search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
target/s390x: Fix translation exception on illegal instruction
[qemu/ar7.git] / hw / arm / armsse.c
blob2e5d0679e7bc67617a65e92ccaa62afd401dee44
1 /*
2 * Arm SSE (Subsystems for Embedded): IoTKit
3 *
4 * Copyright (c) 2018 Linaro Limited
5 * Written by Peter Maydell
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 or
9 * (at your option) any later version.
10 */
11
12 #include "qemu/osdep.h"
13 #include "qemu/log.h"
14 #include "qemu/module.h"
15 #include "qemu/bitops.h"
16 #include "qapi/error.h"
17 #include "trace.h"
18 #include "hw/sysbus.h"
19 #include "migration/vmstate.h"
20 #include "hw/registerfields.h"
21 #include "hw/arm/armsse.h"
22 #include "hw/arm/armsse-version.h"
23 #include "hw/arm/boot.h"
24 #include "hw/irq.h"
25 #include "hw/qdev-clock.h"
26
27 /*
28 * The SSE-300 puts some devices in different places to the
29 * SSE-200 (and original IoTKit). We use an array of these structs
30 * to define how each variant lays out these devices. (Parts of the
31 * SoC that are the same for all variants aren't handled via these
32 * data structures.)
33 */
34
35 #define NO_IRQ -1
36 #define NO_PPC -1
37 /*
38 * Special values for ARMSSEDeviceInfo::irq to indicate that this
39 * device uses one of the inputs to the OR gate that feeds into the
40 * CPU NMI input.
41 */
42 #define NMI_0 10000
43 #define NMI_1 10001
44
45 typedef struct ARMSSEDeviceInfo {
46 const char *name; /* name to use for the QOM object; NULL terminates list */
47 const char *type; /* QOM type name */
48 unsigned int index; /* Which of the N devices of this type is this ? */
49 hwaddr addr;
50 hwaddr size; /* only needed for TYPE_UNIMPLEMENTED_DEVICE */
51 int ppc; /* Index of APB PPC this device is wired up to, or NO_PPC */
52 int ppc_port; /* Port number of this device on the PPC */
53 int irq; /* NO_IRQ, or 0..NUM_SSE_IRQS-1, or NMI_0 or NMI_1 */
54 bool slowclk; /* true if device uses the slow 32KHz clock */
55 } ARMSSEDeviceInfo;
56
57 struct ARMSSEInfo {
58 const char *name;
59 const char *cpu_type;
60 uint32_t sse_version;
61 int sram_banks;
62 int num_cpus;
63 uint32_t sys_version;
64 uint32_t iidr;
65 uint32_t cpuwait_rst;
66 bool has_mhus;
67 bool has_cachectrl;
68 bool has_cpusecctrl;
69 bool has_cpuid;
70 bool has_cpu_pwrctrl;
71 bool has_sse_counter;
72 Property *props;
73 const ARMSSEDeviceInfo *devinfo;
74 const bool *irq_is_common;
75 };
76
77 static Property iotkit_properties[] = {
78 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION,
79 MemoryRegion *),
80 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64),
81 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15),
82 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000),
83 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], true),
84 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], true),
85 DEFINE_PROP_END_OF_LIST()
86 };
87
88 static Property sse200_properties[] = {
89 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION,
90 MemoryRegion *),
91 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64),
92 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15),
93 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000),
94 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], false),
95 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], false),
96 DEFINE_PROP_BOOL("CPU1_FPU", ARMSSE, cpu_fpu[1], true),
97 DEFINE_PROP_BOOL("CPU1_DSP", ARMSSE, cpu_dsp[1], true),
98 DEFINE_PROP_END_OF_LIST()
99 };
100
101 static Property sse300_properties[] = {
102 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION,
103 MemoryRegion *),
104 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64),
105 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15),
106 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000),
107 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], true),
108 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], true),
109 DEFINE_PROP_END_OF_LIST()
110 };
111
112 static const ARMSSEDeviceInfo iotkit_devices[] = {
113 {
114 .name = "timer0",
115 .type = TYPE_CMSDK_APB_TIMER,
116 .index = 0,
117 .addr = 0x40000000,
118 .ppc = 0,
119 .ppc_port = 0,
120 .irq = 3,
121 },
122 {
123 .name = "timer1",
124 .type = TYPE_CMSDK_APB_TIMER,
125 .index = 1,
126 .addr = 0x40001000,
127 .ppc = 0,
128 .ppc_port = 1,
129 .irq = 4,
130 },
131 {
132 .name = "s32ktimer",
133 .type = TYPE_CMSDK_APB_TIMER,
134 .index = 2,
135 .addr = 0x4002f000,
136 .ppc = 1,
137 .ppc_port = 0,
138 .irq = 2,
139 .slowclk = true,
140 },
141 {
142 .name = "dualtimer",
143 .type = TYPE_CMSDK_APB_DUALTIMER,
144 .index = 0,
145 .addr = 0x40002000,
146 .ppc = 0,
147 .ppc_port = 2,
148 .irq = 5,
149 },
150 {
151 .name = "s32kwatchdog",
152 .type = TYPE_CMSDK_APB_WATCHDOG,
153 .index = 0,
154 .addr = 0x5002e000,
155 .ppc = NO_PPC,
156 .irq = NMI_0,
157 .slowclk = true,
158 },
159 {
160 .name = "nswatchdog",
161 .type = TYPE_CMSDK_APB_WATCHDOG,
162 .index = 1,
163 .addr = 0x40081000,
164 .ppc = NO_PPC,
165 .irq = 1,
166 },
167 {
168 .name = "swatchdog",
169 .type = TYPE_CMSDK_APB_WATCHDOG,
170 .index = 2,
171 .addr = 0x50081000,
172 .ppc = NO_PPC,
173 .irq = NMI_1,
174 },
175 {
176 .name = "armsse-sysinfo",
177 .type = TYPE_IOTKIT_SYSINFO,
178 .index = 0,
179 .addr = 0x40020000,
180 .ppc = NO_PPC,
181 .irq = NO_IRQ,
182 },
183 {
184 .name = "armsse-sysctl",
185 .type = TYPE_IOTKIT_SYSCTL,
186 .index = 0,
187 .addr = 0x50021000,
188 .ppc = NO_PPC,
189 .irq = NO_IRQ,
190 },
191 {
192 .name = NULL,
193 }
194 };
195
196 static const ARMSSEDeviceInfo sse200_devices[] = {
197 {
198 .name = "timer0",
199 .type = TYPE_CMSDK_APB_TIMER,
200 .index = 0,
201 .addr = 0x40000000,
202 .ppc = 0,
203 .ppc_port = 0,
204 .irq = 3,
205 },
206 {
207 .name = "timer1",
208 .type = TYPE_CMSDK_APB_TIMER,
209 .index = 1,
210 .addr = 0x40001000,
211 .ppc = 0,
212 .ppc_port = 1,
213 .irq = 4,
214 },
215 {
216 .name = "s32ktimer",
217 .type = TYPE_CMSDK_APB_TIMER,
218 .index = 2,
219 .addr = 0x4002f000,
220 .ppc = 1,
221 .ppc_port = 0,
222 .irq = 2,
223 .slowclk = true,
224 },
225 {
226 .name = "dualtimer",
227 .type = TYPE_CMSDK_APB_DUALTIMER,
228 .index = 0,
229 .addr = 0x40002000,
230 .ppc = 0,
231 .ppc_port = 2,
232 .irq = 5,
233 },
234 {
235 .name = "s32kwatchdog",
236 .type = TYPE_CMSDK_APB_WATCHDOG,
237 .index = 0,
238 .addr = 0x5002e000,
239 .ppc = NO_PPC,
240 .irq = NMI_0,
241 .slowclk = true,
242 },
243 {
244 .name = "nswatchdog",
245 .type = TYPE_CMSDK_APB_WATCHDOG,
246 .index = 1,
247 .addr = 0x40081000,
248 .ppc = NO_PPC,
249 .irq = 1,
250 },
251 {
252 .name = "swatchdog",
253 .type = TYPE_CMSDK_APB_WATCHDOG,
254 .index = 2,
255 .addr = 0x50081000,
256 .ppc = NO_PPC,
257 .irq = NMI_1,
258 },
259 {
260 .name = "armsse-sysinfo",
261 .type = TYPE_IOTKIT_SYSINFO,
262 .index = 0,
263 .addr = 0x40020000,
264 .ppc = NO_PPC,
265 .irq = NO_IRQ,
266 },
267 {
268 .name = "armsse-sysctl",
269 .type = TYPE_IOTKIT_SYSCTL,
270 .index = 0,
271 .addr = 0x50021000,
272 .ppc = NO_PPC,
273 .irq = NO_IRQ,
274 },
275 {
276 .name = "CPU0CORE_PPU",
277 .type = TYPE_UNIMPLEMENTED_DEVICE,
278 .index = 0,
279 .addr = 0x50023000,
280 .size = 0x1000,
281 .ppc = NO_PPC,
282 .irq = NO_IRQ,
