search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'v9.0.0-rc3'
[qemu/ar7.git] / hw / dma / pl330.c
blob70a502d24529d8f0dde6e8d7844e03f37be4fe2f
1 /*
2 * ARM PrimeCell PL330 DMA Controller
3 *
4 * Copyright (c) 2009 Samsung Electronics.
5 * Contributed by Kirill Batuzov <batuzovk@ispras.ru>
6 * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.crosthwaite@petalogix.com)
7 * Copyright (c) 2012 PetaLogix Pty Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; version 2 or later.
12 *
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, see <http://www.gnu.org/licenses/>.
15 */
16
17 #include "qemu/osdep.h"
18 #include "hw/irq.h"
19 #include "hw/qdev-properties.h"
20 #include "hw/sysbus.h"
21 #include "migration/vmstate.h"
22 #include "qapi/error.h"
23 #include "qemu/timer.h"
24 #include "sysemu/dma.h"
25 #include "qemu/log.h"
26 #include "qemu/module.h"
27 #include "trace.h"
28 #include "qom/object.h"
29
30 #ifndef PL330_ERR_DEBUG
31 #define PL330_ERR_DEBUG 0
32 #endif
33
34 #define PL330_PERIPH_NUM 32
35 #define PL330_MAX_BURST_LEN 128
36 #define PL330_INSN_MAXSIZE 6
37
38 #define PL330_FIFO_OK 0
39 #define PL330_FIFO_STALL 1
40 #define PL330_FIFO_ERR (-1)
41
42 #define PL330_FAULT_UNDEF_INSTR (1 << 0)
43 #define PL330_FAULT_OPERAND_INVALID (1 << 1)
44 #define PL330_FAULT_DMAGO_ERR (1 << 4)
45 #define PL330_FAULT_EVENT_ERR (1 << 5)
46 #define PL330_FAULT_CH_PERIPH_ERR (1 << 6)
47 #define PL330_FAULT_CH_RDWR_ERR (1 << 7)
48 #define PL330_FAULT_ST_DATA_UNAVAILABLE (1 << 12)
49 #define PL330_FAULT_FIFOEMPTY_ERR (1 << 13)
50 #define PL330_FAULT_INSTR_FETCH_ERR (1 << 16)
51 #define PL330_FAULT_DATA_WRITE_ERR (1 << 17)
52 #define PL330_FAULT_DATA_READ_ERR (1 << 18)
53 #define PL330_FAULT_DBG_INSTR (1 << 30)
54 #define PL330_FAULT_LOCKUP_ERR (1 << 31)
55
56 #define PL330_UNTAGGED 0xff
57
58 #define PL330_SINGLE 0x0
59 #define PL330_BURST 0x1
60
61 #define PL330_WATCHDOG_LIMIT 1024
62
63 /* IOMEM mapped registers */
64 #define PL330_REG_DSR 0x000
65 #define PL330_REG_DPC 0x004
66 #define PL330_REG_INTEN 0x020
67 #define PL330_REG_INT_EVENT_RIS 0x024
68 #define PL330_REG_INTMIS 0x028
69 #define PL330_REG_INTCLR 0x02C
70 #define PL330_REG_FSRD 0x030
71 #define PL330_REG_FSRC 0x034
72 #define PL330_REG_FTRD 0x038
73 #define PL330_REG_FTR_BASE 0x040
74 #define PL330_REG_CSR_BASE 0x100
75 #define PL330_REG_CPC_BASE 0x104
76 #define PL330_REG_CHANCTRL 0x400
77 #define PL330_REG_DBGSTATUS 0xD00
78 #define PL330_REG_DBGCMD 0xD04
79 #define PL330_REG_DBGINST0 0xD08
80 #define PL330_REG_DBGINST1 0xD0C
81 #define PL330_REG_CR0_BASE 0xE00
82 #define PL330_REG_PERIPH_ID 0xFE0
83
84 #define PL330_IOMEM_SIZE 0x1000
85
86 #define CFG_BOOT_ADDR 2
87 #define CFG_INS 3
88 #define CFG_PNS 4
89 #define CFG_CRD 5
90
91 static const uint32_t pl330_id[] = {
92 0x30, 0x13, 0x24, 0x00, 0x0D, 0xF0, 0x05, 0xB1
93 };
94
95 /* DMA channel states as they are described in PL330 Technical Reference Manual
96 * Most of them will not be used in emulation.
97 */
98 typedef enum {
99 pl330_chan_stopped = 0,
100 pl330_chan_executing = 1,
101 pl330_chan_cache_miss = 2,
102 pl330_chan_updating_pc = 3,
103 pl330_chan_waiting_event = 4,
104 pl330_chan_at_barrier = 5,
105 pl330_chan_queue_busy = 6,
106 pl330_chan_waiting_periph = 7,
107 pl330_chan_killing = 8,
108 pl330_chan_completing = 9,
109 pl330_chan_fault_completing = 14,
110 pl330_chan_fault = 15,
111 } PL330ChanState;
112
113 typedef struct PL330State PL330State;
114
115 typedef struct PL330Chan {
116 uint32_t src;
117 uint32_t dst;
118 uint32_t pc;
119 uint32_t control;
120 uint32_t status;
121 uint32_t lc[2];
122 uint32_t fault_type;
123 uint32_t watchdog_timer;
124
125 bool ns;
126 uint8_t request_flag;
127 uint8_t wakeup;
128 uint8_t wfp_sbp;
129
130 uint8_t state;
131 uint8_t stall;
132
133 bool is_manager;
134 PL330State *parent;
135 uint8_t tag;
136 } PL330Chan;
137
138 static const VMStateDescription vmstate_pl330_chan = {
139 .name = "pl330_chan",
140 .version_id = 1,
141 .minimum_version_id = 1,
142 .fields = (const VMStateField[]) {
143 VMSTATE_UINT32(src, PL330Chan),
144 VMSTATE_UINT32(dst, PL330Chan),
145 VMSTATE_UINT32(pc, PL330Chan),
146 VMSTATE_UINT32(control, PL330Chan),
147 VMSTATE_UINT32(status, PL330Chan),
148 VMSTATE_UINT32_ARRAY(lc, PL330Chan, 2),
149 VMSTATE_UINT32(fault_type, PL330Chan),
150 VMSTATE_UINT32(watchdog_timer, PL330Chan),
151 VMSTATE_BOOL(ns, PL330Chan),
152 VMSTATE_UINT8(request_flag, PL330Chan),
153 VMSTATE_UINT8(wakeup, PL330Chan),
154 VMSTATE_UINT8(wfp_sbp, PL330Chan),
155 VMSTATE_UINT8(state, PL330Chan),
156 VMSTATE_UINT8(stall, PL330Chan),
157 VMSTATE_END_OF_LIST()
158 }
159 };
160
161 typedef struct PL330Fifo {
162 uint8_t *buf;
163 uint8_t *tag;
164 uint32_t head;
165 uint32_t num;
166 uint32_t buf_size;
167 } PL330Fifo;
168
169 static const VMStateDescription vmstate_pl330_fifo = {
170 .name = "pl330_chan",
171 .version_id = 1,
172 .minimum_version_id = 1,
173 .fields = (const VMStateField[]) {
174 VMSTATE_VBUFFER_UINT32(buf, PL330Fifo, 1, NULL, buf_size),
175 VMSTATE_VBUFFER_UINT32(tag, PL330Fifo, 1, NULL, buf_size),
176 VMSTATE_UINT32(head, PL330Fifo),
177 VMSTATE_UINT32(num, PL330Fifo),
178 VMSTATE_UINT32(buf_size, PL330Fifo),
179 VMSTATE_END_OF_LIST()
180 }
181 };
182
183 typedef struct PL330QueueEntry {
184 uint32_t addr;
185 uint32_t len;
186 uint8_t n;
187 bool inc;
188 bool z;
189 uint8_t tag;
190 uint8_t seqn;
191 } PL330QueueEntry;
192
193 static const VMStateDescription vmstate_pl330_queue_entry = {
194 .name = "pl330_queue_entry",
195 .version_id = 1,
196 .minimum_version_id = 1,
197 .fields = (const VMStateField[]) {
198 VMSTATE_UINT32(addr, PL330QueueEntry),
