xref: /openbmc/qemu/target/ppc/timebase_helper.c (revision 07153411cd57e8d6933ab8a43035ed097deee696)
1 /*
2  *  PowerPC emulation helpers for QEMU.
3  *
4  *  Copyright (c) 2003-2007 Jocelyn Mayer
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #include "qemu/osdep.h"
20 #include "cpu.h"
21 #include "hw/ppc/ppc.h"
22 #include "exec/helper-proto.h"
23 #include "qemu/log.h"
24 #include "qemu/main-loop.h"
25 
26 /*****************************************************************************/
27 /* SPR accesses */
28 
29 target_ulong helper_load_tbl(CPUPPCState *env)
30 {
31     return (target_ulong)cpu_ppc_load_tbl(env);
32 }
33 
34 target_ulong helper_load_tbu(CPUPPCState *env)
35 {
36     return cpu_ppc_load_tbu(env);
37 }
38 
39 target_ulong helper_load_atbl(CPUPPCState *env)
40 {
41     return (target_ulong)cpu_ppc_load_atbl(env);
42 }
43 
44 target_ulong helper_load_atbu(CPUPPCState *env)
45 {
46     return cpu_ppc_load_atbu(env);
47 }
48 
49 target_ulong helper_load_vtb(CPUPPCState *env)
50 {
51     return cpu_ppc_load_vtb(env);
52 }
53 
54 #if defined(TARGET_PPC64) && !defined(CONFIG_USER_ONLY)
55 target_ulong helper_load_purr(CPUPPCState *env)
56 {
57     return (target_ulong)cpu_ppc_load_purr(env);
58 }
59 
60 void helper_store_purr(CPUPPCState *env, target_ulong val)
61 {
62     CPUState *cs = env_cpu(env);
63     CPUState *ccs;
64 
65     if (ppc_cpu_lpar_single_threaded(cs)) {
66         cpu_ppc_store_purr(env, val);
67         return;
68     }
69 
70     THREAD_SIBLING_FOREACH(cs, ccs) {
71         CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
72         cpu_ppc_store_purr(cenv, val);
73     }
74 }
75 #endif
76 
77 #if !defined(CONFIG_USER_ONLY)
78 void helper_store_tbl(CPUPPCState *env, target_ulong val)
79 {
80     CPUState *cs = env_cpu(env);
81     CPUState *ccs;
82 
83     if (ppc_cpu_lpar_single_threaded(cs)) {
84         cpu_ppc_store_tbl(env, val);
85         return;
86     }
87 
88     THREAD_SIBLING_FOREACH(cs, ccs) {
89         CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
90         cpu_ppc_store_tbl(cenv, val);
91     }
92 }
93 
94 void helper_store_tbu(CPUPPCState *env, target_ulong val)
95 {
96     CPUState *cs = env_cpu(env);
97     CPUState *ccs;
98 
99     if (ppc_cpu_lpar_single_threaded(cs)) {
100         cpu_ppc_store_tbu(env, val);
101         return;
102     }
103 
104     THREAD_SIBLING_FOREACH(cs, ccs) {
105         CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
106         cpu_ppc_store_tbu(cenv, val);
107     }
108 }
109 
110 void helper_store_atbl(CPUPPCState *env, target_ulong val)
111 {
112     cpu_ppc_store_atbl(env, val);
113 }
114 
115 void helper_store_atbu(CPUPPCState *env, target_ulong val)
116 {
117     cpu_ppc_store_atbu(env, val);
118 }
119 
120 target_ulong helper_load_decr(CPUPPCState *env)
121 {
122     return cpu_ppc_load_decr(env);
123 }
124 
125 void helper_store_decr(CPUPPCState *env, target_ulong val)
126 {
127     cpu_ppc_store_decr(env, val);
128 }
129 
130 target_ulong helper_load_hdecr(CPUPPCState *env)
131 {
132     return cpu_ppc_load_hdecr(env);
133 }
134 
135 void helper_store_hdecr(CPUPPCState *env, target_ulong val)
136 {
137     CPUState *cs = env_cpu(env);
138     CPUState *ccs;
139 
140     if (ppc_cpu_lpar_single_threaded(cs)) {
141         cpu_ppc_store_hdecr(env, val);
142         return;
143     }
144 
145     THREAD_SIBLING_FOREACH(cs, ccs) {
146         CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