283 },
284 {
285 .name = "CPU1CORE_PPU",
286 .type = TYPE_UNIMPLEMENTED_DEVICE,
287 .index = 1,
288 .addr = 0x50025000,
289 .size = 0x1000,
290 .ppc = NO_PPC,
291 .irq = NO_IRQ,
292 },
293 {
294 .name = "DBG_PPU",
295 .type = TYPE_UNIMPLEMENTED_DEVICE,
296 .index = 2,
297 .addr = 0x50029000,
298 .size = 0x1000,
299 .ppc = NO_PPC,
300 .irq = NO_IRQ,
301 },
302 {
303 .name = "RAM0_PPU",
304 .type = TYPE_UNIMPLEMENTED_DEVICE,
305 .index = 3,
306 .addr = 0x5002a000,
307 .size = 0x1000,
308 .ppc = NO_PPC,
309 .irq = NO_IRQ,
310 },
311 {
312 .name = "RAM1_PPU",
313 .type = TYPE_UNIMPLEMENTED_DEVICE,
314 .index = 4,
315 .addr = 0x5002b000,
316 .size = 0x1000,
317 .ppc = NO_PPC,
318 .irq = NO_IRQ,
319 },
320 {
321 .name = "RAM2_PPU",
322 .type = TYPE_UNIMPLEMENTED_DEVICE,
323 .index = 5,
324 .addr = 0x5002c000,
325 .size = 0x1000,
326 .ppc = NO_PPC,
327 .irq = NO_IRQ,
328 },
329 {
330 .name = "RAM3_PPU",
331 .type = TYPE_UNIMPLEMENTED_DEVICE,
332 .index = 6,
333 .addr = 0x5002d000,
334 .size = 0x1000,
335 .ppc = NO_PPC,
336 .irq = NO_IRQ,
337 },
338 {
339 .name = "SYS_PPU",
340 .type = TYPE_UNIMPLEMENTED_DEVICE,
341 .index = 7,
342 .addr = 0x50022000,
343 .size = 0x1000,
344 .ppc = NO_PPC,
345 .irq = NO_IRQ,
346 },
347 {
348 .name = NULL,
349 }
350 };
351
352 static const ARMSSEDeviceInfo sse300_devices[] = {
353 {
354 .name = "timer0",
355 .type = TYPE_SSE_TIMER,
356 .index = 0,
357 .addr = 0x48000000,
358 .ppc = 0,
359 .ppc_port = 0,
360 .irq = 3,
361 },
362 {
363 .name = "timer1",
364 .type = TYPE_SSE_TIMER,
365 .index = 1,
366 .addr = 0x48001000,
367 .ppc = 0,
368 .ppc_port = 1,
369 .irq = 4,
370 },
371 {
372 .name = "timer2",
373 .type = TYPE_SSE_TIMER,
374 .index = 2,
375 .addr = 0x48002000,
376 .ppc = 0,
377 .ppc_port = 2,
378 .irq = 5,
379 },
380 {
381 .name = "timer3",
382 .type = TYPE_SSE_TIMER,
383 .index = 3,
384 .addr = 0x48003000,
385 .ppc = 0,
386 .ppc_port = 5,
387 .irq = 27,
388 },
389 {
390 .name = "s32ktimer",
391 .type = TYPE_CMSDK_APB_TIMER,
392 .index = 0,
393 .addr = 0x4802f000,
394 .ppc = 1,
395 .ppc_port = 0,
396 .irq = 2,
397 .slowclk = true,
398 },
399 {
400 .name = "s32kwatchdog",
401 .type = TYPE_CMSDK_APB_WATCHDOG,
402 .index = 0,
403 .addr = 0x4802e000,
404 .ppc = NO_PPC,
405 .irq = NMI_0,
406 .slowclk = true,
407 },
408 {
409 .name = "watchdog",
410 .type = TYPE_UNIMPLEMENTED_DEVICE,
411 .index = 0,
412 .addr = 0x48040000,
413 .size = 0x2000,
414 .ppc = NO_PPC,
415 .irq = NO_IRQ,
416 },
417 {
418 .name = "armsse-sysinfo",
419 .type = TYPE_IOTKIT_SYSINFO,
420 .index = 0,
421 .addr = 0x48020000,
422 .ppc = NO_PPC,
423 .irq = NO_IRQ,
424 },
425 {
426 .name = "armsse-sysctl",
427 .type = TYPE_IOTKIT_SYSCTL,
428 .index = 0,
429 .addr = 0x58021000,
430 .ppc = NO_PPC,
431 .irq = NO_IRQ,
432 },
433 {
434 .name = "SYS_PPU",
435 .type = TYPE_UNIMPLEMENTED_DEVICE,
436 .index = 1,
437 .addr = 0x58022000,
438 .size = 0x1000,
439 .ppc = NO_PPC,
440 .irq = NO_IRQ,
441 },
442 {
443 .name = "CPU0CORE_PPU",
444 .type = TYPE_UNIMPLEMENTED_DEVICE,
445 .index = 2,
446 .addr = 0x50023000,
447 .size = 0x1000,
448 .ppc = NO_PPC,
449 .irq = NO_IRQ,
450 },
451 {
452 .name = "MGMT_PPU",
453 .type = TYPE_UNIMPLEMENTED_DEVICE,
454 .index = 3,
455 .addr = 0x50028000,
456 .size = 0x1000,
457 .ppc = NO_PPC,
458 .irq = NO_IRQ,
459 },
460 {
461 .name = "DEBUG_PPU",
462 .type = TYPE_UNIMPLEMENTED_DEVICE,
463 .index = 4,
464 .addr = 0x50029000,
465 .size = 0x1000,
466 .ppc = NO_PPC,
467 .irq = NO_IRQ,
468 },
469 {
470 .name = NULL,
471 }
472 };
473
474 /* Is internal IRQ n shared between CPUs in a multi-core SSE ? */
475 static const bool sse200_irq_is_common[32] = {
476 [0 ... 5] = true,
477 /* 6, 7: per-CPU MHU interrupts */
478 [8 ... 12] = true,
479 /* 13: per-CPU icache interrupt */
480 /* 14: reserved */
481 [15 ... 20] = true,
482 /* 21: reserved */
483 [22 ... 26] = true,
484 /* 27: reserved */
485 /* 28, 29: per-CPU CTI interrupts */
486 /* 30, 31: reserved */
487 };
488
489 static const bool sse300_irq_is_common[32] = {
490 [0 ... 5] = true,
491 /* 6, 7: per-CPU MHU interrupts */
492 [8 ... 12] = true,
493 /* 13: reserved */
494 [14 ... 16] = true,
495 /* 17-25: reserved */
496 [26 ... 27] = true,
497 /* 28, 29: per-CPU CTI interrupts */
498 /* 30, 31: reserved */
499 };
500
501 static const ARMSSEInfo armsse_variants[] = {
502 {
503 .name = TYPE_IOTKIT,
504 .sse_version = ARMSSE_IOTKIT,
505 .cpu_type = ARM_CPU_TYPE_NAME("cortex-m33"),
506 .sram_banks = 1,
507 .num_cpus = 1,
508 .sys_version = 0x41743,
509 .iidr = 0,
510 .cpuwait_rst = 0,
511 .has_mhus = false,
512 .has_cachectrl = false,
513 .has_cpusecctrl = false,
514 .has_cpuid = false,
515 .has_cpu_pwrctrl = false,
516 .has_sse_counter = false,
517 .props = iotkit_properties,
518 .devinfo = iotkit_devices,
519 .irq_is_common = sse200_irq_is_common,
520 },
521 {
522 .name = TYPE_SSE200,
523 .sse_version = ARMSSE_SSE200,
524 .cpu_type = ARM_CPU_TYPE_NAME("cortex-m33"),
525 .sram_banks = 4,
526 .num_cpus = 2,
527 .sys_version = 0x22041743,
528 .iidr = 0,
529 .cpuwait_rst = 2,
530 .has_mhus = true,
531 .has_cachectrl = true,
532 .has_cpusecctrl = true,
533 .has_cpuid = true,
534 .has_cpu_pwrctrl = false,
535 .has_sse_counter = false,
536 .props = sse200_properties,
537 .devinfo = sse200_devices,
538 .irq_is_common = sse200_irq_is_common,
539 },
540 {
541 .name = TYPE_SSE300,
542 .sse_version = ARMSSE_SSE300,
543 .cpu_type = ARM_CPU_TYPE_NAME("cortex-m55"),
544 .sram_banks = 2,
545 .num_cpus = 1,
546 .sys_version = 0x7e00043b,
547 .iidr = 0x74a0043b,
548 .cpuwait_rst = 0,
549 .has_mhus = false,
550 .has_cachectrl = false,
551 .has_cpusecctrl = true,
552 .has_cpuid = true,
553 .has_cpu_pwrctrl = true,
554 .has_sse_counter = true,
555 .props = sse300_properties,
556 .devinfo = sse300_devices,
557 .irq_is_common = sse300_irq_is_common,
558 },
559 };
560
561 static uint32_t armsse_sys_config_value(ARMSSE *s, const ARMSSEInfo *info)
562 {
563 /* Return the SYS_CONFIG value for this SSE */
564 uint32_t sys_config;
565
566 switch (info->sse_version) {
567 case ARMSSE_IOTKIT:
568 sys_config = 0;
569 sys_config = deposit32(sys_config, 0, 4, info->sram_banks);
570 sys_config = deposit32(sys_config, 4, 4, s->sram_addr_width - 12);
571 break;
572 case ARMSSE_SSE200:
573 sys_config = 0;
574 sys_config = deposit32(sys_config, 0, 4, info->sram_banks);
575 sys_config = deposit32(sys_config, 4, 5, s->sram_addr_width);
576 sys_config = deposit32(sys_config, 24, 4, 2);
577 if (info->num_cpus > 1) {
578 sys_config = deposit32(sys_config, 10, 1, 1);
579 sys_config = deposit32(sys_config, 20, 4, info->sram_banks - 1);
580 sys_config = deposit32(sys_config, 28, 4, 2);
581 }
582 break;
583 case ARMSSE_SSE300:
584 sys_config = 0;
585 sys_config = deposit32(sys_config, 0, 4, info->sram_banks);
586 sys_config = deposit32(sys_config, 4, 5, s->sram_addr_width);
587 sys_config = deposit32(sys_config, 16, 3, 3); /* CPU0 = Cortex-M55 */
588 break;
589 default:
590 g_assert_not_reached();
591 }
592 return sys_config;
593 }
594
595 /* Clock frequency in HZ of the 32KHz "slow clock" */
596 #define S32KCLK (32 * 1000)
597
598 /*
599 * Create an alias region in @container of @size bytes starting at @base
600 * which mirrors the memory starting at @orig.
