search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
target/ppc: Filter mtmsr[d] input before setting MSR
[qemu/rayw.git] / hw / arm / armsse.c
blobaecdeb9815a9913355bb3d5e24c3ab250e90b319
1 /*
2 * Arm SSE (Subsystems for Embedded): IoTKit
3 *
4 * Copyright (c) 2018 Linaro Limited
5 * Written by Peter Maydell
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 or
9 * (at your option) any later version.
10 */
11
12 #include "qemu/osdep.h"
13 #include "qemu/log.h"
14 #include "qemu/module.h"
15 #include "qemu/bitops.h"
16 #include "qemu/units.h"
17 #include "qapi/error.h"
18 #include "trace.h"
19 #include "hw/sysbus.h"
20 #include "migration/vmstate.h"
21 #include "hw/registerfields.h"
22 #include "hw/arm/armsse.h"
23 #include "hw/arm/armsse-version.h"
24 #include "hw/arm/boot.h"
25 #include "hw/irq.h"
26 #include "hw/qdev-clock.h"
27
28 /*
29 * The SSE-300 puts some devices in different places to the
30 * SSE-200 (and original IoTKit). We use an array of these structs
31 * to define how each variant lays out these devices. (Parts of the
32 * SoC that are the same for all variants aren't handled via these
33 * data structures.)
34 */
35
36 #define NO_IRQ -1
37 #define NO_PPC -1
38 /*
39 * Special values for ARMSSEDeviceInfo::irq to indicate that this
40 * device uses one of the inputs to the OR gate that feeds into the
41 * CPU NMI input.
42 */
43 #define NMI_0 10000
44 #define NMI_1 10001
45
46 typedef struct ARMSSEDeviceInfo {
47 const char *name; /* name to use for the QOM object; NULL terminates list */
48 const char *type; /* QOM type name */
49 unsigned int index; /* Which of the N devices of this type is this ? */
50 hwaddr addr;
51 hwaddr size; /* only needed for TYPE_UNIMPLEMENTED_DEVICE */
52 int ppc; /* Index of APB PPC this device is wired up to, or NO_PPC */
53 int ppc_port; /* Port number of this device on the PPC */
54 int irq; /* NO_IRQ, or 0..NUM_SSE_IRQS-1, or NMI_0 or NMI_1 */
55 bool slowclk; /* true if device uses the slow 32KHz clock */
56 } ARMSSEDeviceInfo;
57
58 struct ARMSSEInfo {
59 const char *name;
60 const char *cpu_type;
61 uint32_t sse_version;
62 int sram_banks;
63 uint32_t sram_bank_base;
64 int num_cpus;
65 uint32_t sys_version;
66 uint32_t iidr;
67 uint32_t cpuwait_rst;
68 bool has_mhus;
69 bool has_cachectrl;
70 bool has_cpusecctrl;
71 bool has_cpuid;
72 bool has_cpu_pwrctrl;
73 bool has_sse_counter;
74 bool has_tcms;
75 Property *props;
76 const ARMSSEDeviceInfo *devinfo;
77 const bool *irq_is_common;
78 };
79
80 static Property iotkit_properties[] = {
81 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION,
82 MemoryRegion *),
83 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64),
84 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15),
85 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000),
86 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], true),
87 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], true),
88 DEFINE_PROP_END_OF_LIST()
89 };
90
91 static Property sse200_properties[] = {
92 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION,
93 MemoryRegion *),
94 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64),
95 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15),
96 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000),
97 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], false),
98 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], false),
99 DEFINE_PROP_BOOL("CPU1_FPU", ARMSSE, cpu_fpu[1], true),
100 DEFINE_PROP_BOOL("CPU1_DSP", ARMSSE, cpu_dsp[1], true),
101 DEFINE_PROP_END_OF_LIST()
102 };
103
104 static Property sse300_properties[] = {
105 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION,
106 MemoryRegion *),
107 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64),
108 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 18),
109 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000),
110 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], true),
111 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], true),
112 DEFINE_PROP_END_OF_LIST()
113 };
114
115 static const ARMSSEDeviceInfo iotkit_devices[] = {
116 {
117 .name = "timer0",
118 .type = TYPE_CMSDK_APB_TIMER,
119 .index = 0,
120 .addr = 0x40000000,
121 .ppc = 0,
122 .ppc_port = 0,
123 .irq = 3,
124 },
125 {
126 .name = "timer1",
127 .type = TYPE_CMSDK_APB_TIMER,
128 .index = 1,
129 .addr = 0x40001000,
130 .ppc = 0,
131 .ppc_port = 1,
132 .irq = 4,
133 },
134 {
135 .name = "s32ktimer",
136 .type = TYPE_CMSDK_APB_TIMER,
137 .index = 2,
138 .addr = 0x4002f000,
139 .ppc = 1,
140 .ppc_port = 0,
141 .irq = 2,
142 .slowclk = true,
143 },
144 {
145 .name = "dualtimer",
146 .type = TYPE_CMSDK_APB_DUALTIMER,
147 .index = 0,
148 .addr = 0x40002000,
149 .ppc = 0,
150 .ppc_port = 2,
151 .irq = 5,
152 },
153 {
154 .name = "s32kwatchdog",
155 .type = TYPE_CMSDK_APB_WATCHDOG,
156 .index = 0,
157 .addr = 0x5002e000,
158 .ppc = NO_PPC,
159 .irq = NMI_0,
160 .slowclk = true,
161 },
162 {
163 .name = "nswatchdog",
164 .type = TYPE_CMSDK_APB_WATCHDOG,
165 .index = 1,
166 .addr = 0x40081000,
167 .ppc = NO_PPC,
168 .irq = 1,
169 },
170 {
171 .name = "swatchdog",
172 .type = TYPE_CMSDK_APB_WATCHDOG,
173 .index = 2,
174 .addr = 0x50081000,
175 .ppc = NO_PPC,
176 .irq = NMI_1,
177 },
178 {
179 .name = "armsse-sysinfo",
180 .type = TYPE_IOTKIT_SYSINFO,
181 .index = 0,
182 .addr = 0x40020000,
183 .ppc = NO_PPC,
184 .irq = NO_IRQ,
185 },
186 {
187 .name = "armsse-sysctl",
188 .type = TYPE_IOTKIT_SYSCTL,
189 .index = 0,
190 .addr = 0x50021000,
191 .ppc = NO_PPC,
192 .irq = NO_IRQ,
193 },
194 {
195 .name = NULL,
196 }
197 };
198
199 static const ARMSSEDeviceInfo sse200_devices[] = {
200 {
201 .name = "timer0",
202 .type = TYPE_CMSDK_APB_TIMER,
203 .index = 0,
204 .addr = 0x40000000,
205 .ppc = 0,
206 .ppc_port = 0,
207 .irq = 3,
208 },
209 {
210 .name = "timer1",
211 .type = TYPE_CMSDK_APB_TIMER,
212 .index = 1,
213 .addr = 0x40001000,
214 .ppc = 0,
215 .ppc_port = 1,
216 .irq = 4,
217 },
218 {
219 .name = "s32ktimer",
220 .type = TYPE_CMSDK_APB_TIMER,
221 .index = 2,
222 .addr = 0x4002f000,
223 .ppc = 1,
224 .ppc_port = 0,
225 .irq = 2,
226 .slowclk = true,
227 },
228 {
229 .name = "dualtimer",
230 .type = TYPE_CMSDK_APB_DUALTIMER,
231 .index = 0,
232 .addr = 0x40002000,
233 .ppc = 0,
234 .ppc_port = 2,
235 .irq = 5,
236 },
237 {
238 .name = "s32kwatchdog",
239 .type = TYPE_CMSDK_APB_WATCHDOG,
240 .index = 0,
241 .addr = 0x5002e000,
242 .ppc = NO_PPC,
243 .irq = NMI_0,
244 .slowclk = true,
245 },
246 {
247 .name = "nswatchdog",
248 .type = TYPE_CMSDK_APB_WATCHDOG,
249 .index = 1,
250 .addr = 0x40081000,
251 .ppc = NO_PPC,
252 .irq = 1,
253 },
254 {
255 .name = "swatchdog",
256 .type = TYPE_CMSDK_APB_WATCHDOG,
257 .index = 2,
258 .addr = 0x50081000,
259 .ppc = NO_PPC,
260 .irq = NMI_1,
261 },
262 {
263 .name = "armsse-sysinfo",
264 .type = TYPE_IOTKIT_SYSINFO,
265 .index = 0,
266 .addr = 0x40020000,
267 .ppc = NO_PPC,
268 .irq = NO_IRQ,
269 },
270 {
271 .name = "armsse-sysctl",
272 .type = TYPE_IOTKIT_SYSCTL,
273 .index = 0,
274 .addr = 0x50021000,
275 .ppc = NO_PPC,
276 .irq = NO_IRQ,
277 },
278 {
279 .name = "CPU0CORE_PPU",
280 .type = TYPE_UNIMPLEMENTED_DEVICE,
281 .index = 0,
282 .addr = 0x50023000,
283 .size = 0x1000,
284 .ppc = NO_PPC,
285 .irq = NO_IRQ,
286 },
287 {
288 .name = "CPU1CORE_PPU",
