search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'v9.1.0'
[qemu/ar7.git] / hw / dma / pl330.c
blob5f89295af3a702664c7b2c49e30ca62e1908c4e6
1 /*
2 * ARM PrimeCell PL330 DMA Controller
3 *
4 * Copyright (c) 2009 Samsung Electronics.
5 * Contributed by Kirill Batuzov <batuzovk@ispras.ru>
6 * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.crosthwaite@petalogix.com)
7 * Copyright (c) 2012 PetaLogix Pty Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; version 2 or later.
12 *
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, see <http://www.gnu.org/licenses/>.
15 */
16
17 #include "qemu/osdep.h"
18 #include "qemu/cutils.h"
19 #include "hw/irq.h"
20 #include "hw/qdev-properties.h"
21 #include "hw/sysbus.h"
22 #include "migration/vmstate.h"
23 #include "qapi/error.h"
24 #include "qemu/timer.h"
25 #include "sysemu/dma.h"
26 #include "qemu/log.h"
27 #include "qemu/module.h"
28 #include "trace.h"
29 #include "qom/object.h"
30
31 #ifndef PL330_ERR_DEBUG
32 #define PL330_ERR_DEBUG 0
33 #endif
34
35 #define PL330_PERIPH_NUM 32
36 #define PL330_MAX_BURST_LEN 128
37 #define PL330_INSN_MAXSIZE 6
38
39 #define PL330_FIFO_OK 0
40 #define PL330_FIFO_STALL 1
41 #define PL330_FIFO_ERR (-1)
42
43 #define PL330_FAULT_UNDEF_INSTR (1 << 0)
44 #define PL330_FAULT_OPERAND_INVALID (1 << 1)
45 #define PL330_FAULT_DMAGO_ERR (1 << 4)
46 #define PL330_FAULT_EVENT_ERR (1 << 5)
47 #define PL330_FAULT_CH_PERIPH_ERR (1 << 6)
48 #define PL330_FAULT_CH_RDWR_ERR (1 << 7)
49 #define PL330_FAULT_ST_DATA_UNAVAILABLE (1 << 12)
50 #define PL330_FAULT_FIFOEMPTY_ERR (1 << 13)
51 #define PL330_FAULT_INSTR_FETCH_ERR (1 << 16)
52 #define PL330_FAULT_DATA_WRITE_ERR (1 << 17)
53 #define PL330_FAULT_DATA_READ_ERR (1 << 18)
54 #define PL330_FAULT_DBG_INSTR (1 << 30)
55 #define PL330_FAULT_LOCKUP_ERR (1 << 31)
56
57 #define PL330_UNTAGGED 0xff
58
59 #define PL330_SINGLE 0x0
60 #define PL330_BURST 0x1
61
62 #define PL330_WATCHDOG_LIMIT 1024
63
64 /* IOMEM mapped registers */
65 #define PL330_REG_DSR 0x000
66 #define PL330_REG_DPC 0x004
67 #define PL330_REG_INTEN 0x020
68 #define PL330_REG_INT_EVENT_RIS 0x024
69 #define PL330_REG_INTMIS 0x028
70 #define PL330_REG_INTCLR 0x02C
71 #define PL330_REG_FSRD 0x030
72 #define PL330_REG_FSRC 0x034
73 #define PL330_REG_FTRD 0x038
74 #define PL330_REG_FTR_BASE 0x040
75 #define PL330_REG_CSR_BASE 0x100
76 #define PL330_REG_CPC_BASE 0x104
77 #define PL330_REG_CHANCTRL 0x400
78 #define PL330_REG_DBGSTATUS 0xD00
79 #define PL330_REG_DBGCMD 0xD04
80 #define PL330_REG_DBGINST0 0xD08
81 #define PL330_REG_DBGINST1 0xD0C
82 #define PL330_REG_CR0_BASE 0xE00
83 #define PL330_REG_PERIPH_ID 0xFE0
84
85 #define PL330_IOMEM_SIZE 0x1000
86
87 #define CFG_BOOT_ADDR 2
88 #define CFG_INS 3
89 #define CFG_PNS 4
90 #define CFG_CRD 5
91
92 static const uint32_t pl330_id[] = {
93 0x30, 0x13, 0x24, 0x00, 0x0D, 0xF0, 0x05, 0xB1
94 };
95
96 /* DMA channel states as they are described in PL330 Technical Reference Manual
97 * Most of them will not be used in emulation.
98 */
99 typedef enum {
100 pl330_chan_stopped = 0,
101 pl330_chan_executing = 1,
102 pl330_chan_cache_miss = 2,
103 pl330_chan_updating_pc = 3,
104 pl330_chan_waiting_event = 4,
105 pl330_chan_at_barrier = 5,
106 pl330_chan_queue_busy = 6,
107 pl330_chan_waiting_periph = 7,
108 pl330_chan_killing = 8,
109 pl330_chan_completing = 9,
110 pl330_chan_fault_completing = 14,
111 pl330_chan_fault = 15,
112 } PL330ChanState;
113
114 typedef struct PL330State PL330State;
115
116 typedef struct PL330Chan {
117 uint32_t src;
118 uint32_t dst;
119 uint32_t pc;
120 uint32_t control;
121 uint32_t status;
122 uint32_t lc[2];
123 uint32_t fault_type;
124 uint32_t watchdog_timer;
125
126 bool ns;
127 uint8_t request_flag;
128 uint8_t wakeup;
129 uint8_t wfp_sbp;
130
131 uint8_t state;
132 uint8_t stall;
133
134 bool is_manager;
135 PL330State *parent;
136 uint8_t tag;
137 } PL330Chan;
138
139 static const VMStateDescription vmstate_pl330_chan = {
140 .name = "pl330_chan",
141 .version_id = 1,
142 .minimum_version_id = 1,
143 .fields = (const VMStateField[]) {
144 VMSTATE_UINT32(src, PL330Chan),
145 VMSTATE_UINT32(dst, PL330Chan),
146 VMSTATE_UINT32(pc, PL330Chan),
147 VMSTATE_UINT32(control, PL330Chan),
148 VMSTATE_UINT32(status, PL330Chan),
149 VMSTATE_UINT32_ARRAY(lc, PL330Chan, 2),
150 VMSTATE_UINT32(fault_type, PL330Chan),
151 VMSTATE_UINT32(watchdog_timer, PL330Chan),
152 VMSTATE_BOOL(ns, PL330Chan),
153 VMSTATE_UINT8(request_flag, PL330Chan),
154 VMSTATE_UINT8(wakeup, PL330Chan),
155 VMSTATE_UINT8(wfp_sbp, PL330Chan),
156 VMSTATE_UINT8(state, PL330Chan),
157 VMSTATE_UINT8(stall, PL330Chan),
158 VMSTATE_END_OF_LIST()
159 }
160 };
161
162 typedef struct PL330Fifo {
163 uint8_t *buf;
164 uint8_t *tag;
165 uint32_t head;
166 uint32_t num;
167 uint32_t buf_size;
168 } PL330Fifo;
169
170 static const VMStateDescription vmstate_pl330_fifo = {
171 .name = "pl330_chan",
172 .version_id = 1,
173 .minimum_version_id = 1,
174 .fields = (const VMStateField[]) {
175 VMSTATE_VBUFFER_UINT32(buf, PL330Fifo, 1, NULL, buf_size),
176 VMSTATE_VBUFFER_UINT32(tag, PL330Fifo, 1, NULL, buf_size),
177 VMSTATE_UINT32(head, PL330Fifo),
178 VMSTATE_UINT32(num, PL330Fifo),
179 VMSTATE_UINT32(buf_size, PL330Fifo),
180 VMSTATE_END_OF_LIST()
181 }
182 };
183
184 typedef struct PL330QueueEntry {
185 uint32_t addr;
186 uint32_t len;
187 uint8_t n;
188 bool inc;
189 bool z;
190 uint8_t tag;
191 uint8_t seqn;
192 } PL330QueueEntry;
193
194 static const VMStateDescription vmstate_pl330_queue_entry = {
195 .name = "pl330_queue_entry",
196 .version_id = 1,
197 .minimum_version_id = 1,
198 .fields = (const VMStateField[]) {
