]> git.proxmox.com Git - mirror_qemu.git/blame - hw/intc/armv7m_nvic.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
nvic: Add banked exception states
[mirror_qemu.git] / hw / intc / armv7m_nvic.c
CommitLineData
9ee6e8bb
PB		 1/*
2 * ARM Nested Vectored Interrupt Controller
3 *
4 * Copyright (c) 2006-2007 CodeSourcery.
5 * Written by Paul Brook
6 *
8e31bf38 7 * This code is licensed under the GPL.
9ee6e8bb
PB		 8 *
9 * The ARMv7M System controller is fairly tightly tied in with the
10 * NVIC. Much of that is also implemented here.
11 */
12
8ef94f0b 13#include "qemu/osdep.h"
da34e65c 14#include "qapi/error.h"
4771d756 15#include "qemu-common.h"
33c11879 16#include "cpu.h"
83c9f4ca 17#include "hw/sysbus.h"
1de7afc9 18#include "qemu/timer.h"
bd2be150 19#include "hw/arm/arm.h"
d2db1de6 20#include "hw/intc/armv7m_nvic.h"
da6d674e 21#include "target/arm/cpu.h"
29c483a5 22#include "exec/exec-all.h"
03dd024f 23#include "qemu/log.h"
da6d674e
MD		 24#include "trace.h"
25
26/* IRQ number counting:
27 *
28 * the num-irq property counts the number of external IRQ lines
29 *
30 * NVICState::num_irq counts the total number of exceptions
31 * (external IRQs, the 15 internal exceptions including reset,
32 * and one for the unused exception number 0).
33 *
34 * NVIC_MAX_IRQ is the highest permitted number of external IRQ lines.
35 *
36 * NVIC_MAX_VECTORS is the highest permitted number of exceptions.
37 *
38 * Iterating through all exceptions should typically be done with
39 * for (i = 1; i < s->num_irq; i++) to avoid the unused slot 0.
40 *
41 * The external qemu_irq lines are the NVIC's external IRQ lines,
42 * so line 0 is exception 16.
43 *
44 * In the terminology of the architecture manual, "interrupts" are
45 * a subcategory of exception referring to the external interrupts
46 * (which are exception numbers NVIC_FIRST_IRQ and upward).
47 * For historical reasons QEMU tends to use "interrupt" and
48 * "exception" more or less interchangeably.
49 */
17906a16 50#define NVIC_FIRST_IRQ NVIC_INTERNAL_VECTORS
da6d674e
MD		 51#define NVIC_MAX_IRQ (NVIC_MAX_VECTORS - NVIC_FIRST_IRQ)
52
53/* Effective running priority of the CPU when no exception is active
54 * (higher than the highest possible priority value)
55 */
56#define NVIC_NOEXC_PRIO 0x100
57
2a29ddee
PM		 58static const uint8_t nvic_id[] = {
59 0x00, 0xb0, 0x1b, 0x00, 0x0d, 0xe0, 0x05, 0xb1
60};
61
da6d674e
MD		 62static int nvic_pending_prio(NVICState *s)
63{
64 /* return the priority of the current pending interrupt,
65 * or NVIC_NOEXC_PRIO if no interrupt is pending
66 */
67 return s->vectpending ? s->vectors[s->vectpending].prio : NVIC_NOEXC_PRIO;
68}
69
70/* Return the value of the ISCR RETTOBASE bit:
71 * 1 if there is exactly one active exception
72 * 0 if there is more than one active exception
73 * UNKNOWN if there are no active exceptions (we choose 1,
74 * which matches the choice Cortex-M3 is documented as making).
75 *
76 * NB: some versions of the documentation talk about this
77 * counting "active exceptions other than the one shown by IPSR";
78 * this is only different in the obscure corner case where guest
79 * code has manually deactivated an exception and is about
80 * to fail an exception-return integrity check. The definition
81 * above is the one from the v8M ARM ARM and is also in line
82 * with the behaviour documented for the Cortex-M3.