289 .type = TYPE_UNIMPLEMENTED_DEVICE,
290 .index = 1,
291 .addr = 0x50025000,
292 .size = 0x1000,
293 .ppc = NO_PPC,
294 .irq = NO_IRQ,
295 },
296 {
297 .name = "DBG_PPU",
298 .type = TYPE_UNIMPLEMENTED_DEVICE,
299 .index = 2,
300 .addr = 0x50029000,
301 .size = 0x1000,
302 .ppc = NO_PPC,
303 .irq = NO_IRQ,
304 },
305 {
306 .name = "RAM0_PPU",
307 .type = TYPE_UNIMPLEMENTED_DEVICE,
308 .index = 3,
309 .addr = 0x5002a000,
310 .size = 0x1000,
311 .ppc = NO_PPC,
312 .irq = NO_IRQ,
313 },
314 {
315 .name = "RAM1_PPU",
316 .type = TYPE_UNIMPLEMENTED_DEVICE,
317 .index = 4,
318 .addr = 0x5002b000,
319 .size = 0x1000,
320 .ppc = NO_PPC,
321 .irq = NO_IRQ,
322 },
323 {
324 .name = "RAM2_PPU",
325 .type = TYPE_UNIMPLEMENTED_DEVICE,
326 .index = 5,
327 .addr = 0x5002c000,
328 .size = 0x1000,
329 .ppc = NO_PPC,
330 .irq = NO_IRQ,
331 },
332 {
333 .name = "RAM3_PPU",
334 .type = TYPE_UNIMPLEMENTED_DEVICE,
335 .index = 6,
336 .addr = 0x5002d000,
337 .size = 0x1000,
338 .ppc = NO_PPC,
339 .irq = NO_IRQ,
340 },
341 {
342 .name = "SYS_PPU",
343 .type = TYPE_UNIMPLEMENTED_DEVICE,
344 .index = 7,
345 .addr = 0x50022000,
346 .size = 0x1000,
347 .ppc = NO_PPC,
348 .irq = NO_IRQ,
349 },
350 {
351 .name = NULL,
352 }
353 };
354
355 static const ARMSSEDeviceInfo sse300_devices[] = {
356 {
357 .name = "timer0",
358 .type = TYPE_SSE_TIMER,
359 .index = 0,
360 .addr = 0x48000000,
361 .ppc = 0,
362 .ppc_port = 0,
363 .irq = 3,
364 },
365 {
366 .name = "timer1",
367 .type = TYPE_SSE_TIMER,
368 .index = 1,
369 .addr = 0x48001000,
370 .ppc = 0,
371 .ppc_port = 1,
372 .irq = 4,
373 },
374 {
375 .name = "timer2",
376 .type = TYPE_SSE_TIMER,
377 .index = 2,
378 .addr = 0x48002000,
379 .ppc = 0,
380 .ppc_port = 2,
381 .irq = 5,
382 },
383 {
384 .name = "timer3",
385 .type = TYPE_SSE_TIMER,
386 .index = 3,
387 .addr = 0x48003000,
388 .ppc = 0,
389 .ppc_port = 5,
390 .irq = 27,
391 },
392 {
393 .name = "s32ktimer",
394 .type = TYPE_CMSDK_APB_TIMER,
395 .index = 0,
396 .addr = 0x4802f000,
397 .ppc = 1,
398 .ppc_port = 0,
399 .irq = 2,
400 .slowclk = true,
401 },
402 {
403 .name = "s32kwatchdog",
404 .type = TYPE_CMSDK_APB_WATCHDOG,
405 .index = 0,
406 .addr = 0x4802e000,
407 .ppc = NO_PPC,
408 .irq = NMI_0,
409 .slowclk = true,
410 },
411 {
412 .name = "watchdog",
413 .type = TYPE_UNIMPLEMENTED_DEVICE,
414 .index = 0,
415 .addr = 0x48040000,
416 .size = 0x2000,
417 .ppc = NO_PPC,
418 .irq = NO_IRQ,
419 },
420 {
421 .name = "armsse-sysinfo",
422 .type = TYPE_IOTKIT_SYSINFO,
423 .index = 0,
424 .addr = 0x48020000,
425 .ppc = NO_PPC,
426 .irq = NO_IRQ,
427 },
428 {
429 .name = "armsse-sysctl",
430 .type = TYPE_IOTKIT_SYSCTL,
431 .index = 0,
432 .addr = 0x58021000,
433 .ppc = NO_PPC,
434 .irq = NO_IRQ,
435 },
436 {
437 .name = "SYS_PPU",
438 .type = TYPE_UNIMPLEMENTED_DEVICE,
439 .index = 1,
440 .addr = 0x58022000,
441 .size = 0x1000,
442 .ppc = NO_PPC,
443 .irq = NO_IRQ,
444 },
445 {
446 .name = "CPU0CORE_PPU",
447 .type = TYPE_UNIMPLEMENTED_DEVICE,
448 .index = 2,
449 .addr = 0x50023000,
450 .size = 0x1000,
451 .ppc = NO_PPC,
452 .irq = NO_IRQ,
453 },
454 {
455 .name = "MGMT_PPU",
456 .type = TYPE_UNIMPLEMENTED_DEVICE,
457 .index = 3,
458 .addr = 0x50028000,
459 .size = 0x1000,
460 .ppc = NO_PPC,
461 .irq = NO_IRQ,
462 },
463 {
464 .name = "DEBUG_PPU",
465 .type = TYPE_UNIMPLEMENTED_DEVICE,
466 .index = 4,
467 .addr = 0x50029000,
468 .size = 0x1000,
469 .ppc = NO_PPC,
470 .irq = NO_IRQ,
471 },
472 {
473 .name = NULL,
474 }
475 };
476
477 /* Is internal IRQ n shared between CPUs in a multi-core SSE ? */
478 static const bool sse200_irq_is_common[32] = {
479 [0 ... 5] = true,
480 /* 6, 7: per-CPU MHU interrupts */
481 [8 ... 12] = true,
482 /* 13: per-CPU icache interrupt */
483 /* 14: reserved */
484 [15 ... 20] = true,
485 /* 21: reserved */
486 [22 ... 26] = true,
487 /* 27: reserved */
488 /* 28, 29: per-CPU CTI interrupts */
489 /* 30, 31: reserved */
490 };
491
492 static const bool sse300_irq_is_common[32] = {
493 [0 ... 5] = true,
494 /* 6, 7: per-CPU MHU interrupts */
495 [8 ... 12] = true,
496 /* 13: reserved */
497 [14 ... 16] = true,
498 /* 17-25: reserved */
499 [26 ... 27] = true,
500 /* 28, 29: per-CPU CTI interrupts */
501 /* 30, 31: reserved */
502 };
503
504 static const ARMSSEInfo armsse_variants[] = {
505 {
506 .name = TYPE_IOTKIT,
507 .sse_version = ARMSSE_IOTKIT,
508 .cpu_type = ARM_CPU_TYPE_NAME("cortex-m33"),
509 .sram_banks = 1,
510 .sram_bank_base = 0x20000000,
511 .num_cpus = 1,
512 .sys_version = 0x41743,
513 .iidr = 0,
514 .cpuwait_rst = 0,
515 .has_mhus = false,
516 .has_cachectrl = false,
517 .has_cpusecctrl = false,
518 .has_cpuid = false,
519 .has_cpu_pwrctrl = false,
520 .has_sse_counter = false,
521 .has_tcms = false,
522 .props = iotkit_properties,
523 .devinfo = iotkit_devices,
524 .irq_is_common = sse200_irq_is_common,
525 },
526 {
527 .name = TYPE_SSE200,
528 .sse_version = ARMSSE_SSE200,
529 .cpu_type = ARM_CPU_TYPE_NAME("cortex-m33"),
530 .sram_banks = 4,
531 .sram_bank_base = 0x20000000,
532 .num_cpus = 2,
533 .sys_version = 0x22041743,
534 .iidr = 0,
535 .cpuwait_rst = 2,
536 .has_mhus = true,
537 .has_cachectrl = true,
538 .has_cpusecctrl = true,
539 .has_cpuid = true,
540 .has_cpu_pwrctrl = false,
541 .has_sse_counter = false,
542 .has_tcms = false,
543 .props = sse200_properties,
544 .devinfo = sse200_devices,
545 .irq_is_common = sse200_irq_is_common,
546 },
547 {
548 .name = TYPE_SSE300,
549 .sse_version = ARMSSE_SSE300,
550 .cpu_type = ARM_CPU_TYPE_NAME("cortex-m55"),
551 .sram_banks = 2,
552 .sram_bank_base = 0x21000000,
553 .num_cpus = 1,
554 .sys_version = 0x7e00043b,
555 .iidr = 0x74a0043b,
556 .cpuwait_rst = 0,
557 .has_mhus = false,
558 .has_cachectrl = false,
559 .has_cpusecctrl = true,
560 .has_cpuid = true,
561 .has_cpu_pwrctrl = true,
562 .has_sse_counter = true,
563 .has_tcms = true,
564 .props = sse300_properties,
565 .devinfo = sse300_devices,
566 .irq_is_common = sse300_irq_is_common,
567 },
568 };
569
570 static uint32_t armsse_sys_config_value(ARMSSE *s, const ARMSSEInfo *info)
571 {
572 /* Return the SYS_CONFIG value for this SSE */
573 uint32_t sys_config;
574
575 switch (info->sse_version) {
576 case ARMSSE_IOTKIT:
577 sys_config = 0;
578 sys_config = deposit32(sys_config, 0, 4, info->sram_banks);
579 sys_config = deposit32(sys_config, 4, 4, s->sram_addr_width - 12);
580 break;
581 case ARMSSE_SSE200:
582 sys_config = 0;
583 sys_config = deposit32(sys_config, 0, 4, info->sram_banks);
584 sys_config = deposit32(sys_config, 4, 5, s->sram_addr_width);
585 sys_config = deposit32(sys_config, 24, 4, 2);
586 if (info->num_cpus > 1) {
587 sys_config = deposit32(sys_config, 10, 1, 1);
588 sys_config = deposit32(sys_config, 20, 4, info->sram_banks - 1);
589 sys_config = deposit32(sys_config, 28, 4, 2);
590 }
591 break;
592 case ARMSSE_SSE300:
593 sys_config = 0;
594 sys_config = deposit32(sys_config, 0, 4, info->sram_banks);
595 sys_config = deposit32(sys_config, 4, 5, s->sram_addr_width);
596 sys_config = deposit32(sys_config, 16, 3, 3); /* CPU0 = Cortex-M55 */
597 break;
598 default:
599 g_assert_not_reached();
600 }
601 return sys_config;
602 }
603
604 /* Clock frequency in HZ of the 32KHz "slow clock" */
605 #define S32KCLK (32 * 1000)
606
607 /*
608 * Create an alias region in @container of @size bytes starting at @base
609 * which mirrors the memory starting at @orig.