199 VMSTATE_UINT32(addr, PL330QueueEntry),
200 VMSTATE_UINT32(len, PL330QueueEntry),
201 VMSTATE_UINT8(n, PL330QueueEntry),
202 VMSTATE_BOOL(inc, PL330QueueEntry),
203 VMSTATE_BOOL(z, PL330QueueEntry),
204 VMSTATE_UINT8(tag, PL330QueueEntry),
205 VMSTATE_UINT8(seqn, PL330QueueEntry),
206 VMSTATE_END_OF_LIST()
207 }
208 };
209
210 typedef struct PL330Queue {
211 PL330State *parent;
212 PL330QueueEntry *queue;
213 uint32_t queue_size;
214 } PL330Queue;
215
216 static const VMStateDescription vmstate_pl330_queue = {
217 .name = "pl330_queue",
218 .version_id = 2,
219 .minimum_version_id = 2,
220 .fields = (const VMStateField[]) {
221 VMSTATE_STRUCT_VARRAY_POINTER_UINT32(queue, PL330Queue, queue_size,
222 vmstate_pl330_queue_entry,
223 PL330QueueEntry),
224 VMSTATE_END_OF_LIST()
225 }
226 };
227
228 struct PL330State {
229 SysBusDevice parent_obj;
230
231 MemoryRegion iomem;
232 qemu_irq irq_abort;
233 qemu_irq *irq;
234
235 /* Config registers. cfg[5] = CfgDn. */
236 uint32_t cfg[6];
237 #define EVENT_SEC_STATE 3
238 #define PERIPH_SEC_STATE 4
239 /* cfg 0 bits and pieces */
240 uint32_t num_chnls;
241 uint8_t num_periph_req;
242 uint8_t num_events;
243 uint8_t mgr_ns_at_rst;
244 /* cfg 1 bits and pieces */
245 uint8_t i_cache_len;
246 uint8_t num_i_cache_lines;
247 /* CRD bits and pieces */
248 uint8_t data_width;
249 uint8_t wr_cap;
250 uint8_t wr_q_dep;
251 uint8_t rd_cap;
252 uint8_t rd_q_dep;
253 uint16_t data_buffer_dep;
254
255 PL330Chan manager;
256 PL330Chan *chan;
257 PL330Fifo fifo;
258 PL330Queue read_queue;
259 PL330Queue write_queue;
260 uint8_t *lo_seqn;
261 uint8_t *hi_seqn;
262 QEMUTimer *timer; /* is used for restore dma. */
263
264 uint32_t inten;
265 uint32_t int_status;
266 uint32_t ev_status;
267 uint32_t dbg[2];
268 uint8_t debug_status;
269 uint8_t num_faulting;
270 uint8_t periph_busy[PL330_PERIPH_NUM];
271
272 /* Memory region that DMA operation access */
273 MemoryRegion *mem_mr;
274 AddressSpace *mem_as;
275 };
276
277 #define TYPE_PL330 "pl330"
278 OBJECT_DECLARE_SIMPLE_TYPE(PL330State, PL330)
279
280 static const VMStateDescription vmstate_pl330 = {
281 .name = "pl330",
282 .version_id = 2,
283 .minimum_version_id = 2,
284 .fields = (const VMStateField[]) {
285 VMSTATE_STRUCT(manager, PL330State, 0, vmstate_pl330_chan, PL330Chan),
286 VMSTATE_STRUCT_VARRAY_POINTER_UINT32(chan, PL330State, num_chnls,
287 vmstate_pl330_chan, PL330Chan),
288 VMSTATE_VBUFFER_UINT32(lo_seqn, PL330State, 1, NULL, num_chnls),
289 VMSTATE_VBUFFER_UINT32(hi_seqn, PL330State, 1, NULL, num_chnls),
290 VMSTATE_STRUCT(fifo, PL330State, 0, vmstate_pl330_fifo, PL330Fifo),
291 VMSTATE_STRUCT(read_queue, PL330State, 0, vmstate_pl330_queue,
292 PL330Queue),
293 VMSTATE_STRUCT(write_queue, PL330State, 0, vmstate_pl330_queue,
294 PL330Queue),
295 VMSTATE_TIMER_PTR(timer, PL330State),
296 VMSTATE_UINT32(inten, PL330State),
297 VMSTATE_UINT32(int_status, PL330State),
298 VMSTATE_UINT32(ev_status, PL330State),
299 VMSTATE_UINT32_ARRAY(dbg, PL330State, 2),
300 VMSTATE_UINT8(debug_status, PL330State),
301 VMSTATE_UINT8(num_faulting, PL330State),
302 VMSTATE_UINT8_ARRAY(periph_busy, PL330State, PL330_PERIPH_NUM),
303 VMSTATE_END_OF_LIST()
304 }
305 };
306
307 typedef struct PL330InsnDesc {
308 /* OPCODE of the instruction */
309 uint8_t opcode;
310 /* Mask so we can select several sibling instructions, such as
311 DMALD, DMALDS and DMALDB */
312 uint8_t opmask;
313 /* Size of instruction in bytes */
314 uint8_t size;
315 /* Interpreter */
316 void (*exec)(PL330Chan *, uint8_t opcode, uint8_t *args, int len);
317 } PL330InsnDesc;
318
319 static void pl330_hexdump(uint8_t *buf, size_t size)
320 {
321 g_autoptr(GString) str = g_string_sized_new(64);
322 size_t b, len;
323
324 for (b = 0; b < size; b += len) {
325 len = MIN(16, size - b);
326 g_string_truncate(str, 0);
327 qemu_hexdump_line(str, buf + b, len, 1, 4);
328 trace_pl330_hexdump(b, str->str);
329 }
330 }
331
332 /* MFIFO Implementation
333 *
334 * MFIFO is implemented as a cyclic buffer of BUF_SIZE size. Tagged bytes are
335 * stored in this buffer. Data is stored in BUF field, tags - in the
336 * corresponding array elements of TAG field.
337 */
338
339 /* Initialize queue. */
340
341 static void pl330_fifo_init(PL330Fifo *s, uint32_t size)
342 {
343 s->buf = g_malloc0(size);
344 s->tag = g_malloc0(size);
345 s->buf_size = size;
346 }
347
348 /* Cyclic increment */
349
350 static inline int pl330_fifo_inc(PL330Fifo *s, int x)
351 {
352 return (x + 1) % s->buf_size;
353 }
354
355 /* Number of empty bytes in MFIFO */
356
357 static inline int pl330_fifo_num_free(PL330Fifo *s)
358 {
359 return s->buf_size - s->num;
360 }
361
362 /* Push LEN bytes of data stored in BUF to MFIFO and tag it with TAG.
363 * Zero returned on success, PL330_FIFO_STALL if there is no enough free
364 * space in MFIFO to store requested amount of data. If push was unsuccessful
365 * no data is stored to MFIFO.
366 */
367
368 static int pl330_fifo_push(PL330Fifo *s, uint8_t *buf, int len, uint8_t tag)
369 {
370 int i;
371
372 if (s->buf_size - s->num < len) {
373 return PL330_FIFO_STALL;
374 }
375 for (i = 0; i < len; i++) {
376 int push_idx = (s->head + s->num + i) % s->buf_size;
377 s->buf[push_idx] = buf[i];
378 s->tag[push_idx] = tag;
379 }
380 s->num += len;
381 return PL330_FIFO_OK;
382 }
383
384 /* Get LEN bytes of data from MFIFO and store it to BUF. Tag value of each
385 * byte is verified. Zero returned on success, PL330_FIFO_ERR on tag mismatch
386 * and PL330_FIFO_STALL if there is no enough data in MFIFO. If get was
387 * unsuccessful no data is removed from MFIFO.