601 */
602 static void make_alias(ARMSSE *s, MemoryRegion *mr, MemoryRegion *container,
603 const char *name, hwaddr base, hwaddr size, hwaddr orig)
604 {
605 memory_region_init_alias(mr, NULL, name, container, orig, size);
606 /* The alias is even lower priority than unimplemented_device regions */
607 memory_region_add_subregion_overlap(container, base, mr, -1500);
608 }
609
610 static void irq_status_forwarder(void *opaque, int n, int level)
611 {
612 qemu_irq destirq = opaque;
613
614 qemu_set_irq(destirq, level);
615 }
616
617 static void nsccfg_handler(void *opaque, int n, int level)
618 {
619 ARMSSE *s = ARM_SSE(opaque);
620
621 s->nsccfg = level;
622 }
623
624 static void armsse_forward_ppc(ARMSSE *s, const char *ppcname, int ppcnum)
625 {
626 /* Each of the 4 AHB and 4 APB PPCs that might be present in a
627 * system using the ARMSSE has a collection of control lines which
628 * are provided by the security controller and which we want to
629 * expose as control lines on the ARMSSE device itself, so the
630 * code using the ARMSSE can wire them up to the PPCs.
631 */
632 SplitIRQ *splitter = &s->ppc_irq_splitter[ppcnum];
633 DeviceState *armssedev = DEVICE(s);
634 DeviceState *dev_secctl = DEVICE(&s->secctl);
635 DeviceState *dev_splitter = DEVICE(splitter);
636 char *name;
637
638 name = g_strdup_printf("%s_nonsec", ppcname);
639 qdev_pass_gpios(dev_secctl, armssedev, name);
640 g_free(name);
641 name = g_strdup_printf("%s_ap", ppcname);
642 qdev_pass_gpios(dev_secctl, armssedev, name);
643 g_free(name);
644 name = g_strdup_printf("%s_irq_enable", ppcname);
645 qdev_pass_gpios(dev_secctl, armssedev, name);
646 g_free(name);
647 name = g_strdup_printf("%s_irq_clear", ppcname);
648 qdev_pass_gpios(dev_secctl, armssedev, name);
649 g_free(name);
650
651 /* irq_status is a little more tricky, because we need to
652 * split it so we can send it both to the security controller
653 * and to our OR gate for the NVIC interrupt line.
654 * Connect up the splitter's outputs, and create a GPIO input
655 * which will pass the line state to the input splitter.
656 */
657 name = g_strdup_printf("%s_irq_status", ppcname);
658 qdev_connect_gpio_out(dev_splitter, 0,
659 qdev_get_gpio_in_named(dev_secctl,
660 name, 0));
661 qdev_connect_gpio_out(dev_splitter, 1,
662 qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), ppcnum));
663 s->irq_status_in[ppcnum] = qdev_get_gpio_in(dev_splitter, 0);
664 qdev_init_gpio_in_named_with_opaque(armssedev, irq_status_forwarder,
665 s->irq_status_in[ppcnum], name, 1);
666 g_free(name);
667 }
668
669 static void armsse_forward_sec_resp_cfg(ARMSSE *s)
670 {
671 /* Forward the 3rd output from the splitter device as a
672 * named GPIO output of the armsse object.
673 */
674 DeviceState *dev = DEVICE(s);
675 DeviceState *dev_splitter = DEVICE(&s->sec_resp_splitter);
676
677 qdev_init_gpio_out_named(dev, &s->sec_resp_cfg, "sec_resp_cfg", 1);
678 s->sec_resp_cfg_in = qemu_allocate_irq(irq_status_forwarder,
679 s->sec_resp_cfg, 1);
680 qdev_connect_gpio_out(dev_splitter, 2, s->sec_resp_cfg_in);
681 }
682
683 static void armsse_mainclk_update(void *opaque, ClockEvent event)
684 {
685 ARMSSE *s = ARM_SSE(opaque);
686
687 /*
688 * Set system_clock_scale from our Clock input; this is what
689 * controls the tick rate of the CPU SysTick timer.
690 */
691 system_clock_scale = clock_ticks_to_ns(s->mainclk, 1);
692 }
693
694 static void armsse_init(Object *obj)
695 {
696 ARMSSE *s = ARM_SSE(obj);
697 ARMSSEClass *asc = ARM_SSE_GET_CLASS(obj);
698 const ARMSSEInfo *info = asc->info;
699 const ARMSSEDeviceInfo *devinfo;
700 int i;
701
702 assert(info->sram_banks <= MAX_SRAM_BANKS);
703 assert(info->num_cpus <= SSE_MAX_CPUS);
704
705 s->mainclk = qdev_init_clock_in(DEVICE(s), "MAINCLK",
706 armsse_mainclk_update, s, ClockUpdate);
707 s->s32kclk = qdev_init_clock_in(DEVICE(s), "S32KCLK", NULL, NULL, 0);
708
709 memory_region_init(&s->container, obj, "armsse-container", UINT64_MAX);
710
711 for (i = 0; i < info->num_cpus; i++) {
712 /*
713 * We put each CPU in its own cluster as they are logically
714 * distinct and may be configured differently.
