1 /* 2 * QEMU ARM CP Register PMU insns 3 * SPDX-License-Identifier: GPL-2.0-or-later 4 */ 5 6 #include "qemu/osdep.h" 7 #include "qemu/timer.h" 8 #include "exec/icount.h" 9 #include "hw/irq.h" 10 #include "cpu.h" 11 #include "cpu-features.h" 12 #include "cpregs.h" 13 #include "internals.h" 14 15 16 #define ARM_CPU_FREQ 1000000000 /* FIXME: 1 GHz, should be configurable */ 17 18 /* 19 * Check for traps to performance monitor registers, which are controlled 20 * by MDCR_EL2.TPM for EL2 and MDCR_EL3.TPM for EL3. 21 */ 22 static CPAccessResult access_tpm(CPUARMState *env, const ARMCPRegInfo *ri, 23 bool isread) 24 { 25 int el = arm_current_el(env); 26 uint64_t mdcr_el2 = arm_mdcr_el2_eff(env); 27 28 if (el < 2 && (mdcr_el2 & MDCR_TPM)) { 29 return CP_ACCESS_TRAP_EL2; 30 } 31 if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TPM)) { 32 return CP_ACCESS_TRAP_EL3; 33 } 34 return CP_ACCESS_OK; 35 } 36 37 typedef struct pm_event { 38 uint16_t number; /* PMEVTYPER.evtCount is 16 bits wide */ 39 /* If the event is supported on this CPU (used to generate PMCEID[01]) */ 40 bool (*supported)(CPUARMState *); 41 /* 42 * Retrieve the current count of the underlying event. The programmed 43 * counters hold a difference from the return value from this function 44 */ 45 uint64_t (*get_count)(CPUARMState *); 46 /* 47 * Return how many nanoseconds it will take (at a minimum) for count events 48 * to occur. A negative value indicates the counter will never overflow, or 49 * that the counter has otherwise arranged for the overflow bit to be set 50 * and the PMU interrupt to be raised on overflow. 51 */ 52 int64_t (*ns_per_count)(uint64_t); 53 } pm_event; 54 55 static bool event_always_supported(CPUARMState *env) 56 { 57 return true; 58 } 59 60 static uint64_t swinc_get_count(CPUARMState *env) 61 { 62 /* 63 * SW_INCR events are written directly to the pmevcntr's by writes to 64 * PMSWINC, so there is no underlying count maintained by the PMU itself 65 */ 66 return 0; 67 } 68 69 static int64_t swinc_ns_per(uint64_t ignored) 70 { 71 return -1; 72 } 73 74 /* 75 * Return the underlying cycle count for the PMU cycle counters. If we're in 76 * usermode, simply return 0. 77 */ 78 static uint64_t cycles_get_count(CPUARMState *env) 79 { 80 #ifndef CONFIG_USER_ONLY 81 return muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), 82 ARM_CPU_FREQ, NANOSECONDS_PER_SECOND); 83 #else 84 return cpu_get_host_ticks(); 85 #endif 86 } 87 88 #ifndef CONFIG_USER_ONLY 89 static int64_t cycles_ns_per(uint64_t cycles) 90 { 91 return (ARM_CPU_FREQ / NANOSECONDS_PER_SECOND) * cycles; 92 } 93 94 static bool instructions_supported(CPUARMState *env) 95 { 96 /* Precise instruction counting */ 97 return icount_enabled() == ICOUNT_PRECISE; 98 } 99 100 static uint64_t instructions_get_count(CPUARMState *env) 101 { 102 assert(icount_enabled() == ICOUNT_PRECISE); 103 return (uint64_t)icount_get_raw(); 104 } 105 106 static int64_t instructions_ns_per(uint64_t icount) 107 { 108 assert(icount_enabled() == ICOUNT_PRECISE); 109 return icount_to_ns((int64_t)icount); 110 } 111 #endif 112 113 static bool pmuv3p1_events_supported(CPUARMState *env) 114 { 115 /* For events which are supported in any v8.1 PMU */ 116 return cpu_isar_feature(any_pmuv3p1, env_archcpu(env)); 117 } 118 119 static bool pmuv3p4_events_supported(CPUARMState *env) 120 { 121 /* For events which are supported in any v8.1 PMU */ 122 return cpu_isar_feature(any_pmuv3p4, env_archcpu(env)); 123 } 124 125 static uint64_t zero_event_get_count(CPUARMState *env) 126 { 127 /* For events which on QEMU never fire, so their count is always zero */ 128 return 0; 129 } 130 131 static int64_t zero_event_ns_per(uint64_t cycles) 132 { 133 /* An event which never fires can never overflow */ 134 return -1; 135 } 136 137 static const pm_event pm_events[] = { 138 { .number = 0x000, /* SW_INCR */ 139 .supported = event_always_supported, 140 .get_count = swinc_get_count, 141 .ns_per_count = swinc_ns_per, 142 }, 143 #ifndef CONFIG_USER_ONLY 144 { .number = 0x008, /* INST_RETIRED, Instruction architecturally executed */ 145 .supported = instructions_supported, 146 .get_count = instructions_get_count, 147 .ns_per_count = instructions_ns_per, 148 }, 149 { .number = 0x011, /* CPU_CYCLES, Cycle */ 150 .supported = event_always_supported, 151 .get_count = cycles_get_count, 152 .ns_per_count = cycles_ns_per, 153 }, 154 #endif 155 { .number = 0x023, /* STALL_FRONTEND */ 156 .supported = pmuv3p1_events_supported, 157 .get_count = zero_event_get_count, 158 .ns_per_count = zero_event_ns_per, 159 }, 160 { .number = 0x024, /* STALL_BACKEND */ 161 .supported = pmuv3p1_events_supported, 162 .get_count = zero_event_get_count, 163 .ns_per_count = zero_event_ns_per, 164 }, 165 { .number = 0x03c, /* STALL */ 166 .supported = pmuv3p4_events_supported, 167 .get_count = zero_event_get_count, 168 .ns_per_count = zero_event_ns_per, 169 }, 170 }; 171 172 /* 173 * Note: Before increasing MAX_EVENT_ID beyond 0x3f into the 0x40xx range of 174 * events (i.e. the statistical profiling extension), this implementation 175 * should first be updated to something sparse instead of the current 176 * supported_event_map[] array. 177 */ 178 #define MAX_EVENT_ID 0x3c 179 #define UNSUPPORTED_EVENT UINT16_MAX 180 static uint16_t supported_event_map[MAX_EVENT_ID + 1]; 181 182 /* 183 * Called upon CPU initialization to initialize PMCEID[01]_EL0 and build a map 184 * of ARM event numbers to indices in our pm_events array. 185 * 186 * Note: Events in the 0x40XX range are not currently supported. 