1 /* 2 * Arm SSE (Subsystems for Embedded): IoTKit 3 * 4 * Copyright (c) 2018 Linaro Limited 5 * Written by Peter Maydell 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 or 9 * (at your option) any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "qemu/log.h" 14 #include "qemu/module.h" 15 #include "qemu/bitops.h" 16 #include "qapi/error.h" 17 #include "trace.h" 18 #include "hw/sysbus.h" 19 #include "migration/vmstate.h" 20 #include "hw/registerfields.h" 21 #include "hw/arm/armsse.h" 22 #include "hw/arm/armsse-version.h" 23 #include "hw/arm/boot.h" 24 #include "hw/irq.h" 25 #include "hw/qdev-clock.h" 26 27 /* 28 * The SSE-300 puts some devices in different places to the 29 * SSE-200 (and original IoTKit). We use an array of these structs 30 * to define how each variant lays out these devices. (Parts of the 31 * SoC that are the same for all variants aren't handled via these 32 * data structures.) 33 */ 34 35 #define NO_IRQ -1 36 #define NO_PPC -1 37 /* 38 * Special values for ARMSSEDeviceInfo::irq to indicate that this 39 * device uses one of the inputs to the OR gate that feeds into the 40 * CPU NMI input. 41 */ 42 #define NMI_0 10000 43 #define NMI_1 10001 44 45 typedef struct ARMSSEDeviceInfo { 46 const char *name; /* name to use for the QOM object; NULL terminates list */ 47 const char *type; /* QOM type name */ 48 unsigned int index; /* Which of the N devices of this type is this ? */ 49 hwaddr addr; 50 hwaddr size; /* only needed for TYPE_UNIMPLEMENTED_DEVICE */ 51 int ppc; /* Index of APB PPC this device is wired up to, or NO_PPC */ 52 int ppc_port; /* Port number of this device on the PPC */ 53 int irq; /* NO_IRQ, or 0..NUM_SSE_IRQS-1, or NMI_0 or NMI_1 */ 54 bool slowclk; /* true if device uses the slow 32KHz clock */ 55 } ARMSSEDeviceInfo; 56 57 struct ARMSSEInfo { 58 const char *name; 59 uint32_t sse_version; 60 int sram_banks; 61 int num_cpus; 62 uint32_t sys_version; 63 uint32_t iidr; 64 uint32_t cpuwait_rst; 65 bool has_mhus; 66 bool has_cachectrl; 67 bool has_cpusecctrl; 68 bool has_cpuid; 69 bool has_sse_counter; 70 Property *props; 71 const ARMSSEDeviceInfo *devinfo; 72 const bool *irq_is_common; 73 }; 74 75 static Property iotkit_properties[] = { 76 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION, 77 MemoryRegion *), 78 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64), 79 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15), 80 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000), 81 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], true), 82 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], true), 83 DEFINE_PROP_END_OF_LIST() 84 }; 85 86 static Property armsse_properties[] = { 87 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION, 88 MemoryRegion *), 89 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64), 90 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15), 91 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000), 92 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], false), 93 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], false), 94 DEFINE_PROP_BOOL("CPU1_FPU", ARMSSE, cpu_fpu[1], true), 95 DEFINE_PROP_BOOL("CPU1_DSP", ARMSSE, cpu_dsp[1], true), 96 DEFINE_PROP_END_OF_LIST() 97 }; 98 99 static const ARMSSEDeviceInfo iotkit_devices[] = { 100 { 101 .name = "timer0", 102 .type = TYPE_CMSDK_APB_TIMER, 103 .index = 0, 104 .addr = 0x40000000, 105 .ppc = 0, 106 .ppc_port = 0, 107 .irq = 3, 108 }, 109 { 110 .name = "timer1", 111 .type = TYPE_CMSDK_APB_TIMER, 112 .index = 1, 113 .addr = 0x40001000, 114 .ppc = 0, 115 .ppc_port = 1, 116 .irq = 4, 117 }, 118 { 119 .name = "s32ktimer", 120 .type = TYPE_CMSDK_APB_TIMER, 121 .index = 2, 122 .addr = 0x4002f000, 123 .ppc = 1, 124 .ppc_port = 0, 125 .irq = 2, 126 .slowclk = true, 127 }, 128 { 129 .name = "dualtimer", 130 .type = TYPE_CMSDK_APB_DUALTIMER, 131 .index = 0, 132 .addr = 0x40002000, 133 .ppc = 0, 134 .ppc_port = 2, 135 .irq = 5, 136 }, 137 { 138 .name = "s32kwatchdog", 139 .type = TYPE_CMSDK_APB_WATCHDOG, 140 .index = 0, 141 .addr = 0x5002e000, 142 .ppc = NO_PPC, 143 .irq = NMI_0, 144 .slowclk = true, 145 }, 146 { 147 .name = "nswatchdog", 148 .type = TYPE_CMSDK_APB_WATCHDOG, 149 .index = 1, 150 .addr = 0x40081000, 151 .ppc = NO_PPC, 152 .irq = 1, 153 }, 154 { 155 .name = "swatchdog", 156 .type = TYPE_CMSDK_APB_WATCHDOG, 157 .index = 2, 158 .addr = 0x50081000, 159 .ppc = NO_PPC, 160 .irq = NMI_1, 161 }, 162 { 163 .name = "armsse-sysinfo", 164 .type = TYPE_IOTKIT_SYSINFO, 165 .index = 0, 166 .addr = 0x40020000, 167 .ppc = NO_PPC, 168 .irq = NO_IRQ, 169 }, 170 { 171 .name = "armsse-sysctl", 172 .type = TYPE_IOTKIT_SYSCTL, 173 .index = 0, 174 .addr = 0x50021000, 175 .ppc = NO_PPC, 176 .irq = NO_IRQ, 177 }, 178 { 179 .name = NULL, 180 } 181 }; 182 183 static const ARMSSEDeviceInfo sse200_devices[] = { 184 { 185 .name = "timer0", 186 .type = TYPE_CMSDK_APB_TIMER, 187 .index = 0, 188 .addr = 0x40000000, 189 .ppc = 0, 190 .ppc_port = 0, 191 .irq = 3, 192 }, 193 { 194 .name = "timer1", 195 .type = TYPE_CMSDK_APB_TIMER, 196 .index = 1, 197 .addr = 0x40001000, 198 .ppc = 0, 199 .ppc_port = 1, 200 .irq = 4, 201 }, 202 { 203 .name = "s32ktimer", 204 .type = TYPE_CMSDK_APB_TIMER, 205 .index = 2, 206 .addr = 0x4002f000, 207 .ppc = 1, 208 .ppc_port = 0, 209 .irq = 2, 210 .slowclk = true, 211 }, 212 { 213 .name = "dualtimer", 214 .type = TYPE_CMSDK_APB_DUALTIMER, 215 .index = 0, 216 .addr = 0x40002000, 217 .ppc = 0, 218 .ppc_port = 2, 219 .irq = 5, 220 }, 221 { 222 .name = "s32kwatchdog", 223 .type = TYPE_CMSDK_APB_WATCHDOG, 224 .index = 0, 225 .addr = 0x5002e000, 226 .ppc = NO_PPC, 227 .irq = NMI_0, 228 .slowclk = true, 229 }, 230 { 231 .name = "nswatchdog", 232 .type = TYPE_CMSDK_APB_WATCHDOG, 233 .index = 1, 234 .addr = 0x40081000, 235 .ppc = NO_PPC, 236 .irq = 1, 237 }, 238 { 239 .name = "swatchdog", 240 .type = TYPE_CMSDK_APB_WATCHDOG, 241 .index = 2, 242 .addr = 0x50081000, 243 .ppc = NO_PPC, 244 .irq = NMI_1, 245 }, 246 { 247 .name = "armsse-sysinfo", 248 .type = TYPE_IOTKIT_SYSINFO, 249 .index = 0, 250 .addr = 0x40020000, 251 .ppc = NO_PPC, 252 .irq = NO_IRQ, 253 }, 254 { 255 .name = "armsse-sysctl", 256 .type = TYPE_IOTKIT_SYSCTL, 257 .index = 0, 258 .addr = 0x50021000, 259 .ppc = NO_PPC, 260 .irq = NO_IRQ, 261 }, 262 { 263 .name = "CPU0CORE_PPU", 264 .type = TYPE_UNIMPLEMENTED_DEVICE, 265 .index = 0, 266 .addr = 0x50023000, 267 .size = 0x1000, 268 .ppc = NO_PPC, 269 .irq = NO_IRQ, 270 }, 271 { 272 .name = "CPU1CORE_PPU", 273 .type = TYPE_UNIMPLEMENTED_DEVICE, 274 .index = 1, 275 .addr = 0x50025000, 276 .size = 0x1000, 277 .ppc = NO_PPC, 278 .irq = NO_IRQ, 279 }, 280 { 281 .name = "DBG_PPU", 282 .type = TYPE_UNIMPLEMENTED_DEVICE, 283 .index = 2, 284 .addr = 0x50029000, 285 .size = 0x1000, 286 .ppc = NO_PPC, 287 .irq = NO_IRQ, 288 }, 289 { 290 .name = "RAM0_PPU", 291 .type = TYPE_UNIMPLEMENTED_DEVICE, 292 .index = 3, 293 .addr = 0x5002a000, 294 .size = 0x1000, 295 .ppc = NO_PPC, 296 .irq = NO_IRQ, 297 }, 298 { 299 .name = "RAM1_PPU", 300 .type = TYPE_UNIMPLEMENTED_DEVICE, 301 .index = 4, 302 .addr = 0x5002b000, 303 .size = 0x1000, 304 .ppc = NO_PPC, 305 .irq = NO_IRQ, 306 }, 307 { 308 .name = "RAM2_PPU", 309 .type = TYPE_UNIMPLEMENTED_DEVICE, 310 .index = 5, 311 .addr = 0x5002c000, 312 .size = 0x1000, 313 .ppc = NO_PPC, 314 .irq = NO_IRQ, 315 }, 316 { 317 .name = "RAM3_PPU", 318 .type = TYPE_UNIMPLEMENTED_DEVICE, 319 .index = 6, 320 .addr = 0x5002d000, 321 .size = 0x1000, 322 .ppc = NO_PPC, 323 .irq = NO_IRQ, 324 }, 325 { 326 .name = "SYS_PPU", 327 .type = TYPE_UNIMPLEMENTED_DEVICE, 328 .index = 7, 329 .addr = 0x50022000, 330 .size = 0x1000, 331 .ppc = NO_PPC, 332 .irq = NO_IRQ, 333 }, 334 { 335 .name = NULL, 336 } 337 }; 338 339 /* Is internal IRQ n shared between CPUs in a multi-core SSE ? */ 340 static const bool sse200_irq_is_common[32] = { 341 [0 ... 5] = true, 342 /* 6, 7: per-CPU MHU interrupts */ 343 [8 ... 12] = true, 344 /* 13: per-CPU icache interrupt */ 345 /* 14: reserved */ 346 [15 ... 20] = true, 347 /* 21: reserved */ 348 [22 ... 26] = true, 349 /* 27: reserved */ 350 /* 28, 29: per-CPU CTI interrupts */ 351 /* 30, 31: reserved */ 352 }; 353 354 static const ARMSSEInfo armsse_variants[] = { 355 { 356 .name = TYPE_IOTKIT, 357 .sse_version = ARMSSE_IOTKIT, 358 .sram_banks = 1, 359 .num_cpus = 1, 360 .sys_version = 0x41743, 361 .iidr = 0, 362 .cpuwait_rst = 0, 363 .has_mhus = false, 364 .has_cachectrl = false, 365 .has_cpusecctrl = false, 366 .has_cpuid = false, 367 .has_sse_counter = false, 368 .props = iotkit_properties, 369 .devinfo = iotkit_devices, 370 .irq_is_common = sse200_irq_is_common, 371 }, 372 { 373 .name = TYPE_SSE200, 374 .sse_version = ARMSSE_SSE200, 375 .sram_banks = 4, 376 .num_cpus = 2, 377 .sys_version = 0x22041743, 378 .iidr = 0, 379 .cpuwait_rst = 2, 380 .has_mhus = true, 381 .has_cachectrl = true, 382 .has_cpusecctrl = true, 383 .has_cpuid = true, 384 .has_sse_counter = false, 385 .props = armsse_properties, 386 .devinfo = sse200_devices, 387 .irq_is_common = sse200_irq_is_common, 388 }, 389 }; 390 391 static uint32_t armsse_sys_config_value(ARMSSE *s, const ARMSSEInfo *info) 392 { 393 /* Return the SYS_CONFIG value for this SSE */ 394 uint32_t sys_config; 395 396 switch (info->sse_version) { 397 case ARMSSE_IOTKIT: 398 sys_config = 0; 399 sys_config = deposit32(sys_config, 0, 4, info->sram_banks); 400 sys_config = deposit32(sys_config, 4, 4, s->sram_addr_width - 12); 401 break; 402 case ARMSSE_SSE200: 403 sys_config = 0; 404 sys_config = deposit32(sys_config, 0, 4, info->sram_banks); 405 sys_config = deposit32(sys_config, 4, 5, s->sram_addr_width); 406 sys_config = deposit32(sys_config, 24, 4, 2); 407 if (info->num_cpus > 1) { 408 sys_config = deposit32(sys_config, 10, 1, 1); 409 sys_config = deposit32(sys_config, 20, 4, info->sram_banks - 1); 410 sys_config = deposit32(sys_config, 28, 4, 2); 411 } 412 break; 413 case ARMSSE_SSE300: 414 sys_config = 0; 415 sys_config = deposit32(sys_config, 0, 4, info->sram_banks); 416 sys_config = deposit32(sys_config, 4, 5, s->sram_addr_width); 417 sys_config = deposit32(sys_config, 16, 3, 3); /* CPU0 = Cortex-M55 */ 418 break; 419 default: 420 g_assert_not_reached(); 421 } 422 return sys_config; 423 } 424 425 /* Clock frequency in HZ of the 32KHz "slow clock" */ 426 #define S32KCLK (32 * 1000) 427 428 /* 429 * Create an alias region in @container of @size bytes starting at @base 430 * which mirrors the memory starting at @orig. 431 */ 432 static void make_alias(ARMSSE *s, MemoryRegion *mr, MemoryRegion *container, 433 const char *name, hwaddr base, hwaddr size, hwaddr orig) 434 { 435 memory_region_init_alias(mr, NULL, name, container, orig, size); 436 /* The alias is even lower priority than unimplemented_device regions */ 437 memory_region_add_subregion_overlap(container, base, mr, -1500); 438 } 439 440 static void irq_status_forwarder(void *opaque, int n, int level) 441 { 442 qemu_irq destirq = opaque; 443 444 qemu_set_irq(destirq, level); 445 } 446 447 static void nsccfg_handler(void *opaque, int n, int level) 448 { 449 ARMSSE *s = ARM_SSE(opaque); 450 451 s->nsccfg = level; 452 } 453 454 static void armsse_forward_ppc(ARMSSE *s, const char *ppcname, int ppcnum) 455 { 456 /* Each of the 4 AHB and 4 APB PPCs that might be present in a 457 * system using the ARMSSE has a collection of control lines which 458 * are provided by the security controller and which we want to 459 * expose as control lines on the ARMSSE device itself, so the 460 * code using the ARMSSE can wire them up to the PPCs. 461 */ 462 SplitIRQ *splitter = &s->ppc_irq_splitter[ppcnum]; 463 DeviceState *armssedev = DEVICE(s); 464 DeviceState *dev_secctl = DEVICE(&s->secctl); 465 DeviceState *dev_splitter = DEVICE(splitter); 466 char *name; 467 468 name = g_strdup_printf("%s_nonsec", ppcname); 469 qdev_pass_gpios(dev_secctl, armssedev, name); 470 g_free(name); 471 name = g_strdup_printf("%s_ap", ppcname); 472 qdev_pass_gpios(dev_secctl, armssedev, name); 473 g_free(name); 474 name = g_strdup_printf("%s_irq_enable", ppcname); 475 qdev_pass_gpios(dev_secctl, armssedev, name); 476 g_free(name); 477 name = g_strdup_printf("%s_irq_clear", ppcname); 478 qdev_pass_gpios(dev_secctl, armssedev, name); 479 g_free(name); 480 481 /* irq_status is a little more tricky, because we need to 482 * split it so we can send it both to the security controller 483 * and to our OR gate for the NVIC interrupt line. 484 * Connect up the splitter's outputs, and create a GPIO input 485 * which will pass the line state to the input splitter. 