1 /* 2 * Arm SSE (Subsystems for Embedded): IoTKit 3 * 4 * Copyright (c) 2018 Linaro Limited 5 * Written by Peter Maydell 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 or 9 * (at your option) any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "qemu/log.h" 14 #include "qemu/module.h" 15 #include "qemu/bitops.h" 16 #include "qapi/error.h" 17 #include "trace.h" 18 #include "hw/sysbus.h" 19 #include "migration/vmstate.h" 20 #include "hw/registerfields.h" 21 #include "hw/arm/armsse.h" 22 #include "hw/arm/armsse-version.h" 23 #include "hw/arm/boot.h" 24 #include "hw/irq.h" 25 #include "hw/qdev-clock.h" 26 27 /* 28 * The SSE-300 puts some devices in different places to the 29 * SSE-200 (and original IoTKit). We use an array of these structs 30 * to define how each variant lays out these devices. (Parts of the 31 * SoC that are the same for all variants aren't handled via these 32 * data structures.) 33 */ 34 35 #define NO_IRQ -1 36 #define NO_PPC -1 37 /* 38 * Special values for ARMSSEDeviceInfo::irq to indicate that this 39 * device uses one of the inputs to the OR gate that feeds into the 40 * CPU NMI input. 41 */ 42 #define NMI_0 10000 43 #define NMI_1 10001 44 45 typedef struct ARMSSEDeviceInfo { 46 const char *name; /* name to use for the QOM object; NULL terminates list */ 47 const char *type; /* QOM type name */ 48 unsigned int index; /* Which of the N devices of this type is this ? */ 49 hwaddr addr; 50 hwaddr size; /* only needed for TYPE_UNIMPLEMENTED_DEVICE */ 51 int ppc; /* Index of APB PPC this device is wired up to, or NO_PPC */ 52 int ppc_port; /* Port number of this device on the PPC */ 53 int irq; /* NO_IRQ, or 0..NUM_SSE_IRQS-1, or NMI_0 or NMI_1 */ 54 bool slowclk; /* true if device uses the slow 32KHz clock */ 55 } ARMSSEDeviceInfo; 56 57 struct ARMSSEInfo { 58 const char *name; 59 uint32_t sse_version; 60 int sram_banks; 61 int num_cpus; 62 uint32_t sys_version; 63 uint32_t iidr; 64 uint32_t cpuwait_rst; 65 bool has_mhus; 66 bool has_cachectrl; 67 bool has_cpusecctrl; 68 bool has_cpuid; 69 bool has_cpu_pwrctrl; 70 bool has_sse_counter; 71 Property *props; 72 const ARMSSEDeviceInfo *devinfo; 73 const bool *irq_is_common; 74 }; 75 76 static Property iotkit_properties[] = { 77 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION, 78 MemoryRegion *), 79 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64), 80 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15), 81 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000), 82 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], true), 83 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], true), 84 DEFINE_PROP_END_OF_LIST() 85 }; 86 87 static Property sse200_properties[] = { 88 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION, 89 MemoryRegion *), 90 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64), 91 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15), 92 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000), 93 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], false), 94 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], false), 95 DEFINE_PROP_BOOL("CPU1_FPU", ARMSSE, cpu_fpu[1], true), 96 DEFINE_PROP_BOOL("CPU1_DSP", ARMSSE, cpu_dsp[1], true), 97 DEFINE_PROP_END_OF_LIST() 98 }; 99 100 static Property sse300_properties[] = { 101 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION, 102 MemoryRegion *), 103 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64), 104 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15), 105 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000), 106 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], true), 107 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], true), 108 DEFINE_PROP_END_OF_LIST() 109 }; 110 111 static const ARMSSEDeviceInfo iotkit_devices[] = { 112 { 113 .name = "timer0", 114 .type = TYPE_CMSDK_APB_TIMER, 115 .index = 0, 116 .addr = 0x40000000, 117 .ppc = 0, 118 .ppc_port = 0, 119 .irq = 3, 120 }, 121 { 122 .name = "timer1", 123 .type = TYPE_CMSDK_APB_TIMER, 124 .index = 1, 125 .addr = 0x40001000, 126 .ppc = 0, 127 .ppc_port = 1, 128 .irq = 4, 129 }, 130 { 131 .name = "s32ktimer", 132 .type = TYPE_CMSDK_APB_TIMER, 133 .index = 2, 134 .addr = 0x4002f000, 135 .ppc = 1, 136 .ppc_port = 0, 137 .irq = 2, 138 .slowclk = true, 139 }, 140 { 141 .name = "dualtimer", 142 .type = TYPE_CMSDK_APB_DUALTIMER, 143 .index = 0, 144 .addr = 0x40002000, 145 .ppc = 0, 146 .ppc_port = 2, 147 .irq = 5, 148 }, 149 { 150 .name = "s32kwatchdog", 151 .type = TYPE_CMSDK_APB_WATCHDOG, 152 .index = 0, 153 .addr = 0x5002e000, 154 .ppc = NO_PPC, 155 .irq = NMI_0, 156 .slowclk = true, 157 }, 158 { 159 .name = "nswatchdog", 160 .type = TYPE_CMSDK_APB_WATCHDOG, 161 .index = 1, 162 .addr = 0x40081000, 163 .ppc = NO_PPC, 164 .irq = 1, 165 }, 166 { 167 .name = "swatchdog", 168 .type = TYPE_CMSDK_APB_WATCHDOG, 169 .index = 2, 170 .addr = 0x50081000, 171 .ppc = NO_PPC, 172 .irq = NMI_1, 173 }, 174 { 175 .name = "armsse-sysinfo", 176 .type = TYPE_IOTKIT_SYSINFO, 177 .index = 0, 178 .addr = 0x40020000, 179 .ppc = NO_PPC, 180 .irq = NO_IRQ, 181 }, 182 { 183 .name = "armsse-sysctl", 184 .type = TYPE_IOTKIT_SYSCTL, 185 .index = 0, 186 .addr = 0x50021000, 187 .ppc = NO_PPC, 188 .irq = NO_IRQ, 189 }, 190 { 191 .name = NULL, 192 } 193 }; 194 195 static const ARMSSEDeviceInfo sse200_devices[] = { 196 { 197 .name = "timer0", 198 .type = TYPE_CMSDK_APB_TIMER, 199 .index = 0, 200 .addr = 0x40000000, 201 .ppc = 0, 202 .ppc_port = 0, 203 .irq = 3, 204 }, 205 { 206 .name = "timer1", 207 .type = TYPE_CMSDK_APB_TIMER, 208 .index = 1, 209 .addr = 0x40001000, 210 .ppc = 0, 211 .ppc_port = 1, 212 .irq = 4, 213 }, 214 { 215 .name = "s32ktimer", 216 .type = TYPE_CMSDK_APB_TIMER, 217 .index = 2, 218 .addr = 0x4002f000, 219 .ppc = 1, 220 .ppc_port = 0, 221 .irq = 2, 222 .slowclk = true, 223 }, 224 { 225 .name = "dualtimer", 226 .type = TYPE_CMSDK_APB_DUALTIMER, 227 .index = 0, 228 .addr = 0x40002000, 229 .ppc = 0, 230 .ppc_port = 2, 231 .irq = 5, 232 }, 233 { 234 .name = "s32kwatchdog", 235 .type = TYPE_CMSDK_APB_WATCHDOG, 236 .index = 0, 237 .addr = 0x5002e000, 238 .ppc = NO_PPC, 239 .irq = NMI_0, 240 .slowclk = true, 241 }, 242 { 243 .name = "nswatchdog", 244 .type = TYPE_CMSDK_APB_WATCHDOG, 245 .index = 1, 246 .addr = 0x40081000, 247 .ppc = NO_PPC, 248 .irq = 1, 249 }, 250 { 251 .name = "swatchdog", 252 .type = TYPE_CMSDK_APB_WATCHDOG, 253 .index = 2, 254 .addr = 0x50081000, 255 .ppc = NO_PPC, 256 .irq = NMI_1, 257 }, 258 { 259 .name = "armsse-sysinfo", 260 .type = TYPE_IOTKIT_SYSINFO, 261 .index = 0, 262 .addr = 0x40020000, 263 .ppc = NO_PPC, 264 .irq = NO_IRQ, 265 }, 266 { 267 .name = "armsse-sysctl", 268 .type = TYPE_IOTKIT_SYSCTL, 269 .index = 