diff options
| -rw-r--r-- | default-configs/arm-softmmu.mak | 1 | ||||
| -rw-r--r-- | hw/arm/Makefile.objs | 1 | ||||
| -rw-r--r-- | hw/arm/msf2-soc.c | 238 | ||||
| -rw-r--r-- | hw/arm/msf2-som.c | 105 | ||||
| -rw-r--r-- | hw/arm/omap2.c | 49 | ||||
| -rw-r--r-- | hw/arm/palm.c | 30 | ||||
| -rw-r--r-- | hw/gpio/omap_gpio.c | 26 | ||||
| -rw-r--r-- | hw/i2c/omap_i2c.c | 44 | ||||
| -rw-r--r-- | hw/intc/armv7m_nvic.c | 913 | ||||
| -rw-r--r-- | hw/intc/trace-events | 13 | ||||
| -rw-r--r-- | hw/misc/Makefile.objs | 1 | ||||
| -rw-r--r-- | hw/misc/msf2-sysreg.c | 160 | ||||
| -rw-r--r-- | hw/misc/trace-events | 5 | ||||
| -rw-r--r-- | hw/ssi/Makefile.objs | 1 | ||||
| -rw-r--r-- | hw/ssi/mss-spi.c | 404 | ||||
| -rw-r--r-- | hw/timer/Makefile.objs | 1 | ||||
| -rw-r--r-- | hw/timer/mss-timer.c | 289 | ||||
| -rw-r--r-- | hw/timer/omap_gptimer.c | 49 | ||||
| -rw-r--r-- | hw/timer/omap_synctimer.c | 35 | ||||
| -rw-r--r-- | include/hw/arm/msf2-soc.h | 67 | ||||
| -rw-r--r-- | include/hw/intc/armv7m_nvic.h | 33 | ||||
| -rw-r--r-- | include/hw/misc/msf2-sysreg.h | 77 | ||||
| -rw-r--r-- | include/hw/ssi/mss-spi.h | 58 | ||||
| -rw-r--r-- | include/hw/timer/mss-timer.h | 64 | ||||
| -rw-r--r-- | target/arm/cpu.c | 7 | ||||
| -rw-r--r-- | target/arm/cpu.h | 62 | ||||
| -rw-r--r-- | target/arm/helper.c | 142 | ||||
| -rw-r--r-- | target/arm/translate-a64.c | 227 |
28 files changed, 2735 insertions, 367 deletions
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak index bbdd3c1d8b..5059d134c8 100644 --- a/default-configs/arm-softmmu.mak +++ b/default-configs/arm-softmmu.mak @@ -129,3 +129,4 @@ CONFIG_ACPI=y CONFIG_SMBIOS=y CONFIG_ASPEED_SOC=y CONFIG_GPIO_KEY=y +CONFIG_MSF2=y diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs index 5ee6f7da5b..2794e086d6 100644 --- a/hw/arm/Makefile.objs +++ b/hw/arm/Makefile.objs @@ -19,3 +19,4 @@ obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o obj-$(CONFIG_ASPEED_SOC) += aspeed_soc.o aspeed.o obj-$(CONFIG_MPS2) += mps2.o +obj-$(CONFIG_MSF2) += msf2-soc.o msf2-som.o diff --git a/hw/arm/msf2-soc.c b/hw/arm/msf2-soc.c new file mode 100644 index 0000000000..6f97fa9fe3 --- /dev/null +++ b/hw/arm/msf2-soc.c @@ -0,0 +1,238 @@ +/* + * SmartFusion2 SoC emulation. + * + * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qemu-common.h" +#include "hw/arm/arm.h" +#include "exec/address-spaces.h" +#include "hw/char/serial.h" +#include "hw/boards.h" +#include "sysemu/block-backend.h" +#include "qemu/cutils.h" +#include "hw/arm/msf2-soc.h" +#include "hw/misc/unimp.h" + +#define MSF2_TIMER_BASE 0x40004000 +#define MSF2_SYSREG_BASE 0x40038000 + +#define ENVM_BASE_ADDRESS 0x60000000 + +#define SRAM_BASE_ADDRESS 0x20000000 + +#define MSF2_ENVM_MAX_SIZE (512 * K_BYTE) + +/* + * eSRAM max size is 80k without SECDED(Single error correction and + * dual error detection) feature and 64k with SECDED. + * We do not support SECDED now. + */ +#define MSF2_ESRAM_MAX_SIZE (80 * K_BYTE) + +static const uint32_t spi_addr[MSF2_NUM_SPIS] = { 0x40001000 , 0x40011000 }; +static const uint32_t uart_addr[MSF2_NUM_UARTS] = { 0x40000000 , 0x40010000 }; + +static const int spi_irq[MSF2_NUM_SPIS] = { 2, 3 }; +static const int uart_irq[MSF2_NUM_UARTS] = { 10, 11 }; +static const int timer_irq[MSF2_NUM_TIMERS] = { 14, 15 }; + +static void m2sxxx_soc_initfn(Object *obj) +{ + MSF2State *s = MSF2_SOC(obj); + int i; + + object_initialize(&s->armv7m, sizeof(s->armv7m), TYPE_ARMV7M); + qdev_set_parent_bus(DEVICE(&s->armv7m), sysbus_get_default()); + + object_initialize(&s->sysreg, sizeof(s->sysreg), TYPE_MSF2_SYSREG); + qdev_set_parent_bus(DEVICE(&s->sysreg), sysbus_get_default()); + + object_initialize(&s->timer, sizeof(s->timer), TYPE_MSS_TIMER); + qdev_set_parent_bus(DEVICE(&s->timer), sysbus_get_default()); + + for (i = 0; i < MSF2_NUM_SPIS; i++) { + object_initialize(&s->spi[i], sizeof(s->spi[i]), + TYPE_MSS_SPI); + qdev_set_parent_bus(DEVICE(&s->spi[i]), sysbus_get_default()); + } +} + +static void m2sxxx_soc_realize(DeviceState *dev_soc, Error **errp) +{ + MSF2State *s = MSF2_SOC(dev_soc); + DeviceState *dev, *armv7m; + SysBusDevice *busdev; + Error *err = NULL; + int i; + + MemoryRegion *system_memory = get_system_memory(); + MemoryRegion *nvm = g_new(MemoryRegion, 1); + MemoryRegion *nvm_alias = g_new(MemoryRegion, 1); + MemoryRegion *sram = g_new(MemoryRegion, 1); + + memory_region_init_rom(nvm, NULL, "MSF2.eNVM", s->envm_size, + &error_fatal); + /* + * On power-on, the eNVM region 0x60000000 is automatically + * remapped to the Cortex-M3 processor executable region + * start address (0x0). We do not support remapping other eNVM, + * eSRAM and DDR regions by guest(via Sysreg) currently. + */ + memory_region_init_alias(nvm_alias, NULL, "MSF2.eNVM", + nvm, 0, s->envm_size); + + memory_region_add_subregion(system_memory, ENVM_BASE_ADDRESS, nvm); + memory_region_add_subregion(system_memory, 0, nvm_alias); + + memory_region_init_ram(sram, NULL, "MSF2.eSRAM", s->esram_size, + &error_fatal); + memory_region_add_subregion(system_memory, SRAM_BASE_ADDRESS, sram); + + armv7m = DEVICE(&s->armv7m); + qdev_prop_set_uint32(armv7m, "num-irq", 81); + qdev_prop_set_string(armv7m, "cpu-type", s->cpu_type); + object_property_set_link(OBJECT(&s->armv7m), OBJECT(get_system_memory()), + "memory", &error_abort); + object_property_set_bool(OBJECT(&s->armv7m), true, "realized", &err); + if (err != NULL) { + error_propagate(errp, err); + return; + } + + if (!s->m3clk) { + error_setg(errp, "Invalid m3clk value"); + error_append_hint(errp, "m3clk can not be zero\n"); + return; + } + system_clock_scale = NANOSECONDS_PER_SECOND / s->m3clk; + + for (i = 0; i < MSF2_NUM_UARTS; i++) { + if (serial_hds[i]) { + serial_mm_init(get_system_memory(), uart_addr[i], 2, + qdev_get_gpio_in(armv7m, uart_irq[i]), + 115200, serial_hds[i], DEVICE_NATIVE_ENDIAN); + } + } + + dev = DEVICE(&s->timer); + /* APB0 clock is the timer input clock */ + qdev_prop_set_uint32(dev, "clock-frequency", s->m3clk / s->apb0div); + object_property_set_bool(OBJECT(&s->timer), true, "realized", &err); + if (err != NULL) { + error_propagate(errp, err); + return; + } + busdev = SYS_BUS_DEVICE(dev); + sysbus_mmio_map(busdev, 0, MSF2_TIMER_BASE); + sysbus_connect_irq(busdev, 0, + qdev_get_gpio_in(armv7m, timer_irq[0])); + sysbus_connect_irq(busdev, 1, + qdev_get_gpio_in(armv7m, timer_irq[1])); + + dev = DEVICE(&s->sysreg); + qdev_prop_set_uint32(dev, "apb0divisor", s->apb0div); + qdev_prop_set_uint32(dev, "apb1divisor", s->apb1div); + object_property_set_bool(OBJECT(&s->sysreg), true, "realized", &err); + if (err != NULL) { + error_propagate(errp, err); + return; + } + busdev = SYS_BUS_DEVICE(dev); + sysbus_mmio_map(busdev, 0, MSF2_SYSREG_BASE); + + for (i = 0; i < MSF2_NUM_SPIS; i++) { + gchar *bus_name; + + object_property_set_bool(OBJECT(&s->spi[i]), true, "realized", &err); + if (err != NULL) { + error_propagate(errp, err); + return; + } + + sysbus_mmio_map(SYS_BUS_DEVICE(&s->spi[i]), 0, spi_addr[i]); + sysbus_connect_irq(SYS_BUS_DEVICE(&s->spi[i]), 0, + qdev_get_gpio_in(armv7m, spi_irq[i])); + + /* Alias controller SPI bus to the SoC itself */ + bus_name = g_strdup_printf("spi%d", i); + object_property_add_alias(OBJECT(s), bus_name, + OBJECT(&s->spi[i]), "spi", + &error_abort); + g_free(bus_name); + } + + /* Below devices are not modelled yet. */ + create_unimplemented_device("i2c_0", 0x40002000, 0x1000); + create_unimplemented_device("dma", 0x40003000, 0x1000); + create_unimplemented_device("watchdog", 0x40005000, 0x1000); + create_unimplemented_device("i2c_1", 0x40012000, 0x1000); + create_unimplemented_device("gpio", 0x40013000, 0x1000); + create_unimplemented_device("hs-dma", 0x40014000, 0x1000); + create_unimplemented_device("can", 0x40015000, 0x1000); + create_unimplemented_device("rtc", 0x40017000, 0x1000); + create_unimplemented_device("apb_config", 0x40020000, 0x10000); + create_unimplemented_device("emac", 0x40041000, 0x1000); + create_unimplemented_device("usb", 0x40043000, 0x1000); +} + +static Property m2sxxx_soc_properties[] = { + /* + * part name specifies the type of SmartFusion2 device variant(this + * property is for information purpose only. + */ + DEFINE_PROP_STRING("cpu-type", MSF2State, cpu_type), + DEFINE_PROP_STRING("part-name", MSF2State, part_name), + DEFINE_PROP_UINT64("eNVM-size", MSF2State, envm_size, MSF2_ENVM_MAX_SIZE), + DEFINE_PROP_UINT64("eSRAM-size", MSF2State, esram_size, + MSF2_ESRAM_MAX_SIZE), + /* Libero GUI shows 100Mhz as default for clocks */ + DEFINE_PROP_UINT32("m3clk", MSF2State, m3clk, 100 * 1000000), + /* default divisors in Libero GUI */ + DEFINE_PROP_UINT8("apb0div", MSF2State, apb0div, 2), + DEFINE_PROP_UINT8("apb1div", MSF2State, apb1div, 2), + DEFINE_PROP_END_OF_LIST(), +}; + +static void m2sxxx_soc_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + + dc->realize = m2sxxx_soc_realize; + dc->props = m2sxxx_soc_properties; +} + +static const TypeInfo m2sxxx_soc_info = { + .name = TYPE_MSF2_SOC, + .parent = TYPE_SYS_BUS_DEVICE, + .instance_size = sizeof(MSF2State), + .instance_init = m2sxxx_soc_initfn, + .class_init = m2sxxx_soc_class_init, +}; + +static void m2sxxx_soc_types(void) +{ + type_register_static(&m2sxxx_soc_info); +} + +type_init(m2sxxx_soc_types) diff --git a/hw/arm/msf2-som.c b/hw/arm/msf2-som.c new file mode 100644 index 0000000000..0795a3a3a1 --- /dev/null +++ b/hw/arm/msf2-som.c @@ -0,0 +1,105 @@ +/* + * SmartFusion2 SOM starter kit(from Emcraft) emulation. + * + * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qemu/error-report.h" +#include "hw/boards.h" +#include "hw/arm/arm.h" +#include "exec/address-spaces.h" +#include "qemu/cutils.h" +#include "hw/arm/msf2-soc.h" +#include "cpu.h" + +#define DDR_BASE_ADDRESS 0xA0000000 +#define DDR_SIZE (64 * M_BYTE) + +#define M2S010_ENVM_SIZE (256 * K_BYTE) +#define M2S010_ESRAM_SIZE (64 * K_BYTE) + +static void emcraft_sf2_s2s010_init(MachineState *machine) +{ + DeviceState *dev; + DeviceState *spi_flash; + MSF2State *soc; + MachineClass *mc = MACHINE_GET_CLASS(machine); + DriveInfo *dinfo = drive_get_next(IF_MTD); + qemu_irq cs_line; + SSIBus *spi_bus; + MemoryRegion *sysmem = get_system_memory(); + MemoryRegion *ddr = g_new(MemoryRegion, 1); + + if (strcmp(machine->cpu_type, mc->default_cpu_type) != 0) { + error_report("This board can only be used with CPU %s", + mc->default_cpu_type); + } + + memory_region_init_ram(ddr, NULL, "ddr-ram", DDR_SIZE, + &error_fatal); + memory_region_add_subregion(sysmem, DDR_BASE_ADDRESS, ddr); + + dev = qdev_create(NULL, TYPE_MSF2_SOC); + qdev_prop_set_string(dev, "part-name", "M2S010"); + qdev_prop_set_string(dev, "cpu-type", mc->default_cpu_type); + + qdev_prop_set_uint64(dev, "eNVM-size", M2S010_ENVM_SIZE); + qdev_prop_set_uint64(dev, "eSRAM-size", M2S010_ESRAM_SIZE); + + /* + * CPU clock and peripheral clocks(APB0, APB1)are configurable + * in Libero. CPU clock is divided by APB0 and APB1 divisors for + * peripherals. Emcraft's SoM kit comes with these settings by default. + */ + qdev_prop_set_uint32(dev, "m3clk", 142 * 1000000); + qdev_prop_set_uint32(dev, "apb0div", 2); + qdev_prop_set_uint32(dev, "apb1div", 2); + + object_property_set_bool(OBJECT(dev), true, "realized", &error_fatal); + + soc = MSF2_SOC(dev); + + /* Attach SPI flash to SPI0 controller */ + spi_bus = (SSIBus *)qdev_get_child_bus(dev, "spi0"); + spi_flash = ssi_create_slave_no_init(spi_bus, "s25sl12801"); + qdev_prop_set_uint8(spi_flash, "spansion-cr2nv", 1); + if (dinfo) { + qdev_prop_set_drive(spi_flash, "drive", blk_by_legacy_dinfo(dinfo), + &error_fatal); + } + qdev_init_nofail(spi_flash); + cs_line = qdev_get_gpio_in_named(spi_flash, SSI_GPIO_CS, 0); + sysbus_connect_irq(SYS_BUS_DEVICE(&soc->spi[0]), 1, cs_line); + + armv7m_load_kernel(ARM_CPU(first_cpu), machine->kernel_filename, + soc->envm_size); +} + +static void emcraft_sf2_machine_init(MachineClass *mc) +{ + mc->desc = "SmartFusion2 SOM kit from Emcraft (M2S010)"; + mc->init = emcraft_sf2_s2s010_init; + mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-m3"); +} + +DEFINE_MACHINE("emcraft-sf2", emcraft_sf2_machine_init) diff --git a/hw/arm/omap2.c b/hw/arm/omap2.c index 3f6076ede8..f5b148881c 100644 --- a/hw/arm/omap2.c +++ b/hw/arm/omap2.c @@ -2087,19 +2087,44 @@ static void omap_sysctl_write(void *opaque, hwaddr addr, } } +static uint64_t omap_sysctl_readfn(void *opaque, hwaddr addr, + unsigned size) +{ + switch (size) { + case 1: + return omap_sysctl_read8(opaque, addr); + case 2: + return omap_badwidth_read32(opaque, addr); /* TODO */ + case 4: + return omap_sysctl_read(opaque, addr); + default: + g_assert_not_reached(); + } +} + +static void omap_sysctl_writefn(void *opaque, hwaddr addr, + uint64_t value, unsigned size) +{ + switch (size) { + case 1: + omap_sysctl_write8(opaque, addr, value); + break; + case 2: + omap_badwidth_write32(opaque, addr, value); /* TODO */ + break; + case 4: + omap_sysctl_write(opaque, addr, value); + break; + default: + g_assert_not_reached(); + } +} + static const MemoryRegionOps omap_sysctl_ops = { - .old_mmio = { - .read = { - omap_sysctl_read8, - omap_badwidth_read32, /* TODO */ - omap_sysctl_read, - }, - .write = { - omap_sysctl_write8, - omap_badwidth_write32, /* TODO */ - omap_sysctl_write, - }, - }, + .read = omap_sysctl_readfn, + .write = omap_sysctl_writefn, + .valid.min_access_size = 1, + .valid.max_access_size = 4, .endianness = DEVICE_NATIVE_ENDIAN, }; diff --git a/hw/arm/palm.c b/hw/arm/palm.c index b8753e2b5c..a1f55d79b4 100644 --- a/hw/arm/palm.c +++ b/hw/arm/palm.c @@ -31,26 +31,16 @@ #include "exec/address-spaces.h" #include "cpu.h" -static uint32_t static_readb(void *opaque, hwaddr offset) +static uint64_t static_read(void *opaque, hwaddr offset, unsigned size) { - uint32_t *val = (uint32_t *) opaque; - return *val >> ((offset & 3) << 3); -} + uint32_t *val = (uint32_t *)opaque; + uint32_t sizemask = 7 >> size; -static uint32_t static_readh(void *opaque, hwaddr offset) -{ - uint32_t *val = (uint32_t *) opaque; - return *val >> ((offset & 1) << 3); -} - -static uint32_t static_readw(void *opaque, hwaddr offset) -{ - uint32_t *val = (uint32_t *) opaque; - return *val >> ((offset & 0) << 3); + return *val >> ((offset & sizemask) << 3); } -static void static_write(void *opaque, hwaddr offset, - uint32_t value) +static void static_write(void *opaque, hwaddr offset, uint64_t value, + unsigned size) { #ifdef SPY printf("%s: value %08lx written at " PA_FMT "\n", @@ -59,10 +49,10 @@ static void static_write(void *opaque, hwaddr offset, } static const MemoryRegionOps static_ops = { - .old_mmio = { - .read = { static_readb, static_readh, static_readw, }, - .write = { static_write, static_write, static_write, }, - }, + .read = static_read, + .write = static_write, + .valid.min_access_size = 1, + .valid.max_access_size = 4, .endianness = DEVICE_NATIVE_ENDIAN, }; diff --git a/hw/gpio/omap_gpio.c b/hw/gpio/omap_gpio.c index 1df394eb12..17891e2d0f 100644 --- a/hw/gpio/omap_gpio.c +++ b/hw/gpio/omap_gpio.c @@ -525,17 +525,23 @@ static void omap2_gpio_module_write(void *opaque, hwaddr addr, } } -static uint32_t omap2_gpio_module_readp(void *opaque, hwaddr addr) +static uint64_t omap2_gpio_module_readp(void *opaque, hwaddr addr, + unsigned size) { return omap2_gpio_module_read(opaque, addr & ~3) >> ((addr & 3) << 3); } static void omap2_gpio_module_writep(void *opaque, hwaddr addr, - uint32_t value) + uint64_t value, unsigned size) { uint32_t cur = 0; uint32_t mask = 0xffff; + if (size == 4) { + omap2_gpio_module_write(opaque, addr, value); + return; + } + switch (addr & ~3) { case 0x00: /* GPIO_REVISION */ case 0x14: /* GPIO_SYSSTATUS */ @@ -581,18 +587,10 @@ static void omap2_gpio_module_writep(void *opaque, hwaddr addr, } static const MemoryRegionOps omap2_gpio_module_ops = { - .old_mmio = { - .read = { - omap2_gpio_module_readp, - omap2_gpio_module_readp, - omap2_gpio_module_read, - }, - .write = { - omap2_gpio_module_writep, - omap2_gpio_module_writep, - omap2_gpio_module_write, - }, - }, + .read = omap2_gpio_module_readp, + .write = omap2_gpio_module_writep, + .valid.min_access_size = 1, + .valid.max_access_size = 4, .endianness = DEVICE_NATIVE_ENDIAN, }; diff --git a/hw/i2c/omap_i2c.c b/hw/i2c/omap_i2c.c index f6e80bee25..12264ee0f5 100644 --- a/hw/i2c/omap_i2c.c +++ b/hw/i2c/omap_i2c.c @@ -430,19 +430,39 @@ static void omap_i2c_writeb(void *opaque, hwaddr addr, } } +static uint64_t omap_i2c_readfn(void *opaque, hwaddr addr, + unsigned size) +{ + switch (size) { + case 2: + return omap_i2c_read(opaque, addr); + default: + return omap_badwidth_read16(opaque, addr); + } +} + +static void omap_i2c_writefn(void *opaque, hwaddr addr, + uint64_t