486 */ 487 name = g_strdup_printf("%s_irq_status", ppcname); 488 qdev_connect_gpio_out(dev_splitter, 0, 489 qdev_get_gpio_in_named(dev_secctl, 490 name, 0)); 491 qdev_connect_gpio_out(dev_splitter, 1, 492 qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), ppcnum)); 493 s->irq_status_in[ppcnum] = qdev_get_gpio_in(dev_splitter, 0); 494 qdev_init_gpio_in_named_with_opaque(armssedev, irq_status_forwarder, 495 s->irq_status_in[ppcnum], name, 1); 496 g_free(name); 497 } 498 499 static void armsse_forward_sec_resp_cfg(ARMSSE *s) 500 { 501 /* Forward the 3rd output from the splitter device as a 502 * named GPIO output of the armsse object. 503 */ 504 DeviceState *dev = DEVICE(s); 505 DeviceState *dev_splitter = DEVICE(&s->sec_resp_splitter); 506 507 qdev_init_gpio_out_named(dev, &s->sec_resp_cfg, "sec_resp_cfg", 1); 508 s->sec_resp_cfg_in = qemu_allocate_irq(irq_status_forwarder, 509 s->sec_resp_cfg, 1); 510 qdev_connect_gpio_out(dev_splitter, 2, s->sec_resp_cfg_in); 511 } 512 513 static void armsse_mainclk_update(void *opaque, ClockEvent event) 514 { 515 ARMSSE *s = ARM_SSE(opaque); 516 517 /* 518 * Set system_clock_scale from our Clock input; this is what 519 * controls the tick rate of the CPU SysTick timer. 520 */ 521 system_clock_scale = clock_ticks_to_ns(s->mainclk, 1); 522 } 523 524 static void armsse_init(Object *obj) 525 { 526 ARMSSE *s = ARM_SSE(obj); 527 ARMSSEClass *asc = ARM_SSE_GET_CLASS(obj); 528 const ARMSSEInfo *info = asc->info; 529 const ARMSSEDeviceInfo *devinfo; 530 int i; 531 532 assert(info->sram_banks <= MAX_SRAM_BANKS); 533 assert(info->num_cpus <= SSE_MAX_CPUS); 534 535 s->mainclk = qdev_init_clock_in(DEVICE(s), "MAINCLK", 536 armsse_mainclk_update, s, ClockUpdate); 537 s->s32kclk = qdev_init_clock_in(DEVICE(s), "S32KCLK", NULL, NULL, 0); 538 539 memory_region_init(&s->container, obj, "armsse-container", UINT64_MAX); 540 541 for (i = 0; i < info->num_cpus; i++) { 542 /* 543 * We put each CPU in its own cluster as they are logically 544 * distinct and may be configured differently. 545 */ 546 char *name; 547 548 name = g_strdup_printf("cluster%d", i); 549 object_initialize_child(obj, name, &s->cluster[i], TYPE_CPU_CLUSTER); 550 qdev_prop_set_uint32(DEVICE(&s->cluster[i]), "cluster-id", i); 551 g_free(name); 552 553 name = g_strdup_printf("armv7m%d", i); 554 object_initialize_child(OBJECT(&s->cluster[i]), name, &s->armv7m[i], 555 TYPE_ARMV7M); 556 qdev_prop_set_string(DEVICE(&s->armv7m[i]), "cpu-type", 557 ARM_CPU_TYPE_NAME("cortex-m33")); 558 g_free(name); 559 name = g_strdup_printf("arm-sse-cpu-container%d", i); 560 memory_region_init(&s->cpu_container[i], obj, name, UINT64_MAX); 561 g_free(name); 562 if (i > 0) { 563 name = g_strdup_printf("arm-sse-container-alias%d", i); 564 memory_region_init_alias(&s->container_alias[i - 1], obj, 565 name, &s->container, 0, UINT64_MAX); 566 g_free(name); 567 } 568 } 569 570 for (devinfo = info->devinfo; devinfo->name; devinfo++) { 571 assert(devinfo->ppc == NO_PPC || devinfo->ppc < ARRAY_SIZE(s->apb_ppc)); 572 if (!strcmp(devinfo->type, TYPE_CMSDK_APB_TIMER)) { 573 assert(devinfo->index < ARRAY_SIZE(s->timer)); 574 object_initialize_child(obj, devinfo->name, 575 &s->timer[devinfo->index], 576 TYPE_CMSDK_APB_TIMER); 577 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_DUALTIMER)) { 578 assert(devinfo->index == 0); 579 object_initialize_child(obj, devinfo->name, &s->dualtimer, 580 TYPE_CMSDK_APB_DUALTIMER); 581 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_WATCHDOG)) { 582 assert(devinfo->index < ARRAY_SIZE(s->cmsdk_watchdog)); 583 object_initialize_child(obj, devinfo->name, 584 &s->cmsdk_watchdog[devinfo->index], 585 TYPE_CMSDK_APB_WATCHDOG); 586 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSINFO)) { 587 assert(devinfo->index == 0); 588 object_initialize_child(obj, devinfo->name, &s->sysinfo, 589 TYPE_IOTKIT_SYSINFO); 590 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSCTL)) { 591 assert(devinfo->index == 0); 592 object_initialize_child(obj, devinfo->name, &s->sysctl, 593 TYPE_IOTKIT_SYSCTL); 594 } else if (!strcmp(devinfo->type, TYPE_UNIMPLEMENTED_DEVICE)) { 595 assert(devinfo->index < ARRAY_SIZE(s->unimp)); 596 object_initialize_child(obj, devinfo->name, 597 &s->unimp[devinfo->index], 598 TYPE_UNIMPLEMENTED_DEVICE); 599 } else { 600 g_assert_not_reached(); 601 } 602 } 603 604 object_initialize_child(obj, "secctl", &s->secctl, TYPE_IOTKIT_SECCTL); 605 606 for (i = 0; i < ARRAY_SIZE(s->apb_ppc); i++) { 607 g_autofree char *name = g_strdup_printf("apb-ppc%d", i); 608 object_initialize_child(obj, name, &s->apb_ppc[i], TYPE_TZ_PPC); 609 } 610 611 for (i = 0; i < info->sram_banks; i++) { 612 char *name = g_strdup_printf("mpc%d", i); 613 object_initialize_child(obj, name, &s->mpc[i], TYPE_TZ_MPC); 614 g_free(name); 615 } 616 object_initialize_child(obj, "mpc-irq-orgate", &s->mpc_irq_orgate, 617 TYPE_OR_IRQ); 618 619 for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) { 620 char *name = g_strdup_printf("mpc-irq-splitter-%d", i); 621 SplitIRQ *splitter = &s->mpc_irq_splitter[i]; 622 623 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ); 624 g_free(name); 625 } 626 627 if (info->has_mhus) { 628 object_initialize_child(obj, "mhu0", &s->mhu[0], TYPE_ARMSSE_MHU); 629 object_initialize_child(obj, "mhu1", &s->mhu[1], TYPE_ARMSSE_MHU); 630 } 631 if (info->has_cachectrl) { 632 for (i = 0; i < info->num_cpus; i++) { 633 char *name = g_strdup_printf("cachectrl%d", i); 634 635 object_initialize_child(obj, name, &s->cachectrl[i], 636 TYPE_UNIMPLEMENTED_DEVICE); 637 g_free(name); 638 } 639 } 640 if (info->has_cpusecctrl) { 641 for (i = 0; i < info->num_cpus; i++) { 642 char *name = g_strdup_printf("cpusecctrl%d", i); 643 644 