0, 270 .addr = 0x50021000, 271 .ppc = NO_PPC, 272 .irq = NO_IRQ, 273 }, 274 { 275 .name = "CPU0CORE_PPU", 276 .type = TYPE_UNIMPLEMENTED_DEVICE, 277 .index = 0, 278 .addr = 0x50023000, 279 .size = 0x1000, 280 .ppc = NO_PPC, 281 .irq = NO_IRQ, 282 }, 283 { 284 .name = "CPU1CORE_PPU", 285 .type = TYPE_UNIMPLEMENTED_DEVICE, 286 .index = 1, 287 .addr = 0x50025000, 288 .size = 0x1000, 289 .ppc = NO_PPC, 290 .irq = NO_IRQ, 291 }, 292 { 293 .name = "DBG_PPU", 294 .type = TYPE_UNIMPLEMENTED_DEVICE, 295 .index = 2, 296 .addr = 0x50029000, 297 .size = 0x1000, 298 .ppc = NO_PPC, 299 .irq = NO_IRQ, 300 }, 301 { 302 .name = "RAM0_PPU", 303 .type = TYPE_UNIMPLEMENTED_DEVICE, 304 .index = 3, 305 .addr = 0x5002a000, 306 .size = 0x1000, 307 .ppc = NO_PPC, 308 .irq = NO_IRQ, 309 }, 310 { 311 .name = "RAM1_PPU", 312 .type = TYPE_UNIMPLEMENTED_DEVICE, 313 .index = 4, 314 .addr = 0x5002b000, 315 .size = 0x1000, 316 .ppc = NO_PPC, 317 .irq = NO_IRQ, 318 }, 319 { 320 .name = "RAM2_PPU", 321 .type = TYPE_UNIMPLEMENTED_DEVICE, 322 .index = 5, 323 .addr = 0x5002c000, 324 .size = 0x1000, 325 .ppc = NO_PPC, 326 .irq = NO_IRQ, 327 }, 328 { 329 .name = "RAM3_PPU", 330 .type = TYPE_UNIMPLEMENTED_DEVICE, 331 .index = 6, 332 .addr = 0x5002d000, 333 .size = 0x1000, 334 .ppc = NO_PPC, 335 .irq = NO_IRQ, 336 }, 337 { 338 .name = "SYS_PPU", 339 .type = TYPE_UNIMPLEMENTED_DEVICE, 340 .index = 7, 341 .addr = 0x50022000, 342 .size = 0x1000, 343 .ppc = NO_PPC, 344 .irq = NO_IRQ, 345 }, 346 { 347 .name = NULL, 348 } 349 }; 350 351 static const ARMSSEDeviceInfo sse300_devices[] = { 352 { 353 .name = "timer0", 354 .type = TYPE_SSE_TIMER, 355 .index = 0, 356 .addr = 0x48000000, 357 .ppc = 0, 358 .ppc_port = 0, 359 .irq = 3, 360 }, 361 { 362 .name = "timer1", 363 .type = TYPE_SSE_TIMER, 364 .index = 1, 365 .addr = 0x48001000, 366 .ppc = 0, 367 .ppc_port = 1, 368 .irq = 4, 369 }, 370 { 371 .name = "timer2", 372 .type = TYPE_SSE_TIMER, 373 .index = 2, 374 .addr = 0x48002000, 375 .ppc = 0, 376 .ppc_port = 2, 377 .irq = 5, 378 }, 379 { 380 .name = "timer3", 381 .type = TYPE_SSE_TIMER, 382 .index = 3, 383 .addr = 0x48003000, 384 .ppc = 0, 385 .ppc_port = 5, 386 .irq = 27, 387 }, 388 { 389 .name = "s32ktimer", 390 .type = TYPE_CMSDK_APB_TIMER, 391 .index = 0, 392 .addr = 0x4802f000, 393 .ppc = 1, 394 .ppc_port = 0, 395 .irq = 2, 396 .slowclk = true, 397 }, 398 { 399 .name = "s32kwatchdog", 400 .type = TYPE_CMSDK_APB_WATCHDOG, 401 .index = 0, 402 .addr = 0x4802e000, 403 .ppc = NO_PPC, 404 .irq = NMI_0, 405 .slowclk = true, 406 }, 407 { 408 .name = "watchdog", 409 .type = TYPE_UNIMPLEMENTED_DEVICE, 410 .index = 0, 411 .addr = 0x48040000, 412 .size = 0x2000, 413 .ppc = NO_PPC, 414 .irq = NO_IRQ, 415 }, 416 { 417 .name = "armsse-sysinfo", 418 .type = TYPE_IOTKIT_SYSINFO, 419 .index = 0, 420 .addr = 0x48020000, 421 .ppc = NO_PPC, 422 .irq = NO_IRQ, 423 }, 424 { 425 .name = "armsse-sysctl", 426 .type = TYPE_IOTKIT_SYSCTL, 427 .index = 0, 428 .addr = 0x58021000, 429 .ppc = NO_PPC, 430 .irq = NO_IRQ, 431 }, 432 { 433 .name = "SYS_PPU", 434 .type = TYPE_UNIMPLEMENTED_DEVICE, 435 .index = 1, 436 .addr = 0x58022000, 437 .size = 0x1000, 438 .ppc = NO_PPC, 439 .irq = NO_IRQ, 440 }, 441 { 442 .name = "CPU0CORE_PPU", 443 .type = TYPE_UNIMPLEMENTED_DEVICE, 444 .index = 2, 445 .addr = 0x50023000, 446 .size = 0x1000, 447 .ppc = NO_PPC, 448 .irq = NO_IRQ, 449 }, 450 { 451 .name = "MGMT_PPU", 452 .type = TYPE_UNIMPLEMENTED_DEVICE, 453 .index = 3, 454 .addr = 0x50028000, 455 .size = 0x1000, 456 .ppc = NO_PPC, 457 .irq = NO_IRQ, 458 }, 459 { 460 .name = "DEBUG_PPU", 461 .type = TYPE_UNIMPLEMENTED_DEVICE, 462 .index = 4, 463 .addr = 0x50029000, 464 .size = 0x1000, 465 .ppc = NO_PPC, 466 .irq = NO_IRQ, 467 }, 468 { 469 .name = NULL, 470 } 471 }; 472 473 /* Is internal IRQ n shared between CPUs in a multi-core SSE ? */ 474 static const bool sse200_irq_is_common[32] = { 475 [0 ... 5] = true, 476 /* 6, 7: per-CPU MHU interrupts */ 477 [8 ... 12] = true, 478 /* 13: per-CPU icache interrupt */ 479 /* 14: reserved */ 480 [15 ... 20] = true, 481 /* 21: reserved */ 482 [22 ... 26] = true, 483 /* 27: reserved */ 484 /* 28, 29: per-CPU CTI interrupts */ 485 /* 30, 31: reserved */ 486 }; 487 488 static const bool sse300_irq_is_common[32] = { 489 [0 ... 5] = true, 490 /* 6, 7: per-CPU MHU interrupts */ 491 [8 ... 12] = true, 492 /* 13: reserved */ 493 [14 ... 16] = true, 494 /* 17-25: reserved */ 495 [26 ... 27] = true, 496 /* 28, 29: per-CPU CTI interrupts */ 497 /* 30, 31: reserved */ 498 }; 499 500 static const ARMSSEInfo armsse_variants[] = { 501 { 502 .name = TYPE_IOTKIT, 503 .sse_version = ARMSSE_IOTKIT, 504 .sram_banks = 1, 505 .num_cpus = 1, 506 .sys_version = 0x41743, 507 .iidr = 0, 508 .cpuwait_rst = 0, 509 .has_mhus = false, 510 .has_cachectrl = false, 511 .has_cpusecctrl = false, 512 .has_cpuid = false, 513 .has_cpu_pwrctrl = false, 514 .has_sse_counter = false, 515 .props = iotkit_properties, 516 .devinfo = iotkit_devices, 517 .irq_is_common = sse200_irq_is_common, 518 }, 519 { 520 .name = TYPE_SSE200, 521 .sse_version = ARMSSE_SSE200, 522 .sram_banks = 4, 523 .num_cpus = 2, 524 .sys_version = 0x22041743, 525 .iidr = 0, 526 .cpuwait_rst = 2, 527 .has_mhus = true, 528 .has_cachectrl = true, 529 .has_cpusecctrl = true, 530 .has_cpuid = true, 531 .has_cpu_pwrctrl = false, 532 .has_sse_counter = false, 533 .props = sse200_properties, 534 .devinfo = sse200_devices, 535 .irq_is_common = sse200_irq_is_common, 536 }, 537 { 538 .name = TYPE_SSE300, 539 .sse_version = ARMSSE_SSE300, 540 .sram_banks = 2, 541 .num_cpus = 1, 542 .sys_version = 0x7e00043b, 543 .iidr = 0x74a0043b, 544 .cpuwait_rst = 0, 545 .has_mhus = false, 546 .has_cachectrl = false, 547 .has_cpusecctrl = true, 548 .has_cpuid = true, 549 .has_cpu_pwrctrl = true, 550 .has_sse_counter = true, 551 .props = sse300_properties, 552 .devinfo = sse300_devices, 553 .irq_is_common = sse300_irq_is_common, 554 }, 555 }; 556 557 static uint32_t armsse_sys_config_value(ARMSSE *s, const ARMSSEInfo *info) 558 { 559 /* Return the SYS_CONFIG value for this SSE */ 560 uint32_t sys_config; 561 562 switch (info->sse_version) { 563 case ARMSSE_IOTKIT: 564 sys_config = 0; 565 sys_config = deposit32(sys_config, 0, 4, info->sram_banks); 566 sys_config = deposit32(sys_config, 4, 4, s->sram_addr_width - 12); 567 break; 568 case ARMSSE_SSE200: 569 sys_config = 0; 570 sys_config = deposit32(sys_config, 0, 4, info->sram_banks); 571 sys_config = deposit32(sys_config, 4, 5, s->sram_addr_width); 572 sys_config = deposit32(sys_config, 24, 4, 2); 573 if (info->num_cpus > 1) { 574 sys_config = deposit32(sys_config, 10, 1, 1); 575 sys_config = deposit32(sys_config, 20, 4, info->sram_banks - 1); 576 sys_config = deposit32(sys_config, 28, 4, 2); 