199 VMSTATE_UINT32(len, PL330QueueEntry),
200 VMSTATE_UINT8(n, PL330QueueEntry),
201 VMSTATE_BOOL(inc, PL330QueueEntry),
202 VMSTATE_BOOL(z, PL330QueueEntry),
203 VMSTATE_UINT8(tag, PL330QueueEntry),
204 VMSTATE_UINT8(seqn, PL330QueueEntry),
205 VMSTATE_END_OF_LIST()
206 }
207 };
208
209 typedef struct PL330Queue {
210 PL330State *parent;
211 PL330QueueEntry *queue;
212 uint32_t queue_size;
213 } PL330Queue;
214
215 static const VMStateDescription vmstate_pl330_queue = {
216 .name = "pl330_queue",
217 .version_id = 2,
218 .minimum_version_id = 2,
219 .fields = (const VMStateField[]) {
220 VMSTATE_STRUCT_VARRAY_POINTER_UINT32(queue, PL330Queue, queue_size,
221 vmstate_pl330_queue_entry,
222 PL330QueueEntry),
223 VMSTATE_END_OF_LIST()
224 }
225 };
226
227 struct PL330State {
228 SysBusDevice parent_obj;
229
230 MemoryRegion iomem;
231 qemu_irq irq_abort;
232 qemu_irq *irq;
233
234 /* Config registers. cfg[5] = CfgDn. */
235 uint32_t cfg[6];
236 #define EVENT_SEC_STATE 3
237 #define PERIPH_SEC_STATE 4
238 /* cfg 0 bits and pieces */
239 uint32_t num_chnls;
240 uint8_t num_periph_req;
241 uint8_t num_events;
242 uint8_t mgr_ns_at_rst;
243 /* cfg 1 bits and pieces */
244 uint8_t i_cache_len;
245 uint8_t num_i_cache_lines;
246 /* CRD bits and pieces */
247 uint8_t data_width;
248 uint8_t wr_cap;
249 uint8_t wr_q_dep;
250 uint8_t rd_cap;
251 uint8_t rd_q_dep;
252 uint16_t data_buffer_dep;
253
254 PL330Chan manager;
255 PL330Chan *chan;
256 PL330Fifo fifo;
257 PL330Queue read_queue;
258 PL330Queue write_queue;
259 uint8_t *lo_seqn;
260 uint8_t *hi_seqn;
261 QEMUTimer *timer; /* is used for restore dma. */
262
263 uint32_t inten;
264 uint32_t int_status;
265 uint32_t ev_status;
266 uint32_t dbg[2];
267 uint8_t debug_status;
268 uint8_t num_faulting;
269 uint8_t periph_busy[PL330_PERIPH_NUM];
270
271 /* Memory region that DMA operation access */
272 MemoryRegion *mem_mr;
273 AddressSpace *mem_as;
274 };
275
276 #define TYPE_PL330 "pl330"
277 OBJECT_DECLARE_SIMPLE_TYPE(PL330State, PL330)
278
279 static const VMStateDescription vmstate_pl330 = {
280 .name = "pl330",
281 .version_id = 2,
282 .minimum_version_id = 2,
283 .fields = (const VMStateField[]) {
284 VMSTATE_STRUCT(manager, PL330State, 0, vmstate_pl330_chan, PL330Chan),
285 VMSTATE_STRUCT_VARRAY_POINTER_UINT32(chan, PL330State, num_chnls,
286 vmstate_pl330_chan, PL330Chan),
287 VMSTATE_VBUFFER_UINT32(lo_seqn, PL330State, 1, NULL, num_chnls),
288 VMSTATE_VBUFFER_UINT32(hi_seqn, PL330State, 1, NULL, num_chnls),
289 VMSTATE_STRUCT(fifo, PL330State, 0, vmstate_pl330_fifo, PL330Fifo),
290 VMSTATE_STRUCT(read_queue, PL330State, 0, vmstate_pl330_queue,
291 PL330Queue),
292 VMSTATE_STRUCT(write_queue, PL330State, 0, vmstate_pl330_queue,
293 PL330Queue),
294 VMSTATE_TIMER_PTR(timer, PL330State),
295 VMSTATE_UINT32(inten, PL330State),
296 VMSTATE_UINT32(int_status, PL330State),
297 VMSTATE_UINT32(ev_status, PL330State),
298 VMSTATE_UINT32_ARRAY(dbg, PL330State, 2),
299 VMSTATE_UINT8(debug_status, PL330State),
300 VMSTATE_UINT8(num_faulting, PL330State),
301 VMSTATE_UINT8_ARRAY(periph_busy, PL330State, PL330_PERIPH_NUM),
302 VMSTATE_END_OF_LIST()
303 }
304 };
305
306 typedef struct PL330InsnDesc {
307 /* OPCODE of the instruction */
308 uint8_t opcode;
309 /* Mask so we can select several sibling instructions, such as
310 DMALD, DMALDS and DMALDB */
311 uint8_t opmask;
312 /* Size of instruction in bytes */
313 uint8_t size;
314 /* Interpreter */
315 void (*exec)(PL330Chan *, uint8_t opcode, uint8_t *args, int len);
316 } PL330InsnDesc;
317
318 static void pl330_hexdump(uint8_t *buf, size_t size)
319 {
320 unsigned int b, i, len;
321 char tmpbuf[80];
322
323 for (b = 0; b < size; b += 16) {
324 len = size - b;
325 if (len > 16) {
326 len = 16;
327 }
328 tmpbuf[0] = '\0';
329 for (i = 0; i < len; i++) {
330 if ((i % 4) == 0) {
331 strcat(tmpbuf, " ");
332 }
333 sprintf(tmpbuf + strlen(tmpbuf), " %02x", buf[b + i]);
334 }
335 trace_pl330_hexdump(b, tmpbuf);
336 }
337 }
338
339 /* MFIFO Implementation
340 *
341 * MFIFO is implemented as a cyclic buffer of BUF_SIZE size. Tagged bytes are
342 * stored in this buffer. Data is stored in BUF field, tags - in the
343 * corresponding array elements of TAG field.
344 */
345
346 /* Initialize queue. */
347
348 static void pl330_fifo_init(PL330Fifo *s, uint32_t size)
349 {
350 s->buf = g_malloc0(size);
351 s->tag = g_malloc0(size);
352 s->buf_size = size;
353 }
354
355 /* Cyclic increment */
356
357 static inline int pl330_fifo_inc(PL330Fifo *s, int x)
358 {
359 return (x + 1) % s->buf_size;
360 }
361
362 /* Number of empty bytes in MFIFO */
363
364 static inline int pl330_fifo_num_free(PL330Fifo *s)
365 {
366 return s->buf_size - s->num;
367 }
368
369 /* Push LEN bytes of data stored in BUF to MFIFO and tag it with TAG.
370 * Zero returned on success, PL330_FIFO_STALL if there is no enough free
371 * space in MFIFO to store requested amount of data. If push was unsuccessful
372 * no data is stored to MFIFO.
373 */
374
375 static int pl330_fifo_push(PL330Fifo *s, uint8_t *buf, int len, uint8_t tag)
376 {
377 int i;
378
379 if (s->buf_size - s->num < len) {
380 return PL330_FIFO_STALL;
381 }
382 for (i = 0; i < len; i++) {
383 int push_idx = (s->head + s->num + i) % s->buf_size;
384 s->buf[push_idx] = buf[i];
385 s->tag[push_idx] = tag;
386 }
387 s->num += len;
388 return PL330_FIFO_OK;
389 }
390
391 /* Get LEN bytes of data from MFIFO and store it to BUF. Tag value of each
392 * byte is verified. Zero returned on success, PL330_FIFO_ERR on tag mismatch
393 * and PL330_FIFO_STALL if there is no enough data in MFIFO. If get was
394 * unsuccessful no data is removed from MFIFO.