610 */
611 static void make_alias(ARMSSE *s, MemoryRegion *mr, MemoryRegion *container,
612 const char *name, hwaddr base, hwaddr size, hwaddr orig)
613 {
614 memory_region_init_alias(mr, NULL, name, container, orig, size);
615 /* The alias is even lower priority than unimplemented_device regions */
616 memory_region_add_subregion_overlap(container, base, mr, -1500);
617 }
618
619 static void irq_status_forwarder(void *opaque, int n, int level)
620 {
621 qemu_irq destirq = opaque;
622
623 qemu_set_irq(destirq, level);
624 }
625
626 static void nsccfg_handler(void *opaque, int n, int level)
627 {
628 ARMSSE *s = ARM_SSE(opaque);
629
630 s->nsccfg = level;
631 }
632
633 static void armsse_forward_ppc(ARMSSE *s, const char *ppcname, int ppcnum)
634 {
635 /* Each of the 4 AHB and 4 APB PPCs that might be present in a
636 * system using the ARMSSE has a collection of control lines which
637 * are provided by the security controller and which we want to
638 * expose as control lines on the ARMSSE device itself, so the
639 * code using the ARMSSE can wire them up to the PPCs.
640 */
641 SplitIRQ *splitter = &s->ppc_irq_splitter[ppcnum];
642 DeviceState *armssedev = DEVICE(s);
643 DeviceState *dev_secctl = DEVICE(&s->secctl);
644 DeviceState *dev_splitter = DEVICE(splitter);
645 char *name;
646
647 name = g_strdup_printf("%s_nonsec", ppcname);
648 qdev_pass_gpios(dev_secctl, armssedev, name);
649 g_free(name);
650 name = g_strdup_printf("%s_ap", ppcname);
651 qdev_pass_gpios(dev_secctl, armssedev, name);
652 g_free(name);
653 name = g_strdup_printf("%s_irq_enable", ppcname);
654 qdev_pass_gpios(dev_secctl, armssedev, name);
655 g_free(name);
656 name = g_strdup_printf("%s_irq_clear", ppcname);
657 qdev_pass_gpios(dev_secctl, armssedev, name);
658 g_free(name);
659
660 /* irq_status is a little more tricky, because we need to
661 * split it so we can send it both to the security controller
662 * and to our OR gate for the NVIC interrupt line.
663 * Connect up the splitter's outputs, and create a GPIO input
664 * which will pass the line state to the input splitter.
665 */
666 name = g_strdup_printf("%s_irq_status", ppcname);
667 qdev_connect_gpio_out(dev_splitter, 0,
668 qdev_get_gpio_in_named(dev_secctl,
669 name, 0));
670 qdev_connect_gpio_out(dev_splitter, 1,
671 qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), ppcnum));
672 s->irq_status_in[ppcnum] = qdev_get_gpio_in(dev_splitter, 0);
673 qdev_init_gpio_in_named_with_opaque(armssedev, irq_status_forwarder,
674 s->irq_status_in[ppcnum], name, 1);
675 g_free(name);
676 }
677
678 static void armsse_forward_sec_resp_cfg(ARMSSE *s)
679 {
680 /* Forward the 3rd output from the splitter device as a
681 * named GPIO output of the armsse object.
682 */
683 DeviceState *dev = DEVICE(s);
684 DeviceState *dev_splitter = DEVICE(&s->sec_resp_splitter);
685
686 qdev_init_gpio_out_named(dev, &s->sec_resp_cfg, "sec_resp_cfg", 1);
687 s->sec_resp_cfg_in = qemu_allocate_irq(irq_status_forwarder,
688 s->sec_resp_cfg, 1);
689 qdev_connect_gpio_out(dev_splitter, 2, s->sec_resp_cfg_in);
690 }
691
692 static void armsse_init(Object *obj)
693 {
694 ARMSSE *s = ARM_SSE(obj);
695 ARMSSEClass *asc = ARM_SSE_GET_CLASS(obj);
696 const ARMSSEInfo *info = asc->info;
697 const ARMSSEDeviceInfo *devinfo;
698 int i;
699
700 assert(info->sram_banks <= MAX_SRAM_BANKS);
701 assert(info->num_cpus <= SSE_MAX_CPUS);
702
703 s->mainclk = qdev_init_clock_in(DEVICE(s), "MAINCLK", NULL, NULL, 0);
704 s->s32kclk = qdev_init_clock_in(DEVICE(s), "S32KCLK", NULL, NULL, 0);
705
706 memory_region_init(&s->container, obj, "armsse-container", UINT64_MAX);
707
708 for (i = 0; i < info->num_cpus; i++) {
709 /*
710 * We put each CPU in its own cluster as they are logically
711 * distinct and may be configured differently.
