1 /* 2 * ARM PrimeCell PL330 DMA Controller 3 * 4 * Copyright (c) 2009 Samsung Electronics. 5 * Contributed by Kirill Batuzov <batuzovk@ispras.ru> 6 * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.crosthwaite@petalogix.com) 7 * Copyright (c) 2012 PetaLogix Pty Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; version 2 or later. 12 * 13 * You should have received a copy of the GNU General Public License along 14 * with this program; if not, see <http://www.gnu.org/licenses/>. 15 */ 16 17 #include "hw/sysbus.h" 18 #include "qemu/timer.h" 19 #include "sysemu/dma.h" 20 21 #ifndef PL330_ERR_DEBUG 22 #define PL330_ERR_DEBUG 0 23 #endif 24 25 #define DB_PRINT_L(lvl, fmt, args...) do {\ 26 if (PL330_ERR_DEBUG >= lvl) {\ 27 fprintf(stderr, "PL330: %s:" fmt, __func__, ## args);\ 28 } \ 29 } while (0); 30 31 #define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args) 32 33 #define PL330_PERIPH_NUM 32 34 #define PL330_MAX_BURST_LEN 128 35 #define PL330_INSN_MAXSIZE 6 36 37 #define PL330_FIFO_OK 0 38 #define PL330_FIFO_STALL 1 39 #define PL330_FIFO_ERR (-1) 40 41 #define PL330_FAULT_UNDEF_INSTR (1 << 0) 42 #define PL330_FAULT_OPERAND_INVALID (1 << 1) 43 #define PL330_FAULT_DMAGO_ERR (1 << 4) 44 #define PL330_FAULT_EVENT_ERR (1 << 5) 45 #define PL330_FAULT_CH_PERIPH_ERR (1 << 6) 46 #define PL330_FAULT_CH_RDWR_ERR (1 << 7) 47 #define PL330_FAULT_ST_DATA_UNAVAILABLE (1 << 12) 48 #define PL330_FAULT_FIFOEMPTY_ERR (1 << 13) 49 #define PL330_FAULT_INSTR_FETCH_ERR (1 << 16) 50 #define PL330_FAULT_DATA_WRITE_ERR (1 << 17) 51 #define PL330_FAULT_DATA_READ_ERR (1 << 18) 52 #define PL330_FAULT_DBG_INSTR (1 << 30) 53 #define PL330_FAULT_LOCKUP_ERR (1 << 31) 54 55 #define PL330_UNTAGGED 0xff 56 57 #define PL330_SINGLE 0x0 58 #define PL330_BURST 0x1 59 60 #define PL330_WATCHDOG_LIMIT 1024 61 62 /* IOMEM mapped registers */ 63 #define PL330_REG_DSR 0x000 64 #define PL330_REG_DPC 0x004 65 #define PL330_REG_INTEN 0x020 66 #define PL330_REG_INT_EVENT_RIS 0x024 67 #define PL330_REG_INTMIS 0x028 68 #define PL330_REG_INTCLR 0x02C 69 #define PL330_REG_FSRD 0x030 70 #define PL330_REG_FSRC 0x034 71 #define PL330_REG_FTRD 0x038 72 #define PL330_REG_FTR_BASE 0x040 73 #define PL330_REG_CSR_BASE 0x100 74 #define PL330_REG_CPC_BASE 0x104 75 #define PL330_REG_CHANCTRL 0x400 76 #define PL330_REG_DBGSTATUS 0xD00 77 #define PL330_REG_DBGCMD 0xD04 78 #define PL330_REG_DBGINST0 0xD08 79 #define PL330_REG_DBGINST1 0xD0C 80 #define PL330_REG_CR0_BASE 0xE00 81 #define PL330_REG_PERIPH_ID 0xFE0 82 83 #define PL330_IOMEM_SIZE 0x1000 84 85 #define CFG_BOOT_ADDR 2 86 #define CFG_INS 3 87 #define CFG_PNS 4 88 #define CFG_CRD 5 89 90 static const uint32_t pl330_id[] = { 91 0x30, 0x13, 0x24, 0x00, 0x0D, 0xF0, 0x05, 0xB1 92 }; 93 94 /* DMA channel states as they are described in PL330 Technical Reference Manual 95 * Most of them will not be used in emulation. 96 */ 97 typedef enum { 98 pl330_chan_stopped = 0, 99 pl330_chan_executing = 1, 100 pl330_chan_cache_miss = 2, 101 pl330_chan_updating_pc = 3, 102 pl330_chan_waiting_event = 4, 103 pl330_chan_at_barrier = 5, 104 pl330_chan_queue_busy = 6, 105 pl330_chan_waiting_periph = 7, 106 pl330_chan_killing = 8, 107 pl330_chan_completing = 9, 108 pl330_chan_fault_completing = 14, 109 pl330_chan_fault = 15, 110 } PL330ChanState; 111 112 typedef struct PL330State PL330State; 113 114 typedef struct PL330Chan { 115 uint32_t src; 116 uint32_t dst; 117 uint32_t pc; 118 uint32_t control; 119 uint32_t status; 120 uint32_t lc[2]; 121 uint32_t fault_type; 122 uint32_t watchdog_timer; 123 124 bool ns; 125 uint8_t request_flag; 126 uint8_t wakeup; 127 uint8_t wfp_sbp; 128 129 uint8_t state; 130 uint8_t stall; 131 132 bool is_manager; 133 PL330State *parent; 134 uint8_t tag; 135 } PL330Chan; 136 137 static const VMStateDescription vmstate_pl330_chan = { 138 .name = "pl330_chan", 139 .version_id = 1, 140 .minimum_version_id = 1, 141 .fields = (VMStateField[]) { 142 VMSTATE_UINT32(src, PL330Chan), 143 VMSTATE_UINT32(dst, PL330Chan), 144 VMSTATE_UINT32(pc, PL330Chan), 145 VMSTATE_UINT32(control, PL330Chan), 146 VMSTATE_UINT32(status, PL330Chan), 147 VMSTATE_UINT32_ARRAY(lc, PL330Chan, 2), 148 VMSTATE_UINT32(fault_type, PL330Chan), 149 VMSTATE_UINT32(watchdog_timer, PL330Chan), 150 VMSTATE_BOOL(ns, PL330Chan), 151 VMSTATE_UINT8(request_flag, PL330Chan), 152 VMSTATE_UINT8(wakeup, PL330Chan), 153 VMSTATE_UINT8(wfp_sbp, PL330Chan), 154 VMSTATE_UINT8(state, PL330Chan), 155 VMSTATE_UINT8(stall, PL330Chan), 156 VMSTATE_END_OF_LIST() 157 } 158 }; 159 160 typedef struct PL330Fifo { 161 uint8_t *buf; 162 uint8_t *tag; 163 uint32_t head; 164 uint32_t num; 165 uint32_t buf_size; 166 } PL330Fifo; 167 168 static const VMStateDescription vmstate_pl330_fifo = { 169 .name = "pl330_chan", 170 .version_id = 1, 171 .minimum_version_id = 1, 172 .fields = (VMStateField[]) { 173 VMSTATE_VBUFFER_UINT32(buf, PL330Fifo, 1, NULL, 0, buf_size), 174 VMSTATE_VBUFFER_UINT32(tag, PL330Fifo, 1, NULL, 0, buf_size), 175 VMSTATE_UINT32(head, PL330Fifo), 176 VMSTATE_UINT32(num, PL330Fifo), 177 VMSTATE_UINT32(buf_size, PL330Fifo), 178 VMSTATE_END_OF_LIST() 179 } 180 }; 181 182 typedef struct PL330QueueEntry { 183 uint32_t addr; 184 uint32_t len; 185 uint8_t n; 186 bool inc; 187 bool z; 188 uint8_t tag; 189 uint8_t seqn; 190 } PL330QueueEntry; 191 192 static const VMStateDescription vmstate_pl330_queue_entry = { 193 .name = "pl330_queue_entry", 194 .version_id = 1, 195 .minimum_version_id = 1, 196 .fields = (VMStateField[]) { 197 VMSTATE_UINT32(addr, PL330QueueEntry), 198 VMSTATE_UINT32(len, PL330QueueEntry), 199 VMSTATE_UINT8(n, PL330QueueEntry), 200 VMSTATE_BOOL(inc, PL330QueueEntry), 201 VMSTATE_BOOL(z, PL330QueueEntry), 202 VMSTATE_UINT8(tag, PL330QueueEntry), 203 VMSTATE_UINT8(seqn, PL330QueueEntry), 204 VMSTATE_END_OF_LIST() 205 } 206 }; 207 208 typedef struct PL330Queue { 209 PL330State *parent; 210 PL330QueueEntry *queue; 211 uint32_t queue_size; 212 } PL330Queue; 213 214 static const VMStateDescription vmstate_pl330_queue = { 215 .name = "pl330_queue", 216 .version_id = 1, 217 .minimum_version_id = 1, 218 .fields = (VMStateField[]) { 219 VMSTATE_STRUCT_VARRAY_UINT32(queue, PL330Queue, queue_size, 1, 220 vmstate_pl330_queue_entry, PL330QueueEntry), 221 VMSTATE_END_OF_LIST() 222 } 223 }; 224 225 struct PL330State { 226 SysBusDevice parent_obj; 227 228 MemoryRegion iomem; 229 qemu_irq irq_abort; 230 qemu_irq *irq; 231 232 /* Config registers. cfg[5] = CfgDn. */ 233 uint32_t cfg[6]; 234 #define EVENT_SEC_STATE 3 235 #define PERIPH_SEC_STATE 4 236 /* cfg 0 bits and pieces */ 237 uint32_t num_chnls; 238 uint8_t num_periph_req; 239 uint8_t num_events; 240 uint8_t mgr_ns_at_rst; 241 /* cfg 1 bits and pieces */ 242 uint8_t i_cache_len; 243 uint8_t num_i_cache_lines; 244 /* CRD bits and pieces */ 245 uint8_t data_width; 246 uint8_t wr_cap; 247 uint8_t wr_q_dep; 248 uint8_t rd_cap; 249 uint8_t rd_q_dep; 250 uint16_t data_buffer_dep; 251 252 PL330Chan manager; 253 PL330Chan *chan; 254 PL330Fifo fifo; 255 PL330Queue read_queue; 256 PL330Queue write_queue; 257 uint8_t *lo_seqn; 258 uint8_t *hi_seqn; 259 QEMUTimer *timer; /* is used for restore dma. */ 260 261 uint32_t inten; 262 uint32_t int_status; 263 uint32_t ev_status; 264 uint32_t dbg[2]; 265 uint8_t debug_status; 266 uint8_t num_faulting; 267 uint8_t periph_busy[PL330_PERIPH_NUM]; 268 269 }; 270 271 #define TYPE_PL330 "pl330" 272 #define PL330(obj) OBJECT_CHECK(PL330State, (obj), TYPE_PL330) 273 274 static const VMStateDescription vmstate_pl330 = { 275 .name = "pl330", 276 .version_id = 1, 277 .minimum_version_id = 1, 278 .fields = (VMStateField[]) { 279 VMSTATE_STRUCT(manager, PL330State, 0, vmstate_pl330_chan, PL330Chan), 280 VMSTATE_STRUCT_VARRAY_UINT32(chan, PL330State, num_chnls, 0, 281 vmstate_pl330_chan, PL330Chan), 282 VMSTATE_VBUFFER_UINT32(lo_seqn, PL330State, 1, NULL, 0, num_chnls), 283 VMSTATE_VBUFFER_UINT32(hi_seqn, PL330State, 1, NULL, 0, num_chnls), 284 VMSTATE_STRUCT(fifo, PL330State, 0, vmstate_pl330_fifo, PL330Fifo), 285 VMSTATE_STRUCT(read_queue, PL330State, 0, vmstate_pl330_queue, 286 PL330Queue), 287 VMSTATE_STRUCT(write_queue, PL330State, 0, vmstate_pl330_queue, 288 PL330Queue), 289 VMSTATE_TIMER(timer, PL330State), 290 VMSTATE_UINT32(inten, PL330State), 291 VMSTATE_UINT32(int_status, PL330State), 292 VMSTATE_UINT32(ev_status, PL330State), 293 VMSTATE_UINT32_ARRAY(dbg, PL330State, 2), 294 VMSTATE_UINT8(debug_status, PL330State), 295 VMSTATE_UINT8(num_faulting, PL330State), 296 VMSTATE_UINT8_ARRAY(periph_busy, PL330State, PL330_PERIPH_NUM), 297 VMSTATE_END_OF_LIST() 298 } 299 }; 300 301 typedef struct PL330InsnDesc { 302 /* OPCODE of the instruction */ 303 uint8_t opcode; 304 /* Mask so we can select several sibling instructions, such as 305 DMALD, DMALDS and DMALDB */ 306 uint8_t opmask; 307 /* Size of instruction in bytes */ 308 uint8_t size; 309 /* Interpreter */ 310 void (*exec)(PL330Chan *, uint8_t opcode, uint8_t *args, int len); 311 } PL330InsnDesc; 312 313 314 /* MFIFO Implementation 315 * 316 * MFIFO is implemented as a cyclic buffer of BUF_SIZE size. Tagged bytes are 317 * stored in this buffer. Data is stored in BUF field, tags - in the 318 * corresponding array elements of TAG field. 319 */ 320 321 /* Initialize queue. */ 322 323 static void pl330_fifo_init(PL330Fifo *s, uint32_t size) 324 { 325 s->buf = g_malloc0(size); 326 s->tag = g_malloc0(size); 327 s->buf_size = size; 328 } 329 330 /* Cyclic increment */ 331 332 static inline int pl330_fifo_inc(PL330Fifo *s, int x) 333 { 334 return (x + 1) % s->buf_size; 335 } 336 337 /* Number of empty bytes in MFIFO */ 338 339 static inline int pl330_fifo_num_free(PL330Fifo *s) 340 { 341 return s->buf_size - s->num; 342 } 343 344 /* Push LEN bytes of data stored in BUF to MFIFO and tag it with TAG. 345 * Zero returned on success, PL330_FIFO_STALL if there is no enough free 346 * space in MFIFO to store requested amount of data. If push was unsuccessful 347 * no data is stored to MFIFO. 348 */ 349 350 static int pl330_fifo_push(PL330Fifo *s, uint8_t *buf, int len, uint8_t tag) 351 { 352 int i; 353 354 if (s->buf_size - s->num < len) { 355 return PL330_FIFO_STALL; 356 } 357 for (i = 0; i < len; i++) { 358 int push_idx = (s->head + s->num + i) % s->buf_size; 359 s->buf[push_idx] = buf[i]; 360 s->tag[push_idx] = tag; 361 } 362 s->num += len; 363 return PL330_FIFO_OK; 364 } 365 366 /* Get LEN bytes of data from MFIFO and store it to BUF. Tag value of each 367 * byte is verified. Zero returned on success, PL330_FIFO_ERR on tag mismatch 368 * and PL330_FIFO_STALL if there is no enough data in MFIFO. If get was 369 * unsuccessful no data is removed from MFIFO. 370 */ 371 372 static int pl330_fifo_get(PL330Fifo *s, uint8_t *buf, int len, uint8_t tag) 373 { 374 int i; 375 376 if (s->num < len) { 377 return PL330_FIFO_STALL; 378 } 379 for (i = 0; i < len; i++) { 380 if (s->tag[s->head] == tag) { 381 int get_idx = (s->head + i) % s->buf_size; 382 buf[i] = s->buf[get_idx]; 383 } else { /* Tag mismatch - Rollback transaction */ 384 return PL330_FIFO_ERR; 385 } 386 } 387 s->head = (s->head + len) % s->buf_size; 388 s->num -= len; 389 return PL330_FIFO_OK; 390 } 391 392 /* Reset MFIFO. This completely erases all data in it. */ 393 394 static inline void pl330_fifo_reset(PL330Fifo *s) 395 { 396 s->head = 0; 397 s->num = 0; 398 } 399 400 /* Return tag of the first byte stored in MFIFO. If MFIFO is empty 401 * PL330_UNTAGGED is returned. 402 */ 403 404 static inline uint8_t pl330_fifo_tag(PL330Fifo *s) 405 { 406 return (!s->num) ? PL330_UNTAGGED : s->tag[s->head]; 407 } 408 409 /* Returns non-zero if tag TAG is present in fifo or zero otherwise */ 410 411 static int pl330_fifo_has_tag(PL330Fifo *s, uint8_t tag) 412 { 413 int i, n; 414 415 i = s->head; 416 for (n = 0; n < s->num; n++) { 417 if (s->tag[i] == tag) { 418 return 1; 419 } 420 i = pl330_fifo_inc(s, i); 421 } 422 return 0; 423 } 424 425 /* Remove all entry tagged with TAG from MFIFO */ 426 427 static void pl330_fifo_tagged_remove(PL330Fifo *s, uint8_t tag) 428 { 429 int i, t, n; 430 431 t = i = s->head; 432 for (n = 0; n < s->num; n++) { 433 if (s->tag[i] != tag) { 434 s->buf[t] = s->buf[i]; 435 s->tag[t] = s->tag[i]; 436 t = pl330_fifo_inc(s, t); 437 } else { 438 s->num = s->num - 1; 439 } 440 i = pl330_fifo_inc(s, i); 441 } 442 } 443 444 /* Read-Write Queue implementation 445 * 446 * A Read-Write Queue stores up to QUEUE_SIZE instructions (loads or stores). 