1 /* 2 * ARMV7M System emulation. 3 * 4 * Copyright (c) 2006-2007 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the GPL. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "hw/arm/armv7m.h" 12 #include "qapi/error.h" 13 #include "hw/sysbus.h" 14 #include "hw/arm/boot.h" 15 #include "hw/loader.h" 16 #include "hw/qdev-properties.h" 17 #include "elf.h" 18 #include "sysemu/reset.h" 19 #include "qemu/error-report.h" 20 #include "qemu/module.h" 21 #include "qemu/log.h" 22 #include "target/arm/idau.h" 23 24 /* Bitbanded IO. Each word corresponds to a single bit. */ 25 26 /* Get the byte address of the real memory for a bitband access. */ 27 static inline hwaddr bitband_addr(BitBandState *s, hwaddr offset) 28 { 29 return s->base | (offset & 0x1ffffff) >> 5; 30 } 31 32 static MemTxResult bitband_read(void *opaque, hwaddr offset, 33 uint64_t *data, unsigned size, MemTxAttrs attrs) 34 { 35 BitBandState *s = opaque; 36 uint8_t buf[4]; 37 MemTxResult res; 38 int bitpos, bit; 39 hwaddr addr; 40 41 assert(size <= 4); 42 43 /* Find address in underlying memory and round down to multiple of size */ 44 addr = bitband_addr(s, offset) & (-size); 45 res = address_space_read(&s->source_as, addr, attrs, buf, size); 46 if (res) { 47 return res; 48 } 49 /* Bit position in the N bytes read... */ 50 bitpos = (offset >> 2) & ((size * 8) - 1); 51 /* ...converted to byte in buffer and bit in byte */ 52 bit = (buf[bitpos >> 3] >> (bitpos & 7)) & 1; 53 *data = bit; 54 return MEMTX_OK; 55 } 56 57 static MemTxResult bitband_write(void *opaque, hwaddr offset, uint64_t value, 58 unsigned size, MemTxAttrs attrs) 59 { 60 BitBandState *s = opaque; 61 uint8_t buf[4]; 62 MemTxResult res; 63 int bitpos, bit; 64 hwaddr addr; 65 66 assert(size <= 4); 67 68 /* Find address in underlying memory and round down to multiple of size */ 69 addr = bitband_addr(s, offset) & (-size); 70 res = address_space_read(&s->source_as, addr, attrs, buf, size); 71 if (res) { 72 return res; 73 } 74 /* Bit position in the N bytes read... */ 75 bitpos = (offset >> 2) & ((size * 8) - 1); 76 /* ...converted to byte in buffer and bit in byte */ 77 bit = 1 << (bitpos & 7); 78 if (value & 1) { 79 buf[bitpos >> 3] |= bit; 80 } else { 81 buf[bitpos >> 3] &= ~bit; 82 } 83 return address_space_write(&s->source_as, addr, attrs, buf, size); 84 } 85 86 static const MemoryRegionOps bitband_ops = { 87 .read_with_attrs = bitband_read, 88 .write_with_attrs = bitband_write, 89 .endianness = DEVICE_NATIVE_ENDIAN, 90 .impl.min_access_size = 1, 91 .impl.max_access_size = 4, 92 .valid.min_access_size = 1, 93 .valid.max_access_size = 4, 94 }; 95 96 static void bitband_init(Object *obj) 97 { 98 BitBandState *s = BITBAND(obj); 99 SysBusDevice *dev = SYS_BUS_DEVICE(obj); 100 101 memory_region_init_io(&s->iomem, obj, &bitband_ops, s, 102 "bitband", 0x02000000); 103 sysbus_init_mmio(dev, &s->iomem); 104 } 105 106 static void bitband_realize(DeviceState *dev, Error **errp) 107 { 108 BitBandState *s = BITBAND(dev); 109 110 if (!s->source_memory) { 111 error_setg(errp, "source-memory property not set"); 112 return; 113 } 114 115 address_space_init(&s->source_as, s->source_memory, "bitband-source"); 