712 */
713 char *name;
714
715 name = g_strdup_printf("cluster%d", i);
716 object_initialize_child(obj, name, &s->cluster[i], TYPE_CPU_CLUSTER);
717 qdev_prop_set_uint32(DEVICE(&s->cluster[i]), "cluster-id", i);
718 g_free(name);
719
720 name = g_strdup_printf("armv7m%d", i);
721 object_initialize_child(OBJECT(&s->cluster[i]), name, &s->armv7m[i],
722 TYPE_ARMV7M);
723 qdev_prop_set_string(DEVICE(&s->armv7m[i]), "cpu-type", info->cpu_type);
724 g_free(name);
725 name = g_strdup_printf("arm-sse-cpu-container%d", i);
726 memory_region_init(&s->cpu_container[i], obj, name, UINT64_MAX);
727 g_free(name);
728 if (i > 0) {
729 name = g_strdup_printf("arm-sse-container-alias%d", i);
730 memory_region_init_alias(&s->container_alias[i - 1], obj,
731 name, &s->container, 0, UINT64_MAX);
732 g_free(name);
733 }
734 }
735
736 for (devinfo = info->devinfo; devinfo->name; devinfo++) {
737 assert(devinfo->ppc == NO_PPC || devinfo->ppc < ARRAY_SIZE(s->apb_ppc));
738 if (!strcmp(devinfo->type, TYPE_CMSDK_APB_TIMER)) {
739 assert(devinfo->index < ARRAY_SIZE(s->timer));
740 object_initialize_child(obj, devinfo->name,
741 &s->timer[devinfo->index],
742 TYPE_CMSDK_APB_TIMER);
743 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_DUALTIMER)) {
744 assert(devinfo->index == 0);
745 object_initialize_child(obj, devinfo->name, &s->dualtimer,
746 TYPE_CMSDK_APB_DUALTIMER);
747 } else if (!strcmp(devinfo->type, TYPE_SSE_TIMER)) {
748 assert(devinfo->index < ARRAY_SIZE(s->sse_timer));
749 object_initialize_child(obj, devinfo->name,
750 &s->sse_timer[devinfo->index],
751 TYPE_SSE_TIMER);
752 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_WATCHDOG)) {
753 assert(devinfo->index < ARRAY_SIZE(s->cmsdk_watchdog));
754 object_initialize_child(obj, devinfo->name,
755 &s->cmsdk_watchdog[devinfo->index],
756 TYPE_CMSDK_APB_WATCHDOG);
757 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSINFO)) {
758 assert(devinfo->index == 0);
759 object_initialize_child(obj, devinfo->name, &s->sysinfo,
760 TYPE_IOTKIT_SYSINFO);
761 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSCTL)) {
762 assert(devinfo->index == 0);
763 object_initialize_child(obj, devinfo->name, &s->sysctl,
764 TYPE_IOTKIT_SYSCTL);
765 } else if (!strcmp(devinfo->type, TYPE_UNIMPLEMENTED_DEVICE)) {
766 assert(devinfo->index < ARRAY_SIZE(s->unimp));
767 object_initialize_child(obj, devinfo->name,
768 &s->unimp[devinfo->index],
769 TYPE_UNIMPLEMENTED_DEVICE);
770 } else {
771 g_assert_not_reached();
772 }
773 }
774
775 object_initialize_child(obj, "secctl", &s->secctl, TYPE_IOTKIT_SECCTL);
776
777 for (i = 0; i < ARRAY_SIZE(s->apb_ppc); i++) {
778 g_autofree char *name = g_strdup_printf("apb-ppc%d", i);
779 object_initialize_child(obj, name, &s->apb_ppc[i], TYPE_TZ_PPC);
780 }
781
782 for (i = 0; i < info->sram_banks; i++) {
783 char *name = g_strdup_printf("mpc%d", i);
784 object_initialize_child(obj, name, &s->mpc[i], TYPE_TZ_MPC);
785 g_free(name);
786 }
787 object_initialize_child(obj, "mpc-irq-orgate", &s->mpc_irq_orgate,
788 TYPE_OR_IRQ);
789
790 for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) {
791 char *name = g_strdup_printf("mpc-irq-splitter-%d", i);
792 SplitIRQ *splitter = &s->mpc_irq_splitter[i];
793
794 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ);
795 g_free(name);
796 }
797
798 if (info->has_mhus) {
799 object_initialize_child(obj, "mhu0", &s->mhu[0], TYPE_ARMSSE_MHU);
800 object_initialize_child(obj, "mhu1", &s->mhu[1], TYPE_ARMSSE_MHU);
801 }
802 if (info->has_cachectrl) {
803 for (i = 0; i < info->num_cpus; i++) {
804 char *name = g_strdup_printf("cachectrl%d", i);
805
806 object_initialize_child(obj, name, &s->cachectrl[i],
807 TYPE_UNIMPLEMENTED_DEVICE);
808 g_free(name);
809 }
810 }
811 if (info->has_cpusecctrl) {
812 for (i = 0; i < info->num_cpus; i++) {
813 char *name = g_strdup_printf("cpusecctrl%d", i);
814
815 object_initialize_child(obj, name, &s->cpusecctrl[i],
816 TYPE_UNIMPLEMENTED_DEVICE);
817 g_free(name);
818 }
819 }
820 if (info->has_cpuid) {
821 for (i = 0; i < info->num_cpus; i++) {
822 char *name = g_strdup_printf("cpuid%d", i);
823
824 object_initialize_child(obj, name, &s->cpuid[i],
825 TYPE_ARMSSE_CPUID);
826 g_free(name);
827 }
828 }
829 if (info->has_cpu_pwrctrl) {
830 for (i = 0; i < info->num_cpus; i++) {
831 char *name = g_strdup_printf("cpu_pwrctrl%d", i);
832
833 object_initialize_child(obj, name, &s->cpu_pwrctrl[i],
834 TYPE_ARMSSE_CPU_PWRCTRL);
835 g_free(name);
836 }
837 }
838 if (info->has_sse_counter) {
839 object_initialize_child(obj, "sse-counter", &s->sse_counter,
840 TYPE_SSE_COUNTER);
841 }
842
843 object_initialize_child(obj, "nmi-orgate", &s->nmi_orgate, TYPE_OR_IRQ);
844 object_initialize_child(obj, "ppc-irq-orgate", &s->ppc_irq_orgate,
845 TYPE_OR_IRQ);
846 object_initialize_child(obj, "sec-resp-splitter", &s->sec_resp_splitter,
847 TYPE_SPLIT_IRQ);
848 for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) {
849 char *name = g_strdup_printf("ppc-irq-splitter-%d", i);
850 SplitIRQ *splitter = &s->ppc_irq_splitter[i];
851
852 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ);
853 g_free(name);
854 }
855 if (info->num_cpus > 1) {
856 for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) {
857 if (info->irq_is_common[i]) {
858 char *name = g_strdup_printf("cpu-irq-splitter%d", i);
859 SplitIRQ *splitter = &s->cpu_irq_splitter[i];
860
861 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ);
862 g_free(name);
863 }
864 }
865 }
866 }
867
868 static void armsse_exp_irq(void *opaque, int n, int level)
869 {
870 qemu_irq *irqarray = opaque;
871
872 qemu_set_irq(irqarray[n], level);
873 }
874
875 static void armsse_mpcexp_status(void *opaque, int n, int level)
876 {
877 ARMSSE *s = ARM_SSE(opaque);
878 qemu_set_irq(s->mpcexp_status_in[n], level);
879 }
880
881 static qemu_irq armsse_get_common_irq_in(ARMSSE *s, int irqno)
882 {
883 /*
884 * Return a qemu_irq which can be used to signal IRQ n to
885 * all CPUs in the SSE.
886 */
887 ARMSSEClass *asc = ARM_SSE_GET_CLASS(s);
888 const ARMSSEInfo *info = asc->info;
889
890 assert(info->irq_is_common[irqno]);
891
892 if (info->num_cpus == 1) {
893 /* Only one CPU -- just connect directly to it */
894 return qdev_get_gpio_in(DEVICE(&s->armv7m[0]), irqno);
895 } else {
896 /* Connect to the splitter which feeds all CPUs */
897 return qdev_get_gpio_in(DEVICE(&s->cpu_irq_splitter[irqno]), 0);
898 }
899 }
900
901 static void armsse_realize(DeviceState *dev, Error **errp)
902 {
903 ARMSSE *s = ARM_SSE(dev);
904 ARMSSEClass *asc = ARM_SSE_GET_CLASS(dev);
905 const ARMSSEInfo *info = asc->info;
906 const ARMSSEDeviceInfo *devinfo;
907 int i;
908 MemoryRegion *mr;
909 SysBusDevice *sbd_apb_ppc0;
910 SysBusDevice *sbd_secctl;
911 DeviceState *dev_apb_ppc0;
912 DeviceState *dev_apb_ppc1;
913 DeviceState *dev_secctl;
914 DeviceState *dev_splitter;
915 uint32_t addr_width_max;
916
917 ERRP_GUARD();
918
919 if (!s->board_memory) {
920 error_setg(errp, "memory property was not set");
921 return;
922 }
923
924 if (!clock_has_source(s->mainclk)) {
925 error_setg(errp, "MAINCLK clock was not connected");
926 }
927 if (!clock_has_source(s->s32kclk)) {
928 error_setg(errp, "S32KCLK clock was not connected");
929 }
930
931 assert(info->num_cpus <= SSE_MAX_CPUS);
932
933 /* max SRAM_ADDR_WIDTH: 24 - log2(SRAM_NUM_BANK) */
934 assert(is_power_of_2(info->sram_banks));
935 addr_width_max = 24 - ctz32(info->sram_banks);
936 if (s->sram_addr_width < 1 || s->sram_addr_width > addr_width_max) {
937 error_setg(errp, "SRAM_ADDR_WIDTH must be between 1 and %d",
938 addr_width_max);
939 return;
940 }
941
942 /* Handling of which devices should be available only to secure
943 * code is usually done differently for M profile than for A profile.
944 * Instead of putting some devices only into the secure address space,
945 * devices exist in both address spaces but with hard-wired security
946 * permissions that will cause the CPU to fault for non-secure accesses.
947 *
948 * The ARMSSE has an IDAU (Implementation Defined Access Unit),
949 * which specifies hard-wired security permissions for different
950 * areas of the physical address space. For the ARMSSE IDAU, the
951 * top 4 bits of the physical address are the IDAU region ID, and
952 * if bit 28 (ie the lowest bit of the ID) is 0 then this is an NS
953 * region, otherwise it is an S region.
954 *
955 * The various devices and RAMs are generally all mapped twice,
956 * once into a region that the IDAU defines as secure and once
957 * into a non-secure region. They sit behind either a Memory
958 * Protection Controller (for RAM) or a Peripheral Protection
959 * Controller (for devices), which allow a more fine grained
960 * configuration of whether non-secure accesses are permitted.