577 } 578 break; 579 case ARMSSE_SSE300: 580 sys_config = 0; 581 sys_config = deposit32(sys_config, 0, 4, info->sram_banks); 582 sys_config = deposit32(sys_config, 4, 5, s->sram_addr_width); 583 sys_config = deposit32(sys_config, 16, 3, 3); /* CPU0 = Cortex-M55 */ 584 break; 585 default: 586 g_assert_not_reached(); 587 } 588 return sys_config; 589 } 590 591 /* Clock frequency in HZ of the 32KHz "slow clock" */ 592 #define S32KCLK (32 * 1000) 593 594 /* 595 * Create an alias region in @container of @size bytes starting at @base 596 * which mirrors the memory starting at @orig. 597 */ 598 static void make_alias(ARMSSE *s, MemoryRegion *mr, MemoryRegion *container, 599 const char *name, hwaddr base, hwaddr size, hwaddr orig) 600 { 601 memory_region_init_alias(mr, NULL, name, container, orig, size); 602 /* The alias is even lower priority than unimplemented_device regions */ 603 memory_region_add_subregion_overlap(container, base, mr, -1500); 604 } 605 606 static void irq_status_forwarder(void *opaque, int n, int level) 607 { 608 qemu_irq destirq = opaque; 609 610 qemu_set_irq(destirq, level); 611 } 612 613 static void nsccfg_handler(void *opaque, int n, int level) 614 { 615 ARMSSE *s = ARM_SSE(opaque); 616 617 s->nsccfg = level; 618 } 619 620 static void armsse_forward_ppc(ARMSSE *s, const char *ppcname, int ppcnum) 621 { 622 /* Each of the 4 AHB and 4 APB PPCs that might be present in a 623 * system using the ARMSSE has a collection of control lines which 624 * are provided by the security controller and which we want to 625 * expose as control lines on the ARMSSE device itself, so the 626 * code using the ARMSSE can wire them up to the PPCs. 627 */ 628 SplitIRQ *splitter = &s->ppc_irq_splitter[ppcnum]; 629 DeviceState *armssedev = DEVICE(s); 630 DeviceState *dev_secctl = DEVICE(&s->secctl); 631 DeviceState *dev_splitter = DEVICE(splitter); 632 char *name; 633 634 name = g_strdup_printf("%s_nonsec", ppcname); 635 qdev_pass_gpios(dev_secctl, armssedev, name); 636 g_free(name); 637 name = g_strdup_printf("%s_ap", ppcname); 638 qdev_pass_gpios(dev_secctl, armssedev, name); 639 g_free(name); 640 name = g_strdup_printf("%s_irq_enable", ppcname); 641 qdev_pass_gpios(dev_secctl, armssedev, name); 642 g_free(name); 643 name = g_strdup_printf("%s_irq_clear", ppcname); 644 qdev_pass_gpios(dev_secctl, armssedev, name); 645 g_free(name); 646 647 /* irq_status is a little more tricky, because we need to 648 * split it so we can send it both to the security controller 649 * and to our OR gate for the NVIC interrupt line. 650 * Connect up the splitter's outputs, and create a GPIO input 651 * which will pass the line state to the input splitter. 652 */ 653 name = g_strdup_printf("%s_irq_status", ppcname); 654 qdev_connect_gpio_out(dev_splitter, 0, 655 qdev_get_gpio_in_named(dev_secctl, 656 name, 0)); 657 qdev_connect_gpio_out(dev_splitter, 1, 658 qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), ppcnum)); 659 s->irq_status_in[ppcnum] = qdev_get_gpio_in(dev_splitter, 0); 660 qdev_init_gpio_in_named_with_opaque(armssedev, irq_status_forwarder, 661 s->irq_status_in[ppcnum], name, 1); 662 g_free(name); 663 } 664 665 static void armsse_forward_sec_resp_cfg(ARMSSE *s) 666 { 667 /* Forward the 3rd output from the splitter device as a 668 * named GPIO output of the armsse object. 669 */ 670 DeviceState *dev = DEVICE(s); 671 DeviceState *dev_splitter = DEVICE(&s->sec_resp_splitter); 672 673 qdev_init_gpio_out_named(dev, &s->sec_resp_cfg, "sec_resp_cfg", 1); 674 s->sec_resp_cfg_in = qemu_allocate_irq(irq_status_forwarder, 675 s->sec_resp_cfg, 1); 676 qdev_connect_gpio_out(dev_splitter, 2, s->sec_resp_cfg_in); 677 } 678 679 static void armsse_mainclk_update(void *opaque, ClockEvent event) 680 { 681 ARMSSE *s = ARM_SSE(opaque); 682 683 /* 684 * Set system_clock_scale from our Clock input; this is what 685 * controls the tick rate of the CPU SysTick timer. 686 */ 687 system_clock_scale = clock_ticks_to_ns(s->mainclk, 1); 688 } 689 690 static void armsse_init(Object *obj) 691 { 692 ARMSSE *s = ARM_SSE(obj); 693 ARMSSEClass *asc = ARM_SSE_GET_CLASS(obj); 694 const ARMSSEInfo *info = asc->info; 695 const ARMSSEDeviceInfo *devinfo; 696 int i; 697 698 assert(info->sram_banks <= MAX_SRAM_BANKS); 699 assert(info->num_cpus <= SSE_MAX_CPUS); 700 701 s->mainclk = qdev_init_clock_in(DEVICE(s), "MAINCLK", 702 armsse_mainclk_update, s, ClockUpdate); 703 s->s32kclk = qdev_init_clock_in(DEVICE(s), "S32KCLK", NULL, NULL, 0); 704 705 memory_region_init(&s->container, obj, "armsse-container", UINT64_MAX); 706 707 for (i = 0; i < info->num_cpus; i++) { 708 /* 709 * We put each CPU in its own cluster as they are logically 710 * distinct and may be configured differently. 711 */ 712 char *name; 713 714 name = g_strdup_printf("cluster%d", i); 715 object_initialize_child(obj, name, &s->cluster[i], TYPE_CPU_CLUSTER); 716 qdev_prop_set_uint32(DEVICE(&s->cluster[i]), "cluster-id", i); 717 g_free(name); 718 719 name = g_strdup_printf("armv7m%d", i); 720 object_initialize_child(OBJECT(&s->cluster[i]), name, &s->armv7m[i], 721 TYPE_ARMV7M); 722 qdev_prop_set_string(DEVICE(&s->armv7m[i]), "cpu-type", 723 ARM_CPU_TYPE_NAME("cortex-m33")); 724 g_free(name); 725 name = g_strdup_printf("arm-sse-cpu-container%d", i); 726 memory_region_init(&s->cpu_container[i], obj, name, UINT64_MAX); 727 g_free(name); 728 if (i > 0) { 729 name = g_strdup_printf("arm-sse-container-alias%d", i); 730 memory_region_init_alias(&s->container_alias[i - 1], obj, 731 name, &s->container, 0, UINT64_MAX); 732 g_free(name); 733 } 734 } 735 736 for (devinfo = info->devinfo; devinfo->name; devinfo++) { 737 assert(devinfo->ppc == NO_PPC || devinfo->ppc < ARRAY_SIZE(s->apb_ppc)); 738 if (!strcmp(devinfo->type, TYPE_CMSDK_APB_TIMER)) { 739 assert(devinfo->index < ARRAY_SIZE(s->timer)); 740 object_initialize_child(obj, devinfo->name, 741 &s->timer[devinfo->index], 742 TYPE_CMSDK_APB_TIMER); 743 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_DUALTIMER)) { 744 assert(devinfo->index == 0); 745 object_initialize_child(obj, devinfo->name, &s->dualtimer, 746 TYPE_CMSDK_APB_DUALTIMER); 747 } else if (!strcmp(devinfo->type, TYPE_SSE_TIMER)) { 748 assert(devinfo->index < ARRAY_SIZE(s->sse_timer)); 749 object_initialize_child(obj, devinfo->name, 750 &s->sse_timer[devinfo->index], 751 TYPE_SSE_TIMER); 752 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_WATCHDOG)) { 753 assert(devinfo->index < ARRAY_SIZE(s->cmsdk_watchdog)); 754 object_initialize_child(obj, devinfo->name, 755 &s->cmsdk_watchdog[devinfo->index], 756 TYPE_CMSDK_APB_WATCHDOG); 757 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSINFO)) { 758 assert(devinfo->index == 0); 759 object_initialize_child(obj, devinfo->name, &s->sysinfo, 