From 226fb5aaff8157472f97c63193660732a215d87f Mon Sep 17 00:00:00 2001 From: Dmitry Osipenko Date: Mon, 24 Oct 2016 16:26:53 +0100 Subject: arm_mptimer: Convert to use ptimer Current ARM MPTimer implementation uses QEMUTimer for the actual timer, this implementation isn't complete and mostly tries to duplicate of what generic ptimer is already doing fine. Conversion to ptimer brings the following benefits and fixes: - Simple timer pausing implementation - Fixes counter value preservation after stopping the timer - Properly handles prescaler != 0 / counter = 0 / load = 0 cases - Code simplification and reduction Bump VMSD to version 3, since VMState is changed and is not compatible with the previous implementation. Signed-off-by: Dmitry Osipenko Reviewed-by: Peter Crosthwaite Message-id: 37f378c33bb5a28d5cd71167a6bd5bff5e59cbc3.1475421224.git.digetx@gmail.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/timer/arm_mptimer.c | 149 +++++++++++++++++++++++++++---------------------- 1 file changed, 82 insertions(+), 67 deletions(-) (limited to 'hw/timer') diff --git a/hw/timer/arm_mptimer.c b/hw/timer/arm_mptimer.c index d66bbf0..daf6c48 100644 --- a/hw/timer/arm_mptimer.c +++ b/hw/timer/arm_mptimer.c @@ -20,22 +20,33 @@ */ #include "qemu/osdep.h" +#include "hw/ptimer.h" #include "hw/timer/arm_mptimer.h" #include "qapi/error.h" -#include "qemu/timer.h" +#include "qemu/main-loop.h" #include "qom/cpu.h" +#define PTIMER_POLICY \ + (PTIMER_POLICY_WRAP_AFTER_ONE_PERIOD | \ + PTIMER_POLICY_CONTINUOUS_TRIGGER | \ + PTIMER_POLICY_NO_IMMEDIATE_TRIGGER | \ + PTIMER_POLICY_NO_IMMEDIATE_RELOAD | \ + PTIMER_POLICY_NO_COUNTER_ROUND_DOWN) + /* This device implements the per-cpu private timer and watchdog block * which is used in both the ARM11MPCore and Cortex-A9MP. */ static inline int get_current_cpu(ARMMPTimerState *s) { - if (current_cpu->cpu_index >= s->num_cpu) { + int cpu_id = current_cpu ? current_cpu->cpu_index : 0; + + if (cpu_id >= s->num_cpu) { hw_error("arm_mptimer: num-cpu %d but this cpu is %d!\n", - s->num_cpu, current_cpu->cpu_index); + s->num_cpu, cpu_id); } - return current_cpu->cpu_index; + + return cpu_id; } static inline void timerblock_update_irq(TimerBlock *tb) @@ -44,33 +55,42 @@ static inline void timerblock_update_irq(TimerBlock *tb) } /* Return conversion factor from mpcore timer ticks to qemu timer ticks. */ -static inline uint32_t timerblock_scale(TimerBlock *tb) +static inline uint32_t timerblock_scale(uint32_t control) { - return (((tb->control >> 8) & 0xff) + 1) * 10; + return (((control >> 8) & 0xff) + 1) * 10; } -static void timerblock_reload(TimerBlock *tb, int restart) +static inline void timerblock_set_count(struct ptimer_state *timer, + uint32_t control, uint64_t *count) { - if (tb->count == 0) { - return; + /* PTimer would trigger interrupt for periodic timer when counter set + * to 0, MPtimer under certain condition only. + */ + if ((control & 3) == 3 && (control & 0xff00) == 0 && *count == 0) { + *count = ptimer_get_limit(timer); } - if (restart) { - tb->tick = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); + ptimer_set_count(timer, *count); +} + +static inline void timerblock_run(struct ptimer_state *timer, + uint32_t control, uint32_t load) +{ + if ((control & 1) && ((control & 0xff00) || load != 0)) { + ptimer_run(timer, !