447 * Each instruction is described by source (for loads) or destination (for 448 * stores) address ADDR, width of data to be loaded/stored LEN, number of 449 * stores/loads to be performed N, INC bit, Z bit and TAG to identify channel 450 * this instruction belongs to. Queue does not store any information about 451 * nature of the instruction: is it load or store. PL330 has different queues 452 * for loads and stores so this is already known at the top level where it 453 * matters. 454 * 455 * Queue works as FIFO for instructions with equivalent tags, but can issue 456 * instructions with different tags in arbitrary order. SEQN field attached to 457 * each instruction helps to achieve this. For each TAG queue contains 458 * instructions with consecutive SEQN values ranging from LO_SEQN[TAG] to 459 * HI_SEQN[TAG]-1 inclusive. SEQN is 8-bit unsigned integer, so SEQN=255 is 460 * followed by SEQN=0. 461 * 462 * Z bit indicates that zeroes should be stored. No MFIFO fetches are performed 463 * in this case. 464 */ 465 466 static void pl330_queue_reset(PL330Queue *s) 467 { 468 int i; 469 470 for (i = 0; i < s->queue_size; i++) { 471 s->queue[i].tag = PL330_UNTAGGED; 472 } 473 } 474 475 /* Initialize queue */ 476 static void pl330_queue_init(PL330Queue *s, int size, PL330State *parent) 477 { 478 s->parent = parent; 479 s->queue = g_new0(PL330QueueEntry, size); 480 s->queue_size = size; 481 } 482 483 /* Returns pointer to an empty slot or NULL if queue is full */ 484 static PL330QueueEntry *pl330_queue_find_empty(PL330Queue *s) 485 { 486 int i; 487 488 for (i = 0; i < s->queue_size; i++) { 489 if (s->queue[i].tag == PL330_UNTAGGED) { 490 return &s->queue[i]; 491 } 492 } 493 return NULL; 494 } 495 496 /* Put instruction in queue. 497 * Return value: 498 * - zero - OK 499 * - non-zero - queue is full 500 */ 501 502 static int pl330_queue_put_insn(PL330Queue *s, uint32_t addr, 503 int len, int n, bool inc, bool z, uint8_t tag) 504 { 505 PL330QueueEntry *entry = pl330_queue_find_empty(s); 506 507 if (!entry) { 508 return 1; 509 } 510 entry->tag = tag; 511 entry->addr = addr; 512 entry->len = len; 513 entry->n = n; 514 entry->z = z; 515 entry->inc = inc; 516 entry->seqn = s->parent->hi_seqn[tag]; 517 s->parent->hi_seqn[tag]++; 518 return 0; 519 } 520 521 /* Returns a pointer to queue slot containing instruction which satisfies 522 * following conditions: 523 * - it has valid tag value (not PL330_UNTAGGED) 524 * - if enforce_seq is set it has to be issuable without violating queue 525 * logic (see above) 526 * - if TAG argument is not PL330_UNTAGGED this instruction has tag value 527 * equivalent to the argument TAG value. 528 * If such instruction cannot be found NULL is returned. 529 */ 530 531 static PL330QueueEntry *pl330_queue_find_insn(PL330Queue *s, uint8_t tag, 532 bool enforce_seq) 533 { 534 int i; 535 536 for (i = 0; i < s->queue_size; i++) { 537 if (s->queue[i].tag != PL330_UNTAGGED) { 538 if ((!enforce_seq || 539 s->queue[i].seqn == s->parent->lo_seqn[s->queue[i].tag]) && 540 (s->queue[i].tag == tag || tag == PL330_UNTAGGED || 541 s->queue[i].z)) { 542 return &s->queue[i]; 543 } 544 } 545 } 546 return NULL; 547 } 548 549 /* Removes instruction from queue. */ 550 551 static inline void pl330_queue_remove_insn(PL330Queue *s, PL330QueueEntry *e) 552 { 553 s->parent->lo_seqn[e->tag]++; 554 e->tag = PL330_UNTAGGED; 555 } 556 557 /* Removes all instructions tagged with TAG from queue. */ 558 559 static inline void pl330_queue_remove_tagged(PL330Queue *s, uint8_t tag) 560 { 561 int i; 562 563 for (i = 0; i < s->queue_size; i++) { 564 if (s->queue[i].tag == tag) { 565 s->queue[i].tag = PL330_UNTAGGED; 566 } 567 } 568 } 569 570 /* DMA instruction execution engine */ 571 572 /* Moves DMA channel to the FAULT state and updates it's status. */ 573 574 static inline void pl330_fault(PL330Chan *ch, uint32_t flags) 575 { 576 DB_PRINT("ch: %p, flags: %" PRIx32 "\n", ch, flags); 577 ch->fault_type |= flags; 578 if (ch->state == pl330_chan_fault) { 579 return; 580 } 581 ch->state = pl330_chan_fault; 582 ch->parent->num_faulting++; 583 if (ch->parent->num_faulting == 1) { 584 DB_PRINT("abort interrupt raised\n"); 585 qemu_irq_raise(ch->parent->irq_abort); 586 } 587 } 588 589 /* 590 * For information about instructions see PL330 Technical Reference Manual. 591 * 592 * Arguments: 593 * CH - channel executing the instruction 594 * OPCODE - opcode 595 * ARGS - array of 8-bit arguments 596 * LEN - number of elements in ARGS array 597 */ 598 599 static void pl330_dmaadxh(PL330Chan *ch, uint8_t *args, bool ra, bool neg) 600 { 601 uint32_t im = (args[1] << 8) | args[0]; 602 if (neg) { 603 im |= 0xffffu << 16; 604 } 605 606 if (ch->is_manager) { 607 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR); 608 return; 609 } 610 if (ra) { 611 ch->dst += im; 612 } else { 613 ch->src += im; 614 } 615 } 616 617 static void pl330_dmaaddh(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len) 618 { 619 pl330_dmaadxh(ch, args, extract32(opcode, 1, 1), false); 620 } 621 622 static void pl330_dmaadnh(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len) 623 { 624 pl330_dmaadxh(ch, args, extract32(opcode, 1, 1), true); 625 } 626 627 static void pl330_dmaend(PL330Chan *ch, uint8_t opcode, 628 uint8_t *args, int len) 629 { 630 PL330State *s = ch->parent; 631 632 if (ch->state == pl330_chan_executing && !ch->is_manager) { 633 /* Wait for all transfers to complete */ 634 if (pl330_fifo_has_tag(&s->fifo, ch->tag) || 635 pl330_queue_find_insn(&s->read_queue, ch->tag, false) != NULL || 636 pl330_queue_find_insn(&s->write_queue, ch->tag, false) != NULL) { 637 638 ch->stall = 1; 639 return; 640 } 641 } 642 DB_PRINT("DMA ending!