388 */
389
390 static int pl330_fifo_get(PL330Fifo *s, uint8_t *buf, int len, uint8_t tag)
391 {
392 int i;
393
394 if (s->num < len) {
395 return PL330_FIFO_STALL;
396 }
397 for (i = 0; i < len; i++) {
398 if (s->tag[s->head] == tag) {
399 int get_idx = (s->head + i) % s->buf_size;
400 buf[i] = s->buf[get_idx];
401 } else { /* Tag mismatch - Rollback transaction */
402 return PL330_FIFO_ERR;
403 }
404 }
405 s->head = (s->head + len) % s->buf_size;
406 s->num -= len;
407 return PL330_FIFO_OK;
408 }
409
410 /* Reset MFIFO. This completely erases all data in it. */
411
412 static inline void pl330_fifo_reset(PL330Fifo *s)
413 {
414 s->head = 0;
415 s->num = 0;
416 }
417
418 /* Return tag of the first byte stored in MFIFO. If MFIFO is empty
419 * PL330_UNTAGGED is returned.
420 */
421
422 static inline uint8_t pl330_fifo_tag(PL330Fifo *s)
423 {
424 return (!s->num) ? PL330_UNTAGGED : s->tag[s->head];
425 }
426
427 /* Returns non-zero if tag TAG is present in fifo or zero otherwise */
428
429 static int pl330_fifo_has_tag(PL330Fifo *s, uint8_t tag)
430 {
431 int i, n;
432
433 i = s->head;
434 for (n = 0; n < s->num; n++) {
435 if (s->tag[i] == tag) {
436 return 1;
437 }
438 i = pl330_fifo_inc(s, i);
439 }
440 return 0;
441 }
442
443 /* Remove all entry tagged with TAG from MFIFO */
444
445 static void pl330_fifo_tagged_remove(PL330Fifo *s, uint8_t tag)
446 {
447 int i, t, n;
448
449 t = i = s->head;
450 for (n = 0; n < s->num; n++) {
451 if (s->tag[i] != tag) {
452 s->buf[t] = s->buf[i];
453 s->tag[t] = s->tag[i];
454 t = pl330_fifo_inc(s, t);
455 } else {
456 s->num = s->num - 1;
457 }
458 i = pl330_fifo_inc(s, i);
459 }
460 }
461
462 /* Read-Write Queue implementation
463 *
464 * A Read-Write Queue stores up to QUEUE_SIZE instructions (loads or stores).
465 * Each instruction is described by source (for loads) or destination (for
466 * stores) address ADDR, width of data to be loaded/stored LEN, number of
467 * stores/loads to be performed N, INC bit, Z bit and TAG to identify channel
468 * this instruction belongs to. Queue does not store any information about
469 * nature of the instruction: is it load or store. PL330 has different queues
470 * for loads and stores so this is already known at the top level where it
471 * matters.
472 *
473 * Queue works as FIFO for instructions with equivalent tags, but can issue
474 * instructions with different tags in arbitrary order. SEQN field attached to
475 * each instruction helps to achieve this. For each TAG queue contains
476 * instructions with consecutive SEQN values ranging from LO_SEQN[TAG] to
477 * HI_SEQN[TAG]-1 inclusive. SEQN is 8-bit unsigned integer, so SEQN=255 is
478 * followed by SEQN=0.
479 *
480 * Z bit indicates that zeroes should be stored. No MFIFO fetches are performed
481 * in this case.
482 */
483
484 static void pl330_queue_reset(PL330Queue *s)
485 {
486 int i;
487
488 for (i = 0; i < s->queue_size; i++) {
489 s->queue[i].tag = PL330_UNTAGGED;
490 }
491 }
492
493 /* Initialize queue */
494 static void pl330_queue_init(PL330Queue *s, int size, PL330State *parent)
495 {
496 s->parent = parent;
497 s->queue = g_new0(PL330QueueEntry, size);
498 s->queue_size = size;
499 }
500
501 /* Returns pointer to an empty slot or NULL if queue is full */
502 static PL330QueueEntry *pl330_queue_find_empty(PL330Queue *s)
503 {
504 int i;
505
506 for (i = 0; i < s->queue_size; i++) {
507 if (s->queue[i].tag == PL330_UNTAGGED) {
508 return &s->queue[i];
509 }
510 }
511 return NULL;
512 }
513
514 /* Put instruction in queue.
515 * Return value:
516 * - zero - OK
517 * - non-zero - queue is full
518 */
519
520 static int pl330_queue_put_insn(PL330Queue *s, uint32_t addr,
521 int len, int n, bool inc, bool z, uint8_t tag)
522 {
523 PL330QueueEntry *entry = pl330_queue_find_empty(s);
524
525 if (!entry) {
526 return 1;
527 }
528 entry->tag = tag;
529 entry->addr = addr;
530 entry->len = len;
531 entry->n = n;
532 entry->z = z;
533 entry->inc = inc;
534 entry->seqn = s->parent->hi_seqn[tag];
535 s->parent->hi_seqn[tag]++;
536 return 0;
537 }
538
539 /* Returns a pointer to queue slot containing instruction which satisfies
540 * following conditions:
541 * - it has valid tag value (not PL330_UNTAGGED)
542 * - if enforce_seq is set it has to be issuable without violating queue
543 * logic (see above)
544 * - if TAG argument is not PL330_UNTAGGED this instruction has tag value
545 * equivalent to the argument TAG value.
546 * If such instruction cannot be found NULL is returned.
547 */
548
549 static PL330QueueEntry *pl330_queue_find_insn(PL330Queue *s, uint8_t tag,
550 bool enforce_seq)
551 {
552 int i;
553
554 for (i = 0; i < s->queue_size; i++) {
555 if (s->queue[i].tag != PL330_UNTAGGED) {
556 if ((!enforce_seq ||
557 s->queue[i].seqn == s->parent->lo_seqn[s->queue[i].tag]) &&
558 (s->queue[i].tag == tag || tag == PL330_UNTAGGED ||
559 s->queue[i].z)) {
560 return &s->queue[i];
561 }
562 }
563 }
564 return NULL;
565 }
566
567 /* Removes instruction from queue. */
568
569 static inline void pl330_queue_remove_insn(PL330Queue *s, PL330QueueEntry *e)
570 {
571 s->parent->lo_seqn[e->tag]++;
572 e->tag = PL330_UNTAGGED;
573 }
574
575 /* Removes all instructions tagged with TAG from queue. */
576
577 static inline void pl330_queue_remove_tagged(PL330Queue *s, uint8_t tag)
578 {
579 int i;
580
581 for (i = 0; i < s->queue_size; i++) {
582 if (s->queue[i].tag == tag) {
583 s->queue[i].tag = PL330_UNTAGGED;
584 }
585 }
586 }
587
588 /* DMA instruction execution engine */
589
590 /* Moves DMA channel to the FAULT state and updates it's status. */
591
592 static inline void pl330_fault(PL330Chan *ch, uint32_t flags)
593 {
594 trace_pl330_fault(ch, flags);
595 ch->fault_type |= flags;
596 if (ch->state == pl330_chan_fault) {
597 return;
598 }
599 ch->state = pl330_chan_fault;
600 ch->parent->num_faulting++;
601 if (ch->parent->num_faulting == 1) {
602 trace_pl330_fault_abort();
603 qemu_irq_raise(ch->parent->irq_abort);
604 }
605 }
606
607 /*
608 * For information about instructions see PL330 Technical Reference Manual.