147         cpu_ppc_store_hdecr(cenv, val);
148     }
149 }
150 
151 void helper_store_vtb(CPUPPCState *env, target_ulong val)
152 {
153     CPUState *cs = env_cpu(env);
154     CPUState *ccs;
155 
156     if (ppc_cpu_lpar_single_threaded(cs)) {
157         cpu_ppc_store_vtb(env, val);
158         return;
159     }
160 
161     THREAD_SIBLING_FOREACH(cs, ccs) {
162         CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
163         cpu_ppc_store_vtb(cenv, val);
164     }
165 }
166 
167 void helper_store_tbu40(CPUPPCState *env, target_ulong val)
168 {
169     CPUState *cs = env_cpu(env);
170     CPUState *ccs;
171 
172     if (ppc_cpu_lpar_single_threaded(cs)) {
173         cpu_ppc_store_tbu40(env, val);
174         return;
175     }
176 
177     THREAD_SIBLING_FOREACH(cs, ccs) {
178         CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
179         cpu_ppc_store_tbu40(cenv, val);
180     }
181 }
182 
183 target_ulong helper_load_40x_pit(CPUPPCState *env)
184 {
185     return load_40x_pit(env);
186 }
187 
188 void helper_store_40x_pit(CPUPPCState *env, target_ulong val)
189 {
190     store_40x_pit(env, val);
191 }
192 
193 void helper_store_40x_tcr(CPUPPCState *env, target_ulong val)
194 {
195     store_40x_tcr(env, val);
196 }
197 
198 void helper_store_40x_tsr(CPUPPCState *env, target_ulong val)
199 {
200     store_40x_tsr(env, val);
201 }
202 
203 void helper_store_booke_tcr(CPUPPCState *env, target_ulong val)
204 {
205     store_booke_tcr(env, val);
206 }
207 
208 void helper_store_booke_tsr(CPUPPCState *env, target_ulong val)
209 {
210     store_booke_tsr(env, val);
211 }
212 
213 #if defined(TARGET_PPC64) && !defined(CONFIG_USER_ONLY)
214 /*
215  * qemu-user breaks with pnv headers, so they go under ifdefs for now.
216  * A clean up may be to move powernv specific registers and helpers into
217  * target/ppc/pnv_helper.c
218  */
219 #include "hw/ppc/pnv_core.h"
220 #include "hw/ppc/pnv_chip.h"
221 /*
222  * POWER processor Timebase Facility
223  */
224 
225 /*
226  * The TBST is the timebase state machine, which is a per-core machine that
227  * is used to synchronize the core TB with the ChipTOD. States 3,4,5 are
228  * not used in POWER8/9/10.
229  *
230  * The state machine gets driven by writes to TFMR SPR from the core, and
231  * by signals from the ChipTOD. The state machine table for common
232  * transitions is as follows (according to hardware specs, not necessarily
233  * this implementation):
234  *
235  * | Cur            | Event                            | New |
236  * +----------------+----------------------------------+-----+
237  * | 0 RESET        | TFMR |= LOAD_TOD_MOD             | 1   |
238  * | 1 SEND_TOD_MOD | "immediate transition"           | 2   |
239  * | 2 NOT_SET      | mttbu/mttbu40/mttbl              | 2   |
240  * | 2 NOT_SET      | TFMR |= MOVE_CHIP_TOD_TO_TB      | 6   |
241  * | 6 SYNC_WAIT    | "sync pulse from ChipTOD"        | 7   |
242  * | 7 GET_TOD      | ChipTOD xscom MOVE_TOD_TO_TB_REG | 8   |
243  * | 8 TB_RUNNING   | mttbu/mttbu40                    | 8   |
244  * | 8 TB_RUNNING   | TFMR |= LOAD_TOD_MOD             | 1   |
245  * | 8 TB_RUNNING   | mttbl                            | 9   |
246  * | 9 TB_ERROR     | TFMR |= CLEAR_TB_ERRORS          | 0   |
247  *
248  * - LOAD_TOD_MOD will also move states 2,6 to state 1, omitted from table
249  *   because it's not a typical init flow.