116 } 117 118 /* Board init. */ 119 120 static const hwaddr bitband_input_addr[ARMV7M_NUM_BITBANDS] = { 121 0x20000000, 0x40000000 122 }; 123 124 static const hwaddr bitband_output_addr[ARMV7M_NUM_BITBANDS] = { 125 0x22000000, 0x42000000 126 }; 127 128 static MemTxResult v7m_sysreg_ns_write(void *opaque, hwaddr addr, 129 uint64_t value, unsigned size, 130 MemTxAttrs attrs) 131 { 132 MemoryRegion *mr = opaque; 133 134 if (attrs.secure) { 135 /* S accesses to the alias act like NS accesses to the real region */ 136 attrs.secure = 0; 137 return memory_region_dispatch_write(mr, addr, value, 138 size_memop(size) | MO_TE, attrs); 139 } else { 140 /* NS attrs are RAZ/WI for privileged, and BusFault for user */ 141 if (attrs.user) { 142 return MEMTX_ERROR; 143 } 144 return MEMTX_OK; 145 } 146 } 147 148 static MemTxResult v7m_sysreg_ns_read(void *opaque, hwaddr addr, 149 uint64_t *data, unsigned size, 150 MemTxAttrs attrs) 151 { 152 MemoryRegion *mr = opaque; 153 154 if (attrs.secure) { 155 /* S accesses to the alias act like NS accesses to the real region */ 156 attrs.secure = 0; 157 return memory_region_dispatch_read(mr, addr, data, 158 size_memop(size) | MO_TE, attrs); 159 } else { 160 /* NS attrs are RAZ/WI for privileged, and BusFault for user */ 161 if (attrs.user) { 162 return MEMTX_ERROR; 163 } 164 *data = 0; 165 return MEMTX_OK; 166 } 167 } 168 169 static const MemoryRegionOps v7m_sysreg_ns_ops = { 170 .read_with_attrs = v7m_sysreg_ns_read, 171 .write_with_attrs = v7m_sysreg_ns_write, 172 .endianness = DEVICE_NATIVE_ENDIAN, 173 }; 174 175 static MemTxResult v7m_systick_write(void *opaque, hwaddr addr, 176 uint64_t value, unsigned size, 177 MemTxAttrs attrs) 178 { 179 ARMv7MState *s = opaque; 180 MemoryRegion *mr; 181 182 /* Direct the access to the correct systick */ 183 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->systick[attrs.secure]), 0); 184 return memory_region_dispatch_write(mr, addr, value, 185 size_memop(size) | MO_TE, attrs); 186 } 187 188 static MemTxResult v7m_systick_read(void *opaque, hwaddr addr, 189 uint64_t *data, unsigned size, 190 MemTxAttrs attrs) 191 { 192 ARMv7MState *s = opaque; 193 MemoryRegion *mr; 194 195 /* Direct the access to the correct systick */ 196 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->systick[attrs.secure]), 0); 197 return memory_region_dispatch_read(mr, addr, data, size_memop(size) | MO_TE, 198 attrs); 199 } 200 201 static const MemoryRegionOps v7m_systick_ops = { 202 .read_with_attrs = v7m_systick_read, 203 .write_with_attrs = v7m_systick_write, 204 .endianness = DEVICE_NATIVE_ENDIAN, 205 }; 206 207 /* 208 * Unassigned portions of the PPB space are RAZ/WI for privileged 209 * accesses, and fault for non-privileged accesses. 