187 */ 188 void pmu_init(ARMCPU *cpu) 189 { 190 unsigned int i; 191 192 /* 193 * Empty supported_event_map and cpu->pmceid[01] before adding supported 194 * events to them 195 */ 196 for (i = 0; i < ARRAY_SIZE(supported_event_map); i++) { 197 supported_event_map[i] = UNSUPPORTED_EVENT; 198 } 199 cpu->pmceid0 = 0; 200 cpu->pmceid1 = 0; 201 202 for (i = 0; i < ARRAY_SIZE(pm_events); i++) { 203 const pm_event *cnt = &pm_events[i]; 204 assert(cnt->number <= MAX_EVENT_ID); 205 /* We do not currently support events in the 0x40xx range */ 206 assert(cnt->number <= 0x3f); 207 208 if (cnt->supported(&cpu->env)) { 209 supported_event_map[cnt->number] = i; 210 uint64_t event_mask = 1ULL << (cnt->number & 0x1f); 211 if (cnt->number & 0x20) { 212 cpu->pmceid1 |= event_mask; 213 } else { 214 cpu->pmceid0 |= event_mask; 215 } 216 } 217 } 218 } 219 220 /* 221 * Check at runtime whether a PMU event is supported for the current machine 222 */ 223 static bool event_supported(uint16_t number) 224 { 225 if (number > MAX_EVENT_ID) { 226 return false; 227 } 228 return supported_event_map[number] != UNSUPPORTED_EVENT; 229 } 230 231 static CPAccessResult do_pmreg_access(CPUARMState *env, bool is_pmcr) 232 { 233 /* 234 * Performance monitor registers user accessibility is controlled 235 * by PMUSERENR. MDCR_EL2.TPM/TPMCR and MDCR_EL3.TPM allow configurable 236 * trapping to EL2 or EL3 for other accesses. 237 */ 238 int el = arm_current_el(env); 239 240 if (el == 0 && !(env->cp15.c9_pmuserenr & 1)) { 241 return CP_ACCESS_TRAP_EL1; 242 } 243 if (el < 2) { 244 uint64_t mdcr_el2 = arm_mdcr_el2_eff(env); 245 246 if (mdcr_el2 & MDCR_TPM) { 247 return CP_ACCESS_TRAP_EL2; 248 } 249 if (is_pmcr && (mdcr_el2 & MDCR_TPMCR)) { 250 return CP_ACCESS_TRAP_EL2; 251 } 252 } 253 if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TPM)) { 254 return CP_ACCESS_TRAP_EL3; 255 } 256 257 return CP_ACCESS_OK; 258 } 259 260 static CPAccessResult pmreg_access(CPUARMState *env, const ARMCPRegInfo *ri, 261 bool isread) 262 { 263 return do_pmreg_access(env, false); 264 } 265 266 static CPAccessResult pmreg_access_pmcr(CPUARMState *env, 267 const ARMCPRegInfo *ri, 268 bool isread) 269 { 270 return do_pmreg_access(env, true); 271 } 272 273 static CPAccessResult pmreg_access_xevcntr(CPUARMState *env, 274 const ARMCPRegInfo *ri, 275 bool isread) 276 { 277 /* ER: event counter read trap control */ 278 if (arm_feature(env, ARM_FEATURE_V8) 279 && arm_current_el(env) == 0 280 && (env->cp15.c9_pmuserenr & (1 << 3)) != 0 281 && isread) { 282 return CP_ACCESS_OK; 283 } 284 285 return pmreg_access(env, ri, isread); 286 } 287 288 static CPAccessResult pmreg_access_swinc(CPUARMState *env, 289 const ARMCPRegInfo *ri, 290 bool isread) 291 { 292 /* SW: software increment write trap control */ 293 if (arm_feature(env, ARM_FEATURE_V8) 294 && arm_current_el(env) == 0 295 && (env->cp15.c9_pmuserenr & (1 << 1)) != 0 296 && !isread) { 297 return CP_ACCESS_OK; 298 } 299 300 return pmreg_access(env, ri, isread); 301 } 302 303 static CPAccessResult pmreg_access_selr(CPUARMState *env, 304 const ARMCPRegInfo *ri, 305 bool isread) 306 { 307 /* ER: event counter read trap control */ 308 if (arm_feature(env, ARM_FEATURE_V8) 309 && arm_current_el(env) == 0 310 && (env->cp15.c9_pmuserenr & (1 << 3)) != 0) { 311 return CP_ACCESS_OK; 312 } 313 314 return pmreg_access(env, ri, isread); 315 } 316 317 static CPAccessResult pmreg_access_ccntr(CPUARMState *env, 318 const ARMCPRegInfo *ri, 319 bool isread) 320 { 321 /* CR: cycle counter read trap control */ 322 if (arm_feature(env, ARM_FEATURE_V8) 323 && arm_current_el(env) == 0 324 && (env->cp15.c9_pmuserenr & (1 << 2)) != 0 325 && isread) { 326 return CP_ACCESS_OK; 327 } 328 329 return pmreg_access(env, ri, isread); 330 } 331 332 /* 333 * Returns true if the counter (pass 31 for PMCCNTR) should count events using 334 * the current EL, security state, and register configuration. 335 */ 336 static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter) 337 { 338 uint64_t filter; 339 bool e, p, u, nsk, nsu, nsh, m; 340 bool enabled, prohibited = false, filtered; 341 bool secure = arm_is_secure(env); 342 int el = arm_current_el(env); 343 uint64_t mdcr_el2; 344 uint8_t hpmn; 345 346 /* 347 * We might be called for M-profile cores where MDCR_EL2 doesn't 348 * exist and arm_mdcr_el2_eff() will assert, so this early-exit check 349 * must be before we read that value. 350 */ 351 if (!arm_feature(env, ARM_FEATURE_PMU)) { 352 return false; 353 } 354 355 mdcr_el2 = arm_mdcr_el2_eff(env); 356 hpmn = mdcr_el2 & MDCR_HPMN; 357 358 if (!arm_feature(env, ARM_FEATURE_EL2) || 359 (counter < hpmn || counter == 31)) { 360 e = env->cp15.c9_pmcr & PMCRE; 361 } else { 362 e = mdcr_el2 & MDCR_HPME; 363 } 364 enabled = e && (env->cp15.c9_pmcnten & (1 << counter)); 365 366 /* Is event counting prohibited? */ 367 if (el == 2 && (counter < hpmn || counter == 31)) { 368 prohibited = mdcr_el2 & MDCR_HPMD; 369 } 370 if (secure) { 371 prohibited = prohibited || !(env->cp15.mdcr_el3 & MDCR_SPME); 372 } 373 374 if (counter == 31) { 375 /* 376 * The cycle counter defaults to running. PMCR.DP says "disable 377 * the cycle counter when event counting is prohibited". 378 * Some MDCR bits disable the cycle counter specifically. 