250  *
251  * - The ERROR state can be entered from most/all other states on invalid
252  *   states (e.g., if some TFMR control bit is set from a state where it's
253  *   not listed to cause a transition away from), omitted to avoid clutter.
254  *
255  * Note: mttbl causes a timebase error because this inevitably causes
256  * ticks to be lost and TB to become unsynchronized, whereas TB can be
257  * adjusted using mttbu* without losing ticks. mttbl behaviour is not
258  * modelled.
259  *
260  * Note: the TB state machine does not actually cause any real TB adjustment!
261  * TB starts out synchronized across all vCPUs (hardware threads) in
262  * QMEU, so for now the purpose of the TBST and ChipTOD model is simply
263  * to step through firmware initialisation sequences.
264  */
265 static unsigned int tfmr_get_tb_state(uint64_t tfmr)
266 {
267     return (tfmr & TFMR_TBST_ENCODED) >> (63 - 31);
268 }
269 
270 static uint64_t tfmr_new_tb_state(uint64_t tfmr, unsigned int tbst)
271 {
272     tfmr &= ~TFMR_TBST_LAST;
273     tfmr |= (tfmr & TFMR_TBST_ENCODED) >> 4; /* move state to last state */
274     tfmr &= ~TFMR_TBST_ENCODED;
275     tfmr |= (uint64_t)tbst << (63 - 31); /* move new state to state */
276 
277     if (tbst == TBST_TB_RUNNING) {
278         tfmr |= TFMR_TB_VALID;
279     } else {
280         tfmr &= ~TFMR_TB_VALID;
281     }
282 
283     return tfmr;
284 }
285 
286 static void write_tfmr(CPUPPCState *env, target_ulong val)
287 {
288     CPUState *cs = env_cpu(env);
289 
290     if (ppc_cpu_core_single_threaded(cs)) {
291         env->spr[SPR_TFMR] = val;
292     } else {
293         CPUState *ccs;
294         THREAD_SIBLING_FOREACH(cs, ccs) {
295             CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
296             cenv->spr[SPR_TFMR] = val;
297         }
298     }
299 }
300 
301 static PnvCoreTODState *cpu_get_tbst(PowerPCCPU *cpu)
302 {
303     PnvCore *pc = pnv_cpu_state(cpu)->pnv_core;
304 
305     if (pc->big_core && pc->tod_state.big_core_quirk) {
306         /* Must operate on the even small core */
307         int core_id = CPU_CORE(pc)->core_id;
308         if (core_id & 1) {
309             pc = pc->chip->cores[core_id & ~1];
310         }
311     }
312 
313     return &pc->tod_state;
314 }
315 
316 static void tb_state_machine_step(CPUPPCState *env)
317 {
318     PowerPCCPU *cpu = env_archcpu(env);
319     PnvCoreTODState *tod_state = cpu_get_tbst(cpu);
320     uint64_t tfmr = env->spr[SPR_TFMR];
321     unsigned int tbst = tfmr_get_tb_state(tfmr);
322 
323     if (!(tfmr & TFMR_TB_ECLIPZ) || tbst == TBST_TB_ERROR) {
324         return;
325     }
326 
327     if (tod_state->tb_sync_pulse_timer) {
328         tod_state->tb_sync_pulse_timer--;
329     } else {
330         tfmr |= TFMR_TB_SYNC_OCCURED;
331         write_tfmr(env, tfmr);
332     }
333 
334     if (tod_state->tb_state_timer) {
335         tod_state->tb_state_timer--;
336         return;
337     }
338 
339     if (tfmr & TFMR_LOAD_TOD_MOD) {
340         tfmr &= ~TFMR_LOAD_TOD_MOD;
341         if (tbst == TBST_GET_TOD) {
342             tfmr = tfmr_new_tb_state(tfmr, TBST_TB_ERROR);