715 */
716 char *name;
717
718 name = g_strdup_printf("cluster%d", i);
719 object_initialize_child(obj, name, &s->cluster[i], TYPE_CPU_CLUSTER);
720 qdev_prop_set_uint32(DEVICE(&s->cluster[i]), "cluster-id", i);
721 g_free(name);
722
723 name = g_strdup_printf("armv7m%d", i);
724 object_initialize_child(OBJECT(&s->cluster[i]), name, &s->armv7m[i],
725 TYPE_ARMV7M);
726 qdev_prop_set_string(DEVICE(&s->armv7m[i]), "cpu-type", info->cpu_type);
727 g_free(name);
728 name = g_strdup_printf("arm-sse-cpu-container%d", i);
729 memory_region_init(&s->cpu_container[i], obj, name, UINT64_MAX);
730 g_free(name);
731 if (i > 0) {
732 name = g_strdup_printf("arm-sse-container-alias%d", i);
733 memory_region_init_alias(&s->container_alias[i - 1], obj,
734 name, &s->container, 0, UINT64_MAX);
735 g_free(name);
736 }
737 }
738
739 for (devinfo = info->devinfo; devinfo->name; devinfo++) {
740 assert(devinfo->ppc == NO_PPC || devinfo->ppc < ARRAY_SIZE(s->apb_ppc));
741 if (!strcmp(devinfo->type, TYPE_CMSDK_APB_TIMER)) {
742 assert(devinfo->index < ARRAY_SIZE(s->timer));
743 object_initialize_child(obj, devinfo->name,
744 &s->timer[devinfo->index],
745 TYPE_CMSDK_APB_TIMER);
746 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_DUALTIMER)) {
747 assert(devinfo->index == 0);
748 object_initialize_child(obj, devinfo->name, &s->dualtimer,
749 TYPE_CMSDK_APB_DUALTIMER);
750 } else if (!strcmp(devinfo->type, TYPE_SSE_TIMER)) {
751 assert(devinfo->index < ARRAY_SIZE(s->sse_timer));
752 object_initialize_child(obj, devinfo->name,
753 &s->sse_timer[devinfo->index],
754 TYPE_SSE_TIMER);
755 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_WATCHDOG)) {
756 assert(devinfo->index < ARRAY_SIZE(s->cmsdk_watchdog));
757 object_initialize_child(obj, devinfo->name,
758 &s->cmsdk_watchdog[devinfo->index],
759 TYPE_CMSDK_APB_WATCHDOG);
760 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSINFO)) {
761 assert(devinfo->index == 0);
762 object_initialize_child(obj, devinfo->name, &s->sysinfo,
763 TYPE_IOTKIT_SYSINFO);
764 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSCTL)) {
765 assert(devinfo->index == 0);
766 object_initialize_child(obj, devinfo->name, &s->sysctl,
767 TYPE_IOTKIT_SYSCTL);
768 } else if (!strcmp(devinfo->type, TYPE_UNIMPLEMENTED_DEVICE)) {
769 assert(devinfo->index < ARRAY_SIZE(s->unimp));
770 object_initialize_child(obj, devinfo->name,
771 &s->unimp[devinfo->index],
772 TYPE_UNIMPLEMENTED_DEVICE);
773 } else {
774 g_assert_not_reached();
775 }
776 }
777
778 object_initialize_child(obj, "secctl", &s->secctl, TYPE_IOTKIT_SECCTL);
779
780 for (i = 0; i < ARRAY_SIZE(s->apb_ppc); i++) {
781 g_autofree char *name = g_strdup_printf("apb-ppc%d", i);
782 object_initialize_child(obj, name, &s->apb_ppc[i], TYPE_TZ_PPC);
783 }
784
785 for (i = 0; i < info->sram_banks; i++) {
786 char *name = g_strdup_printf("mpc%d", i);
787 object_initialize_child(obj, name, &s->mpc[i], TYPE_TZ_MPC);
788 g_free(name);
789 }
790 object_initialize_child(obj, "mpc-irq-orgate", &s->mpc_irq_orgate,
791 TYPE_OR_IRQ);
792
793 for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) {
794 char *name = g_strdup_printf("mpc-irq-splitter-%d", i);
795 SplitIRQ *splitter = &s->mpc_irq_splitter[i];
796
797 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ);
798 g_free(name);
799 }
800
801 if (info->has_mhus) {
802 object_initialize_child(obj, "mhu0", &s->mhu[0], TYPE_ARMSSE_MHU);
803 object_initialize_child(obj, "mhu1", &s->mhu[1], TYPE_ARMSSE_MHU);
804 }
805 if (info->has_cachectrl) {
806 for (i = 0; i < info->num_cpus; i++) {
807 char *name = g_strdup_printf("cachectrl%d", i);
808
809 object_initialize_child(obj, name, &s->cachectrl[i],
810 TYPE_UNIMPLEMENTED_DEVICE);
811 g_free(name);
812 }
813 }
814 if (info->has_cpusecctrl) {
815 for (i = 0; i < info->num_cpus; i++) {
816 char *name = g_strdup_printf("cpusecctrl%d", i);
817
818 object_initialize_child(obj, name, &s->cpusecctrl[i],
819 TYPE_UNIMPLEMENTED_DEVICE);
820 g_free(name);
821 }
822 }
823 if (info->has_cpuid) {
824 for (i = 0; i < info->num_cpus; i++) {
825 char *name = g_strdup_printf("cpuid%d", i);
826
827 object_initialize_child(obj, name, &s->cpuid[i],
828 TYPE_ARMSSE_CPUID);
829 g_free(name);
830 }
831 }
832 if (info->has_cpu_pwrctrl) {
833 for (i = 0; i < info->num_cpus; i++) {
834 char *name = g_strdup_printf("cpu_pwrctrl%d", i);
835
836 object_initialize_child(obj, name, &s->cpu_pwrctrl[i],
837 TYPE_ARMSSE_CPU_PWRCTRL);
838 g_free(name);
839 }
840 }
841 if (info->has_sse_counter) {
842 object_initialize_child(obj, "sse-counter", &s->sse_counter,
843 TYPE_SSE_COUNTER);
844 }
845
846 object_initialize_child(obj, "nmi-orgate", &s->nmi_orgate, TYPE_OR_IRQ);
847 object_initialize_child(obj, "ppc-irq-orgate", &s->ppc_irq_orgate,
848 TYPE_OR_IRQ);
849 object_initialize_child(obj, "sec-resp-splitter", &s->sec_resp_splitter,
850 TYPE_SPLIT_IRQ);
851 for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) {
852 char *name = g_strdup_printf("ppc-irq-splitter-%d", i);
853 SplitIRQ *splitter = &s->ppc_irq_splitter[i];
854
855 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ);
856 g_free(name);
857 }
858 if (info->num_cpus > 1) {
859 for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) {
860 if (info->irq_is_common[i]) {
861 char *name = g_strdup_printf("cpu-irq-splitter%d", i);
862 SplitIRQ *splitter = &s->cpu_irq_splitter[i];
863
864 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ);
865 g_free(name);
866 }
867 }
868 }
869 }
870
871 static void armsse_exp_irq(void *opaque, int n, int level)
872 {
873 qemu_irq *irqarray = opaque;
874
875 qemu_set_irq(irqarray[n], level);
876 }
877
878 static void armsse_mpcexp_status(void *opaque, int n, int level)
879 {
880 ARMSSE *s = ARM_SSE(opaque);
881 qemu_set_irq(s->mpcexp_status_in[n], level);
882 }
883
884 static qemu_irq armsse_get_common_irq_in(ARMSSE *s, int irqno)
885 {
886 /*
887 * Return a qemu_irq which can be used to signal IRQ n to
888 * all CPUs in the SSE.
889 */
890 ARMSSEClass *asc = ARM_SSE_GET_CLASS(s);
891 const ARMSSEInfo *info = asc->info;
892
893 assert(info->irq_is_common[irqno]);
894
895 if (info->num_cpus == 1) {
896 /* Only one CPU -- just connect directly to it */
897 return qdev_get_gpio_in(DEVICE(&s->armv7m[0]), irqno);
898 } else {
899 /* Connect to the splitter which feeds all CPUs */
900 return qdev_get_gpio_in(DEVICE(&s->cpu_irq_splitter[irqno]), 0);
901 }
902 }
903
904 static void armsse_realize(DeviceState *dev, Error **errp)
905 {
906 ARMSSE *s = ARM_SSE(dev);
907 ARMSSEClass *asc = ARM_SSE_GET_CLASS(dev);
908 const ARMSSEInfo *info = asc->info;
909 const ARMSSEDeviceInfo *devinfo;
910 int i;
911 MemoryRegion *mr;
912 Error *err = NULL;
913 SysBusDevice *sbd_apb_ppc0;
914 SysBusDevice *sbd_secctl;
915 DeviceState *dev_apb_ppc0;
916 DeviceState *dev_apb_ppc1;
917 DeviceState *dev_secctl;
918 DeviceState *dev_splitter;
919 uint32_t addr_width_max;
920
921 if (!s->board_memory) {
922 error_setg(errp, "memory property was not set");
923 return;
924 }
925
926 if (!clock_has_source(s->mainclk)) {
927 error_setg(errp, "MAINCLK clock was not connected");
928 }
929 if (!clock_has_source(s->s32kclk)) {
930 error_setg(errp, "S32KCLK clock was not connected");
931 }
932
933 assert(info->num_cpus <= SSE_MAX_CPUS);
934
935 /* max SRAM_ADDR_WIDTH: 24 - log2(SRAM_NUM_BANK) */
936 assert(is_power_of_2(info->sram_banks));
937 addr_width_max = 24 - ctz32(info->sram_banks);
938 if (s->sram_addr_width < 1 || s->sram_addr_width > addr_width_max) {
939 error_setg(errp, "SRAM_ADDR_WIDTH must be between 1 and %d",
940 addr_width_max);
941 return;
942 }
943
944 /* Handling of which devices should be available only to secure
945 * code is usually done differently for M profile than for A profile.
946 * Instead of putting some devices only into the secure address space,
947 * devices exist in both address spaces but with hard-wired security
948 * permissions that will cause the CPU to fault for non-secure accesses.
949 *
950 * The ARMSSE has an IDAU (Implementation Defined Access Unit),
951 * which specifies hard-wired security permissions for different
952 * areas of the physical address space. For the ARMSSE IDAU, the
953 * top 4 bits of the physical address are the IDAU region ID, and
954 * if bit 28 (ie the lowest bit of the ID) is 0 then this is an NS
955 * region, otherwise it is an S region.