value, unsigned size) +{ + switch (size) { + case 1: + /* Only the last fifo write can be 8 bit. */ + omap_i2c_writeb(opaque, addr, value); + break; + case 2: + omap_i2c_write(opaque, addr, value); + break; + default: + omap_badwidth_write16(opaque, addr, value); + break; + } +} + static const MemoryRegionOps omap_i2c_ops = { - .old_mmio = { - .read = { - omap_badwidth_read16, - omap_i2c_read, - omap_badwidth_read16, - }, - .write = { - omap_i2c_writeb, /* Only the last fifo write can be 8 bit. */ - omap_i2c_write, - omap_badwidth_write16, - }, - }, + .read = omap_i2c_readfn, + .write = omap_i2c_writefn, + .valid.min_access_size = 1, + .valid.max_access_size = 4, .endianness = DEVICE_NATIVE_ENDIAN, }; diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index d3e20561c7..d90d8d0784 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -47,13 +47,15 @@ * For historical reasons QEMU tends to use "interrupt" and * "exception" more or less interchangeably. */ -#define NVIC_FIRST_IRQ 16 +#define NVIC_FIRST_IRQ NVIC_INTERNAL_VECTORS #define NVIC_MAX_IRQ (NVIC_MAX_VECTORS - NVIC_FIRST_IRQ) /* Effective running priority of the CPU when no exception is active * (higher than the highest possible priority value) */ #define NVIC_NOEXC_PRIO 0x100 +/* Maximum priority of non-secure exceptions when AIRCR.PRIS is set */ +#define NVIC_NS_PRIO_LIMIT 0x80 static const uint8_t nvic_id[] = { 0x00, 0xb0, 0x1b, 0x00, 0x0d, 0xe0, 0x05, 0xb1 @@ -61,10 +63,10 @@ static const uint8_t nvic_id[] = { static int nvic_pending_prio(NVICState *s) { - /* return the priority of the current pending interrupt, + /* return the group priority of the current pending interrupt, * or NVIC_NOEXC_PRIO if no interrupt is pending */ - return s->vectpending ? s->vectors[s->vectpending].prio : NVIC_NOEXC_PRIO; + return s->vectpending_prio; } /* Return the value of the ISCR RETTOBASE bit: @@ -84,9 +86,12 @@ static int nvic_pending_prio(NVICState *s) static bool nvic_rettobase(NVICState *s) { int irq, nhand = 0; + bool check_sec = arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY); for (irq = ARMV7M_EXCP_RESET; irq < s->num_irq; irq++) { - if (s->vectors[irq].active) { + if (s->vectors[irq].active || + (check_sec && irq < NVIC_INTERNAL_VECTORS && + s->sec_vectors[irq].active)) { nhand++; if (nhand == 2) { return 0; @@ -123,13 +128,139 @@ static bool nvic_isrpending(NVICState *s) return false; } +static bool exc_is_banked(int exc) +{ + /* Return true if this is one of the limited set of exceptions which + * are banked (and thus have state in sec_vectors[]) + */ + return exc == ARMV7M_EXCP_HARD || + exc == ARMV7M_EXCP_MEM || + exc == ARMV7M_EXCP_USAGE || + exc == ARMV7M_EXCP_SVC || + exc == ARMV7M_EXCP_PENDSV || + exc == ARMV7M_EXCP_SYSTICK; +} + /* Return a mask word which clears the subpriority bits from * a priority value for an M-profile exception, leaving only * the group priority. */ -static inline uint32_t nvic_gprio_mask(NVICState *s) +static inline uint32_t nvic_gprio_mask(NVICState *s, bool secure) +{ + return ~0U << (s->prigroup[secure] + 1); +} + +static bool exc_targets_secure(NVICState *s, int exc) +{ + /* Return true if this non-banked exception targets Secure state. */ + if (!arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY)) { + return false; + } + + if (exc >= NVIC_FIRST_IRQ) { + return !s->itns[exc]; + } + + /* Function shouldn't be called for banked exceptions. */ + assert(!exc_is_banked(exc)); + + switch (exc) { + case ARMV7M_EXCP_NMI: + case ARMV7M_EXCP_BUS: + return !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK); + case ARMV7M_EXCP_SECURE: + return true; + case ARMV7M_EXCP_DEBUG: + /* TODO: controlled by DEMCR.SDME, which we don't yet implement */ + return false; + default: + /* reset, and reserved (unused) low exception numbers. + * We'll get called by code that loops through all the exception + * numbers, but it doesn't matter what we return here as these + * non-existent exceptions will never be pended or active. + */ + return true; + } +} + +static int exc_group_prio(NVICState *s, int rawprio, bool targets_secure) +{ + /* Return the group priority for this exception, given its raw + * (group-and-subgroup) priority value and whether it is targeting + * secure state or not. + */ + if (rawprio < 0) { + return rawprio; + } + rawprio &= nvic_gprio_mask(s, targets_secure); + /* AIRCR.PRIS causes us to squash all NS priorities into the + * lower half of the total range + */ + if (!targets_secure && + (s->cpu->env.v7m.aircr & R_V7M_AIRCR_PRIS_MASK)) { + rawprio = (rawprio >> 1) + NVIC_NS_PRIO_LIMIT; + } + return rawprio; +} + +/* Recompute vectpending and exception_prio for a CPU which implements + * the Security extension + */ +static void nvic_recompute_state_secure(NVICState *s) { - return ~0U << (s->prigroup + 1); + int i, bank; + int pend_prio = NVIC_NOEXC_PRIO; + int active_prio = NVIC_NOEXC_PRIO; + int pend_irq = 0; + bool pending_is_s_banked = false; + + /* R_CQRV: precedence is by: + * - lowest group priority; if both the same then + * - lowest subpriority; if both the same then + * - lowest exception number; if both the same (ie banked) then + * - secure exception takes precedence + * Compare pseudocode RawExecutionPriority. + * Annoyingly, now we have two prigroup values (for S and NS) + * we can't do the loop comparison on raw priority values. + */ + for (i = 1; i < s->num_irq; i++) { + for (bank = M_REG_S; bank >= M_REG_NS; bank--) { + VecInfo *vec; + int prio; + bool targets_secure; + + if (bank == M_REG_S) { + if (!exc_is_banked(i)) { + continue; + } + vec = &s->sec_vectors[i]; + targets_secure = true; + } else { + vec = &s->vectors[i]; + targets_secure = !exc_is_banked(i) && exc_targets_secure(s, i); + } + + prio = exc_group_prio(s, vec->prio, targets_secure); + if (vec->enabled && vec->pending && prio < pend_prio) { + pend_prio = prio; + pend_irq = i; + pending_is_s_banked = (bank == M_REG_S); + } + if (vec->active && prio < active_prio) { + active_prio = prio; + } + } + } + + s->vectpending_is_s_banked = pending_is_s_banked; + s->vectpending = pend_irq; + s->vectpending_prio = pend_prio; + s->exception_prio = active_prio; + + trace_nvic_recompute_state_secure(s->vectpending, + s->vectpending_is_s_banked, + s->vectpending_prio, + s->exception_prio); } /* Recompute vectpending and exception_prio */ @@ -140,6 +271,18 @@ static void nvic_recompute_state(NVICState *s) int active_prio = NVIC_NOEXC_PRIO; int pend_irq = 0; + /* In theory we could write one function that handled both + * the "security extension present" and "not present"; however + * the security related changes significantly complicate the + * recomputation just by themselves and mixing both cases together + * would be even worse, so we retain a separate non-secure-only + * version for CPUs which don't implement the security extension. + */ + if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY)) { + nvic_recompute_state_secure(s); + return; + } + for (i = 1; i < s->num_irq; i++) { VecInfo *vec = &s->vectors[i]; @@ -153,13 +296,20 @@ static void nvic_recompute_state(NVICState *s) } if (active_prio > 0) { - active_prio &= nvic_gprio_mask(s); + active_prio &= nvic_gprio_mask(s, false); + } + + if (pend_prio > 0) { + pend_prio &= nvic_gprio_mask(s, false); } s->vectpending = pend_irq; + s->vectpending_prio = pend_prio; s->exception_prio = active_prio; - trace_nvic_recompute_state(s->vectpending, s->exception_prio); + trace_nvic_recompute_state(s->vectpending, + s->vectpending_prio, + s->exception_prio); } /* Return the current execution priority of the CPU @@ -169,21 +319,84 @@ static void nvic_recompute_state(NVICState *s) static inline int nvic_exec_prio(NVICState *s) { CPUARMState *env = &s->cpu->env; - int running; + int running = NVIC_NOEXC_PRIO; + + if (env->v7m.basepri[M_REG_NS] > 0) { + running = exc_group_prio(s, env->v7m.basepri[M_REG_NS], M_REG_NS); + } + + if (env->v7m.basepri[M_REG_S] > 0) { + int basepri = exc_group_prio(s, env->v7m.basepri[M_REG_S], M_REG_S); + if (running > basepri) { + running = basepri; + } + } - if (env->v7m.faultmask[env->v7m.secure]) { - running = -1; - } else if (env->v7m.primask[env->v7m.secure]) { + if (env->v7m.primask[M_REG_NS]) { + if (env->v7m.aircr & R_V7M_AIRCR_PRIS_MASK) { + if (running > NVIC_NS_PRIO_LIMIT) { + running = NVIC_NS_PRIO_LIMIT; + } + } else { + running = 0; + } + } + + if (env->v7m.primask[M_REG_S]) { running = 0; - } else if (env->v7m.basepri[env->v7m.secure] > 0) { - running = env->v7m.basepri[env->v7m.secure] & nvic_gprio_mask(s); - } else { - running = NVIC_NOEXC_PRIO; /* lower than any possible priority */ } + + if (env->v7m.faultmask[M_REG_NS]) { + if (env->v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) { + running = -1; + } else { + if (env->v7m.aircr & R_V7M_AIRCR_PRIS_MASK) { + if (running > NVIC_NS_PRIO_LIMIT) { + running = NVIC_NS_PRIO_LIMIT; + } + } else { + running = 0; + } + } + } + + if (env->v7m.faultmask[M_REG_S]) { + running = (env->v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) ? -3 : -1; + } + /* consider priority of active handler */ return MIN(running, s->exception_prio); } +bool armv7m_nvic_neg_prio_requested(void *opaque, bool secure) +{ + /* Return true if the requested execution priority is negative + * for the specified security state, ie that security state + * has an active NMI or HardFault or has set its FAULTMASK. + * Note that this is not the same as whether the execution + * priority is actually negative (for instance AIRCR.PRIS may + * mean we don't allow FAULTMASK_NS to actually make the execution + * priority negative). Compare pseudocode IsReqExcPriNeg(). + */ + NVICState *s = opaque; + + if (s->cpu->env.v7m.faultmask[secure]) { + return true; + } + + if (secure ? s->sec_vectors[ARMV7M_EXCP_HARD].active : + s->vectors[ARMV7M_EXCP_HARD].active) { + return true; + } + + if (s->vectors[ARMV7M_EXCP_NMI].active && + exc_targets_secure(s, ARMV7M_EXCP_NMI) == secure) { + return true; + } + + return false; +} + bool armv7m_nvic_can_take_pending_exception(void *opaque) { NVICState *s = opaque; @@ -198,15 +411,40 @@ int armv7m_nvic_raw_execution_priority(void *opaque) return s->exception_prio; } -/* caller must call nvic_irq_update() after this */ -static void set_prio(NVICState *s, unsigned irq, uint8_t prio) +/* caller must call nvic_irq_update() after this. + * secure indicates the bank to use for banked exceptions (we assert if + * we are passed secure=true for a non-banked exception). + */ +static void set_prio(NVICState *s, unsigned irq, bool secure, uint8_t prio) { assert(irq > ARMV7M_EXCP_NMI); /* only use for configurable prios */ assert(irq < s->num_irq); - s->vectors[irq].prio = prio; + if (secure) { + assert(exc_is_banked(irq)); + s->sec_vectors[irq].prio = prio; + } else { + s->vectors[irq].prio = prio; + } + + trace_nvic_set_prio(irq, secure, prio); +} + +/* Return the current raw priority register value. + * secure indicates the bank to use for banked exceptions (we assert if + * we are passed secure=true for a non-banked exception). + */ +static int get_prio(NVICState *s, unsigned irq, bool secure) +{ + assert(irq > ARMV7M_EXCP_NMI); /* only use for configurable prios */ + assert(irq < s->num_irq); - trace_nvic_set_prio(irq, prio); + if (secure) { + assert(exc_is_banked(irq)); + return s->sec_vectors[irq].prio; + } else { + return s->vectors[irq].prio; + } } /* Recompute state and assert irq line accordingly. @@ -233,31 +471,50 @@ static void nvic_irq_update(NVICState *s) qemu_set_irq(s->excpout, lvl); } -static void armv7m_nvic_clear_pending(void *opaque, int irq) +/** + * armv7m_nvic_clear_pending: mark the specified exception as not pending + * @opaque: the NVIC + * @irq: the exception number to mark as not pending + * @secure: false for non-banked exceptions or for the nonsecure + * version of a banked exception, true for the secure version of a banked + * exception. + * + * Marks the specified exception as not pending. Note that we will assert() + * if @secure is true and @irq does not specify one of the fixed set + * of architecturally banked exceptions. + */ +static void armv7m_nvic_clear_pending(void *opaque, int irq, bool secure) { NVICState *s = (NVICState *)opaque; VecInfo *vec; assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq); - vec = &s->vectors[irq]; - trace_nvic_clear_pending(irq, vec->enabled, vec->prio); + if (secure) { + assert(exc_is_banked(irq)); + vec = &s->sec_vectors[irq]; + } else { + vec = &s->vectors[irq]; + } + trace_nvic_clear_pending(irq, secure, vec->enabled, vec->prio); if (vec->pending) { vec->pending = 0; nvic_irq_update(s); } } -void armv7m_nvic_set_pending(void *opaque, int irq) +void armv7m_nvic_set_pending(void *opaque, int irq, bool secure) { NVICState *s = (NVICState *)opaque; + bool banked = exc_is_banked(irq); VecInfo *vec; assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq); + assert(!secure || banked); - vec = &s->vectors[irq]; - trace_nvic_set_pending(irq, vec->enabled, vec->prio); + vec = (banked && secure) ? &s->sec_vectors[irq] : &s->vectors[irq]; + trace_nvic_set_pending(irq, secure, vec->enabled, vec->prio); if (irq >= ARMV7M_EXCP_HARD && irq < ARMV7M_EXCP_PENDSV) { /* If a synchronous exception is pending then it may be @@ -283,7 +540,7 @@ void armv7m_nvic_set_pending(void *opaque, int irq) int running = nvic_exec_prio(s); bool escalate = false; - if (vec->prio >= running) { + if (exc_group_prio(s, vec->prio, secure) >= running) { trace_nvic_escalate_prio(irq, vec->prio, running); escalate = true; } else if (!vec->enabled) { @@ -292,8 +549,22 @@ void armv7m_nvic_set_pending(void *opaque, int irq) } if (escalate) { - if (running < 0) { - /* We want to escalate to HardFault but we can't take a + + /* We need to escalate this exception to a synchronous HardFault. + * If BFHFNMINS is set then we escalate to the banked HF for + * the target security state of the original exception; otherwise + * we take a Secure HardFault. + */ + irq = ARMV7M_EXCP_HARD; + if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY) && + (secure || + !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK))) { + vec = &s->sec_vectors[irq]; + } else { + vec = &s->vectors[irq]; + } + if (running <= vec->prio) { + /* We want to escalate to HardFault but we can't take the * synchronous HardFault at this point either. This is a * Lockup condition due to a guest bug. We don't model * Lockup, so report via cpu_abort() instead. @@ -303,9 +574,7 @@ void armv7m_nvic_set_pending(void *opaque, int irq) "(current priority %d)\n", irq, running); } - /* We can do the escalation, so we take HardFault instead */ - irq = ARMV7M_EXCP_HARD; - vec = &s->vectors[irq]; + /* HF may be banked but there is only one shared HFSR */ s->cpu->env.v7m.hfsr |= R_V7M_HFSR_FORCED_MASK; } } @@ -317,29 +586,32 @@ void armv7m_nvic_set_pending(void *opaque, int irq) } /* Make pending IRQ active. */ -void armv7m_nvic_acknowledge_irq(void *opaque) +bool armv7m_nvic_acknowledge_irq(void *opaque) { NVICState *s = (NVICState *)opaque; CPUARMState *env = &s->cpu->env; const int pending = s->vectpending; const int running = nvic_exec_prio(s); - int pendgroupprio; VecInfo *vec; + bool targets_secure; assert(pending > ARMV7M_EXCP_RESET && pending < s->num_irq); - vec = &s->vectors[pending]; + if (s->vectpending_is_s_banked) { + vec = &s->sec_vectors[pending]; + targets_secure = true; + } else { + vec = &s->vectors[pending]; + targets_secure = !exc_is_banked(s->vectpending) && + exc_targets_secure(s, s->vectpending); + } assert(vec->enabled); assert(vec->pending); - pendgroupprio = vec->prio; - if (pendgroupprio > 0) { - pendgroupprio &= nvic_gprio_mask(s); - } - assert(pendgroupprio < running); + assert(s->vectpending_prio < running); - trace_nvic_acknowledge_irq(pending, vec->prio); + trace_nvic_acknowledge_irq(pending, s->vectpending_prio, targets_secure); vec->active = 1; vec->pending = 0; @@ -347,9 +619,11 @@ void armv7m_nvic_acknowledge_irq(void *opaque) env->v7m.exception = s->vectpending; nvic_irq_update(s); + + return targets_secure; } -int armv7m_nvic_complete_irq(void *opaque, int irq) +int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure) { NVICState *s = (NVICState *)opaque; VecInfo *vec; @@ -357,9 +631,13 @@ int armv7m_nvic_complete_irq(void *opaque, int irq) assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq); - vec = &s->vectors[irq]; + if (secure && exc_is_banked(irq)) { + vec = &s->sec_vectors[irq]; + } else { + vec = &s->vectors[irq]; + } - trace_nvic_complete_irq(irq); + trace_nvic_complete_irq(irq, secure); if (!vec->active) { /* Tell the caller this was an illegal exception return */ @@ -405,7 +683,7 @@ static void set_irq_level(void *opaque, int n, int level) if (level != vec->level) { vec->level = level; if (level) { - armv7m_nvic_set_pending(s, n); + armv7m_nvic_set_pending(s, n, false); } } } @@ -418,9 +696,28 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) switch (offset) { case 4: /* Interrupt Control Type. */ return ((s->num_irq - NVIC_FIRST_IRQ) / 32) - 1; + case 0x380 ... 