED_NODEFAULT(_name, _state, _field, _prop, _type) { \ + .name = (_name), \ + .info = &(_prop), \ + .offset = offsetof(_state, _field) \ + + type_check(_type, typeof_field(_state, _field)), \ + } + #define DEFINE_PROP_BIT(_name, _state, _field, _bit, _defval) { \ .name = (_name), \ .info = &(qdev_prop_bit), \ .bitnr = (_bit), \ .offset = offsetof(_state, _field) \ + type_check(uint32_t,typeof_field(_state, _field)), \ + .set_default = true, \ .defval.u = (bool)_defval, \ } @@ -61,15 +70,24 @@ extern const PropertyInfo qdev_prop_link; .info = &(_prop), \ .offset = offsetof(_state, _field) \ + type_check(_type, typeof_field(_state, _field)), \ + .set_default = true, \ .defval.u = (_type)_defval, \ } +#define DEFINE_PROP_UNSIGNED_NODEFAULT(_name, _state, _field, _prop, _type) { \ + .name = (_name), \ + .info = &(_prop), \ + .offset = offsetof(_state, _field) \ + + type_check(_type, typeof_field(_state, _field)), \ + } + #define DEFINE_PROP_BIT64(_name, _state, _field, _bit, _defval) { \ .name = (_name), \ .info = &(qdev_prop_bit64), \ .bitnr = (_bit), \ .offset = offsetof(_state, _field) \ + type_check(uint64_t, typeof_field(_state, _field)), \ + .set_default = true, \ .defval.u = (bool)_defval, \ } @@ -78,6 +96,7 @@ extern const PropertyInfo qdev_prop_link; .info = &(qdev_prop_bool), \ .offset = offsetof(_state, _field) \ + type_check(bool, typeof_field(_state, _field)), \ + .set_default = true, \ .defval.u = (bool)_defval, \ } @@ -111,6 +130,8 @@ extern const PropertyInfo qdev_prop_link; _arrayfield, _arrayprop, _arraytype) { \ .name = (PROP_ARRAY_LEN_PREFIX _name), \ .info = &(qdev_prop_arraylen), \ + .set_default = true, \ + .defval.u = 0, \ .offset = offsetof(_state, _field) \ + type_check(uint32_t, typeof_field(_state, _field)), \ .arrayinfo = &(_arrayprop), \ diff --git a/include/hw/timer/cmsdk-apb-timer.h b/include/hw/timer/cmsdk-apb-timer.h new file mode 100644 index 0000000..f21686d --- /dev/null +++ b/include/hw/timer/cmsdk-apb-timer.h @@ -0,0 +1,59 @@ +/* + * ARM CMSDK APB timer emulation + * + * Copyright (c) 2017 Linaro Limited + * Written by Peter Maydell + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 or + * (at your option) any later version. + */ + +#ifndef CMSDK_APB_TIMER_H +#define CMSDK_APB_TIMER_H + +#include "hw/sysbus.h" +#include "hw/ptimer.h" + +#define TYPE_CMSDK_APB_TIMER "cmsdk-apb-timer" +#define CMSDK_APB_TIMER(obj) OBJECT_CHECK(CMSDKAPBTIMER, (obj), \ + TYPE_CMSDK_APB_TIMER) + +typedef struct { + /*< private >*/ + SysBusDevice parent_obj; + + /*< public >*/ + MemoryRegion iomem; + qemu_irq timerint; + uint32_t pclk_frq; + struct ptimer_state *timer; + + uint32_t ctrl; + uint32_t value; + uint32_t reload; + uint32_t intstatus; +} CMSDKAPBTIMER; + +/** + * cmsdk_apb_timer_create - convenience function to create TYPE_CMSDK_APB_TIMER + * @addr: location in system memory to map registers + * @pclk_frq: frequency in Hz of the PCLK clock (used for calculating baud rate) + */ +static inline DeviceState *cmsdk_apb_timer_create(hwaddr addr, + qemu_irq timerint, + uint32_t pclk_frq) +{ + DeviceState *dev; + SysBusDevice *s; + + dev = qdev_create(NULL, TYPE_CMSDK_APB_TIMER); + s = SYS_BUS_DEVICE(dev); + qdev_prop_set_uint32(dev, "pclk-frq", pclk_frq); + qdev_init_nofail(dev); + sysbus_mmio_map(s, 0, addr); + sysbus_connect_irq(s, 0, timerint); + return dev; +} + +#endif diff --git a/target/arm/cpu.c b/target/arm/cpu.c index 28a9141..96d1f84 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -543,8 +543,15 @@ static Property arm_cpu_has_pmu_property = static Property arm_cpu_has_mpu_property = DEFINE_PROP_BOOL("has-mpu", ARMCPU, has_mpu, true); +/* This is like DEFINE_PROP_UINT32 but it doesn't set the default value, + * because the CPU initfn will have already set cpu->pmsav7_dregion to + * the right value for that particular CPU type, and we don't want + * to override that with an incorrect constant value. + */ static Property arm_cpu_pmsav7_dregion_property = - DEFINE_PROP_UINT32("pmsav7-dregion", ARMCPU, pmsav7_dregion, 16); + DEFINE_PROP_UNSIGNED_NODEFAULT("pmsav7-dregion", ARMCPU, + pmsav7_dregion, + qdev_prop_uint32, uint32_t); static void arm_cpu_post_init(Object *obj) { @@ -1054,6 +1061,7 @@ static void cortex_m3_initfn(Object *obj) set_feature(&cpu->env, ARM_FEATURE_V7); set_feature(&cpu->env, ARM_FEATURE_M); cpu->midr = 0x410fc231; + cpu->pmsav7_dregion = 8; } static void cortex_m4_initfn(Object *obj) @@ -1064,6 +1072,7 @@ static void cortex_m4_initfn(Object *obj) set_feature(&cpu->env, ARM_FEATURE_M); set_feature(&cpu->env, ARM_FEATURE_THUMB_DSP); cpu->midr = 0x410fc240; /* r0p0 */ + cpu->pmsav7_dregion = 8; } static void arm_v7m_class_init(ObjectClass *oc, void *data) { @@ -1112,6 +1121,7 @@ static void cortex_r5_initfn(Object *obj) cpu->id_isar4 = 0x0010142; cpu->id_isar5 = 0x0; cpu->mp_is_up = true; + cpu->pmsav7_dregion = 16; define_arm_cp_regs(cpu, cortexr5_cp_reginfo); } diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index e55547d..3fa3902 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -1393,7 +1393,7 @@ static void handle_sync(DisasContext *s, uint32_t insn, * a self-modified code correctly and also to take * any pending interrupts immediately. */ - s->is_jmp = DISAS_UPDATE; + gen_goto_tb(s, 0, s->pc); return; default: unallocated_encoding(s); @@ -1788,7 +1788,8 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn) return; } gen_helper_exception_return(cpu_env); - s->is_jmp = DISAS_JUMP; + /* Must exit loop to check un-masked IRQs */ + s->is_jmp = DISAS_EXIT; return; case 5: /* DRPS */ if (rn != 0x1f) { @@ -11364,16 +11365,9 @@ void gen_intermediate_code_a64(ARMCPU *cpu, TranslationBlock *tb) case DISAS_NEXT: gen_goto_tb(dc, 1, dc->pc); break; - default: - case DISAS_UPDATE: - gen_a64_set_pc_im(dc->pc); - /* fall through */ case DISAS_JUMP: tcg_gen_lookup_and_goto_ptr(cpu_pc); break; - case DISAS_EXIT: - tcg_gen_exit_tb(0); - break; case DISAS_TB_JUMP: case DISAS_EXC: case DISAS_SWI: @@ -11397,6 +11391,13 @@ void gen_intermediate_code_a64(ARMCPU *cpu, TranslationBlock *tb) */ tcg_gen_exit_tb(0); break; + case DISAS_UPDATE: + gen_a64_set_pc_im(dc->pc); + /* fall through */ + case DISAS_EXIT: + default: + tcg_gen_exit_tb(0); + break; } } diff --git a/target/arm/translate.c b/target/arm/translate.c index 0862f9e..e27736c 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -4158,6 +4158,10 @@ static void gen_goto_ptr(void) tcg_temp_free(addr); } +/* This will end the TB but doesn't guarantee we'll return to + * cpu_loop_exec. Any live exit_requests will be processed as we + * enter the next TB. + */ static void gen_goto_tb(DisasContext *s, int n, target_ulong dest) { if (use_goto_tb(s, dest)) { @@ -4168,6 +4172,7 @@ static void gen_goto_tb(DisasContext *s, int n, target_ulong dest) gen_set_pc_im(s, dest); gen_goto_ptr(); } + s->is_jmp = DISAS_TB_JUMP; } static inline void gen_jmp (DisasContext *s, uint32_t dest) @@ -4179,7 +4184,6 @@ static inline void gen_jmp (DisasContext *s, uint32_t dest) gen_bx_im(s, dest); } else { gen_goto_tb(s, 0, dest); - s->is_jmp = DISAS_TB_JUMP; } } @@ -4475,7 +4479,8 @@ static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr) */ gen_helper_cpsr_write_eret(cpu_env, cpsr); tcg_temp_free_i32(cpsr); - s->is_jmp = DISAS_JUMP; + /* Must exit loop to check un-masked IRQs */ + s->is_jmp = DISAS_EXIT; } /* Generate an old-style exception return. Marks pc as dead. */ @@ -8165,7 +8170,7 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn) * self-modifying code correctly and also to take * any pending interrupts immediately. */ - gen_lookup_tb(s); + gen_goto_tb(s, 0, s->pc & ~1); return; default: goto illegal_op; @@ -9519,7 +9524,8 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn) tmp = load_cpu_field(spsr); gen_helper_cpsr_write_eret(cpu_env, tmp); tcg_temp_free_i32(tmp); - s->is_jmp = DISAS_JUMP; + /* Must exit loop to check un-masked IRQs */ + s->is_jmp = DISAS_EXIT; } } break; @@ -10558,7 +10564,7 @@ static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw * and also to take any pending interrupts * immediately. */ - gen_lookup_tb(s); + gen_goto_tb(s, 0, s->pc & ~1); break; default: goto illegal_op; @@ -12095,12 +12101,12 @@ void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb) case DISAS_NEXT: gen_goto_tb(dc, 1, dc->pc); break; - case DISAS_UPDATE: - gen_set_pc_im(dc, dc->pc); - /* fall through */ case DISAS_JUMP: gen_goto_ptr(); break; + case DISAS_UPDATE: + gen_set_pc_im(dc, dc->pc); + /* fall through */ default: /* indicate that the hash table must be used to find the next TB */ tcg_gen_exit_tb(0); diff --git a/target/arm/translate.h b/target/arm/translate.h index 15d383d..12fd79b 100644 --- a/target/arm/translate.h +++ b/target/arm/translate.h @@ -140,7 +140,10 @@ static void disas_set_insn_syndrome(DisasContext *s, uint32_t syn) */ #define DISAS_BX_EXCRET 11 /* For instructions which want an immediate exit to the main loop, - * as opposed to attempting to use lookup_and_goto_ptr. + * as opposed to attempting to use lookup_and_goto_ptr. Unlike + * DISAS_UPDATE this doesn't write the PC on exiting the translation + * loop so you need to ensure something (gen_a64_set_pc_im or runtime + * helper) has done so before we reach return from cpu_tb_exec. */ #define DISAS_EXIT 12 |