609 *
610 * Arguments:
611 * CH - channel executing the instruction
612 * OPCODE - opcode
613 * ARGS - array of 8-bit arguments
614 * LEN - number of elements in ARGS array
615 */
616
617 static void pl330_dmaadxh(PL330Chan *ch, uint8_t *args, bool ra, bool neg)
618 {
619 uint32_t im = (args[1] << 8) | args[0];
620 if (neg) {
621 im |= 0xffffu << 16;
622 }
623
624 if (ch->is_manager) {
625 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR);
626 return;
627 }
628 if (ra) {
629 ch->dst += im;
630 } else {
631 ch->src += im;
632 }
633 }
634
635 static void pl330_dmaaddh(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
636 {
637 pl330_dmaadxh(ch, args, extract32(opcode, 1, 1), false);
638 }
639
640 static void pl330_dmaadnh(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
641 {
642 pl330_dmaadxh(ch, args, extract32(opcode, 1, 1), true);
643 }
644
645 static void pl330_dmaend(PL330Chan *ch, uint8_t opcode,
646 uint8_t *args, int len)
647 {
648 PL330State *s = ch->parent;
649
650 if (ch->state == pl330_chan_executing && !ch->is_manager) {
651 /* Wait for all transfers to complete */
652 if (pl330_fifo_has_tag(&s->fifo, ch->tag) ||
653 pl330_queue_find_insn(&s->read_queue, ch->tag, false) != NULL ||
654 pl330_queue_find_insn(&s->write_queue, ch->tag, false) != NULL) {
655
656 ch->stall = 1;
657 return;
658 }
659 }
660 trace_pl330_dmaend();
661 pl330_fifo_tagged_remove(&s->fifo, ch->tag);
662 pl330_queue_remove_tagged(&s->read_queue, ch->tag);
663 pl330_queue_remove_tagged(&s->write_queue, ch->tag);
664 ch->state = pl330_chan_stopped;
665 }
666
667 static void pl330_dmaflushp(PL330Chan *ch, uint8_t opcode,
668 uint8_t *args, int len)
669 {
670 uint8_t periph_id;
671
672 if (args[0] & 7) {
673 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
674 return;
675 }
676 periph_id = (args[0] >> 3) & 0x1f;
677 if (periph_id >= ch->parent->num_periph_req) {
678 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
679 return;
680 }
681 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
682 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
683 return;
684 }
685 /* Do nothing */
686 }
687
688 static void pl330_dmago(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
689 {
690 uint8_t chan_id;
691 uint8_t ns;
692 uint32_t pc;
693 PL330Chan *s;
694
695 trace_pl330_dmago();
696
697 if (!ch->is_manager) {
698 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR);
699 return;
700 }
701 ns = !!(opcode & 2);
702 chan_id = args[0] & 7;
703 if ((args[0] >> 3)) {
704 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
705 return;
706 }
707 if (chan_id >= ch->parent->num_chnls) {
708 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
709 return;
710 }
711 pc = (((uint32_t)args[4]) << 24) | (((uint32_t)args[3]) << 16) |
712 (((uint32_t)args[2]) << 8) | (((uint32_t)args[1]));
713 if (ch->parent->chan[chan_id].state != pl330_chan_stopped) {
714 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
715 return;
716 }
717 if (ch->ns && !ns) {
718 pl330_fault(ch, PL330_FAULT_DMAGO_ERR);
719 return;
720 }
721 s = &ch->parent->chan[chan_id];
722 s->ns = ns;
723 s->pc = pc;
724 s->state = pl330_chan_executing;
725 }
726
727 static void pl330_dmald(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
728 {
729 uint8_t bs = opcode & 3;
730 uint32_t size, num;
731 bool inc;
732
733 if (bs == 2) {
734 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
735 return;
736 }
737 if ((bs == 1 && ch->request_flag == PL330_BURST) ||
738 (bs == 3 && ch->request_flag == PL330_SINGLE)) {
739 /* Perform NOP */
740 return;
741 }
742 if (bs == 1 && ch->request_flag == PL330_SINGLE) {
743 num = 1;
744 } else {
745 num = ((ch->control >> 4) & 0xf) + 1;
746 }
747 size = (uint32_t)1 << ((ch->control >> 1) & 0x7);
748 inc = !!(ch->control & 1);
749 ch->stall = pl330_queue_put_insn(&ch->parent->read_queue, ch->src,
750 size, num, inc, 0, ch->tag);
751 if (!ch->stall) {
752 trace_pl330_dmald(ch->tag, ch->src, size, num, inc ? 'Y' : 'N');
753 ch->src += inc ? size * num - (ch->src & (size - 1)) : 0;
754 }
755 }
756
757 static void pl330_dmaldp(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
758 {
759 uint8_t periph_id;
760
761 if (args[0] & 7) {
762 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
763 return;
764 }
765 periph_id = (args[0] >> 3) & 0x1f;
766 if (periph_id >= ch->parent->num_periph_req) {
767 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
768 return;
769 }
770 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
771 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
772 return;
773 }
774 pl330_dmald(ch, opcode, args, len);
775 }
776
777 static void pl330_dmalp(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
778 {
779 uint8_t lc = (opcode & 2) >> 1;
780
781 ch->lc[lc] = args[0];
782 }
783
784 static void pl330_dmakill(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
785 {
786 if (ch->state == pl330_chan_fault ||
787 ch->state == pl330_chan_fault_completing) {
788 /* This is the only way for a channel to leave the faulting state */
789 ch->fault_type = 0;
790 ch->parent->num_faulting--;
791 if (ch->parent->num_faulting == 0) {
792 trace_pl330_dmakill();
793 qemu_irq_lower(ch->parent->irq_abort);
794 }
795 }
796 ch->state = pl330_chan_killing;
797 pl330_fifo_tagged_remove(&ch->parent->fifo, ch->tag);
798 pl330_queue_remove_tagged(&ch->parent->read_queue, ch->tag);
799 pl330_queue_remove_tagged(&ch->parent->write_queue, ch->tag);
800 ch->state = pl330_chan_stopped;
801 }
802
803 static void pl330_dmalpend(PL330Chan *ch, uint8_t opcode,
804 uint8_t *args, int len)
805 {
806 uint8_t nf = (opcode & 0x10) >> 4;
807 uint8_t bs = opcode & 3;
808 uint8_t lc = (opcode & 4) >> 2;
809
810 trace_pl330_dmalpend(nf, bs, lc, ch->lc[lc], ch->request_flag);
811
812 if (bs == 2) {
813 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
814 return;
815 }
816 if ((bs == 1 && ch->request_flag == PL330_BURST) ||
817 (bs == 3 && ch->request_flag == PL330_SINGLE)) {
818 /* Perform NOP */
819 return;
820 }
821 if (!nf || ch->lc[lc]) {
822 if (nf) {
823 ch->lc[lc]--;
824 }
825 trace_pl330_dmalpiter();
826 ch->pc -= args[0];
827 ch->pc -= len + 1;
828 /* "ch->pc -= args[0] + len + 1" is incorrect when args[0] == 256 */
829 } else {
830 trace_pl330_dmalpfallthrough();
831 }
832 }
833
834
835 static void pl330_dmamov(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
836 {
837 uint8_t rd = args[0] & 7;
838 uint32_t im;
839
840 if ((args[0] >> 3)) {