395 */
396
397 static int pl330_fifo_get(PL330Fifo *s, uint8_t *buf, int len, uint8_t tag)
398 {
399 int i;
400
401 if (s->num < len) {
402 return PL330_FIFO_STALL;
403 }
404 for (i = 0; i < len; i++) {
405 if (s->tag[s->head] == tag) {
406 int get_idx = (s->head + i) % s->buf_size;
407 buf[i] = s->buf[get_idx];
408 } else { /* Tag mismatch - Rollback transaction */
409 return PL330_FIFO_ERR;
410 }
411 }
412 s->head = (s->head + len) % s->buf_size;
413 s->num -= len;
414 return PL330_FIFO_OK;
415 }
416
417 /* Reset MFIFO. This completely erases all data in it. */
418
419 static inline void pl330_fifo_reset(PL330Fifo *s)
420 {
421 s->head = 0;
422 s->num = 0;
423 }
424
425 /* Return tag of the first byte stored in MFIFO. If MFIFO is empty
426 * PL330_UNTAGGED is returned.
427 */
428
429 static inline uint8_t pl330_fifo_tag(PL330Fifo *s)
430 {
431 return (!s->num) ? PL330_UNTAGGED : s->tag[s->head];
432 }
433
434 /* Returns non-zero if tag TAG is present in fifo or zero otherwise */
435
436 static int pl330_fifo_has_tag(PL330Fifo *s, uint8_t tag)
437 {
438 int i, n;
439
440 i = s->head;
441 for (n = 0; n < s->num; n++) {
442 if (s->tag[i] == tag) {
443 return 1;
444 }
445 i = pl330_fifo_inc(s, i);
446 }
447 return 0;
448 }
449
450 /* Remove all entry tagged with TAG from MFIFO */
451
452 static void pl330_fifo_tagged_remove(PL330Fifo *s, uint8_t tag)
453 {
454 int i, t, n;
455
456 t = i = s->head;
457 for (n = 0; n < s->num; n++) {
458 if (s->tag[i] != tag) {
459 s->buf[t] = s->buf[i];
460 s->tag[t] = s->tag[i];
461 t = pl330_fifo_inc(s, t);
462 } else {
463 s->num = s->num - 1;
464 }
465 i = pl330_fifo_inc(s, i);
466 }
467 }
468
469 /* Read-Write Queue implementation
470 *
471 * A Read-Write Queue stores up to QUEUE_SIZE instructions (loads or stores).
472 * Each instruction is described by source (for loads) or destination (for
473 * stores) address ADDR, width of data to be loaded/stored LEN, number of
474 * stores/loads to be performed N, INC bit, Z bit and TAG to identify channel
475 * this instruction belongs to. Queue does not store any information about
476 * nature of the instruction: is it load or store. PL330 has different queues
477 * for loads and stores so this is already known at the top level where it
478 * matters.
479 *
480 * Queue works as FIFO for instructions with equivalent tags, but can issue
481 * instructions with different tags in arbitrary order. SEQN field attached to
482 * each instruction helps to achieve this. For each TAG queue contains
483 * instructions with consecutive SEQN values ranging from LO_SEQN[TAG] to
484 * HI_SEQN[TAG]-1 inclusive. SEQN is 8-bit unsigned integer, so SEQN=255 is
485 * followed by SEQN=0.
486 *
487 * Z bit indicates that zeroes should be stored. No MFIFO fetches are performed
488 * in this case.
489 */
490
491 static void pl330_queue_reset(PL330Queue *s)
492 {
493 int i;
494
495 for (i = 0; i < s->queue_size; i++) {
496 s->queue[i].tag = PL330_UNTAGGED;
497 }
498 }
499
500 /* Initialize queue */
501 static void pl330_queue_init(PL330Queue *s, int size, PL330State *parent)
502 {
503 s->parent = parent;
504 s->queue = g_new0(PL330QueueEntry, size);
505 s->queue_size = size;
506 }
507
508 /* Returns pointer to an empty slot or NULL if queue is full */
509 static PL330QueueEntry *pl330_queue_find_empty(PL330Queue *s)
510 {
511 int i;
512
513 for (i = 0; i < s->queue_size; i++) {
514 if (s->queue[i].tag == PL330_UNTAGGED) {
515 return &s->queue[i];
516 }
517 }
518 return NULL;
519 }
520
521 /* Put instruction in queue.
522 * Return value:
523 * - zero - OK
524 * - non-zero - queue is full
525 */
526
527 static int pl330_queue_put_insn(PL330Queue *s, uint32_t addr,
528 int len, int n, bool inc, bool z, uint8_t tag)
529 {
530 PL330QueueEntry *entry = pl330_queue_find_empty(s);
531
532 if (!entry) {
533 return 1;
534 }
535 entry->tag = tag;
536 entry->addr = addr;
537 entry->len = len;
538 entry->n = n;
539 entry->z = z;
540 entry->inc = inc;
541 entry->seqn = s->parent->hi_seqn[tag];
542 s->parent->hi_seqn[tag]++;
543 return 0;
544 }
545
546 /* Returns a pointer to queue slot containing instruction which satisfies
547 * following conditions:
548 * - it has valid tag value (not PL330_UNTAGGED)
549 * - if enforce_seq is set it has to be issuable without violating queue
550 * logic (see above)
551 * - if TAG argument is not PL330_UNTAGGED this instruction has tag value
552 * equivalent to the argument TAG value.
553 * If such instruction cannot be found NULL is returned.
554 */
555
556 static PL330QueueEntry *pl330_queue_find_insn(PL330Queue *s, uint8_t tag,
557 bool enforce_seq)
558 {
559 int i;
560
561 for (i = 0; i < s->queue_size; i++) {
562 if (s->queue[i].tag != PL330_UNTAGGED) {
563 if ((!enforce_seq ||
564 s->queue[i].seqn == s->parent->lo_seqn[s->queue[i].tag]) &&
565 (s->queue[i].tag == tag || tag == PL330_UNTAGGED ||
566 s->queue[i].z)) {
567 return &s->queue[i];
568 }
569 }
570 }
571 return NULL;
572 }
573
574 /* Removes instruction from queue. */
575
576 static inline void pl330_queue_remove_insn(PL330Queue *s, PL330QueueEntry *e)
577 {
578 s->parent->lo_seqn[e->tag]++;
579 e->tag = PL330_UNTAGGED;
580 }
581
582 /* Removes all instructions tagged with TAG from queue. */
583
584 static inline void pl330_queue_remove_tagged(PL330Queue *s, uint8_t tag)
585 {
586 int i;
587
588 for (i = 0; i < s->queue_size; i++) {
589 if (s->queue[i].tag == tag) {
590 s->queue[i].tag = PL330_UNTAGGED;
591 }
592 }
593 }
594
595 /* DMA instruction execution engine */
596
597 /* Moves DMA channel to the FAULT state and updates it's status. */
598
599 static inline void pl330_fault(PL330Chan *ch, uint32_t flags)
600 {
601 trace_pl330_fault(ch, flags);
602 ch->fault_type |= flags;
603 if (ch->state == pl330_chan_fault) {
604 return;
605 }
606 ch->state = pl330_chan_fault;
607 ch->parent->num_faulting++;
608 if (ch->parent->num_faulting == 1) {
609 trace_pl330_fault_abort();
610 qemu_irq_raise(ch->parent->irq_abort);
611 }
612 }
613
614 /*
615 * For information about instructions see PL330 Technical Reference Manual.