0x3bf: /* NVIC_ITNS<n> */ + { + int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ; + int i; + + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + return 0; + } + val = 0; + for (i = 0; i < 32 && startvec + i < s->num_irq; i++) { + if (s->itns[startvec + i]) { + val |= (1 << i); + } + } + return val; + } case 0xd00: /* CPUID Base. */ return cpu->midr; - case 0xd04: /* Interrupt Control State. */ + case 0xd04: /* Interrupt Control State (ICSR) */ /* VECTACTIVE */ val = cpu->env.v7m.exception; /* VECTPENDING */ @@ -433,24 +730,50 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) if (nvic_rettobase(s)) { val |= (1 << 11); } - /* PENDSTSET */ - if (s->vectors[ARMV7M_EXCP_SYSTICK].pending) { - val |= (1 << 26); - } - /* PENDSVSET */ - if (s->vectors[ARMV7M_EXCP_PENDSV].pending) { - val |= (1 << 28); + if (attrs.secure) { + /* PENDSTSET */ + if (s->sec_vectors[ARMV7M_EXCP_SYSTICK].pending) { + val |= (1 << 26); + } + /* PENDSVSET */ + if (s->sec_vectors[ARMV7M_EXCP_PENDSV].pending) { + val |= (1 << 28); + } + } else { + /* PENDSTSET */ + if (s->vectors[ARMV7M_EXCP_SYSTICK].pending) { + val |= (1 << 26); + } + /* PENDSVSET */ + if (s->vectors[ARMV7M_EXCP_PENDSV].pending) { + val |= (1 << 28); + } } /* NMIPENDSET */ - if (s->vectors[ARMV7M_EXCP_NMI].pending) { + if ((cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) && + s->vectors[ARMV7M_EXCP_NMI].pending) { val |= (1 << 31); } - /* ISRPREEMPT not implemented */ + /* ISRPREEMPT: RES0 when halting debug not implemented */ + /* STTNS: RES0 for the Main Extension */ return val; case 0xd08: /* Vector Table Offset. */ return cpu->env.v7m.vecbase[attrs.secure]; - case 0xd0c: /* Application Interrupt/Reset Control. */ - return 0xfa050000 | (s->prigroup << 8); + case 0xd0c: /* Application Interrupt/Reset Control (AIRCR) */ + val = 0xfa050000 | (s->prigroup[attrs.secure] << 8); + if (attrs.secure) { + /* s->aircr stores PRIS, BFHFNMINS, SYSRESETREQS */ + val |= cpu->env.v7m.aircr; + } else { + if (arm_feature(&cpu->env, ARM_FEATURE_V8)) { + /* BFHFNMINS is R/O from NS; other bits are RAZ/WI. If + * security isn't supported then BFHFNMINS is RAO (and + * the bit in env.v7m.aircr is always set). + */ + val |= cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK; + } + } + return val; case 0xd10: /* System Control. */ /* TODO: Implement SLEEPONEXIT. */ return 0; @@ -461,50 +784,117 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) val = cpu->env.v7m.ccr[attrs.secure]; val |= cpu->env.v7m.ccr[M_REG_NS] & R_V7M_CCR_BFHFNMIGN_MASK; return val; - case 0xd24: /* System Handler Status. */ + case 0xd24: /* System Handler Control and State (SHCSR) */ val = 0; - if (s->vectors[ARMV7M_EXCP_MEM].active) { - val |= (1 << 0); - } - if (s->vectors[ARMV7M_EXCP_BUS].active) { - val |= (1 << 1); - } - if (s->vectors[ARMV7M_EXCP_USAGE].active) { - val |= (1 << 3); + if (attrs.secure) { + if (s->sec_vectors[ARMV7M_EXCP_MEM].active) { + val |= (1 << 0); + } + if (s->sec_vectors[ARMV7M_EXCP_HARD].active) { + val |= (1 << 2); + } + if (s->sec_vectors[ARMV7M_EXCP_USAGE].active) { + val |= (1 << 3); + } + if (s->sec_vectors[ARMV7M_EXCP_SVC].active) { + val |= (1 << 7); + } + if (s->sec_vectors[ARMV7M_EXCP_PENDSV].active) { + val |= (1 << 10); + } + if (s->sec_vectors[ARMV7M_EXCP_SYSTICK].active) { + val |= (1 << 11); + } + if (s->sec_vectors[ARMV7M_EXCP_USAGE].pending) { + val |= (1 << 12); + } + if (s->sec_vectors[ARMV7M_EXCP_MEM].pending) { + val |= (1 << 13); + } + if (s->sec_vectors[ARMV7M_EXCP_SVC].pending) { + val |= (1 << 15); + } + if (s->sec_vectors[ARMV7M_EXCP_MEM].enabled) { + val |= (1 << 16); + } + if (s->sec_vectors[ARMV7M_EXCP_USAGE].enabled) { + val |= (1 << 18); + } + if (s->sec_vectors[ARMV7M_EXCP_HARD].pending) { + val |= (1 << 21); + } + /* SecureFault is not banked but is always RAZ/WI to NS */ + if (s->vectors[ARMV7M_EXCP_SECURE].active) { + val |= (1 << 4); + } + if (s->vectors[ARMV7M_EXCP_SECURE].enabled) { + val |= (1 << 19); + } + if (s->vectors[ARMV7M_EXCP_SECURE].pending) { + val |= (1 << 20); + } + } else { + if (s->vectors[ARMV7M_EXCP_MEM].active) { + val |= (1 << 0); + } + if (arm_feature(&cpu->env, ARM_FEATURE_V8)) { + /* HARDFAULTACT, HARDFAULTPENDED not present in v7M */ + if (s->vectors[ARMV7M_EXCP_HARD].active) { + val |= (1 << 2); + } + if (s->vectors[ARMV7M_EXCP_HARD].pending) { + val |= (1 << 21); + } + } + if (s->vectors[ARMV7M_EXCP_USAGE].active) { + val |= (1 << 3); + } + if (s->vectors[ARMV7M_EXCP_SVC].active) { + val |= (1 << 7); + } + if (s->vectors[ARMV7M_EXCP_PENDSV].active) { + val |= (1 << 10); + } + if (s->vectors[ARMV7M_EXCP_SYSTICK].active) { + val |= (1 << 11); + } + if (s->vectors[ARMV7M_EXCP_USAGE].pending) { + val |= (1 << 12); + } + if (s->vectors[ARMV7M_EXCP_MEM].pending) { + val |= (1 << 13); + } + if (s->vectors[ARMV7M_EXCP_SVC].pending) { + val |= (1 << 15); + } + if (s->vectors[ARMV7M_EXCP_MEM].enabled) { + val |= (1 << 16); + } + if (s->vectors[ARMV7M_EXCP_USAGE].enabled) { + val |= (1 << 18); + } } - if (s->vectors[ARMV7M_EXCP_SVC].active) { - val |= (1 << 7); + if (attrs.secure || (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) { + if (s->vectors[ARMV7M_EXCP_BUS].active) { + val |= (1 << 1); + } + if (s->vectors[ARMV7M_EXCP_BUS].pending) { + val |= (1 << 14); + } + if (s->vectors[ARMV7M_EXCP_BUS].enabled) { + val |= (1 << 17); + } + if (arm_feature(&cpu->env, ARM_FEATURE_V8) && + s->vectors[ARMV7M_EXCP_NMI].active) { + /* NMIACT is not present in v7M */ + val |= (1 << 5); + } } + + /* TODO: this is RAZ/WI from NS if DEMCR.SDME is set */ if (s->vectors[ARMV7M_EXCP_DEBUG].active) { val |= (1 << 8); } - if (s->vectors[ARMV7M_EXCP_PENDSV].active) { - val |= (1 << 10); - } - if (s->vectors[ARMV7M_EXCP_SYSTICK].active) { - val |= (1 << 11); - } - if (s->vectors[ARMV7M_EXCP_USAGE].pending) { - val |= (1 << 12); - } - if (s->vectors[ARMV7M_EXCP_MEM].pending) { - val |= (1 << 13); - } - if (s->vectors[ARMV7M_EXCP_BUS].pending) { - val |= (1 << 14); - } - if (s->vectors[ARMV7M_EXCP_SVC].pending) { - val |= (1 << 15); - } - if (s->vectors[ARMV7M_EXCP_MEM].enabled) { - val |= (1 << 16); - } - if (s->vectors[ARMV7M_EXCP_BUS].enabled) { - val |= (1 << 17); - } - if (s->vectors[ARMV7M_EXCP_USAGE].enabled) { - val |= (1 << 18); - } return val; case 0xd28: /* Configurable Fault Status. */ /* The BFSR bits [15:8] are shared between security states @@ -640,40 +1030,87 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value, ARMCPU *cpu = s->cpu; switch (offset) { - case 0xd04: /* Interrupt Control State. */ - if (value & (1 << 31)) { - armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI); + case 0x380 ... 0x3bf: /* NVIC_ITNS<n> */ + { + int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ; + int i; + + if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) { + goto bad_offset; + } + if (!attrs.secure) { + break; + } + for (i = 0; i < 32 && startvec + i < s->num_irq; i++) { + s->itns[startvec + i] = (value >> i) & 1; + } + nvic_irq_update(s); + break; + } + case 0xd04: /* Interrupt Control State (ICSR) */ + if (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) { + if (value & (1 << 31)) { + armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI, false); + } else if (value & (1 << 30) && + arm_feature(&cpu->env, ARM_FEATURE_V8)) { + /* PENDNMICLR didn't exist in v7M */ + armv7m_nvic_clear_pending(s, ARMV7M_EXCP_NMI, false); + } } if (value & (1 << 28)) { - armv7m_nvic_set_pending(s, ARMV7M_EXCP_PENDSV); + armv7m_nvic_set_pending(s, ARMV7M_EXCP_PENDSV, attrs.secure); } else if (value & (1 << 27)) { - armv7m_nvic_clear_pending(s, ARMV7M_EXCP_PENDSV); + armv7m_nvic_clear_pending(s, ARMV7M_EXCP_PENDSV, attrs.secure); } if (value & (1 << 26)) { - armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK); + armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK, attrs.secure); } else if (value & (1 << 25)) { - armv7m_nvic_clear_pending(s, ARMV7M_EXCP_SYSTICK); + armv7m_nvic_clear_pending(s, ARMV7M_EXCP_SYSTICK, attrs.secure); } break; case 0xd08: /* Vector Table Offset. */ cpu->env.v7m.vecbase[attrs.secure] = value & 0xffffff80; break; - case 0xd0c: /* Application Interrupt/Reset Control. */ - if ((value >> 16) == 0x05fa) { - if (value & 4) { - qemu_irq_pulse(s->sysresetreq); + case 0xd0c: /* Application Interrupt/Reset Control (AIRCR) */ + if ((value >> R_V7M_AIRCR_VECTKEY_SHIFT) == 0x05fa) { + if (value & R_V7M_AIRCR_SYSRESETREQ_MASK) { + if (attrs.secure || + !(cpu->env.v7m.aircr & R_V7M_AIRCR_SYSRESETREQS_MASK)) { + qemu_irq_pulse(s->sysresetreq); + } } - if (value & 2) { + if (value & R_V7M_AIRCR_VECTCLRACTIVE_MASK) { qemu_log_mask(LOG_GUEST_ERROR, "Setting VECTCLRACTIVE when not in DEBUG mode " "is UNPREDICTABLE\n"); } - if (value & 1) { + if (value & R_V7M_AIRCR_VECTRESET_MASK) { + /* NB: this bit is RES0 in v8M */ qemu_log_mask(LOG_GUEST_ERROR, "Setting VECTRESET when not in DEBUG mode " "is UNPREDICTABLE\n"); } - s->prigroup = extract32(value, 8, 3); + s->prigroup[attrs.secure] = extract32(value, + R_V7M_AIRCR_PRIGROUP_SHIFT, + R_V7M_AIRCR_PRIGROUP_LENGTH); + if (attrs.secure) { + /* These bits are only writable by secure */ + cpu->env.v7m.aircr = value & + (R_V7M_AIRCR_SYSRESETREQS_MASK | + R_V7M_AIRCR_BFHFNMINS_MASK | + R_V7M_AIRCR_PRIS_MASK); + /* BFHFNMINS changes the priority of Secure HardFault, and + * allows a pending Non-secure HardFault to preempt (which + * we implement by marking it enabled). + */ + if (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) { + s->sec_vectors[ARMV7M_EXCP_HARD].prio = -3; + s->vectors[ARMV7M_EXCP_HARD].enabled = 1; + } else { + s->sec_vectors[ARMV7M_EXCP_HARD].prio = -1; + s->vectors[ARMV7M_EXCP_HARD].enabled = 0; + } + } nvic_irq_update(s); } break; @@ -705,21 +1142,71 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value, cpu->env.v7m.ccr[attrs.secure] = value; break; - case 0xd24: /* System Handler Control. */ - s->vectors[ARMV7M_EXCP_MEM].active = (value & (1 << 0)) != 0; - s->vectors[ARMV7M_EXCP_BUS].active = (value & (1 << 1)) != 0; - s->vectors[ARMV7M_EXCP_USAGE].active = (value & (1 << 3)) != 0; - s->vectors[ARMV7M_EXCP_SVC].active = (value & (1 << 7)) != 0; + case 0xd24: /* System Handler Control and State (SHCSR) */ + if (attrs.secure) { + s->sec_vectors[ARMV7M_EXCP_MEM].active = (value & (1 << 0)) != 0; + /* Secure HardFault active bit cannot be written */ + s->sec_vectors[ARMV7M_EXCP_USAGE].active = (value & (1 << 3)) != 0; + s->sec_vectors[ARMV7M_EXCP_SVC].active = (value & (1 << 7)) != 0; + s->sec_vectors[ARMV7M_EXCP_PENDSV].active = + (value & (1 << 10)) != 0; + s->sec_vectors[ARMV7M_EXCP_SYSTICK].active = + (value & (1 << 11)) != 0; + s->sec_vectors[ARMV7M_EXCP_USAGE].pending = + (value & (1 << 12)) != 0; + s->sec_vectors[ARMV7M_EXCP_MEM].pending = (value & (1 << 13)) != 0; + s->sec_vectors[ARMV7M_EXCP_SVC].pending = (value & (1 << 15)) != 0; + s->sec_vectors[ARMV7M_EXCP_MEM].enabled = (value & (1 << 16)) != 0; + s->sec_vectors[ARMV7M_EXCP_BUS].enabled = (value & (1 << 17)) != 0; + s->sec_vectors[ARMV7M_EXCP_USAGE].enabled = + (value & (1 << 18)) != 0; + /* SecureFault not banked, but RAZ/WI to NS */ + s->vectors[ARMV7M_EXCP_SECURE].active = (value & (1 << 4)) != 0; + s->vectors[ARMV7M_EXCP_SECURE].enabled = (value & (1 << 19)) != 0; + s->vectors[ARMV7M_EXCP_SECURE].pending = (value & (1 << 20)) != 0; + } else { + s->vectors[ARMV7M_EXCP_MEM].active = (value & (1 << 0)) != 0; + if (arm_feature(&cpu->env, ARM_FEATURE_V8)) { + /* HARDFAULTPENDED is not present in v7M */ + s->vectors[ARMV7M_EXCP_HARD].pending = (value & (1 << 21)) != 0; + } + s->vectors[ARMV7M_EXCP_USAGE].active = (value & (1 << 3)) != 0; + s->vectors[ARMV7M_EXCP_SVC].active = (value & (1 << 7)) != 0; + s->vectors[ARMV7M_EXCP_PENDSV].active = (value & (1 << 10)) != 0; + s->vectors[ARMV7M_EXCP_SYSTICK].active = (value & (1 << 11)) != 0; + s->vectors[ARMV7M_EXCP_USAGE].pending = (value & (1 << 12)) != 0; + s->vectors[ARMV7M_EXCP_MEM].pending = (value & (1 << 13)) != 0; + s->vectors[ARMV7M_EXCP_SVC].pending = (value & (1 << 15)) != 0; + s->vectors[ARMV7M_EXCP_MEM].enabled = (value & (1 << 16)) != 0; + s->vectors[ARMV7M_EXCP_USAGE].enabled = (value & (1 << 18)) != 0; + } + if (attrs.secure || (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) { + s->vectors[ARMV7M_EXCP_BUS].active = (value & (1 << 1)) != 0; + s->vectors[ARMV7M_EXCP_BUS].pending = (value & (1 << 14)) != 0; + s->vectors[ARMV7M_EXCP_BUS].enabled = (value & (1 << 17)) != 0; + } + /* NMIACT can only be written if the write is of a zero, with + * BFHFNMINS 1, and by the CPU in secure state via the NS alias. + */ + if (!attrs.secure && cpu->env.v7m.secure && + (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) && + (value & (1 << 5)) == 0) { + s->vectors[ARMV7M_EXCP_NMI].active = 0; + } + /* HARDFAULTACT can only be written if the write is of a zero + * to the non-secure HardFault state by the CPU in secure state. + * The only case where we can be targeting the non-secure HF state + * when in secure state is if this is a write via the NS alias + * and BFHFNMINS is 1. + */ + if (!attrs.secure && cpu->env.v7m.secure && + (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) && + (value & (1 << 2)) == 0) { + s->vectors[ARMV7M_EXCP_HARD].active = 0; + } + + /* TODO: this is RAZ/WI from NS if DEMCR.SDME is set */ s->vectors[ARMV7M_EXCP_DEBUG].active = (value & (1 << 8)) != 0; - s->vectors[ARMV7M_EXCP_PENDSV].active = (value & (1 << 10)) != 0; - s->vectors[ARMV7M_EXCP_SYSTICK].active = (value & (1 << 11)) != 0; - s->vectors[ARMV7M_EXCP_USAGE].pending = (value & (1 << 12)) != 0; - s->vectors[ARMV7M_EXCP_MEM].pending = (value & (1 << 13)) != 0; - s->vectors[ARMV7M_EXCP_BUS].pending = (value & (1 << 14)) != 0; - s->vectors[ARMV7M_EXCP_SVC].pending = (value & (1 << 15)) != 0; - s->vectors[ARMV7M_EXCP_MEM].enabled = (value & (1 << 16)) != 0; - s->vectors[ARMV7M_EXCP_BUS].enabled = (value & (1 << 17)) != 0; - s->vectors[ARMV7M_EXCP_USAGE].enabled = (value & (1 << 18)) != 0; nvic_irq_update(s); break; case 0xd28: /* Configurable Fault Status. */ @@ -885,7 +1372,7 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value, { int excnum = (value & 0x1ff) + NVIC_FIRST_IRQ; if (excnum < s->num_irq) { - armv7m_nvic_set_pending(s, excnum); + armv7m_nvic_set_pending(s, excnum, false); } break; } @@ -911,6 +1398,47 @@ static bool nvic_user_access_ok(NVICState *s, hwaddr offset, MemTxAttrs attrs) } } +static int shpr_bank(NVICState *s, int exc, MemTxAttrs attrs) +{ + /* Behaviour for the SHPR register field for this exception: + * return M_REG_NS to use the nonsecure vector (including for + * non-banked exceptions), M_REG_S for the secure version of + * a banked exception, and -1 if this field should RAZ/WI. + */ + switch (exc) { + case ARMV7M_EXCP_MEM: + case ARMV7M_EXCP_USAGE: + case ARMV7M_EXCP_SVC: + case ARMV7M_EXCP_PENDSV: + case ARMV7M_EXCP_SYSTICK: + /* Banked exceptions */ + return attrs.secure; + case ARMV7M_EXCP_BUS: + /* Not banked, RAZ/WI from nonsecure if BFHFNMINS is zero */ + if (!attrs.secure && + !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) { + return -1; + } + return M_REG_NS; + case ARMV7M_EXCP_SECURE: + /* Not banked, RAZ/WI from nonsecure */ + if (!attrs.secure) { + return -1; + } + return M_REG_NS; + case ARMV7M_EXCP_DEBUG: + /* Not banked. TODO should RAZ/WI if DEMCR.SDME is set */ + return M_REG_NS; + case 8 ... 10: + case 13: + /* RES0 */ + return -1; + default: + /* Not reachable due to decode of SHPR register addresses */ + g_assert_not_reached(); + } +} + static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr, uint64_t *data, unsigned size, MemTxAttrs attrs) @@ -935,7 +1463,8 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr, startvec = offset - 0x180 + NVIC_FIRST_IRQ; /* vector # */ for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) { - if (s->vectors[startvec + i].enabled) { + if (s->vectors[startvec + i].enabled && + (attrs.secure || s->itns[startvec + i])) { val |= (1 << i); } } @@ -947,7 +1476,8 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr, val = 0; startvec = offset - 0x280 + NVIC_FIRST_IRQ; /* vector # */ for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) { - if (s->vectors[startvec + i].pending) { + if (s->vectors[startvec + i].pending && + (attrs.secure || s->itns[startvec + i])) { val |= (1 << i); } } @@ -957,7 +1487,8 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr, startvec = offset - 0x300 + NVIC_FIRST_IRQ; /* vector # */ for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) { - if (s->vectors[startvec + i].active) { + if (s->vectors[startvec + i].active && + (attrs.secure || s->itns[startvec + i])) { val |= (1 << i); } } @@ -967,13 +1498,21 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr, startvec = offset - 0x400 + NVIC_FIRST_IRQ; /* vector # */ for (i = 0; i < size && startvec + i < s->num_irq; i++) { - val |= s->vectors[startvec + i].prio << (8 * i); + if (attrs.secure || s->itns[startvec + i]) { + val |= s->vectors[startvec + i].prio << (8 * i); + } } break; - case 0xd18 ... 