760 TYPE_IOTKIT_SYSINFO); 761 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSCTL)) { 762 assert(devinfo->index == 0); 763 object_initialize_child(obj, devinfo->name, &s->sysctl, 764 TYPE_IOTKIT_SYSCTL); 765 } else if (!strcmp(devinfo->type, TYPE_UNIMPLEMENTED_DEVICE)) { 766 assert(devinfo->index < ARRAY_SIZE(s->unimp)); 767 object_initialize_child(obj, devinfo->name, 768 &s->unimp[devinfo->index], 769 TYPE_UNIMPLEMENTED_DEVICE); 770 } else { 771 g_assert_not_reached(); 772 } 773 } 774 775 object_initialize_child(obj, "secctl", &s->secctl, TYPE_IOTKIT_SECCTL); 776 777 for (i = 0; i < ARRAY_SIZE(s->apb_ppc); i++) { 778 g_autofree char *name = g_strdup_printf("apb-ppc%d", i); 779 object_initialize_child(obj, name, &s->apb_ppc[i], TYPE_TZ_PPC); 780 } 781 782 for (i = 0; i < info->sram_banks; i++) { 783 char *name = g_strdup_printf("mpc%d", i); 784 object_initialize_child(obj, name, &s->mpc[i], TYPE_TZ_MPC); 785 g_free(name); 786 } 787 object_initialize_child(obj, "mpc-irq-orgate", &s->mpc_irq_orgate, 788 TYPE_OR_IRQ); 789 790 for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) { 791 char *name = g_strdup_printf("mpc-irq-splitter-%d", i); 792 SplitIRQ *splitter = &s->mpc_irq_splitter[i]; 793 794 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ); 795 g_free(name); 796 } 797 798 if (info->has_mhus) { 799 object_initialize_child(obj, "mhu0", &s->mhu[0], TYPE_ARMSSE_MHU); 800 object_initialize_child(obj, "mhu1", &s->mhu[1], TYPE_ARMSSE_MHU); 801 } 802 if (info->has_cachectrl) { 803 for (i = 0; i < info->num_cpus; i++) { 804 char *name = g_strdup_printf("cachectrl%d", i); 805 806 object_initialize_child(obj, name, &s->cachectrl[i], 807 TYPE_UNIMPLEMENTED_DEVICE); 808 g_free(name); 809 } 810 } 811 if (info->has_cpusecctrl) { 812 for (i = 0; i < info->num_cpus; i++) { 813 char *name = g_strdup_printf("cpusecctrl%d", i); 814 815 object_initialize_child(obj, name, &s->cpusecctrl[i], 816 TYPE_UNIMPLEMENTED_DEVICE); 817 g_free(name); 818 } 819 } 820 if (info->has_cpuid) { 821 for (i = 0; i < info->num_cpus; i++) { 822 char *name = g_strdup_printf("cpuid%d", i); 823 824 object_initialize_child(obj, name, &s->cpuid[i], 825 TYPE_ARMSSE_CPUID); 826 g_free(name); 827 } 828 } 829 if (info->has_cpu_pwrctrl) { 830 for (i = 0; i < info->num_cpus; i++) { 831 char *name = g_strdup_printf("cpu_pwrctrl%d", i); 832 833 object_initialize_child(obj, name, &s->cpu_pwrctrl[i], 834 TYPE_ARMSSE_CPU_PWRCTRL); 835 g_free(name); 836 } 837 } 838 if (info->has_sse_counter) { 839 object_initialize_child(obj, "sse-counter", &s->sse_counter, 840 TYPE_SSE_COUNTER); 841 } 842 843 object_initialize_child(obj, "nmi-orgate", &s->nmi_orgate, TYPE_OR_IRQ); 844 object_initialize_child(obj, "ppc-irq-orgate", &s->ppc_irq_orgate, 845 TYPE_OR_IRQ); 846 object_initialize_child(obj, "sec-resp-splitter", &s->sec_resp_splitter, 847 TYPE_SPLIT_IRQ); 848 for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) { 849 char *name = g_strdup_printf("ppc-irq-splitter-%d", i); 850 SplitIRQ *splitter = &s->ppc_irq_splitter[i]; 851 852 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ); 853 g_free(name); 854 } 855 if (info->num_cpus > 1) { 856 for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) { 857 if (info->irq_is_common[i]) { 858 char *name = g_strdup_printf("cpu-irq-splitter%d", i); 859 SplitIRQ *splitter = &s->cpu_irq_splitter[i]; 860 861 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ); 862 g_free(name); 863 } 864 } 865 } 866 } 867 868 static void armsse_exp_irq(void *opaque, int n, int level) 869 { 870 qemu_irq *irqarray = opaque; 871 872 qemu_set_irq(irqarray[n], level); 873 } 874 875 static void armsse_mpcexp_status(void *opaque, int n, int level) 876 { 877 ARMSSE *s = ARM_SSE(opaque); 878 qemu_set_irq(s->mpcexp_status_in[n], level); 879 } 880 881 static qemu_irq armsse_get_common_irq_in(ARMSSE *s, int irqno) 882 { 883 /* 884 * Return a qemu_irq which can be used to signal IRQ n to 885 * all CPUs in the SSE. 886 */ 887 ARMSSEClass *asc = ARM_SSE_GET_CLASS(s); 888 const ARMSSEInfo *info = asc->info; 889 890 assert(info->irq_is_common[irqno]); 891 892 if (info->num_cpus == 1) { 893 /* Only one CPU -- just connect directly to it */ 894 return qdev_get_gpio_in(DEVICE(&s->armv7m[0]), irqno); 895 } else { 896 /* Connect to the splitter which feeds all CPUs */ 897 return qdev_get_gpio_in(DEVICE(&s->cpu_irq_splitter[irqno]), 0); 898 } 899 } 900 901 static void armsse_realize(DeviceState *dev, Error **errp) 902 { 903 ARMSSE *s = ARM_SSE(dev); 904 ARMSSEClass *asc = ARM_SSE_GET_CLASS(dev); 905 const ARMSSEInfo *info = asc->info; 906 const ARMSSEDeviceInfo *devinfo; 907 int i; 908 MemoryRegion *mr; 909 Error *err = NULL; 910 SysBusDevice *sbd_apb_ppc0; 911 SysBusDevice *sbd_secctl; 912 DeviceState *dev_apb_ppc0; 913 DeviceState *dev_apb_ppc1; 914 DeviceState *dev_secctl; 915 DeviceState *dev_splitter; 916 uint32_t addr_width_max; 917 918 if (!s->board_memory) { 919 error_setg(errp, "memory property was not set"); 920 return; 921 } 922 923 if (!clock_has_source(s->mainclk)) { 924 error_setg(errp, "MAINCLK clock was not connected"); 925 } 926 if (!clock_has_source(s->s32kclk)) { 927 error_setg(errp, "S32KCLK clock was not connected"); 928 } 929 930 assert(info->num_cpus <= SSE_MAX_CPUS); 931 932 /* max SRAM_ADDR_WIDTH: 24 - log2(SRAM_NUM_BANK) */ 933 assert(is_power_of_2(info->sram_banks)); 934 addr_width_max = 24 - ctz32(info->sram_banks); 935 if (s->sram_addr_width < 1 || s->sram_addr_width > addr_width_max) { 936 error_setg(errp, "SRAM_ADDR_WIDTH must be between 1 and %d", 937 addr_width_max); 938 return; 939 } 940 941 /* Handling of which devices should be available only to secure 942 * code is usually done differently for M profile than for A profile. 943 * Instead of putting some devices only into the secure address space, 944 * devices exist in both address spaces but with hard-wired security 945 * permissions that will cause the CPU to fault for non-secure accesses. 946 * 947 * The ARMSSE has an IDAU (Implementation Defined Access Unit), 948 * which specifies hard-wired security permissions for different 949 * areas of the physical address space. For the ARMSSE IDAU, the 950 * top 4 bits of the physical address are the IDAU region ID, and 951 * if bit 28 (ie the lowest bit of the ID) is 0 then this is an NS 952 * region, otherwise it is an S region. 953 * 954 * The various devices and RAMs are generally all mapped twice, 955 * once into a region that the IDAU defines as secure and once 956 * into a non-secure region. They sit behind either a Memory 957 * Protection Controller (for RAM) or a Peripheral Protection 958 * Controller (for devices), which allow a more fine grained 959 * configuration of whether non-secure accesses are permitted. 