210 */ 211 static MemTxResult ppb_default_read(void *opaque, hwaddr addr, 212 uint64_t *data, unsigned size, 213 MemTxAttrs attrs) 214 { 215 qemu_log_mask(LOG_UNIMP, "Read of unassigned area of PPB: offset 0x%x\n", 216 (uint32_t)addr); 217 if (attrs.user) { 218 return MEMTX_ERROR; 219 } 220 *data = 0; 221 return MEMTX_OK; 222 } 223 224 static MemTxResult ppb_default_write(void *opaque, hwaddr addr, 225 uint64_t value, unsigned size, 226 MemTxAttrs attrs) 227 { 228 qemu_log_mask(LOG_UNIMP, "Write of unassigned area of PPB: offset 0x%x\n", 229 (uint32_t)addr); 230 if (attrs.user) { 231 return MEMTX_ERROR; 232 } 233 return MEMTX_OK; 234 } 235 236 static const MemoryRegionOps ppb_default_ops = { 237 .read_with_attrs = ppb_default_read, 238 .write_with_attrs = ppb_default_write, 239 .endianness = DEVICE_NATIVE_ENDIAN, 240 .valid.min_access_size = 1, 241 .valid.max_access_size = 8, 242 }; 243 244 static void armv7m_instance_init(Object *obj) 245 { 246 ARMv7MState *s = ARMV7M(obj); 247 int i; 248 249 /* Can't init the cpu here, we don't yet know which model to use */ 250 251 memory_region_init(&s->container, obj, "armv7m-container", UINT64_MAX); 252 253 object_initialize_child(obj, "nvic", &s->nvic, TYPE_NVIC); 254 object_property_add_alias(obj, "num-irq", 255 OBJECT(&s->nvic), "num-irq"); 256 257 object_initialize_child(obj, "systick-reg-ns", &s->systick[M_REG_NS], 258 TYPE_SYSTICK); 259 /* 260 * We can't initialize the secure systick here, as we don't know 261 * yet if we need it. 262 */ 263 264 for (i = 0; i < ARRAY_SIZE(s->bitband); i++) { 265 object_initialize_child(obj, "bitband[*]", &s->bitband[i], 266 TYPE_BITBAND); 267 } 268 } 269 270 static void armv7m_realize(DeviceState *dev, Error **errp) 271 { 272 ARMv7MState *s = ARMV7M(dev); 273 SysBusDevice *sbd; 274 Error *err = NULL; 275 int i; 276 277 if (!s->board_memory) { 278 error_setg(errp, "memory property was not set"); 279 return; 280 } 281 282 memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -1); 283 284 s->cpu = ARM_CPU(object_new_with_props(s->cpu_type, OBJECT(s), "cpu", 285 &err, NULL)); 286 if (err != NULL) { 287 error_propagate(errp, err); 288 return; 289 } 290 291 object_property_set_link(OBJECT(s->cpu), "memory", OBJECT(&s->container), 292 &error_abort); 293 if (object_property_find(OBJECT(s->cpu), "idau")) { 294 object_property_set_link(OBJECT(s->cpu), "idau", s->idau, 295 &error_abort); 296 } 297 if (object_property_find(OBJECT(s->cpu), "init-svtor")) { 298 if (!object_property_set_uint(OBJECT(s->cpu), "init-svtor", 299 s->init_svtor, errp)) { 300 return; 301 } 302 } 303 if (object_property_find(OBJECT(s->cpu), "init-nsvtor")) { 304 if (!object_property_set_uint(OBJECT(s->cpu), "init-nsvtor", 305 s->init_nsvtor, errp)) { 306 return; 307 } 308 } 309 if (object_property_find(OBJECT(s->cpu), "start-powered-off")) { 310 if (!object_property_set_bool(OBJECT(s->cpu), "start-powered-off", 311 s->start_powered_off, errp)) { 312 return; 313 } 314 } 315 if (object_property_find(OBJECT(s->cpu), "vfp")) { 316 if (!object_property_set_bool(OBJECT(s->cpu), "vfp", s->vfp, errp)) { 317 return; 318 } 319 } 320 if (object_property_find(OBJECT(s->cpu), "dsp")) { 321 if (!object_property_set_bool(OBJECT(s->cpu), "dsp", s->dsp, errp)) { 322 return; 323 } 324 } 325 326 /* 327 * Tell the CPU where the NVIC is; it will fail realize if it doesn't 328 * have one. Similarly, tell the NVIC where its CPU is. 329 */ 330 s->cpu->env.nvic = &s->nvic; 331 s->nvic.cpu = s->cpu; 332 333 if (!qdev_realize(DEVICE(s->cpu), NULL, errp)) { 334 return; 335 } 336 337 /* Note that we must realize the NVIC after the CPU */ 338 if (!sysbus_realize(SYS_BUS_DEVICE(&s->nvic), errp)) { 339 return; 340 } 341 342 /* Alias the NVIC's input and output GPIOs as our own so the board 343 * code can wire them up. (We do this in realize because the 344 * NVIC doesn't create the input GPIO array until realize.) 