object_initialize_child(obj, name, &s->cpusecctrl[i], 645 TYPE_UNIMPLEMENTED_DEVICE); 646 g_free(name); 647 } 648 } 649 if (info->has_cpuid) { 650 for (i = 0; i < info->num_cpus; i++) { 651 char *name = g_strdup_printf("cpuid%d", i); 652 653 object_initialize_child(obj, name, &s->cpuid[i], 654 TYPE_ARMSSE_CPUID); 655 g_free(name); 656 } 657 } 658 if (info->has_sse_counter) { 659 object_initialize_child(obj, "sse-counter", &s->sse_counter, 660 TYPE_SSE_COUNTER); 661 } 662 663 object_initialize_child(obj, "nmi-orgate", &s->nmi_orgate, TYPE_OR_IRQ); 664 object_initialize_child(obj, "ppc-irq-orgate", &s->ppc_irq_orgate, 665 TYPE_OR_IRQ); 666 object_initialize_child(obj, "sec-resp-splitter", &s->sec_resp_splitter, 667 TYPE_SPLIT_IRQ); 668 for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) { 669 char *name = g_strdup_printf("ppc-irq-splitter-%d", i); 670 SplitIRQ *splitter = &s->ppc_irq_splitter[i]; 671 672 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ); 673 g_free(name); 674 } 675 if (info->num_cpus > 1) { 676 for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) { 677 if (info->irq_is_common[i]) { 678 char *name = g_strdup_printf("cpu-irq-splitter%d", i); 679 SplitIRQ *splitter = &s->cpu_irq_splitter[i]; 680 681 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ); 682 g_free(name); 683 } 684 } 685 } 686 } 687 688 static void armsse_exp_irq(void *opaque, int n, int level) 689 { 690 qemu_irq *irqarray = opaque; 691 692 qemu_set_irq(irqarray[n], level); 693 } 694 695 static void armsse_mpcexp_status(void *opaque, int n, int level) 696 { 697 ARMSSE *s = ARM_SSE(opaque); 698 qemu_set_irq(s->mpcexp_status_in[n], level); 699 } 700 701 static qemu_irq armsse_get_common_irq_in(ARMSSE *s, int irqno) 702 { 703 /* 704 * Return a qemu_irq which can be used to signal IRQ n to 705 * all CPUs in the SSE. 706 */ 707 ARMSSEClass *asc = ARM_SSE_GET_CLASS(s); 708 const ARMSSEInfo *info = asc->info; 709 710 assert(info->irq_is_common[irqno]); 711 712 if (info->num_cpus == 1) { 713 /* Only one CPU -- just connect directly to it */ 714 return qdev_get_gpio_in(DEVICE(&s->armv7m[0]), irqno); 715 } else { 716 /* Connect to the splitter which feeds all CPUs */ 717 return qdev_get_gpio_in(DEVICE(&s->cpu_irq_splitter[irqno]), 0); 718 } 719 } 720 721 static void armsse_realize(DeviceState *dev, Error **errp) 722 { 723 ARMSSE *s = ARM_SSE(dev); 724 ARMSSEClass *asc = ARM_SSE_GET_CLASS(dev); 725 const ARMSSEInfo *info = asc->info; 726 const ARMSSEDeviceInfo *devinfo; 727 int i; 728 MemoryRegion *mr; 729 Error *err = NULL; 730 SysBusDevice *sbd_apb_ppc0; 731 SysBusDevice *sbd_secctl; 732 DeviceState *dev_apb_ppc0; 733 DeviceState *dev_apb_ppc1; 734 DeviceState *dev_secctl; 735 DeviceState *dev_splitter; 736 uint32_t addr_width_max; 737 738 if (!s->board_memory) { 739 error_setg(errp, "memory property was not set"); 740 return; 741 } 742 743 if (!clock_has_source(s->mainclk)) { 744 error_setg(errp, "MAINCLK clock was not connected"); 745 } 746 if (!clock_has_source(s->s32kclk)) { 747 error_setg(errp, "S32KCLK clock was not connected"); 748 } 749 750 assert(info->num_cpus <= SSE_MAX_CPUS); 751 752 /* max SRAM_ADDR_WIDTH: 24 - log2(SRAM_NUM_BANK) */ 753 assert(is_power_of_2(info->sram_banks)); 754 addr_width_max = 24 - ctz32(info->sram_banks); 755 if (s->sram_addr_width < 1 || s->sram_addr_width > addr_width_max) { 756 error_setg(errp, "SRAM_ADDR_WIDTH must be between 1 and %d", 757 addr_width_max); 758 return; 759 } 760 761 /* Handling of which devices should be available only to secure 762 * code is usually done differently for M profile than for A profile. 763 * Instead of putting some devices only into the secure address space, 764 * devices exist in both address spaces but with hard-wired security 765 * permissions that will cause the CPU to fault for non-secure accesses. 766 * 767 * The ARMSSE has an IDAU (Implementation Defined Access Unit), 768 * which specifies hard-wired security permissions for different 769 * areas of the physical address space. For the ARMSSE IDAU, the 770 * top 4 bits of the physical address are the IDAU region ID, and 771 * if bit 28 (ie the lowest bit of the ID) is 0 then this is an NS 772 * region, otherwise it is an S region. 773 * 774 * The various devices and RAMs are generally all mapped twice, 775 * once into a region that the IDAU defines as secure and once 776 * into a non-secure region. They sit behind either a Memory 777 * Protection Controller (for RAM) or a Peripheral Protection 778 * Controller (for devices), which allow a more fine grained 779 * configuration of whether non-secure accesses are permitted. 780 * 781 * (The other place that guest software can configure security 782 * permissions is in the architected SAU (Security Attribution 783 * Unit), which is entirely inside the CPU. The IDAU can upgrade 784 * the security attributes for a region to more restrictive than 785 * the SAU specifies, but cannot downgrade them.) 786 * 787 * 0x10000000..0x1fffffff alias of 0x00000000..0x0fffffff 788 * 0x20000000..0x2007ffff 32KB FPGA block RAM 789 * 0x30000000..0x3fffffff alias of 0x20000000..0x2fffffff 790 * 0x40000000..0x4000ffff base peripheral region 1 791 * 0x40010000..0x4001ffff CPU peripherals (none for ARMSSE) 792 * 0x40020000..0x4002ffff system control element peripherals 793 * 0x40080000..0x400fffff base peripheral region 2 794 * 0x50000000..0x5fffffff alias of 0x40000000..0x4fffffff 795 */ 796 797 memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -2); 798 799 for (i = 0; i < info->num_cpus; i++) { 800 DeviceState *cpudev = DEVICE(&s->armv7m[i]); 801 Object *cpuobj = OBJECT(&s->armv7m[i]); 802 int j; 803 char *gpioname; 804 805 qdev_prop_set_uint32(cpudev, "num-irq", s->exp_numirq + NUM_SSE_IRQS); 806 /* 807 * In real hardware the initial Secure VTOR is set from the INITSVTOR* 808 * registers in the IoT Kit System Control Register block. In QEMU 809 * we set the initial value here, and also the reset value of the 810 * sysctl register, from this object's QOM init-svtor property. 