960 * 961 * (The other place that guest software can configure security 962 * permissions is in the architected SAU (Security Attribution 963 * Unit), which is entirely inside the CPU. The IDAU can upgrade 964 * the security attributes for a region to more restrictive than 965 * the SAU specifies, but cannot downgrade them.) 966 * 967 * 0x10000000..0x1fffffff alias of 0x00000000..0x0fffffff 968 * 0x20000000..0x2007ffff 32KB FPGA block RAM 969 * 0x30000000..0x3fffffff alias of 0x20000000..0x2fffffff 970 * 0x40000000..0x4000ffff base peripheral region 1 971 * 0x40010000..0x4001ffff CPU peripherals (none for ARMSSE) 972 * 0x40020000..0x4002ffff system control element peripherals 973 * 0x40080000..0x400fffff base peripheral region 2 974 * 0x50000000..0x5fffffff alias of 0x40000000..0x4fffffff 975 */ 976 977 memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -2); 978 979 for (i = 0; i < info->num_cpus; i++) { 980 DeviceState *cpudev = DEVICE(&s->armv7m[i]); 981 Object *cpuobj = OBJECT(&s->armv7m[i]); 982 int j; 983 char *gpioname; 984 985 qdev_prop_set_uint32(cpudev, "num-irq", s->exp_numirq + NUM_SSE_IRQS); 986 /* 987 * In real hardware the initial Secure VTOR is set from the INITSVTOR* 988 * registers in the IoT Kit System Control Register block. In QEMU 989 * we set the initial value here, and also the reset value of the 990 * sysctl register, from this object's QOM init-svtor property. 991 * If the guest changes the INITSVTOR* registers at runtime then the 992 * code in iotkit-sysctl.c will update the CPU init-svtor property 993 * (which will then take effect on the next CPU warm-reset). 994 * 995 * Note that typically a board using the SSE-200 will have a system 996 * control processor whose boot firmware initializes the INITSVTOR* 997 * registers before powering up the CPUs. QEMU doesn't emulate 998 * the control processor, so instead we behave in the way that the 999 * firmware does: the initial value should be set by the board code 1000 * (using the init-svtor property on the ARMSSE object) to match 1001 * whatever its firmware does. 1002 */ 1003 qdev_prop_set_uint32(cpudev, "init-svtor", s->init_svtor); 1004 /* 1005 * CPUs start powered down if the corresponding bit in the CPUWAIT 1006 * register is 1. In real hardware the CPUWAIT register reset value is 1007 * a configurable property of the SSE-200 (via the CPUWAIT0_RST and 1008 * CPUWAIT1_RST parameters), but since all the boards we care about 1009 * start CPU0 and leave CPU1 powered off, we hard-code that in 1010 * info->cpuwait_rst for now. We can add QOM properties for this 1011 * later if necessary. 1012 */ 1013 if (extract32(info->cpuwait_rst, i, 1)) { 1014 if (!object_property_set_bool(cpuobj, "start-powered-off", true, 1015 errp)) { 1016 return; 1017 } 1018 } 1019 if (!s->cpu_fpu[i]) { 1020 if (!object_property_set_bool(cpuobj, "vfp", false, errp)) { 1021 return; 1022 } 1023 } 1024 if (!s->cpu_dsp[i]) { 1025 if (!object_property_set_bool(cpuobj, "dsp", false, errp)) { 1026 return; 1027 } 1028 } 1029 1030 if (i > 0) { 1031 memory_region_add_subregion_overlap(&s->cpu_container[i], 0, 1032 &s->container_alias[i - 1], -1); 1033 } else { 1034 memory_region_add_subregion_overlap(&s->cpu_container[i], 0, 1035 &s->container, -1); 1036 } 1037 object_property_set_link(cpuobj, "memory", 1038 OBJECT(&s->cpu_container[i]), &error_abort); 1039 object_property_set_link(cpuobj, "idau", OBJECT(s), &error_abort); 1040 if (!sysbus_realize(SYS_BUS_DEVICE(cpuobj), errp)) { 1041 return; 1042 } 1043 /* 1044 * The cluster must be realized after the armv7m container, as 1045 * the container's CPU object is only created on realize, and the 1046 * CPU must exist and have been parented into the cluster before 1047 * the cluster is realized. 1048 */ 1049 if (!qdev_realize(DEVICE(&s->cluster[i]), NULL, errp)) { 1050 return; 1051 } 1052 1053 /* Connect EXP_IRQ/EXP_CPUn_IRQ GPIOs to the NVIC's lines 32 and up */ 1054 s->exp_irqs[i] = g_new(qemu_irq, s->exp_numirq); 1055 for (j = 0; j < s->exp_numirq; j++) { 1056 s->exp_irqs[i][j] = qdev_get_gpio_in(cpudev, j + NUM_SSE_IRQS); 1057 } 1058 if (i == 0) { 1059 gpioname = g_strdup("EXP_IRQ"); 1060 } else { 1061 gpioname = g_strdup_printf("EXP_CPU%d_IRQ", i); 1062 } 1063 qdev_init_gpio_in_named_with_opaque(dev, armsse_exp_irq, 1064 s->exp_irqs[i], 1065 gpioname, s->exp_numirq); 1066 g_free(gpioname); 1067 } 1068 1069 /* Wire up the splitters that connect common IRQs to all CPUs */ 1070 if (info->num_cpus > 1) { 1071 for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) { 1072 if (info->irq_is_common[i]) { 1073 Object *splitter = OBJECT(&s->cpu_irq_splitter[i]); 1074 DeviceState *devs = DEVICE(splitter); 1075 int cpunum; 1076 1077 if (!object_property_set_int(splitter, "num-lines", 1078 info->num_cpus, errp)) { 1079 return; 1080 } 1081 if (!qdev_realize(DEVICE(splitter), NULL, errp)) { 1082 return; 1083 } 1084 for (cpunum = 0; cpunum < info->num_cpus; cpunum++) { 1085 DeviceState *cpudev = DEVICE(&s->armv7m[cpunum]); 1086 1087 qdev_connect_gpio_out(devs, cpunum, 1088 qdev_get_gpio_in(cpudev, i)); 1089 } 1090 } 1091 } 1092 } 1093 1094 /* Set up the big aliases first */ 1095 make_alias(s, &s->alias1, &s->container, "alias 1", 1096 0x10000000, 0x10000000, 0x00000000); 1097 make_alias(s, &s->alias2, &s->container, 1098 "alias 2", 0x30000000, 0x10000000, 0x20000000); 1099 /* The 0x50000000..0x5fffffff region is not a pure alias: it has 1100 * a few extra devices that only appear there (generally the 1101 * control interfaces for the protection controllers). 1102 * We implement this by mapping those devices over the top of this 1103 * alias MR at a higher priority. Some of the devices in this range 1104 * are per-CPU, so we must put this alias in the per-cpu containers. 1105 */ 1106 for (i = 0; i < info->num_cpus; i++) { 1107 make_alias(s, &s->alias3[i], &s->cpu_container[i], 1108 "alias 3", 0x50000000, 0x10000000, 0x40000000); 1109 } 1110 1111 /* Security controller */ 1112 object_property_set_int(OBJECT(&s->secctl), "sse-version", 1113 info->sse_version, &error_abort); 1114 if (!sysbus_realize(SYS_BUS_DEVICE(&s->secctl), errp)) { 1115 return; 1116 } 1117 sbd_secctl = SYS_BUS_DEVICE(&s->secctl); 1118 dev_secctl = DEVICE(&s->secctl); 1119 sysbus_mmio_map(sbd_secctl, 0, 0x50080000); 1120 sysbus_mmio_map(sbd_secctl, 1, 0x40080000); 1121 1122 s->nsc_cfg_in = qemu_allocate_irq(nsccfg_handler, s, 1); 1123 qdev_connect_gpio_out_named(dev_secctl, "nsc_cfg", 0, s->nsc_cfg_in); 1124 1125 /* The sec_resp_cfg output from the security controller must be split into 1126 * multiple lines, one for each of the PPCs within the ARMSSE and one 1127 * that will be an output from the ARMSSE to the system. 