83 */
84static bool nvic_rettobase(NVICState *s)
85{
86 int irq, nhand = 0;
87
88 for (irq = ARMV7M_EXCP_RESET; irq < s->num_irq; irq++) {
89 if (s->vectors[irq].active) {
90 nhand++;
91 if (nhand == 2) {
92 return 0;
93 }
94 }
95 }
96
97 return 1;
98}
99
100/* Return the value of the ISCR ISRPENDING bit:
101 * 1 if an external interrupt is pending
102 * 0 if no external interrupt is pending
103 */
104static bool nvic_isrpending(NVICState *s)
105{
106 int irq;
107
108 /* We can shortcut if the highest priority pending interrupt
109 * happens to be external or if there is nothing pending.
110 */
111 if (s->vectpending > NVIC_FIRST_IRQ) {
112 return true;
113 }
114 if (s->vectpending == 0) {
115 return false;
116 }
117
118 for (irq = NVIC_FIRST_IRQ; irq < s->num_irq; irq++) {
119 if (s->vectors[irq].pending) {
120 return true;
121 }
122 }
123 return false;
124}
125
126/* Return a mask word which clears the subpriority bits from
127 * a priority value for an M-profile exception, leaving only
128 * the group priority.
129 */
130static inline uint32_t nvic_gprio_mask(NVICState *s)
131{
132 return ~0U << (s->prigroup + 1);
133}
134
135/* Recompute vectpending and exception_prio */
136static void nvic_recompute_state(NVICState *s)
137{
138 int i;
139 int pend_prio = NVIC_NOEXC_PRIO;
140 int active_prio = NVIC_NOEXC_PRIO;
141 int pend_irq = 0;
142
143 for (i = 1; i < s->num_irq; i++) {
144 VecInfo *vec = &s->vectors[i];
145
146 if (vec->enabled && vec->pending && vec->prio < pend_prio) {
147 pend_prio = vec->prio;
148 pend_irq = i;
149 }
150 if (vec->active && vec->prio < active_prio) {
151 active_prio = vec->prio;
152 }
153 }
154
22a9c26a
PM		 155 if (active_prio > 0) {
156 active_prio &= nvic_gprio_mask(s);
157 }
158
da6d674e 159 s->vectpending = pend_irq;
22a9c26a 160 s->exception_prio = active_prio;
da6d674e
MD		 161
162 trace_nvic_recompute_state(s->vectpending, s->exception_prio);
163}
164
165/* Return the current execution priority of the CPU
166 * (equivalent to the pseudocode ExecutionPriority function).
167 * This is a value between -2 (NMI priority) and NVIC_NOEXC_PRIO.
168 */
169static inline int nvic_exec_prio(NVICState *s)
170{
171 CPUARMState *env = &s->cpu->env;
172 int running;
173
42a6686b 174 if (env->v7m.faultmask[env->v7m.secure]) {
da6d674e 175 running = -1;
6d804834 176 } else if (env->v7m.primask[env->v7m.secure]) {
da6d674e 177 running = 0;
acf94941
PM		 178 } else if (env->v7m.basepri[env->v7m.secure] > 0) {
179 running = env->v7m.basepri[env->v7m.secure] & nvic_gprio_mask(s);
da6d674e
MD		 180 } else {
181 running = NVIC_NOEXC_PRIO; /* lower than any possible priority */
182 }
183 /* consider priority of active handler */
184 return MIN(running, s->exception_prio);
185}
186
7ecdaa4a
PM		 187bool armv7m_nvic_can_take_pending_exception(void *opaque)
188{
189 NVICState *s = opaque;
190
191 return nvic_exec_prio(s) > nvic_pending_prio(s);
192}
193
42a6686b
PM		 194int armv7m_nvic_raw_execution_priority(void *opaque)
195{
196 NVICState *s = opaque;
197
198 return s->exception_prio;
199}
200
da6d674e
MD		 201/* caller must call nvic_irq_update() after this */
202static void set_prio(NVICState *s, unsigned irq, uint8_t prio)
203{
204 assert(irq > ARMV7M_EXCP_NMI); /* only use for configurable prios */
205 assert(irq < s->num_irq);
206
207 s->vectors[irq].prio = prio;
208
209 trace_nvic_set_prio(irq, prio);
210}
211
212/* Recompute state and assert irq line accordingly.