379 */ 380 prohibited = prohibited && env->cp15.c9_pmcr & PMCRDP; 381 if (cpu_isar_feature(any_pmuv3p5, env_archcpu(env))) { 382 if (secure) { 383 prohibited = prohibited || (env->cp15.mdcr_el3 & MDCR_SCCD); 384 } 385 if (el == 2) { 386 prohibited = prohibited || (mdcr_el2 & MDCR_HCCD); 387 } 388 } 389 } 390 391 if (counter == 31) { 392 filter = env->cp15.pmccfiltr_el0; 393 } else { 394 filter = env->cp15.c14_pmevtyper[counter]; 395 } 396 397 p = filter & PMXEVTYPER_P; 398 u = filter & PMXEVTYPER_U; 399 nsk = arm_feature(env, ARM_FEATURE_EL3) && (filter & PMXEVTYPER_NSK); 400 nsu = arm_feature(env, ARM_FEATURE_EL3) && (filter & PMXEVTYPER_NSU); 401 nsh = arm_feature(env, ARM_FEATURE_EL2) && (filter & PMXEVTYPER_NSH); 402 m = arm_el_is_aa64(env, 1) && 403 arm_feature(env, ARM_FEATURE_EL3) && (filter & PMXEVTYPER_M); 404 405 if (el == 0) { 406 filtered = secure ? u : u != nsu; 407 } else if (el == 1) { 408 filtered = secure ? p : p != nsk; 409 } else if (el == 2) { 410 filtered = !nsh; 411 } else { /* EL3 */ 412 filtered = m != p; 413 } 414 415 if (counter != 31) { 416 /* 417 * If not checking PMCCNTR, ensure the counter is setup to an event we 418 * support 419 */ 420 uint16_t event = filter & PMXEVTYPER_EVTCOUNT; 421 if (!event_supported(event)) { 422 return false; 423 } 424 } 425 426 return enabled && !prohibited && !filtered; 427 } 428 429 static void pmu_update_irq(CPUARMState *env) 430 { 431 ARMCPU *cpu = env_archcpu(env); 432 qemu_set_irq(cpu->pmu_interrupt, (env->cp15.c9_pmcr & PMCRE) && 433 (env->cp15.c9_pminten & env->cp15.c9_pmovsr)); 434 } 435 436 static bool pmccntr_clockdiv_enabled(CPUARMState *env) 437 { 438 /* 439 * Return true if the clock divider is enabled and the cycle counter 440 * is supposed to tick only once every 64 clock cycles. This is 441 * controlled by PMCR.D, but if PMCR.LC is set to enable the long 442 * (64-bit) cycle counter PMCR.D has no effect. 443 */ 444 return (env->cp15.c9_pmcr & (PMCRD | PMCRLC)) == PMCRD; 445 } 446 447 static bool pmevcntr_is_64_bit(CPUARMState *env, int counter) 448 { 449 /* Return true if the specified event counter is configured to be 64 bit */ 450 451 /* This isn't intended to be used with the cycle counter */ 452 assert(counter < 31); 453 454 if (!cpu_isar_feature(any_pmuv3p5, env_archcpu(env))) { 455 return false; 456 } 457 458 if (arm_feature(env, ARM_FEATURE_EL2)) { 459 /* 460 * MDCR_EL2.HLP still applies even when EL2 is disabled in the 461 * current security state, so we don't use arm_mdcr_el2_eff() here. 462 */ 463 bool hlp = env->cp15.mdcr_el2 & MDCR_HLP; 464 int hpmn = env->cp15.mdcr_el2 & MDCR_HPMN; 465 466 if (counter >= hpmn) { 467 return hlp; 468 } 469 } 470 return env->cp15.c9_pmcr & PMCRLP; 471 } 472 473 /* 474 * Ensure c15_ccnt is the guest-visible count so that operations such as 475 * enabling/disabling the counter or filtering, modifying the count itself, 476 * etc. can be done logically. This is essentially a no-op if the counter is 477 * not enabled at the time of the call. 478 */ 479 static void pmccntr_op_start(CPUARMState *env) 480 { 481 uint64_t cycles = cycles_get_count(env); 482 483 if (pmu_counter_enabled(env, 31)) { 484 uint64_t eff_cycles = cycles; 485 if (pmccntr_clockdiv_enabled(env)) { 486 eff_cycles /= 64; 487 } 488 489 uint64_t new_pmccntr = eff_cycles - env->cp15.c15_ccnt_delta; 490 491 uint64_t overflow_mask = env->cp15.c9_pmcr & PMCRLC ? \ 492 1ull << 63 : 1ull << 31; 493 if (env->cp15.c15_ccnt & ~new_pmccntr & overflow_mask) { 494 env->cp15.c9_pmovsr |= (1ULL << 31); 495 pmu_update_irq(env); 496 } 497 498 env->cp15.c15_ccnt = new_pmccntr; 499 } 500 env->cp15.c15_ccnt_delta = cycles; 501 } 502 503 /* 504 * If PMCCNTR is enabled, recalculate the delta between the clock and the 505 * guest-visible count. A call to pmccntr_op_finish should follow every call to 506 * pmccntr_op_start. 507 */ 508 static void pmccntr_op_finish(CPUARMState *env) 509 { 510 if (pmu_counter_enabled(env, 31)) { 511 #ifndef CONFIG_USER_ONLY 512 /* Calculate when the counter will next overflow */ 513 uint64_t remaining_cycles = -env->cp15.c15_ccnt; 514 if (!(env->cp15.c9_pmcr & PMCRLC)) { 515 remaining_cycles = (uint32_t)remaining_cycles; 516 } 517 int64_t overflow_in = cycles_ns_per(remaining_cycles); 518 519 if (overflow_in > 0) { 520 int64_t overflow_at; 521 522 if (!sadd64_overflow(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), 523 overflow_in, &overflow_at)) { 524 ARMCPU *cpu = env_archcpu(env); 525 timer_mod_anticipate_ns(cpu->pmu_timer, overflow_at); 526 } 527 } 528 #endif 529 530 uint64_t prev_cycles = env->cp15.c15_ccnt_delta; 531 if (pmccntr_clockdiv_enabled(env)) { 532 prev_cycles /= 64; 533 } 534 env->cp15.c15_ccnt_delta = prev_cycles - env->cp15.c15_ccnt; 535 } 536 } 537 538 static void pmevcntr_op_start(CPUARMState *env, uint8_t counter) 539 { 540 541 uint16_t event = env->cp15.c14_pmevtyper[counter] & PMXEVTYPER_EVTCOUNT; 542 uint64_t count = 0; 543 if (event_supported(event)) { 544 uint16_t event_idx = supported_event_map[event]; 545 count = pm_events[event_idx].get_count(env); 546 } 547 548 if (pmu_counter_enabled(env, counter)) { 549 uint64_t new_pmevcntr = count - env->cp15.c14_pmevcntr_delta[counter]; 550 uint64_t overflow_mask = pmevcntr_is_64_bit(env, counter) ? 551 1ULL << 63 : 1ULL << 31; 552 553 if (env->cp15.c14_pmevcntr[counter] & ~new_pmevcntr & overflow_mask) { 554 env->cp15.c9_pmovsr |= (1 << counter); 555 pmu_update_irq(env); 556 } 557 env->cp15.c14_pmevcntr[counter] = new_pmevcntr; 558 } 559 env->cp15.c14_pmevcntr_delta[counter] = count; 560 } 561 562 static void pmevcntr_op_finish(CPUARMState *env, uint8_t counter) 563 { 564 if (pmu_counter_enabled(env, counter)) { 565 #ifndef CONFIG_USER_ONLY 566 uint16_t event = env->cp15.c14_pmevtyper[counter] & PMXEVTYPER_EVTCOUNT; 567 uint16_t event_idx = supported_event_map[event]; 568 uint64_t delta = -(env->cp15.c14_pmevcntr[counter] + 1); 569 int64_t overflow_in; 570 571 if (!pmevcntr_is_64_bit(env, counter)) { 572 delta = (uint32_t)delta; 573 } 574 overflow_in = pm_events[event_idx].ns_per_count(delta); 575 576 if (overflow_in > 0) { 577 int64_t overflow_at; 578 579 if (!sadd64_overflow(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), 