961 *
962 * (The other place that guest software can configure security
963 * permissions is in the architected SAU (Security Attribution
964 * Unit), which is entirely inside the CPU. The IDAU can upgrade
965 * the security attributes for a region to more restrictive than
966 * the SAU specifies, but cannot downgrade them.)
967 *
968 * 0x10000000..0x1fffffff alias of 0x00000000..0x0fffffff
969 * 0x20000000..0x2007ffff 32KB FPGA block RAM
970 * 0x30000000..0x3fffffff alias of 0x20000000..0x2fffffff
971 * 0x40000000..0x4000ffff base peripheral region 1
972 * 0x40010000..0x4001ffff CPU peripherals (none for ARMSSE)
973 * 0x40020000..0x4002ffff system control element peripherals
974 * 0x40080000..0x400fffff base peripheral region 2
975 * 0x50000000..0x5fffffff alias of 0x40000000..0x4fffffff
976 */
977
978 memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -2);
979
980 for (i = 0; i < info->num_cpus; i++) {
981 DeviceState *cpudev = DEVICE(&s->armv7m[i]);
982 Object *cpuobj = OBJECT(&s->armv7m[i]);
983 int j;
984 char *gpioname;
985
986 qdev_connect_clock_in(cpudev, "cpuclk", s->mainclk);
987 /* The SSE subsystems do not wire up a systick refclk */
988
989 qdev_prop_set_uint32(cpudev, "num-irq", s->exp_numirq + NUM_SSE_IRQS);
990 /*
991 * In real hardware the initial Secure VTOR is set from the INITSVTOR*
992 * registers in the IoT Kit System Control Register block. In QEMU
993 * we set the initial value here, and also the reset value of the
994 * sysctl register, from this object's QOM init-svtor property.
995 * If the guest changes the INITSVTOR* registers at runtime then the
996 * code in iotkit-sysctl.c will update the CPU init-svtor property
997 * (which will then take effect on the next CPU warm-reset).
998 *
999 * Note that typically a board using the SSE-200 will have a system
1000 * control processor whose boot firmware initializes the INITSVTOR*
1001 * registers before powering up the CPUs. QEMU doesn't emulate
1002 * the control processor, so instead we behave in the way that the
1003 * firmware does: the initial value should be set by the board code
1004 * (using the init-svtor property on the ARMSSE object) to match
1005 * whatever its firmware does.
1006 */
1007 qdev_prop_set_uint32(cpudev, "init-svtor", s->init_svtor);
1008 /*
1009 * CPUs start powered down if the corresponding bit in the CPUWAIT
1010 * register is 1. In real hardware the CPUWAIT register reset value is
1011 * a configurable property of the SSE-200 (via the CPUWAIT0_RST and
1012 * CPUWAIT1_RST parameters), but since all the boards we care about
1013 * start CPU0 and leave CPU1 powered off, we hard-code that in
1014 * info->cpuwait_rst for now. We can add QOM properties for this
1015 * later if necessary.
1016 */
1017 if (extract32(info->cpuwait_rst, i, 1)) {
1018 if (!object_property_set_bool(cpuobj, "start-powered-off", true,
1019 errp)) {
1020 return;
1021 }
1022 }
1023 if (!s->cpu_fpu[i]) {
1024 if (!object_property_set_bool(cpuobj, "vfp", false, errp)) {
1025 return;
1026 }
1027 }
1028 if (!s->cpu_dsp[i]) {
1029 if (!object_property_set_bool(cpuobj, "dsp", false, errp)) {
1030 return;
1031 }
1032 }
1033
1034 if (i > 0) {
1035 memory_region_add_subregion_overlap(&s->cpu_container[i], 0,
1036 &s->container_alias[i - 1], -1);
1037 } else {
1038 memory_region_add_subregion_overlap(&s->cpu_container[i], 0,
1039 &s->container, -1);
1040 }
1041 object_property_set_link(cpuobj, "memory",
1042 OBJECT(&s->cpu_container[i]), &error_abort);
1043 object_property_set_link(cpuobj, "idau", OBJECT(s), &error_abort);
1044 if (!sysbus_realize(SYS_BUS_DEVICE(cpuobj), errp)) {
1045 return;
1046 }
1047 /*
1048 * The cluster must be realized after the armv7m container, as
1049 * the container's CPU object is only created on realize, and the
1050 * CPU must exist and have been parented into the cluster before
1051 * the cluster is realized.
1052 */
1053 if (!qdev_realize(DEVICE(&s->cluster[i]), NULL, errp)) {
1054 return;
1055 }
1056
1057 /* Connect EXP_IRQ/EXP_CPUn_IRQ GPIOs to the NVIC's lines 32 and up */
1058 s->exp_irqs[i] = g_new(qemu_irq, s->exp_numirq);
1059 for (j = 0; j < s->exp_numirq; j++) {
1060 s->exp_irqs[i][j] = qdev_get_gpio_in(cpudev, j + NUM_SSE_IRQS);
1061 }
1062 if (i == 0) {
1063 gpioname = g_strdup("EXP_IRQ");
1064 } else {
1065 gpioname = g_strdup_printf("EXP_CPU%d_IRQ", i);
1066 }
1067 qdev_init_gpio_in_named_with_opaque(dev, armsse_exp_irq,
1068 s->exp_irqs[i],
1069 gpioname, s->exp_numirq);
1070 g_free(gpioname);
1071 }
1072
1073 /* Wire up the splitters that connect common IRQs to all CPUs */
1074 if (info->num_cpus > 1) {
1075 for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) {
1076 if (info->irq_is_common[i]) {
1077 Object *splitter = OBJECT(&s->cpu_irq_splitter[i]);
1078 DeviceState *devs = DEVICE(splitter);
1079 int cpunum;
1080
1081 if (!object_property_set_int(splitter, "num-lines",
1082 info->num_cpus, errp)) {
1083 return;
1084 }
1085 if (!qdev_realize(DEVICE(splitter), NULL, errp)) {
1086 return;
1087 }
1088 for (cpunum = 0; cpunum < info->num_cpus; cpunum++) {
1089 DeviceState *cpudev = DEVICE(&s->armv7m[cpunum]);
1090
1091 qdev_connect_gpio_out(devs, cpunum,
1092 qdev_get_gpio_in(cpudev, i));
1093 }
1094 }
1095 }
1096 }
1097
1098 /* Set up the big aliases first */
1099 make_alias(s, &s->alias1, &s->container, "alias 1",
1100 0x10000000, 0x10000000, 0x00000000);
1101 make_alias(s, &s->alias2, &s->container,
1102 "alias 2", 0x30000000, 0x10000000, 0x20000000);
1103 /* The 0x50000000..0x5fffffff region is not a pure alias: it has
1104 * a few extra devices that only appear there (generally the
1105 * control interfaces for the protection controllers).
1106 * We implement this by mapping those devices over the top of this
1107 * alias MR at a higher priority. Some of the devices in this range
1108 * are per-CPU, so we must put this alias in the per-cpu containers.
1109 */
1110 for (i = 0; i < info->num_cpus; i++) {
1111 make_alias(s, &s->alias3[i], &s->cpu_container[i],
1112 "alias 3", 0x50000000, 0x10000000, 0x40000000);
1113 }
1114
1115 /* Security controller */
1116 object_property_set_int(OBJECT(&s->secctl), "sse-version",
1117 info->sse_version, &error_abort);
1118 if (!sysbus_realize(SYS_BUS_DEVICE(&s->secctl), errp)) {
1119 return;
1120 }
1121 sbd_secctl = SYS_BUS_DEVICE(&s->secctl);
1122 dev_secctl = DEVICE(&s->secctl);
1123 sysbus_mmio_map(sbd_secctl, 0, 0x50080000);
1124 sysbus_mmio_map(sbd_secctl, 1, 0x40080000);
1125
1126 s->nsc_cfg_in = qemu_allocate_irq(nsccfg_handler, s, 1);
1127 qdev_connect_gpio_out_named(dev_secctl, "nsc_cfg", 0, s->nsc_cfg_in);
1128
1129 /* The sec_resp_cfg output from the security controller must be split into
1130 * multiple lines, one for each of the PPCs within the ARMSSE and one
1131 * that will be an output from the ARMSSE to the system.