956 *
957 * The various devices and RAMs are generally all mapped twice,
958 * once into a region that the IDAU defines as secure and once
959 * into a non-secure region. They sit behind either a Memory
960 * Protection Controller (for RAM) or a Peripheral Protection
961 * Controller (for devices), which allow a more fine grained
962 * configuration of whether non-secure accesses are permitted.
963 *
964 * (The other place that guest software can configure security
965 * permissions is in the architected SAU (Security Attribution
966 * Unit), which is entirely inside the CPU. The IDAU can upgrade
967 * the security attributes for a region to more restrictive than
968 * the SAU specifies, but cannot downgrade them.)
969 *
970 * 0x10000000..0x1fffffff alias of 0x00000000..0x0fffffff
971 * 0x20000000..0x2007ffff 32KB FPGA block RAM
972 * 0x30000000..0x3fffffff alias of 0x20000000..0x2fffffff
973 * 0x40000000..0x4000ffff base peripheral region 1
974 * 0x40010000..0x4001ffff CPU peripherals (none for ARMSSE)
975 * 0x40020000..0x4002ffff system control element peripherals
976 * 0x40080000..0x400fffff base peripheral region 2
977 * 0x50000000..0x5fffffff alias of 0x40000000..0x4fffffff
978 */
979
980 memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -2);
981
982 for (i = 0; i < info->num_cpus; i++) {
983 DeviceState *cpudev = DEVICE(&s->armv7m[i]);
984 Object *cpuobj = OBJECT(&s->armv7m[i]);
985 int j;
986 char *gpioname;
987
988 qdev_prop_set_uint32(cpudev, "num-irq", s->exp_numirq + NUM_SSE_IRQS);
989 /*
990 * In real hardware the initial Secure VTOR is set from the INITSVTOR*
991 * registers in the IoT Kit System Control Register block. In QEMU
992 * we set the initial value here, and also the reset value of the
993 * sysctl register, from this object's QOM init-svtor property.
994 * If the guest changes the INITSVTOR* registers at runtime then the
995 * code in iotkit-sysctl.c will update the CPU init-svtor property
996 * (which will then take effect on the next CPU warm-reset).
997 *
998 * Note that typically a board using the SSE-200 will have a system
999 * control processor whose boot firmware initializes the INITSVTOR*
1000 * registers before powering up the CPUs. QEMU doesn't emulate
1001 * the control processor, so instead we behave in the way that the
1002 * firmware does: the initial value should be set by the board code
1003 * (using the init-svtor property on the ARMSSE object) to match
1004 * whatever its firmware does.
1005 */
1006 qdev_prop_set_uint32(cpudev, "init-svtor", s->init_svtor);
1007 /*
1008 * CPUs start powered down if the corresponding bit in the CPUWAIT
1009 * register is 1. In real hardware the CPUWAIT register reset value is
1010 * a configurable property of the SSE-200 (via the CPUWAIT0_RST and
1011 * CPUWAIT1_RST parameters), but since all the boards we care about
1012 * start CPU0 and leave CPU1 powered off, we hard-code that in
1013 * info->cpuwait_rst for now. We can add QOM properties for this
1014 * later if necessary.
1015 */
1016 if (extract32(info->cpuwait_rst, i, 1)) {
1017 if (!object_property_set_bool(cpuobj, "start-powered-off", true,
1018 errp)) {
1019 return;
1020 }
1021 }
1022 if (!s->cpu_fpu[i]) {
1023 if (!object_property_set_bool(cpuobj, "vfp", false, errp)) {
1024 return;
1025 }
1026 }
1027 if (!s->cpu_dsp[i]) {
1028 if (!object_property_set_bool(cpuobj, "dsp", false, errp)) {
1029 return;
1030 }
1031 }
1032
1033 if (i > 0) {
1034 memory_region_add_subregion_overlap(&s->cpu_container[i], 0,
1035 &s->container_alias[i - 1], -1);
1036 } else {
1037 memory_region_add_subregion_overlap(&s->cpu_container[i], 0,
1038 &s->container, -1);
1039 }
1040 object_property_set_link(cpuobj, "memory",
1041 OBJECT(&s->cpu_container[i]), &error_abort);
1042 object_property_set_link(cpuobj, "idau", OBJECT(s), &error_abort);
1043 if (!sysbus_realize(SYS_BUS_DEVICE(cpuobj), errp)) {
1044 return;
1045 }
1046 /*
1047 * The cluster must be realized after the armv7m container, as
1048 * the container's CPU object is only created on realize, and the
1049 * CPU must exist and have been parented into the cluster before
1050 * the cluster is realized.
1051 */
1052 if (!qdev_realize(DEVICE(&s->cluster[i]), NULL, errp)) {
1053 return;
1054 }
1055
1056 /* Connect EXP_IRQ/EXP_CPUn_IRQ GPIOs to the NVIC's lines 32 and up */
1057 s->exp_irqs[i] = g_new(qemu_irq, s->exp_numirq);
1058 for (j = 0; j < s->exp_numirq; j++) {
1059 s->exp_irqs[i][j] = qdev_get_gpio_in(cpudev, j + NUM_SSE_IRQS);
1060 }
1061 if (i == 0) {
1062 gpioname = g_strdup("EXP_IRQ");
1063 } else {
1064 gpioname = g_strdup_printf("EXP_CPU%d_IRQ", i);
1065 }
1066 qdev_init_gpio_in_named_with_opaque(dev, armsse_exp_irq,
1067 s->exp_irqs[i],
1068 gpioname, s->exp_numirq);
1069 g_free(gpioname);
1070 }
1071
1072 /* Wire up the splitters that connect common IRQs to all CPUs */
1073 if (info->num_cpus > 1) {
1074 for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) {
1075 if (info->irq_is_common[i]) {
1076 Object *splitter = OBJECT(&s->cpu_irq_splitter[i]);
1077 DeviceState *devs = DEVICE(splitter);
1078 int cpunum;
1079
1080 if (!object_property_set_int(splitter, "num-lines",
1081 info->num_cpus, errp)) {
1082 return;
1083 }
1084 if (!qdev_realize(DEVICE(splitter), NULL, errp)) {
1085 return;
1086 }
1087 for (cpunum = 0; cpunum < info->num_cpus; cpunum++) {
1088 DeviceState *cpudev = DEVICE(&s->armv7m[cpunum]);
1089
1090 qdev_connect_gpio_out(devs, cpunum,
1091 qdev_get_gpio_in(cpudev, i));
1092 }
1093 }
1094 }
1095 }
1096
1097 /* Set up the big aliases first */
1098 make_alias(s, &s->alias1, &s->container, "alias 1",
1099 0x10000000, 0x10000000, 0x00000000);
1100 make_alias(s, &s->alias2, &s->container,
1101 "alias 2", 0x30000000, 0x10000000, 0x20000000);
1102 /* The 0x50000000..0x5fffffff region is not a pure alias: it has
1103 * a few extra devices that only appear there (generally the
1104 * control interfaces for the protection controllers).
1105 * We implement this by mapping those devices over the top of this
1106 * alias MR at a higher priority. Some of the devices in this range
1107 * are per-CPU, so we must put this alias in the per-cpu containers.
1108 */
1109 for (i = 0; i < info->num_cpus; i++) {
1110 make_alias(s, &s->alias3[i], &s->cpu_container[i],
1111 "alias 3", 0x50000000, 0x10000000, 0x40000000);
1112 }
1113
1114 /* Security controller */
1115 object_property_set_int(OBJECT(&s->secctl), "sse-version",
1116 info->sse_version, &error_abort);
1117 if (!sysbus_realize(SYS_BUS_DEVICE(&s->secctl), errp)) {
1118 return;
1119 }
1120 sbd_secctl = SYS_BUS_DEVICE(&s->secctl);
1121 dev_secctl = DEVICE(&s->secctl);
1122 sysbus_mmio_map(sbd_secctl, 0, 0x50080000);
1123 sysbus_mmio_map(sbd_secctl, 1, 0x40080000);
1124
1125 s->nsc_cfg_in = qemu_allocate_irq(nsccfg_handler, s, 1);
1126 qdev_connect_gpio_out_named(dev_secctl, "nsc_cfg", 0, s->nsc_cfg_in);
1127
1128 /* The sec_resp_cfg output from the security controller must be split into
1129 * multiple lines, one for each of the PPCs within the ARMSSE and one
1130 * that will be an output from the ARMSSE to the system.