1128 */ 1129 if (!object_property_set_int(OBJECT(&s->sec_resp_splitter), 1130 "num-lines", 3, errp)) { 1131 return; 1132 } 1133 if (!qdev_realize(DEVICE(&s->sec_resp_splitter), NULL, errp)) { 1134 return; 1135 } 1136 dev_splitter = DEVICE(&s->sec_resp_splitter); 1137 qdev_connect_gpio_out_named(dev_secctl, "sec_resp_cfg", 0, 1138 qdev_get_gpio_in(dev_splitter, 0)); 1139 1140 /* Each SRAM bank lives behind its own Memory Protection Controller */ 1141 for (i = 0; i < info->sram_banks; i++) { 1142 char *ramname = g_strdup_printf("armsse.sram%d", i); 1143 SysBusDevice *sbd_mpc; 1144 uint32_t sram_bank_size = 1 << s->sram_addr_width; 1145 1146 memory_region_init_ram(&s->sram[i], NULL, ramname, 1147 sram_bank_size, &err); 1148 g_free(ramname); 1149 if (err) { 1150 error_propagate(errp, err); 1151 return; 1152 } 1153 object_property_set_link(OBJECT(&s->mpc[i]), "downstream", 1154 OBJECT(&s->sram[i]), &error_abort); 1155 if (!sysbus_realize(SYS_BUS_DEVICE(&s->mpc[i]), errp)) { 1156 return; 1157 } 1158 /* Map the upstream end of the MPC into the right place... */ 1159 sbd_mpc = SYS_BUS_DEVICE(&s->mpc[i]); 1160 memory_region_add_subregion(&s->container, 1161 0x20000000 + i * sram_bank_size, 1162 sysbus_mmio_get_region(sbd_mpc, 1)); 1163 /* ...and its register interface */ 1164 memory_region_add_subregion(&s->container, 0x50083000 + i * 0x1000, 1165 sysbus_mmio_get_region(sbd_mpc, 0)); 1166 } 1167 1168 /* We must OR together lines from the MPC splitters to go to the NVIC */ 1169 if (!object_property_set_int(OBJECT(&s->mpc_irq_orgate), "num-lines", 1170 IOTS_NUM_EXP_MPC + info->sram_banks, 1171 errp)) { 1172 return; 1173 } 1174 if (!qdev_realize(DEVICE(&s->mpc_irq_orgate), NULL, errp)) { 1175 return; 1176 } 1177 qdev_connect_gpio_out(DEVICE(&s->mpc_irq_orgate), 0, 1178 armsse_get_common_irq_in(s, 9)); 1179 1180 /* This OR gate wires together outputs from the secure watchdogs to NMI */ 1181 if (!object_property_set_int(OBJECT(&s->nmi_orgate), "num-lines", 2, 1182 errp)) { 1183 return; 1184 } 1185 if (!qdev_realize(DEVICE(&s->nmi_orgate), NULL, errp)) { 1186 return; 1187 } 1188 qdev_connect_gpio_out(DEVICE(&s->nmi_orgate), 0, 1189 qdev_get_gpio_in_named(DEVICE(&s->armv7m), "NMI", 0)); 1190 1191 /* The SSE-300 has a System Counter / System Timestamp Generator */ 1192 if (info->has_sse_counter) { 1193 SysBusDevice *sbd = SYS_BUS_DEVICE(&s->sse_counter); 1194 1195 qdev_connect_clock_in(DEVICE(sbd), "CLK", s->mainclk); 1196 if (!sysbus_realize(sbd, errp)) { 1197 return; 1198 } 1199 /* 1200 * The control frame is only in the Secure region; 1201 * the status frame is in the NS region (and visible in the 1202 * S region via the alias mapping). 1203 */ 1204 memory_region_add_subregion(&s->container, 0x58100000, 1205 sysbus_mmio_get_region(sbd, 0)); 1206 memory_region_add_subregion(&s->container, 0x48101000, 1207 sysbus_mmio_get_region(sbd, 1)); 1208 } 1209 1210 /* Devices behind APB PPC0: 1211 * 0x40000000: timer0 1212 * 0x40001000: timer1 1213 * 0x40002000: dual timer 1214 * 0x40003000: MHU0 (SSE-200 only) 1215 * 0x40004000: MHU1 (SSE-200 only) 1216 * We must configure and realize each downstream device and connect 1217 * it to the appropriate PPC port; then we can realize the PPC and 1218 * map its upstream ends to the right place in the container. 1219 */ 1220 for (devinfo = info->devinfo; devinfo->name; devinfo++) { 1221 SysBusDevice *sbd; 1222 qemu_irq irq; 1223 1224 if (!strcmp(devinfo->type, TYPE_CMSDK_APB_TIMER)) { 1225 sbd = SYS_BUS_DEVICE(&s->timer[devinfo->index]); 1226 1227 qdev_connect_clock_in(DEVICE(sbd), "pclk", 1228 devinfo->slowclk ? s->s32kclk : s->mainclk); 1229 if (!sysbus_realize(sbd, errp)) { 1230 return; 1231 } 1232 mr = sysbus_mmio_get_region(sbd, 0); 1233 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_DUALTIMER)) { 1234 sbd = SYS_BUS_DEVICE(&s->dualtimer); 1235 1236 qdev_connect_clock_in(DEVICE(sbd), "TIMCLK", s->mainclk); 1237 if (!sysbus_realize(sbd, errp)) { 1238 return; 1239 } 1240 mr = sysbus_mmio_get_region(sbd, 0); 1241 } else if (!strcmp(devinfo->type, TYPE_SSE_TIMER)) { 1242 sbd = SYS_BUS_DEVICE(&s->sse_timer[devinfo->index]); 1243 1244 assert(info->has_sse_counter); 1245 object_property_set_link(OBJECT(sbd), "counter", 1246 OBJECT(&s->sse_counter), &error_abort); 1247 if (!sysbus_realize(sbd, errp)) { 1248 return; 1249 } 1250 mr = sysbus_mmio_get_region(sbd, 0); 1251 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_WATCHDOG)) { 1252 sbd = SYS_BUS_DEVICE(&s->cmsdk_watchdog[devinfo->index]); 1253 1254 qdev_connect_clock_in(DEVICE(sbd), "WDOGCLK", 1255 devinfo->slowclk ? s->s32kclk : s->mainclk); 1256 if (!sysbus_realize(sbd, errp)) { 1257 return; 1258 } 1259 mr = sysbus_mmio_get_region(sbd, 0); 1260 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSINFO)) { 1261 sbd = SYS_BUS_DEVICE(&s->sysinfo); 1262 1263 object_property_set_int(OBJECT(&s->sysinfo), "SYS_VERSION", 1264 info->sys_version, &error_abort); 1265 object_property_set_int(OBJECT(&s->sysinfo), "SYS_CONFIG", 1266 armsse_sys_config_value(s, info), 1267 &error_abort); 1268 object_property_set_int(OBJECT(&s->sysinfo), "sse-version", 1269 info->sse_version, &error_abort); 1270 object_property_set_int(OBJECT(&s->sysinfo), "IIDR", 1271 info->iidr, &error_abort); 1272 if (!sysbus_realize(sbd, errp)) { 1273 return; 1274 } 1275 mr = sysbus_mmio_get_region(sbd, 0); 1276 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSCTL)) { 1277 /* System control registers */ 1278 sbd = SYS_BUS_DEVICE(&s->sysctl); 1279 1280 object_property_set_int(OBJECT(&s->sysctl), "sse-version", 1281 info->sse_version, &error_abort); 1282 object_property_set_int(OBJECT(&s->sysctl), "CPUWAIT_RST", 1283 info->cpuwait_rst, &error_abort); 1284 object_property_set_int(OBJECT(&s->sysctl), "INITSVTOR0_RST", 1285 s->init_svtor, &error_abort); 1286 object_property_set_int(OBJECT(&s->sysctl), "INITSVTOR1_RST", 1287 s->init_svtor, &error_abort); 1288 if (!sysbus_realize(sbd, errp)) { 1289 return; 1290 } 1291 mr = sysbus_mmio_get_region(sbd, 0); 1292 } else if (!strcmp(devinfo->type, TYPE_UNIMPLEMENTED_DEVICE)) { 1293 sbd = SYS_BUS_DEVICE(&s->unimp[devinfo->index]); 1294 1295 qdev_prop_set_string(DEVICE(sbd), "name", devinfo->name); 1296 qdev_prop_set_uint64(DEVICE(sbd), "size", devinfo->size); 1297 if (!sysbus_realize(sbd, errp)) { 1298 return; 1299 } 1300 mr = sysbus_mmio_get_region(sbd, 0); 1301 } else { 1302 g_assert_not_reached(); 1303 } 1304 1305 switch (devinfo->irq) { 1306 case NO_IRQ: 1307 irq = NULL; 1308 break; 1309 case 0 ... NUM_SSE_IRQS - 1: 1310 irq = armsse_get_common_irq_in(s, devinfo->irq); 1311 break; 1312 case NMI_0: 1313 case NMI_1: 1314 irq = qdev_get_gpio_in(DEVICE(&s->nmi_orgate), 1315 devinfo->irq - NMI_0); 1316 break; 1317 default: 1318 g_assert_not_reached(); 1319 } 1320 1321 if (irq) { 1322 sysbus_connect_irq(sbd, 0, irq); 1323 } 1324 1325 /* 1326 * Devices connected to a PPC are connected to the port here; 1327 * we will map the upstream end of that port to the right address 1328 * in the container later after the PPC has been realized. 