(control & 2)); } - tb->tick += (int64_t)tb->count * timerblock_scale(tb); - timer_mod(tb->timer, tb->tick); } static void timerblock_tick(void *opaque) { TimerBlock *tb = (TimerBlock *)opaque; - tb->status = 1; - if (tb->control & 2) { - tb->count = tb->load; - timerblock_reload(tb, 0); - } else { - tb->count = 0; + /* Periodic timer with load = 0 and prescaler != 0 would re-trigger + * IRQ after one period, otherwise it either stops or wraps around. + */ + if ((tb->control & 2) && (tb->control & 0xff00) == 0 && + ptimer_get_limit(tb->timer) == 0) { + ptimer_stop(tb->timer); } + tb->status = 1; timerblock_update_irq(tb); } @@ -78,21 +98,11 @@ static uint64_t timerblock_read(void *opaque, hwaddr addr, unsigned size) { TimerBlock *tb = (TimerBlock *)opaque; - int64_t val; switch (addr) { case 0: /* Load */ - return tb->load; + return ptimer_get_limit(tb->timer); case 4: /* Counter. */ - if (((tb->control & 1) == 0) || (tb->count == 0)) { - return 0; - } - /* Slow and ugly, but hopefully won't happen too often. */ - val = tb->tick - qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); - val /= timerblock_scale(tb); - if (val < 0) { - val = 0; - } - return val; + return ptimer_get_count(tb->timer); case 8: /* Control. */ return tb->control; case 12: /* Interrupt status. */ @@ -106,37 +116,45 @@ static void timerblock_write(void *opaque, hwaddr addr, uint64_t value, unsigned size) { TimerBlock *tb = (TimerBlock *)opaque; - int64_t old; + uint32_t control = tb->control; switch (addr) { case 0: /* Load */ - tb->load = value; - /* Fall through. */ - case 4: /* Counter. */ - if ((tb->control & 1) && tb->count) { - /* Cancel the previous timer. */ - timer_del(tb->timer); + /* Setting load to 0 stops the timer without doing the tick if + * prescaler = 0. + */ + if ((control & 1) && (control & 0xff00) == 0 && value == 0) { + ptimer_stop(tb->timer); } - tb->count = value; - if (tb->control & 1) { - timerblock_reload(tb, 1); + ptimer_set_limit(tb->timer, value, 1); + timerblock_run(tb->timer, control, value); + break; + case 4: /* Counter. */ + /* Setting counter to 0 stops the one-shot timer, or periodic with + * load = 0, without doing the tick if prescaler = 0. + */ + if ((control & 1) && (control & 0xff00) == 0 && value == 0 && + (!(control & 2) || ptimer_get_limit(tb->timer) == 0)) { + ptimer_stop(tb->timer); } + timerblock_set_count(tb->timer, control, &value); + timerblock_run(tb->timer, control, value); break; case 8: /* Control. */ - old = tb->control; - tb->control = value; + if ((control & 3) != (value & 3)) { + ptimer_stop(tb->timer); + } + if ((control & 0xff00) != (value & 0xff00)) { + ptimer_set_period(tb->timer, timerblock_scale(value)); + } if (value & 1) { - if ((old & 1) && (tb->count != 0)) { - /* Do nothing if timer is ticking right now. */ - break; + uint64_t count = ptimer_get_count(tb->timer); + /* Re-load periodic timer counter if needed. */ + if ((value & 2) && count == 0) { + timerblock_set_count(tb->timer, value, &count); } - if (tb->control & 2) { - tb->count = tb->load; - } - timerblock_reload(tb, 1); - } else if (old & 1) { - /* Shutdown the timer. */ - timer_del(tb->timer); + timerblock_run(tb->timer, value, count); } + tb->control = value; break; case 12: /* Interrupt status. */ tb->status &= ~value; @@ -186,13 +204,12 @@ static const MemoryRegionOps timerblock_ops = { static void timerblock_reset(TimerBlock *tb) { - tb->count = 0; - tb->load = 0; tb->control = 0; tb->status = 0; - tb->tick = 0; if (tb->timer) { - timer_del(tb->timer); + ptimer_stop(tb->timer); + ptimer_set_limit(tb->timer, 0, 1); + ptimer_set_period(tb->timer, timerblock_scale(0)); } } @@ -238,7 +255,8 @@ static void arm_mptimer_realize(DeviceState *dev, Error **errp) */ for (i = 0; i < s->num_cpu; i++) { TimerBlock *tb = &s->timerblock[i]; - tb->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, timerblock_tick, tb); + QEMUBH *bh = qemu_bh_new(timerblock_tick, tb); + tb->timer = ptimer_init(bh, PTIMER_POLICY); sysbus_init_irq(sbd, &tb->irq); memory_region_init_io(&tb->iomem, OBJECT(s), &timerblock_ops, tb, "arm_mptimer_timerblock", 0x20); @@ -248,26 +266,23 @@ static void arm_mptimer_realize(DeviceState *dev, Error **errp) static