0xd23: /* System Handler Priority. */ + case 0xd18 ... 0xd23: /* System Handler Priority (SHPR1, SHPR2, SHPR3) */ val = 0; for (i = 0; i < size; i++) { - val |= s->vectors[(offset - 0xd14) + i].prio << (i * 8); + unsigned hdlidx = (offset - 0xd14) + i; + int sbank = shpr_bank(s, hdlidx, attrs); + + if (sbank < 0) { + continue; + } + val = deposit32(val, i * 8, 8, get_prio(s, hdlidx, sbank)); } break; case 0xfe0 ... 0xfff: /* ID. */ @@ -1024,7 +1563,8 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr, startvec = 8 * (offset - 0x180) + NVIC_FIRST_IRQ; for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) { - if (value & (1 << i)) { + if (value & (1 << i) && + (attrs.secure || s->itns[startvec + i])) { s->vectors[startvec + i].enabled = setval; } } @@ -1041,7 +1581,8 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr, startvec = 8 * (offset - 0x280) + NVIC_FIRST_IRQ; /* vector # */ for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) { - if (value & (1 << i)) { + if (value & (1 << i) && + (attrs.secure || s->itns[startvec + i])) { s->vectors[startvec + i].pending = setval; } } @@ -1053,14 +1594,22 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr, startvec = 8 * (offset - 0x400) + NVIC_FIRST_IRQ; /* vector # */ for (i = 0; i < size && startvec + i < s->num_irq; i++) { - set_prio(s, startvec + i, (value >> (i * 8)) & 0xff); + if (attrs.secure || s->itns[startvec + i]) { + set_prio(s, startvec + i, false, (value >> (i * 8)) & 0xff); + } } nvic_irq_update(s); return MEMTX_OK; - case 0xd18 ... 0xd23: /* System Handler Priority. */ + case 0xd18 ... 0xd23: /* System Handler Priority (SHPR1, SHPR2, SHPR3) */ for (i = 0; i < size; i++) { unsigned hdlidx = (offset - 0xd14) + i; - set_prio(s, hdlidx, (value >> (i * 8)) & 0xff); + int newprio = extract32(value, i * 8, 8); + int sbank = shpr_bank(s, hdlidx, attrs); + + if (sbank < 0) { + continue; + } + set_prio(s, hdlidx, sbank, newprio); } nvic_irq_update(s); return MEMTX_OK; @@ -1126,9 +1675,12 @@ static int nvic_post_load(void *opaque, int version_id) { NVICState *s = opaque; unsigned i; + int resetprio; /* Check for out of range priority settings */ - if (s->vectors[ARMV7M_EXCP_RESET].prio != -3 || + resetprio = arm_feature(&s->cpu->env, ARM_FEATURE_V8) ? -4 : -3; + + if (s->vectors[ARMV7M_EXCP_RESET].prio != resetprio || s->vectors[ARMV7M_EXCP_NMI].prio != -2 || s->vectors[ARMV7M_EXCP_HARD].prio != -1) { return 1; @@ -1158,6 +1710,50 @@ static const VMStateDescription vmstate_VecInfo = { } }; +static bool nvic_security_needed(void *opaque) +{ + NVICState *s = opaque; + + return arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY); +} + +static int nvic_security_post_load(void *opaque, int version_id) +{ + NVICState *s = opaque; + int i; + + /* Check for out of range priority settings */ + if (s->sec_vectors[ARMV7M_EXCP_HARD].prio != -1 + && s->sec_vectors[ARMV7M_EXCP_HARD].prio != -3) { + /* We can't cross-check against AIRCR.BFHFNMINS as we don't know + * if the CPU state has been migrated yet; a mismatch won't + * cause the emulation to blow up, though. + */ + return 1; + } + for (i = ARMV7M_EXCP_MEM; i < ARRAY_SIZE(s->sec_vectors); i++) { + if (s->sec_vectors[i].prio & ~0xff) { + return 1; + } + } + return 0; +} + +static const VMStateDescription vmstate_nvic_security = { + .name = "nvic/m-security", + .version_id = 1, + .minimum_version_id = 1, + .needed = nvic_security_needed, + .post_load = &nvic_security_post_load, + .fields = (VMStateField[]) { + VMSTATE_STRUCT_ARRAY(sec_vectors, NVICState, NVIC_INTERNAL_VECTORS, 1, + vmstate_VecInfo, VecInfo), + VMSTATE_UINT32(prigroup[M_REG_S], NVICState), + VMSTATE_BOOL_ARRAY(itns, NVICState, NVIC_MAX_VECTORS), + VMSTATE_END_OF_LIST() + } +}; + static const VMStateDescription vmstate_nvic = { .name = "armv7m_nvic", .version_id = 4, @@ -1166,8 +1762,12 @@ static const VMStateDescription vmstate_nvic = { .fields = (VMStateField[]) { VMSTATE_STRUCT_ARRAY(vectors, NVICState, NVIC_MAX_VECTORS, 1, vmstate_VecInfo, VecInfo), - VMSTATE_UINT32(prigroup, NVICState), + VMSTATE_UINT32(prigroup[M_REG_NS], NVICState), VMSTATE_END_OF_LIST() + }, + .subsections = (const VMStateDescription*[]) { + &vmstate_nvic_security, + NULL } }; @@ -1179,10 +1779,10 @@ static Property props_nvic[] = { static void armv7m_nvic_reset(DeviceState *dev) { + int resetprio; NVICState *s = NVIC(dev); s->vectors[ARMV7M_EXCP_NMI].enabled = 1; - s->vectors[ARMV7M_EXCP_HARD].enabled = 1; /* MEM, BUS, and USAGE are enabled through * the System Handler Control register */ @@ -1191,10 +1791,25 @@ static void armv7m_nvic_reset(DeviceState *dev) s->vectors[ARMV7M_EXCP_PENDSV].enabled = 1; s->vectors[ARMV7M_EXCP_SYSTICK].enabled = 1; - s->vectors[ARMV7M_EXCP_RESET].prio = -3; + resetprio = arm_feature(&s->cpu->env, ARM_FEATURE_V8) ? -4 : -3; + s->vectors[ARMV7M_EXCP_RESET].prio = resetprio; s->vectors[ARMV7M_EXCP_NMI].prio = -2; s->vectors[ARMV7M_EXCP_HARD].prio = -1; + if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY)) { + s->sec_vectors[ARMV7M_EXCP_HARD].enabled = 1; + s->sec_vectors[ARMV7M_EXCP_SVC].enabled = 1; + s->sec_vectors[ARMV7M_EXCP_PENDSV].enabled = 1; + s->sec_vectors[ARMV7M_EXCP_SYSTICK].enabled = 1; + + /* AIRCR.BFHFNMINS resets to 0 so Secure HF is priority -1 (R_CMTC) */ + s->sec_vectors[ARMV7M_EXCP_HARD].prio = -1; + /* If AIRCR.BFHFNMINS is 0 then NS HF is (effectively) disabled */ + s->vectors[ARMV7M_EXCP_HARD].enabled = 0; + } else { + s->vectors[ARMV7M_EXCP_HARD].enabled = 1; + } + /* Strictly speaking the reset handler should be enabled. * However, we don't simulate soft resets through the NVIC, * and the reset vector should never be pended. @@ -1203,6 +1818,22 @@ static void armv7m_nvic_reset(DeviceState *dev) s->exception_prio = NVIC_NOEXC_PRIO; s->vectpending = 0; + s->vectpending_is_s_banked = false; + s->vectpending_prio = NVIC_NOEXC_PRIO; + + if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY)) { + memset(s->itns, 0, sizeof(s->itns)); + } else { + /* This state is constant and not guest accessible in a non-security + * NVIC; we set the bits to true to avoid having to do a feature + * bit check in the NVIC enable/pend/etc register accessors. + */ + int i; + + for (i = NVIC_FIRST_IRQ; i < ARRAY_SIZE(s->itns); i++) { + s->itns[i] = true; + } + } } static void nvic_systick_trigger(void *opaque, int n, int level) @@ -1213,8 +1844,10 @@ static void nvic_systick_trigger(void *opaque, int n, int level) /* SysTick just asked us to pend its exception. * (This is different from an external interrupt line's * behaviour.) + * TODO: when we implement the banked systicks we must make + * this pend the correct banked exception. */ - armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK); + armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK, false); } } diff --git a/hw/intc/trace-events b/hw/intc/trace-events index 4762329482..b86f242b0f 100644 --- a/hw/intc/trace-events +++ b/hw/intc/trace-events @@ -167,16 +167,17 @@ gicv3_redist_set_irq(uint32_t cpu, int irq, int level) "GICv3 redistributor 0x%x gicv3_redist_send_sgi(uint32_t cpu, int irq) "GICv3 redistributor 0x%x pending SGI %d" # hw/intc/armv7m_nvic.c -nvic_recompute_state(int vectpending, int exception_prio) "NVIC state recomputed: vectpending %d exception_prio %d" -nvic_set_prio(int irq, uint8_t prio) "NVIC set irq %d priority %d" +nvic_recompute_state(int vectpending, int vectpending_prio, int exception_prio) "NVIC state recomputed: vectpending %d vectpending_prio %d exception_prio %d" +nvic_recompute_state_secure(int vectpending, bool vectpending_is_s_banked, int vectpending_prio, int exception_prio) "NVIC state recomputed: vectpending %d is_s_banked %d vectpending_prio %d exception_prio %d" +nvic_set_prio(int irq, bool secure, uint8_t prio) "NVIC set irq %d secure-bank %d priority %d" nvic_irq_update(int vectpending, int pendprio, int exception_prio, int level) "NVIC vectpending %d pending prio %d exception_prio %d: setting irq line to %d" nvic_escalate_prio(int irq, int irqprio, int runprio) "NVIC escalating irq %d to HardFault: insufficient priority %d >= %d" nvic_escalate_disabled(int irq) "NVIC escalating irq %d to HardFault: disabled" -nvic_set_pending(int irq, int en, int prio) "NVIC set pending irq %d (enabled: %d priority %d)" -nvic_clear_pending(int irq, int en, int prio) "NVIC clear pending irq %d (enabled: %d priority %d)" +nvic_set_pending(int irq, bool secure, int en, int prio) "NVIC set pending irq %d secure-bank %d (enabled: %d priority %d)" +nvic_clear_pending(int irq, bool secure, int en, int prio) "NVIC clear pending irq %d secure-bank %d (enabled: %d priority %d)" nvic_set_pending_level(int irq) "NVIC set pending: irq %d higher prio than vectpending: setting irq line to 1" -nvic_acknowledge_irq(int irq, int prio) "NVIC acknowledge IRQ: %d now active (prio %d)" -nvic_complete_irq(int irq) "NVIC complete IRQ %d" +nvic_acknowledge_irq(int irq, int prio, bool targets_secure) "NVIC acknowledge IRQ: %d now active (prio %d targets_secure %d)" +nvic_complete_irq(int irq, bool secure) "NVIC complete IRQ %d (secure %d)" nvic_set_irq_level(int irq, int level) "NVIC external irq %d level set to %d" nvic_sysreg_read(uint64_t addr, uint32_t value, unsigned size) "NVIC sysreg read addr 0x%" PRIx64 " data 0x%" PRIx32 " size %u" nvic_sysreg_write(uint64_t addr, uint32_t value, unsigned size) "NVIC sysreg write addr 0x%" PRIx64 " data 0x%" PRIx32 " size %u" diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs index 29fb922cef..e8f0a02f35 100644 --- a/hw/misc/Makefile.objs +++ b/hw/misc/Makefile.objs @@ -59,3 +59,4 @@ obj-$(CONFIG_HYPERV_TESTDEV) += hyperv_testdev.o obj-$(CONFIG_AUX) += auxbus.o obj-$(CONFIG_ASPEED_SOC) += aspeed_scu.o aspeed_sdmc.o obj-y += mmio_interface.o +obj-$(CONFIG_MSF2) += msf2-sysreg.o diff --git a/hw/misc/msf2-sysreg.c b/hw/misc/msf2-sysreg.c new file mode 100644 index 0000000000..6eb501104b --- /dev/null +++ b/hw/misc/msf2-sysreg.c @@ -0,0 +1,160 @@ +/* + * System Register block model of Microsemi SmartFusion2. + * + * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qemu/log.h" +#include "hw/misc/msf2-sysreg.h" +#include "qemu/error-report.h" +#include "trace.h" + +static inline int msf2_divbits(uint32_t div) +{ + int r = ctz32(div); + + return (div < 8) ? r : r + 1; +} + +static void msf2_sysreg_reset(DeviceState *d) +{ + MSF2SysregState *s = MSF2_SYSREG(d); + + s->regs[MSSDDR_PLL_STATUS_LOW_CR] = 0x021A2358; + s->regs[MSSDDR_PLL_STATUS] = 0x3; + s->regs[MSSDDR_FACC1_CR] = msf2_divbits(s->apb0div) << 5 | + msf2_divbits(s->apb1div) << 2; +} + +static uint64_t msf2_sysreg_read(void *opaque, hwaddr offset, + unsigned size) +{ + MSF2SysregState *s = opaque; + uint32_t ret = 0; + + offset >>= 2; + if (offset < ARRAY_SIZE(s->regs)) { + ret = s->regs[offset]; + trace_msf2_sysreg_read(offset << 2, ret); + } else { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Bad offset 0x%08" HWADDR_PRIx "\n", __func__, + offset << 2); + } + + return ret; +} + +static void msf2_sysreg_write(void *opaque, hwaddr offset, + uint64_t val, unsigned size) +{ + MSF2SysregState *s = opaque; + uint32_t newval = val; + + offset >>= 2; + + switch (offset) { + case MSSDDR_PLL_STATUS: + trace_msf2_sysreg_write_pll_status(); + break; + + case ESRAM_CR: + case DDR_CR: + case ENVM_REMAP_BASE_CR: + if (newval != s->regs[offset]) { + qemu_log_mask(LOG_UNIMP, + TYPE_MSF2_SYSREG": remapping not supported\n"); + } + break; + + default: + if (offset < ARRAY_SIZE(s->regs)) { + trace_msf2_sysreg_write(offset << 2, newval, s->regs[offset]); + s->regs[offset] = newval; + } else { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Bad offset 0x%08" HWADDR_PRIx "\n", __func__, + offset << 2); + } + break; + } +} + +static const MemoryRegionOps sysreg_ops = { + .read = msf2_sysreg_read, + .write = msf2_sysreg_write, + .endianness = DEVICE_NATIVE_ENDIAN, +}; + +static void msf2_sysreg_init(Object *obj) +{ + MSF2SysregState *s = MSF2_SYSREG(obj); + + memory_region_init_io(&s->iomem, obj, &sysreg_ops, s, TYPE_MSF2_SYSREG, + MSF2_SYSREG_MMIO_SIZE); + sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->iomem); +} + +static const VMStateDescription vmstate_msf2_sysreg = { + .name = TYPE_MSF2_SYSREG, + .version_id = 1, + .minimum_version_id = 1, + .fields = (VMStateField[]) { + VMSTATE_UINT32_ARRAY(regs, MSF2SysregState, MSF2_SYSREG_MMIO_SIZE / 4), + VMSTATE_END_OF_LIST() + } +}; + +static Property msf2_sysreg_properties[] = { + /* default divisors in Libero GUI */ + DEFINE_PROP_UINT8("apb0divisor", MSF2SysregState, apb0div, 2), + DEFINE_PROP_UINT8("apb1divisor", MSF2SysregState, apb1div, 2), + DEFINE_PROP_END_OF_LIST(), +}; + +static void msf2_sysreg_realize(DeviceState *dev, Error **errp) +{ + MSF2SysregState *s = MSF2_SYSREG(dev); + + if ((s->apb0div > 32 || !is_power_of_2(s->apb0div)) + || (s->apb1div > 32 || !is_power_of_2(s->apb1div))) { + error_setg(errp, "Invalid apb divisor value"); + error_append_hint(errp, "apb divisor must be a power of 2" + " and maximum value is 32\n"); + } +} + +static void msf2_sysreg_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + + dc->vmsd = &vmstate_msf2_sysreg; + dc->reset = msf2_sysreg_reset; + dc->props = msf2_sysreg_properties; + dc->realize = msf2_sysreg_realize; +} + +static const TypeInfo msf2_sysreg_info = { + .name = TYPE_MSF2_SYSREG, + .parent = TYPE_SYS_BUS_DEVICE, + .class_init = msf2_sysreg_class_init, + .instance_size = sizeof(MSF2SysregState), + .instance_init = msf2_sysreg_init, +}; + +static void msf2_sysreg_register_types(void) +{ + type_register_static(&msf2_sysreg_info); +} + +type_init(msf2_sysreg_register_types) diff --git a/hw/misc/trace-events b/hw/misc/trace-events index 3313585b12..616579a403 100644 --- a/hw/misc/trace-events +++ b/hw/misc/trace-events @@ -61,3 +61,8 @@ mps2_scc_reset(void) "MPS2 SCC: reset" mps2_scc_leds(char led7, char led6, char led5, char led4, char led3, char led2, char led1, char led0) "MPS2 SCC LEDs: %c%c%c%c%c%c%c%c" mps2_scc_cfg_write(unsigned function, unsigned device, uint32_t value) "MPS2 SCC config write: function %d device %d data 0x%" PRIx32 mps2_scc_cfg_read(unsigned function, unsigned device, uint32_t value) "MPS2 SCC config read: function %d device %d data 0x%" PRIx32 + +# hw/misc/msf2-sysreg.c +msf2_sysreg_write(uint64_t offset, uint32_t val, uint32_t prev) "msf2-sysreg write: addr 0x%08" HWADDR_PRIx " data 0x%" PRIx32 " prev 0x%" PRIx32 +msf2_sysreg_read(uint64_t offset, uint32_t val) "msf2-sysreg read: addr 0x%08" HWADDR_PRIx " data 0x%08" PRIx32 +msf2_sysreg_write_pll_status(void) "Invalid write to read only PLL status register" diff --git a/hw/ssi/Makefile.objs b/hw/ssi/Makefile.objs index 487add2879..f5bcc65fe7 100644 --- a/hw/ssi/Makefile.objs +++ b/hw/ssi/Makefile.objs @@ -4,6 +4,7 @@ common-obj-$(CONFIG_XILINX_SPI) += xilinx_spi.o common-obj-$(CONFIG_XILINX_SPIPS) += xilinx_spips.o common-obj-$(CONFIG_ASPEED_SOC) += aspeed_smc.o common-obj-$(CONFIG_STM32F2XX_SPI) += stm32f2xx_spi.o +common-obj-$(CONFIG_MSF2) += mss-spi.o obj-$(CONFIG_OMAP) += omap_spi.o obj-$(CONFIG_IMX) += imx_spi.o diff --git a/hw/ssi/mss-spi.c b/hw/ssi/mss-spi.c new file mode 100644 index 0000000000..5a8e308e69 --- /dev/null +++ b/hw/ssi/mss-spi.c @@ -0,0 +1,404 @@ +/* + * Block model of SPI controller present in + * Microsemi's SmartFusion2 and SmartFusion SoCs. + * + * Copyright (C) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "qemu/osdep.h" +#include "hw/ssi/mss-spi.h" +#include "qemu/log.h" + +#ifndef MSS_SPI_ERR_DEBUG +#define MSS_SPI_ERR_DEBUG 0 +#endif + +#define DB_PRINT_L(lvl, fmt, args...) do { \ + if (MSS_SPI_ERR_DEBUG >= lvl) { \ + qemu_log("%s: " fmt "\n", __func__, ## args); \ + } \ +} while (0); + +#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args) + +#define FIFO_CAPACITY 32 + +#define R_SPI_CONTROL 0 +#define R_SPI_DFSIZE 1 +#define R_SPI_STATUS 2 +#define R_SPI_INTCLR 3 +#define R_SPI_RX 4 +#define R_SPI_TX 5 +#define R_SPI_CLKGEN 6 +#define R_SPI_SS 7 +#define R_SPI_MIS 8 +#define R_SPI_RIS 9 + +#define S_TXDONE (1 << 0) +#define S_RXRDY (1 << 1) +#define S_RXCHOVRF (1 << 2) +#define S_RXFIFOFUL (1 << 4) +#define S_RXFIFOFULNXT (1 << 5) +#define S_RXFIFOEMP (1 << 6) +#define S_RXFIFOEMPNXT (1 << 7) +#define S_TXFIFOFUL (1 << 8) +#define S_TXFIFOFULNXT (1 << 9) +#define S_TXFIFOEMP (1 << 10) +#define S_TXFIFOEMPNXT (1 << 11) +#define S_FRAMESTART (1 << 12) +#define S_SSEL (1 << 13) +#define S_ACTIVE (1 << 14) + +#define C_ENABLE (1 << 0) +#define C_MODE (1 << 1) +#define C_INTRXDATA (1 << 4) +#define C_INTTXDATA (1 << 5) +#define C_INTRXOVRFLO (1 << 6) +#define C_SPS (1 << 26) +#define C_BIGFIFO (1 << 29) +#define C_RESET (1 << 31) + +#define FRAMESZ_MASK 0x1F +#define FMCOUNT_MASK 0x00FFFF00 +#define FMCOUNT_SHIFT 8 + +static void txfifo_reset(MSSSpiState *s) +{ + fifo32_reset(&s->tx_fifo); + + s->regs[R_SPI_STATUS] &= ~S_TXFIFOFUL; + s->regs[R_SPI_STATUS] |= S_TXFIFOEMP; +} + +static void rxfifo_reset(MSSSpiState *s) +{ + fifo32_reset(&s->rx_fifo); + + s->regs[R_SPI_STATUS] &= ~S_RXFIFOFUL; + s->regs[R_SPI_STATUS] |= S_RXFIFOEMP; +} + +static void set_fifodepth(MSSSpiState *s) +{ + unsigned int size = s->regs[R_SPI_DFSIZE] & FRAMESZ_MASK; + + if (size <= 8) { + s->fifo_depth = 32; + } else if (size <= 16) { + s->fifo_depth = 16; + } else if (size <= 32) { + s->fifo_depth = 8; + } else { + s->fifo_depth = 4; + } +} + +static void update_mis(MSSSpiState *s) +{ + uint32_t reg = s->regs[R_SPI_CONTROL]; + uint32_t tmp; + + /* + * form the Control register interrupt enable bits + * same as RIS, MIS and Interrupt clear registers for simplicity + */ + tmp = ((reg & C_INTRXOVRFLO) >> 4) | ((reg & C_INTRXDATA) >> 3) | + ((reg & C_INTTXDATA) >> 5); + s->regs[R_SPI_MIS] |= tmp & s->regs[R_SPI_RIS]; +} + +static void spi_update_irq(MSSSpiState *s) +{ + int irq; + + update_mis(s); + irq = !!