1132 */
1133 if (!object_property_set_int(OBJECT(&s->sec_resp_splitter),
1134 "num-lines", 3, errp)) {
1135 return;
1136 }
1137 if (!qdev_realize(DEVICE(&s->sec_resp_splitter), NULL, errp)) {
1138 return;
1139 }
1140 dev_splitter = DEVICE(&s->sec_resp_splitter);
1141 qdev_connect_gpio_out_named(dev_secctl, "sec_resp_cfg", 0,
1142 qdev_get_gpio_in(dev_splitter, 0));
1143
1144 /* Each SRAM bank lives behind its own Memory Protection Controller */
1145 for (i = 0; i < info->sram_banks; i++) {
1146 char *ramname = g_strdup_printf("armsse.sram%d", i);
1147 SysBusDevice *sbd_mpc;
1148 uint32_t sram_bank_size = 1 << s->sram_addr_width;
1149
1150 memory_region_init_ram(&s->sram[i], NULL, ramname,
1151 sram_bank_size, errp);
1152 g_free(ramname);
1153 if (*errp) {
1154 return;
1155 }
1156 object_property_set_link(OBJECT(&s->mpc[i]), "downstream",
1157 OBJECT(&s->sram[i]), &error_abort);
1158 if (!sysbus_realize(SYS_BUS_DEVICE(&s->mpc[i]), errp)) {
1159 return;
1160 }
1161 /* Map the upstream end of the MPC into the right place... */
1162 sbd_mpc = SYS_BUS_DEVICE(&s->mpc[i]);
1163 memory_region_add_subregion(&s->container,
1164 info->sram_bank_base + i * sram_bank_size,
1165 sysbus_mmio_get_region(sbd_mpc, 1));
1166 /* ...and its register interface */
1167 memory_region_add_subregion(&s->container, 0x50083000 + i * 0x1000,
1168 sysbus_mmio_get_region(sbd_mpc, 0));
1169 }
1170
1171 /* We must OR together lines from the MPC splitters to go to the NVIC */
1172 if (!object_property_set_int(OBJECT(&s->mpc_irq_orgate), "num-lines",
1173 IOTS_NUM_EXP_MPC + info->sram_banks,
1174 errp)) {
1175 return;
1176 }
1177 if (!qdev_realize(DEVICE(&s->mpc_irq_orgate), NULL, errp)) {
1178 return;
1179 }
1180 qdev_connect_gpio_out(DEVICE(&s->mpc_irq_orgate), 0,
1181 armsse_get_common_irq_in(s, 9));
1182
1183 /* This OR gate wires together outputs from the secure watchdogs to NMI */
1184 if (!object_property_set_int(OBJECT(&s->nmi_orgate), "num-lines", 2,
1185 errp)) {
1186 return;
1187 }
1188 if (!qdev_realize(DEVICE(&s->nmi_orgate), NULL, errp)) {
1189 return;
1190 }
1191 qdev_connect_gpio_out(DEVICE(&s->nmi_orgate), 0,
1192 qdev_get_gpio_in_named(DEVICE(&s->armv7m), "NMI", 0));
1193
1194 /* The SSE-300 has a System Counter / System Timestamp Generator */
1195 if (info->has_sse_counter) {
1196 SysBusDevice *sbd = SYS_BUS_DEVICE(&s->sse_counter);
1197
1198 qdev_connect_clock_in(DEVICE(sbd), "CLK", s->mainclk);
1199 if (!sysbus_realize(sbd, errp)) {
1200 return;
1201 }
1202 /*
1203 * The control frame is only in the Secure region;
1204 * the status frame is in the NS region (and visible in the
1205 * S region via the alias mapping).
1206 */
1207 memory_region_add_subregion(&s->container, 0x58100000,
1208 sysbus_mmio_get_region(sbd, 0));
1209 memory_region_add_subregion(&s->container, 0x48101000,
1210 sysbus_mmio_get_region(sbd, 1));
1211 }
1212
1213 if (info->has_tcms) {
1214 /* The SSE-300 has an ITCM at 0x0000_0000 and a DTCM at 0x2000_0000 */
1215 memory_region_init_ram(&s->itcm, NULL, "sse300-itcm", 512 * KiB, errp);
1216 if (*errp) {
1217 return;
1218 }
1219 memory_region_init_ram(&s->dtcm, NULL, "sse300-dtcm", 512 * KiB, errp);
1220 if (*errp) {
1221 return;
1222 }
1223 memory_region_add_subregion(&s->container, 0x00000000, &s->itcm);
1224 memory_region_add_subregion(&s->container, 0x20000000, &s->dtcm);
1225 }
1226
1227 /* Devices behind APB PPC0:
1228 * 0x40000000: timer0
1229 * 0x40001000: timer1
1230 * 0x40002000: dual timer
1231 * 0x40003000: MHU0 (SSE-200 only)
1232 * 0x40004000: MHU1 (SSE-200 only)
1233 * We must configure and realize each downstream device and connect
1234 * it to the appropriate PPC port; then we can realize the PPC and
1235 * map its upstream ends to the right place in the container.
1236 */
1237 for (devinfo = info->devinfo; devinfo->name; devinfo++) {
1238 SysBusDevice *sbd;
1239 qemu_irq irq;
1240
1241 if (!strcmp(devinfo->type, TYPE_CMSDK_APB_TIMER)) {
1242 sbd = SYS_BUS_DEVICE(&s->timer[devinfo->index]);
1243
1244 qdev_connect_clock_in(DEVICE(sbd), "pclk",
1245 devinfo->slowclk ? s->s32kclk : s->mainclk);
1246 if (!sysbus_realize(sbd, errp)) {
1247 return;
1248 }
1249 mr = sysbus_mmio_get_region(sbd, 0);
1250 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_DUALTIMER)) {
1251 sbd = SYS_BUS_DEVICE(&s->dualtimer);
1252
1253 qdev_connect_clock_in(DEVICE(sbd), "TIMCLK", s->mainclk);
1254 if (!sysbus_realize(sbd, errp)) {
1255 return;
1256 }
1257 mr = sysbus_mmio_get_region(sbd, 0);
1258 } else if (!strcmp(devinfo->type, TYPE_SSE_TIMER)) {
1259 sbd = SYS_BUS_DEVICE(&s->sse_timer[devinfo->index]);
1260
1261 assert(info->has_sse_counter);
1262 object_property_set_link(OBJECT(sbd), "counter",
1263 OBJECT(&s->sse_counter), &error_abort);
1264 if (!sysbus_realize(sbd, errp)) {
1265 return;
1266 }
1267 mr = sysbus_mmio_get_region(sbd, 0);
1268 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_WATCHDOG)) {
1269 sbd = SYS_BUS_DEVICE(&s->cmsdk_watchdog[devinfo->index]);
1270
1271 qdev_connect_clock_in(DEVICE(sbd), "WDOGCLK",
1272 devinfo->slowclk ? s->s32kclk : s->mainclk);
1273 if (!sysbus_realize(sbd, errp)) {
1274 return;
1275 }
1276 mr = sysbus_mmio_get_region(sbd, 0);
1277 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSINFO)) {
1278 sbd = SYS_BUS_DEVICE(&s->sysinfo);
1279
1280 object_property_set_int(OBJECT(&s->sysinfo), "SYS_VERSION",
1281 info->sys_version, &error_abort);
1282 object_property_set_int(OBJECT(&s->sysinfo), "SYS_CONFIG",
1283 armsse_sys_config_value(s, info),
1284 &error_abort);
1285 object_property_set_int(OBJECT(&s->sysinfo), "sse-version",
1286 info->sse_version, &error_abort);
1287 object_property_set_int(OBJECT(&s->sysinfo), "IIDR",
1288 info->iidr, &error_abort);
1289 if (!sysbus_realize(sbd, errp)) {
1290 return;
1291 }
1292 mr = sysbus_mmio_get_region(sbd, 0);
1293 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSCTL)) {
1294 /* System control registers */
1295 sbd = SYS_BUS_DEVICE(&s->sysctl);
1296
1297 object_property_set_int(OBJECT(&s->sysctl), "sse-version",
1298 info->sse_version, &error_abort);
1299 object_property_set_int(OBJECT(&s->sysctl), "CPUWAIT_RST",
1300 info->cpuwait_rst, &error_abort);
1301 object_property_set_int(OBJECT(&s->sysctl), "INITSVTOR0_RST",
1302 s->init_svtor, &error_abort);
1303 object_property_set_int(OBJECT(&s->sysctl), "INITSVTOR1_RST",
1304 s->init_svtor, &error_abort);
1305 if (!sysbus_realize(sbd, errp)) {
1306 return;
1307 }
1308 mr = sysbus_mmio_get_region(sbd, 0);
1309 } else if (!strcmp(devinfo->type, TYPE_UNIMPLEMENTED_DEVICE)) {
1310 sbd = SYS_BUS_DEVICE(&s->unimp[devinfo->index]);
1311
1312 qdev_prop_set_string(DEVICE(sbd), "name", devinfo->name);
1313 qdev_prop_set_uint64(DEVICE(sbd), "size", devinfo->size);
1314 if (!sysbus_realize(sbd, errp)) {
1315 return;
1316 }
1317 mr = sysbus_mmio_get_region(sbd, 0);
1318 } else {
1319 g_assert_not_reached();
1320 }
1321
1322 switch (devinfo->irq) {
1323 case NO_IRQ:
1324 irq = NULL;
1325 break;
1326 case 0 ... NUM_SSE_IRQS - 1:
1327 irq = armsse_get_common_irq_in(s, devinfo->irq);
1328 break;
1329 case NMI_0:
1330 case NMI_1:
1331 irq = qdev_get_gpio_in(DEVICE(&s->nmi_orgate),
1332 devinfo->irq - NMI_0);
1333 break;
1334 default:
1335 g_assert_not_reached();
1336 }
1337
1338 if (irq) {
1339 sysbus_connect_irq(sbd, 0, irq);
1340 }
1341
1342 /*
1343 * Devices connected to a PPC are connected to the port here;
1344 * we will map the upstream end of that port to the right address
1345 * in the container later after the PPC has been realized.