616 *
617 * Arguments:
618 * CH - channel executing the instruction
619 * OPCODE - opcode
620 * ARGS - array of 8-bit arguments
621 * LEN - number of elements in ARGS array
622 */
623
624 static void pl330_dmaadxh(PL330Chan *ch, uint8_t *args, bool ra, bool neg)
625 {
626 uint32_t im = (args[1] << 8) | args[0];
627 if (neg) {
628 im |= 0xffffu << 16;
629 }
630
631 if (ch->is_manager) {
632 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR);
633 return;
634 }
635 if (ra) {
636 ch->dst += im;
637 } else {
638 ch->src += im;
639 }
640 }
641
642 static void pl330_dmaaddh(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
643 {
644 pl330_dmaadxh(ch, args, extract32(opcode, 1, 1), false);
645 }
646
647 static void pl330_dmaadnh(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
648 {
649 pl330_dmaadxh(ch, args, extract32(opcode, 1, 1), true);
650 }
651
652 static void pl330_dmaend(PL330Chan *ch, uint8_t opcode,
653 uint8_t *args, int len)
654 {
655 PL330State *s = ch->parent;
656
657 if (ch->state == pl330_chan_executing && !ch->is_manager) {
658 /* Wait for all transfers to complete */
659 if (pl330_fifo_has_tag(&s->fifo, ch->tag) ||
660 pl330_queue_find_insn(&s->read_queue, ch->tag, false) != NULL ||
661 pl330_queue_find_insn(&s->write_queue, ch->tag, false) != NULL) {
662
663 ch->stall = 1;
664 return;
665 }
666 }
667 trace_pl330_dmaend();
668 pl330_fifo_tagged_remove(&s->fifo, ch->tag);
669 pl330_queue_remove_tagged(&s->read_queue, ch->tag);
670 pl330_queue_remove_tagged(&s->write_queue, ch->tag);
671 ch->state = pl330_chan_stopped;
672 }
673
674 static void pl330_dmaflushp(PL330Chan *ch, uint8_t opcode,
675 uint8_t *args, int len)
676 {
677 uint8_t periph_id;
678
679 if (args[0] & 7) {
680 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
681 return;
682 }
683 periph_id = (args[0] >> 3) & 0x1f;
684 if (periph_id >= ch->parent->num_periph_req) {
685 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
686 return;
687 }
688 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
689 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
690 return;
691 }
692 /* Do nothing */
693 }
694
695 static void pl330_dmago(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
696 {
697 uint8_t chan_id;
698 uint8_t ns;
699 uint32_t pc;
700 PL330Chan *s;
701
702 trace_pl330_dmago();
703
704 if (!ch->is_manager) {
705 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR);
706 return;
707 }
708 ns = !!(opcode & 2);
709 chan_id = args[0] & 7;
710 if ((args[0] >> 3)) {
711 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
712 return;
713 }
714 if (chan_id >= ch->parent->num_chnls) {
715 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
716 return;
717 }
718 pc = (((uint32_t)args[4]) << 24) | (((uint32_t)args[3]) << 16) |
719 (((uint32_t)args[2]) << 8) | (((uint32_t)args[1]));
720 if (ch->parent->chan[chan_id].state != pl330_chan_stopped) {
721 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
722 return;
723 }
724 if (ch->ns && !ns) {
725 pl330_fault(ch, PL330_FAULT_DMAGO_ERR);
726 return;
727 }
728 s = &ch->parent->chan[chan_id];
729 s->ns = ns;
730 s->pc = pc;
731 s->state = pl330_chan_executing;
732 }
733
734 static void pl330_dmald(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
735 {
736 uint8_t bs = opcode & 3;
737 uint32_t size, num;
738 bool inc;
739
740 if (bs == 2) {
741 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
742 return;
743 }
744 if ((bs == 1 && ch->request_flag == PL330_BURST) ||
745 (bs == 3 && ch->request_flag == PL330_SINGLE)) {
746 /* Perform NOP */
747 return;
748 }
749 if (bs == 1 && ch->request_flag == PL330_SINGLE) {
750 num = 1;
751 } else {
752 num = ((ch->control >> 4) & 0xf) + 1;
753 }
754 size = (uint32_t)1 << ((ch->control >> 1) & 0x7);
755 inc = !!(ch->control & 1);
756 ch->stall = pl330_queue_put_insn(&ch->parent->read_queue, ch->src,
757 size, num, inc, 0, ch->tag);
758 if (!ch->stall) {
759 trace_pl330_dmald(ch->tag, ch->src, size, num, inc ? 'Y' : 'N');
760 ch->src += inc ? size * num - (ch->src & (size - 1)) : 0;
761 }
762 }
763
764 static void pl330_dmaldp(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
765 {
766 uint8_t periph_id;
767
768 if (args[0] & 7) {
769 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
770 return;
771 }
772 periph_id = (args[0] >> 3) & 0x1f;
773 if (periph_id >= ch->parent->num_periph_req) {
774 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
775 return;
776 }
777 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
778 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
779 return;
780 }
781 pl330_dmald(ch, opcode, args, len);
782 }
783
784 static void pl330_dmalp(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
785 {
786 uint8_t lc = (opcode & 2) >> 1;
787
788 ch->lc[lc] = args[0];
789 }
790
791 static void pl330_dmakill(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
792 {
793 if (ch->state == pl330_chan_fault ||
794 ch->state == pl330_chan_fault_completing) {
795 /* This is the only way for a channel to leave the faulting state */
796 ch->fault_type = 0;
797 ch->parent->num_faulting--;
798 if (ch->parent->num_faulting == 0) {
799 trace_pl330_dmakill();
800 qemu_irq_lower(ch->parent->irq_abort);
801 }
802 }
803 ch->state = pl330_chan_killing;
804 pl330_fifo_tagged_remove(&ch->parent->fifo, ch->tag);
805 pl330_queue_remove_tagged(&ch->parent->read_queue, ch->tag);
806 pl330_queue_remove_tagged(&ch->parent->write_queue, ch->tag);
807 ch->state = pl330_chan_stopped;
808 }
809
810 static void pl330_dmalpend(PL330Chan *ch, uint8_t opcode,
811 uint8_t *args, int len)
812 {
813 uint8_t nf = (opcode & 0x10) >> 4;
814 uint8_t bs = opcode & 3;
815 uint8_t lc = (opcode & 4) >> 2;
816
817 trace_pl330_dmalpend(nf, bs, lc, ch->lc[lc], ch->request_flag);
818
819 if (bs == 2) {
820 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
821 return;
822 }
823 if ((bs == 1 && ch->request_flag == PL330_BURST) ||
824 (bs == 3 && ch->request_flag == PL330_SINGLE)) {
825 /* Perform NOP */
826 return;
827 }
828 if (!nf || ch->lc[lc]) {
829 if (nf) {
830 ch->lc[lc]--;
831 }
832 trace_pl330_dmalpiter();
833 ch->pc -= args[0];
834 ch->pc -= len + 1;
835 /* "ch->pc -= args[0] + len + 1" is incorrect when args[0] == 256 */
836 } else {
837 trace_pl330_dmalpfallthrough();
838 }
839 }
840
841
842 static void pl330_dmamov(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
843 {
844 uint8_t rd = args[0] & 7;
845 uint32_t im;
846
847 if ((args[0] >> 3)) {