841 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
842 return;
843 }
844 im = (((uint32_t)args[4]) << 24) | (((uint32_t)args[3]) << 16) |
845 (((uint32_t)args[2]) << 8) | (((uint32_t)args[1]));
846 switch (rd) {
847 case 0:
848 ch->src = im;
849 break;
850 case 1:
851 ch->control = im;
852 break;
853 case 2:
854 ch->dst = im;
855 break;
856 default:
857 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
858 return;
859 }
860 }
861
862 static void pl330_dmanop(PL330Chan *ch, uint8_t opcode,
863 uint8_t *args, int len)
864 {
865 /* NOP is NOP. */
866 }
867
868 static void pl330_dmarmb(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
869 {
870 if (pl330_queue_find_insn(&ch->parent->read_queue, ch->tag, false)) {
871 ch->state = pl330_chan_at_barrier;
872 ch->stall = 1;
873 return;
874 } else {
875 ch->state = pl330_chan_executing;
876 }
877 }
878
879 static void pl330_dmasev(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
880 {
881 uint8_t ev_id;
882
883 if (args[0] & 7) {
884 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
885 return;
886 }
887 ev_id = (args[0] >> 3) & 0x1f;
888 if (ev_id >= ch->parent->num_events) {
889 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
890 return;
891 }
892 if (ch->ns && !(ch->parent->cfg[CFG_INS] & (1 << ev_id))) {
893 pl330_fault(ch, PL330_FAULT_EVENT_ERR);
894 return;
895 }
896 if (ch->parent->inten & (1 << ev_id)) {
897 ch->parent->int_status |= (1 << ev_id);
898 trace_pl330_dmasev_evirq(ev_id);
899 qemu_irq_raise(ch->parent->irq[ev_id]);
900 }
901 trace_pl330_dmasev_event(ev_id);
902 ch->parent->ev_status |= (1 << ev_id);
903 }
904
905 static void pl330_dmast(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
906 {
907 uint8_t bs = opcode & 3;
908 uint32_t size, num;
909 bool inc;
910
911 if (bs == 2) {
912 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
913 return;
914 }
915 if ((bs == 1 && ch->request_flag == PL330_BURST) ||
916 (bs == 3 && ch->request_flag == PL330_SINGLE)) {
917 /* Perform NOP */
918 return;
919 }
920 num = ((ch->control >> 18) & 0xf) + 1;
921 size = (uint32_t)1 << ((ch->control >> 15) & 0x7);
922 inc = !!((ch->control >> 14) & 1);
923 ch->stall = pl330_queue_put_insn(&ch->parent->write_queue, ch->dst,
924 size, num, inc, 0, ch->tag);
925 if (!ch->stall) {
926 trace_pl330_dmast(ch->tag, ch->dst, size, num, inc ? 'Y' : 'N');
927 ch->dst += inc ? size * num - (ch->dst & (size - 1)) : 0;
928 }
929 }
930
931 static void pl330_dmastp(PL330Chan *ch, uint8_t opcode,
932 uint8_t *args, int len)
933 {
934 uint8_t periph_id;
935
936 if (args[0] & 7) {
937 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
938 return;
939 }
940 periph_id = (args[0] >> 3) & 0x1f;
941 if (periph_id >= ch->parent->num_periph_req) {
942 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
943 return;
944 }
945 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
946 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
947 return;
948 }
949 pl330_dmast(ch, opcode, args, len);
950 }
951
952 static void pl330_dmastz(PL330Chan *ch, uint8_t opcode,
953 uint8_t *args, int len)
954 {
955 uint32_t size, num;
956 bool inc;
957
958 num = ((ch->control >> 18) & 0xf) + 1;
959 size = (uint32_t)1 << ((ch->control >> 15) & 0x7);
960 inc = !!((ch->control >> 14) & 1);
961 ch->stall = pl330_queue_put_insn(&ch->parent->write_queue, ch->dst,
962 size, num, inc, 1, ch->tag);
963 if (inc) {
964 ch->dst += size * num;
965 }
966 }
967
968 static void pl330_dmawfe(PL330Chan *ch, uint8_t opcode,
969 uint8_t *args, int len)
970 {
971 uint8_t ev_id;
972 int i;
973
974 if (args[0] & 5) {
975 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
976 return;
977 }
978 ev_id = (args[0] >> 3) & 0x1f;
979 if (ev_id >= ch->parent->num_events) {
980 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
981 return;
982 }
983 if (ch->ns && !(ch->parent->cfg[CFG_INS] & (1 << ev_id))) {
984 pl330_fault(ch, PL330_FAULT_EVENT_ERR);
985 return;
986 }
987 ch->wakeup = ev_id;
988 ch->state = pl330_chan_waiting_event;
989 if (~ch->parent->inten & ch->parent->ev_status & 1 << ev_id) {
990 ch->state = pl330_chan_executing;
991 /* If anyone else is currently waiting on the same event, let them
992 * clear the ev_status so they pick up event as well
993 */
994 for (i = 0; i < ch->parent->num_chnls; ++i) {
995 PL330Chan *peer = &ch->parent->chan[i];
996 if (peer->state == pl330_chan_waiting_event &&
997 peer->wakeup == ev_id) {
998 return;
999 }
1000 }
1001 ch->parent->ev_status &= ~(1 << ev_id);
1002 trace_pl330_dmawfe(ev_id);
1003 } else {
1004 ch->stall = 1;
1005 }
1006 }
1007
1008 static void pl330_dmawfp(PL330Chan *ch, uint8_t opcode,
1009 uint8_t *args, int len)
1010 {
1011 uint8_t bs = opcode & 3;
1012 uint8_t periph_id;
1013
1014 if (args[0] & 7) {
1015 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
1016 return;
1017 }
1018 periph_id = (args[0] >> 3) & 0x1f;
1019 if (periph_id >= ch->parent->num_periph_req) {
1020 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
1021 return;
1022 }
1023 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
1024 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
1025 return;
1026 }
1027 switch (bs) {
1028 case 0: /* S */
1029 ch->request_flag = PL330_SINGLE;
1030 ch->wfp_sbp = 0;
1031 break;
1032 case 1: /* P */
1033 ch->request_flag = PL330_BURST;
1034 ch->wfp_sbp = 2;
1035 break;
1036 case 2: /* B */
1037 ch->request_flag = PL330_BURST;
1038 ch->wfp_sbp = 1;
1039 break;
1040 default:
1041 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
1042 return;
1043 }
1044
1045 if (ch->parent->periph_busy[periph_id]) {
1046 ch->state = pl330_chan_waiting_periph;
1047 ch->stall = 1;
1048 } else if (ch->state == pl330_chan_waiting_periph) {
1049 ch->state = pl330_chan_executing;
1050 }
1051 }
1052
1053 static void pl330_dmawmb(PL330Chan *ch, uint8_t opcode,
1054 uint8_t *args, int len)
1055 {
1056 if (pl330_queue_find_insn(&ch->parent->write_queue, ch->tag, false)) {
1057 ch->state = pl330_chan_at_barrier;
1058 ch->stall = 1;
1059 return;
1060 } else {
1061 ch->state = pl330_chan_executing;
1062 }
1063 }
1064
1065 /* NULL terminated array of the instruction descriptions. */
1066 static const PL330InsnDesc insn_desc[] = {
1067 { .opcode = 0x54, .opmask = 0xFD, .size = 3, .exec = pl330_dmaaddh, },
1068 { .opcode = 0x5c, .opmask = 0xFD, .size = 3, .exec = pl330_dmaadnh, },
1069 { .opcode = 0x00, .opmask = 0xFF, .size = 1, .exec = pl330_dmaend, },