(s->regs[R_SPI_MIS]); + + qemu_set_irq(s->irq, irq); +} + +static void mss_spi_reset(DeviceState *d) +{ + MSSSpiState *s = MSS_SPI(d); + + memset(s->regs, 0, sizeof s->regs); + s->regs[R_SPI_CONTROL] = 0x80000102; + s->regs[R_SPI_DFSIZE] = 0x4; + s->regs[R_SPI_STATUS] = S_SSEL | S_TXFIFOEMP | S_RXFIFOEMP; + s->regs[R_SPI_CLKGEN] = 0x7; + s->regs[R_SPI_RIS] = 0x0; + + s->fifo_depth = 4; + s->frame_count = 1; + s->enabled = false; + + rxfifo_reset(s); + txfifo_reset(s); +} + +static uint64_t +spi_read(void *opaque, hwaddr addr, unsigned int size) +{ + MSSSpiState *s = opaque; + uint32_t ret = 0; + + addr >>= 2; + switch (addr) { + case R_SPI_RX: + s->regs[R_SPI_STATUS] &= ~S_RXFIFOFUL; + s->regs[R_SPI_STATUS] &= ~S_RXCHOVRF; + ret = fifo32_pop(&s->rx_fifo); + if (fifo32_is_empty(&s->rx_fifo)) { + s->regs[R_SPI_STATUS] |= S_RXFIFOEMP; + } + break; + + case R_SPI_MIS: + update_mis(s); + ret = s->regs[R_SPI_MIS]; + break; + + default: + if (addr < ARRAY_SIZE(s->regs)) { + ret = s->regs[addr]; + } else { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Bad offset 0x%" HWADDR_PRIx "\n", __func__, + addr * 4); + return ret; + } + break; + } + + DB_PRINT("addr=0x%" HWADDR_PRIx " = 0x%" PRIx32, addr * 4, ret); + spi_update_irq(s); + return ret; +} + +static void assert_cs(MSSSpiState *s) +{ + qemu_set_irq(s->cs_line, 0); +} + +static void deassert_cs(MSSSpiState *s) +{ + qemu_set_irq(s->cs_line, 1); +} + +static void spi_flush_txfifo(MSSSpiState *s) +{ + uint32_t tx; + uint32_t rx; + bool sps = !!(s->regs[R_SPI_CONTROL] & C_SPS); + + /* + * Chip Select(CS) is automatically controlled by this controller. + * If SPS bit is set in Control register then CS is asserted + * until all the frames set in frame count of Control register are + * transferred. If SPS is not set then CS pulses between frames. + * Note that Slave Select register specifies which of the CS line + * has to be controlled automatically by controller. Bits SS[7:1] are for + * masters in FPGA fabric since we model only Microcontroller subsystem + * of Smartfusion2 we control only one CS(SS[0]) line. + */ + while (!fifo32_is_empty(&s->tx_fifo) && s->frame_count) { + assert_cs(s); + + s->regs[R_SPI_STATUS] &= ~(S_TXDONE | S_RXRDY); + + tx = fifo32_pop(&s->tx_fifo); + DB_PRINT("data tx:0x%" PRIx32, tx); + rx = ssi_transfer(s->spi, tx); + DB_PRINT("data rx:0x%" PRIx32, rx); + + if (fifo32_num_used(&s->rx_fifo) == s->fifo_depth) { + s->regs[R_SPI_STATUS] |= S_RXCHOVRF; + s->regs[R_SPI_RIS] |= S_RXCHOVRF; + } else { + fifo32_push(&s->rx_fifo, rx); + s->regs[R_SPI_STATUS] &= ~S_RXFIFOEMP; + if (fifo32_num_used(&s->rx_fifo) == (s->fifo_depth - 1)) { + s->regs[R_SPI_STATUS] |= S_RXFIFOFULNXT; + } else if (fifo32_num_used(&s->rx_fifo) == s->fifo_depth) { + s->regs[R_SPI_STATUS] |= S_RXFIFOFUL; + } + } + s->frame_count--; + if (!sps) { + deassert_cs(s); + } + } + + if (!s->frame_count) { + s->frame_count = (s->regs[R_SPI_CONTROL] & FMCOUNT_MASK) >> + FMCOUNT_SHIFT; + deassert_cs(s); + s->regs[R_SPI_RIS] |= S_TXDONE | S_RXRDY; + s->regs[R_SPI_STATUS] |= S_TXDONE | S_RXRDY; + } +} + +static void spi_write(void *opaque, hwaddr addr, + uint64_t val64, unsigned int size) +{ + MSSSpiState *s = opaque; + uint32_t value = val64; + + DB_PRINT("addr=0x%" HWADDR_PRIx " =0x%" PRIx32, addr, value); + addr >>= 2; + + switch (addr) { + case R_SPI_TX: + /* adding to already full FIFO */ + if (fifo32_num_used(&s->tx_fifo) == s->fifo_depth) { + break; + } + s->regs[R_SPI_STATUS] &= ~S_TXFIFOEMP; + fifo32_push(&s->tx_fifo, value); + if (fifo32_num_used(&s->tx_fifo) == (s->fifo_depth - 1)) { + s->regs[R_SPI_STATUS] |= S_TXFIFOFULNXT; + } else if (fifo32_num_used(&s->tx_fifo) == s->fifo_depth) { + s->regs[R_SPI_STATUS] |= S_TXFIFOFUL; + } + if (s->enabled) { + spi_flush_txfifo(s); + } + break; + + case R_SPI_CONTROL: + s->regs[R_SPI_CONTROL] = value; + if (value & C_BIGFIFO) { + set_fifodepth(s); + } else { + s->fifo_depth = 4; + } + s->enabled = value & C_ENABLE; + s->frame_count = (value & FMCOUNT_MASK) >> FMCOUNT_SHIFT; + if (value & C_RESET) { + mss_spi_reset(DEVICE(s)); + } + break; + + case R_SPI_DFSIZE: + if (s->enabled) { + break; + } + s->regs[R_SPI_DFSIZE] = value; + break; + + case R_SPI_INTCLR: + s->regs[R_SPI_INTCLR] = value; + if (value & S_TXDONE) { + s->regs[R_SPI_RIS] &= ~S_TXDONE; + } + if (value & S_RXRDY) { + s->regs[R_SPI_RIS] &= ~S_RXRDY; + } + if (value & S_RXCHOVRF) { + s->regs[R_SPI_RIS] &= ~S_RXCHOVRF; + } + break; + + case R_SPI_MIS: + case R_SPI_STATUS: + case R_SPI_RIS: + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Write to read only register 0x%" HWADDR_PRIx "\n", + __func__, addr * 4); + break; + + default: + if (addr < ARRAY_SIZE(s->regs)) { + s->regs[addr] = value; + } else { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Bad offset 0x%" HWADDR_PRIx "\n", __func__, + addr * 4); + } + break; + } + + spi_update_irq(s); +} + +static const MemoryRegionOps spi_ops = { + .read = spi_read, + .write = spi_write, + .endianness = DEVICE_NATIVE_ENDIAN, + .valid = { + .min_access_size = 1, + .max_access_size = 4 + } +}; + +static void mss_spi_realize(DeviceState *dev, Error **errp) +{ + MSSSpiState *s = MSS_SPI(dev); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); + + s->spi = ssi_create_bus(dev, "spi"); + + sysbus_init_irq(sbd, &s->irq); + ssi_auto_connect_slaves(dev, &s->cs_line, s->spi); + sysbus_init_irq(sbd, &s->cs_line); + + memory_region_init_io(&s->mmio, OBJECT(s), &spi_ops, s, + TYPE_MSS_SPI, R_SPI_MAX * 4); + sysbus_init_mmio(sbd, &s->mmio); + + fifo32_create(&s->tx_fifo, FIFO_CAPACITY); + fifo32_create(&s->rx_fifo, FIFO_CAPACITY); +} + +static const VMStateDescription vmstate_mss_spi = { + .name = TYPE_MSS_SPI, + .version_id = 1, + .minimum_version_id = 1, + .fields = (VMStateField[]) { + VMSTATE_FIFO32(tx_fifo, MSSSpiState), + VMSTATE_FIFO32(rx_fifo, MSSSpiState), + VMSTATE_UINT32_ARRAY(regs, MSSSpiState, R_SPI_MAX), + VMSTATE_END_OF_LIST() + } +}; + +static void mss_spi_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + + dc->realize = mss_spi_realize; + dc->reset = mss_spi_reset; + dc->vmsd = &vmstate_mss_spi; +} + +static const TypeInfo mss_spi_info = { + .name = TYPE_MSS_SPI, + .parent = TYPE_SYS_BUS_DEVICE, + .instance_size = sizeof(MSSSpiState), + .class_init = mss_spi_class_init, +}; + +static void mss_spi_register_types(void) +{ + type_register_static(&mss_spi_info); +} + +type_init(mss_spi_register_types) diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs index 15cce1c531..8c19eac3b6 100644 --- a/hw/timer/Makefile.objs +++ b/hw/timer/Makefile.objs @@ -42,3 +42,4 @@ common-obj-$(CONFIG_ASPEED_SOC) += aspeed_timer.o common-obj-$(CONFIG_SUN4V_RTC) += sun4v-rtc.o common-obj-$(CONFIG_CMSDK_APB_TIMER) += cmsdk-apb-timer.o +common-obj-$(CONFIG_MSF2) += mss-timer.o diff --git a/hw/timer/mss-timer.c b/hw/timer/mss-timer.c new file mode 100644 index 0000000000..60f1213a3b --- /dev/null +++ b/hw/timer/mss-timer.c @@ -0,0 +1,289 @@ +/* + * Block model of System timer present in + * Microsemi's SmartFusion2 and SmartFusion SoCs. + * + * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com>. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "qemu/osdep.h" +#include "qemu/main-loop.h" +#include "qemu/log.h" +#include "hw/timer/mss-timer.h" + +#ifndef MSS_TIMER_ERR_DEBUG +#define MSS_TIMER_ERR_DEBUG 0 +#endif + +#define DB_PRINT_L(lvl, fmt, args...) do { \ + if (MSS_TIMER_ERR_DEBUG >= lvl) { \ + qemu_log("%s: " fmt "\n", __func__, ## args); \ + } \ +} while (0); + +#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args) + +#define R_TIM_VAL 0 +#define R_TIM_LOADVAL 1 +#define R_TIM_BGLOADVAL 2 +#define R_TIM_CTRL 3 +#define R_TIM_RIS 4 +#define R_TIM_MIS 5 + +#define TIMER_CTRL_ENBL (1 << 0) +#define TIMER_CTRL_ONESHOT (1 << 1) +#define TIMER_CTRL_INTR (1 << 2) +#define TIMER_RIS_ACK (1 << 0) +#define TIMER_RST_CLR (1 << 6) +#define TIMER_MODE (1 << 0) + +static void timer_update_irq(struct Msf2Timer *st) +{ + bool isr, ier; + + isr = !!(st->regs[R_TIM_RIS] & TIMER_RIS_ACK); + ier = !!(st->regs[R_TIM_CTRL] & TIMER_CTRL_INTR); + qemu_set_irq(st->irq, (ier && isr)); +} + +static void timer_update(struct Msf2Timer *st) +{ + uint64_t count; + + if (!(st->regs[R_TIM_CTRL] & TIMER_CTRL_ENBL)) { + ptimer_stop(st->ptimer); + return; + } + + count = st->regs[R_TIM_LOADVAL]; + ptimer_set_limit(st->ptimer, count, 1); + ptimer_run(st->ptimer, 1); +} + +static uint64_t +timer_read(void *opaque, hwaddr offset, unsigned int size) +{ + MSSTimerState *t = opaque; + hwaddr addr; + struct Msf2Timer *st; + uint32_t ret = 0; + int timer = 0; + int isr; + int ier; + + addr = offset >> 2; + /* + * Two independent timers has same base address. + * Based on address passed figure out which timer is being used. + */ + if ((addr >= R_TIM1_MAX) && (addr < NUM_TIMERS * R_TIM1_MAX)) { + timer = 1; + addr -= R_TIM1_MAX; + } + + st = &t->timers[timer]; + + switch (addr) { + case R_TIM_VAL: + ret = ptimer_get_count(st->ptimer); + break; + + case R_TIM_MIS: + isr = !!(st->regs[R_TIM_RIS] & TIMER_RIS_ACK); + ier = !!(st->regs[R_TIM_CTRL] & TIMER_CTRL_INTR); + ret = ier & isr; + break; + + default: + if (addr < R_TIM1_MAX) { + ret = st->regs[addr]; + } else { + qemu_log_mask(LOG_GUEST_ERROR, + TYPE_MSS_TIMER": 64-bit mode not supported\n"); + return ret; + } + break; + } + + DB_PRINT("timer=%d 0x%" HWADDR_PRIx "=0x%" PRIx32, timer, offset, + ret); + return ret; +} + +static void +timer_write(void *opaque, hwaddr offset, + uint64_t val64, unsigned int size) +{ + MSSTimerState *t = opaque; + hwaddr addr; + struct Msf2Timer *st; + int timer = 0; + uint32_t value = val64; + + addr = offset >> 2; + /* + * Two independent timers has same base address. + * Based on addr passed figure out which timer is being used. + */ + if ((addr >= R_TIM1_MAX) && (addr < NUM_TIMERS * R_TIM1_MAX)) { + timer = 1; + addr -= R_TIM1_MAX; + } + + st = &t->timers[timer]; + + DB_PRINT("addr=0x%" HWADDR_PRIx " val=0x%" PRIx32 " (timer=%d)", offset, + value, timer); + + switch (addr) { + case R_TIM_CTRL: + st->regs[R_TIM_CTRL] = value; + timer_update(st); + break; + + case R_TIM_RIS: + if (value & TIMER_RIS_ACK) { + st->regs[R_TIM_RIS] &= ~TIMER_RIS_ACK; + } + break; + + case R_TIM_LOADVAL: + st->regs[R_TIM_LOADVAL] = value; + if (st->regs[R_TIM_CTRL] & TIMER_CTRL_ENBL) { + timer_update(st); + } + break; + + case R_TIM_BGLOADVAL: + st->regs[R_TIM_BGLOADVAL] = value; + st->regs[R_TIM_LOADVAL] = value; + break; + + case R_TIM_VAL: + case R_TIM_MIS: + break; + + default: + if (addr < R_TIM1_MAX) { + st->regs[addr] = value; + } else { + qemu_log_mask(LOG_GUEST_ERROR, + TYPE_MSS_TIMER": 64-bit mode not supported\n"); + return; + } + break; + } + timer_update_irq(st); +} + +static const MemoryRegionOps timer_ops = { + .read = timer_read, + .write = timer_write, + .endianness = DEVICE_NATIVE_ENDIAN, + .valid = { + .min_access_size = 1, + .max_access_size = 4 + } +}; + +static void timer_hit(void *opaque) +{ + struct Msf2Timer *st = opaque; + + st->regs[R_TIM_RIS] |= TIMER_RIS_ACK; + + if (!(st->regs[R_TIM_CTRL] & TIMER_CTRL_ONESHOT)) { + timer_update(st); + } + timer_update_irq(st); +} + +static void mss_timer_init(Object *obj) +{ + MSSTimerState *t = MSS_TIMER(obj); + int i; + + /* Init all the ptimers. */ + for (i = 0; i < NUM_TIMERS; i++) { + struct Msf2Timer *st = &t->timers[i]; + + st->bh = qemu_bh_new(timer_hit, st); + st->ptimer = ptimer_init(st->bh, PTIMER_POLICY_DEFAULT); + ptimer_set_freq(st->ptimer, t->freq_hz); + sysbus_init_irq(SYS_BUS_DEVICE(obj), &st->irq); + } + + memory_region_init_io(&t->mmio, OBJECT(t), &timer_ops, t, TYPE_MSS_TIMER, + NUM_TIMERS * R_TIM1_MAX * 4); + sysbus_init_mmio(SYS_BUS_DEVICE(obj), &t->mmio); +} + +static const VMStateDescription vmstate_timers = { + .name = "mss-timer-block", + .version_id = 1, + .minimum_version_id = 1, + .fields = (VMStateField[]) { + VMSTATE_PTIMER(ptimer, struct Msf2Timer), + VMSTATE_UINT32_ARRAY(regs, struct Msf2Timer, R_TIM1_MAX), + VMSTATE_END_OF_LIST() + } +}; + +static const VMStateDescription vmstate_mss_timer = { + .name = TYPE_MSS_TIMER, + .version_id = 1, + .minimum_version_id = 1, + .fields = (VMStateField[]) { + VMSTATE_UINT32(freq_hz, MSSTimerState), + VMSTATE_STRUCT_ARRAY(timers, MSSTimerState, NUM_TIMERS, 0, + vmstate_timers, struct Msf2Timer), + VMSTATE_END_OF_LIST() + } +}; + +static Property mss_timer_properties[] = { + /* Libero GUI shows 100Mhz as default for clocks */ + DEFINE_PROP_UINT32("clock-frequency", MSSTimerState, freq_hz, + 100 * 1000000), + DEFINE_PROP_END_OF_LIST(), +}; + +static void mss_timer_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + + dc->props = mss_timer_properties; + dc->vmsd = &vmstate_mss_timer; +} + +static const TypeInfo mss_timer_info = { + .name = TYPE_MSS_TIMER, + .parent = TYPE_SYS_BUS_DEVICE, + .instance_size = sizeof(MSSTimerState), + .instance_init = mss_timer_init, + .class_init = mss_timer_class_init, +}; + +static void mss_timer_register_types(void) +{ + type_register_static(&mss_timer_info); +} + +type_init(mss_timer_register_types) diff --git a/hw/timer/omap_gptimer.c b/hw/timer/omap_gptimer.c index 5e3e8a6d70..6d7c8a396f 100644 --- a/hw/timer/omap_gptimer.c +++ b/hw/timer/omap_gptimer.c @@ -450,19 +450,44 @@ static void omap_gp_timer_writeh(void *opaque, hwaddr addr, s->writeh = (uint16_t) value; } +static uint64_t omap_gp_timer_readfn(void *opaque, hwaddr addr, + unsigned size) +{ + switch (size) { + case 1: + return omap_badwidth_read32(opaque, addr); + case 2: + return omap_gp_timer_readh(opaque, addr); + case 4: + return omap_gp_timer_readw(opaque, addr); + default: + g_assert_not_reached(); + } +} + +static void omap_gp_timer_writefn(void *opaque, hwaddr addr, + uint64_t value, unsigned size) +{ + switch (size) { + case 1: + omap_badwidth_write32(opaque, addr, value); + break; + case 2: + omap_gp_timer_writeh(opaque, addr, value); + break; + case 4: + omap_gp_timer_write(opaque, addr, value); + break; + default: + g_assert_not_reached(); + } +} + static const MemoryRegionOps omap_gp_timer_ops = { - .old_mmio = { - .read = { - omap_badwidth_read32, - omap_gp_timer_readh, - omap_gp_timer_readw, - }, - .write = { - omap_badwidth_write32, - omap_gp_timer_writeh, - omap_gp_timer_write, - }, - }, + .read = omap_gp_timer_readfn, + .write = omap_gp_timer_writefn, + .valid.min_access_size = 1, + .valid.max_access_size = 4, .endianness = DEVICE_NATIVE_ENDIAN, }; diff --git a/hw/timer/omap_synctimer.c b/hw/timer/omap_synctimer.c index 9ee6519793..0d75a90f3a 100644 --- a/hw/timer/omap_synctimer.c +++ b/hw/timer/omap_synctimer.c @@ -68,25 +68,32 @@ static uint32_t omap_synctimer_readh(void *opaque, hwaddr addr) } } -static void omap_synctimer_write(void *opaque, hwaddr