580 overflow_in, &overflow_at)) { 581 ARMCPU *cpu = env_archcpu(env); 582 timer_mod_anticipate_ns(cpu->pmu_timer, overflow_at); 583 } 584 } 585 #endif 586 587 env->cp15.c14_pmevcntr_delta[counter] -= 588 env->cp15.c14_pmevcntr[counter]; 589 } 590 } 591 592 void pmu_op_start(CPUARMState *env) 593 { 594 unsigned int i; 595 pmccntr_op_start(env); 596 for (i = 0; i < pmu_num_counters(env); i++) { 597 pmevcntr_op_start(env, i); 598 } 599 } 600 601 void pmu_op_finish(CPUARMState *env) 602 { 603 unsigned int i; 604 pmccntr_op_finish(env); 605 for (i = 0; i < pmu_num_counters(env); i++) { 606 pmevcntr_op_finish(env, i); 607 } 608 } 609 610 void pmu_pre_el_change(ARMCPU *cpu, void *ignored) 611 { 612 pmu_op_start(&cpu->env); 613 } 614 615 void pmu_post_el_change(ARMCPU *cpu, void *ignored) 616 { 617 pmu_op_finish(&cpu->env); 618 } 619 620 void arm_pmu_timer_cb(void *opaque) 621 { 622 ARMCPU *cpu = opaque; 623 624 /* 625 * Update all the counter values based on the current underlying counts, 626 * triggering interrupts to be raised, if necessary. pmu_op_finish() also 627 * has the effect of setting the cpu->pmu_timer to the next earliest time a 628 * counter may expire. 629 */ 630 pmu_op_start(&cpu->env); 631 pmu_op_finish(&cpu->env); 632 } 633 634 static void pmcr_write(CPUARMState *env, const ARMCPRegInfo *ri, 635 uint64_t value) 636 { 637 pmu_op_start(env); 638 639 if (value & PMCRC) { 640 /* The counter has been reset */ 641 env->cp15.c15_ccnt = 0; 642 } 643 644 if (value & PMCRP) { 645 unsigned int i; 646 for (i = 0; i < pmu_num_counters(env); i++) { 647 env->cp15.c14_pmevcntr[i] = 0; 648 } 649 } 650 651 env->cp15.c9_pmcr &= ~PMCR_WRITABLE_MASK; 652 env->cp15.c9_pmcr |= (value & PMCR_WRITABLE_MASK); 653 654 pmu_op_finish(env); 655 } 656 657 static uint64_t pmcr_read(CPUARMState *env, const ARMCPRegInfo *ri) 658 { 659 uint64_t pmcr = env->cp15.c9_pmcr; 660 661 /* 662 * If EL2 is implemented and enabled for the current security state, reads 663 * of PMCR.N from EL1 or EL0 return the value of MDCR_EL2.HPMN or HDCR.HPMN. 664 */ 665 if (arm_current_el(env) <= 1 && arm_is_el2_enabled(env)) { 666 pmcr &= ~PMCRN_MASK; 667 pmcr |= (env->cp15.mdcr_el2 & MDCR_HPMN) << PMCRN_SHIFT; 668 } 669 670 return pmcr; 671 } 672 673 static void pmswinc_write(CPUARMState *env, const ARMCPRegInfo *ri, 674 uint64_t value) 675 { 676 unsigned int i; 677 uint64_t overflow_mask, new_pmswinc; 678 679 for (i = 0; i < pmu_num_counters(env); i++) { 680 /* Increment a counter's count iff: */ 681 if ((value & (1 << i)) && /* counter's bit is set */ 682 /* counter is enabled and not filtered */ 683 pmu_counter_enabled(env, i) && 684 /* counter is SW_INCR */ 685 (env->cp15.c14_pmevtyper[i] & PMXEVTYPER_EVTCOUNT) == 0x0) { 686 pmevcntr_op_start(env, i); 687 688 /* 689 * Detect if this write causes an overflow since we can't predict 690 * PMSWINC overflows like we can for other events 691 */ 692 new_pmswinc = env->cp15.c14_pmevcntr[i] + 1; 693 694 overflow_mask = pmevcntr_is_64_bit(env, i) ? 695 1ULL << 63 : 1ULL << 31; 696 697 if (env->cp15.c14_pmevcntr[i] & ~new_pmswinc & overflow_mask) { 698 env->cp15.c9_pmovsr |= (1 << i); 699 pmu_update_irq(env); 700 } 701 702 env->cp15.c14_pmevcntr[i] = new_pmswinc; 703 704 pmevcntr_op_finish(env, i); 705 } 706 } 707 } 708 709 static uint64_t pmccntr_read(CPUARMState *env, const ARMCPRegInfo *ri) 710 { 711 uint64_t ret; 712 pmccntr_op_start(env); 713 ret = env->cp15.c15_ccnt; 714 pmccntr_op_finish(env); 715 return ret; 716 } 717 718 static void pmselr_write(CPUARMState *env, const ARMCPRegInfo *ri, 719 uint64_t value) 720 { 721 /* 722 * The value of PMSELR.SEL affects the behavior of PMXEVTYPER and 723 * PMXEVCNTR. We allow [0..31] to be written to PMSELR here; in the 724 * meanwhile, we check PMSELR.SEL when PMXEVTYPER and PMXEVCNTR are 725 * accessed. 726 */ 727 env->cp15.c9_pmselr = value & 0x1f; 728 } 729 730 static void pmccntr_write(CPUARMState *env, const ARMCPRegInfo *ri, 731 uint64_t value) 732 { 733 pmccntr_op_start(env); 734 env->cp15.c15_ccnt = value; 735 pmccntr_op_finish(env); 736 } 737 738 static void pmccntr_write32(CPUARMState *env, const ARMCPRegInfo *ri, 739 uint64_t value) 740 { 741 uint64_t cur_val = pmccntr_read(env, NULL); 742 743 pmccntr_write(env, ri, deposit64(cur_val, 0, 32, value)); 744 } 745 746 static void pmccfiltr_write(CPUARMState *env, const ARMCPRegInfo *ri, 747 uint64_t value) 748 { 749 pmccntr_op_start(env); 750 env->cp15.pmccfiltr_el0 = value & PMCCFILTR_EL0; 751 pmccntr_op_finish(env); 752 } 753 754 static void pmccfiltr_write_a32(CPUARMState *env, const ARMCPRegInfo *ri, 755 uint64_t value) 756 { 757 pmccntr_op_start(env); 758 /* M is not accessible from AArch32 */ 759 env->cp15.pmccfiltr_el0 = (env->cp15.pmccfiltr_el0 & PMCCFILTR_M) | 760 (value & PMCCFILTR); 761 pmccntr_op_finish(env); 762 } 763 764 static uint64_t pmccfiltr_read_a32(CPUARMState *env, const ARMCPRegInfo *ri) 765 { 766 /* M is not visible in AArch32 */ 767 return env->cp15.pmccfiltr_el0 & PMCCFILTR; 768 } 769 770 static void pmcntenset_write(CPUARMState *env, const ARMCPRegInfo *ri, 771 uint64_t value) 772 { 773 pmu_op_start(env); 774 value &= pmu_counter_mask(env); 775 env->cp15.c9_pmcnten |= value; 776 pmu_op_finish(env); 777 } 778 779 static void pmcntenclr_write(CPUARMState *env, const ARMCPRegInfo *ri, 780 uint64_t value) 781 { 782 pmu_op_start(env); 783 value &= pmu_counter_mask(env); 784 env->cp15.c9_pmcnten &= ~value; 785 pmu_op_finish(env); 786 } 787 788 static void pmovsr_write(CPUARMState *env, const ARMCPRegInfo *ri, 789 uint64_t value) 790 { 791 value &= pmu_counter_mask(env); 792 env->cp15.c9_pmovsr &= ~value; 793 pmu_update_irq(env); 794 } 795 796 static void pmovsset_write(CPUARMState *env, const ARMCPRegInfo *ri, 797 uint64_t value) 798 { 799 value &= pmu_counter_mask(env); 800 env->cp15.c9_pmovsr |= value; 801 pmu_update_irq(env); 802 } 803 804 static void pmevtyper_write(CPUARMState *env, const ARMCPRegInfo *ri, 805 uint64_t value, const uint8_t counter) 806 { 807 if (counter == 31) { 808 pmccfiltr_write(env, ri, value); 809 } else if (counter < pmu_num_counters(env)) { 810 pmevcntr_op_start(env, counter); 811 812 /* 813 * If this counter's event type is changing, store the current 814 * underlying count for the new type in c14_pmevcntr_delta[counter] so 815 * pmevcntr_op_finish has the correct baseline when it converts back to 816 * a delta. 