811 * If the guest changes the INITSVTOR* registers at runtime then the 812 * code in iotkit-sysctl.c will update the CPU init-svtor property 813 * (which will then take effect on the next CPU warm-reset). 814 * 815 * Note that typically a board using the SSE-200 will have a system 816 * control processor whose boot firmware initializes the INITSVTOR* 817 * registers before powering up the CPUs. QEMU doesn't emulate 818 * the control processor, so instead we behave in the way that the 819 * firmware does: the initial value should be set by the board code 820 * (using the init-svtor property on the ARMSSE object) to match 821 * whatever its firmware does. 822 */ 823 qdev_prop_set_uint32(cpudev, "init-svtor", s->init_svtor); 824 /* 825 * CPUs start powered down if the corresponding bit in the CPUWAIT 826 * register is 1. In real hardware the CPUWAIT register reset value is 827 * a configurable property of the SSE-200 (via the CPUWAIT0_RST and 828 * CPUWAIT1_RST parameters), but since all the boards we care about 829 * start CPU0 and leave CPU1 powered off, we hard-code that in 830 * info->cpuwait_rst for now. We can add QOM properties for this 831 * later if necessary. 832 */ 833 if (extract32(info->cpuwait_rst, i, 1)) { 834 if (!object_property_set_bool(cpuobj, "start-powered-off", true, 835 errp)) { 836 return; 837 } 838 } 839 if (!s->cpu_fpu[i]) { 840 if (!object_property_set_bool(cpuobj, "vfp", false, errp)) { 841 return; 842 } 843 } 844 if (!s->cpu_dsp[i]) { 845 if (!object_property_set_bool(cpuobj, "dsp", false, errp)) { 846 return; 847 } 848 } 849 850 if (i > 0) { 851 memory_region_add_subregion_overlap(&s->cpu_container[i], 0, 852 &s->container_alias[i - 1], -1); 853 } else { 854 memory_region_add_subregion_overlap(&s->cpu_container[i], 0, 855 &s->container, -1); 856 } 857 object_property_set_link(cpuobj, "memory", 858 OBJECT(&s->cpu_container[i]), &error_abort); 859 object_property_set_link(cpuobj, "idau", OBJECT(s), &error_abort); 860 if (!sysbus_realize(SYS_BUS_DEVICE(cpuobj), errp)) { 861 return; 862 } 863 /* 864 * The cluster must be realized after the armv7m container, as 865 * the container's CPU object is only created on realize, and the 866 * CPU must exist and have been parented into the cluster before 867 * the cluster is realized. 868 */ 869 if (!qdev_realize(DEVICE(&s->cluster[i]), NULL, errp)) { 870 return; 871 } 872 873 /* Connect EXP_IRQ/EXP_CPUn_IRQ GPIOs to the NVIC's lines 32 and up */ 874 s->exp_irqs[i] = g_new(qemu_irq, s->exp_numirq); 875 for (j = 0; j < s->exp_numirq; j++) { 876 s->exp_irqs[i][j] = qdev_get_gpio_in(cpudev, j + NUM_SSE_IRQS); 877 } 878 if (i == 0) { 879 gpioname = g_strdup("EXP_IRQ"); 880 } else { 881 gpioname = g_strdup_printf("EXP_CPU%d_IRQ", i); 882 } 883 qdev_init_gpio_in_named_with_opaque(dev, armsse_exp_irq, 884 s->exp_irqs[i], 885 gpioname, s->exp_numirq); 886 g_free(gpioname); 887 } 888 889 /* Wire up the splitters that connect common IRQs to all CPUs */ 890 if (info->num_cpus > 1) { 891 for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) { 892 if (info->irq_is_common[i]) { 893 Object *splitter = OBJECT(&s->cpu_irq_splitter[i]); 894 DeviceState *devs = DEVICE(splitter); 895 int cpunum; 896 897 if (!object_property_set_int(splitter, "num-lines", 898 info->num_cpus, errp)) { 899 return; 900 } 901 if (!qdev_realize(DEVICE(splitter), NULL, errp)) { 902 return; 903 } 904 for (cpunum = 0; cpunum < info->num_cpus; cpunum++) { 905 DeviceState *cpudev = DEVICE(&s->armv7m[cpunum]); 906 907 qdev_connect_gpio_out(devs, cpunum, 908 qdev_get_gpio_in(cpudev, i)); 909 } 910 } 911 } 912 } 913 914 /* Set up the big aliases first */ 915 make_alias(s, &s->alias1, &s->container, "alias 1", 916 0x10000000, 0x10000000, 0x00000000); 917 make_alias(s, &s->alias2, &s->container, 918 "alias 2", 0x30000000, 0x10000000, 0x20000000); 919 /* The 0x50000000..0x5fffffff region is not a pure alias: it has 920 * a few extra devices that only appear there (generally the 921 * control interfaces for the protection controllers). 922 * We implement this by mapping those devices over the top of this 923 * alias MR at a higher priority. Some of the devices in this range 924 * are per-CPU, so we must put this alias in the per-cpu containers. 925 */ 926 for (i = 0; i < info->num_cpus; i++) { 927 make_alias(s, &s->alias3[i], &s->cpu_container[i], 928 "alias 3", 0x50000000, 0x10000000, 0x40000000); 929 } 930 931 /* Security controller */ 932 object_property_set_int(OBJECT(&s->secctl), "sse-version", 933 info->sse_version, &error_abort); 934 if (!sysbus_realize(SYS_BUS_DEVICE(&s->secctl), errp)) { 935 return; 936 } 937 sbd_secctl = SYS_BUS_DEVICE(&s->secctl); 938 dev_secctl = DEVICE(&s->secctl); 939 sysbus_mmio_map(sbd_secctl, 0, 0x50080000); 940 sysbus_mmio_map(sbd_secctl, 1, 0x40080000); 941 942 s->nsc_cfg_in = qemu_allocate_irq(nsccfg_handler, s, 1); 943 qdev_connect_gpio_out_named(dev_secctl, "nsc_cfg", 0, s->nsc_cfg_in); 944 945 /* The sec_resp_cfg output from the security controller must be split into 946 * multiple lines, one for each of the PPCs within the ARMSSE and one 947 * that will be an output from the ARMSSE to the system. 948 */ 949 if (!object_property_set_int(OBJECT(&s->sec_resp_splitter), 950 "num-lines", 3, errp)) { 951 return; 952 } 953 if (!qdev_realize(DEVICE(&s->sec_resp_splitter), NULL, errp)) { 954 return; 955 } 956 dev_splitter = DEVICE(&s->sec_resp_splitter); 957 qdev_connect_gpio_out_named(dev_secctl, "sec_resp_cfg", 0, 958 qdev_get_gpio_in(dev_splitter, 0)); 959 960 /* Each SRAM bank lives behind its own Memory Protection Controller */ 961 for (i = 0; i < info->sram_banks; i++) { 962 char *ramname = g_strdup_printf("armsse.sram%d", i); 963 SysBusDevice *sbd_mpc; 964 uint32_t sram_bank_size = 1 << s->sram_addr_width; 965 966 memory_region_init_ram(&s->sram[i], NULL, ramname, 967 sram_bank_size, &err); 968 g_free(ramname); 969 if (err) { 970 error_propagate(errp, err); 971 return; 972 } 973 object_property_set_link(OBJECT(&s->mpc[i]), "downstream", 974 OBJECT(&s->sram[i]), &error_abort); 975 if (!sysbus_realize(SYS_BUS_DEVICE(&s->mpc[i]), errp)) { 976 return; 977 } 978 /* Map the upstream