1346 * Devices not connected to a PPC can be mapped immediately.
1347 */
1348 if (devinfo->ppc != NO_PPC) {
1349 TZPPC *ppc = &s->apb_ppc[devinfo->ppc];
1350 g_autofree char *portname = g_strdup_printf("port[%d]",
1351 devinfo->ppc_port);
1352 object_property_set_link(OBJECT(ppc), portname, OBJECT(mr),
1353 &error_abort);
1354 } else {
1355 memory_region_add_subregion(&s->container, devinfo->addr, mr);
1356 }
1357 }
1358
1359 if (info->has_mhus) {
1360 /*
1361 * An SSE-200 with only one CPU should have only one MHU created,
1362 * with the region where the second MHU usually is being RAZ/WI.
1363 * We don't implement that SSE-200 config; if we want to support
1364 * it then this code needs to be enhanced to handle creating the
1365 * RAZ/WI region instead of the second MHU.
1366 */
1367 assert(info->num_cpus == ARRAY_SIZE(s->mhu));
1368
1369 for (i = 0; i < ARRAY_SIZE(s->mhu); i++) {
1370 char *port;
1371 int cpunum;
1372 SysBusDevice *mhu_sbd = SYS_BUS_DEVICE(&s->mhu[i]);
1373
1374 if (!sysbus_realize(SYS_BUS_DEVICE(&s->mhu[i]), errp)) {
1375 return;
1376 }
1377 port = g_strdup_printf("port[%d]", i + 3);
1378 mr = sysbus_mmio_get_region(mhu_sbd, 0);
1379 object_property_set_link(OBJECT(&s->apb_ppc[0]), port, OBJECT(mr),
1380 &error_abort);
1381 g_free(port);
1382
1383 /*
1384 * Each MHU has an irq line for each CPU:
1385 * MHU 0 irq line 0 -> CPU 0 IRQ 6
1386 * MHU 0 irq line 1 -> CPU 1 IRQ 6
1387 * MHU 1 irq line 0 -> CPU 0 IRQ 7
1388 * MHU 1 irq line 1 -> CPU 1 IRQ 7
1389 */
1390 for (cpunum = 0; cpunum < info->num_cpus; cpunum++) {
1391 DeviceState *cpudev = DEVICE(&s->armv7m[cpunum]);
1392
1393 sysbus_connect_irq(mhu_sbd, cpunum,
1394 qdev_get_gpio_in(cpudev, 6 + i));
1395 }
1396 }
1397 }
1398
1399 if (!sysbus_realize(SYS_BUS_DEVICE(&s->apb_ppc[0]), errp)) {
1400 return;
1401 }
1402
1403 sbd_apb_ppc0 = SYS_BUS_DEVICE(&s->apb_ppc[0]);
1404 dev_apb_ppc0 = DEVICE(&s->apb_ppc[0]);
1405
1406 if (info->has_mhus) {
1407 mr = sysbus_mmio_get_region(sbd_apb_ppc0, 3);
1408 memory_region_add_subregion(&s->container, 0x40003000, mr);
1409 mr = sysbus_mmio_get_region(sbd_apb_ppc0, 4);
1410 memory_region_add_subregion(&s->container, 0x40004000, mr);
1411 }
1412 for (i = 0; i < IOTS_APB_PPC0_NUM_PORTS; i++) {
1413 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_nonsec", i,
1414 qdev_get_gpio_in_named(dev_apb_ppc0,
1415 "cfg_nonsec", i));
1416 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_ap", i,
1417 qdev_get_gpio_in_named(dev_apb_ppc0,
1418 "cfg_ap", i));
1419 }
1420 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_enable", 0,
1421 qdev_get_gpio_in_named(dev_apb_ppc0,
1422 "irq_enable", 0));
1423 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_clear", 0,
1424 qdev_get_gpio_in_named(dev_apb_ppc0,
1425 "irq_clear", 0));
1426 qdev_connect_gpio_out(dev_splitter, 0,
1427 qdev_get_gpio_in_named(dev_apb_ppc0,
1428 "cfg_sec_resp", 0));
1429
1430 /* All the PPC irq lines (from the 2 internal PPCs and the 8 external
1431 * ones) are sent individually to the security controller, and also
1432 * ORed together to give a single combined PPC interrupt to the NVIC.
1433 */
1434 if (!object_property_set_int(OBJECT(&s->ppc_irq_orgate),
1435 "num-lines", NUM_PPCS, errp)) {
1436 return;
1437 }
1438 if (!qdev_realize(DEVICE(&s->ppc_irq_orgate), NULL, errp)) {
1439 return;
1440 }
1441 qdev_connect_gpio_out(DEVICE(&s->ppc_irq_orgate), 0,
1442 armsse_get_common_irq_in(s, 10));
1443
1444 /*
1445 * 0x40010000 .. 0x4001ffff (and the 0x5001000... secure-only alias):
1446 * private per-CPU region (all these devices are SSE-200 only):
1447 * 0x50010000: L1 icache control registers
1448 * 0x50011000: CPUSECCTRL (CPU local security control registers)
1449 * 0x4001f000 and 0x5001f000: CPU_IDENTITY register block
1450 * The SSE-300 has an extra:
1451 * 0x40012000 and 0x50012000: CPU_PWRCTRL register block
1452 */
1453 if (info->has_cachectrl) {
1454 for (i = 0; i < info->num_cpus; i++) {
1455 char *name = g_strdup_printf("cachectrl%d", i);
1456 MemoryRegion *mr;
1457
1458 qdev_prop_set_string(DEVICE(&s->cachectrl[i]), "name", name);
1459 g_free(name);
1460 qdev_prop_set_uint64(DEVICE(&s->cachectrl[i]), "size", 0x1000);
1461 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cachectrl[i]), errp)) {
1462 return;
1463 }
1464
1465 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cachectrl[i]), 0);
1466 memory_region_add_subregion(&s->cpu_container[i], 0x50010000, mr);
1467 }
1468 }
1469 if (info->has_cpusecctrl) {
1470 for (i = 0; i < info->num_cpus; i++) {
1471 char *name = g_strdup_printf("CPUSECCTRL%d", i);
1472 MemoryRegion *mr;
1473
1474 qdev_prop_set_string(DEVICE(&s->cpusecctrl[i]), "name", name);
1475 g_free(name);
1476 qdev_prop_set_uint64(DEVICE(&s->cpusecctrl[i]), "size", 0x1000);
1477 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpusecctrl[i]), errp)) {
1478 return;
1479 }
1480
1481 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpusecctrl[i]), 0);
1482 memory_region_add_subregion(&s->cpu_container[i], 0x50011000, mr);
1483 }
1484 }
1485 if (info->has_cpuid) {
1486 for (i = 0; i < info->num_cpus; i++) {
1487 MemoryRegion *mr;
1488
1489 qdev_prop_set_uint32(DEVICE(&s->cpuid[i]), "CPUID", i);
1490 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpuid[i]), errp)) {
1491 return;
1492 }
1493
1494 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpuid[i]), 0);
1495 memory_region_add_subregion(&s->cpu_container[i], 0x4001F000, mr);
1496 }
1497 }
1498 if (info->has_cpu_pwrctrl) {
1499 for (i = 0; i < info->num_cpus; i++) {
1500 MemoryRegion *mr;
1501
1502 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpu_pwrctrl[i]), errp)) {
1503 return;
1504 }
1505
1506 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpu_pwrctrl[i]), 0);
1507 memory_region_add_subregion(&s->cpu_container[i], 0x40012000, mr);
1508 }
1509 }
1510
1511 if (!sysbus_realize(SYS_BUS_DEVICE(&s->apb_ppc[1]), errp)) {
1512 return;
1513 }
1514
1515 dev_apb_ppc1 = DEVICE(&s->apb_ppc[1]);
1516 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_nonsec", 0,
1517 qdev_get_gpio_in_named(dev_apb_ppc1,
1518 "cfg_nonsec", 0));
1519 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_ap", 0,
1520 qdev_get_gpio_in_named(dev_apb_ppc1,
1521 "cfg_ap", 0));
1522 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_enable", 0,
1523 qdev_get_gpio_in_named(dev_apb_ppc1,
1524 "irq_enable", 0));
1525 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_clear", 0,
1526 qdev_get_gpio_in_named(dev_apb_ppc1,
1527 "irq_clear", 0));
1528 qdev_connect_gpio_out(dev_splitter, 1,
1529 qdev_get_gpio_in_named(dev_apb_ppc1,
1530 "cfg_sec_resp", 0));
1531
1532 /*
1533 * Now both PPCs are realized we can map the upstream ends of
1534 * ports which correspond to entries in the devinfo array.