\n"); 643 pl330_fifo_tagged_remove(&s->fifo, ch->tag); 644 pl330_queue_remove_tagged(&s->read_queue, ch->tag); 645 pl330_queue_remove_tagged(&s->write_queue, ch->tag); 646 ch->state = pl330_chan_stopped; 647 } 648 649 static void pl330_dmaflushp(PL330Chan *ch, uint8_t opcode, 650 uint8_t *args, int len) 651 { 652 uint8_t periph_id; 653 654 if (args[0] & 7) { 655 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 656 return; 657 } 658 periph_id = (args[0] >> 3) & 0x1f; 659 if (periph_id >= ch->parent->num_periph_req) { 660 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 661 return; 662 } 663 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) { 664 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR); 665 return; 666 } 667 /* Do nothing */ 668 } 669 670 static void pl330_dmago(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len) 671 { 672 uint8_t chan_id; 673 uint8_t ns; 674 uint32_t pc; 675 PL330Chan *s; 676 677 DB_PRINT("\n"); 678 679 if (!ch->is_manager) { 680 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR); 681 return; 682 } 683 ns = !!(opcode & 2); 684 chan_id = args[0] & 7; 685 if ((args[0] >> 3)) { 686 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 687 return; 688 } 689 if (chan_id >= ch->parent->num_chnls) { 690 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 691 return; 692 } 693 pc = (((uint32_t)args[4]) << 24) | (((uint32_t)args[3]) << 16) | 694 (((uint32_t)args[2]) << 8) | (((uint32_t)args[1])); 695 if (ch->parent->chan[chan_id].state != pl330_chan_stopped) { 696 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 697 return; 698 } 699 if (ch->ns && !ns) { 700 pl330_fault(ch, PL330_FAULT_DMAGO_ERR); 701 return; 702 } 703 s = &ch->parent->chan[chan_id]; 704 s->ns = ns; 705 s->pc = pc; 706 s->state = pl330_chan_executing; 707 } 708 709 static void pl330_dmald(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len) 710 { 711 uint8_t bs = opcode & 3; 712 uint32_t size, num; 713 bool inc; 714 715 if (bs == 2) { 716 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 717 return; 718 } 719 if ((bs == 1 && ch->request_flag == PL330_BURST) || 720 (bs == 3 && ch->request_flag == PL330_SINGLE)) { 721 /* Perform NOP */ 722 return; 723 } 724 if (bs == 1 && ch->request_flag == PL330_SINGLE) { 725 num = 1; 726 } else { 727 num = ((ch->control >> 4) & 0xf) + 1; 728 } 729 size = (uint32_t)1 << ((ch->control >> 1) & 0x7); 730 inc = !!(ch->control & 1); 731 ch->stall = pl330_queue_put_insn(&ch->parent->read_queue, ch->src, 732 size, num, inc, 0, ch->tag); 733 if (!ch->stall) { 734 DB_PRINT("channel:%" PRId8 " address:%08" PRIx32 " size:%" PRIx32 735 " num:%" PRId32 " %c\n", 736 ch->tag, ch->src, size, num, inc ? 'Y' : 'N'); 737 ch->src += inc ? size * num - (ch->src & (size - 1)) : 0; 738 } 739 } 740 741 static void pl330_dmaldp(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len) 742 { 743 uint8_t periph_id; 744 745 if (args[0] & 7) { 746 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 747 return; 748 } 749 periph_id = (args[0] >> 3) & 0x1f; 750 if (periph_id >= ch->parent->num_periph_req) { 751 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 752 return; 753 } 754 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) { 755 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR); 756 return; 757 } 758 pl330_dmald(ch, opcode, args, len); 759 } 760 761 static void pl330_dmalp(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len) 762 { 763 uint8_t lc = (opcode & 2) >> 1; 764 765 ch->lc[lc] = args[0]; 766 } 767 768 static void pl330_dmakill(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len) 769 { 770 if (ch->state == pl330_chan_fault || 771 ch->state == pl330_chan_fault_completing) { 772 /* This is the only way for a channel to leave the faulting state */ 773 ch->fault_type = 0; 774 ch->parent->num_faulting--; 775 if (ch->parent->num_faulting == 0) { 776 DB_PRINT("abort interrupt lowered\n"); 777 qemu_irq_lower(ch->parent->irq_abort); 778 } 779 } 780 ch->state = pl330_chan_killing; 781 pl330_fifo_tagged_remove(&ch->parent->fifo, ch->tag); 782 pl330_queue_remove_tagged(&ch->parent->read_queue, ch->tag); 783 pl330_queue_remove_tagged(&ch->parent->write_queue, ch->tag); 784 ch->state = pl330_chan_stopped; 785 } 786 787 static void pl330_dmalpend(PL330Chan *ch, uint8_t opcode, 788 uint8_t *args, int len) 789 { 790 uint8_t nf = (opcode & 0x10) >> 4; 791 uint8_t bs = opcode & 3; 792 uint8_t lc = (opcode & 4) >> 2; 793 794 if (bs == 2) { 795 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 796 return; 797 } 798 if ((bs == 1 && ch->request_flag == PL330_BURST) || 799 (bs == 3 && ch->request_flag == PL330_SINGLE)) { 800 /* Perform NOP */ 801 return; 802 } 803 if (!nf || ch->lc[lc]) { 804 if (nf) { 805 ch->lc[lc]--; 806 } 807 DB_PRINT("loop reiteration\n"); 808 ch->pc -= args[0]; 809 ch->pc -= len + 1; 810 /* "ch->pc -= args[0] + len + 1" is incorrect when args[0] == 256 */ 811 } else { 812 DB_PRINT("loop fallthrough\n"); 813 } 814 } 815 816 817 static void pl330_dmamov(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len) 818 { 819 uint8_t rd = args[0] & 7; 820 uint32_t im; 821 822 if ((args[0] >> 3)) { 823 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 824 return; 825 } 826 im = (((uint32_t)args[4]) << 24) | (((uint32_t)args[3]) << 16) | 827 (((uint32_t)args[2]) << 8) | (((uint32_t)args[1])); 828 switch (rd) { 829 case 0: 830 ch->src = im; 831 break; 832 case 1: 833 ch->control = im; 834 break; 835 case 2: 836 ch->dst = im; 837 break; 838 default: 839 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 840 return; 841 } 842 } 843 844 static void pl330_dmanop(PL330Chan *ch, uint8_t opcode, 845 uint8_t *args, int len) 846 { 847 /* NOP is NOP. */ 848 } 849 850 static void pl330_dmarmb(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len) 851 { 852 if (pl330_queue_find_insn(&ch->parent->read_queue, ch->tag, false)) { 853 ch->state = pl330_chan_at_barrier; 854 ch->stall = 1; 855 return; 856 } else { 857 ch->state = pl330_chan_executing; 858 } 859 } 860 861 static void pl330_dmasev(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len) 862 { 863 uint8_t ev_id; 864 865 if (args[0] & 7) { 866 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 867 return; 868 } 869 ev_id = (args[0] >> 3) & 0x1f; 870 if (ev_id >= ch->parent->num_events) { 871 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 872 return; 873 } 874 if (ch->ns && !