1329 * Devices not connected to a PPC can be mapped immediately. 1330 */ 1331 if (devinfo->ppc != NO_PPC) { 1332 TZPPC *ppc = &s->apb_ppc[devinfo->ppc]; 1333 g_autofree char *portname = g_strdup_printf("port[%d]", 1334 devinfo->ppc_port); 1335 object_property_set_link(OBJECT(ppc), portname, OBJECT(mr), 1336 &error_abort); 1337 } else { 1338 memory_region_add_subregion(&s->container, devinfo->addr, mr); 1339 } 1340 } 1341 1342 if (info->has_mhus) { 1343 /* 1344 * An SSE-200 with only one CPU should have only one MHU created, 1345 * with the region where the second MHU usually is being RAZ/WI. 1346 * We don't implement that SSE-200 config; if we want to support 1347 * it then this code needs to be enhanced to handle creating the 1348 * RAZ/WI region instead of the second MHU. 1349 */ 1350 assert(info->num_cpus == ARRAY_SIZE(s->mhu)); 1351 1352 for (i = 0; i < ARRAY_SIZE(s->mhu); i++) { 1353 char *port; 1354 int cpunum; 1355 SysBusDevice *mhu_sbd = SYS_BUS_DEVICE(&s->mhu[i]); 1356 1357 if (!sysbus_realize(SYS_BUS_DEVICE(&s->mhu[i]), errp)) { 1358 return; 1359 } 1360 port = g_strdup_printf("port[%d]", i + 3); 1361 mr = sysbus_mmio_get_region(mhu_sbd, 0); 1362 object_property_set_link(OBJECT(&s->apb_ppc[0]), port, OBJECT(mr), 1363 &error_abort); 1364 g_free(port); 1365 1366 /* 1367 * Each MHU has an irq line for each CPU: 1368 * MHU 0 irq line 0 -> CPU 0 IRQ 6 1369 * MHU 0 irq line 1 -> CPU 1 IRQ 6 1370 * MHU 1 irq line 0 -> CPU 0 IRQ 7 1371 * MHU 1 irq line 1 -> CPU 1 IRQ 7 1372 */ 1373 for (cpunum = 0; cpunum < info->num_cpus; cpunum++) { 1374 DeviceState *cpudev = DEVICE(&s->armv7m[cpunum]); 1375 1376 sysbus_connect_irq(mhu_sbd, cpunum, 1377 qdev_get_gpio_in(cpudev, 6 + i)); 1378 } 1379 } 1380 } 1381 1382 if (!sysbus_realize(SYS_BUS_DEVICE(&s->apb_ppc[0]), errp)) { 1383 return; 1384 } 1385 1386 sbd_apb_ppc0 = SYS_BUS_DEVICE(&s->apb_ppc[0]); 1387 dev_apb_ppc0 = DEVICE(&s->apb_ppc[0]); 1388 1389 if (info->has_mhus) { 1390 mr = sysbus_mmio_get_region(sbd_apb_ppc0, 3); 1391 memory_region_add_subregion(&s->container, 0x40003000, mr); 1392 mr = sysbus_mmio_get_region(sbd_apb_ppc0, 4); 1393 memory_region_add_subregion(&s->container, 0x40004000, mr); 1394 } 1395 for (i = 0; i < IOTS_APB_PPC0_NUM_PORTS; i++) { 1396 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_nonsec", i, 1397 qdev_get_gpio_in_named(dev_apb_ppc0, 1398 "cfg_nonsec", i)); 1399 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_ap", i, 1400 qdev_get_gpio_in_named(dev_apb_ppc0, 1401 "cfg_ap", i)); 1402 } 1403 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_enable", 0, 1404 qdev_get_gpio_in_named(dev_apb_ppc0, 1405 "irq_enable", 0)); 1406 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_clear", 0, 1407 qdev_get_gpio_in_named(dev_apb_ppc0, 1408 "irq_clear", 0)); 1409 qdev_connect_gpio_out(dev_splitter, 0, 1410 qdev_get_gpio_in_named(dev_apb_ppc0, 1411 "cfg_sec_resp", 0)); 1412 1413 /* All the PPC irq lines (from the 2 internal PPCs and the 8 external 1414 * ones) are sent individually to the security controller, and also 1415 * ORed together to give a single combined PPC interrupt to the NVIC. 1416 */ 1417 if (!object_property_set_int(OBJECT(&s->ppc_irq_orgate), 1418 "num-lines", NUM_PPCS, errp)) { 1419 return; 1420 } 1421 if (!qdev_realize(DEVICE(&s->ppc_irq_orgate), NULL, errp)) { 1422 return; 1423 } 1424 qdev_connect_gpio_out(DEVICE(&s->ppc_irq_orgate), 0, 1425 armsse_get_common_irq_in(s, 10)); 1426 1427 /* 1428 * 0x40010000 .. 0x4001ffff (and the 0x5001000... secure-only alias): 1429 * private per-CPU region (all these devices are SSE-200 only): 1430 * 0x50010000: L1 icache control registers 1431 * 0x50011000: CPUSECCTRL (CPU local security control registers) 1432 * 0x4001f000 and 0x5001f000: CPU_IDENTITY register block 1433 * The SSE-300 has an extra: 1434 * 0x40012000 and 0x50012000: CPU_PWRCTRL register block 1435 */ 1436 if (info->has_cachectrl) { 1437 for (i = 0; i < info->num_cpus; i++) { 1438 char *name = g_strdup_printf("cachectrl%d", i); 1439 MemoryRegion *mr; 1440 1441 qdev_prop_set_string(DEVICE(&s->cachectrl[i]), "name", name); 1442 g_free(name); 1443 qdev_prop_set_uint64(DEVICE(&s->cachectrl[i]), "size", 0x1000); 1444 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cachectrl[i]), errp)) { 1445 return; 1446 } 1447 1448 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cachectrl[i]), 0); 1449 memory_region_add_subregion(&s->cpu_container[i], 0x50010000, mr); 1450 } 1451 } 1452 if (info->has_cpusecctrl) { 1453 for (i = 0; i < info->num_cpus; i++) { 1454 char *name = g_strdup_printf("CPUSECCTRL%d", i); 1455 MemoryRegion *mr; 1456 1457 qdev_prop_set_string(DEVICE(&s->cpusecctrl[i]), "name", name); 1458 g_free(name); 1459 qdev_prop_set_uint64(DEVICE(&s->cpusecctrl[i]), "size", 0x1000); 1460 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpusecctrl[i]), errp)) { 1461 return; 1462 } 1463 1464 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpusecctrl[i]), 0); 1465 memory_region_add_subregion(&s->cpu_container[i], 0x50011000, mr); 1466 } 1467 } 1468 if (info->has_cpuid) { 1469 for (i = 0; i < info->num_cpus; i++) { 1470 MemoryRegion *mr; 1471 1472 qdev_prop_set_uint32(DEVICE(&s->cpuid[i]), "CPUID", i); 1473 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpuid[i]), errp)) { 1474 return; 1475 } 1476 1477 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpuid[i]), 0); 1478 memory_region_add_subregion(&s->cpu_container[i], 0x4001F000, mr); 1479 } 1480 } 1481 if (info->has_cpu_pwrctrl) { 1482 for (i = 0; i < info->num_cpus; i++) { 1483 MemoryRegion *mr; 1484 1485 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpu_pwrctrl[i]), errp)) { 1486 return; 1487 } 1488 1489 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpu_pwrctrl[i]), 0); 1490 memory_region_add_subregion(&s->cpu_container[i], 0x40012000, mr); 1491 } 1492 } 1493 1494 if (!sysbus_realize(SYS_BUS_DEVICE(&s->apb_ppc[1]), errp)) { 1495 return; 1496 } 1497 1498 dev_apb_ppc1 = DEVICE(&s->apb_ppc[1]); 1499 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_nonsec", 0, 1500 qdev_get_gpio_in_named(dev_apb_ppc1, 1501 "cfg_nonsec", 0)); 1502 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_ap", 0, 1503 qdev_get_gpio_in_named(dev_apb_ppc1, 1504 "cfg_ap", 0)); 1505 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_enable", 0, 1506 qdev_get_gpio_in_named(dev_apb_ppc1, 1507 "irq_enable", 0)); 1508 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_clear", 0, 1509 qdev_get_gpio_in_named(dev_apb_ppc1, 1510 "irq_clear", 0)); 1511 qdev_connect_gpio_out(dev_splitter, 1, 1512 qdev_get_gpio_in_named(dev_apb_ppc1, 1513 "cfg_sec_resp", 0)); 1514 1515 /* 1516 * Now both PPCs are realized we can map the upstream ends of 1517 * ports which correspond to entries in the devinfo array. 