848 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
849 return;
850 }
851 im = (((uint32_t)args[4]) << 24) | (((uint32_t)args[3]) << 16) |
852 (((uint32_t)args[2]) << 8) | (((uint32_t)args[1]));
853 switch (rd) {
854 case 0:
855 ch->src = im;
856 break;
857 case 1:
858 ch->control = im;
859 break;
860 case 2:
861 ch->dst = im;
862 break;
863 default:
864 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
865 return;
866 }
867 }
868
869 static void pl330_dmanop(PL330Chan *ch, uint8_t opcode,
870 uint8_t *args, int len)
871 {
872 /* NOP is NOP. */
873 }
874
875 static void pl330_dmarmb(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
876 {
877 if (pl330_queue_find_insn(&ch->parent->read_queue, ch->tag, false)) {
878 ch->state = pl330_chan_at_barrier;
879 ch->stall = 1;
880 return;
881 } else {
882 ch->state = pl330_chan_executing;
883 }
884 }
885
886 static void pl330_dmasev(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
887 {
888 uint8_t ev_id;
889
890 if (args[0] & 7) {
891 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
892 return;
893 }
894 ev_id = (args[0] >> 3) & 0x1f;
895 if (ev_id >= ch->parent->num_events) {
896 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
897 return;
898 }
899 if (ch->ns && !(ch->parent->cfg[CFG_INS] & (1 << ev_id))) {
900 pl330_fault(ch, PL330_FAULT_EVENT_ERR);
901 return;
902 }
903 if (ch->parent->inten & (1 << ev_id)) {
904 ch->parent->int_status |= (1 << ev_id);
905 trace_pl330_dmasev_evirq(ev_id);
906 qemu_irq_raise(ch->parent->irq[ev_id]);
907 }
908 trace_pl330_dmasev_event(ev_id);
909 ch->parent->ev_status |= (1 << ev_id);
910 }
911
912 static void pl330_dmast(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
913 {
914 uint8_t bs = opcode & 3;
915 uint32_t size, num;
916 bool inc;
917
918 if (bs == 2) {
919 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
920 return;
921 }
922 if ((bs == 1 && ch->request_flag == PL330_BURST) ||
923 (bs == 3 && ch->request_flag == PL330_SINGLE)) {
924 /* Perform NOP */
925 return;
926 }
927 num = ((ch->control >> 18) & 0xf) + 1;
928 size = (uint32_t)1 << ((ch->control >> 15) & 0x7);
929 inc = !!((ch->control >> 14) & 1);
930 ch->stall = pl330_queue_put_insn(&ch->parent->write_queue, ch->dst,
931 size, num, inc, 0, ch->tag);
932 if (!ch->stall) {
933 trace_pl330_dmast(ch->tag, ch->dst, size, num, inc ? 'Y' : 'N');
934 ch->dst += inc ? size * num - (ch->dst & (size - 1)) : 0;
935 }
936 }
937
938 static void pl330_dmastp(PL330Chan *ch, uint8_t opcode,
939 uint8_t *args, int len)
940 {
941 uint8_t periph_id;
942
943 if (args[0] & 7) {
944 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
945 return;
946 }
947 periph_id = (args[0] >> 3) & 0x1f;
948 if (periph_id >= ch->parent->num_periph_req) {
949 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
950 return;
951 }
952 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
953 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
954 return;
955 }
956 pl330_dmast(ch, opcode, args, len);
957 }
958
959 static void pl330_dmastz(PL330Chan *ch, uint8_t opcode,
960 uint8_t *args, int len)
961 {
962 uint32_t size, num;
963 bool inc;
964
965 num = ((ch->control >> 18) & 0xf) + 1;
966 size = (uint32_t)1 << ((ch->control >> 15) & 0x7);
967 inc = !!((ch->control >> 14) & 1);
968 ch->stall = pl330_queue_put_insn(&ch->parent->write_queue, ch->dst,
969 size, num, inc, 1, ch->tag);
970 if (inc) {
971 ch->dst += size * num;
972 }
973 }
974
975 static void pl330_dmawfe(PL330Chan *ch, uint8_t opcode,
976 uint8_t *args, int len)
977 {
978 uint8_t ev_id;
979 int i;
980
981 if (args[0] & 5) {
982 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
983 return;
984 }
985 ev_id = (args[0] >> 3) & 0x1f;
986 if (ev_id >= ch->parent->num_events) {
987 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
988 return;
989 }
990 if (ch->ns && !(ch->parent->cfg[CFG_INS] & (1 << ev_id))) {
991 pl330_fault(ch, PL330_FAULT_EVENT_ERR);
992 return;
993 }
994 ch->wakeup = ev_id;
995 ch->state = pl330_chan_waiting_event;
996 if (~ch->parent->inten & ch->parent->ev_status & 1 << ev_id) {
997 ch->state = pl330_chan_executing;
998 /* If anyone else is currently waiting on the same event, let them
999 * clear the ev_status so they pick up event as well
1000 */
1001 for (i = 0; i < ch->parent->num_chnls; ++i) {
1002 PL330Chan *peer = &ch->parent->chan[i];
1003 if (peer->state == pl330_chan_waiting_event &&
1004 peer->wakeup == ev_id) {
1005 return;
1006 }
1007 }
1008 ch->parent->ev_status &= ~(1 << ev_id);
1009 trace_pl330_dmawfe(ev_id);
1010 } else {
1011 ch->stall = 1;
1012 }
1013 }
1014
1015 static void pl330_dmawfp(PL330Chan *ch, uint8_t opcode,
1016 uint8_t *args, int len)
1017 {
1018 uint8_t bs = opcode & 3;
1019 uint8_t periph_id;
1020
1021 if (args[0] & 7) {
1022 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
1023 return;
1024 }
1025 periph_id = (args[0] >> 3) & 0x1f;
1026 if (periph_id >= ch->parent->num_periph_req) {
1027 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
1028 return;
1029 }
1030 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
1031 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
1032 return;
1033 }
1034 switch (bs) {
1035 case 0: /* S */
1036 ch->request_flag = PL330_SINGLE;
1037 ch->wfp_sbp = 0;
1038 break;
1039 case 1: /* P */
1040 ch->request_flag = PL330_BURST;
1041 ch->wfp_sbp = 2;
1042 break;
1043 case 2: /* B */
1044 ch->request_flag = PL330_BURST;
1045 ch->wfp_sbp = 1;
1046 break;
1047 default:
1048 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
1049 return;
1050 }
1051
1052 if (ch->parent->periph_busy[periph_id]) {
1053 ch->state = pl330_chan_waiting_periph;
1054 ch->stall = 1;
1055 } else if (ch->state == pl330_chan_waiting_periph) {
1056 ch->state = pl330_chan_executing;
1057 }
1058 }
1059
1060 static void pl330_dmawmb(PL330Chan *ch, uint8_t opcode,
1061 uint8_t *args, int len)
1062 {
1063 if (pl330_queue_find_insn(&ch->parent->write_queue, ch->tag, false)) {
1064 ch->state = pl330_chan_at_barrier;
1065 ch->stall = 1;
1066 return;
1067 } else {
1068 ch->state = pl330_chan_executing;
1069 }
1070 }
1071
1072 /* NULL terminated array of the instruction descriptions. */
1073 static const PL330InsnDesc insn_desc[] = {
1074 { .opcode = 0x54, .opmask = 0xFD, .size = 3, .exec = pl330_dmaaddh, },
1075 { .opcode = 0x5c, .opmask = 0xFD, .size = 3, .exec = pl330_dmaadnh, },
1076 { .opcode = 0x00, .opmask = 0xFF, .size = 1, .exec = pl330_dmaend, },