1131 */
1132 if (!object_property_set_int(OBJECT(&s->sec_resp_splitter),
1133 "num-lines", 3, errp)) {
1134 return;
1135 }
1136 if (!qdev_realize(DEVICE(&s->sec_resp_splitter), NULL, errp)) {
1137 return;
1138 }
1139 dev_splitter = DEVICE(&s->sec_resp_splitter);
1140 qdev_connect_gpio_out_named(dev_secctl, "sec_resp_cfg", 0,
1141 qdev_get_gpio_in(dev_splitter, 0));
1142
1143 /* Each SRAM bank lives behind its own Memory Protection Controller */
1144 for (i = 0; i < info->sram_banks; i++) {
1145 char *ramname = g_strdup_printf("armsse.sram%d", i);
1146 SysBusDevice *sbd_mpc;
1147 uint32_t sram_bank_size = 1 << s->sram_addr_width;
1148
1149 memory_region_init_ram(&s->sram[i], NULL, ramname,
1150 sram_bank_size, &err);
1151 g_free(ramname);
1152 if (err) {
1153 error_propagate(errp, err);
1154 return;
1155 }
1156 object_property_set_link(OBJECT(&s->mpc[i]), "downstream",
1157 OBJECT(&s->sram[i]), &error_abort);
1158 if (!sysbus_realize(SYS_BUS_DEVICE(&s->mpc[i]), errp)) {
1159 return;
1160 }
1161 /* Map the upstream end of the MPC into the right place... */
1162 sbd_mpc = SYS_BUS_DEVICE(&s->mpc[i]);
1163 memory_region_add_subregion(&s->container,
1164 0x20000000 + i * sram_bank_size,
1165 sysbus_mmio_get_region(sbd_mpc, 1));
1166 /* ...and its register interface */
1167 memory_region_add_subregion(&s->container, 0x50083000 + i * 0x1000,
1168 sysbus_mmio_get_region(sbd_mpc, 0));
1169 }
1170
1171 /* We must OR together lines from the MPC splitters to go to the NVIC */
1172 if (!object_property_set_int(OBJECT(&s->mpc_irq_orgate), "num-lines",
1173 IOTS_NUM_EXP_MPC + info->sram_banks,
1174 errp)) {
1175 return;
1176 }
1177 if (!qdev_realize(DEVICE(&s->mpc_irq_orgate), NULL, errp)) {
1178 return;
1179 }
1180 qdev_connect_gpio_out(DEVICE(&s->mpc_irq_orgate), 0,
1181 armsse_get_common_irq_in(s, 9));
1182
1183 /* This OR gate wires together outputs from the secure watchdogs to NMI */
1184 if (!object_property_set_int(OBJECT(&s->nmi_orgate), "num-lines", 2,
1185 errp)) {
1186 return;
1187 }
1188 if (!qdev_realize(DEVICE(&s->nmi_orgate), NULL, errp)) {
1189 return;
1190 }
1191 qdev_connect_gpio_out(DEVICE(&s->nmi_orgate), 0,
1192 qdev_get_gpio_in_named(DEVICE(&s->armv7m), "NMI", 0));
1193
1194 /* The SSE-300 has a System Counter / System Timestamp Generator */
1195 if (info->has_sse_counter) {
1196 SysBusDevice *sbd = SYS_BUS_DEVICE(&s->sse_counter);
1197
1198 qdev_connect_clock_in(DEVICE(sbd), "CLK", s->mainclk);
1199 if (!sysbus_realize(sbd, errp)) {
1200 return;
1201 }
1202 /*
1203 * The control frame is only in the Secure region;
1204 * the status frame is in the NS region (and visible in the
1205 * S region via the alias mapping).
1206 */
1207 memory_region_add_subregion(&s->container, 0x58100000,
1208 sysbus_mmio_get_region(sbd, 0));
1209 memory_region_add_subregion(&s->container, 0x48101000,
1210 sysbus_mmio_get_region(sbd, 1));
1211 }
1212
1213 /* Devices behind APB PPC0:
1214 * 0x40000000: timer0
1215 * 0x40001000: timer1
1216 * 0x40002000: dual timer
1217 * 0x40003000: MHU0 (SSE-200 only)
1218 * 0x40004000: MHU1 (SSE-200 only)
1219 * We must configure and realize each downstream device and connect
1220 * it to the appropriate PPC port; then we can realize the PPC and
1221 * map its upstream ends to the right place in the container.
1222 */
1223 for (devinfo = info->devinfo; devinfo->name; devinfo++) {
1224 SysBusDevice *sbd;
1225 qemu_irq irq;
1226
1227 if (!strcmp(devinfo->type, TYPE_CMSDK_APB_TIMER)) {
1228 sbd = SYS_BUS_DEVICE(&s->timer[devinfo->index]);
1229
1230 qdev_connect_clock_in(DEVICE(sbd), "pclk",
1231 devinfo->slowclk ? s->s32kclk : s->mainclk);
1232 if (!sysbus_realize(sbd, errp)) {
1233 return;
1234 }
1235 mr = sysbus_mmio_get_region(sbd, 0);
1236 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_DUALTIMER)) {
1237 sbd = SYS_BUS_DEVICE(&s->dualtimer);
1238
1239 qdev_connect_clock_in(DEVICE(sbd), "TIMCLK", s->mainclk);
1240 if (!sysbus_realize(sbd, errp)) {
1241 return;
1242 }
1243 mr = sysbus_mmio_get_region(sbd, 0);
1244 } else if (!strcmp(devinfo->type, TYPE_SSE_TIMER)) {
1245 sbd = SYS_BUS_DEVICE(&s->sse_timer[devinfo->index]);
1246
1247 assert(info->has_sse_counter);
1248 object_property_set_link(OBJECT(sbd), "counter",
1249 OBJECT(&s->sse_counter), &error_abort);
1250 if (!sysbus_realize(sbd, errp)) {
1251 return;
1252 }
1253 mr = sysbus_mmio_get_region(sbd, 0);
1254 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_WATCHDOG)) {
1255 sbd = SYS_BUS_DEVICE(&s->cmsdk_watchdog[devinfo->index]);
1256
1257 qdev_connect_clock_in(DEVICE(sbd), "WDOGCLK",
1258 devinfo->slowclk ? s->s32kclk : s->mainclk);
1259 if (!sysbus_realize(sbd, errp)) {
1260 return;
1261 }
1262 mr = sysbus_mmio_get_region(sbd, 0);
1263 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSINFO)) {
1264 sbd = SYS_BUS_DEVICE(&s->sysinfo);
1265
1266 object_property_set_int(OBJECT(&s->sysinfo), "SYS_VERSION",
1267 info->sys_version, &error_abort);
1268 object_property_set_int(OBJECT(&s->sysinfo), "SYS_CONFIG",
1269 armsse_sys_config_value(s, info),
1270 &error_abort);
1271 object_property_set_int(OBJECT(&s->sysinfo), "sse-version",
1272 info->sse_version, &error_abort);
1273 object_property_set_int(OBJECT(&s->sysinfo), "IIDR",
1274 info->iidr, &error_abort);
1275 if (!sysbus_realize(sbd, errp)) {
1276 return;
1277 }
1278 mr = sysbus_mmio_get_region(sbd, 0);
1279 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSCTL)) {
1280 /* System control registers */
1281 sbd = SYS_BUS_DEVICE(&s->sysctl);
1282
1283 object_property_set_int(OBJECT(&s->sysctl), "sse-version",
1284 info->sse_version, &error_abort);
1285 object_property_set_int(OBJECT(&s->sysctl), "CPUWAIT_RST",
1286 info->cpuwait_rst, &error_abort);
1287 object_property_set_int(OBJECT(&s->sysctl), "INITSVTOR0_RST",
1288 s->init_svtor, &error_abort);
1289 object_property_set_int(OBJECT(&s->sysctl), "INITSVTOR1_RST",
1290 s->init_svtor, &error_abort);
1291 if (!sysbus_realize(sbd, errp)) {
1292 return;
1293 }
1294 mr = sysbus_mmio_get_region(sbd, 0);
1295 } else if (!strcmp(devinfo->type, TYPE_UNIMPLEMENTED_DEVICE)) {
1296 sbd = SYS_BUS_DEVICE(&s->unimp[devinfo->index]);
1297
1298 qdev_prop_set_string(DEVICE(sbd), "name", devinfo->name);
1299 qdev_prop_set_uint64(DEVICE(sbd), "size", devinfo->size);
1300 if (!sysbus_realize(sbd, errp)) {
1301 return;
1302 }
1303 mr = sysbus_mmio_get_region(sbd, 0);
1304 } else {
1305 g_assert_not_reached();
1306 }
1307
1308 switch (devinfo->irq) {
1309 case NO_IRQ:
1310 irq = NULL;
1311 break;
1312 case 0 ... NUM_SSE_IRQS - 1:
1313 irq = armsse_get_common_irq_in(s, devinfo->irq);
1314 break;
1315 case NMI_0:
1316 case NMI_1:
1317 irq = qdev_get_gpio_in(DEVICE(&s->nmi_orgate),
1318 devinfo->irq - NMI_0);
1319 break;
1320 default:
1321 g_assert_not_reached();
1322 }
1323
1324 if (irq) {
1325 sysbus_connect_irq(sbd, 0, irq);
1326 }
1327
1328 /*
1329 * Devices connected to a PPC are connected to the port here;
1330 * we will map the upstream end of that port to the right address
1331 * in the container later after the PPC has been realized.