213 * Must be called after changes to:
214 * vec->active, vec->enabled, vec->pending or vec->prio for any vector
215 * prigroup
216 */
217static void nvic_irq_update(NVICState *s)
218{
219 int lvl;
220 int pend_prio;
221
222 nvic_recompute_state(s);
223 pend_prio = nvic_pending_prio(s);
224
225 /* Raise NVIC output if this IRQ would be taken, except that we
226 * ignore the effects of the BASEPRI, FAULTMASK and PRIMASK (which
227 * will be checked for in arm_v7m_cpu_exec_interrupt()); changes
228 * to those CPU registers don't cause us to recalculate the NVIC
229 * pending info.
230 */
231 lvl = (pend_prio < s->exception_prio);
232 trace_nvic_irq_update(s->vectpending, pend_prio, s->exception_prio, lvl);
233 qemu_set_irq(s->excpout, lvl);
234}
235
236static void armv7m_nvic_clear_pending(void *opaque, int irq)
237{
238 NVICState *s = (NVICState *)opaque;
239 VecInfo *vec;
240
241 assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq);
242
243 vec = &s->vectors[irq];
244 trace_nvic_clear_pending(irq, vec->enabled, vec->prio);
245 if (vec->pending) {
246 vec->pending = 0;
247 nvic_irq_update(s);
248 }
249}
250
9ee6e8bb
PB		 251void armv7m_nvic_set_pending(void *opaque, int irq)
252{
f797c075 253 NVICState *s = (NVICState *)opaque;
da6d674e
MD		 254 VecInfo *vec;
255
256 assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq);
257
258 vec = &s->vectors[irq];
259 trace_nvic_set_pending(irq, vec->enabled, vec->prio);
a73c98e1
MD		 260
261
262 if (irq >= ARMV7M_EXCP_HARD && irq < ARMV7M_EXCP_PENDSV) {
263 /* If a synchronous exception is pending then it may be
264 * escalated to HardFault if:
265 * * it is equal or lower priority to current execution
266 * * it is disabled
267 * (ie we need to take it immediately but we can't do so).
268 * Asynchronous exceptions (and interrupts) simply remain pending.
269 *
270 * For QEMU, we don't have any imprecise (asynchronous) faults,
271 * so we can assume that PREFETCH_ABORT and DATA_ABORT are always
272 * synchronous.
273 * Debug exceptions are awkward because only Debug exceptions
274 * resulting from the BKPT instruction should be escalated,
275 * but we don't currently implement any Debug exceptions other
276 * than those that result from BKPT, so we treat all debug exceptions
277 * as needing escalation.
278 *
279 * This all means we can identify whether to escalate based only on
280 * the exception number and don't (yet) need the caller to explicitly
281 * tell us whether this exception is synchronous or not.
282 */
283 int running = nvic_exec_prio(s);
284 bool escalate = false;
285
286 if (vec->prio >= running) {
287 trace_nvic_escalate_prio(irq, vec->prio, running);
288 escalate = true;
289 } else if (!vec->enabled) {
290 trace_nvic_escalate_disabled(irq);
291 escalate = true;
292 }
293
294 if (escalate) {
295 if (running < 0) {
296 /* We want to escalate to HardFault but we can't take a
297 * synchronous HardFault at this point either. This is a
298 * Lockup condition due to a guest bug. We don't model
299 * Lockup, so report via cpu_abort() instead.