end of the MPC into the right place... */ 979 sbd_mpc = SYS_BUS_DEVICE(&s->mpc[i]); 980 memory_region_add_subregion(&s->container, 981 0x20000000 + i * sram_bank_size, 982 sysbus_mmio_get_region(sbd_mpc, 1)); 983 /* ...and its register interface */ 984 memory_region_add_subregion(&s->container, 0x50083000 + i * 0x1000, 985 sysbus_mmio_get_region(sbd_mpc, 0)); 986 } 987 988 /* We must OR together lines from the MPC splitters to go to the NVIC */ 989 if (!object_property_set_int(OBJECT(&s->mpc_irq_orgate), "num-lines", 990 IOTS_NUM_EXP_MPC + info->sram_banks, 991 errp)) { 992 return; 993 } 994 if (!qdev_realize(DEVICE(&s->mpc_irq_orgate), NULL, errp)) { 995 return; 996 } 997 qdev_connect_gpio_out(DEVICE(&s->mpc_irq_orgate), 0, 998 armsse_get_common_irq_in(s, 9)); 999 1000 /* This OR gate wires together outputs from the secure watchdogs to NMI */ 1001 if (!object_property_set_int(OBJECT(&s->nmi_orgate), "num-lines", 2, 1002 errp)) { 1003 return; 1004 } 1005 if (!qdev_realize(DEVICE(&s->nmi_orgate), NULL, errp)) { 1006 return; 1007 } 1008 qdev_connect_gpio_out(DEVICE(&s->nmi_orgate), 0, 1009 qdev_get_gpio_in_named(DEVICE(&s->armv7m), "NMI", 0)); 1010 1011 /* The SSE-300 has a System Counter / System Timestamp Generator */ 1012 if (info->has_sse_counter) { 1013 SysBusDevice *sbd = SYS_BUS_DEVICE(&s->sse_counter); 1014 1015 qdev_connect_clock_in(DEVICE(sbd), "CLK", s->mainclk); 1016 if (!sysbus_realize(sbd, errp)) { 1017 return; 1018 } 1019 /* 1020 * The control frame is only in the Secure region; 1021 * the status frame is in the NS region (and visible in the 1022 * S region via the alias mapping). 1023 */ 1024 memory_region_add_subregion(&s->container, 0x58100000, 1025 sysbus_mmio_get_region(sbd, 0)); 1026 memory_region_add_subregion(&s->container, 0x48101000, 1027 sysbus_mmio_get_region(sbd, 1)); 1028 } 1029 1030 /* Devices behind APB PPC0: 1031 * 0x40000000: timer0 1032 * 0x40001000: timer1 1033 * 0x40002000: dual timer 1034 * 0x40003000: MHU0 (SSE-200 only) 1035 * 0x40004000: MHU1 (SSE-200 only) 1036 * We must configure and realize each downstream device and connect 1037 * it to the appropriate PPC port; then we can realize the PPC and 1038 * map its upstream ends to the right place in the container. 1039 */ 1040 for (devinfo = info->devinfo; devinfo->name; devinfo++) { 1041 SysBusDevice *sbd; 1042 qemu_irq irq; 1043 1044 if (!strcmp(devinfo->type, TYPE_CMSDK_APB_TIMER)) { 1045 sbd = SYS_BUS_DEVICE(&s->timer[devinfo->index]); 1046 1047 qdev_connect_clock_in(DEVICE(sbd), "pclk", 1048 devinfo->slowclk ? s->s32kclk : s->mainclk); 1049 if (!sysbus_realize(sbd, errp)) { 1050 return; 1051 } 1052 mr = sysbus_mmio_get_region(sbd, 0); 1053 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_DUALTIMER)) { 1054 sbd = SYS_BUS_DEVICE(&s->dualtimer); 1055 1056 qdev_connect_clock_in(DEVICE(sbd), "TIMCLK", s->mainclk); 1057 if (!sysbus_realize(sbd, errp)) { 1058 return; 1059 } 1060 mr = sysbus_mmio_get_region(sbd, 0); 1061 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_WATCHDOG)) { 1062 sbd = SYS_BUS_DEVICE(&s->cmsdk_watchdog[devinfo->index]); 1063 1064 qdev_connect_clock_in(DEVICE(sbd), "WDOGCLK", 1065 devinfo->slowclk ? s->s32kclk : s->mainclk); 1066 if (!sysbus_realize(sbd, errp)) { 1067 return; 1068 } 1069 mr = sysbus_mmio_get_region(sbd, 0); 1070 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSINFO)) { 1071 sbd = SYS_BUS_DEVICE(&s->sysinfo); 1072 1073 object_property_set_int(OBJECT(&s->sysinfo), "SYS_VERSION", 1074 info->sys_version, &error_abort); 1075 object_property_set_int(OBJECT(&s->sysinfo), "SYS_CONFIG", 1076 armsse_sys_config_value(s, info), 1077 &error_abort); 1078 object_property_set_int(OBJECT(&s->sysinfo), "sse-version", 1079 info->sse_version, &error_abort); 1080 object_property_set_int(OBJECT(&s->sysinfo), "IIDR", 1081 info->iidr, &error_abort); 1082 if (!sysbus_realize(sbd, errp)) { 1083 return; 1084 } 1085 mr = sysbus_mmio_get_region(sbd, 0); 1086 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSCTL)) { 1087 /* System control registers */ 1088 sbd = SYS_BUS_DEVICE(&s->sysctl); 1089 1090 object_property_set_int(OBJECT(&s->sysctl), "sse-version", 1091 info->sse_version, &error_abort); 1092 object_property_set_int(OBJECT(&s->sysctl), "CPUWAIT_RST", 1093 info->cpuwait_rst, &error_abort); 1094 object_property_set_int(OBJECT(&s->sysctl), "INITSVTOR0_RST", 1095 s->init_svtor, &error_abort); 1096 object_property_set_int(OBJECT(&s->sysctl), "INITSVTOR1_RST", 1097 s->init_svtor, &error_abort); 1098 if (!sysbus_realize(sbd, errp)) { 1099 return; 1100 } 1101 mr = sysbus_mmio_get_region(sbd, 0); 1102 } else if (!strcmp(devinfo->type, TYPE_UNIMPLEMENTED_DEVICE)) { 1103 sbd = SYS_BUS_DEVICE(&s->unimp[devinfo->index]); 1104 1105 qdev_prop_set_string(DEVICE(sbd), "name", devinfo->name); 1106 qdev_prop_set_uint64(DEVICE(sbd), "size", devinfo->size); 1107 if (!sysbus_realize(sbd, errp)) { 1108 return; 1109 } 1110 mr = sysbus_mmio_get_region(sbd, 0); 1111 } else { 1112 g_assert_not_reached(); 1113 } 1114 1115 switch (devinfo->irq) { 1116 case NO_IRQ: 1117 irq = NULL; 1118 break; 1119 case 0 ... NUM_SSE_IRQS - 1: 1120 irq = armsse_get_common_irq_in(s, devinfo->irq); 1121 break; 1122 case NMI_0: 1123 case NMI_1: 1124 irq = qdev_get_gpio_in(DEVICE(&s->nmi_orgate), 1125 devinfo->irq - NMI_0); 1126 break; 1127 default: 1128 g_assert_not_reached(); 1129 } 1130 1131 if (irq) { 1132 sysbus_connect_irq(sbd, 0, irq); 1133 } 1134 1135 /* 1136 * Devices connected to a PPC are connected to the port here; 1137 * we will map the upstream end of that port to the right address 1138 * in the container later after the PPC has been realized. 1139 * Devices not connected to a PPC can be mapped immediately. 