343             tfmr |= TFMR_FIRMWARE_CONTROL_ERROR;
344         } else {
345             tfmr = tfmr_new_tb_state(tfmr, TBST_SEND_TOD_MOD);
346             /* State seems to transition immediately */
347             tfmr = tfmr_new_tb_state(tfmr, TBST_NOT_SET);
348         }
349     } else if (tfmr & TFMR_MOVE_CHIP_TOD_TO_TB) {
350         if (tbst == TBST_SYNC_WAIT) {
351             tfmr = tfmr_new_tb_state(tfmr, TBST_GET_TOD);
352             tod_state->tb_state_timer = 3;
353         } else if (tbst == TBST_GET_TOD) {
354             if (tod_state->tod_sent_to_tb) {
355                 tfmr = tfmr_new_tb_state(tfmr, TBST_TB_RUNNING);
356                 tfmr &= ~TFMR_MOVE_CHIP_TOD_TO_TB;
357                 tod_state->tb_ready_for_tod = 0;
358                 tod_state->tod_sent_to_tb = 0;
359             }
360         } else {
361             qemu_log_mask(LOG_GUEST_ERROR, "TFMR error: MOVE_CHIP_TOD_TO_TB "
362                           "state machine in invalid state 0x%x\n", tbst);
363             tfmr = tfmr_new_tb_state(tfmr, TBST_TB_ERROR);
364             tfmr |= TFMR_FIRMWARE_CONTROL_ERROR;
365             tod_state->tb_ready_for_tod = 0;
366         }
367     }
368 
369     write_tfmr(env, tfmr);
370 }
371 
372 target_ulong helper_load_tfmr(CPUPPCState *env)
373 {
374     tb_state_machine_step(env);
375 
376     return env->spr[SPR_TFMR] | TFMR_TB_ECLIPZ;
377 }
378 
379 void helper_store_tfmr(CPUPPCState *env, target_ulong val)
380 {
381     PowerPCCPU *cpu = env_archcpu(env);
382     PnvCoreTODState *tod_state = cpu_get_tbst(cpu);
383     uint64_t tfmr = env->spr[SPR_TFMR];
384     uint64_t clear_on_write;
385     unsigned int tbst = tfmr_get_tb_state(tfmr);
386 
387     if (!(val & TFMR_TB_ECLIPZ)) {
388         qemu_log_mask(LOG_UNIMP, "TFMR non-ECLIPZ mode not implemented\n");
389         tfmr &= ~TFMR_TBST_ENCODED;
390         tfmr &= ~TFMR_TBST_LAST;
391         goto out;
392     }
393 
394     /* Update control bits */
395     tfmr = (tfmr & ~TFMR_CONTROL_MASK) | (val & TFMR_CONTROL_MASK);
396 
397     /* Several bits are clear-on-write, only one is implemented so far */
398     clear_on_write = val & TFMR_FIRMWARE_CONTROL_ERROR;
399     tfmr &= ~clear_on_write;
400 
401     /*
402      * mtspr always clears this. The sync pulse timer makes it come back
403      * after the second mfspr.
404      */
405     tfmr &= ~TFMR_TB_SYNC_OCCURED;
406     tod_state->tb_sync_pulse_timer = 1;
407 
408     if (((tfmr | val) & (TFMR_LOAD_TOD_MOD | TFMR_MOVE_CHIP_TOD_TO_TB)) ==
409                         (TFMR_LOAD_TOD_MOD | TFMR_MOVE_CHIP_TOD_TO_TB)) {
410         qemu_log_mask(LOG_GUEST_ERROR, "TFMR error: LOAD_TOD_MOD and "
411                                        "MOVE_CHIP_TOD_TO_TB both set\n");
412         tfmr = tfmr_new_tb_state(tfmr, TBST_TB_ERROR);
413         tfmr |= TFMR_FIRMWARE_CONTROL_ERROR;
414         tod_state->tb_ready_for_tod = 0;
415         goto out;
416     }
417 
418     if (tfmr & TFMR_CLEAR_TB_ERRORS) {
419         /*
420          * Workbook says TFMR_CLEAR_TB_ERRORS should be written twice.
421          * This is not simulated/required here.