const VMStateDescription vmstate_timerblock = { .name = "arm_mptimer_timerblock", - .version_id = 2, - .minimum_version_id = 2, + .version_id = 3, + .minimum_version_id = 3, .fields = (VMStateField[]) { - VMSTATE_UINT32(count, TimerBlock), - VMSTATE_UINT32(load, TimerBlock), VMSTATE_UINT32(control, TimerBlock), VMSTATE_UINT32(status, TimerBlock), - VMSTATE_INT64(tick, TimerBlock), - VMSTATE_TIMER_PTR(timer, TimerBlock), + VMSTATE_PTIMER(timer, TimerBlock), VMSTATE_END_OF_LIST() } }; static const VMStateDescription vmstate_arm_mptimer = { .name = "arm_mptimer", - .version_id = 2, - .minimum_version_id = 2, + .version_id = 3, + .minimum_version_id = 3, .fields = (VMStateField[]) { VMSTATE_STRUCT_VARRAY_UINT32(timerblock, ARMMPTimerState, num_cpu, - 2, vmstate_timerblock, TimerBlock), + 3, vmstate_timerblock, TimerBlock), VMSTATE_END_OF_LIST() } }; -- cgit v1.1 From 6be8f5e2626e102433e569d9cece2120baf0c879 Mon Sep 17 00:00:00 2001 From: Prasad J Pandit Date: Mon, 24 Oct 2016 16:26:54 +0100 Subject: timer: a9gtimer: remove loop to auto-increment comparator ARM A9MP processor has a peripheral timer with an auto-increment register, which holds an increment step value. A user could set this value to zero. When auto-increment control bit is enabled, it leads to an infinite loop in 'a9_gtimer_update' while updating comparator value. Remove this loop incrementing the comparator value. Reported-by: Li Qiang Signed-off-by: Prasad J Pandit Message-id: 1476733226-11635-1-git-send-email-ppandit@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/timer/a9gtimer.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'hw/timer') diff --git a/hw/timer/a9gtimer.c b/hw/timer/a9gtimer.c index 772f85f..ce1dc63 100644 --- a/hw/timer/a9gtimer.c +++ b/hw/timer/a9gtimer.c @@ -82,15 +82,15 @@ static void a9_gtimer_update(A9GTimerState *s, bool sync) if ((s->control & R_CONTROL_TIMER_ENABLE) && (gtb->control & R_CONTROL_COMP_ENABLE)) { /* R2p0+, where the compare function is >= */ - while (gtb->compare < update.new) { + if (gtb->compare < update.new) { DB_PRINT("Compare event happened for CPU %d\n", i); gtb->status = 1; - if (gtb->control & R_CONTROL_AUTO_INCREMENT) { - DB_PRINT("Auto incrementing timer compare by %" PRId32 "\n", - gtb->inc); - gtb->compare += gtb->inc; - } else { - break; + if (gtb->control & R_CONTROL_AUTO_INCREMENT && gtb->inc) { + uint64_t inc = + QEMU_ALIGN_UP(update.new - gtb->compare, gtb->inc); + DB_PRINT("Auto incrementing timer compare by %" + PRId64 "\n", inc); + gtb->compare += inc; } } cdiff = (int64_t)gtb->compare - (int64_t)update.new + 1; -- cgit v1.1 From 84da15169b45f7080e4b1b32f70e68e726e02740 Mon Sep 17 00:00:00 2001 From: Prasad J Pandit Date: Mon, 24 Oct 2016 16:26:55 +0100 Subject: timer: stm32f2xx_timer: add check for prescaler value The STM32F2XX Timer emulator uses a 16 bit prescaler value to limit the timer clock rate. It does that by dividing the timer frequency. If the prescaler 's->tim_psc' was set to be UINT_MAX, it'd lead to divide by zero error. Limit prescaler value to 16 bits to avoid it. Reported-by: Huawei PSIRT Signed-off-by: Prasad J Pandit Message-id: 1476800269-31902-1-git-send-email-ppandit@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/timer/stm32f2xx_timer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'hw/timer') diff --git a/hw/timer/stm32f2xx_timer.c b/hw/timer/stm32f2xx_timer.c index 8c4c1f9..e5f5e14 100644 --- a/hw/timer/stm32f2xx_timer.c +++ b/hw/timer/stm32f2xx_timer.c @@ -217,7 +217,7 @@ static void stm32f2xx_timer_write(void *opaque, hwaddr offset, return; case TIM_PSC: timer_val = stm32f2xx_ns_to_ticks(s, now) - s->tick_offset; - s->tim_psc = value; + s->tim_psc = value & 0xFFFF; value = timer_val; break; case TIM_CNT: -- cgit v1.1