1518 * The ports which are connected to non-devinfo devices have 1519 * already been mapped. 1520 */ 1521 for (devinfo = info->devinfo; devinfo->name; devinfo++) { 1522 SysBusDevice *ppc_sbd; 1523 1524 if (devinfo->ppc == NO_PPC) { 1525 continue; 1526 } 1527 ppc_sbd = SYS_BUS_DEVICE(&s->apb_ppc[devinfo->ppc]); 1528 mr = sysbus_mmio_get_region(ppc_sbd, devinfo->ppc_port); 1529 memory_region_add_subregion(&s->container, devinfo->addr, mr); 1530 } 1531 1532 for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) { 1533 Object *splitter = OBJECT(&s->ppc_irq_splitter[i]); 1534 1535 if (!object_property_set_int(splitter, "num-lines", 2, errp)) { 1536 return; 1537 } 1538 if (!qdev_realize(DEVICE(splitter), NULL, errp)) { 1539 return; 1540 } 1541 } 1542 1543 for (i = 0; i < IOTS_NUM_AHB_EXP_PPC; i++) { 1544 char *ppcname = g_strdup_printf("ahb_ppcexp%d", i); 1545 1546 armsse_forward_ppc(s, ppcname, i); 1547 g_free(ppcname); 1548 } 1549 1550 for (i = 0; i < IOTS_NUM_APB_EXP_PPC; i++) { 1551 char *ppcname = g_strdup_printf("apb_ppcexp%d", i); 1552 1553 armsse_forward_ppc(s, ppcname, i + IOTS_NUM_AHB_EXP_PPC); 1554 g_free(ppcname); 1555 } 1556 1557 for (i = NUM_EXTERNAL_PPCS; i < NUM_PPCS; i++) { 1558 /* Wire up IRQ splitter for internal PPCs */ 1559 DeviceState *devs = DEVICE(&s->ppc_irq_splitter[i]); 1560 char *gpioname = g_strdup_printf("apb_ppc%d_irq_status", 1561 i - NUM_EXTERNAL_PPCS); 1562 TZPPC *ppc = &s->apb_ppc[i - NUM_EXTERNAL_PPCS]; 1563 1564 qdev_connect_gpio_out(devs, 0, 1565 qdev_get_gpio_in_named(dev_secctl, gpioname, 0)); 1566 qdev_connect_gpio_out(devs, 1, 1567 qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), i)); 1568 qdev_connect_gpio_out_named(DEVICE(ppc), "irq", 0, 1569 qdev_get_gpio_in(devs, 0)); 1570 g_free(gpioname); 1571 } 1572 1573 /* Wire up the splitters for the MPC IRQs */ 1574 for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) { 1575 SplitIRQ *splitter = &s->mpc_irq_splitter[i]; 1576 DeviceState *dev_splitter = DEVICE(splitter); 1577 1578 if (!object_property_set_int(OBJECT(splitter), "num-lines", 2, 1579 errp)) { 1580 return; 1581 } 1582 if (!qdev_realize(DEVICE(splitter), NULL, errp)) { 1583 return; 1584 } 1585 1586 if (i < IOTS_NUM_EXP_MPC) { 1587 /* Splitter input is from GPIO input line */ 1588 s->mpcexp_status_in[i] = qdev_get_gpio_in(dev_splitter, 0); 1589 qdev_connect_gpio_out(dev_splitter, 0, 1590 qdev_get_gpio_in_named(dev_secctl, 1591 "mpcexp_status", i)); 1592 } else { 1593 /* Splitter input is from our own MPC */ 1594 qdev_connect_gpio_out_named(DEVICE(&s->mpc[i - IOTS_NUM_EXP_MPC]), 1595 "irq", 0, 1596 qdev_get_gpio_in(dev_splitter, 0)); 1597 qdev_connect_gpio_out(dev_splitter, 0, 1598 qdev_get_gpio_in_named(dev_secctl, 1599 "mpc_status", 1600 i - IOTS_NUM_EXP_MPC)); 1601 } 1602 1603 qdev_connect_gpio_out(dev_splitter, 1, 1604 qdev_get_gpio_in(DEVICE(&s->mpc_irq_orgate), i)); 1605 } 1606 /* Create GPIO inputs which will pass the line state for our 1607 * mpcexp_irq inputs to the correct splitter devices. 1608 */ 1609 qdev_init_gpio_in_named(dev, armsse_mpcexp_status, "mpcexp_status", 1610 IOTS_NUM_EXP_MPC); 1611 1612 armsse_forward_sec_resp_cfg(s); 1613 1614 /* Forward the MSC related signals */ 1615 qdev_pass_gpios(dev_secctl, dev, "mscexp_status"); 1616 qdev_pass_gpios(dev_secctl, dev, "mscexp_clear"); 1617 qdev_pass_gpios(dev_secctl, dev, "mscexp_ns"); 1618 qdev_connect_gpio_out_named(dev_secctl, "msc_irq", 0, 1619 armsse_get_common_irq_in(s, 11)); 1620 1621 /* 1622 * Expose our container region to the board model; this corresponds 1623 * to the AHB Slave Expansion ports which allow bus master devices 1624 * (eg DMA controllers) in the board model to make transactions into 1625 * devices in the ARMSSE. 1626 */ 1627 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->container); 1628 1629 /* Set initial system_clock_scale from MAINCLK */ 1630 armsse_mainclk_update(s, ClockUpdate); 1631 } 1632 1633 static void armsse_idau_check(IDAUInterface *ii, uint32_t address, 1634 int *iregion, bool *exempt, bool *ns, bool *nsc) 1635 { 1636 /* 1637 * For ARMSSE systems the IDAU responses are simple logical functions 1638 * of the address bits. The NSC attribute is guest-adjustable via the 1639 * NSCCFG register in the security controller. 1640 */ 1641 ARMSSE *s = ARM_SSE(ii); 1642 int region = extract32(address, 28, 4); 1643 1644 *ns = !(region & 1); 1645 *nsc = (region == 1 && (s->nsccfg & 1)) || (region == 3 && (s->nsccfg & 2)); 1646 /* 0xe0000000..0xe00fffff and 0xf0000000..0xf00fffff are exempt */ 1647 *exempt = (address & 0xeff00000) == 0xe0000000; 1648 *iregion = region; 1649 } 1650 1651 static const VMStateDescription armsse_vmstate = { 1652 .name = "iotkit", 1653 .version_id = 2, 1654 .minimum_version_id = 2, 1655 .fields = (VMStateField[]) { 1656 VMSTATE_CLOCK(mainclk, ARMSSE), 1657 VMSTATE_CLOCK(s32kclk, ARMSSE), 1658 VMSTATE_UINT32(nsccfg, ARMSSE), 1659 VMSTATE_END_OF_LIST() 1660 } 1661 }; 1662 1663 static void armsse_reset(DeviceState *dev) 1664 { 1665 ARMSSE *s = ARM_SSE(dev); 1666 1667 s->nsccfg = 0; 1668 } 1669 1670 static void armsse_class_init(ObjectClass *klass, void *data) 1671 { 1672 DeviceClass *dc = DEVICE_CLASS(klass); 1673 IDAUInterfaceClass *iic = IDAU_INTERFACE_CLASS(klass); 1674 ARMSSEClass *asc = ARM_SSE_CLASS(klass); 1675 const ARMSSEInfo *info = data; 1676 1677 dc->realize = armsse_realize; 1678 dc->vmsd = &armsse_vmstate; 1679 device_class_set_props(dc, info->props); 1680 dc->reset = armsse_reset; 1681 iic->check = armsse_idau_check; 1682 asc->info = info; 1683 } 1684 1685 static const TypeInfo armsse_info = { 1686 .name = TYPE_ARM_SSE, 1687 .parent = TYPE_SYS_BUS_DEVICE, 1688 .instance_size = sizeof(ARMSSE), 1689 .class_size = sizeof(ARMSSEClass), 1690 .instance_init = armsse_init, 1691 .abstract = true, 1692 .interfaces = (InterfaceInfo[]) { 1693 { TYPE_IDAU_INTERFACE }, 1694 { } 1695 } 1696 }; 1697 1698 static void armsse_register_types(void) 1699 { 1700 int i; 1701 1702 type_register_static(&armsse_info); 1703 1704 for (i = 0; i < ARRAY_SIZE(armsse_variants); i++) { 1705 TypeInfo ti = { 1706 .name = armsse_variants[i].name, 1707 .parent = TYPE_ARM_SSE, 1708 .class_init = armsse_class_init, 1709 .class_data = (void *)&armsse_variants[i], 1710 }; 1711 type_register(&ti); 1712 } 1713 } 1714 1715 type_init(armsse_register_types); 1716