(ch->parent->cfg[CFG_INS] & (1 << ev_id))) { 875 pl330_fault(ch, PL330_FAULT_EVENT_ERR); 876 return; 877 } 878 if (ch->parent->inten & (1 << ev_id)) { 879 ch->parent->int_status |= (1 << ev_id); 880 DB_PRINT("event interrupt raised %" PRId8 "\n", ev_id); 881 qemu_irq_raise(ch->parent->irq[ev_id]); 882 } 883 DB_PRINT("event raised %" PRId8 "\n", ev_id); 884 ch->parent->ev_status |= (1 << ev_id); 885 } 886 887 static void pl330_dmast(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len) 888 { 889 uint8_t bs = opcode & 3; 890 uint32_t size, num; 891 bool inc; 892 893 if (bs == 2) { 894 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 895 return; 896 } 897 if ((bs == 1 && ch->request_flag == PL330_BURST) || 898 (bs == 3 && ch->request_flag == PL330_SINGLE)) { 899 /* Perform NOP */ 900 return; 901 } 902 num = ((ch->control >> 18) & 0xf) + 1; 903 size = (uint32_t)1 << ((ch->control >> 15) & 0x7); 904 inc = !!((ch->control >> 14) & 1); 905 ch->stall = pl330_queue_put_insn(&ch->parent->write_queue, ch->dst, 906 size, num, inc, 0, ch->tag); 907 if (!ch->stall) { 908 DB_PRINT("channel:%" PRId8 " address:%08" PRIx32 " size:%" PRIx32 909 " num:%" PRId32 " %c\n", 910 ch->tag, ch->dst, size, num, inc ? 'Y' : 'N'); 911 ch->dst += inc ? size * num - (ch->dst & (size - 1)) : 0; 912 } 913 } 914 915 static void pl330_dmastp(PL330Chan *ch, uint8_t opcode, 916 uint8_t *args, int len) 917 { 918 uint8_t periph_id; 919 920 if (args[0] & 7) { 921 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 922 return; 923 } 924 periph_id = (args[0] >> 3) & 0x1f; 925 if (periph_id >= ch->parent->num_periph_req) { 926 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 927 return; 928 } 929 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) { 930 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR); 931 return; 932 } 933 pl330_dmast(ch, opcode, args, len); 934 } 935 936 static void pl330_dmastz(PL330Chan *ch, uint8_t opcode, 937 uint8_t *args, int len) 938 { 939 uint32_t size, num; 940 bool inc; 941 942 num = ((ch->control >> 18) & 0xf) + 1; 943 size = (uint32_t)1 << ((ch->control >> 15) & 0x7); 944 inc = !!((ch->control >> 14) & 1); 945 ch->stall = pl330_queue_put_insn(&ch->parent->write_queue, ch->dst, 946 size, num, inc, 1, ch->tag); 947 if (inc) { 948 ch->dst += size * num; 949 } 950 } 951 952 static void pl330_dmawfe(PL330Chan *ch, uint8_t opcode, 953 uint8_t *args, int len) 954 { 955 uint8_t ev_id; 956 int i; 957 958 if (args[0] & 5) { 959 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 960 return; 961 } 962 ev_id = (args[0] >> 3) & 0x1f; 963 if (ev_id >= ch->parent->num_events) { 964 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 965 return; 966 } 967 if (ch->ns && !(ch->parent->cfg[CFG_INS] & (1 << ev_id))) { 968 pl330_fault(ch, PL330_FAULT_EVENT_ERR); 969 return; 970 } 971 ch->wakeup = ev_id; 972 ch->state = pl330_chan_waiting_event; 973 if (~ch->parent->inten & ch->parent->ev_status & 1 << ev_id) { 974 ch->state = pl330_chan_executing; 975 /* If anyone else is currently waiting on the same event, let them 976 * clear the ev_status so they pick up event as well 977 */ 978 for (i = 0; i < ch->parent->num_chnls; ++i) { 979 PL330Chan *peer = &ch->parent->chan[i]; 980 if (peer->state == pl330_chan_waiting_event && 981 peer->wakeup == ev_id) { 982 return; 983 } 984 } 985 ch->parent->ev_status &= ~(1 << ev_id); 986 DB_PRINT("event lowered %" PRIx8 "\n", ev_id); 987 } else { 988 ch->stall = 1; 989 } 990 } 991 992 static void pl330_dmawfp(PL330Chan *ch, uint8_t opcode, 993 uint8_t *args, int len) 994 { 995 uint8_t bs = opcode & 3; 996 uint8_t periph_id; 997 998 if (args[0] & 7) { 999 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 1000 return; 1001 } 1002 periph_id = (args[0] >> 3) & 0x1f; 1003 if (periph_id >= ch->parent->num_periph_req) { 1004 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 1005 return; 1006 } 1007 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) { 1008 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR); 1009 return; 1010 } 1011 switch (bs) { 1012 case 0: /* S */ 1013 ch->request_flag = PL330_SINGLE; 1014 ch->wfp_sbp = 0; 1015 break; 1016 case 1: /* P */ 1017 ch->request_flag = PL330_BURST; 1018 ch->wfp_sbp = 2; 1019 break; 1020 case 2: /* B */ 1021 ch->request_flag = PL330_BURST; 1022 ch->wfp_sbp = 1; 1023 break; 1024 default: 1025 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID); 1026 return; 1027 } 1028 1029 if (ch->parent->periph_busy[periph_id]) { 1030 ch->state = pl330_chan_waiting_periph; 1031 ch->stall = 1; 1032 } else if (ch->state == pl330_chan_waiting_periph) { 1033 ch->state = pl330_chan_executing; 1034 } 1035 } 1036 1037 static void pl330_dmawmb(PL330Chan *ch, uint8_t opcode, 1038 uint8_t *args, int len) 1039 { 1040 if (pl330_queue_find_insn(&ch->parent->write_queue, ch->tag, false)) { 1041 ch->state = pl330_chan_at_barrier; 1042 ch->stall = 1; 1043 return; 1044 } else { 1045 ch->state = pl330_chan_executing; 1046 } 1047 } 1048 1049 /* NULL terminated array of the instruction descriptions. */ 1050 static const PL330InsnDesc insn_desc[] = { 1051 { .opcode = 0x54, .opmask = 0xFD, .size = 3, .exec = pl330_dmaaddh, }, 1052 { .opcode = 0x5c, .opmask = 0xFD, .size = 3, .exec = pl330_dmaadnh, }, 1053 { .opcode = 0x00, .opmask = 0xFF, .size = 1, .exec = pl330_dmaend, }, 1054 { .opcode = 0x35, .opmask = 0xFF, .size = 2, .exec = pl330_dmaflushp, }, 1055 { .opcode = 0xA0, .opmask = 0xFD, .size = 6, .exec = pl330_dmago, }, 1056 { .opcode = 0x04, .opmask = 0xFC, .size = 1, .exec = pl330_dmald, }, 1057 { .opcode = 0x25, .opmask = 0xFD, .size = 2, .exec = pl330_dmaldp, }, 1058 { .opcode = 0x20, .opmask = 0xFD, .size = 2, .exec = pl330_dmalp, }, 1059 /* dmastp must be before dmalpend in this list, because their maps 1060 * are overlapping 1061 */ 1062 { .opcode = 0x29, .opmask = 0xFD, .size = 2, .exec = pl330_dmastp, }, 1063 { .opcode = 