1070 { .opcode = 0x35, .opmask = 0xFF, .size = 2, .exec = pl330_dmaflushp, },
1071 { .opcode = 0xA0, .opmask = 0xFD, .size = 6, .exec = pl330_dmago, },
1072 { .opcode = 0x04, .opmask = 0xFC, .size = 1, .exec = pl330_dmald, },
1073 { .opcode = 0x25, .opmask = 0xFD, .size = 2, .exec = pl330_dmaldp, },
1074 { .opcode = 0x20, .opmask = 0xFD, .size = 2, .exec = pl330_dmalp, },
1075 /* dmastp must be before dmalpend in this list, because their maps
1076 * are overlapping
1077 */
1078 { .opcode = 0x29, .opmask = 0xFD, .size = 2, .exec = pl330_dmastp, },
1079 { .opcode = 0x28, .opmask = 0xE8, .size = 2, .exec = pl330_dmalpend, },
1080 { .opcode = 0x01, .opmask = 0xFF, .size = 1, .exec = pl330_dmakill, },
1081 { .opcode = 0xBC, .opmask = 0xFF, .size = 6, .exec = pl330_dmamov, },
1082 { .opcode = 0x18, .opmask = 0xFF, .size = 1, .exec = pl330_dmanop, },
1083 { .opcode = 0x12, .opmask = 0xFF, .size = 1, .exec = pl330_dmarmb, },
1084 { .opcode = 0x34, .opmask = 0xFF, .size = 2, .exec = pl330_dmasev, },
1085 { .opcode = 0x08, .opmask = 0xFC, .size = 1, .exec = pl330_dmast, },
1086 { .opcode = 0x0C, .opmask = 0xFF, .size = 1, .exec = pl330_dmastz, },
1087 { .opcode = 0x36, .opmask = 0xFF, .size = 2, .exec = pl330_dmawfe, },
1088 { .opcode = 0x30, .opmask = 0xFC, .size = 2, .exec = pl330_dmawfp, },
1089 { .opcode = 0x13, .opmask = 0xFF, .size = 1, .exec = pl330_dmawmb, },
1090 { .opcode = 0x00, .opmask = 0x00, .size = 0, .exec = NULL, }
1091 };
1092
1093 /* Instructions which can be issued via debug registers. */
1094 static const PL330InsnDesc debug_insn_desc[] = {
1095 { .opcode = 0xA0, .opmask = 0xFD, .size = 6, .exec = pl330_dmago, },
1096 { .opcode = 0x01, .opmask = 0xFF, .size = 1, .exec = pl330_dmakill, },
1097 { .opcode = 0x34, .opmask = 0xFF, .size = 2, .exec = pl330_dmasev, },
1098 { .opcode = 0x00, .opmask = 0x00, .size = 0, .exec = NULL, }
1099 };
1100
1101 static inline const PL330InsnDesc *pl330_fetch_insn(PL330Chan *ch)
1102 {
1103 uint8_t opcode;
1104 int i;
1105
1106 dma_memory_read(ch->parent->mem_as, ch->pc, &opcode, 1,
1107 MEMTXATTRS_UNSPECIFIED);
1108 for (i = 0; insn_desc[i].size; i++) {
1109 if ((opcode & insn_desc[i].opmask) == insn_desc[i].opcode) {
1110 return &insn_desc[i];
1111 }
1112 }
1113 return NULL;
1114 }
1115
1116 static inline void pl330_exec_insn(PL330Chan *ch, const PL330InsnDesc *insn)
1117 {
1118 uint8_t buf[PL330_INSN_MAXSIZE];
1119
1120 assert(insn->size <= PL330_INSN_MAXSIZE);
1121 dma_memory_read(ch->parent->mem_as, ch->pc, buf, insn->size,
1122 MEMTXATTRS_UNSPECIFIED);
1123 insn->exec(ch, buf[0], &buf[1], insn->size - 1);
1124 }
1125
1126 static inline void pl330_update_pc(PL330Chan *ch,
1127 const PL330InsnDesc *insn)
1128 {
1129 ch->pc += insn->size;
1130 }
1131
1132 /* Try to execute current instruction in channel CH. Number of executed
1133 instructions is returned (0 or 1). */
1134 static int pl330_chan_exec(PL330Chan *ch)
1135 {
1136 const PL330InsnDesc *insn;
1137
1138 if (ch->state != pl330_chan_executing &&
1139 ch->state != pl330_chan_waiting_periph &&
1140 ch->state != pl330_chan_at_barrier &&
1141 ch->state != pl330_chan_waiting_event) {
1142 return 0;
1143 }
1144 ch->stall = 0;
1145 insn = pl330_fetch_insn(ch);
1146 if (!insn) {
1147 trace_pl330_chan_exec_undef();
1148 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR);
1149 return 0;
1150 }
1151 pl330_exec_insn(ch, insn);
1152 if (!ch->stall) {
1153 pl330_update_pc(ch, insn);
1154 ch->watchdog_timer = 0;
1155 return 1;
1156 /* WDT only active in exec state */
1157 } else if (ch->state == pl330_chan_executing) {
1158 ch->watchdog_timer++;
1159 if (ch->watchdog_timer >= PL330_WATCHDOG_LIMIT) {
1160 pl330_fault(ch, PL330_FAULT_LOCKUP_ERR);
1161 }
1162 }
1163 return 0;
1164 }
1165
1166 /* Try to execute 1 instruction in each channel, one instruction from read
1167 queue and one instruction from write queue. Number of successfully executed
1168 instructions is returned. */
1169 static int pl330_exec_cycle(PL330Chan *channel)
1170 {
1171 PL330State *s = channel->parent;
1172 PL330QueueEntry *q;
1173 int i;
1174 int num_exec = 0;
1175 int fifo_res = 0;
1176 uint8_t buf[PL330_MAX_BURST_LEN];
1177
1178 /* Execute one instruction in each channel */
1179 num_exec += pl330_chan_exec(channel);
1180
1181 /* Execute one instruction from read queue */
1182 q = pl330_queue_find_insn(&s->read_queue, PL330_UNTAGGED, true);
1183 if (q != NULL && q->len <= pl330_fifo_num_free(&s->fifo)) {
1184 int len = q->len - (q->addr & (q->len - 1));
1185
1186 dma_memory_read(s->mem_as, q->addr, buf, len,
1187 MEMTXATTRS_UNSPECIFIED);
1188 trace_pl330_exec_cycle(q->addr, len);
1189 if (trace_event_get_state_backends(TRACE_PL330_HEXDUMP)) {
1190 pl330_hexdump(buf, len);
1191 }
1192 fifo_res = pl330_fifo_push(&s->fifo, buf, len, q->tag);
1193 if (fifo_res == PL330_FIFO_OK) {
1194 if (q->inc) {
1195 q->addr += len;
1196 }
1197 q->n--;
1198 if (!q->n) {
1199 pl330_queue_remove_insn(&s->read_queue, q);
1200 }
1201 num_exec++;
1202 }
1203 }
1204
1205 /* Execute one instruction from write queue. */
1206 q = pl330_queue_find_insn(&s->write_queue, pl330_fifo_tag(&s->fifo), true);
1207 if (q != NULL) {
1208 int len = q->len - (q->addr & (q->len - 1));
1209
1210 if (q->z) {
1211 for (i = 0; i < len; i++) {
1212 buf[i] = 0;
1213 }
1214 } else {
1215 fifo_res = pl330_fifo_get(&s->fifo, buf, len, q->tag);
1216 }
1217 if (fifo_res == PL330_FIFO_OK || q->z) {
1218 dma_memory_write(s->mem_as, q->addr, buf, len,
1219 MEMTXATTRS_UNSPECIFIED);
1220 trace_pl330_exec_cycle(q->addr, len);
1221 if (trace_event_get_state_backends(TRACE_PL330_HEXDUMP)) {
1222 pl330_hexdump(buf, len);
1223 }
1224 if (q->inc) {
1225 q->addr += len;
1226 }
1227 num_exec++;
1228 } else if (fifo_res == PL330_FIFO_STALL) {
1229 pl330_fault(&channel->parent->chan[q->tag],
1230 PL330_FAULT_FIFOEMPTY_ERR);
1231 }
1232 q->n--;
1233 if (!q->n) {
1234 pl330_queue_remove_insn(&s->write_queue, q);
1235 }
1236 }
1237
1238 return num_exec;
1239 }
1240
1241 static int pl330_exec_channel(PL330Chan *channel)
1242 {
1243 int insr_exec = 0;
1244
1245 /* TODO: Is it all right to execute everything or should we do per-cycle
1246 simulation? */
1247 while (pl330_exec_cycle(channel)) {
1248 insr_exec++;
1249 }
1250
1251 /* Detect deadlock */
1252 if (channel->state == pl330_chan_executing) {
1253 pl330_fault(channel, PL330_FAULT_LOCKUP_ERR);
1254 }
1255 /* Situation when one of the queues has deadlocked but all channels
1256 * have finished their programs should be impossible.