addr, - uint32_t value) +static uint64_t omap_synctimer_readfn(void *opaque, hwaddr addr, + unsigned size) +{ + switch (size) { + case 1: + return omap_badwidth_read32(opaque, addr); + case 2: + return omap_synctimer_readh(opaque, addr); + case 4: + return omap_synctimer_readw(opaque, addr); + default: + g_assert_not_reached(); + } +} + +static void omap_synctimer_writefn(void *opaque, hwaddr addr, + uint64_t value, unsigned size) { OMAP_BAD_REG(addr); } static const MemoryRegionOps omap_synctimer_ops = { - .old_mmio = { - .read = { - omap_badwidth_read32, - omap_synctimer_readh, - omap_synctimer_readw, - }, - .write = { - omap_badwidth_write32, - omap_synctimer_write, - omap_synctimer_write, - }, - }, + .read = omap_synctimer_readfn, + .write = omap_synctimer_writefn, + .valid.min_access_size = 1, + .valid.max_access_size = 4, .endianness = DEVICE_NATIVE_ENDIAN, }; diff --git a/include/hw/arm/msf2-soc.h b/include/hw/arm/msf2-soc.h new file mode 100644 index 0000000000..3cfe5c76ee --- /dev/null +++ b/include/hw/arm/msf2-soc.h @@ -0,0 +1,67 @@ +/* + * Microsemi Smartfusion2 SoC + * + * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#ifndef HW_ARM_MSF2_SOC_H +#define HW_ARM_MSF2_SOC_H + +#include "hw/arm/armv7m.h" +#include "hw/timer/mss-timer.h" +#include "hw/misc/msf2-sysreg.h" +#include "hw/ssi/mss-spi.h" + +#define TYPE_MSF2_SOC "msf2-soc" +#define MSF2_SOC(obj) OBJECT_CHECK(MSF2State, (obj), TYPE_MSF2_SOC) + +#define MSF2_NUM_SPIS 2 +#define MSF2_NUM_UARTS 2 + +/* + * System timer consists of two programmable 32-bit + * decrementing counters that generate individual interrupts to + * the Cortex-M3 processor + */ +#define MSF2_NUM_TIMERS 2 + +typedef struct MSF2State { + /*< private >*/ + SysBusDevice parent_obj; + /*< public >*/ + + ARMv7MState armv7m; + + char *cpu_type; + char *part_name; + uint64_t envm_size; + uint64_t esram_size; + + uint32_t m3clk; + uint8_t apb0div; + uint8_t apb1div; + + MSF2SysregState sysreg; + MSSTimerState timer; + MSSSpiState spi[MSF2_NUM_SPIS]; +} MSF2State; + +#endif diff --git a/include/hw/intc/armv7m_nvic.h b/include/hw/intc/armv7m_nvic.h index 1a4cce7442..ac7997ca8c 100644 --- a/include/hw/intc/armv7m_nvic.h +++ b/include/hw/intc/armv7m_nvic.h @@ -21,6 +21,8 @@ /* Highest permitted number of exceptions (architectural limit) */ #define NVIC_MAX_VECTORS 512 +/* Number of internal exceptions */ +#define NVIC_INTERNAL_VECTORS 16 typedef struct VecInfo { /* Exception priorities can range from -3 to 255; only the unmodifiable @@ -41,13 +43,38 @@ typedef struct NVICState { ARMCPU *cpu; VecInfo vectors[NVIC_MAX_VECTORS]; - uint32_t prigroup; + /* If the v8M security extension is implemented, some of the internal + * exceptions are banked between security states (ie there exists both + * a Secure and a NonSecure version of the exception and its state): + * HardFault, MemManage, UsageFault, SVCall, PendSV, SysTick (R_PJHV) + * The rest (including all the external exceptions) are not banked, though + * they may be configurable to target either Secure or NonSecure state. + * We store the secure exception state in sec_vectors[] for the banked + * exceptions, and otherwise use only vectors[] (including for exceptions + * like SecureFault that unconditionally target Secure state). + * Entries in sec_vectors[] for non-banked exception numbers are unused. + */ + VecInfo sec_vectors[NVIC_INTERNAL_VECTORS]; + /* The PRIGROUP field in AIRCR is banked */ + uint32_t prigroup[M_REG_NUM_BANKS]; + + /* v8M NVIC_ITNS state (stored as a bool per bit) */ + bool itns[NVIC_MAX_VECTORS]; - /* vectpending and exception_prio are both cached state that can - * be recalculated from the vectors[] array and the prigroup field. + /* The following fields are all cached state that can be recalculated + * from the vectors[] and sec_vectors[] arrays and the prigroup field: + * - vectpending + * - vectpending_is_secure + * - exception_prio + * - vectpending_prio */ unsigned int vectpending; /* highest prio pending enabled exception */ + /* true if vectpending is a banked secure exception, ie it is in + * sec_vectors[] rather than vectors[] + */ + bool vectpending_is_s_banked; int exception_prio; /* group prio of the highest prio active exception */ + int vectpending_prio; /* group prio of the exeception in vectpending */ MemoryRegion sysregmem; MemoryRegion sysreg_ns_mem; diff --git a/include/hw/misc/msf2-sysreg.h b/include/hw/misc/msf2-sysreg.h new file mode 100644 index 0000000000..5993f67b4e --- /dev/null +++ b/include/hw/misc/msf2-sysreg.h @@ -0,0 +1,77 @@ +/* + * Microsemi SmartFusion2 SYSREG + * + * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#ifndef HW_MSF2_SYSREG_H +#define HW_MSF2_SYSREG_H + +#include "hw/sysbus.h" + +enum { + ESRAM_CR = 0x00 / 4, + ESRAM_MAX_LAT, + DDR_CR, + ENVM_CR, + ENVM_REMAP_BASE_CR, + ENVM_REMAP_FAB_CR, + CC_CR, + CC_REGION_CR, + CC_LOCK_BASE_ADDR_CR, + CC_FLUSH_INDX_CR, + DDRB_BUF_TIMER_CR, + DDRB_NB_ADDR_CR, + DDRB_NB_SIZE_CR, + DDRB_CR, + + SOFT_RESET_CR = 0x48 / 4, + M3_CR, + + GPIO_SYSRESET_SEL_CR = 0x58 / 4, + + MDDR_CR = 0x60 / 4, + + MSSDDR_PLL_STATUS_LOW_CR = 0x90 / 4, + MSSDDR_PLL_STATUS_HIGH_CR, + MSSDDR_FACC1_CR, + MSSDDR_FACC2_CR, + + MSSDDR_PLL_STATUS = 0x150 / 4, +}; + +#define MSF2_SYSREG_MMIO_SIZE 0x300 + +#define TYPE_MSF2_SYSREG "msf2-sysreg" +#define MSF2_SYSREG(obj) OBJECT_CHECK(MSF2SysregState, (obj), TYPE_MSF2_SYSREG) + +typedef struct MSF2SysregState { + SysBusDevice parent_obj; + + MemoryRegion iomem; + + uint8_t apb0div; + uint8_t apb1div; + + uint32_t regs[MSF2_SYSREG_MMIO_SIZE / 4]; +} MSF2SysregState; + +#endif /* HW_MSF2_SYSREG_H */ diff --git a/include/hw/ssi/mss-spi.h b/include/hw/ssi/mss-spi.h new file mode 100644 index 0000000000..f0cf3243e0 --- /dev/null +++ b/include/hw/ssi/mss-spi.h @@ -0,0 +1,58 @@ +/* + * Microsemi SmartFusion2 SPI + * + * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#ifndef HW_MSS_SPI_H +#define HW_MSS_SPI_H + +#include "hw/sysbus.h" +#include "hw/ssi/ssi.h" +#include "qemu/fifo32.h" + +#define TYPE_MSS_SPI "mss-spi" +#define MSS_SPI(obj) OBJECT_CHECK(MSSSpiState, (obj), TYPE_MSS_SPI) + +#define R_SPI_MAX 16 + +typedef struct MSSSpiState { + SysBusDevice parent_obj; + + MemoryRegion mmio; + + qemu_irq irq; + + qemu_irq cs_line; + + SSIBus *spi; + + Fifo32 rx_fifo; + Fifo32 tx_fifo; + + int fifo_depth; + uint32_t frame_count; + bool enabled; + + uint32_t regs[R_SPI_MAX]; +} MSSSpiState; + +#endif /* HW_MSS_SPI_H */ diff --git a/include/hw/timer/mss-timer.h b/include/hw/timer/mss-timer.h new file mode 100644 index 0000000000..d15d1732f8 --- /dev/null +++ b/include/hw/timer/mss-timer.h @@ -0,0 +1,64 @@ +/* + * Microsemi SmartFusion2 Timer. + * + * Copyright (c) 2017 Subbaraya Sundeep <sundeep.lkml@gmail.com> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#ifndef HW_MSS_TIMER_H +#define HW_MSS_TIMER_H + +#include "hw/sysbus.h" +#include "hw/ptimer.h" + +#define TYPE_MSS_TIMER "mss-timer" +#define MSS_TIMER(obj) OBJECT_CHECK(MSSTimerState, \ + (obj), TYPE_MSS_TIMER) + +/* + * There are two 32-bit down counting timers. + * Timers 1 and 2 can be concatenated into a single 64-bit Timer + * that operates either in Periodic mode or in One-shot mode. + * Writing 1 to the TIM64_MODE register bit 0 sets the Timers in 64-bit mode. + * In 64-bit mode, writing to the 32-bit registers has no effect. + * Similarly, in 32-bit mode, writing to the 64-bit mode registers + * has no effect. Only two 32-bit timers are supported currently. + */ +#define NUM_TIMERS 2 + +#define R_TIM1_MAX 6 + +struct Msf2Timer { + QEMUBH *bh; + ptimer_state *ptimer; + + uint32_t regs[R_TIM1_MAX]; + qemu_irq irq; +}; + +typedef struct MSSTimerState { + SysBusDevice parent_obj; + + MemoryRegion mmio; + uint32_t freq_hz; + struct Msf2Timer timers[NUM_TIMERS]; +} MSSTimerState; + +#endif /* HW_MSS_TIMER_H */ diff --git a/target/arm/cpu.c b/target/arm/cpu.c index 20a3445bda..33449790e5 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -187,6 +187,13 @@ static void arm_cpu_reset(CPUState *s) if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { env->v7m.secure = true; + } else { + /* This bit resets to 0 if security is supported, but 1 if + * it is not. The bit is not present in v7M, but we set it + * here so we can avoid having to make checks on it conditional + * on ARM_FEATURE_V8 (we don't let the guest see the bit). + */ + env->v7m.aircr = R_V7M_AIRCR_BFHFNMINS_MASK; } /* In v7M the reset value of this bit is IMPDEF, but ARM recommends diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 6e50ae2b55..8afceca873 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -449,6 +449,7 @@ typedef struct CPUARMState { int exception; uint32_t primask[M_REG_NUM_BANKS]; uint32_t faultmask[M_REG_NUM_BANKS]; + uint32_t aircr; /* only holds r/w state if security extn implemented */ uint32_t secure; /* Is CPU in Secure state? (not guest visible) */ } v7m; @@ -1200,6 +1201,17 @@ FIELD(V7M_CCR, STKALIGN, 9, 1) FIELD(V7M_CCR, DC, 16, 1) FIELD(V7M_CCR, IC, 17, 1) +/* V7M AIRCR bits */ +FIELD(V7M_AIRCR, VECTRESET, 0, 1) +FIELD(V7M_AIRCR, VECTCLRACTIVE, 1, 1) +FIELD(V7M_AIRCR, SYSRESETREQ, 2, 1) +FIELD(V7M_AIRCR, SYSRESETREQS, 3, 1) +FIELD(V7M_AIRCR, PRIGROUP, 8, 3) +FIELD(V7M_AIRCR, BFHFNMINS, 13, 1) +FIELD(V7M_AIRCR, PRIS, 14, 1) +FIELD(V7M_AIRCR, ENDIANNESS, 15, 1) +FIELD(V7M_AIRCR, VECTKEY, 16, 16) + /* V7M CFSR bits for MMFSR */ FIELD(V7M_CFSR, IACCVIOL, 0, 1) FIELD(V7M_CFSR, DACCVIOL, 1, 1) @@ -1451,19 +1463,42 @@ static inline bool armv7m_nvic_can_take_pending_exception(void *opaque) return true; } #endif -void armv7m_nvic_set_pending(void *opaque, int irq); -void armv7m_nvic_acknowledge_irq(void *opaque); +/** + * armv7m_nvic_set_pending: mark the specified exception as pending + * @opaque: the NVIC + * @irq: the exception number to mark pending + * @secure: false for non-banked exceptions or for the nonsecure + * version of a banked exception, true for the secure version of a banked + * exception. + * + * Marks the specified exception as pending. Note that we will assert() + * if @secure is true and @irq does not specify one of the fixed set + * of architecturally banked exceptions. + */ +void armv7m_nvic_set_pending(void *opaque, int irq, bool secure); +/** + * armv7m_nvic_acknowledge_irq: make highest priority pending exception active + * @opaque: the NVIC + * + * Move the current highest priority pending exception from the pending + * state to the active state, and update v7m.exception to indicate that + * it is the exception currently being handled. + * + * Returns: true if exception should be taken to Secure state, false for NS + */ +bool armv7m_nvic_acknowledge_irq(void *opaque); /** * armv7m_nvic_complete_irq: complete specified interrupt or exception * @opaque: the NVIC * @irq: the exception number to complete + * @secure: true if this exception was secure * * Returns: -1 if the irq was not active * 1 if completing this irq brought us back to base (no active irqs) * 0 if there is still an irq active after this one was completed * (Ignoring -1, this is the same as the RETTOBASE value before completion.) */ -int armv7m_nvic_complete_irq(void *opaque, int irq); +int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure); /** * armv7m_nvic_raw_execution_priority: return the raw execution priority * @opaque: the NVIC @@ -1474,6 +1509,21 @@ int armv7m_nvic_complete_irq(void *opaque, int irq); * (v8M ARM ARM I_PKLD.) */ int armv7m_nvic_raw_execution_priority(void *opaque); +/** + * armv7m_nvic_neg_prio_requested: return true if the requested execution + * priority is negative for the specified security state. + * @opaque: the NVIC + * @secure: the security state to test + * This corresponds to the pseudocode IsReqExecPriNeg(). + */ +#ifndef CONFIG_USER_ONLY +bool armv7m_nvic_neg_prio_requested(void *opaque, bool secure); +#else +static inline bool armv7m_nvic_neg_prio_requested(void *opaque, bool secure) +{ + return false; +} +#endif /* Interface for defining coprocessor registers. * Registers are defined in tables of arm_cp_reginfo structs @@ -2259,11 +2309,7 @@ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch) if (arm_feature(env, ARM_FEATURE_M)) { ARMMMUIdx mmu_idx = el == 0 ? ARMMMUIdx_MUser : ARMMMUIdx_MPriv; - /* Execution priority is negative if FAULTMASK is set or - * we're in a HardFault or NMI handler. - */ - if ((env->v7m.exception > 0 && env->v7m.exception <= 3) - || env->v7m.faultmask[env->v7m.secure]) { + if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) { mmu_idx = ARMMMUIdx_MNegPri; } diff --git a/target/arm/helper.c b/target/arm/helper.c index 4f41841ef6..8be78ea2f8 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6218,6 +6218,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) bool return_to_sp_process = false; bool return_to_handler = false; bool rettobase = false; + bool exc_secure = false; /* We can only get here from an EXCP_EXCEPTION_EXIT, and * gen_bx_excret() enforces the architectural rule @@ -6256,16 +6257,17 @@ static void do_v7m_exception_exit(ARMCPU *cpu) * which security state's faultmask to clear. (v8M ARM ARM R_KBNF.) */ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { - int es = excret & R_V7M_EXCRET_ES_MASK; + exc_secure = excret & R_V7M_EXCRET_ES_MASK; if (armv7m_nvic_raw_execution_priority(env->nvic) >= 0) { - env->v7m.faultmask[es] = 0; + env->v7m.faultmask[exc_secure] = 0; } } else { env->v7m.faultmask[M_REG_NS] = 0; } } - switch (armv7m_nvic_complete_irq(env->nvic, env->v7m.exception)) { + switch (armv7m_nvic_complete_irq(env->nvic, env->v7m.exception, + exc_secure)) { case -1: /* attempt to exit an exception that isn't active */ ufault = true; @@ -6306,7 +6308,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) * stack, directly take a usage fault on the current stack. */ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; - armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE); + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure); v7m_exception_taken(cpu, excret); qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing " "stackframe: failed exception return integrity check\n"); @@ -6345,8 +6347,11 @@ static void do_v7m_exception_exit(ARMCPU *cpu) * exception return excret specified then this is a UsageFault. */ if (return_to_handler != arm_v7m_is_handler_mode(env)) { - /* Take an INVPC UsageFault by pushing the stack again. */ - armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE); + /* Take an INVPC UsageFault by pushing the stack again. + * TODO: the v8M version of this code should target the + * background state for this exception. + */ + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, false); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK; v7m_push_stack(cpu); v7m_exception_taken(cpu, excret); @@ -6406,20 +6411,20 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) handle it. */ switch (cs->exception_index) { case EXCP_UDEF: - armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE); + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_UNDEFINSTR_MASK; break; case EXCP_NOCP: - armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE); + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_NOCP_MASK; break; case EXCP_INVSTATE: - armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE); + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVSTATE_MASK; break; case EXCP_SWI: /* The PC already points to the next instruction. */ - armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC); + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC, env->v7m.secure); break; case EXCP_PREFETCH_ABORT: case EXCP_DATA_ABORT: @@ -6443,7 +6448,7 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) env->v7m.bfar); break; } - armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS); + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS, false); break; default: /* All other FSR values are either MPU faults or "can't happen @@ -6463,7 +6468,8 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) env->v7m.mmfar[env->v7m.secure]); break; } - armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM); + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM, + env->v7m.secure); break; } break; @@ -6480,7 +6486,7 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) return; } } - armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG); + armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG, false); break; case EXCP_IRQ: break; @@ -8892,12 +8898,68 @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg) break; case 20: /* CONTROL */ return env->v7m.control[env->v7m.secure]; + case 0x94: /* CONTROL_NS */ + /* We have to handle this here