817 */ 818 uint16_t old_event = env->cp15.c14_pmevtyper[counter] & 819 PMXEVTYPER_EVTCOUNT; 820 uint16_t new_event = value & PMXEVTYPER_EVTCOUNT; 821 if (old_event != new_event) { 822 uint64_t count = 0; 823 if (event_supported(new_event)) { 824 uint16_t event_idx = supported_event_map[new_event]; 825 count = pm_events[event_idx].get_count(env); 826 } 827 env->cp15.c14_pmevcntr_delta[counter] = count; 828 } 829 830 env->cp15.c14_pmevtyper[counter] = value & PMXEVTYPER_MASK; 831 pmevcntr_op_finish(env, counter); 832 } 833 /* 834 * Attempts to access PMXEVTYPER are CONSTRAINED UNPREDICTABLE when 835 * PMSELR value is equal to or greater than the number of implemented 836 * counters, but not equal to 0x1f. We opt to behave as a RAZ/WI. 837 */ 838 } 839 840 static uint64_t pmevtyper_read(CPUARMState *env, const ARMCPRegInfo *ri, 841 const uint8_t counter) 842 { 843 if (counter == 31) { 844 return env->cp15.pmccfiltr_el0; 845 } else if (counter < pmu_num_counters(env)) { 846 return env->cp15.c14_pmevtyper[counter]; 847 } else { 848 /* 849 * We opt to behave as a RAZ/WI when attempts to access PMXEVTYPER 850 * are CONSTRAINED UNPREDICTABLE. See comments in pmevtyper_write(). 851 */ 852 return 0; 853 } 854 } 855 856 static void pmevtyper_writefn(CPUARMState *env, const ARMCPRegInfo *ri, 857 uint64_t value) 858 { 859 uint8_t counter = ((ri->crm & 3) << 3) | (ri->opc2 & 7); 860 pmevtyper_write(env, ri, value, counter); 861 } 862 863 static void pmevtyper_rawwrite(CPUARMState *env, const ARMCPRegInfo *ri, 864 uint64_t value) 865 { 866 uint8_t counter = ((ri->crm & 3) << 3) | (ri->opc2 & 7); 867 env->cp15.c14_pmevtyper[counter] = value; 868 869 /* 870 * pmevtyper_rawwrite is called between a pair of pmu_op_start and 871 * pmu_op_finish calls when loading saved state for a migration. Because 872 * we're potentially updating the type of event here, the value written to 873 * c14_pmevcntr_delta by the preceding pmu_op_start call may be for a 874 * different counter type. Therefore, we need to set this value to the 875 * current count for the counter type we're writing so that pmu_op_finish 876 * has the correct count for its calculation. 877 */ 878 uint16_t event = value & PMXEVTYPER_EVTCOUNT; 879 if (event_supported(event)) { 880 uint16_t event_idx = supported_event_map[event]; 881 env->cp15.c14_pmevcntr_delta[counter] = 882 pm_events[event_idx].get_count(env); 883 } 884 } 885 886 static uint64_t pmevtyper_readfn(CPUARMState *env, const ARMCPRegInfo *ri) 887 { 888 uint8_t counter = ((ri->crm & 3) << 3) | (ri->opc2 & 7); 889 return pmevtyper_read(env, ri, counter); 890 } 891 892 static void pmxevtyper_write(CPUARMState *env, const ARMCPRegInfo *ri, 893 uint64_t value) 894 { 895 pmevtyper_write(env, ri, value, env->cp15.c9_pmselr & 31); 896 } 897 898 static uint64_t pmxevtyper_read(CPUARMState *env, const ARMCPRegInfo *ri) 899 { 900 return pmevtyper_read(env, ri, env->cp15.c9_pmselr & 31); 901 } 902 903 static void pmevcntr_write(CPUARMState *env, const ARMCPRegInfo *ri, 904 uint64_t value, uint8_t counter) 905 { 906 if (!cpu_isar_feature(any_pmuv3p5, env_archcpu(env))) { 907 /* Before FEAT_PMUv3p5, top 32 bits of event counters are RES0 */ 908 value &= MAKE_64BIT_MASK(0, 32); 909 } 910 if (counter < pmu_num_counters(env)) { 911 pmevcntr_op_start(env, counter); 912 env->cp15.c14_pmevcntr[counter] = value; 913 pmevcntr_op_finish(env, counter); 914 } 915 /* 916 * We opt to behave as a RAZ/WI when attempts to access PM[X]EVCNTR 917 * are CONSTRAINED UNPREDICTABLE. 918 */ 919 } 920 921 static uint64_t pmevcntr_read(CPUARMState *env, const ARMCPRegInfo *ri, 922 uint8_t counter) 923 { 924 if (counter < pmu_num_counters(env)) { 925 uint64_t ret; 926 pmevcntr_op_start(env, counter); 927 ret = env->cp15.c14_pmevcntr[counter]; 928 pmevcntr_op_finish(env, counter); 929 if (!cpu_isar_feature(any_pmuv3p5, env_archcpu(env))) { 930 /* Before FEAT_PMUv3p5, top 32 bits of event counters are RES0 */ 931 ret &= MAKE_64BIT_MASK(0, 32); 932 } 933 return ret; 934 } else { 935 /* 936 * We opt to behave as a RAZ/WI when attempts to access PM[X]EVCNTR 937 * are CONSTRAINED UNPREDICTABLE. 