422          */
423         tfmr = tfmr_new_tb_state(tfmr, TBST_RESET);
424         tfmr &= ~TFMR_CLEAR_TB_ERRORS;
425         tfmr &= ~TFMR_LOAD_TOD_MOD;
426         tfmr &= ~TFMR_MOVE_CHIP_TOD_TO_TB;
427         tfmr &= ~TFMR_FIRMWARE_CONTROL_ERROR; /* XXX: should this be cleared? */
428         tod_state->tb_ready_for_tod = 0;
429         tod_state->tod_sent_to_tb = 0;
430         goto out;
431     }
432 
433     if (tbst == TBST_TB_ERROR) {
434         qemu_log_mask(LOG_GUEST_ERROR, "TFMR error: mtspr TFMR in TB_ERROR"
435                                        " state\n");
436         tfmr |= TFMR_FIRMWARE_CONTROL_ERROR;
437         return;
438     }
439 
440     if (tfmr & TFMR_LOAD_TOD_MOD) {
441         /* Wait for an arbitrary 3 mfspr until the next state transition. */
442         tod_state->tb_state_timer = 3;
443     } else if (tfmr & TFMR_MOVE_CHIP_TOD_TO_TB) {
444         if (tbst == TBST_NOT_SET) {
445             tfmr = tfmr_new_tb_state(tfmr, TBST_SYNC_WAIT);
446             tod_state->tb_ready_for_tod = 1;
447             tod_state->tb_state_timer = 3; /* arbitrary */
448         } else {
449             qemu_log_mask(LOG_GUEST_ERROR, "TFMR error: MOVE_CHIP_TOD_TO_TB "
450                                            "not in TB not set state 0x%x\n",
451                                            tbst);
452             tfmr = tfmr_new_tb_state(tfmr, TBST_TB_ERROR);
453             tfmr |= TFMR_FIRMWARE_CONTROL_ERROR;
454             tod_state->tb_ready_for_tod = 0;
455         }
456     }
457 
458 out:
459     write_tfmr(env, tfmr);
460 }
461 #endif
462 
463 /*****************************************************************************/
464 /* Embedded PowerPC specific helpers */
465 
466 /* XXX: to be improved to check access rights when in user-mode */
467 target_ulong helper_load_dcr(CPUPPCState *env, target_ulong dcrn)
468 {
469     uint32_t val = 0;
470 
471     if (unlikely(env->dcr_env == NULL)) {
472         qemu_log_mask(LOG_GUEST_ERROR, "No DCR environment\n");
473         raise_exception_err_ra(env, POWERPC_EXCP_PROGRAM,
474                                POWERPC_EXCP_INVAL |
475                                POWERPC_EXCP_INVAL_INVAL, GETPC());
476     } else {
477         int ret;
478 
479         bql_lock();
480         ret = ppc_dcr_read(env->dcr_env, (uint32_t)dcrn, &val);
481         bql_unlock();
482         if (unlikely(ret != 0)) {
483             qemu_log_mask(LOG_GUEST_ERROR, "DCR read error %d %03x\n",
484                           (uint32_t)dcrn, (uint32_t)dcrn);
485             raise_exception_err_ra(env, POWERPC_EXCP_PROGRAM,
486                                    POWERPC_EXCP_INVAL |
487                                    POWERPC_EXCP_INVAL_INVAL, GETPC());
488         }
489     }
490     return val;
491 }
492 
493 void helper_store_dcr(CPUPPCState *env, target_ulong dcrn, target_ulong val)
494 {
495     if (unlikely(env->dcr_env == NULL)) {
496         qemu_log_mask(LOG_GUEST_ERROR, "No DCR environment\n");
497         raise_exception_err_ra(env, POWERPC_EXCP_PROGRAM,
498                                POWERPC_EXCP_INVAL |
499                                POWERPC_EXCP_INVAL_INVAL, GETPC());
500     } else {
501         int ret;
502         bql_lock();
503         ret = ppc_dcr_write(env->dcr_env, (uint32_t)dcrn, (uint32_t)val);
504         bql_unlock();
505         if (unlikely(ret != 0)) {
506             qemu_log_mask(LOG_GUEST_ERROR, "DCR write error %d %03x\n",
507                           (uint32_t)dcrn, (uint32_t)dcrn);
508             raise_exception_err_ra(env, POWERPC_EXCP_PROGRAM,
509                                    POWERPC_EXCP_INVAL |
510                                    POWERPC_EXCP_INVAL_INVAL, GETPC());
511         }
512     }
513 }
514 #endif
515