1332 * Devices not connected to a PPC can be mapped immediately.
1333 */
1334 if (devinfo->ppc != NO_PPC) {
1335 TZPPC *ppc = &s->apb_ppc[devinfo->ppc];
1336 g_autofree char *portname = g_strdup_printf("port[%d]",
1337 devinfo->ppc_port);
1338 object_property_set_link(OBJECT(ppc), portname, OBJECT(mr),
1339 &error_abort);
1340 } else {
1341 memory_region_add_subregion(&s->container, devinfo->addr, mr);
1342 }
1343 }
1344
1345 if (info->has_mhus) {
1346 /*
1347 * An SSE-200 with only one CPU should have only one MHU created,
1348 * with the region where the second MHU usually is being RAZ/WI.
1349 * We don't implement that SSE-200 config; if we want to support
1350 * it then this code needs to be enhanced to handle creating the
1351 * RAZ/WI region instead of the second MHU.
1352 */
1353 assert(info->num_cpus == ARRAY_SIZE(s->mhu));
1354
1355 for (i = 0; i < ARRAY_SIZE(s->mhu); i++) {
1356 char *port;
1357 int cpunum;
1358 SysBusDevice *mhu_sbd = SYS_BUS_DEVICE(&s->mhu[i]);
1359
1360 if (!sysbus_realize(SYS_BUS_DEVICE(&s->mhu[i]), errp)) {
1361 return;
1362 }
1363 port = g_strdup_printf("port[%d]", i + 3);
1364 mr = sysbus_mmio_get_region(mhu_sbd, 0);
1365 object_property_set_link(OBJECT(&s->apb_ppc[0]), port, OBJECT(mr),
1366 &error_abort);
1367 g_free(port);
1368
1369 /*
1370 * Each MHU has an irq line for each CPU:
1371 * MHU 0 irq line 0 -> CPU 0 IRQ 6
1372 * MHU 0 irq line 1 -> CPU 1 IRQ 6
1373 * MHU 1 irq line 0 -> CPU 0 IRQ 7
1374 * MHU 1 irq line 1 -> CPU 1 IRQ 7
1375 */
1376 for (cpunum = 0; cpunum < info->num_cpus; cpunum++) {
1377 DeviceState *cpudev = DEVICE(&s->armv7m[cpunum]);
1378
1379 sysbus_connect_irq(mhu_sbd, cpunum,
1380 qdev_get_gpio_in(cpudev, 6 + i));
1381 }
1382 }
1383 }
1384
1385 if (!sysbus_realize(SYS_BUS_DEVICE(&s->apb_ppc[0]), errp)) {
1386 return;
1387 }
1388
1389 sbd_apb_ppc0 = SYS_BUS_DEVICE(&s->apb_ppc[0]);
1390 dev_apb_ppc0 = DEVICE(&s->apb_ppc[0]);
1391
1392 if (info->has_mhus) {
1393 mr = sysbus_mmio_get_region(sbd_apb_ppc0, 3);
1394 memory_region_add_subregion(&s->container, 0x40003000, mr);
1395 mr = sysbus_mmio_get_region(sbd_apb_ppc0, 4);
1396 memory_region_add_subregion(&s->container, 0x40004000, mr);
1397 }
1398 for (i = 0; i < IOTS_APB_PPC0_NUM_PORTS; i++) {
1399 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_nonsec", i,
1400 qdev_get_gpio_in_named(dev_apb_ppc0,
1401 "cfg_nonsec", i));
1402 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_ap", i,
1403 qdev_get_gpio_in_named(dev_apb_ppc0,
1404 "cfg_ap", i));
1405 }
1406 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_enable", 0,
1407 qdev_get_gpio_in_named(dev_apb_ppc0,
1408 "irq_enable", 0));
1409 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_clear", 0,
1410 qdev_get_gpio_in_named(dev_apb_ppc0,
1411 "irq_clear", 0));
1412 qdev_connect_gpio_out(dev_splitter, 0,
1413 qdev_get_gpio_in_named(dev_apb_ppc0,
1414 "cfg_sec_resp", 0));
1415
1416 /* All the PPC irq lines (from the 2 internal PPCs and the 8 external
1417 * ones) are sent individually to the security controller, and also
1418 * ORed together to give a single combined PPC interrupt to the NVIC.
1419 */
1420 if (!object_property_set_int(OBJECT(&s->ppc_irq_orgate),
1421 "num-lines", NUM_PPCS, errp)) {
1422 return;
1423 }
1424 if (!qdev_realize(DEVICE(&s->ppc_irq_orgate), NULL, errp)) {
1425 return;
1426 }
1427 qdev_connect_gpio_out(DEVICE(&s->ppc_irq_orgate), 0,
1428 armsse_get_common_irq_in(s, 10));
1429
1430 /*
1431 * 0x40010000 .. 0x4001ffff (and the 0x5001000... secure-only alias):
1432 * private per-CPU region (all these devices are SSE-200 only):
1433 * 0x50010000: L1 icache control registers
1434 * 0x50011000: CPUSECCTRL (CPU local security control registers)
1435 * 0x4001f000 and 0x5001f000: CPU_IDENTITY register block
1436 * The SSE-300 has an extra:
1437 * 0x40012000 and 0x50012000: CPU_PWRCTRL register block
1438 */
1439 if (info->has_cachectrl) {
1440 for (i = 0; i < info->num_cpus; i++) {
1441 char *name = g_strdup_printf("cachectrl%d", i);
1442 MemoryRegion *mr;
1443
1444 qdev_prop_set_string(DEVICE(&s->cachectrl[i]), "name", name);
1445 g_free(name);
1446 qdev_prop_set_uint64(DEVICE(&s->cachectrl[i]), "size", 0x1000);
1447 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cachectrl[i]), errp)) {
1448 return;
1449 }
1450
1451 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cachectrl[i]), 0);
1452 memory_region_add_subregion(&s->cpu_container[i], 0x50010000, mr);
1453 }
1454 }
1455 if (info->has_cpusecctrl) {
1456 for (i = 0; i < info->num_cpus; i++) {
1457 char *name = g_strdup_printf("CPUSECCTRL%d", i);
1458 MemoryRegion *mr;
1459
1460 qdev_prop_set_string(DEVICE(&s->cpusecctrl[i]), "name", name);
1461 g_free(name);
1462 qdev_prop_set_uint64(DEVICE(&s->cpusecctrl[i]), "size", 0x1000);
1463 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpusecctrl[i]), errp)) {
1464 return;
1465 }
1466
1467 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpusecctrl[i]), 0);
1468 memory_region_add_subregion(&s->cpu_container[i], 0x50011000, mr);
1469 }
1470 }
1471 if (info->has_cpuid) {
1472 for (i = 0; i < info->num_cpus; i++) {
1473 MemoryRegion *mr;
1474
1475 qdev_prop_set_uint32(DEVICE(&s->cpuid[i]), "CPUID", i);
1476 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpuid[i]), errp)) {
1477 return;
1478 }
1479
1480 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpuid[i]), 0);
1481 memory_region_add_subregion(&s->cpu_container[i], 0x4001F000, mr);
1482 }
1483 }
1484 if (info->has_cpu_pwrctrl) {
1485 for (i = 0; i < info->num_cpus; i++) {
1486 MemoryRegion *mr;
1487
1488 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpu_pwrctrl[i]), errp)) {
1489 return;
1490 }
1491
1492 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpu_pwrctrl[i]), 0);
1493 memory_region_add_subregion(&s->cpu_container[i], 0x40012000, mr);
1494 }
1495 }
1496
1497 if (!sysbus_realize(SYS_BUS_DEVICE(&s->apb_ppc[1]), errp)) {
1498 return;
1499 }
1500
1501 dev_apb_ppc1 = DEVICE(&s->apb_ppc[1]);
1502 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_nonsec", 0,
1503 qdev_get_gpio_in_named(dev_apb_ppc1,
1504 "cfg_nonsec", 0));
1505 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_ap", 0,
1506 qdev_get_gpio_in_named(dev_apb_ppc1,
1507 "cfg_ap", 0));
1508 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_enable", 0,
1509 qdev_get_gpio_in_named(dev_apb_ppc1,
1510 "irq_enable", 0));
1511 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_clear", 0,
1512 qdev_get_gpio_in_named(dev_apb_ppc1,
1513 "irq_clear", 0));
1514 qdev_connect_gpio_out(dev_splitter, 1,
1515 qdev_get_gpio_in_named(dev_apb_ppc1,
1516 "cfg_sec_resp", 0));
1517
1518 /*
1519 * Now both PPCs are realized we can map the upstream ends of
1520 * ports which correspond to entries in the devinfo array.