938 */ 939 return 0; 940 } 941 } 942 943 static void pmevcntr_writefn(CPUARMState *env, const ARMCPRegInfo *ri, 944 uint64_t value) 945 { 946 uint8_t counter = ((ri->crm & 3) << 3) | (ri->opc2 & 7); 947 pmevcntr_write(env, ri, value, counter); 948 } 949 950 static uint64_t pmevcntr_readfn(CPUARMState *env, const ARMCPRegInfo *ri) 951 { 952 uint8_t counter = ((ri->crm & 3) << 3) | (ri->opc2 & 7); 953 return pmevcntr_read(env, ri, counter); 954 } 955 956 static void pmevcntr_rawwrite(CPUARMState *env, const ARMCPRegInfo *ri, 957 uint64_t value) 958 { 959 uint8_t counter = ((ri->crm & 3) << 3) | (ri->opc2 & 7); 960 assert(counter < pmu_num_counters(env)); 961 env->cp15.c14_pmevcntr[counter] = value; 962 pmevcntr_write(env, ri, value, counter); 963 } 964 965 static uint64_t pmevcntr_rawread(CPUARMState *env, const ARMCPRegInfo *ri) 966 { 967 uint8_t counter = ((ri->crm & 3) << 3) | (ri->opc2 & 7); 968 assert(counter < pmu_num_counters(env)); 969 return env->cp15.c14_pmevcntr[counter]; 970 } 971 972 static void pmxevcntr_write(CPUARMState *env, const ARMCPRegInfo *ri, 973 uint64_t value) 974 { 975 pmevcntr_write(env, ri, value, env->cp15.c9_pmselr & 31); 976 } 977 978 static uint64_t pmxevcntr_read(CPUARMState *env, const ARMCPRegInfo *ri) 979 { 980 return pmevcntr_read(env, ri, env->cp15.c9_pmselr & 31); 981 } 982 983 static void pmuserenr_write(CPUARMState *env, const ARMCPRegInfo *ri, 984 uint64_t value) 985 { 986 if (arm_feature(env, ARM_FEATURE_V8)) { 987 env->cp15.c9_pmuserenr = value & 0xf; 988 } else { 989 env->cp15.c9_pmuserenr = value & 1; 990 } 991 } 992 993 static void pmintenset_write(CPUARMState *env, const ARMCPRegInfo *ri, 994 uint64_t value) 995 { 996 /* We have no event counters so only the C bit can be changed */ 997 value &= pmu_counter_mask(env); 998 env->cp15.c9_pminten |= value; 999 pmu_update_irq(env); 1000 } 1001 1002 static void pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri, 1003 uint64_t value) 1004 { 1005 value &= pmu_counter_mask(env); 1006 env->cp15.c9_pminten &= ~value; 1007 pmu_update_irq(env); 1008 } 1009 1010 static const ARMCPRegInfo v7_pm_reginfo[] = { 1011 /* 1012 * Performance monitors are implementation defined in v7, 1013 * but with an ARM recommended set of registers, which we 1014 * follow. 1015 * 1016 * Performance registers fall into three categories: 1017 * (a) always UNDEF in PL0, RW in PL1 (PMINTENSET, PMINTENCLR) 1018 * (b) RO in PL0 (ie UNDEF on write), RW in PL1 (PMUSERENR) 1019 * (c) UNDEF in PL0 if PMUSERENR.EN==0, otherwise accessible (all others) 1020 * For the cases controlled by PMUSERENR we must set .access to PL0_RW 1021 * or PL0_RO as appropriate and then check PMUSERENR in the helper fn. 1022 */ 1023 { .name = "PMCNTENSET", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 1, 1024 .access = PL0_RW, .type = ARM_CP_ALIAS | ARM_CP_IO, 1025 .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmcnten), 1026 .writefn = pmcntenset_write, 1027 .accessfn = pmreg_access, 1028 .fgt = FGT_PMCNTEN, 1029 .raw_writefn = raw_write }, 1030 { .name = "PMCNTENSET_EL0", .state = ARM_CP_STATE_AA64, .type = ARM_CP_IO, 1031 .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 1, 1032 .access = PL0_RW, .accessfn = pmreg_access, 1033 .fgt = FGT_PMCNTEN, 1034 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten), .resetvalue = 0, 1035 .writefn = pmcntenset_write, .raw_writefn = raw_write }, 1036 { .name = "PMCNTENCLR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 2, 1037 .access = PL0_RW, 1038 .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmcnten), 1039 .accessfn = pmreg_access, 1040 .fgt = FGT_PMCNTEN, 1041 .writefn = pmcntenclr_write, .raw_writefn = raw_write, 1042 .type = ARM_CP_ALIAS | ARM_CP_IO }, 1043 { .name = "PMCNTENCLR_EL0", .state = ARM_CP_STATE_AA64, 1044 .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 2, 1045 .access = PL0_RW, .accessfn = pmreg_access, 1046 .fgt = FGT_PMCNTEN, 1047 .type = ARM_CP_ALIAS | ARM_CP_IO, 1048 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten), 1049 .writefn = pmcntenclr_write, .raw_writefn = raw_write }, 1050 { .name = "PMOVSR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 3, 1051 .access = PL0_RW, .type = ARM_CP_IO, 1052 .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmovsr), 1053 .accessfn = pmreg_access, 1054 .fgt = FGT_PMOVS, 1055 .writefn = pmovsr_write, 1056 .raw_writefn = raw_write }, 1057 { .name = "PMOVSCLR_EL0", .state = ARM_CP_STATE_AA64, 1058 .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 3, 1059 .access = PL0_RW, .accessfn = pmreg_access, 1060 .fgt = FGT_PMOVS, 1061 .type = ARM_CP_ALIAS | ARM_CP_IO, 1062 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr), 1063 .writefn = pmovsr_write, 1064 .raw_writefn = raw_write }, 1065 { .name = "PMSWINC", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 4, 1066 .access = PL0_W, .accessfn = pmreg_access_swinc, 1067 .fgt = FGT_PMSWINC_EL0, 1068 .type = ARM_CP_NO_RAW | ARM_CP_IO, 1069 .writefn = pmswinc_write }, 1070 { .name = "PMSWINC_EL0", .state = ARM_CP_STATE_AA64, 1071 .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 4, 1072 .access = PL0_W, .accessfn = pmreg_access_swinc, 1073 .fgt = FGT_PMSWINC_EL0, 1074 .type = ARM_CP_NO_RAW | ARM_CP_IO, 1075 .writefn = pmswinc_write }, 1076 { .name = "PMSELR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 5, 1077 .access = PL0_RW, .type = ARM_CP_ALIAS, 1078 .fgt = FGT_PMSELR_EL0, 1079 .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmselr), 1080 .accessfn = pmreg_access_selr, .writefn = pmselr_write, 1081 .raw_writefn = raw_write}, 1082 { .name = "PMSELR_EL0", .state = ARM_CP_STATE_AA64, 1083 .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 5, 1084 .access = PL0_RW, .accessfn = pmreg_access_selr, 1085 .fgt = FGT_PMSELR_EL0, 1086 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmselr), 1087 .writefn = pmselr_write, .raw_writefn = raw_write, }, 1088 { .name = "PMCCNTR_EL0", .state = ARM_CP_STATE_AA64, 1089 .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 13, .opc2 = 0, 1090 .access = PL0_RW, .accessfn = pmreg_access_ccntr, 1091 .fgt = FGT_PMCCNTR_EL0, 1092 .type = ARM_CP_IO, 1093 .fieldoffset = offsetof(CPUARMState, cp15.c15_ccnt), 1094 .readfn = pmccntr_read, .writefn = pmccntr_write, 1095 .raw_readfn = raw_read, .raw_writefn = raw_write, }, 1096 { .name = "PMCCFILTR", .cp = 15, .opc1 = 0, .crn = 14, .crm = 15, .opc2 = 7, 1097 .writefn = pmccfiltr_write_a32, .readfn = pmccfiltr_read_a32, 1098 .access = PL0_RW, .accessfn = pmreg_access, 1099 .fgt = FGT_PMCCFILTR_EL0, 1100 .type = ARM_CP_ALIAS | ARM_CP_IO, 1101 .resetvalue = 0, }, 1102 { .name = "PMCCFILTR_EL0", .state = ARM_CP_STATE_AA64, 1103 .