1535 * The ports which are connected to non-devinfo devices have
1536 * already been mapped.
1537 */
1538 for (devinfo = info->devinfo; devinfo->name; devinfo++) {
1539 SysBusDevice *ppc_sbd;
1540
1541 if (devinfo->ppc == NO_PPC) {
1542 continue;
1543 }
1544 ppc_sbd = SYS_BUS_DEVICE(&s->apb_ppc[devinfo->ppc]);
1545 mr = sysbus_mmio_get_region(ppc_sbd, devinfo->ppc_port);
1546 memory_region_add_subregion(&s->container, devinfo->addr, mr);
1547 }
1548
1549 for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) {
1550 Object *splitter = OBJECT(&s->ppc_irq_splitter[i]);
1551
1552 if (!object_property_set_int(splitter, "num-lines", 2, errp)) {
1553 return;
1554 }
1555 if (!qdev_realize(DEVICE(splitter), NULL, errp)) {
1556 return;
1557 }
1558 }
1559
1560 for (i = 0; i < IOTS_NUM_AHB_EXP_PPC; i++) {
1561 char *ppcname = g_strdup_printf("ahb_ppcexp%d", i);
1562
1563 armsse_forward_ppc(s, ppcname, i);
1564 g_free(ppcname);
1565 }
1566
1567 for (i = 0; i < IOTS_NUM_APB_EXP_PPC; i++) {
1568 char *ppcname = g_strdup_printf("apb_ppcexp%d", i);
1569
1570 armsse_forward_ppc(s, ppcname, i + IOTS_NUM_AHB_EXP_PPC);
1571 g_free(ppcname);
1572 }
1573
1574 for (i = NUM_EXTERNAL_PPCS; i < NUM_PPCS; i++) {
1575 /* Wire up IRQ splitter for internal PPCs */
1576 DeviceState *devs = DEVICE(&s->ppc_irq_splitter[i]);
1577 char *gpioname = g_strdup_printf("apb_ppc%d_irq_status",
1578 i - NUM_EXTERNAL_PPCS);
1579 TZPPC *ppc = &s->apb_ppc[i - NUM_EXTERNAL_PPCS];
1580
1581 qdev_connect_gpio_out(devs, 0,
1582 qdev_get_gpio_in_named(dev_secctl, gpioname, 0));
1583 qdev_connect_gpio_out(devs, 1,
1584 qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), i));
1585 qdev_connect_gpio_out_named(DEVICE(ppc), "irq", 0,
1586 qdev_get_gpio_in(devs, 0));
1587 g_free(gpioname);
1588 }
1589
1590 /* Wire up the splitters for the MPC IRQs */
1591 for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) {
1592 SplitIRQ *splitter = &s->mpc_irq_splitter[i];
1593 DeviceState *dev_splitter = DEVICE(splitter);
1594
1595 if (!object_property_set_int(OBJECT(splitter), "num-lines", 2,
1596 errp)) {
1597 return;
1598 }
1599 if (!qdev_realize(DEVICE(splitter), NULL, errp)) {
1600 return;
1601 }
1602
1603 if (i < IOTS_NUM_EXP_MPC) {
1604 /* Splitter input is from GPIO input line */
1605 s->mpcexp_status_in[i] = qdev_get_gpio_in(dev_splitter, 0);
1606 qdev_connect_gpio_out(dev_splitter, 0,
1607 qdev_get_gpio_in_named(dev_secctl,
1608 "mpcexp_status", i));
1609 } else {
1610 /* Splitter input is from our own MPC */
1611 qdev_connect_gpio_out_named(DEVICE(&s->mpc[i - IOTS_NUM_EXP_MPC]),
1612 "irq", 0,
1613 qdev_get_gpio_in(dev_splitter, 0));
1614 qdev_connect_gpio_out(dev_splitter, 0,
1615 qdev_get_gpio_in_named(dev_secctl,
1616 "mpc_status",
1617 i - IOTS_NUM_EXP_MPC));
1618 }
1619
1620 qdev_connect_gpio_out(dev_splitter, 1,
1621 qdev_get_gpio_in(DEVICE(&s->mpc_irq_orgate), i));
1622 }
1623 /* Create GPIO inputs which will pass the line state for our
1624 * mpcexp_irq inputs to the correct splitter devices.
1625 */
1626 qdev_init_gpio_in_named(dev, armsse_mpcexp_status, "mpcexp_status",
1627 IOTS_NUM_EXP_MPC);
1628
1629 armsse_forward_sec_resp_cfg(s);
1630
1631 /* Forward the MSC related signals */
1632 qdev_pass_gpios(dev_secctl, dev, "mscexp_status");
1633 qdev_pass_gpios(dev_secctl, dev, "mscexp_clear");
1634 qdev_pass_gpios(dev_secctl, dev, "mscexp_ns");
1635 qdev_connect_gpio_out_named(dev_secctl, "msc_irq", 0,
1636 armsse_get_common_irq_in(s, 11));
1637
1638 /*
1639 * Expose our container region to the board model; this corresponds
1640 * to the AHB Slave Expansion ports which allow bus master devices
1641 * (eg DMA controllers) in the board model to make transactions into
1642 * devices in the ARMSSE.
1643 */
1644 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->container);
1645 }
1646
1647 static void armsse_idau_check(IDAUInterface *ii, uint32_t address,
1648 int *iregion, bool *exempt, bool *ns, bool *nsc)
1649 {
1650 /*
1651 * For ARMSSE systems the IDAU responses are simple logical functions
1652 * of the address bits. The NSC attribute is guest-adjustable via the
1653 * NSCCFG register in the security controller.
1654 */
1655 ARMSSE *s = ARM_SSE(ii);
1656 int region = extract32(address, 28, 4);
1657
1658 *ns = !(region & 1);
1659 *nsc = (region == 1 && (s->nsccfg & 1)) || (region == 3 && (s->nsccfg & 2));
1660 /* 0xe0000000..0xe00fffff and 0xf0000000..0xf00fffff are exempt */
1661 *exempt = (address & 0xeff00000) == 0xe0000000;
1662 *iregion = region;
1663 }
1664
1665 static const VMStateDescription armsse_vmstate = {
1666 .name = "iotkit",
1667 .version_id = 2,
1668 .minimum_version_id = 2,
1669 .fields = (VMStateField[]) {
1670 VMSTATE_CLOCK(mainclk, ARMSSE),
1671 VMSTATE_CLOCK(s32kclk, ARMSSE),
1672 VMSTATE_UINT32(nsccfg, ARMSSE),
1673 VMSTATE_END_OF_LIST()
1674 }
1675 };
1676
1677 static void armsse_reset(DeviceState *dev)
1678 {
1679 ARMSSE *s = ARM_SSE(dev);
1680
1681 s->nsccfg = 0;
1682 }
1683
1684 static void armsse_class_init(ObjectClass *klass, void *data)
1685 {
1686 DeviceClass *dc = DEVICE_CLASS(klass);
1687 IDAUInterfaceClass *iic = IDAU_INTERFACE_CLASS(klass);
1688 ARMSSEClass *asc = ARM_SSE_CLASS(klass);
1689 const ARMSSEInfo *info = data;
1690
1691 dc->realize = armsse_realize;
1692 dc->vmsd = &armsse_vmstate;
1693 device_class_set_props(dc, info->props);
1694 dc->reset = armsse_reset;
1695 iic->check = armsse_idau_check;
1696 asc->info = info;
1697 }
1698
1699 static const TypeInfo armsse_info = {
1700 .name = TYPE_ARM_SSE,
1701 .parent = TYPE_SYS_BUS_DEVICE,
1702 .instance_size = sizeof(ARMSSE),
1703 .class_size = sizeof(ARMSSEClass),
1704 .instance_init = armsse_init,
1705 .abstract = true,
1706 .interfaces = (InterfaceInfo[]) {
1707 { TYPE_IDAU_INTERFACE },
1708 { }
1709 }
1710 };
1711
1712 static void armsse_register_types(void)
1713 {
1714 int i;
1715
1716 type_register_static(&armsse_info);
1717
1718 for (i = 0; i < ARRAY_SIZE(armsse_variants); i++) {
1719 TypeInfo ti = {
1720 .name = armsse_variants[i].name,
1721 .parent = TYPE_ARM_SSE,
1722 .class_init = armsse_class_init,
1723 .class_data = (void *)&armsse_variants[i],
1724 };
1725 type_register(&ti);
1726 }
1727 }
1728
1729 type_init(armsse_register_types);
Ray Wang's QEMU Repository