345 */ 346 qdev_pass_gpios(DEVICE(&s->nvic), dev, NULL); 347 qdev_pass_gpios(DEVICE(&s->nvic), dev, "SYSRESETREQ"); 348 qdev_pass_gpios(DEVICE(&s->nvic), dev, "NMI"); 349 350 /* 351 * We map various devices into the container MR at their architected 352 * addresses. In particular, we map everything corresponding to the 353 * "System PPB" space. This is the range from 0xe0000000 to 0xe00fffff 354 * and includes the NVIC, the System Control Space (system registers), 355 * the systick timer, and for CPUs with the Security extension an NS 356 * banked version of all of these. 357 * 358 * The default behaviour for unimplemented registers/ranges 359 * (for instance the Data Watchpoint and Trace unit at 0xe0001000) 360 * is to RAZ/WI for privileged access and BusFault for non-privileged 361 * access. 362 * 363 * The NVIC and System Control Space (SCS) starts at 0xe000e000 364 * and looks like this: 365 * 0x004 - ICTR 366 * 0x010 - 0xff - systick 367 * 0x100..0x7ec - NVIC 368 * 0x7f0..0xcff - Reserved 369 * 0xd00..0xd3c - SCS registers 370 * 0xd40..0xeff - Reserved or Not implemented 371 * 0xf00 - STIR 372 * 373 * Some registers within this space are banked between security states. 374 * In v8M there is a second range 0xe002e000..0xe002efff which is the 375 * NonSecure alias SCS; secure accesses to this behave like NS accesses 376 * to the main SCS range, and non-secure accesses (including when 377 * the security extension is not implemented) are RAZ/WI. 378 * Note that both the main SCS range and the alias range are defined 379 * to be exempt from memory attribution (R_BLJT) and so the memory 380 * transaction attribute always matches the current CPU security 381 * state (attrs.secure == env->v7m.secure). In the v7m_sysreg_ns_ops 382 * wrappers we change attrs.secure to indicate the NS access; so 383 * generally code determining which banked register to use should 384 * use attrs.secure; code determining actual behaviour of the system 385 * should use env->v7m.secure. 386 * 387 * Within the PPB space, some MRs overlap, and the priority 388 * of overlapping regions is: 389 * - default region (for RAZ/WI and BusFault) : -1 390 * - system register regions (provided by the NVIC) : 0 391 * - systick : 1 392 * This is because the systick device is a small block of registers 393 * in the middle of the other system control registers. 