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 15, .opc2 = 7, 1104 .writefn = pmccfiltr_write, .raw_writefn = raw_write, 1105 .access = PL0_RW, .accessfn = pmreg_access, 1106 .fgt = FGT_PMCCFILTR_EL0, 1107 .type = ARM_CP_IO, 1108 .fieldoffset = offsetof(CPUARMState, cp15.pmccfiltr_el0), 1109 .resetvalue = 0, }, 1110 { .name = "PMXEVTYPER", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 1, 1111 .access = PL0_RW, .type = ARM_CP_NO_RAW | ARM_CP_IO, 1112 .accessfn = pmreg_access, 1113 .fgt = FGT_PMEVTYPERN_EL0, 1114 .writefn = pmxevtyper_write, .readfn = pmxevtyper_read }, 1115 { .name = "PMXEVTYPER_EL0", .state = ARM_CP_STATE_AA64, 1116 .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 13, .opc2 = 1, 1117 .access = PL0_RW, .type = ARM_CP_NO_RAW | ARM_CP_IO, 1118 .accessfn = pmreg_access, 1119 .fgt = FGT_PMEVTYPERN_EL0, 1120 .writefn = pmxevtyper_write, .readfn = pmxevtyper_read }, 1121 { .name = "PMXEVCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 2, 1122 .access = PL0_RW, .type = ARM_CP_NO_RAW | ARM_CP_IO, 1123 .accessfn = pmreg_access_xevcntr, 1124 .fgt = FGT_PMEVCNTRN_EL0, 1125 .writefn = pmxevcntr_write, .readfn = pmxevcntr_read }, 1126 { .name = "PMXEVCNTR_EL0", .state = ARM_CP_STATE_AA64, 1127 .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 13, .opc2 = 2, 1128 .access = PL0_RW, .type = ARM_CP_NO_RAW | ARM_CP_IO, 1129 .accessfn = pmreg_access_xevcntr, 1130 .fgt = FGT_PMEVCNTRN_EL0, 1131 .writefn = pmxevcntr_write, .readfn = pmxevcntr_read }, 1132 { .name = "PMUSERENR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 0, 1133 .access = PL0_R | PL1_RW, .accessfn = access_tpm, 1134 .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmuserenr), 1135 .resetvalue = 0, 1136 .writefn = pmuserenr_write, .raw_writefn = raw_write }, 1137 { .name = "PMUSERENR_EL0", .state = ARM_CP_STATE_AA64, 1138 .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 14, .opc2 = 0, 1139 .access = PL0_R | PL1_RW, .accessfn = access_tpm, .type = ARM_CP_ALIAS, 1140 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmuserenr), 1141 .resetvalue = 0, 1142 .writefn = pmuserenr_write, .raw_writefn = raw_write }, 1143 { .name = "PMINTENSET", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 1, 1144 .access = PL1_RW, .accessfn = access_tpm, 1145 .fgt = FGT_PMINTEN, 1146 .type = ARM_CP_ALIAS | ARM_CP_IO, 1147 .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pminten), 1148 .resetvalue = 0, 1149 .writefn = pmintenset_write, .raw_writefn = raw_write }, 1150 { .name = "PMINTENSET_EL1", .state = ARM_CP_STATE_AA64, 1151 .opc0 = 3, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 1, 1152 .access = PL1_RW, .accessfn = access_tpm, 1153 .fgt = FGT_PMINTEN, 1154 .type = ARM_CP_IO, 1155 .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten), 1156 .writefn = pmintenset_write, .raw_writefn = raw_write, 1157 .resetvalue = 0x0 }, 1158 { .name = "PMINTENCLR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 2, 1159 .access = PL1_RW, .accessfn = access_tpm, 1160 .fgt = FGT_PMINTEN, 1161 .type = ARM_CP_ALIAS | ARM_CP_IO, 1162 .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten), 1163 .writefn = pmintenclr_write, .raw_writefn = raw_write }, 1164 { .name = "PMINTENCLR_EL1", .state = ARM_CP_STATE_AA64, 1165 .opc0 = 3, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 2, 1166 .access = PL1_RW, .accessfn = access_tpm, 1167 .fgt = FGT_PMINTEN, 1168 .type = ARM_CP_ALIAS | ARM_CP_IO, 1169 .fieldoffset = offsetof(CPUARMState, cp15.c9_pminten), 1170 .writefn = pmintenclr_write, .raw_writefn = raw_write }, 1171 }; 1172 1173 static const ARMCPRegInfo pmovsset_cp_reginfo[] = { 1174 /* PMOVSSET is not implemented in v7 before v7ve */ 1175 { .name = "PMOVSSET", .cp = 15, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 3, 1176 .access = PL0_RW, .accessfn = pmreg_access, 1177 .fgt = FGT_PMOVS, 1178 .type = ARM_CP_ALIAS | ARM_CP_IO, 1179 .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmovsr), 1180 .writefn = pmovsset_write, 1181 .raw_writefn = raw_write }, 1182 { .name = "PMOVSSET_EL0", .state = ARM_CP_STATE_AA64, 1183 .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 14, .opc2 = 3, 1184 .access = PL0_RW, .accessfn = pmreg_access, 1185 .fgt = FGT_PMOVS, 1186 .type = ARM_CP_ALIAS | ARM_CP_IO, 1187 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr), 1188 .writefn = pmovsset_write, 1189 .raw_writefn = raw_write }, 1190 }; 1191 1192 void define_pm_cpregs(ARMCPU *cpu) 1193 { 1194 CPUARMState *env = &cpu->env; 1195 1196 if (arm_feature(env, ARM_FEATURE_V7)) { 1197 /* 1198 * v7 performance monitor control register: same implementor 1199 * field as main ID register, and we implement four counters in 1200 * addition to the cycle count register. 1201 */ 1202 static const ARMCPRegInfo pmcr = { 1203 .name = "PMCR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 0, 1204 .access = PL0_RW, 1205 .fgt = FGT_PMCR_EL0, 1206 .type = ARM_CP_IO | ARM_CP_ALIAS, 1207 .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmcr), 1208 .accessfn = pmreg_access_pmcr, 1209 .readfn = pmcr_read, .raw_readfn = raw_read, 1210 .writefn = pmcr_write, .raw_writefn = raw_write, 1211 }; 1212 const ARMCPRegInfo pmcr64 = { 1213 .name = "PMCR_EL0", .state = ARM_CP_STATE_AA64, 1214 .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 0, 1215 .access = PL0_RW, .accessfn = pmreg_access_pmcr, 1216 .fgt = FGT_PMCR_EL0, 1217 .type = ARM_CP_IO, 1218 .