1521 * The ports which are connected to non-devinfo devices have
1522 * already been mapped.
1523 */
1524 for (devinfo = info->devinfo; devinfo->name; devinfo++) {
1525 SysBusDevice *ppc_sbd;
1526
1527 if (devinfo->ppc == NO_PPC) {
1528 continue;
1529 }
1530 ppc_sbd = SYS_BUS_DEVICE(&s->apb_ppc[devinfo->ppc]);
1531 mr = sysbus_mmio_get_region(ppc_sbd, devinfo->ppc_port);
1532 memory_region_add_subregion(&s->container, devinfo->addr, mr);
1533 }
1534
1535 for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) {
1536 Object *splitter = OBJECT(&s->ppc_irq_splitter[i]);
1537
1538 if (!object_property_set_int(splitter, "num-lines", 2, errp)) {
1539 return;
1540 }
1541 if (!qdev_realize(DEVICE(splitter), NULL, errp)) {
1542 return;
1543 }
1544 }
1545
1546 for (i = 0; i < IOTS_NUM_AHB_EXP_PPC; i++) {
1547 char *ppcname = g_strdup_printf("ahb_ppcexp%d", i);
1548
1549 armsse_forward_ppc(s, ppcname, i);
1550 g_free(ppcname);
1551 }
1552
1553 for (i = 0; i < IOTS_NUM_APB_EXP_PPC; i++) {
1554 char *ppcname = g_strdup_printf("apb_ppcexp%d", i);
1555
1556 armsse_forward_ppc(s, ppcname, i + IOTS_NUM_AHB_EXP_PPC);
1557 g_free(ppcname);
1558 }
1559
1560 for (i = NUM_EXTERNAL_PPCS; i < NUM_PPCS; i++) {
1561 /* Wire up IRQ splitter for internal PPCs */
1562 DeviceState *devs = DEVICE(&s->ppc_irq_splitter[i]);
1563 char *gpioname = g_strdup_printf("apb_ppc%d_irq_status",
1564 i - NUM_EXTERNAL_PPCS);
1565 TZPPC *ppc = &s->apb_ppc[i - NUM_EXTERNAL_PPCS];
1566
1567 qdev_connect_gpio_out(devs, 0,
1568 qdev_get_gpio_in_named(dev_secctl, gpioname, 0));
1569 qdev_connect_gpio_out(devs, 1,
1570 qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), i));
1571 qdev_connect_gpio_out_named(DEVICE(ppc), "irq", 0,
1572 qdev_get_gpio_in(devs, 0));
1573 g_free(gpioname);
1574 }
1575
1576 /* Wire up the splitters for the MPC IRQs */
1577 for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) {
1578 SplitIRQ *splitter = &s->mpc_irq_splitter[i];
1579 DeviceState *dev_splitter = DEVICE(splitter);
1580
1581 if (!object_property_set_int(OBJECT(splitter), "num-lines", 2,
1582 errp)) {
1583 return;
1584 }
1585 if (!qdev_realize(DEVICE(splitter), NULL, errp)) {
1586 return;
1587 }
1588
1589 if (i < IOTS_NUM_EXP_MPC) {
1590 /* Splitter input is from GPIO input line */
1591 s->mpcexp_status_in[i] = qdev_get_gpio_in(dev_splitter, 0);
1592 qdev_connect_gpio_out(dev_splitter, 0,
1593 qdev_get_gpio_in_named(dev_secctl,
1594 "mpcexp_status", i));
1595 } else {
1596 /* Splitter input is from our own MPC */
1597 qdev_connect_gpio_out_named(DEVICE(&s->mpc[i - IOTS_NUM_EXP_MPC]),
1598 "irq", 0,
1599 qdev_get_gpio_in(dev_splitter, 0));
1600 qdev_connect_gpio_out(dev_splitter, 0,
1601 qdev_get_gpio_in_named(dev_secctl,
1602 "mpc_status",
1603 i - IOTS_NUM_EXP_MPC));
1604 }
1605
1606 qdev_connect_gpio_out(dev_splitter, 1,
1607 qdev_get_gpio_in(DEVICE(&s->mpc_irq_orgate), i));
1608 }
1609 /* Create GPIO inputs which will pass the line state for our
1610 * mpcexp_irq inputs to the correct splitter devices.
1611 */
1612 qdev_init_gpio_in_named(dev, armsse_mpcexp_status, "mpcexp_status",
1613 IOTS_NUM_EXP_MPC);
1614
1615 armsse_forward_sec_resp_cfg(s);
1616
1617 /* Forward the MSC related signals */
1618 qdev_pass_gpios(dev_secctl, dev, "mscexp_status");
1619 qdev_pass_gpios(dev_secctl, dev, "mscexp_clear");
1620 qdev_pass_gpios(dev_secctl, dev, "mscexp_ns");
1621 qdev_connect_gpio_out_named(dev_secctl, "msc_irq", 0,
1622 armsse_get_common_irq_in(s, 11));
1623
1624 /*
1625 * Expose our container region to the board model; this corresponds
1626 * to the AHB Slave Expansion ports which allow bus master devices
1627 * (eg DMA controllers) in the board model to make transactions into
1628 * devices in the ARMSSE.
1629 */
1630 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->container);
1631
1632 /* Set initial system_clock_scale from MAINCLK */
1633 armsse_mainclk_update(s, ClockUpdate);
1634 }
1635
1636 static void armsse_idau_check(IDAUInterface *ii, uint32_t address,
1637 int *iregion, bool *exempt, bool *ns, bool *nsc)
1638 {
1639 /*
1640 * For ARMSSE systems the IDAU responses are simple logical functions
1641 * of the address bits. The NSC attribute is guest-adjustable via the
1642 * NSCCFG register in the security controller.
1643 */
1644 ARMSSE *s = ARM_SSE(ii);
1645 int region = extract32(address, 28, 4);
1646
1647 *ns = !(region & 1);
1648 *nsc = (region == 1 && (s->nsccfg & 1)) || (region == 3 && (s->nsccfg & 2));
1649 /* 0xe0000000..0xe00fffff and 0xf0000000..0xf00fffff are exempt */
1650 *exempt = (address & 0xeff00000) == 0xe0000000;
1651 *iregion = region;
1652 }
1653
1654 static const VMStateDescription armsse_vmstate = {
1655 .name = "iotkit",
1656 .version_id = 2,
1657 .minimum_version_id = 2,
1658 .fields = (VMStateField[]) {
1659 VMSTATE_CLOCK(mainclk, ARMSSE),
1660 VMSTATE_CLOCK(s32kclk, ARMSSE),
1661 VMSTATE_UINT32(nsccfg, ARMSSE),
1662 VMSTATE_END_OF_LIST()
1663 }
1664 };
1665
1666 static void armsse_reset(DeviceState *dev)
1667 {
1668 ARMSSE *s = ARM_SSE(dev);
1669
1670 s->nsccfg = 0;
1671 }
1672
1673 static void armsse_class_init(ObjectClass *klass, void *data)
1674 {
1675 DeviceClass *dc = DEVICE_CLASS(klass);
1676 IDAUInterfaceClass *iic = IDAU_INTERFACE_CLASS(klass);
1677 ARMSSEClass *asc = ARM_SSE_CLASS(klass);
1678 const ARMSSEInfo *info = data;
1679
1680 dc->realize = armsse_realize;
1681 dc->vmsd = &armsse_vmstate;
1682 device_class_set_props(dc, info->props);
1683 dc->reset = armsse_reset;
1684 iic->check = armsse_idau_check;
1685 asc->info = info;
1686 }
1687
1688 static const TypeInfo armsse_info = {
1689 .name = TYPE_ARM_SSE,
1690 .parent = TYPE_SYS_BUS_DEVICE,
1691 .instance_size = sizeof(ARMSSE),
1692 .class_size = sizeof(ARMSSEClass),
1693 .instance_init = armsse_init,
1694 .abstract = true,
1695 .interfaces = (InterfaceInfo[]) {
1696 { TYPE_IDAU_INTERFACE },
1697 { }
1698 }
1699 };
1700
1701 static void armsse_register_types(void)
1702 {
1703 int i;
1704
1705 type_register_static(&armsse_info);
1706
1707 for (i = 0; i < ARRAY_SIZE(armsse_variants); i++) {
1708 TypeInfo ti = {
1709 .name = armsse_variants[i].name,
1710 .parent = TYPE_ARM_SSE,
1711 .class_init = armsse_class_init,
1712 .class_data = (void *)&armsse_variants[i],
1713 };
1714 type_register(&ti);
1715 }
1716 }
1717
1718 type_init(armsse_register_types);
AR7 emulation for QEMU