1140 */ 1141 if (devinfo->ppc != NO_PPC) { 1142 TZPPC *ppc = &s->apb_ppc[devinfo->ppc]; 1143 g_autofree char *portname = g_strdup_printf("port[%d]", 1144 devinfo->ppc_port); 1145 object_property_set_link(OBJECT(ppc), portname, OBJECT(mr), 1146 &error_abort); 1147 } else { 1148 memory_region_add_subregion(&s->container, devinfo->addr, mr); 1149 } 1150 } 1151 1152 if (info->has_mhus) { 1153 /* 1154 * An SSE-200 with only one CPU should have only one MHU created, 1155 * with the region where the second MHU usually is being RAZ/WI. 1156 * We don't implement that SSE-200 config; if we want to support 1157 * it then this code needs to be enhanced to handle creating the 1158 * RAZ/WI region instead of the second MHU. 1159 */ 1160 assert(info->num_cpus == ARRAY_SIZE(s->mhu)); 1161 1162 for (i = 0; i < ARRAY_SIZE(s->mhu); i++) { 1163 char *port; 1164 int cpunum; 1165 SysBusDevice *mhu_sbd = SYS_BUS_DEVICE(&s->mhu[i]); 1166 1167 if (!sysbus_realize(SYS_BUS_DEVICE(&s->mhu[i]), errp)) { 1168 return; 1169 } 1170 port = g_strdup_printf("port[%d]", i + 3); 1171 mr = sysbus_mmio_get_region(mhu_sbd, 0); 1172 object_property_set_link(OBJECT(&s->apb_ppc[0]), port, OBJECT(mr), 1173 &error_abort); 1174 g_free(port); 1175 1176 /* 1177 * Each MHU has an irq line for each CPU: 1178 * MHU 0 irq line 0 -> CPU 0 IRQ 6 1179 * MHU 0 irq line 1 -> CPU 1 IRQ 6 1180 * MHU 1 irq line 0 -> CPU 0 IRQ 7 1181 * MHU 1 irq line 1 -> CPU 1 IRQ 7 1182 */ 1183 for (cpunum = 0; cpunum < info->num_cpus; cpunum++) { 1184 DeviceState *cpudev = DEVICE(&s->armv7m[cpunum]); 1185 1186 sysbus_connect_irq(mhu_sbd, cpunum, 1187 qdev_get_gpio_in(cpudev, 6 + i)); 1188 } 1189 } 1190 } 1191 1192 if (!sysbus_realize(SYS_BUS_DEVICE(&s->apb_ppc[0]), errp)) { 1193 return; 1194 } 1195 1196 sbd_apb_ppc0 = SYS_BUS_DEVICE(&s->apb_ppc[0]); 1197 dev_apb_ppc0 = DEVICE(&s->apb_ppc[0]); 1198 1199 if (info->has_mhus) { 1200 mr = sysbus_mmio_get_region(sbd_apb_ppc0, 3); 1201 memory_region_add_subregion(&s->container, 0x40003000, mr); 1202 mr = sysbus_mmio_get_region(sbd_apb_ppc0, 4); 1203 memory_region_add_subregion(&s->container, 0x40004000, mr); 1204 } 1205 for (i = 0; i < IOTS_APB_PPC0_NUM_PORTS; i++) { 1206 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_nonsec", i, 1207 qdev_get_gpio_in_named(dev_apb_ppc0, 1208 "cfg_nonsec", i)); 1209 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_ap", i, 1210 qdev_get_gpio_in_named(dev_apb_ppc0, 1211 "cfg_ap", i)); 1212 } 1213 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_enable", 0, 1214 qdev_get_gpio_in_named(dev_apb_ppc0, 1215 "irq_enable", 0)); 1216 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_clear", 0, 1217 qdev_get_gpio_in_named(dev_apb_ppc0, 1218 "irq_clear", 0)); 1219 qdev_connect_gpio_out(dev_splitter, 0, 1220 qdev_get_gpio_in_named(dev_apb_ppc0, 1221 "cfg_sec_resp", 0)); 1222 1223 /* All the PPC irq lines (from the 2 internal PPCs and the 8 external 1224 * ones) are sent individually to the security controller, and also 1225 * ORed together to give a single combined PPC interrupt to the NVIC. 1226 */ 1227 if (!object_property_set_int(OBJECT(&s->ppc_irq_orgate), 1228 "num-lines", NUM_PPCS, errp)) { 1229 return; 1230 } 1231 if (!qdev_realize(DEVICE(&s->ppc_irq_orgate), NULL, errp)) { 1232 return; 1233 } 1234 qdev_connect_gpio_out(DEVICE(&s->ppc_irq_orgate), 0, 1235 armsse_get_common_irq_in(s, 10)); 1236 1237 /* 1238 * 0x40010000 .. 0x4001ffff (and the 0x5001000... secure-only alias): 1239 * private per-CPU region (all these devices are SSE-200 only): 1240 * 0x50010000: L1 icache control registers 1241 * 0x50011000: CPUSECCTRL (CPU local security control registers) 1242 * 0x4001f000 and 0x5001f000: CPU_IDENTITY register block 1243 */ 1244 if (info->has_cachectrl) { 1245 for (i = 0; i < info->num_cpus; i++) { 1246 char *name = g_strdup_printf("cachectrl%d", i); 1247 MemoryRegion *mr; 1248 1249 qdev_prop_set_string(DEVICE(&s->cachectrl[i]), "name", name); 1250 g_free(name); 1251 qdev_prop_set_uint64(DEVICE(&s->cachectrl[i]), "size", 0x1000); 1252 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cachectrl[i]), errp)) { 1253 return; 1254 } 1255 1256 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cachectrl[i]), 0); 1257 memory_region_add_subregion(&s->cpu_container[i], 0x50010000, mr); 1258 } 1259 } 1260 if (info->has_cpusecctrl) { 1261 for (i = 0; i < info->num_cpus; i++) { 1262 char *name = g_strdup_printf("CPUSECCTRL%d", i); 1263 MemoryRegion *mr; 1264 1265 qdev_prop_set_string(DEVICE(&s->cpusecctrl[i]), "name", name); 1266 g_free(name); 1267 qdev_prop_set_uint64(DEVICE(&s->cpusecctrl[i]), "size", 0x1000); 1268 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpusecctrl[i]), errp)) { 1269 return; 1270 } 1271 1272 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpusecctrl[i]), 0); 1273 memory_region_add_subregion(&s->cpu_container[i], 0x50011000, mr); 1274 } 1275 } 1276 if (info->has_cpuid) { 1277 for (i = 0; i < info->num_cpus; i++) { 1278 MemoryRegion *mr; 1279 1280 qdev_prop_set_uint32(DEVICE(&s->cpuid[i]), "CPUID", i); 1281 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpuid[i]), errp)) { 1282 return; 1283 } 1284 1285 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpuid[i]), 0); 1286 memory_region_add_subregion(&s->cpu_container[i], 0x4001F000, mr); 1287 } 1288 } 1289 1290 if (!sysbus_realize(SYS_BUS_DEVICE(&s->apb_ppc[1]), errp)) { 1291 return; 1292 } 1293 1294 dev_apb_ppc1 = DEVICE(&s->apb_ppc[1]); 1295 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_nonsec", 0, 1296 qdev_get_gpio_in_named(dev_apb_ppc1, 1297 "cfg_nonsec", 0)); 1298 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_ap", 0, 1299 qdev_get_gpio_in_named(dev_apb_ppc1, 1300 "cfg_ap", 0)); 1301 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_enable", 0, 1302 qdev_get_gpio_in_named(dev_apb_ppc1, 1303 "irq_enable", 0)); 1304 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_clear", 0, 1305 qdev_get_gpio_in_named(dev_apb_ppc1, 1306 "irq_clear", 0)); 1307 qdev_connect_gpio_out(dev_splitter, 1, 1308 qdev_get_gpio_in_named(dev_apb_ppc1, 1309 "cfg_sec_resp", 0)); 1310 1311 /* 1312 * Now both PPCs are realized we can map the upstream ends of 1313 * ports which correspond to entries in the devinfo array. 1314 * The ports which are connected to non-devinfo devices have 1315 * already been mapped. 