1257 */
1258
1259 return insr_exec;
1260 }
1261
1262 static inline void pl330_exec(PL330State *s)
1263 {
1264 int i, insr_exec;
1265 trace_pl330_exec();
1266 do {
1267 insr_exec = pl330_exec_channel(&s->manager);
1268
1269 for (i = 0; i < s->num_chnls; i++) {
1270 insr_exec += pl330_exec_channel(&s->chan[i]);
1271 }
1272 } while (insr_exec);
1273 }
1274
1275 static void pl330_exec_cycle_timer(void *opaque)
1276 {
1277 PL330State *s = (PL330State *)opaque;
1278 pl330_exec(s);
1279 }
1280
1281 /* Stop or restore dma operations */
1282
1283 static void pl330_dma_stop_irq(void *opaque, int irq, int level)
1284 {
1285 PL330State *s = (PL330State *)opaque;
1286
1287 if (s->periph_busy[irq] != level) {
1288 s->periph_busy[irq] = level;
1289 timer_mod(s->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL));
1290 }
1291 }
1292
1293 static void pl330_debug_exec(PL330State *s)
1294 {
1295 uint8_t args[5];
1296 uint8_t opcode;
1297 uint8_t chan_id;
1298 int i;
1299 PL330Chan *ch;
1300 const PL330InsnDesc *insn;
1301
1302 s->debug_status = 1;
1303 chan_id = (s->dbg[0] >> 8) & 0x07;
1304 opcode = (s->dbg[0] >> 16) & 0xff;
1305 args[0] = (s->dbg[0] >> 24) & 0xff;
1306 args[1] = (s->dbg[1] >> 0) & 0xff;
1307 args[2] = (s->dbg[1] >> 8) & 0xff;
1308 args[3] = (s->dbg[1] >> 16) & 0xff;
1309 args[4] = (s->dbg[1] >> 24) & 0xff;
1310 trace_pl330_debug_exec(chan_id);
1311 if (s->dbg[0] & 1) {
1312 ch = &s->chan[chan_id];
1313 } else {
1314 ch = &s->manager;
1315 }
1316 insn = NULL;
1317 for (i = 0; debug_insn_desc[i].size; i++) {
1318 if ((opcode & debug_insn_desc[i].opmask) == debug_insn_desc[i].opcode) {
1319 insn = &debug_insn_desc[i];
1320 }
1321 }
1322 if (!insn) {
1323 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR | PL330_FAULT_DBG_INSTR);
1324 return;
1325 }
1326 ch->stall = 0;
1327 insn->exec(ch, opcode, args, insn->size - 1);
1328 if (ch->fault_type) {
1329 ch->fault_type |= PL330_FAULT_DBG_INSTR;
1330 }
1331 if (ch->stall) {
1332 trace_pl330_debug_exec_stall();
1333 qemu_log_mask(LOG_UNIMP, "pl330: stall of debug instruction not "
1334 "implemented\n");
1335 }
1336 s->debug_status = 0;
1337 }
1338
1339 /* IOMEM mapped registers */
1340
1341 static void pl330_iomem_write(void *opaque, hwaddr offset,
1342 uint64_t value, unsigned size)
1343 {
1344 PL330State *s = (PL330State *) opaque;
1345 int i;
1346
1347 trace_pl330_iomem_write((unsigned)offset, (unsigned)value);
1348
1349 switch (offset) {
1350 case PL330_REG_INTEN:
1351 s->inten = value;
1352 break;
1353 case PL330_REG_INTCLR:
1354 for (i = 0; i < s->num_events; i++) {
1355 if (s->int_status & s->inten & value & (1 << i)) {
1356 trace_pl330_iomem_write_clr(i);
1357 qemu_irq_lower(s->irq[i]);
1358 }
1359 }
1360 s->ev_status &= ~(value & s->inten);
1361 s->int_status &= ~(value & s->inten);
1362 break;
1363 case PL330_REG_DBGCMD:
1364 if ((value & 3) == 0) {
1365 pl330_debug_exec(s);
1366 pl330_exec(s);
1367 } else {
1368 qemu_log_mask(LOG_GUEST_ERROR, "pl330: write of illegal value %u "
1369 "for offset " HWADDR_FMT_plx "\n", (unsigned)value,
1370 offset);
1371 }
1372 break;
1373 case PL330_REG_DBGINST0:
1374 s->dbg[0] = value;
1375 break;
1376 case PL330_REG_DBGINST1:
1377 s->dbg[1] = value;
1378 break;
1379 default:
1380 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad write offset " HWADDR_FMT_plx
1381 "\n", offset);
1382 break;
1383 }
1384 }
1385
1386 static inline uint32_t pl330_iomem_read_imp(void *opaque,
1387 hwaddr offset)
1388 {
1389 PL330State *s = (PL330State *)opaque;
1390 int chan_id;
1391 int i;
1392 uint32_t res;
1393
1394 if (offset >= PL330_REG_PERIPH_ID && offset < PL330_REG_PERIPH_ID + 32) {
1395 return pl330_id[(offset - PL330_REG_PERIPH_ID) >> 2];
1396 }
1397 if (offset >= PL330_REG_CR0_BASE && offset < PL330_REG_CR0_BASE + 24) {
1398 return s->cfg[(offset - PL330_REG_CR0_BASE) >> 2];
1399 }
1400 if (offset >= PL330_REG_CHANCTRL && offset < PL330_REG_DBGSTATUS) {
1401 offset -= PL330_REG_CHANCTRL;
1402 chan_id = offset >> 5;
1403 if (chan_id >= s->num_chnls) {
1404 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1405 HWADDR_FMT_plx "\n", offset);
1406 return 0;
1407 }
1408 switch (offset & 0x1f) {
1409 case 0x00:
1410 return s->chan[chan_id].src;
1411 case 0x04:
1412 return s->chan[chan_id].dst;
1413 case 0x08:
1414 return s->chan[chan_id].control;
1415 case 0x0C:
1416 return s->chan[chan_id].lc[0];
1417 case 0x10:
1418 return s->chan[chan_id].lc[1];
1419 default:
1420 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1421 HWADDR_FMT_plx "\n", offset);
1422 return 0;
1423 }
1424 }
1425 if (offset >= PL330_REG_CSR_BASE && offset < 0x400) {
1426 offset -= PL330_REG_CSR_BASE;
1427 chan_id = offset >> 3;
1428 if (chan_id >= s->num_chnls) {
1429 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1430 HWADDR_FMT_plx "\n", offset);
1431 return 0;
1432 }
1433 switch ((offset >> 2) & 1) {
1434 case 0x0:
1435 res = (s->chan[chan_id].ns << 21) |
1436 (s->chan[chan_id].wakeup << 4) |
1437 (s->chan[chan_id].state) |
1438 (s->chan[chan_id].wfp_sbp << 14);
1439 return res;
1440 case 0x1:
1441 return s->chan[chan_id].pc;
1442 default:
1443 qemu_log_mask(LOG_GUEST_ERROR, "pl330: read error\n");
1444 return 0;
1445 }
1446 }
1447 if (offset >= PL330_REG_FTR_BASE && offset < 0x100) {
1448 offset -= PL330_REG_FTR_BASE;
1449 chan_id = offset >> 2;
1450 if (chan_id >= s->num_chnls) {
1451 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1452 HWADDR_FMT_plx "\n", offset);
1453 return 0;
1454 }
1455 return s->chan[chan_id].fault_type;
1456 }
1457 switch (offset) {
1458 case PL330_REG_DSR:
1459 return (s->manager.ns << 9) | (s->manager.wakeup << 4) |
1460 (s->manager.state & 0xf);
1461 case PL330_REG_DPC:
1462 return s->manager.pc;
1463 case PL330_REG_INTEN:
1464 return s->inten;
1465 case PL330_REG_INT_EVENT_RIS:
1466 return s->ev_status;
1467 case PL330_REG_INTMIS:
1468 return s->int_status;
1469 case PL330_REG_INTCLR:
1470 /* Documentation says that we can't read this register
1471 * but linux kernel does it
1472 */
1473 return 0;
1474 case PL330_REG_FSRD:
1475 return s->manager.state ? 1 : 0;
1476 case PL330_REG_FSRC:
1477 res = 0;
1478 for (i = 0; i < s->num_chnls; i++) {
1479 if (s->chan[i].state == pl330_chan_fault ||
1480 s->chan[i].state == pl330_chan_fault_completing) {
1481 res |= 1 << i;
1482 }
1483 }
1484 return res;
1485 case PL330_REG_FTRD:
1486 return s->manager.fault_type;
1487 case PL330_REG_DBGSTATUS:
1488 return s->debug_status;
1489 default:
1490 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1491 HWADDR_FMT_plx "\n", offset);
1492 }
1493 return 0;
1494 }
1495
1496 static uint64_t pl330_iomem_read(void *opaque, hwaddr offset,
1497 unsigned size)
1498 {
1499 uint32_t ret = pl330_iomem_read_imp(opaque, offset);
1500 trace_pl330_iomem_read((uint32_t)offset, ret);
1501 return ret;
1502 }
1503
1504 static const MemoryRegionOps pl330_ops = {
1505 .read = pl330_iomem_read,
1506 .write = pl330_iomem_write,
1507 .endianness = DEVICE_NATIVE_ENDIAN,
1508 .impl = {
1509 .min_access_size = 4,
1510 .max_access_size = 4,
1511 }
1512 };
1513
1514 /* Controller logic and initialization */
1515
1516 static void pl330_chan_reset(PL330Chan *ch)
1517 {
1518 ch->src = 0;
1519 ch->dst = 0;
1520 ch->pc = 0;
1521 ch->state = pl330_chan_stopped;
1522 ch->watchdog_timer = 0;
1523 ch->stall = 0;
1524 ch->control = 0;
1525 ch->status = 0;
1526 ch->fault_type = 0;
1527 }
1528
1529 static void pl330_reset(DeviceState *d)
1530 {
1531 int i;
1532 PL330State *s = PL330(d);
1533
1534 s->inten = 0;
1535 s->int_status = 0;
1536 s->ev_status = 0;
1537 s->debug_status = 0;
1538 s->num_faulting = 0;
1539 s->manager.ns = s->mgr_ns_at_rst;
1540 pl330_fifo_reset(&s->fifo);
1541 pl330_queue_reset(&s->read_queue);
1542 pl330_queue_reset(&s->write_queue);
1543
1544 for (i = 0; i < s->num_chnls; i++) {
1545 pl330_chan_reset(&s->chan[i]);
1546 }
1547 for (i = 0; i < s->num_periph_req; i++) {
1548 s->periph_busy[i] = 0;
1549 }
1550
1551 timer_del(s->timer);
1552 }
1553
1554 static void pl330_realize(DeviceState *dev, Error **errp)
1555 {
1556 int i;
1557 PL330State *s = PL330(dev);
1558
1559 sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq_abort);
1560 memory_region_init_io(&s->iomem, OBJECT(s), &pl330_ops, s,
1561 "dma", PL330_IOMEM_SIZE);
1562 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem);
1563
1564 if (!s->mem_mr) {
1565 error_setg(errp, "'memory' link is not set");
1566 return;
1567 } else if (s->mem_mr == get_system_memory()) {
1568 /* Avoid creating new AS for system memory. */
1569 s->mem_as = &address_space_memory;
1570 } else {
1571 s->mem_as = g_new0(AddressSpace, 1);
1572 address_space_init(s->mem_as, s->mem_mr,
1573 memory_region_name(s->mem_mr));
1574 }
1575
1576 s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pl330_exec_cycle_timer, s);
1577
1578 s->cfg[0] = (s->mgr_ns_at_rst ? 0x4 : 0) |
1579 (s->num_periph_req > 0 ? 1 : 0) |
1580 ((s->num_chnls - 1) & 0x7) << 4 |
1581 ((s->num_periph_req - 1) & 0x1f) << 12 |
1582 ((s->num_events - 1) & 0x1f) << 17;
1583
1584 switch (s->i_cache_len) {
1585 case (4):
1586 s->cfg[1] |= 2;
1587 break;
1588 case (8):
1589 s->cfg[1] |= 3;
1590 break;
1591 case (16):
1592 s->cfg[1] |= 4;
1593 break;
1594 case (32):
1595 s->cfg[1] |= 5;
1596 break;
1597 default:
1598 error_setg(errp, "Bad value for i-cache_len property: %" PRIx8,
1599 s->i_cache_len);
1600 return;
1601 }
1602 s->cfg[1] |= ((s->num_i_cache_lines - 1) & 0xf) << 4;
1603
1604 s->chan = g_new0(PL330Chan, s->num_chnls);
1605 s->hi_seqn = g_new0(uint8_t, s->num_chnls);
1606 s->lo_seqn = g_new0(uint8_t, s->num_chnls);
1607 for (i = 0; i < s->num_chnls; i++) {
1608 s->chan[i].parent = s;
1609 s->chan[i].tag = (uint8_t)i;
1610 }
1611 s->manager.parent = s;
1612 s->manager.tag = s->num_chnls;
1613 s->manager.is_manager = true;
1614
1615 s->irq = g_new0(qemu_irq, s->num_events);
1616 for (i = 0; i < s->num_events; i++) {
1617 sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq[i]);
1618 }
1619
1620 qdev_init_gpio_in(dev, pl330_dma_stop_irq, PL330_PERIPH_NUM);
1621
1622 switch (s->data_width) {
1623 case (32):
1624 s->cfg[CFG_CRD] |= 0x2;
1625 break;
1626 case (64):
1627 s->cfg[CFG_CRD] |= 0x3;
1628 break;
1629 case (128):
1630 s->cfg[CFG_CRD] |= 0x4;
1631 break;
1632 default:
1633 error_setg(errp, "Bad value for data_width property: %" PRIx8,
1634 s->data_width);
1635 return;
1636 }
1637
1638 s->cfg[CFG_CRD] |= ((s->wr_cap - 1) & 0x7) << 4 |
1639 ((s->wr_q_dep - 1) & 0xf) << 8 |
1640 ((s->rd_cap - 1) & 0x7) << 12 |
1641 ((s->rd_q_dep - 1) & 0xf) << 16 |
1642 ((s->data_buffer_dep - 1) & 0x1ff) << 20;
1643
1644 pl330_queue_init(&s->read_queue, s->rd_q_dep, s);
1645 pl330_queue_init(&s->write_queue, s->wr_q_dep, s);
1646 pl330_fifo_init(&s->fifo, s->data_width / 4 * s->data_buffer_dep);
1647 }
1648
1649 static Property pl330_properties[] = {
1650 /* CR0 */
1651 DEFINE_PROP_UINT32("num_chnls", PL330State, num_chnls, 8),
1652 DEFINE_PROP_UINT8("num_periph_req", PL330State, num_periph_req, 4),
1653 DEFINE_PROP_UINT8("num_events", PL330State, num_events, 16),
1654 DEFINE_PROP_UINT8("mgr_ns_at_rst", PL330State, mgr_ns_at_rst, 0),
1655 /* CR1 */
1656 DEFINE_PROP_UINT8("i-cache_len", PL330State, i_cache_len, 4),
1657 DEFINE_PROP_UINT8("num_i-cache_lines", PL330State, num_i_cache_lines, 8),
1658 /* CR2-4 */
1659 DEFINE_PROP_UINT32("boot_addr", PL330State, cfg[CFG_BOOT_ADDR], 0),
1660 DEFINE_PROP_UINT32("INS", PL330State, cfg[CFG_INS], 0),
1661 DEFINE_PROP_UINT32("PNS", PL330State, cfg[CFG_PNS], 0),
1662 /* CRD */
1663 DEFINE_PROP_UINT8("data_width", PL330State, data_width, 64),
1664 DEFINE_PROP_UINT8("wr_cap", PL330State, wr_cap, 8),
1665 DEFINE_PROP_UINT8("wr_q_dep", PL330State, wr_q_dep, 16),
1666 DEFINE_PROP_UINT8("rd_cap", PL330State, rd_cap, 8),
1667 DEFINE_PROP_UINT8("rd_q_dep", PL330State, rd_q_dep, 16),
1668 DEFINE_PROP_UINT16("data_buffer_dep", PL330State, data_buffer_dep, 256),
1669
1670 DEFINE_PROP_LINK("memory", PL330State, mem_mr,
1671 TYPE_MEMORY_REGION, MemoryRegion *),
1672
1673 DEFINE_PROP_END_OF_LIST(),
1674 };
1675
1676 static void pl330_class_init(ObjectClass *klass, void *data)
1677 {
1678 DeviceClass *dc = DEVICE_CLASS(klass);
1679
1680 dc->realize = pl330_realize;
1681 dc->reset = pl330_reset;
1682 device_class_set_props(dc, pl330_properties);
1683 dc->vmsd = &vmstate_pl330;
1684 }
1685
1686 static const TypeInfo pl330_type_info = {
1687 .name = TYPE_PL330,
1688 .parent = TYPE_SYS_BUS_DEVICE,
1689 .instance_size = sizeof(PL330State),
1690 .class_init = pl330_class_init,
1691 };
1692
1693 static void pl330_register_types(void)
1694 {
1695 type_register_static(&pl330_type_info);
1696 }
1697
1698 type_init(pl330_register_types)
AR7 emulation for QEMU