because unprivileged Secure code + * can read the NS CONTROL register. + */ + if (!env->v7m.secure) { + return 0; + } + return env->v7m.control[M_REG_NS]; } if (el == 0) { return 0; /* unprivileged reads others as zero */ } + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { + switch (reg) { + case 0x88: /* MSP_NS */ + if (!env->v7m.secure) { + return 0; + } + return env->v7m.other_ss_msp; + case 0x89: /* PSP_NS */ + if (!env->v7m.secure) { + return 0; + } + return env->v7m.other_ss_psp; + case 0x90: /* PRIMASK_NS */ + if (!env->v7m.secure) { + return 0; + } + return env->v7m.primask[M_REG_NS]; + case 0x91: /* BASEPRI_NS */ + if (!env->v7m.secure) { + return 0; + } + return env->v7m.basepri[M_REG_NS]; + case 0x93: /* FAULTMASK_NS */ + if (!env->v7m.secure) { + return 0; + } + return env->v7m.faultmask[M_REG_NS]; + case 0x98: /* SP_NS */ + { + /* This gives the non-secure SP selected based on whether we're + * currently in handler mode or not, using the NS CONTROL.SPSEL. + */ + bool spsel = env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK; + + if (!env->v7m.secure) { + return 0; + } + if (!arm_v7m_is_handler_mode(env) && spsel) { + return env->v7m.other_ss_psp; + } else { + return env->v7m.other_ss_msp; + } + } + default: + break; + } + } + switch (reg) { case 8: /* MSP */ return (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) ? @@ -8936,6 +8998,60 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val) return; } + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { + switch (reg) { + case 0x88: /* MSP_NS */ + if (!env->v7m.secure) { + return; + } + env->v7m.other_ss_msp = val; + return; + case 0x89: /* PSP_NS */ + if (!env->v7m.secure) { + return; + } + env->v7m.other_ss_psp = val; + return; + case 0x90: /* PRIMASK_NS */ + if (!env->v7m.secure) { + return; + } + env->v7m.primask[M_REG_NS] = val & 1; + return; + case 0x91: /* BASEPRI_NS */ + if (!env->v7m.secure) { + return; + } + env->v7m.basepri[M_REG_NS] = val & 0xff; + return; + case 0x93: /* FAULTMASK_NS */ + if (!env->v7m.secure) { + return; + } + env->v7m.faultmask[M_REG_NS] = val & 1; + return; + case 0x98: /* SP_NS */ + { + /* This gives the non-secure SP selected based on whether we're + * currently in handler mode or not, using the NS CONTROL.SPSEL. + */ + bool spsel = env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK; + + if (!env->v7m.secure) { + return; + } + if (!arm_v7m_is_handler_mode(env) && spsel) { + env->v7m.other_ss_psp = val; + } else { + env->v7m.other_ss_msp = val; + } + return; + } + default: + break; + } + } + switch (reg) { case 0 ... 7: /* xPSR sub-fields */ /* only APSR is actually writable */ diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 083568c468..899ffb96fc 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -1203,12 +1203,14 @@ static inline AArch64DecodeFn *lookup_disas_fn(const AArch64DecodeTable *table, } /* - * the instruction disassembly implemented here matches - * the instruction encoding classifications in chapter 3 (C3) - * of the ARM Architecture Reference Manual (DDI0487A_a) + * The instruction disassembly implemented here matches + * the instruction encoding classifications in chapter C4 + * of the ARM Architecture Reference Manual (DDI0487B_a); + * classification names and decode diagrams here should generally + * match up with those in the manual. */ -/* C3.2.7 Unconditional branch (immediate) +/* Unconditional branch (immediate) * 31 30 26 25 0 * +----+-----------+-------------------------------------+ * | op | 0 0 1 0 1 | imm26 | @@ -1219,15 +1221,15 @@ static void disas_uncond_b_imm(DisasContext *s, uint32_t insn) uint64_t addr = s->pc + sextract32(insn, 0, 26) * 4 - 4; if (insn & (1U << 31)) { - /* C5.6.26 BL Branch with link */ + /* BL Branch with link */ tcg_gen_movi_i64(cpu_reg(s, 30), s->pc); } - /* C5.6.20 B Branch / C5.6.26 BL Branch with link */ + /* B Branch / BL Branch with link */ gen_goto_tb(s, 0, addr); } -/* C3.2.1 Compare & branch (immediate) +/* Compare and branch (immediate) * 31 30 25 24 23 5 4 0 * +----+-------------+----+---------------------+--------+ * | sf | 0 1 1 0 1 0 | op | imm19 | Rt | @@ -1256,7 +1258,7 @@ static void disas_comp_b_imm(DisasContext *s, uint32_t insn) gen_goto_tb(s, 1, addr); } -/* C3.2.5 Test & branch (immediate) +/* Test and branch (immediate) * 31 30 25 24 23 19 18 5 4 0 * +----+-------------+----+-------+-------------+------+ * | b5 | 0 1 1 0 1 1 | op | b40 | imm14 | Rt | @@ -1285,7 +1287,7 @@ static void disas_test_b_imm(DisasContext *s, uint32_t insn) gen_goto_tb(s, 1, addr); } -/* C3.2.2 / C5.6.19 Conditional branch (immediate) +/* Conditional branch (immediate) * 31 25 24 23 5 4 3 0 * +---------------+----+---------------------+----+------+ * | 0 1 0 1 0 1 0 | o1 | imm19 | o0 | cond | @@ -1316,7 +1318,7 @@ static void disas_cond_b_imm(DisasContext *s, uint32_t insn) } } -/* C5.6.68 HINT */ +/* HINT instruction group, including various allocated HINTs */ static void handle_hint(DisasContext *s, uint32_t insn, unsigned int op1, unsigned int op2, unsigned int crm) { @@ -1401,7 +1403,7 @@ static void handle_sync(DisasContext *s, uint32_t insn, } } -/* C5.6.130 MSR (immediate) - move immediate to processor state field */ +/* MSR (immediate) - move immediate to processor state field */ static void handle_msr_i(DisasContext *s, uint32_t insn, unsigned int op1, unsigned int op2, unsigned int crm) { @@ -1477,10 +1479,10 @@ static void gen_set_nzcv(TCGv_i64 tcg_rt) tcg_temp_free_i32(nzcv); } -/* C5.6.129 MRS - move from system register - * C5.6.131 MSR (register) - move to system register - * C5.6.204 SYS - * C5.6.205 SYSL +/* MRS - move from system register + * MSR (register) - move to system register + * SYS + * SYSL * These are all essentially the same insn in 'read' and 'write' * versions, with varying op0 fields. */ @@ -1603,7 +1605,7 @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread, } } -/* C3.2.4 System +/* System * 31 22 21 20 19 18 16 15 12 11 8 7 5 4 0 * +---------------------+---+-----+-----+-------+-------+-----+------+ * | 1 1 0 1 0 1 0 1 0 0 | L | op0 | op1 | CRn | CRm | op2 | Rt | @@ -1626,13 +1628,13 @@ static void disas_system(DisasContext *s, uint32_t insn) return; } switch (crn) { - case 2: /* C5.6.68 HINT */ + case 2: /* HINT (including allocated hints like NOP, YIELD, etc) */ handle_hint(s, insn, op1, op2, crm); break; case 3: /* CLREX, DSB, DMB, ISB */ handle_sync(s, insn, op1, op2, crm); break; - case 4: /* C5.6.130 MSR (immediate) */ + case 4: /* MSR (immediate) */ handle_msr_i(s, insn, op1, op2, crm); break; default: @@ -1644,7 +1646,7 @@ static void disas_system(DisasContext *s, uint32_t insn) handle_sys(s, insn, l, op0, op1, op2, crn, crm, rt); } -/* C3.2.3 Exception generation +/* Exception generation * * 31 24 23 21 20 5 4 2 1 0 * +-----------------+-----+------------------------+-----+----+ @@ -1751,7 +1753,7 @@ static void disas_exc(DisasContext *s, uint32_t insn) } } -/* C3.2.7 Unconditional branch (register) +/* Unconditional branch (register) * 31 25 24 21 20 16 15 10 9 5 4 0 * +---------------+-------+-------+-------+------+-------+ * | 1 1 0 1 0 1 1 | opc | op2 | op3 | Rn | op4 | @@ -1806,7 +1808,7 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn) s->base.is_jmp = DISAS_JUMP; } -/* C3.2 Branches, exception generating and system instructions */ +/* Branches, exception generating and system instructions */ static void disas_b_exc_sys(DisasContext *s, uint32_t insn) { switch (extract32(insn, 25, 7)) { @@ -1966,7 +1968,7 @@ static bool disas_ldst_compute_iss_sf(int size, bool is_signed, int opc) return regsize == 64; } -/* C3.3.6 Load/store exclusive +/* Load/store exclusive * * 31 30 29 24 23 22 21 20 16 15 14 10 9 5 4 0 * +-----+-------------+----+---+----+------+----+-------+------+------+ @@ -2043,7 +2045,7 @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn) } /* - * C3.3.5 Load register (literal) + * Load register (literal) * * 31 30 29 27 26 25 24 23 5 4 0 * +-----+-------+---+-----+-------------------+-------+ @@ -2099,15 +2101,15 @@ static void disas_ld_lit(DisasContext *s, uint32_t insn) } /* - * C5.6.80 LDNP (Load Pair - non-temporal hint) - * C5.6.81 LDP (Load Pair - non vector) - * C5.6.82 LDPSW (Load Pair Signed Word - non vector) - * C5.6.176 STNP (Store Pair - non-temporal hint) - * C5.6.177 STP (Store Pair - non vector) - * C6.3.165 LDNP (Load Pair of SIMD&FP - non-temporal hint) - * C6.3.165 LDP (Load Pair of SIMD&FP) - * C6.3.284 STNP (Store Pair of SIMD&FP - non-temporal hint) - * C6.3.284 STP (Store Pair of SIMD&FP) + * LDNP (Load Pair - non-temporal hint) + * LDP (Load Pair - non vector) + * LDPSW (Load Pair Signed Word - non vector) + * STNP (Store Pair - non-temporal hint) + * STP (Store Pair - non vector) + * LDNP (Load Pair of SIMD&FP - non-temporal hint) + * LDP (Load Pair of SIMD&FP) + * STNP (Store Pair of SIMD&FP - non-temporal hint) + * STP (Store Pair of SIMD&FP) * * 31 30 29 27 26 25 24 23 22 21 15 14 10 9 5 4 0 * +-----+-------+---+---+-------+---+-----------------------------+ @@ -2253,9 +2255,9 @@ static void disas_ldst_pair(DisasContext *s, uint32_t insn) } /* - * C3.3.8 Load/store (immediate post-indexed) - * C3.3.9 Load/store (immediate pre-indexed) - * C3.3.12 Load/store (unscaled immediate) + * Load/store (immediate post-indexed) + * Load/store (immediate pre-indexed) + * Load/store (unscaled immediate) * * 31 30 29 27 26 25 24 23 22 21 20 12 11 10 9 5 4 0 * +----+-------+---+-----+-----+---+--------+-----+------+------+ @@ -2371,7 +2373,7 @@ static void disas_ldst_reg_imm9(DisasContext *s, uint32_t insn, } /* - * C3.3.10 Load/store (register offset) + * Load/store (register offset) * * 31 30 29 27 26 25 24 23 22 21 20 16 15 13 12 11 10 9 5 4 0 * +----+-------+---+-----+-----+---+------+-----+--+-----+----+----+ @@ -2468,7 +2470,7 @@ static void disas_ldst_reg_roffset(DisasContext *s, uint32_t insn, } /* - * C3.3.13 Load/store (unsigned immediate) + * Load/store (unsigned immediate) * * 31 30 29 27 26 25 24 23 22 21 10 9 5 * +----+-------+---+-----+-----+------------+-------+------+ @@ -2579,14 +2581,14 @@ static void disas_ldst_reg(DisasContext *s, uint32_t insn) } } -/* C3.3.1 AdvSIMD load/store multiple structures +/* AdvSIMD load/store multiple structures * * 31 30 29 23 22 21 16 15 12 11 10 9 5 4 0 * +---+---+---------------+---+-------------+--------+------+------+------+ * | 0 | Q | 0 0 1 1 0 0 0 | L | 0 0 0 0 0 0 | opcode | size | Rn | Rt | * +---+---+---------------+---+-------------+--------+------+------+------+ * - * C3.3.2 AdvSIMD load/store multiple structures (post-indexed) + * AdvSIMD load/store multiple structures (post-indexed) * * 31 30 29 23 22 21 20 16 15 12 11 10 9 5 4 0 * +---+---+---------------+---+---+---------+--------+------+------+------+ @@ -2711,14 +2713,14 @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn) tcg_temp_free_i64(tcg_addr); } -/* C3.3.3 AdvSIMD load/store single structure +/* AdvSIMD load/store single structure * * 31 30 29 23 22 21 20 16 15 13 12 11 10 9 5 4 0 * +---+---+---------------+-----+-----------+-----+---+------+------+------+ * | 0 | Q | 0 0 1 1 0 1 0 | L R | 0 0 0 0 0 | opc | S | size | Rn | Rt | * +---+---+---------------+-----+-----------+-----+---+------+------+------+ * - * C3.3.4 AdvSIMD load/store single structure (post-indexed) + * AdvSIMD load/store single structure (post-indexed) * * 31 30 29 23 22 21 20 16 15 13 12 11 10 9 5 4 0 * +---+---+---------------+-----+-----------+-----+---+------+------+------+ @@ -2861,7 +2863,7 @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn) tcg_temp_free_i64(tcg_addr); } -/* C3.3 Loads and stores */ +/* Loads and stores */ static void disas_ldst(DisasContext *s, uint32_t insn) { switch (extract32(insn, 24, 6)) { @@ -2891,7 +2893,7 @@ static void disas_ldst(DisasContext *s, uint32_t insn) } } -/* C3.4.6 PC-rel. addressing +/* PC-rel. addressing * 31 30 29 28 24 23 5 4 0 * +----+-------+-----------+-------------------+------+ * | op | immlo | 1 0 0 0 0 | immhi | Rd | @@ -2920,7 +2922,7 @@ static void disas_pc_rel_adr(DisasContext *s, uint32_t insn) } /* - * C3.4.1 Add/subtract (immediate) + * Add/subtract (immediate) * * 31 30 29 28 24 23 22 21 10 9 5 4 0 * +--+--+--+-----------+-----+-------------+-----+-----+ @@ -3070,7 +3072,7 @@ static bool logic_imm_decode_wmask(uint64_t *result, unsigned int immn, return true; } -/* C3.4.4 Logical (immediate) +/* Logical (immediate) * 31 30 29 28 23 22 21 16 15 10 9 5 4 0 * +----+-----+-------------+---+------+------+------+------+ * | sf | opc | 1 0 0 1 0 0 | N | immr | imms | Rn | Rd | @@ -3143,7 +3145,7 @@ static void disas_logic_imm(DisasContext *s, uint32_t insn) } /* - * C3.4.5 Move wide (immediate) + * Move wide (immediate) * * 31 30 29 28 23 22 21 20 5 4 0 * +--+-----+-------------+-----+----------------+------+ @@ -3195,7 +3197,7 @@ static void disas_movw_imm(DisasContext *s, uint32_t insn) } } -/* C3.4.2 Bitfield +/* Bitfield * 31 30 29 28 23 22 21 16 15 10 9 5 4 0 * +----+-----+-------------+---+------+------+------+------+ * | sf | opc | 1 0 0 1 1 0 | N | immr | imms | Rn | Rd | @@ -3273,7 +3275,7 @@ static void disas_bitfield(DisasContext *s, uint32_t insn) } } -/* C3.4.3 Extract +/* Extract * 31 30 29 28 23 22 21 20 16 15 10 9 5 4 0 * +----+------+-------------+---+----+------+--------+------+------+ * | sf | op21 | 1 0 0 1 1 1 | N | o0 | Rm | imms | Rn | Rd | @@ -3333,7 +3335,7 @@ static void disas_extract(DisasContext *s, uint32_t insn) } } -/* C3.4 Data processing - immediate */ +/* Data processing - immediate */ static void disas_data_proc_imm(DisasContext *s, uint32_t insn) { switch (extract32(insn, 23, 6)) { @@ -3427,7 +3429,7 @@ static void shift_reg_imm(TCGv_i64 dst, TCGv_i64 src, int sf, } } -/* C3.5.10 Logical (shifted register) +/* Logical (shifted register) * 31 30 29 28 24 23 22 21 20 16 15 10 9 5 4 0 * +----+-----+-----------+-------+---+------+--------+------+------+ * | sf | opc | 0 1 0 1 0 | shift | N | Rm | imm6 | Rn | Rd | @@ -3518,7 +3520,7 @@ static void disas_logic_reg(DisasContext *s, uint32_t insn) } /* - * C3.5.1 Add/subtract (extended register) + * Add/subtract (extended register) * * 31|30|29|28 24|23 22|21|20 16|15 13|12 10|9 5|4 0| * +--+--+--+-----------+-----+--+-------+------+------+----+----+ @@ -3591,7 +3593,7 @@ static void disas_add_sub_ext_reg(DisasContext *s, uint32_t insn) } /* - * C3.5.2 Add/subtract (shifted register) + * Add/subtract (shifted register) * * 31 30 29 28 24 23 22 21 20 16 15 10 9 5 4 0 * +--+--+--+-----------+-----+--+-------+---------+------+------+ @@ -3654,13 +3656,12 @@ static void disas_add_sub_reg(DisasContext *s, uint32_t insn) tcg_temp_free_i64(tcg_result); } -/* C3.5.9 Data-processing (3 source) - - 31 30 29 28 24 23 21 20 16 15 14 10 9 5 4 0 - +--+------+-----------+------+------+----+------+------+------+ - |sf| op54 | 1 1 0 1 1 | op31 | Rm | o0 | Ra | Rn | Rd | - +--+------+-----------+------+------+----+------+------+------+ - +/* Data-processing (3 source) + * + * 31 30 29 28 24 23 21 20 16 15 14 10 9 5 4 0 + * +--+------+-----------+------+------+----+------+------+------+ + * |sf| op54 | 1 1 0 1 1 | op31 | Rm | o0 | Ra | Rn | Rd | + * +--+------+-----------+------+------+----+------+------+------+ */ static void disas_data_proc_3src(DisasContext *s, uint32_t insn) { @@ -3753,7 +3754,7 @@ static void disas_data_proc_3src(DisasContext *s, uint32_t insn) tcg_temp_free_i64(tcg_tmp); } -/* C3.5.3 - Add/subtract (with carry) +/* Add/subtract (with carry) * 31 30 29 28 27 26 25 24 23 22 21 20 16 15 10 9 5 4 0 * +--+--+--+------------------------+------+---------+------+-----+ * |sf|op| S| 1 1 0 1 0 0 0 0 | rm | opcode2 | Rn | Rd | @@ -3795,7 +3796,7 @@ static void disas_adc_sbc(DisasContext *s, uint32_t insn) } } -/* C3.5.4 - C3.5.5 Conditional compare (immediate / register) +/* Conditional compare (immediate / register) * 31 30 29 28 27 26 25 24 23 22 21 20 16 15 12 11 10 9 5 4 3 0 * +--+--+--+------------------------+--------+------+----+--+------+--+-----+ * |sf|op| S| 1 1 0 1 0 0 1 0 |imm5/rm | cond |i/r |o2| Rn |o3|nzcv | @@ -3900,7 +3901,7 @@ static void disas_cc(DisasContext *s, uint32_t insn) tcg_temp_free_i32(tcg_t2); } -/* C3.5.6 Conditional select +/* Conditional select * 31 30 29 28 21 20 16 15 12 11 10 9 5 4 0 * +----+----+---+-----------------+------+------+-----+------+------+ * | sf | op | S | 1 1 0 1 0 1 0 0 | Rm | cond | op2 | Rn | Rd | @@ -4011,7 +4012,7 @@ static void handle_rbit(DisasContext *s, unsigned int sf, } } -/* C5.6.149 REV with sf==1, opcode==3 ("REV64") */ +/* REV with sf==1, opcode==3 ("REV64") */ static void handle_rev64(DisasContext *s, unsigned int sf, unsigned int rn, unsigned