0x28, .opmask = 0xE8, .size = 2, .exec = pl330_dmalpend, }, 1064 { .opcode = 0x01, .opmask = 0xFF, .size = 1, .exec = pl330_dmakill, }, 1065 { .opcode = 0xBC, .opmask = 0xFF, .size = 6, .exec = pl330_dmamov, }, 1066 { .opcode = 0x18, .opmask = 0xFF, .size = 1, .exec = pl330_dmanop, }, 1067 { .opcode = 0x12, .opmask = 0xFF, .size = 1, .exec = pl330_dmarmb, }, 1068 { .opcode = 0x34, .opmask = 0xFF, .size = 2, .exec = pl330_dmasev, }, 1069 { .opcode = 0x08, .opmask = 0xFC, .size = 1, .exec = pl330_dmast, }, 1070 { .opcode = 0x0C, .opmask = 0xFF, .size = 1, .exec = pl330_dmastz, }, 1071 { .opcode = 0x36, .opmask = 0xFF, .size = 2, .exec = pl330_dmawfe, }, 1072 { .opcode = 0x30, .opmask = 0xFC, .size = 2, .exec = pl330_dmawfp, }, 1073 { .opcode = 0x13, .opmask = 0xFF, .size = 1, .exec = pl330_dmawmb, }, 1074 { .opcode = 0x00, .opmask = 0x00, .size = 0, .exec = NULL, } 1075 }; 1076 1077 /* Instructions which can be issued via debug registers. */ 1078 static const PL330InsnDesc debug_insn_desc[] = { 1079 { .opcode = 0xA0, .opmask = 0xFD, .size = 6, .exec = pl330_dmago, }, 1080 { .opcode = 0x01, .opmask = 0xFF, .size = 1, .exec = pl330_dmakill, }, 1081 { .opcode = 0x34, .opmask = 0xFF, .size = 2, .exec = pl330_dmasev, }, 1082 { .opcode = 0x00, .opmask = 0x00, .size = 0, .exec = NULL, } 1083 }; 1084 1085 static inline const PL330InsnDesc *pl330_fetch_insn(PL330Chan *ch) 1086 { 1087 uint8_t opcode; 1088 int i; 1089 1090 dma_memory_read(&address_space_memory, ch->pc, &opcode, 1); 1091 for (i = 0; insn_desc[i].size; i++) { 1092 if ((opcode & insn_desc[i].opmask) == insn_desc[i].opcode) { 1093 return &insn_desc[i]; 1094 } 1095 } 1096 return NULL; 1097 } 1098 1099 static inline void pl330_exec_insn(PL330Chan *ch, const PL330InsnDesc *insn) 1100 { 1101 uint8_t buf[PL330_INSN_MAXSIZE]; 1102 1103 assert(insn->size <= PL330_INSN_MAXSIZE); 1104 dma_memory_read(&address_space_memory, ch->pc, buf, insn->size); 1105 insn->exec(ch, buf[0], &buf[1], insn->size - 1); 1106 } 1107 1108 static inline void pl330_update_pc(PL330Chan *ch, 1109 const PL330InsnDesc *insn) 1110 { 1111 ch->pc += insn->size; 1112 } 1113 1114 /* Try to execute current instruction in channel CH. Number of executed 1115 instructions is returned (0 or 1). */ 1116 static int pl330_chan_exec(PL330Chan *ch) 1117 { 1118 const PL330InsnDesc *insn; 1119 1120 if (ch->state != pl330_chan_executing && 1121 ch->state != pl330_chan_waiting_periph && 1122 ch->state != pl330_chan_at_barrier && 1123 ch->state != pl330_chan_waiting_event) { 1124 return 0; 1125 } 1126 ch->stall = 0; 1127 insn = pl330_fetch_insn(ch); 1128 if (!insn) { 1129 DB_PRINT("pl330 undefined instruction\n"); 1130 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR); 1131 return 0; 1132 } 1133 pl330_exec_insn(ch, insn); 1134 if (!ch->stall) { 1135 pl330_update_pc(ch, insn); 1136 ch->watchdog_timer = 0; 1137 return 1; 1138 /* WDT only active in exec state */ 1139 } else if (ch->state == pl330_chan_executing) { 1140 ch->watchdog_timer++; 1141 if (ch->watchdog_timer >= PL330_WATCHDOG_LIMIT) { 1142 pl330_fault(ch, PL330_FAULT_LOCKUP_ERR); 1143 } 1144 } 1145 return 0; 1146 } 1147 1148 /* Try to execute 1 instruction in each channel, one instruction from read 1149 queue and one instruction from write queue. Number of successfully executed 1150 instructions is returned. */ 1151 static int pl330_exec_cycle(PL330Chan *channel) 1152 { 1153 PL330State *s = channel->parent; 1154 PL330QueueEntry *q; 1155 int i; 1156 int num_exec = 0; 1157 int fifo_res = 0; 1158 uint8_t buf[PL330_MAX_BURST_LEN]; 1159 1160 /* Execute one instruction in each channel */ 1161 num_exec += pl330_chan_exec(channel); 1162 1163 /* Execute one instruction from read queue */ 1164 q = pl330_queue_find_insn(&s->read_queue, PL330_UNTAGGED, true); 1165 if (q != NULL && q->len <= pl330_fifo_num_free(&s->fifo)) { 1166 int len = q->len - (q->addr & (q->len - 1)); 1167 1168 dma_memory_read(&address_space_memory, q->addr, buf, len); 1169 if (PL330_ERR_DEBUG > 1) { 1170 DB_PRINT("PL330 read from memory @%08" PRIx32 " (size = %08x):\n", 1171 q->addr, len); 1172 qemu_hexdump((char *)buf, stderr, "", len); 1173 } 1174 fifo_res = pl330_fifo_push(&s->fifo, buf, len, q->tag); 1175 if (fifo_res == PL330_FIFO_OK) { 1176 if (q->inc) { 1177 q->addr += len; 1178 } 1179 q->n--; 1180 if (!q->n) { 1181 pl330_queue_remove_insn(&s->read_queue, q); 1182 } 1183 num_exec++; 1184 } 1185 } 1186 1187 /* Execute one instruction from write queue. */ 1188 q = pl330_queue_find_insn(&s->write_queue, pl330_fifo_tag(&s->fifo), true); 1189 if (q != NULL) { 1190 int len = q->len - (q->addr & (q->len - 1)); 1191 1192 if (q->z) { 1193 for (i = 0; i < len; i++) { 1194 buf[i] = 0; 1195 } 1196 } else { 1197 fifo_res = pl330_fifo_get(&s->fifo, buf, len, q->tag); 1198 } 1199 if (fifo_res == PL330_FIFO_OK || q->z) { 1200 dma_memory_write(&address_space_memory, q->addr, buf, len); 1201 if (PL330_ERR_DEBUG > 1) { 1202 DB_PRINT("PL330 read from memory @%08" PRIx32 1203 " (size = %08x):\n", q->addr, len); 1204 qemu_hexdump((char *)buf, stderr, "", len); 1205 } 1206 if (q->inc) { 1207 q->addr += len; 1208 } 1209 num_exec++; 1210 } else if (fifo_res == PL330_FIFO_STALL) { 1211 pl330_fault(&channel->parent->chan[q->tag], 1212 PL330_FAULT_FIFOEMPTY_ERR); 1213 } 1214 q->n--; 1215 if (!q->n) { 1216 pl330_queue_remove_insn(&s->write_queue, q); 1217 } 1218 } 1219 1220 return num_exec; 1221 } 1222 1223 static int pl330_exec_channel(PL330Chan *channel) 1224 { 1225 int insr_exec = 0; 1226 1227 /* TODO: Is it all right to execute everything or should we do per-cycle 1228 simulation? */ 1229 while (pl330_exec_cycle(channel)) { 1230 insr_exec++; 1231 } 1232 1233 /* Detect deadlock */ 1234 if (channel->state == pl330_chan_executing) { 1235 pl330_fault(channel, PL330_FAULT_LOCKUP_ERR); 1236 } 1237 /* Situation when one of the queues has deadlocked but all channels 1238 * have finished their programs should be impossible. 