1077 { .opcode = 0x35, .opmask = 0xFF, .size = 2, .exec = pl330_dmaflushp, },
1078 { .opcode = 0xA0, .opmask = 0xFD, .size = 6, .exec = pl330_dmago, },
1079 { .opcode = 0x04, .opmask = 0xFC, .size = 1, .exec = pl330_dmald, },
1080 { .opcode = 0x25, .opmask = 0xFD, .size = 2, .exec = pl330_dmaldp, },
1081 { .opcode = 0x20, .opmask = 0xFD, .size = 2, .exec = pl330_dmalp, },
1082 /* dmastp must be before dmalpend in this list, because their maps
1083 * are overlapping
1084 */
1085 { .opcode = 0x29, .opmask = 0xFD, .size = 2, .exec = pl330_dmastp, },
1086 { .opcode = 0x28, .opmask = 0xE8, .size = 2, .exec = pl330_dmalpend, },
1087 { .opcode = 0x01, .opmask = 0xFF, .size = 1, .exec = pl330_dmakill, },
1088 { .opcode = 0xBC, .opmask = 0xFF, .size = 6, .exec = pl330_dmamov, },
1089 { .opcode = 0x18, .opmask = 0xFF, .size = 1, .exec = pl330_dmanop, },
1090 { .opcode = 0x12, .opmask = 0xFF, .size = 1, .exec = pl330_dmarmb, },
1091 { .opcode = 0x34, .opmask = 0xFF, .size = 2, .exec = pl330_dmasev, },
1092 { .opcode = 0x08, .opmask = 0xFC, .size = 1, .exec = pl330_dmast, },
1093 { .opcode = 0x0C, .opmask = 0xFF, .size = 1, .exec = pl330_dmastz, },
1094 { .opcode = 0x36, .opmask = 0xFF, .size = 2, .exec = pl330_dmawfe, },
1095 { .opcode = 0x30, .opmask = 0xFC, .size = 2, .exec = pl330_dmawfp, },
1096 { .opcode = 0x13, .opmask = 0xFF, .size = 1, .exec = pl330_dmawmb, },
1097 { .opcode = 0x00, .opmask = 0x00, .size = 0, .exec = NULL, }
1098 };
1099
1100 /* Instructions which can be issued via debug registers. */
1101 static const PL330InsnDesc debug_insn_desc[] = {
1102 { .opcode = 0xA0, .opmask = 0xFD, .size = 6, .exec = pl330_dmago, },
1103 { .opcode = 0x01, .opmask = 0xFF, .size = 1, .exec = pl330_dmakill, },
1104 { .opcode = 0x34, .opmask = 0xFF, .size = 2, .exec = pl330_dmasev, },
1105 { .opcode = 0x00, .opmask = 0x00, .size = 0, .exec = NULL, }
1106 };
1107
1108 static inline const PL330InsnDesc *pl330_fetch_insn(PL330Chan *ch)
1109 {
1110 uint8_t opcode;
1111 int i;
1112
1113 dma_memory_read(ch->parent->mem_as, ch->pc, &opcode, 1,
1114 MEMTXATTRS_UNSPECIFIED);
1115 for (i = 0; insn_desc[i].size; i++) {
1116 if ((opcode & insn_desc[i].opmask) == insn_desc[i].opcode) {
1117 return &insn_desc[i];
1118 }
1119 }
1120 return NULL;
1121 }
1122
1123 static inline void pl330_exec_insn(PL330Chan *ch, const PL330InsnDesc *insn)
1124 {
1125 uint8_t buf[PL330_INSN_MAXSIZE];
1126
1127 assert(insn->size <= PL330_INSN_MAXSIZE);
1128 dma_memory_read(ch->parent->mem_as, ch->pc, buf, insn->size,
1129 MEMTXATTRS_UNSPECIFIED);
1130 insn->exec(ch, buf[0], &buf[1], insn->size - 1);
1131 }
1132
1133 static inline void pl330_update_pc(PL330Chan *ch,
1134 const PL330InsnDesc *insn)
1135 {
1136 ch->pc += insn->size;
1137 }
1138
1139 /* Try to execute current instruction in channel CH. Number of executed
1140 instructions is returned (0 or 1). */
1141 static int pl330_chan_exec(PL330Chan *ch)
1142 {
1143 const PL330InsnDesc *insn;
1144
1145 if (ch->state != pl330_chan_executing &&
1146 ch->state != pl330_chan_waiting_periph &&
1147 ch->state != pl330_chan_at_barrier &&
1148 ch->state != pl330_chan_waiting_event) {
1149 return 0;
1150 }
1151 ch->stall = 0;
1152 insn = pl330_fetch_insn(ch);
1153 if (!insn) {
1154 trace_pl330_chan_exec_undef();
1155 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR);
1156 return 0;
1157 }
1158 pl330_exec_insn(ch, insn);
1159 if (!ch->stall) {
1160 pl330_update_pc(ch, insn);
1161 ch->watchdog_timer = 0;
1162 return 1;
1163 /* WDT only active in exec state */
1164 } else if (ch->state == pl330_chan_executing) {
1165 ch->watchdog_timer++;
1166 if (ch->watchdog_timer >= PL330_WATCHDOG_LIMIT) {
1167 pl330_fault(ch, PL330_FAULT_LOCKUP_ERR);
1168 }
1169 }
1170 return 0;
1171 }
1172
1173 /* Try to execute 1 instruction in each channel, one instruction from read
1174 queue and one instruction from write queue. Number of successfully executed
1175 instructions is returned. */
1176 static int pl330_exec_cycle(PL330Chan *channel)
1177 {
1178 PL330State *s = channel->parent;
1179 PL330QueueEntry *q;
1180 int i;
1181 int num_exec = 0;
1182 int fifo_res = 0;
1183 uint8_t buf[PL330_MAX_BURST_LEN];
1184
1185 /* Execute one instruction in each channel */
1186 num_exec += pl330_chan_exec(channel);
1187
1188 /* Execute one instruction from read queue */
1189 q = pl330_queue_find_insn(&s->read_queue, PL330_UNTAGGED, true);
1190 if (q != NULL && q->len <= pl330_fifo_num_free(&s->fifo)) {
1191 int len = q->len - (q->addr & (q->len - 1));
1192
1193 dma_memory_read(s->mem_as, q->addr, buf, len,
1194 MEMTXATTRS_UNSPECIFIED);
1195 trace_pl330_exec_cycle(q->addr, len);
1196 if (trace_event_get_state_backends(TRACE_PL330_HEXDUMP)) {
1197 pl330_hexdump(buf, len);
1198 }
1199 fifo_res = pl330_fifo_push(&s->fifo, buf, len, q->tag);
1200 if (fifo_res == PL330_FIFO_OK) {
1201 if (q->inc) {
1202 q->addr += len;
1203 }
1204 q->n--;
1205 if (!q->n) {
1206 pl330_queue_remove_insn(&s->read_queue, q);
1207 }
1208 num_exec++;
1209 }
1210 }
1211
1212 /* Execute one instruction from write queue. */
1213 q = pl330_queue_find_insn(&s->write_queue, pl330_fifo_tag(&s->fifo), true);
1214 if (q != NULL) {
1215 int len = q->len - (q->addr & (q->len - 1));
1216
1217 if (q->z) {
1218 for (i = 0; i < len; i++) {
1219 buf[i] = 0;
1220 }
1221 } else {
1222 fifo_res = pl330_fifo_get(&s->fifo, buf, len, q->tag);
1223 }
1224 if (fifo_res == PL330_FIFO_OK || q->z) {
1225 dma_memory_write(s->mem_as, q->addr, buf, len,
1226 MEMTXATTRS_UNSPECIFIED);
1227 trace_pl330_exec_cycle(q->addr, len);
1228 if (trace_event_get_state_backends(TRACE_PL330_HEXDUMP)) {
1229 pl330_hexdump(buf, len);
1230 }
1231 if (q->inc) {
1232 q->addr += len;
1233 }
1234 num_exec++;
1235 } else if (fifo_res == PL330_FIFO_STALL) {
1236 pl330_fault(&channel->parent->chan[q->tag],
1237 PL330_FAULT_FIFOEMPTY_ERR);
1238 }
1239 q->n--;
1240 if (!q->n) {
1241 pl330_queue_remove_insn(&s->write_queue, q);
1242 }
1243 }
1244
1245 return num_exec;
1246 }
1247
1248 static int pl330_exec_channel(PL330Chan *channel)
1249 {
1250 int insr_exec = 0;
1251
1252 /* TODO: Is it all right to execute everything or should we do per-cycle
1253 simulation? */
1254 while (pl330_exec_cycle(channel)) {
1255 insr_exec++;
1256 }
1257
1258 /* Detect deadlock */
1259 if (channel->state == pl330_chan_executing) {
1260 pl330_fault(channel, PL330_FAULT_LOCKUP_ERR);
1261 }
1262 /* Situation when one of the queues has deadlocked but all channels
1263 * have finished their programs should be impossible.