int rd) { @@ -4022,8 +4023,8 @@ static void handle_rev64(DisasContext *s, unsigned int sf, tcg_gen_bswap64_i64(cpu_reg(s, rd), cpu_reg(s, rn)); } -/* C5.6.149 REV with sf==0, opcode==2 - * C5.6.151 REV32 (sf==1, opcode==2) +/* REV with sf==0, opcode==2 + * REV32 (sf==1, opcode==2) */ static void handle_rev32(DisasContext *s, unsigned int sf, unsigned int rn, unsigned int rd) @@ -4048,7 +4049,7 @@ static void handle_rev32(DisasContext *s, unsigned int sf, } } -/* C5.6.150 REV16 (opcode==1) */ +/* REV16 (opcode==1) */ static void handle_rev16(DisasContext *s, unsigned int sf, unsigned int rn, unsigned int rd) { @@ -4067,7 +4068,7 @@ static void handle_rev16(DisasContext *s, unsigned int sf, tcg_temp_free_i64(tcg_tmp); } -/* C3.5.7 Data-processing (1 source) +/* Data-processing (1 source) * 31 30 29 28 21 20 16 15 10 9 5 4 0 * +----+---+---+-----------------+---------+--------+------+------+ * | sf | 1 | S | 1 1 0 1 0 1 1 0 | opcode2 | opcode | Rn | Rd | @@ -4136,7 +4137,7 @@ static void handle_div(DisasContext *s, bool is_signed, unsigned int sf, } } -/* C5.6.115 LSLV, C5.6.118 LSRV, C5.6.17 ASRV, C5.6.154 RORV */ +/* LSLV, LSRV, ASRV, RORV */ static void handle_shift_reg(DisasContext *s, enum a64_shift_type shift_type, unsigned int sf, unsigned int rm, unsigned int rn, unsigned int rd) @@ -4198,7 +4199,7 @@ static void handle_crc32(DisasContext *s, tcg_temp_free_i32(tcg_bytes); } -/* C3.5.8 Data-processing (2 source) +/* Data-processing (2 source) * 31 30 29 28 21 20 16 15 10 9 5 4 0 * +----+---+---+-----------------+------+--------+------+------+ * | sf | 0 | S | 1 1 0 1 0 1 1 0 | Rm | opcode | Rn | Rd | @@ -4257,7 +4258,7 @@ static void disas_data_proc_2src(DisasContext *s, uint32_t insn) } } -/* C3.5 Data processing - register */ +/* Data processing - register */ static void disas_data_proc_reg(DisasContext *s, uint32_t insn) { switch (extract32(insn, 24, 5)) { @@ -4351,7 +4352,7 @@ static void handle_fp_compare(DisasContext *s, bool is_double, tcg_temp_free_i64(tcg_flags); } -/* C3.6.22 Floating point compare +/* Floating point compare * 31 30 29 28 24 23 22 21 20 16 15 14 13 10 9 5 4 0 * +---+---+---+-----------+------+---+------+-----+---------+------+-------+ * | M | 0 | S | 1 1 1 1 0 | type | 1 | Rm | op | 1 0 0 0 | Rn | op2 | @@ -4381,7 +4382,7 @@ static void disas_fp_compare(DisasContext *s, uint32_t insn) handle_fp_compare(s, type, rn, rm, opc & 1, opc & 2); } -/* C3.6.23 Floating point conditional compare +/* Floating point conditional compare * 31 30 29 28 24 23 22 21 20 16 15 12 11 10 9 5 4 3 0 * +---+---+---+-----------+------+---+------+------+-----+------+----+------+ * | M | 0 | S | 1 1 1 1 0 | type | 1 | Rm | cond | 0 1 | Rn | op | nzcv | @@ -4429,7 +4430,7 @@ static void disas_fp_ccomp(DisasContext *s, uint32_t insn) } } -/* C3.6.24 Floating point conditional select +/* Floating point conditional select * 31 30 29 28 24 23 22 21 20 16 15 12 11 10 9 5 4 0 * +---+---+---+-----------+------+---+------+------+-----+------+------+ * | M | 0 | S | 1 1 1 1 0 | type | 1 | Rm | cond | 1 1 | Rn | Rd | @@ -4476,7 +4477,7 @@ static void disas_fp_csel(DisasContext *s, uint32_t insn) tcg_temp_free_i64(t_true); } -/* C3.6.25 Floating-point data-processing (1 source) - single precision */ +/* Floating-point data-processing (1 source) - single precision */ static void handle_fp_1src_single(DisasContext *s, int opcode, int rd, int rn) { TCGv_ptr fpst; @@ -4532,7 +4533,7 @@ static void handle_fp_1src_single(DisasContext *s, int opcode, int rd, int rn) tcg_temp_free_i32(tcg_res); } -/* C3.6.25 Floating-point data-processing (1 source) - double precision */ +/* Floating-point data-processing (1 source) - double precision */ static void handle_fp_1src_double(DisasContext *s, int opcode, int rd, int rn) { TCGv_ptr fpst; @@ -4654,7 +4655,7 @@ static void handle_fp_fcvt(DisasContext *s, int opcode, } } -/* C3.6.25 Floating point data-processing (1 source) +/* Floating point data-processing (1 source) * 31 30 29 28 24 23 22 21 20 15 14 10 9 5 4 0 * +---+---+---+-----------+------+---+--------+-----------+------+------+ * | M | 0 | S | 1 1 1 1 0 | type | 1 | opcode | 1 0 0 0 0 | Rn | Rd | @@ -4712,7 +4713,7 @@ static void disas_fp_1src(DisasContext *s, uint32_t insn) } } -/* C3.6.26 Floating-point data-processing (2 source) - single precision */ +/* Floating-point data-processing (2 source) - single precision */ static void handle_fp_2src_single(DisasContext *s, int opcode, int rd, int rn, int rm) { @@ -4765,7 +4766,7 @@ static void handle_fp_2src_single(DisasContext *s, int opcode, tcg_temp_free_i32(tcg_res); } -/* C3.6.26 Floating-point data-processing (2 source) - double precision */ +/* Floating-point data-processing (2 source) - double precision */ static void handle_fp_2src_double(DisasContext *s, int opcode, int rd, int rn, int rm) { @@ -4818,7 +4819,7 @@ static void handle_fp_2src_double(DisasContext *s, int opcode, tcg_temp_free_i64(tcg_res); } -/* C3.6.26 Floating point data-processing (2 source) +/* Floating point data-processing (2 source) * 31 30 29 28 24 23 22 21 20 16 15 12 11 10 9 5 4 0 * +---+---+---+-----------+------+---+------+--------+-----+------+------+ * | M | 0 | S | 1 1 1 1 0 | type | 1 | Rm | opcode | 1 0 | Rn | Rd | @@ -4855,7 +4856,7 @@ static void disas_fp_2src(DisasContext *s, uint32_t insn) } } -/* C3.6.27 Floating-point data-processing (3 source) - single precision */ +/* Floating-point data-processing (3 source) - single precision */ static void handle_fp_3src_single(DisasContext *s, bool o0, bool o1, int rd, int rn, int rm, int ra) { @@ -4893,7 +4894,7 @@ static void handle_fp_3src_single(DisasContext *s, bool o0, bool o1, tcg_temp_free_i32(tcg_res); } -/* C3.6.27 Floating-point data-processing (3 source) - double precision */ +/* Floating-point data-processing (3 source) - double precision */ static void handle_fp_3src_double(DisasContext *s, bool o0, bool o1, int rd, int rn, int rm, int ra) { @@ -4931,7 +4932,7 @@ static void handle_fp_3src_double(DisasContext *s, bool o0, bool o1, tcg_temp_free_i64(tcg_res); } -/* C3.6.27 Floating point data-processing (3 source) +/* Floating point data-processing (3 source) * 31 30 29 28 24 23 22 21 20 16 15 14 10 9 5 4 0 * +---+---+---+-----------+------+----+------+----+------+------+------+ * | M | 0 | S | 1 1 1 1 1 | type | o1 | Rm | o0 | Ra | Rn | Rd | @@ -4965,7 +4966,7 @@ static void disas_fp_3src(DisasContext *s, uint32_t insn) } } -/* C3.6.28 Floating point immediate +/* Floating point immediate * 31 30 29 28 24 23 22 21 20 13 12 10 9 5 4 0 * +---+---+---+-----------+------+---+------------+-------+------+------+ * | M | 0 | S | 1 1 1 1 0 | type | 1 | imm8 | 1 0 0 | imm5 | Rd | @@ -5136,7 +5137,7 @@ static void handle_fpfpcvt(DisasContext *s, int rd, int rn, int opcode, tcg_temp_free_i32(tcg_shift); } -/* C3.6.29 Floating point <-> fixed point conversions +/* Floating point <-> fixed point conversions * 31 30 29 28 24 23 22 21 20 19 18 16 15 10 9 5 4 0 * +----+---+---+-----------+------+---+-------+--------+-------+------+------+ * | sf | 0 | S | 1 1 1 1 0 | type | 0 | rmode | opcode | scale | Rn | Rd | @@ -5236,7 +5237,7 @@ static void handle_fmov(DisasContext *s, int rd, int rn, int type, bool itof) } } -/* C3.6.30 Floating point <-> integer conversions +/* Floating point <-> integer conversions * 31 30 29 28 24 23 22 21 20 19 18 16 15 10 9 5 4 0 * +----+---+---+-----------+------+---+-------+-----+-------------+----+----+ * | sf | 0 | S | 1 1 1 1 0 | type | 1 | rmode | opc | 0 0 0 0 0 0 | Rn | Rd | @@ -5371,7 +5372,7 @@ static void do_ext64(DisasContext *s, TCGv_i64 tcg_left, TCGv_i64 tcg_right, tcg_temp_free_i64(tcg_tmp); } -/* C3.6.1 EXT +/* EXT * 31 30 29 24 23 22 21 20 16 15 14 11 10 9 5 4 0 * +---+---+-------------+-----+---+------+---+------+---+------+------+ * | 0 | Q | 1 0 1 1 1 0 | op2 | 0 | Rm | 0 | imm4 | 0 | Rn | Rd | @@ -5444,7 +5445,7 @@ static void disas_simd_ext(DisasContext *s, uint32_t insn) tcg_temp_free_i64(tcg_resh); } -/* C3.6.2 TBL/TBX +/* TBL/TBX * 31 30 29 24 23 22 21 20 16 15 14 13 12 11 10 9 5 4 0 * +---+---+-------------+-----+---+------+---+-----+----+-----+------+------+ * | 0 | Q | 0 0 1 1 1 0 | op2 | 0 | Rm | 0 | len | op | 0 0 | Rn | Rd | @@ -5512,7 +5513,7 @@ static void disas_simd_tb(DisasContext *s, uint32_t insn) tcg_temp_free_i64(tcg_resh); } -/* C3.6.3 ZIP/UZP/TRN +/* ZIP/UZP/TRN * 31 30 29 24 23 22 21 20 16 15 14 12 11 10 9 5 4 0 * +---+---+-------------+------+---+------+---+------------------+------+ * | 0 | Q | 0 0 1 1 1 0 | size | 0 | Rm | 0 | opc | 1 0 | Rn | Rd | @@ -5624,7 +5625,7 @@ static void do_minmaxop(DisasContext *s, TCGv_i32 tcg_elt1, TCGv_i32 tcg_elt2, } } -/* C3.6.4 AdvSIMD across lanes +/* AdvSIMD across lanes * 31 30 29 28 24 23 22 21 17 16 12 11 10 9 5 4 0 * +---+---+---+-----------+------+-----------+--------+-----+------+------+ * | 0 | Q | U | 0 1 1 1 0 | size | 1 1 0 0 0 | opcode | 1 0 | Rn | Rd | @@ -5791,7 +5792,7 @@ static void disas_simd_across_lanes(DisasContext *s, uint32_t insn) tcg_temp_free_i64(tcg_res); } -/* C6.3.31 DUP (Element, Vector) +/* DUP (Element, Vector) * * 31 30 29 21 20 16 15 10 9 5 4 0 * +---+---+-------------------+--------+-------------+------+------+ @@ -5834,7 +5835,7 @@ static void handle_simd_dupe(DisasContext *s, int is_q, int rd, int rn, tcg_temp_free_i64(tmp); } -/* C6.3.31 DUP (element, scalar) +/* DUP (element, scalar) * 31 21 20 16 15 10 9 5 4 0 * +-----------------------+--------+-------------+------+------+ * | 0 1 0 1 1 1 1 0 0 0 0 | imm5 | 0 0 0 0 0 1 | Rn | Rd | @@ -5867,7 +5868,7 @@ static void handle_simd_dupes(DisasContext *s, int rd, int rn, tcg_temp_free_i64(tmp); } -/* C6.3.32 DUP (General) +/* DUP (General) * * 31 30 29 21 20 16 15 10 9 5 4 0 * +---+---+-------------------+--------+-------------+------+------+ @@ -5901,7 +5902,7 @@ static void handle_simd_dupg(DisasContext *s, int is_q, int rd, int rn, } } -/* C6.3.150 INS (Element) +/* INS (Element) * * 31 21 20 16 15 14 11 10 9 5 4 0 * +-----------------------+--------+------------+---+------+------+ @@ -5939,7 +5940,7 @@ static void handle_simd_inse(DisasContext *s, int rd, int rn, } -/* C6.3.151 INS (General) +/* INS (General) * * 31 21 20 16 15 10 9 5 4 0 * +-----------------------+--------+-------------+------+------+ @@ -5968,8 +5969,8 @@ static void handle_simd_insg(DisasContext *s, int rd, int rn, int imm5) } /* - * C6.3.321 UMOV (General) - * C6.3.237 SMOV (General) + * UMOV (General) + * SMOV (General) * * 31 30 29 21 20 16 15 12 10 9 5 4 0 * +---+---+-------------------+--------+-------------+------+------+ @@ -6014,7 +6015,7 @@ static void handle_simd_umov_smov(DisasContext *s, int is_q, int is_signed, } } -/* C3.6.5 AdvSIMD copy +/* AdvSIMD copy * 31 30 29 28 21 20 16 15 14 11 10 9 5 4 0 * +---+---+----+-----------------+------+---+------+---+------+------+ * | 0 | Q | op | 0 1 1 1 0 0 0 0 | imm5 | 0 | imm4 | 1 | Rn | Rd | @@ -6066,7 +6067,7 @@ static void disas_simd_copy(DisasContext *s, uint32_t insn) } } -/* C3.6.6 AdvSIMD modified immediate +/* AdvSIMD modified immediate * 31 30 29 28 19 18 16 15 12 11 10 9 5 4 0 * +---+---+----+---------------------+-----+-------+----+---+-------+------+ * | 0 | Q | op | 0 1 1 1 1 0 0 0 0 0 | abc | cmode | o2 | 1 | defgh | Rd | @@ -6199,7 +6200,7 @@ static void disas_simd_mod_imm(DisasContext *s, uint32_t insn) tcg_temp_free_i64(tcg_imm); } -/* C3.6.7 AdvSIMD scalar copy +/* AdvSIMD scalar copy * 31 30 29 28 21 20 16 15 14 11 10 9 5 4 0 * +-----+----+-----------------+------+---+------+---+------+------+ * | 0 1 | op | 1 1 1 1 0 0 0 0 | imm5 | 0 | imm4 | 1 | Rn | Rd | @@ -6222,7 +6223,7 @@ static void disas_simd_scalar_copy(DisasContext *s, uint32_t insn) handle_simd_dupes(s, rd, rn, imm5); } -/* C3.6.8 AdvSIMD scalar pairwise +/* AdvSIMD scalar pairwise * 31 30 29 28 24 23 22 21 17 16 12 11 10 9 5 4 0 * +-----+---+-----------+------+-----------+--------+-----+------+------+ * | 0 1 | U | 1 1 1 1 0 | size | 1 1 0 0 0 | opcode | 1 0 | Rn | Rd | @@ -6948,7 +6949,7 @@ static void handle_simd_shift_fpint_conv(DisasContext *s, bool is_scalar, tcg_temp_free_i32(tcg_rmode); } -/* C3.6.9 AdvSIMD scalar shift by immediate +/* AdvSIMD scalar shift by immediate * 31 30 29 28 23 22 19 18 16 15 11 10 9 5 4 0 * +-----+---+-------------+------+------+--------+---+------+------+ * | 0 1 | U | 1 1 1 1 1 0 | immh | immb | opcode | 1 | Rn | Rd | @@ -7023,7 +7024,7 @@ static void disas_simd_scalar_shift_imm(DisasContext *s, uint32_t insn) } } -/* C3.6.10 AdvSIMD scalar three different +/* AdvSIMD scalar three different * 31 30 29 28 24 23 22 21 20 16 15 12 11 10 9 5 4 0 * +-----+---+-----------+------+---+------+--------+-----+------+------+ * | 0 1 | U | 1 1 1 1 0 | size | 1 | Rm | opcode | 0 0 | Rn | Rd | @@ -7410,7 +7411,7 @@ static void handle_3same_float(DisasContext *s, int size, int elements, } } -/* C3.6.11 AdvSIMD scalar three same +/* AdvSIMD scalar three same * 31 30 29 28 24 23 22 21 20 16 15 11 10 9 5 4 0 * +-----+---+-----------+------+---+------+--------+---+------+------+ * | 0 1 | U | 1 1 1 1 0 | size | 1 | Rm | opcode | 1 | Rn | Rd | @@ -8079,7 +8080,7 @@ static void handle_2misc_satacc(DisasContext *s, bool is_scalar, bool is_u, } } -/* C3.6.12 AdvSIMD scalar two reg misc +/* AdvSIMD scalar two reg misc * 31 30 29 28 24 23 22 21 17 16 12 11 10 9 5 4 0 * +-----+---+-----------+------+-----------+--------+-----+------+------+ * | 0 1 | U | 1 1 1 1 0 | size | 1 0 0 0 0 | opcode | 1 0 | Rn | Rd | @@ -8507,7 +8508,7 @@ static void handle_vec_simd_shrn(DisasContext *s, bool is_q, } -/* C3.6.14 AdvSIMD shift by immediate +/* AdvSIMD shift by immediate * 31 30 29 28 23 22 19 18 16 15 11 10 9 5 4 0 * +---+---+---+-------------+------+------+--------+---+------+------+ * | 0 | Q | U | 0 1 1 1 1 0 | immh | immb | opcode | 1 | Rn | Rd | @@ -8926,7 +8927,7 @@ static void handle_pmull_64(DisasContext *s, int is_q, int rd, int rn, int rm) tcg_temp_free_i64(tcg_res); } -/* C3.6.15 AdvSIMD three different +/* AdvSIMD three different * 31 30 29 28 24 23 22 21 20 16 15 12 11 10 9 5 4 0 * +---+---+---+-----------+------+---+------+--------+-----+------+------+ * | 0 | Q | U | 0 1 1 1 0 | size | 1 | Rm | opcode | 0 0 | Rn | Rd | @@ -9663,7 +9664,7 @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn) } } -/* C3.6.16 AdvSIMD three same +/* AdvSIMD three same * 31 30 29 28 24 23 22 21 20 16 15 11 10 9 5 4 0 * +---+---+---+-----------+------+---+------+--------+---+------+------+ * | 0 | Q | U | 0 1 1 1 0 | size | 1 | Rm | opcode | 1 | Rn | Rd | @@ -9932,7 +9933,7 @@ static void handle_shll(DisasContext *s, bool is_q, int size, int rn, int rd) } } -/* C3.6.17 AdvSIMD two reg misc +/* AdvSIMD two reg misc * 31 30 29 28 24 23 22 21 17 16 12 11 10 9 5 4 0 * +---+---+---+-----------+------+-----------+--------+-----+------+------+ * | 0 | Q | U | 0 1 1 1 0 | size | 1 0 0 0 0 | opcode | 1 0 | Rn | Rd | @@ -10444,12 +10445,12 @@ static void disas_simd_two_reg_misc(DisasContext *s, uint32_t insn) } } -/* C3.6.13 AdvSIMD scalar x indexed element +/* AdvSIMD scalar x indexed element * 31 30 29 28 24 23 22 21 20 19 16 15 12 11 10 9 5 4 0 * +-----+---+-----------+------+---+---+------+-----+---+---+------+------+ * | 0 1 | U | 1 1 1 1 1 | size | L | M | Rm | opc | H | 0 | Rn | Rd | * +-----+---+-----------+------+---+---+------+-----+---+---+------+------+ - * C3.6.18 AdvSIMD vector x indexed element + * AdvSIMD vector x indexed element * 31 30 29 28 24 23 22 21 20 19 16 15 12 11 10 9 5 4 0 * +---+---+---+-----------+------+---+---+------+-----+---+---+------+------+ * | 0 | Q | U | 0 1 1 1 1 | size | L | M | Rm | opc | H | 0 | Rn | Rd | @@ -10899,7 +10900,7 @@ static void disas_simd_indexed(DisasContext *s, uint32_t insn) } } -/* C3.6.19 Crypto AES +/* Crypto AES * 31 24 23 22 21 17 16 12 11 10 9 5 4 0 * +-----------------+------+-----------+--------+-----+------+------+ * | 0 1 0 0 1 1 1 0 | size | 1 0 1 0 0 | opcode | 1 0 | Rn | Rd | @@ -10962,7 +10963,7 @@ static void disas_crypto_aes(DisasContext *s, uint32_t insn) tcg_temp_free_i32(tcg_decrypt); } -/* C3.6.20 Crypto three-reg SHA +/* Crypto three-reg SHA * 31 24 23 22 21 20 16 15 14 12 11 10 9 5 4 0 * +-----------------+------+---+------+---+--------+-----+------+------+ * | 0 1 0 1 1 1 1 0 | size | 0 | Rm | 0 | opcode | 0 0 | Rn | Rd | @@ -11034,7 +11035,7 @@ static void disas_crypto_three_reg_sha(DisasContext *s, uint32_t insn) tcg_temp_free_i32(tcg_rm_regno); } -/* C3.6.21 Crypto two-reg SHA +/* Crypto two-reg SHA * 31 24 23 22 21 17 16 12 11 10 9 5 4 0 * +-----------------+------+-----------+--------+-----+------+------+ * | 0 1 0 1 1 1 1 0 | size | 1 0 1 0 0 | opcode | 1 0 | Rn | Rd | |