1316 */ 1317 for (devinfo = info->devinfo; devinfo->name; devinfo++) { 1318 SysBusDevice *ppc_sbd; 1319 1320 if (devinfo->ppc == NO_PPC) { 1321 continue; 1322 } 1323 ppc_sbd = SYS_BUS_DEVICE(&s->apb_ppc[devinfo->ppc]); 1324 mr = sysbus_mmio_get_region(ppc_sbd, devinfo->ppc_port); 1325 memory_region_add_subregion(&s->container, devinfo->addr, mr); 1326 } 1327 1328 for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) { 1329 Object *splitter = OBJECT(&s->ppc_irq_splitter[i]); 1330 1331 if (!object_property_set_int(splitter, "num-lines", 2, errp)) { 1332 return; 1333 } 1334 if (!qdev_realize(DEVICE(splitter), NULL, errp)) { 1335 return; 1336 } 1337 } 1338 1339 for (i = 0; i < IOTS_NUM_AHB_EXP_PPC; i++) { 1340 char *ppcname = g_strdup_printf("ahb_ppcexp%d", i); 1341 1342 armsse_forward_ppc(s, ppcname, i); 1343 g_free(ppcname); 1344 } 1345 1346 for (i = 0; i < IOTS_NUM_APB_EXP_PPC; i++) { 1347 char *ppcname = g_strdup_printf("apb_ppcexp%d", i); 1348 1349 armsse_forward_ppc(s, ppcname, i + IOTS_NUM_AHB_EXP_PPC); 1350 g_free(ppcname); 1351 } 1352 1353 for (i = NUM_EXTERNAL_PPCS; i < NUM_PPCS; i++) { 1354 /* Wire up IRQ splitter for internal PPCs */ 1355 DeviceState *devs = DEVICE(&s->ppc_irq_splitter[i]); 1356 char *gpioname = g_strdup_printf("apb_ppc%d_irq_status", 1357 i - NUM_EXTERNAL_PPCS); 1358 TZPPC *ppc = &s->apb_ppc[i - NUM_EXTERNAL_PPCS]; 1359 1360 qdev_connect_gpio_out(devs, 0, 1361 qdev_get_gpio_in_named(dev_secctl, gpioname, 0)); 1362 qdev_connect_gpio_out(devs, 1, 1363 qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), i)); 1364 qdev_connect_gpio_out_named(DEVICE(ppc), "irq", 0, 1365 qdev_get_gpio_in(devs, 0)); 1366 g_free(gpioname); 1367 } 1368 1369 /* Wire up the splitters for the MPC IRQs */ 1370 for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) { 1371 SplitIRQ *splitter = &s->mpc_irq_splitter[i]; 1372 DeviceState *dev_splitter = DEVICE(splitter); 1373 1374 if (!object_property_set_int(OBJECT(splitter), "num-lines", 2, 1375 errp)) { 1376 return; 1377 } 1378 if (!qdev_realize(DEVICE(splitter), NULL, errp)) { 1379 return; 1380 } 1381 1382 if (i < IOTS_NUM_EXP_MPC) { 1383 /* Splitter input is from GPIO input line */ 1384 s->mpcexp_status_in[i] = qdev_get_gpio_in(dev_splitter, 0); 1385 qdev_connect_gpio_out(dev_splitter, 0, 1386 qdev_get_gpio_in_named(dev_secctl, 1387 "mpcexp_status", i)); 1388 } else { 1389 /* Splitter input is from our own MPC */ 1390 qdev_connect_gpio_out_named(DEVICE(&s->mpc[i - IOTS_NUM_EXP_MPC]), 1391 "irq", 0, 1392 qdev_get_gpio_in(dev_splitter, 0)); 1393 qdev_connect_gpio_out(dev_splitter, 0, 1394 qdev_get_gpio_in_named(dev_secctl, 1395 "mpc_status", 1396 i - IOTS_NUM_EXP_MPC)); 1397 } 1398 1399 qdev_connect_gpio_out(dev_splitter, 1, 1400 qdev_get_gpio_in(DEVICE(&s->mpc_irq_orgate), i)); 1401 } 1402 /* Create GPIO inputs which will pass the line state for our 1403 * mpcexp_irq inputs to the correct splitter devices. 1404 */ 1405 qdev_init_gpio_in_named(dev, armsse_mpcexp_status, "mpcexp_status", 1406 IOTS_NUM_EXP_MPC); 1407 1408 armsse_forward_sec_resp_cfg(s); 1409 1410 /* Forward the MSC related signals */ 1411 qdev_pass_gpios(dev_secctl, dev, "mscexp_status"); 1412 qdev_pass_gpios(dev_secctl, dev, "mscexp_clear"); 1413 qdev_pass_gpios(dev_secctl, dev, "mscexp_ns"); 1414 qdev_connect_gpio_out_named(dev_secctl, "msc_irq", 0, 1415 armsse_get_common_irq_in(s, 11)); 1416 1417 /* 1418 * Expose our container region to the board model; this corresponds 1419 * to the AHB Slave Expansion ports which allow bus master devices 1420 * (eg DMA controllers) in the board model to make transactions into 1421 * devices in the ARMSSE. 1422 */ 1423 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->container); 1424 1425 /* Set initial system_clock_scale from MAINCLK */ 1426 armsse_mainclk_update(s, ClockUpdate); 1427 } 1428 1429 static void armsse_idau_check(IDAUInterface *ii, uint32_t address, 1430 int *iregion, bool *exempt, bool *ns, bool *nsc) 1431 { 1432 /* 1433 * For ARMSSE systems the IDAU responses are simple logical functions 1434 * of the address bits. The NSC attribute is guest-adjustable via the 1435 * NSCCFG register in the security controller. 1436 */ 1437 ARMSSE *s = ARM_SSE(ii); 1438 int region = extract32(address, 28, 4); 1439 1440 *ns = !(region & 1); 1441 *nsc = (region == 1 && (s->nsccfg & 1)) || (region == 3 && (s->nsccfg & 2)); 1442 /* 0xe0000000..0xe00fffff and 0xf0000000..0xf00fffff are exempt */ 1443 *exempt = (address & 0xeff00000) == 0xe0000000; 1444 *iregion = region; 1445 } 1446 1447 static const VMStateDescription armsse_vmstate = { 1448 .name = "iotkit", 1449 .version_id = 2, 1450 .minimum_version_id = 2, 1451 .fields = (VMStateField[]) { 1452 VMSTATE_CLOCK(mainclk, ARMSSE), 1453 VMSTATE_CLOCK(s32kclk, ARMSSE), 1454 VMSTATE_UINT32(nsccfg, ARMSSE), 1455 VMSTATE_END_OF_LIST() 1456 } 1457 }; 1458 1459 static void armsse_reset(DeviceState *dev) 1460 { 1461 ARMSSE *s = ARM_SSE(dev); 1462 1463 s->nsccfg = 0; 1464 } 1465 1466 static void armsse_class_init(ObjectClass *klass, void *data) 1467 { 1468 DeviceClass *dc = DEVICE_CLASS(klass); 1469 IDAUInterfaceClass *iic = IDAU_INTERFACE_CLASS(klass); 1470 ARMSSEClass *asc = ARM_SSE_CLASS(klass); 1471 const ARMSSEInfo *info = data; 1472 1473 dc->realize = armsse_realize; 1474 dc->vmsd = &armsse_vmstate; 1475 device_class_set_props(dc, info->props); 1476 dc->reset = armsse_reset; 1477 iic->check = armsse_idau_check; 1478 asc->info = info; 1479 } 1480 1481 static const TypeInfo armsse_info = { 1482 .name = TYPE_ARM_SSE, 1483 .parent = TYPE_SYS_BUS_DEVICE, 1484 .instance_size = sizeof(ARMSSE), 1485 .class_size = sizeof(ARMSSEClass), 1486 .instance_init = armsse_init, 1487 .abstract = true, 1488 .interfaces = (InterfaceInfo[]) { 1489 { TYPE_IDAU_INTERFACE }, 1490 { } 1491 } 1492 }; 1493 1494 static void armsse_register_types(void) 1495 { 1496 int i; 1497 1498 type_register_static(&armsse_info); 1499 1500 for (i = 0; i < ARRAY_SIZE(armsse_variants); i++) { 1501 TypeInfo ti = { 1502 .name = armsse_variants[i].name, 1503 .parent = TYPE_ARM_SSE, 1504 .class_init = armsse_class_init, 1505 .class_data = (void *)&armsse_variants[i], 1506 }; 1507 type_register(&ti); 1508 } 1509 } 1510 1511 type_init(armsse_register_types); 1512