300 */
301 cpu_abort(&s->cpu->parent_obj,
302 "Lockup: can't escalate %d to HardFault "
303 "(current priority %d)\n", irq, running);
304 }
305
306 /* We can do the escalation, so we take HardFault instead */
307 irq = ARMV7M_EXCP_HARD;
308 vec = &s->vectors[irq];
309 s->cpu->env.v7m.hfsr |= R_V7M_HFSR_FORCED_MASK;
310 }
311 }
312
da6d674e
MD		 313 if (!vec->pending) {
314 vec->pending = 1;
315 nvic_irq_update(s);
316 }
9ee6e8bb
PB		 317}
318
319/* Make pending IRQ active. */
a5d82355 320void armv7m_nvic_acknowledge_irq(void *opaque)
9ee6e8bb 321{
f797c075 322 NVICState *s = (NVICState *)opaque;
da6d674e
MD		 323 CPUARMState *env = &s->cpu->env;
324 const int pending = s->vectpending;
325 const int running = nvic_exec_prio(s);
326 int pendgroupprio;
327 VecInfo *vec;
328
329 assert(pending > ARMV7M_EXCP_RESET && pending < s->num_irq);
330
331 vec = &s->vectors[pending];
332
333 assert(vec->enabled);
334 assert(vec->pending);
335
22a9c26a
PM		 336 pendgroupprio = vec->prio;
337 if (pendgroupprio > 0) {
338 pendgroupprio &= nvic_gprio_mask(s);
339 }
da6d674e
MD		 340 assert(pendgroupprio < running);
341
342 trace_nvic_acknowledge_irq(pending, vec->prio);
343
344 vec->active = 1;
345 vec->pending = 0;
346
347 env->v7m.exception = s->vectpending;
348
349 nvic_irq_update(s);
9ee6e8bb
PB		 350}
351
aa488fe3 352int armv7m_nvic_complete_irq(void *opaque, int irq)
9ee6e8bb 353{
f797c075 354 NVICState *s = (NVICState *)opaque;
da6d674e 355 VecInfo *vec;
aa488fe3 356 int ret;
da6d674e
MD		 357
358 assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq);
359
360 vec = &s->vectors[irq];
361
362 trace_nvic_complete_irq(irq);
363
aa488fe3
PM		 364 if (!vec->active) {
365 /* Tell the caller this was an illegal exception return */
366 return -1;
367 }
368
369 ret = nvic_rettobase(s);
370
da6d674e
MD		 371 vec->active = 0;
372 if (vec->level) {
373 /* Re-pend the exception if it's still held high; only
374 * happens for extenal IRQs
375 */
376 assert(irq >= NVIC_FIRST_IRQ);
377 vec->pending = 1;
378 }
379
380 nvic_irq_update(s);
aa488fe3
PM		 381
382 return ret;
da6d674e
MD		 383}
384
385/* callback when external interrupt line is changed */
386static void set_irq_level(void *opaque, int n, int level)
387{
388 NVICState *s = opaque;
389 VecInfo *vec;
390
391 n += NVIC_FIRST_IRQ;
392
393 assert(n >= NVIC_FIRST_IRQ && n < s->num_irq);
394
395 trace_nvic_set_irq_level(n, level);
396
397 /* The pending status of an external interrupt is
398 * latched on rising edge and exception handler return.
399 *
400 * Pulsing the IRQ will always run the handler
401 * once, and the handler will re-run until the
402 * level is low when the handler completes.