1239 */ 1240 1241 return insr_exec; 1242 } 1243 1244 static inline void pl330_exec(PL330State *s) 1245 { 1246 DB_PRINT("\n"); 1247 int i, insr_exec; 1248 do { 1249 insr_exec = pl330_exec_channel(&s->manager); 1250 1251 for (i = 0; i < s->num_chnls; i++) { 1252 insr_exec += pl330_exec_channel(&s->chan[i]); 1253 } 1254 } while (insr_exec); 1255 } 1256 1257 static void pl330_exec_cycle_timer(void *opaque) 1258 { 1259 PL330State *s = (PL330State *)opaque; 1260 pl330_exec(s); 1261 } 1262 1263 /* Stop or restore dma operations */ 1264 1265 static void pl330_dma_stop_irq(void *opaque, int irq, int level) 1266 { 1267 PL330State *s = (PL330State *)opaque; 1268 1269 if (s->periph_busy[irq] != level) { 1270 s->periph_busy[irq] = level; 1271 timer_mod(s->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)); 1272 } 1273 } 1274 1275 static void pl330_debug_exec(PL330State *s) 1276 { 1277 uint8_t args[5]; 1278 uint8_t opcode; 1279 uint8_t chan_id; 1280 int i; 1281 PL330Chan *ch; 1282 const PL330InsnDesc *insn; 1283 1284 s->debug_status = 1; 1285 chan_id = (s->dbg[0] >> 8) & 0x07; 1286 opcode = (s->dbg[0] >> 16) & 0xff; 1287 args[0] = (s->dbg[0] >> 24) & 0xff; 1288 args[1] = (s->dbg[1] >> 0) & 0xff; 1289 args[2] = (s->dbg[1] >> 8) & 0xff; 1290 args[3] = (s->dbg[1] >> 16) & 0xff; 1291 args[4] = (s->dbg[1] >> 24) & 0xff; 1292 DB_PRINT("chan id: %" PRIx8 "\n", chan_id); 1293 if (s->dbg[0] & 1) { 1294 ch = &s->chan[chan_id]; 1295 } else { 1296 ch = &s->manager; 1297 } 1298 insn = NULL; 1299 for (i = 0; debug_insn_desc[i].size; i++) { 1300 if ((opcode & debug_insn_desc[i].opmask) == debug_insn_desc[i].opcode) { 1301 insn = &debug_insn_desc[i]; 1302 } 1303 } 1304 if (!insn) { 1305 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR | PL330_FAULT_DBG_INSTR); 1306 return ; 1307 } 1308 ch->stall = 0; 1309 insn->exec(ch, opcode, args, insn->size - 1); 1310 if (ch->fault_type) { 1311 ch->fault_type |= PL330_FAULT_DBG_INSTR; 1312 } 1313 if (ch->stall) { 1314 qemu_log_mask(LOG_UNIMP, "pl330: stall of debug instruction not " 1315 "implemented\n"); 1316 } 1317 s->debug_status = 0; 1318 } 1319 1320 /* IOMEM mapped registers */ 1321 1322 static void pl330_iomem_write(void *opaque, hwaddr offset, 1323 uint64_t value, unsigned size) 1324 { 1325 PL330State *s = (PL330State *) opaque; 1326 int i; 1327 1328 DB_PRINT("addr: %08x data: %08x\n", (unsigned)offset, (unsigned)value); 1329 1330 switch (offset) { 1331 case PL330_REG_INTEN: 1332 s->inten = value; 1333 break; 1334 case PL330_REG_INTCLR: 1335 for (i = 0; i < s->num_events; i++) { 1336 if (s->int_status & s->inten & value & (1 << i)) { 1337 DB_PRINT("event interrupt lowered %d\n", i); 1338 qemu_irq_lower(s->irq[i]); 1339 } 1340 } 1341 s->ev_status &= ~(value & s->inten); 1342 s->int_status &= ~(value & s->inten); 1343 break; 1344 case PL330_REG_DBGCMD: 1345 if ((value & 3) == 0) { 1346 pl330_debug_exec(s); 1347 pl330_exec(s); 1348 } else { 1349 qemu_log_mask(LOG_GUEST_ERROR, "pl330: write of illegal value %u " 1350 "for offset " TARGET_FMT_plx "\n", (unsigned)value, 1351 offset); 1352 } 1353 break; 1354 case PL330_REG_DBGINST0: 1355 DB_PRINT("s->dbg[0] = %08x\n", (unsigned)value); 1356 s->dbg[0] = value; 1357 break; 1358 case PL330_REG_DBGINST1: 1359 DB_PRINT("s->dbg[1] = %08x\n", (unsigned)value); 1360 s->dbg[1] = value; 1361 break; 1362 default: 1363 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad write offset " TARGET_FMT_plx 1364 "\n", offset); 1365 break; 1366 } 1367 } 1368 1369 static inline uint32_t pl330_iomem_read_imp(void *opaque, 1370 hwaddr offset) 1371 { 1372 PL330State *s = (PL330State *)opaque; 1373 int chan_id; 1374 int i; 1375 uint32_t res; 1376 1377 if (offset >= PL330_REG_PERIPH_ID && offset < PL330_REG_PERIPH_ID + 32) { 1378 return pl330_id[(offset - PL330_REG_PERIPH_ID) >> 2]; 1379 } 1380 if (offset >= PL330_REG_CR0_BASE && offset < PL330_REG_CR0_BASE + 24) { 1381 return s->cfg[(offset - PL330_REG_CR0_BASE) >> 2]; 1382 } 1383 if (offset >= PL330_REG_CHANCTRL && offset < PL330_REG_DBGSTATUS) { 1384 offset -= PL330_REG_CHANCTRL; 1385 chan_id = offset >> 5; 1386 if (chan_id >= s->num_chnls) { 1387 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset " 1388 TARGET_FMT_plx "\n", offset); 1389 return 0; 1390 } 1391 switch (offset & 0x1f) { 1392 case 0x00: 1393 return s->chan[chan_id].src; 1394 case 0x04: 1395 return s->chan[chan_id].dst; 1396 case 0x08: 1397 return s->chan[chan_id].control; 1398 case 0x0C: 1399 return s->chan[chan_id].lc[0]; 1400 case 0x10: 1401 return s->chan[chan_id].lc[1]; 1402 default: 1403 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset " 1404 TARGET_FMT_plx "\n", offset); 1405 return 0; 1406 } 1407 } 1408 if (offset >= PL330_REG_CSR_BASE && offset < 0x400) { 1409 offset -= PL330_REG_CSR_BASE; 1410 chan_id = offset >> 3; 1411 if (chan_id >= s->num_chnls) { 1412 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset " 1413 TARGET_FMT_plx "\n", offset); 1414 return 0; 1415 } 1416 switch ((offset >> 2) & 1) { 1417 case 0x0: 1418 res = (s->chan[chan_id].ns << 21) | 1419 (s->chan[chan_id].wakeup << 4) | 1420 (s->chan[chan_id].state) | 1421 (s->chan[chan_id].wfp_sbp << 14); 1422 return res; 1423 case 0x1: 1424 return s->chan[chan_id].pc; 1425 default: 1426 qemu_log_mask(LOG_GUEST_ERROR, "pl330: read error\n"); 1427 return 0; 1428 } 1429 } 1430 if (offset >= PL330_REG_FTR_BASE && offset < 0x100) { 1431 offset -= PL330_REG_FTR_BASE; 1432 chan_id = offset >> 2; 1433 if (chan_id >= s->num_chnls) { 1434 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset " 1435 TARGET_FMT_plx "\n", offset); 1436 return 0; 1437 } 1438 return s->chan[chan_id].fault_type; 1439 } 1440 switch (offset) { 1441 case PL330_REG_DSR: 1442 return (s->manager.ns << 9) | (s->manager.wakeup << 4) | 1443 (s->manager.state & 0xf); 1444 case PL330_REG_DPC: 1445 return s->manager.pc; 1446 case PL330_REG_INTEN: 1447 return s->inten; 1448 case PL330_REG_INT_EVENT_RIS: 1449 return s->ev_status; 1450 case PL330_REG_INTMIS: 1451 return s->int_status; 1452 case PL330_REG_INTCLR: 1453 /* Documentation says that we can't read this register 1454 * but linux kernel does it 1455 */ 1456 return 0; 1457 case PL330_REG_FSRD: 1458 return s->manager.state ? 