394 */ 395 396 memory_region_init_io(&s->defaultmem, OBJECT(s), &ppb_default_ops, s, 397 "nvic-default", 0x100000); 398 memory_region_add_subregion_overlap(&s->container, 0xe0000000, 399 &s->defaultmem, -1); 400 401 /* Wire the NVIC up to the CPU */ 402 sbd = SYS_BUS_DEVICE(&s->nvic); 403 sysbus_connect_irq(sbd, 0, 404 qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_IRQ)); 405 406 memory_region_add_subregion(&s->container, 0xe000e000, 407 sysbus_mmio_get_region(sbd, 0)); 408 if (arm_feature(&s->cpu->env, ARM_FEATURE_V8)) { 409 /* Create the NS alias region for the NVIC sysregs */ 410 memory_region_init_io(&s->sysreg_ns_mem, OBJECT(s), 411 &v7m_sysreg_ns_ops, 412 sysbus_mmio_get_region(sbd, 0), 413 "nvic_sysregs_ns", 0x1000); 414 memory_region_add_subregion(&s->container, 0xe002e000, 415 &s->sysreg_ns_mem); 416 } 417 418 /* Create and map the systick devices */ 419 if (!sysbus_realize(SYS_BUS_DEVICE(&s->systick[M_REG_NS]), errp)) { 420 return; 421 } 422 sysbus_connect_irq(SYS_BUS_DEVICE(&s->systick[M_REG_NS]), 0, 423 qdev_get_gpio_in_named(DEVICE(&s->nvic), 424 "systick-trigger", M_REG_NS)); 425 426 if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY)) { 427 /* 428 * We couldn't init the secure systick device in instance_init 429 * as we didn't know then if the CPU had the security extensions; 430 * so we have to do it here. 431 */ 432 object_initialize_child(OBJECT(dev), "systick-reg-s", 433 &s->systick[M_REG_S], TYPE_SYSTICK); 434 435 if (!sysbus_realize(SYS_BUS_DEVICE(&s->systick[M_REG_S]), errp)) { 436 return; 437 } 438 sysbus_connect_irq(SYS_BUS_DEVICE(&s->systick[M_REG_S]), 0, 439 qdev_get_gpio_in_named(DEVICE(&s->nvic), 440 "systick-trigger", M_REG_S)); 441 } 442 443 memory_region_init_io(&s->systickmem, OBJECT(s), 444 &v7m_systick_ops, s, 445 "v7m_systick", 0xe0); 446 447 memory_region_add_subregion_overlap(&s->container, 0xe000e010, 448 &s->systickmem, 1); 449 if (arm_feature(&s->cpu->env, ARM_FEATURE_V8)) { 450 memory_region_init_io(&s->systick_ns_mem, OBJECT(s), 451 &v7m_sysreg_ns_ops, &s->systickmem, 452 "v7m_systick_ns", 0xe0); 453 memory_region_add_subregion_overlap(&s->container, 0xe002e010, 454 &s->systick_ns_mem, 1); 455 } 456 457 /* If the CPU has RAS support, create the RAS register block */ 458 if (cpu_isar_feature(aa32_ras, s->cpu)) { 459 object_initialize_child(OBJECT(dev), "armv7m-ras", 460 &s->ras, TYPE_ARMV7M_RAS); 461 sbd = SYS_BUS_DEVICE(&s->ras); 462 if (!sysbus_realize(sbd, errp)) { 463 return; 464 } 465 memory_region_add_subregion_overlap(&s->container, 0xe0005000, 466 sysbus_mmio_get_region(sbd, 0), 1); 467 } 468 469 for (i = 0; i < ARRAY_SIZE(s->bitband); i++) { 470 if (s->enable_bitband) { 471 Object *obj = OBJECT(&s->bitband[i]); 472 SysBusDevice *sbd = SYS_BUS_DEVICE(&s->bitband[i]); 473 474 if (!object_property_set_int(obj, "base", 475 bitband_input_addr[i], errp)) { 476 return; 477 } 478 object_property_set_link(obj, "source-memory", 479 OBJECT(s->board_memory), &error_abort); 480 if (!sysbus_realize(SYS_BUS_DEVICE(obj), errp)) { 481 return; 482 } 483 484 memory_region_add_subregion(&s->container, bitband_output_addr[i], 485 sysbus_mmio_get_region(sbd, 0)); 486 } else { 487 object_unparent(OBJECT(&s->bitband[i])); 488 } 489 } 490 } 491 492 static Property armv7m_properties[] = { 493 DEFINE_PROP_STRING("cpu-type", ARMv7MState, cpu_type), 494 DEFINE_PROP_LINK("memory", ARMv7MState, board_memory, TYPE_MEMORY_REGION, 495 MemoryRegion *), 496 DEFINE_PROP_LINK("idau", ARMv7MState, idau, TYPE_IDAU_INTERFACE, Object *), 497 DEFINE_PROP_UINT32("init-svtor", ARMv7MState, init_svtor, 0), 498 