403 */
404 vec = &s->vectors[n];
405 if (level != vec->level) {
406 vec->level = level;
407 if (level) {
408 armv7m_nvic_set_pending(s, n);
409 }
410 }
9ee6e8bb
PB		 411}
412
45db7ba6 413static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
9ee6e8bb 414{
d713ea6c 415 ARMCPU *cpu = s->cpu;
9ee6e8bb 416 uint32_t val;
9ee6e8bb
PB		 417
418 switch (offset) {
419 case 4: /* Interrupt Control Type. */
da6d674e 420 return ((s->num_irq - NVIC_FIRST_IRQ) / 32) - 1;
9ee6e8bb 421 case 0xd00: /* CPUID Base. */
e3da9921 422 return cpu->midr;
e03ba136 423 case 0xd04: /* Interrupt Control State. */
9ee6e8bb 424 /* VECTACTIVE */
b06c262b 425 val = cpu->env.v7m.exception;
9ee6e8bb 426 /* VECTPENDING */
da6d674e
MD		 427 val |= (s->vectpending & 0xff) << 12;
428 /* ISRPENDING - set if any external IRQ is pending */
429 if (nvic_isrpending(s)) {
430 val |= (1 << 22);
431 }
432 /* RETTOBASE - set if only one handler is active */
433 if (nvic_rettobase(s)) {
434 val |= (1 << 11);
9ee6e8bb
PB		 435 }
436 /* PENDSTSET */
da6d674e 437 if (s->vectors[ARMV7M_EXCP_SYSTICK].pending) {
9ee6e8bb 438 val |= (1 << 26);
da6d674e 439 }
9ee6e8bb 440 /* PENDSVSET */
da6d674e 441 if (s->vectors[ARMV7M_EXCP_PENDSV].pending) {
9ee6e8bb 442 val |= (1 << 28);
da6d674e 443 }
9ee6e8bb 444 /* NMIPENDSET */
da6d674e 445 if (s->vectors[ARMV7M_EXCP_NMI].pending) {
9ee6e8bb 446 val |= (1 << 31);
da6d674e
MD		 447 }
448 /* ISRPREEMPT not implemented */
9ee6e8bb
PB		 449 return val;
450 case 0xd08: /* Vector Table Offset. */
45db7ba6 451 return cpu->env.v7m.vecbase[attrs.secure];
9ee6e8bb 452 case 0xd0c: /* Application Interrupt/Reset Control. */
1004102a 453 return 0xfa050000 | (s->prigroup << 8);
9ee6e8bb
PB		 454 case 0xd10: /* System Control. */
455 /* TODO: Implement SLEEPONEXIT. */
456 return 0;
457 case 0xd14: /* Configuration Control. */
9d40cd8a
PM		 458 /* The BFHFNMIGN bit is the only non-banked bit; we
459 * keep it in the non-secure copy of the register.
460 */
461 val = cpu->env.v7m.ccr[attrs.secure];
462 val |= cpu->env.v7m.ccr[M_REG_NS] & R_V7M_CCR_BFHFNMIGN_MASK;
463 return val;
9ee6e8bb
PB		 464 case 0xd24: /* System Handler Status. */
465 val = 0;
da6d674e
MD		 466 if (s->vectors[ARMV7M_EXCP_MEM].active) {
467 val |= (1 << 0);
468 }
469 if (s->vectors[ARMV7M_EXCP_BUS].active) {
470 val |= (1 << 1);
471 }
472 if (s->vectors[ARMV7M_EXCP_USAGE].active) {
473 val |= (1 << 3);
474 }
475 if (s->vectors[ARMV7M_EXCP_SVC].active) {
476 val |= (1 << 7);
477 }
478 if (s->vectors[ARMV7M_EXCP_DEBUG].active) {
479 val |= (1 << 8);
480 }
481 if (s->vectors[ARMV7M_EXCP_PENDSV].active) {
482 val |= (1 << 10);
483 }
484 if (s->vectors[ARMV7M_EXCP_SYSTICK].active) {
485 val |= (1 << 11);
486 }
487 if (s->vectors[ARMV7M_EXCP_USAGE].pending) {
488 val |= (1 << 12);
489 }
490 if (s->vectors[ARMV7M_EXCP_MEM].pending) {
491 val |= (1 << 13);
492 }
493 if (s->vectors[ARMV7M_EXCP_BUS].pending) {
494 val |= (1 << 14);
495 }