1264 */
1265
1266 return insr_exec;
1267 }
1268
1269 static inline void pl330_exec(PL330State *s)
1270 {
1271 int i, insr_exec;
1272 trace_pl330_exec();
1273 do {
1274 insr_exec = pl330_exec_channel(&s->manager);
1275
1276 for (i = 0; i < s->num_chnls; i++) {
1277 insr_exec += pl330_exec_channel(&s->chan[i]);
1278 }
1279 } while (insr_exec);
1280 }
1281
1282 static void pl330_exec_cycle_timer(void *opaque)
1283 {
1284 PL330State *s = (PL330State *)opaque;
1285 pl330_exec(s);
1286 }
1287
1288 /* Stop or restore dma operations */
1289
1290 static void pl330_dma_stop_irq(void *opaque, int irq, int level)
1291 {
1292 PL330State *s = (PL330State *)opaque;
1293
1294 if (s->periph_busy[irq] != level) {
1295 s->periph_busy[irq] = level;
1296 timer_mod(s->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL));
1297 }
1298 }
1299
1300 static void pl330_debug_exec(PL330State *s)
1301 {
1302 uint8_t args[5];
1303 uint8_t opcode;
1304 uint8_t chan_id;
1305 int i;
1306 PL330Chan *ch;
1307 const PL330InsnDesc *insn;
1308
1309 s->debug_status = 1;
1310 chan_id = (s->dbg[0] >> 8) & 0x07;
1311 opcode = (s->dbg[0] >> 16) & 0xff;
1312 args[0] = (s->dbg[0] >> 24) & 0xff;
1313 args[1] = (s->dbg[1] >> 0) & 0xff;
1314 args[2] = (s->dbg[1] >> 8) & 0xff;
1315 args[3] = (s->dbg[1] >> 16) & 0xff;
1316 args[4] = (s->dbg[1] >> 24) & 0xff;
1317 trace_pl330_debug_exec(chan_id);
1318 if (s->dbg[0] & 1) {
1319 ch = &s->chan[chan_id];
1320 } else {
1321 ch = &s->manager;
1322 }
1323 insn = NULL;
1324 for (i = 0; debug_insn_desc[i].size; i++) {
1325 if ((opcode & debug_insn_desc[i].opmask) == debug_insn_desc[i].opcode) {
1326 insn = &debug_insn_desc[i];
1327 }
1328 }
1329 if (!insn) {
1330 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR | PL330_FAULT_DBG_INSTR);
1331 return;
1332 }
1333 ch->stall = 0;
1334 insn->exec(ch, opcode, args, insn->size - 1);
1335 if (ch->fault_type) {
1336 ch->fault_type |= PL330_FAULT_DBG_INSTR;
1337 }
1338 if (ch->stall) {
1339 trace_pl330_debug_exec_stall();
1340 qemu_log_mask(LOG_UNIMP, "pl330: stall of debug instruction not "
1341 "implemented\n");
1342 }
1343 s->debug_status = 0;
1344 }
1345
1346 /* IOMEM mapped registers */
1347
1348 static void pl330_iomem_write(void *opaque, hwaddr offset,
1349 uint64_t value, unsigned size)
1350 {
1351 PL330State *s = (PL330State *) opaque;
1352 int i;
1353
1354 trace_pl330_iomem_write((unsigned)offset, (unsigned)value);
1355
1356 switch (offset) {
1357 case PL330_REG_INTEN:
1358 s->inten = value;
1359 break;
1360 case PL330_REG_INTCLR:
1361 for (i = 0; i < s->num_events; i++) {
1362 if (s->int_status & s->inten & value & (1 << i)) {
1363 trace_pl330_iomem_write_clr(i);
1364 qemu_irq_lower(s->irq[i]);
1365 }
1366 }
1367 s->ev_status &= ~(value & s->inten);
1368 s->int_status &= ~(value & s->inten);
1369 break;
1370 case PL330_REG_DBGCMD:
1371 if ((value & 3) == 0) {
1372 pl330_debug_exec(s);
1373 pl330_exec(s);
1374 } else {
1375 qemu_log_mask(LOG_GUEST_ERROR, "pl330: write of illegal value %u "
1376 "for offset " HWADDR_FMT_plx "\n", (unsigned)value,
1377 offset);
1378 }
1379 break;
1380 case PL330_REG_DBGINST0:
1381 s->dbg[0] = value;
1382 break;
1383 case PL330_REG_DBGINST1:
1384 s->dbg[1] = value;
1385 break;
1386 default:
1387 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad write offset " HWADDR_FMT_plx
1388 "\n", offset);
1389 break;
1390 }
1391 }
1392
1393 static inline uint32_t pl330_iomem_read_imp(void *opaque,
1394 hwaddr offset)
1395 {
1396 PL330State *s = (PL330State *)opaque;
1397 int chan_id;
1398 int i;
1399 uint32_t res;
1400
1401 if (offset >= PL330_REG_PERIPH_ID && offset < PL330_REG_PERIPH_ID + 32) {
1402 return pl330_id[(offset - PL330_REG_PERIPH_ID) >> 2];
1403 }
1404 if (offset >= PL330_REG_CR0_BASE && offset < PL330_REG_CR0_BASE + 24) {
1405 return s->cfg[(offset - PL330_REG_CR0_BASE) >> 2];
1406 }
1407 if (offset >= PL330_REG_CHANCTRL && offset < PL330_REG_DBGSTATUS) {
1408 offset -= PL330_REG_CHANCTRL;
1409 chan_id = offset >> 5;
1410 if (chan_id >= s->num_chnls) {
1411 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1412 HWADDR_FMT_plx "\n", offset);
1413 return 0;
1414 }
1415 switch (offset & 0x1f) {
1416 case 0x00:
1417 return s->chan[chan_id].src;
1418 case 0x04:
1419 return s->chan[chan_id].dst;
1420 case 0x08:
1421 return s->chan[chan_id].control;
1422 case 0x0C:
1423 return s->chan[chan_id].lc[0];
1424 case 0x10:
1425 return s->chan[chan_id].lc[1];
1426 default:
1427 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1428 HWADDR_FMT_plx "\n", offset);
1429 return 0;
1430 }
1431 }
1432 if (offset >= PL330_REG_CSR_BASE && offset < 0x400) {
1433 offset -= PL330_REG_CSR_BASE;
1434 chan_id = offset >> 3;
1435 if (chan_id >= s->num_chnls) {
1436 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1437 HWADDR_FMT_plx "\n", offset);
1438 return 0;
1439 }
1440 switch ((offset >> 2) & 1) {
1441 case 0x0:
1442 res = (s->chan[chan_id].ns << 21) |
1443 (s->chan[chan_id].wakeup << 4) |
1444 (s->chan[chan_id].state) |
1445 (s->chan[chan_id].wfp_sbp << 14);
1446 return res;
1447 case 0x1:
1448 return s->chan[chan_id].pc;
1449 default:
1450 qemu_log_mask(LOG_GUEST_ERROR, "pl330: read error\n");
1451 return 0;
1452 }
1453 }
1454 if (offset >= PL330_REG_FTR_BASE && offset < 0x100) {
1455 offset -= PL330_REG_FTR_BASE;
1456 chan_id = offset >> 2;
1457 if (chan_id >= s->num_chnls) {
1458 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1459 HWADDR_FMT_plx "\n", offset);
1460 return 0;
1461 }
1462 return s->chan[chan_id].fault_type;
1463 }
1464 switch (offset) {
1465 case PL330_REG_DSR:
1466 return (s->manager.ns << 9) | (s->manager.wakeup << 4) |
1467 (s->manager.state & 0xf);
1468 case PL330_REG_DPC:
1469 return s->manager.pc;
1470 case PL330_REG_INTEN:
1471 return s->inten;
1472 case PL330_REG_INT_EVENT_RIS:
1473 return s->ev_status;
1474 case PL330_REG_INTMIS:
1475 return s->int_status;
1476 case PL330_REG_INTCLR:
1477 /* Documentation says that we can't read this register
1478 * but linux kernel does it
1479 */
1480 return 0;
1481 case PL330_REG_FSRD:
1482 return s->manager.state ? 1 : 0;
1483 case PL330_REG_FSRC:
1484 res = 0;
1485 for (i = 0; i < s->num_chnls; i++) {
1486 if (s->chan[i].state == pl330_chan_fault ||
1487 s->chan[i].state == pl330_chan_fault_completing) {
1488 res |= 1 << i;
1489 }
1490 }
1491 return res;
1492 case PL330_REG_FTRD:
1493 return s->manager.fault_type;
1494 case PL330_REG_DBGSTATUS:
1495 return s->debug_status;
1496 default:
1497 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1498 HWADDR_FMT_plx "\n", offset);
1499 }
1500 return 0;
1501 }
1502
1503 static uint64_t pl330_iomem_read(void *opaque, hwaddr offset,
1504 unsigned size)
1505 {
1506 uint32_t ret = pl330_iomem_read_imp(opaque, offset);
1507 trace_pl330_iomem_read((uint32_t)offset, ret);
1508 return ret;
1509 }
1510
1511 static const MemoryRegionOps pl330_ops = {
1512 .read = pl330_iomem_read,
1513 .write = pl330_iomem_write,
1514 .endianness = DEVICE_NATIVE_ENDIAN,
1515 .impl = {
1516 .min_access_size = 4,
1517 .max_access_size = 4,
1518 }
1519 };
1520
1521 /* Controller logic and initialization */
1522
1523 static void pl330_chan_reset(PL330Chan *ch)
1524 {
1525 ch->src = 0;
1526 ch->dst = 0;
1527 ch->pc = 0;
1528 ch->state = pl330_chan_stopped;
1529 ch->watchdog_timer = 0;
1530 ch->stall = 0;
1531 ch->control = 0;
1532 ch->status = 0;
1533 ch->fault_type = 0;
1534 }
1535
1536 static void pl330_reset(DeviceState *d)
1537 {
1538 int i;
1539 PL330State *s = PL330(d);
1540
1541 s->inten = 0;
1542 s->int_status = 0;
1543 s->ev_status = 0;
1544 s->debug_status = 0;
1545 s->num_faulting = 0;
1546 s->manager.ns = s->mgr_ns_at_rst;
1547 pl330_fifo_reset(&s->fifo);
1548 pl330_queue_reset(&s->read_queue);
1549 pl330_queue_reset(&s->write_queue);
1550
1551 for (i = 0; i < s->num_chnls; i++) {
1552 pl330_chan_reset(&s->chan[i]);
1553 }
1554 for (i = 0; i < s->num_periph_req; i++) {
1555 s->periph_busy[i] = 0;
1556 }
1557
1558 timer_del(s->timer);
1559 }
1560
1561 static void pl330_realize(DeviceState *dev, Error **errp)
1562 {
1563 int i;
1564 PL330State *s = PL330(dev);
1565
1566 sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq_abort);
1567 memory_region_init_io(&s->iomem, OBJECT(s), &pl330_ops, s,
1568 "dma", PL330_IOMEM_SIZE);
1569 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem);
1570
1571 if (!s->mem_mr) {
1572 error_setg(errp, "'memory' link is not set");
1573 return;
1574 } else if (s->mem_mr == get_system_memory()) {
1575 /* Avoid creating new AS for system memory. */
1576 s->mem_as = &address_space_memory;
1577 } else {
1578 s->mem_as = g_new0(AddressSpace, 1);
1579 address_space_init(s->mem_as, s->mem_mr,
1580 memory_region_name(s->mem_mr));
1581 }
1582
1583 s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pl330_exec_cycle_timer, s);
1584
1585 s->cfg[0] = (s->mgr_ns_at_rst ? 0x4 : 0) |
1586 (s->num_periph_req > 0 ? 1 : 0) |
1587 ((s->num_chnls - 1) & 0x7) << 4 |
1588 ((s->num_periph_req - 1) & 0x1f) << 12 |
1589 ((s->num_events - 1) & 0x1f) << 17;
1590
1591 switch (s->i_cache_len) {
1592 case (4):
1593 s->cfg[1] |= 2;
1594 break;
1595 case (8):
1596 s->cfg[1] |= 3;
1597 break;
1598 case (16):
1599 s->cfg[1] |= 4;
1600 break;
1601 case (32):
1602 s->cfg[1] |= 5;
1603 break;
1604 default:
1605 error_setg(errp, "Bad value for i-cache_len property: %" PRIx8,
1606 s->i_cache_len);
1607 return;
1608 }
1609 s->cfg[1] |= ((s->num_i_cache_lines - 1) & 0xf) << 4;
1610
1611 s->chan = g_new0(PL330Chan, s->num_chnls);
1612 s->hi_seqn = g_new0(uint8_t, s->num_chnls);
1613 s->lo_seqn = g_new0(uint8_t, s->num_chnls);
1614 for (i = 0; i < s->num_chnls; i++) {
1615 s->chan[i].parent = s;
1616 s->chan[i].tag = (uint8_t)i;
1617 }
1618 s->manager.parent = s;
1619 s->manager.tag = s->num_chnls;
1620 s->manager.is_manager = true;
1621
1622 s->irq = g_new0(qemu_irq, s->num_events);
1623 for (i = 0; i < s->num_events; i++) {
1624 sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq[i]);
1625 }
1626
1627 qdev_init_gpio_in(dev, pl330_dma_stop_irq, PL330_PERIPH_NUM);
1628
1629 switch (s->data_width) {
1630 case (32):
1631 s->cfg[CFG_CRD] |= 0x2;
1632 break;
1633 case (64):
1634 s->cfg[CFG_CRD] |= 0x3;
1635 break;
1636 case (128):
1637 s->cfg[CFG_CRD] |= 0x4;
1638 break;
1639 default:
1640 error_setg(errp, "Bad value for data_width property: %" PRIx8,
1641 s->data_width);
1642 return;
1643 }
1644
1645 s->cfg[CFG_CRD] |= ((s->wr_cap - 1) & 0x7) << 4 |
1646 ((s->wr_q_dep - 1) & 0xf) << 8 |
1647 ((s->rd_cap - 1) & 0x7) << 12 |
1648 ((s->rd_q_dep - 1) & 0xf) << 16 |
1649 ((s->data_buffer_dep - 1) & 0x1ff) << 20;
1650
1651 pl330_queue_init(&s->read_queue, s->rd_q_dep, s);
1652 pl330_queue_init(&s->write_queue, s->wr_q_dep, s);
1653 pl330_fifo_init(&s->fifo, s->data_width / 4 * s->data_buffer_dep);
1654 }
1655
1656 static Property pl330_properties[] = {
1657 /* CR0 */
1658 DEFINE_PROP_UINT32("num_chnls", PL330State, num_chnls, 8),
1659 DEFINE_PROP_UINT8("num_periph_req", PL330State, num_periph_req, 4),
1660 DEFINE_PROP_UINT8("num_events", PL330State, num_events, 16),
1661 DEFINE_PROP_UINT8("mgr_ns_at_rst", PL330State, mgr_ns_at_rst, 0),
1662 /* CR1 */
1663 DEFINE_PROP_UINT8("i-cache_len", PL330State, i_cache_len, 4),
1664 DEFINE_PROP_UINT8("num_i-cache_lines", PL330State, num_i_cache_lines, 8),
1665 /* CR2-4 */
1666 DEFINE_PROP_UINT32("boot_addr", PL330State, cfg[CFG_BOOT_ADDR], 0),
1667 DEFINE_PROP_UINT32("INS", PL330State, cfg[CFG_INS], 0),
1668 DEFINE_PROP_UINT32("PNS", PL330State, cfg[CFG_PNS], 0),
1669 /* CRD */
1670 DEFINE_PROP_UINT8("data_width", PL330State, data_width, 64),
1671 DEFINE_PROP_UINT8("wr_cap", PL330State, wr_cap, 8),
1672 DEFINE_PROP_UINT8("wr_q_dep", PL330State, wr_q_dep, 16),
1673 DEFINE_PROP_UINT8("rd_cap", PL330State, rd_cap, 8),
1674 DEFINE_PROP_UINT8("rd_q_dep", PL330State, rd_q_dep, 16),
1675 DEFINE_PROP_UINT16("data_buffer_dep", PL330State, data_buffer_dep, 256),
1676
1677 DEFINE_PROP_LINK("memory", PL330State, mem_mr,
1678 TYPE_MEMORY_REGION, MemoryRegion *),
1679
1680 DEFINE_PROP_END_OF_LIST(),
1681 };
1682
1683 static void pl330_class_init(ObjectClass *klass, void *data)
1684 {
1685 DeviceClass *dc = DEVICE_CLASS(klass);
1686
1687 dc->realize = pl330_realize;
1688 dc->reset = pl330_reset;
1689 device_class_set_props(dc, pl330_properties);
1690 dc->vmsd = &vmstate_pl330;
1691 }
1692
1693 static const TypeInfo pl330_type_info = {
1694 .name = TYPE_PL330,
1695 .parent = TYPE_SYS_BUS_DEVICE,
1696 .instance_size = sizeof(PL330State),
1697 .class_init = pl330_class_init,
1698 };
1699
1700 static void pl330_register_types(void)
1701 {
1702 type_register_static(&pl330_type_info);
1703 }
1704
1705 type_init(pl330_register_types)
AR7 emulation for QEMU