DEFINE_PROP_UINT32("init-nsvtor", ARMv7MState, init_nsvtor, 0), 499 DEFINE_PROP_BOOL("enable-bitband", ARMv7MState, enable_bitband, false), 500 DEFINE_PROP_BOOL("start-powered-off", ARMv7MState, start_powered_off, 501 false), 502 DEFINE_PROP_BOOL("vfp", ARMv7MState, vfp, true), 503 DEFINE_PROP_BOOL("dsp", ARMv7MState, dsp, true), 504 DEFINE_PROP_END_OF_LIST(), 505 }; 506 507 static void armv7m_class_init(ObjectClass *klass, void *data) 508 { 509 DeviceClass *dc = DEVICE_CLASS(klass); 510 511 dc->realize = armv7m_realize; 512 device_class_set_props(dc, armv7m_properties); 513 } 514 515 static const TypeInfo armv7m_info = { 516 .name = TYPE_ARMV7M, 517 .parent = TYPE_SYS_BUS_DEVICE, 518 .instance_size = sizeof(ARMv7MState), 519 .instance_init = armv7m_instance_init, 520 .class_init = armv7m_class_init, 521 }; 522 523 static void armv7m_reset(void *opaque) 524 { 525 ARMCPU *cpu = opaque; 526 527 cpu_reset(CPU(cpu)); 528 } 529 530 void armv7m_load_kernel(ARMCPU *cpu, const char *kernel_filename, int mem_size) 531 { 532 int image_size; 533 uint64_t entry; 534 int big_endian; 535 AddressSpace *as; 536 int asidx; 537 CPUState *cs = CPU(cpu); 538 539 #ifdef TARGET_WORDS_BIGENDIAN 540 big_endian = 1; 541 #else 542 big_endian = 0; 543 #endif 544 545 if (arm_feature(&cpu->env, ARM_FEATURE_EL3)) { 546 asidx = ARMASIdx_S; 547 } else { 548 asidx = ARMASIdx_NS; 549 } 550 as = cpu_get_address_space(cs, asidx); 551 552 if (kernel_filename) { 553 image_size = load_elf_as(kernel_filename, NULL, NULL, NULL, 554 &entry, NULL, NULL, 555 NULL, big_endian, EM_ARM, 1, 0, as); 556 if (image_size < 0) { 557 image_size = load_image_targphys_as(kernel_filename, 0, 558 mem_size, as); 559 } 560 if (image_size < 0) { 561 error_report("Could not load kernel '%s'", kernel_filename); 562 exit(1); 563 } 564 } 565 566 /* CPU objects (unlike devices) are not automatically reset on system 567 * reset, so we must always register a handler to do so. Unlike 568 * A-profile CPUs, we don't need to do anything special in the 569 * handler to arrange that it starts correctly. 570 * This is arguably the wrong place to do this, but it matches the 571 * way A-profile does it. Note that this means that every M profile 572 * board must call this function! 573 */ 574 qemu_register_reset(armv7m_reset, cpu); 575 } 576 577 static Property bitband_properties[] = { 578 DEFINE_PROP_UINT32("base", BitBandState, base, 0), 579 DEFINE_PROP_LINK("source-memory", BitBandState, source_memory, 580 TYPE_MEMORY_REGION, MemoryRegion *), 581 DEFINE_PROP_END_OF_LIST(), 582 }; 583 584 static void bitband_class_init(ObjectClass *klass, void *data) 585 { 586 DeviceClass *dc = DEVICE_CLASS(klass); 587 588 dc->realize = bitband_realize; 589 device_class_set_props(dc, bitband_properties); 590 } 591 592 static const TypeInfo bitband_info = { 593 .name = TYPE_BITBAND, 594 .parent = TYPE_SYS_BUS_DEVICE, 595 .instance_size = sizeof(BitBandState), 596 .instance_init = bitband_init, 597 .class_init = bitband_class_init, 598 }; 599 600 static void armv7m_register_types(void) 601 { 602 type_register_static(&bitband_info); 603 type_register_static(&armv7m_info); 604 } 605 606 type_init(armv7m_register_types) 607