1 : 0; 1459 case PL330_REG_FSRC: 1460 res = 0; 1461 for (i = 0; i < s->num_chnls; i++) { 1462 if (s->chan[i].state == pl330_chan_fault || 1463 s->chan[i].state == pl330_chan_fault_completing) { 1464 res |= 1 << i; 1465 } 1466 } 1467 return res; 1468 case PL330_REG_FTRD: 1469 return s->manager.fault_type; 1470 case PL330_REG_DBGSTATUS: 1471 return s->debug_status; 1472 default: 1473 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset " 1474 TARGET_FMT_plx "\n", offset); 1475 } 1476 return 0; 1477 } 1478 1479 static uint64_t pl330_iomem_read(void *opaque, hwaddr offset, 1480 unsigned size) 1481 { 1482 uint32_t ret = pl330_iomem_read_imp(opaque, offset); 1483 DB_PRINT("addr: %08" HWADDR_PRIx " data: %08" PRIx32 "\n", offset, ret); 1484 return ret; 1485 } 1486 1487 static const MemoryRegionOps pl330_ops = { 1488 .read = pl330_iomem_read, 1489 .write = pl330_iomem_write, 1490 .endianness = DEVICE_NATIVE_ENDIAN, 1491 .impl = { 1492 .min_access_size = 4, 1493 .max_access_size = 4, 1494 } 1495 }; 1496 1497 /* Controller logic and initialization */ 1498 1499 static void pl330_chan_reset(PL330Chan *ch) 1500 { 1501 ch->src = 0; 1502 ch->dst = 0; 1503 ch->pc = 0; 1504 ch->state = pl330_chan_stopped; 1505 ch->watchdog_timer = 0; 1506 ch->stall = 0; 1507 ch->control = 0; 1508 ch->status = 0; 1509 ch->fault_type = 0; 1510 } 1511 1512 static void pl330_reset(DeviceState *d) 1513 { 1514 int i; 1515 PL330State *s = PL330(d); 1516 1517 s->inten = 0; 1518 s->int_status = 0; 1519 s->ev_status = 0; 1520 s->debug_status = 0; 1521 s->num_faulting = 0; 1522 s->manager.ns = s->mgr_ns_at_rst; 1523 pl330_fifo_reset(&s->fifo); 1524 pl330_queue_reset(&s->read_queue); 1525 pl330_queue_reset(&s->write_queue); 1526 1527 for (i = 0; i < s->num_chnls; i++) { 1528 pl330_chan_reset(&s->chan[i]); 1529 } 1530 for (i = 0; i < s->num_periph_req; i++) { 1531 s->periph_busy[i] = 0; 1532 } 1533 1534 timer_del(s->timer); 1535 } 1536 1537 static void pl330_realize(DeviceState *dev, Error **errp) 1538 { 1539 int i; 1540 PL330State *s = PL330(dev); 1541 1542 sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq_abort); 1543 memory_region_init_io(&s->iomem, OBJECT(s), &pl330_ops, s, 1544 "dma", PL330_IOMEM_SIZE); 1545 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem); 1546 1547 s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pl330_exec_cycle_timer, s); 1548 1549 s->cfg[0] = (s->mgr_ns_at_rst ? 0x4 : 0) | 1550 (s->num_periph_req > 0 ? 1 : 0) | 1551 ((s->num_chnls - 1) & 0x7) << 4 | 1552 ((s->num_periph_req - 1) & 0x1f) << 12 | 1553 ((s->num_events - 1) & 0x1f) << 17; 1554 1555 switch (s->i_cache_len) { 1556 case (4): 1557 s->cfg[1] |= 2; 1558 break; 1559 case (8): 1560 s->cfg[1] |= 3; 1561 break; 1562 case (16): 1563 s->cfg[1] |= 4; 1564 break; 1565 case (32): 1566 s->cfg[1] |= 5; 1567 break; 1568 default: 1569 error_setg(errp, "Bad value for i-cache_len property: %" PRIx8 "\n", 1570 s->i_cache_len); 1571 return; 1572 } 1573 s->cfg[1] |= ((s->num_i_cache_lines - 1) & 0xf) << 4; 1574 1575 s->chan = g_new0(PL330Chan, s->num_chnls); 1576 s->hi_seqn = g_new0(uint8_t, s->num_chnls); 1577 s->lo_seqn = g_new0(uint8_t, s->num_chnls); 1578 for (i = 0; i < s->num_chnls; i++) { 1579 s->chan[i].parent = s; 1580 s->chan[i].tag = (uint8_t)i; 1581 } 1582 s->manager.parent = s; 1583 s->manager.tag = s->num_chnls; 1584 s->manager.is_manager = true; 1585 1586 s->irq = g_new0(qemu_irq, s->num_events); 1587 for (i = 0; i < s->num_events; i++) { 1588 sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq[i]); 1589 } 1590 1591 qdev_init_gpio_in(dev, pl330_dma_stop_irq, PL330_PERIPH_NUM); 1592 1593 switch (s->data_width) { 1594 case (32): 1595 s->cfg[CFG_CRD] |= 0x2; 1596 break; 1597 case (64): 1598 s->cfg[CFG_CRD] |= 0x3; 1599 break; 1600 case (128): 1601 s->cfg[CFG_CRD] |= 0x4; 1602 break; 1603 default: 1604 error_setg(errp, "Bad value for data_width property: %" PRIx8 "\n", 1605 s->data_width); 1606 return; 1607 } 1608 1609 s->cfg[CFG_CRD] |= ((s->wr_cap - 1) & 0x7) << 4 | 1610 ((s->wr_q_dep - 1) & 0xf) << 8 | 1611 ((s->rd_cap - 1) & 0x7) << 12 | 1612 ((s->rd_q_dep - 1) & 0xf) << 16 | 1613 ((s->data_buffer_dep - 1) & 0x1ff) << 20; 1614 1615 pl330_queue_init(&s->read_queue, s->rd_q_dep, s); 1616 pl330_queue_init(&s->write_queue, s->wr_q_dep, s); 1617 pl330_fifo_init(&s->fifo, s->data_width / 4 * s->data_buffer_dep); 1618 } 1619 1620 static Property pl330_properties[] = { 1621 /* CR0 */ 1622 DEFINE_PROP_UINT32("num_chnls", PL330State, num_chnls, 8), 1623 DEFINE_PROP_UINT8("num_periph_req", PL330State, num_periph_req, 4), 1624 DEFINE_PROP_UINT8("num_events", PL330State, num_events, 16), 1625 DEFINE_PROP_UINT8("mgr_ns_at_rst", PL330State, mgr_ns_at_rst, 0), 1626 /* CR1 */ 1627 DEFINE_PROP_UINT8("i-cache_len", PL330State, i_cache_len, 4), 1628 DEFINE_PROP_UINT8("num_i-cache_lines", PL330State, num_i_cache_lines, 8), 1629 /* CR2-4 */ 1630 DEFINE_PROP_UINT32("boot_addr", PL330State, cfg[CFG_BOOT_ADDR], 0), 1631 DEFINE_PROP_UINT32("INS", PL330State, cfg[CFG_INS], 0), 1632 DEFINE_PROP_UINT32("PNS", PL330State, cfg[CFG_PNS], 0), 1633 /* CRD */ 1634 DEFINE_PROP_UINT8("data_width", PL330State, data_width, 64), 1635 DEFINE_PROP_UINT8("wr_cap", PL330State, wr_cap, 8), 1636 DEFINE_PROP_UINT8("wr_q_dep", PL330State, wr_q_dep, 16), 1637 DEFINE_PROP_UINT8("rd_cap", PL330State, rd_cap, 8), 1638 DEFINE_PROP_UINT8("rd_q_dep", PL330State, rd_q_dep, 16), 1639 DEFINE_PROP_UINT16("data_buffer_dep", PL330State, data_buffer_dep, 256), 1640 1641 DEFINE_PROP_END_OF_LIST(), 1642 }; 1643 1644 static void pl330_class_init(ObjectClass *klass, void *data) 1645 { 1646 DeviceClass *dc = DEVICE_CLASS(klass); 1647 1648 dc->realize = pl330_realize; 1649 dc->reset = pl330_reset; 1650 dc->props = pl330_properties; 1651 dc->vmsd = &vmstate_pl330; 1652 } 1653 1654 static const TypeInfo pl330_type_info = { 1655 .name = TYPE_PL330, 1656 .parent = TYPE_SYS_BUS_DEVICE, 1657 .instance_size = sizeof(PL330State), 1658 .class_init = pl330_class_init, 1659 }; 1660 1661 static void pl330_register_types(void) 1662 { 1663 type_register_static(&pl330_type_info); 1664 } 1665 1666 type_init(pl330_register_types) 1667