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcr), 1219 .resetvalue = cpu->isar.reset_pmcr_el0, 1220 .readfn = pmcr_read, .raw_readfn = raw_read, 1221 .writefn = pmcr_write, .raw_writefn = raw_write, 1222 }; 1223 1224 define_one_arm_cp_reg(cpu, &pmcr); 1225 define_one_arm_cp_reg(cpu, &pmcr64); 1226 define_arm_cp_regs(cpu, v7_pm_reginfo); 1227 /* 1228 * 32-bit AArch32 PMCCNTR. We don't expose this to GDB if the 1229 * new-in-v8 PMUv3 64-bit AArch32 PMCCNTR register is implemented 1230 * (as that will provide the GDB user's view of "PMCCNTR"). 1231 */ 1232 ARMCPRegInfo pmccntr = { 1233 .name = "PMCCNTR", 1234 .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 0, 1235 .access = PL0_RW, .accessfn = pmreg_access_ccntr, 1236 .resetvalue = 0, .type = ARM_CP_ALIAS | ARM_CP_IO, 1237 .fgt = FGT_PMCCNTR_EL0, 1238 .readfn = pmccntr_read, .writefn = pmccntr_write32, 1239 }; 1240 if (arm_feature(env, ARM_FEATURE_V8)) { 1241 pmccntr.type |= ARM_CP_NO_GDB; 1242 } 1243 define_one_arm_cp_reg(cpu, &pmccntr); 1244 1245 for (unsigned i = 0, pmcrn = pmu_num_counters(env); i < pmcrn; i++) { 1246 g_autofree char *pmevcntr_name = g_strdup_printf("PMEVCNTR%d", i); 1247 g_autofree char *pmevcntr_el0_name = g_strdup_printf("PMEVCNTR%d_EL0", i); 1248 g_autofree char *pmevtyper_name = g_strdup_printf("PMEVTYPER%d", i); 1249 g_autofree char *pmevtyper_el0_name = g_strdup_printf("PMEVTYPER%d_EL0", i); 1250 1251 ARMCPRegInfo pmev_regs[] = { 1252 { .name = pmevcntr_name, .cp = 15, .crn = 14, 1253 .crm = 8 | (3 & (i >> 3)), .opc1 = 0, .opc2 = i & 7, 1254 .access = PL0_RW, .type = ARM_CP_IO | ARM_CP_ALIAS, 1255 .fgt = FGT_PMEVCNTRN_EL0, 1256 .readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn, 1257 .accessfn = pmreg_access_xevcntr }, 1258 { .name = pmevcntr_el0_name, .state = ARM_CP_STATE_AA64, 1259 .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 8 | (3 & (i >> 3)), 1260 .opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access_xevcntr, 1261 .type = ARM_CP_IO, 1262 .fgt = FGT_PMEVCNTRN_EL0, 1263 .readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn, 1264 .raw_readfn = pmevcntr_rawread, 1265 .raw_writefn = pmevcntr_rawwrite }, 1266 { .name = pmevtyper_name, .cp = 15, .crn = 14, 1267 .crm = 12 | (3 & (i >> 3)), .opc1 = 0, .opc2 = i & 7, 1268 .access = PL0_RW, .type = ARM_CP_IO | ARM_CP_ALIAS, 1269 .fgt = FGT_PMEVTYPERN_EL0, 1270 .readfn = pmevtyper_readfn, .writefn = pmevtyper_writefn, 1271 .accessfn = pmreg_access }, 1272 { .name = pmevtyper_el0_name, .state = ARM_CP_STATE_AA64, 1273 .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 12 | (3 & (i >> 3)), 1274 .opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access, 1275 .fgt = FGT_PMEVTYPERN_EL0, 1276 .type = ARM_CP_IO, 1277 .readfn = pmevtyper_readfn, .writefn = pmevtyper_writefn, 1278 .raw_writefn = pmevtyper_rawwrite }, 1279 }; 1280 define_arm_cp_regs(cpu, pmev_regs); 1281 } 1282 } 1283 if (arm_feature(env, ARM_FEATURE_V7VE)) { 1284 define_arm_cp_regs(cpu, pmovsset_cp_reginfo); 1285 } 1286 1287 if (arm_feature(env, ARM_FEATURE_V8)) { 1288 const ARMCPRegInfo v8_pm_reginfo[] = { 1289 { .name = "PMCEID0", .state = ARM_CP_STATE_AA32, 1290 .cp = 15, .opc1 = 0, .crn = 9, .crm = 12, .opc2 = 6, 1291 .access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST, 1292 .fgt = FGT_PMCEIDN_EL0, 1293 .resetvalue = extract64(cpu->pmceid0, 0, 32) }, 1294 { .name = "PMCEID0_EL0", .state = ARM_CP_STATE_AA64, 1295 .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 6, 1296 .access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST, 1297 .fgt = FGT_PMCEIDN_EL0, 1298 .resetvalue = cpu->pmceid0 }, 1299 { .name = "PMCEID1", .state = ARM_CP_STATE_AA32, 1300 .cp = 15, .opc1 = 0, .crn = 9, .crm = 12, .opc2 = 7, 1301 .access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST, 1302 .fgt = FGT_PMCEIDN_EL0, 1303 .resetvalue = extract64(cpu->pmceid1, 0, 32) }, 1304 { .name = "PMCEID1_EL0", .state = ARM_CP_STATE_AA64, 1305 .opc0 = 3, .opc1 = 3, .crn = 9, .crm = 12, .opc2 = 7, 1306 .access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST, 1307 .fgt = FGT_PMCEIDN_EL0, 1308 .resetvalue = cpu->pmceid1 }, 1309 /* AArch32 64-bit PMCCNTR view: added in PMUv3 with Armv8 */ 1310 { .name = "PMCCNTR", .state = ARM_CP_STATE_AA32, 1311 .cp = 15, .crm = 9, .opc1 = 0, 1312 .access = PL0_RW, .accessfn = pmreg_access_ccntr, .resetvalue = 0, 1313 .type = ARM_CP_ALIAS | ARM_CP_IO | ARM_CP_64BIT, 1314 .fgt = FGT_PMCCNTR_EL0, .readfn = pmccntr_read, 1315 .writefn = pmccntr_write, }, 1316 }; 1317 define_arm_cp_regs(cpu, v8_pm_reginfo); 1318 } 1319 1320 if (cpu_isar_feature(aa32_pmuv3p1, cpu)) { 1321 ARMCPRegInfo v81_pmu_regs[] = { 1322 { .name = "PMCEID2", .state = ARM_CP_STATE_AA32, 1323 .cp = 15, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 4, 1324 .access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST, 1325 .fgt = FGT_PMCEIDN_EL0, 1326 .resetvalue = extract64(cpu->pmceid0, 32, 32) }, 1327 { .name = "PMCEID3", .state = ARM_CP_STATE_AA32, 1328 .cp = 15, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 5, 1329 .access = PL0_R, .accessfn = pmreg_access, .type = ARM_CP_CONST, 1330 .fgt = FGT_PMCEIDN_EL0, 1331 .resetvalue = extract64(cpu->pmceid1, 32, 32) }, 1332 }; 1333 define_arm_cp_regs(cpu, v81_pmu_regs); 1334 } 1335 1336 if (cpu_isar_feature(any_pmuv3p4, cpu)) { 1337 static const ARMCPRegInfo v84_pmmir = { 1338 .name = "PMMIR_EL1", .state = ARM_CP_STATE_BOTH, 1339 .opc0 = 3, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 6, 1340 .access = PL1_R, .accessfn = pmreg_access, .type = ARM_CP_CONST, 1341 .fgt = FGT_PMMIR_EL1, 1342 .resetvalue = 0 1343 }; 1344 define_one_arm_cp_reg(cpu, &v84_pmmir); 1345 } 1346 } 1347