496 if (s->vectors[ARMV7M_EXCP_SVC].pending) {
497 val |= (1 << 15);
498 }
499 if (s->vectors[ARMV7M_EXCP_MEM].enabled) {
500 val |= (1 << 16);
501 }
502 if (s->vectors[ARMV7M_EXCP_BUS].enabled) {
503 val |= (1 << 17);
504 }
505 if (s->vectors[ARMV7M_EXCP_USAGE].enabled) {
506 val |= (1 << 18);
507 }
9ee6e8bb
PB		 508 return val;
509 case 0xd28: /* Configurable Fault Status. */
334e8dad
PM		 510 /* The BFSR bits [15:8] are shared between security states
511 * and we store them in the NS copy
512 */
513 val = cpu->env.v7m.cfsr[attrs.secure];
514 val |= cpu->env.v7m.cfsr[M_REG_NS] & R_V7M_CFSR_BFSR_MASK;
515 return val;
9ee6e8bb 516 case 0xd2c: /* Hard Fault Status. */
e6b33209 517 return cpu->env.v7m.hfsr;
9ee6e8bb 518 case 0xd30: /* Debug Fault Status. */
e6b33209
MD		 519 return cpu->env.v7m.dfsr;
520 case 0xd34: /* MMFAR MemManage Fault Address */
c51a5cfc 521 return cpu->env.v7m.mmfar[attrs.secure];
9ee6e8bb 522 case 0xd38: /* Bus Fault Address. */
e6b33209 523 return cpu->env.v7m.bfar;
9ee6e8bb
PB		 524 case 0xd3c: /* Aux Fault Status. */
525 /* TODO: Implement fault status registers. */
e6b33209
MD		 526 qemu_log_mask(LOG_UNIMP,
527 "Aux Fault status registers unimplemented\n");
e72e3ffc 528 return 0;
9ee6e8bb
PB		 529 case 0xd40: /* PFR0. */
530 return 0x00000030;
531 case 0xd44: /* PRF1. */
532 return 0x00000200;
533 case 0xd48: /* DFR0. */
534 return 0x00100000;
535 case 0xd4c: /* AFR0. */
536 return 0x00000000;
537 case 0xd50: /* MMFR0. */
538 return 0x00000030;
539 case 0xd54: /* MMFR1. */
540 return 0x00000000;
541 case 0xd58: /* MMFR2. */
542 return 0x00000000;
543 case 0xd5c: /* MMFR3. */
544 return 0x00000000;
545 case 0xd60: /* ISAR0. */
546 return 0x01141110;
547 case 0xd64: /* ISAR1. */
548 return 0x02111000;
549 case 0xd68: /* ISAR2. */
550 return 0x21112231;
551 case 0xd6c: /* ISAR3. */
552 return 0x01111110;
553 case 0xd70: /* ISAR4. */
554 return 0x01310102;
555 /* TODO: Implement debug registers. */
29c483a5
MD		 556 case 0xd90: /* MPU_TYPE */
557 /* Unified MPU; if the MPU is not present this value is zero */
558 return cpu->pmsav7_dregion << 8;
559 break;
560 case 0xd94: /* MPU_CTRL */
ecf5e8ea 561 return cpu->env.v7m.mpu_ctrl[attrs.secure];
29c483a5 562 case 0xd98: /* MPU_RNR */
1bc04a88 563 return cpu->env.pmsav7.rnr[attrs.secure];
29c483a5
MD		 564 case 0xd9c: /* MPU_RBAR */
565 case 0xda4: /* MPU_RBAR_A1 */
566 case 0xdac: /* MPU_RBAR_A2 */
567 case 0xdb4: /* MPU_RBAR_A3 */
568 {
1bc04a88 569 int region = cpu->env.pmsav7.rnr[attrs.secure];
29c483a5 570
0e1a46bb
PM		 571 if (arm_feature(&cpu->env, ARM_FEATURE_V8)) {
572 /* PMSAv8M handling of the aliases is different from v7M:
573 * aliases A1, A2, A3 override the low two bits of the region
574 * number in MPU_RNR, and there is no 'region' field in the
575 * RBAR register.
576 */
577 int aliasno = (offset - 0xd9c) / 8; /* 0..3 */
578 if (aliasno) {
579 region = deposit32(region, 0, 2, aliasno);
580 }
581 if (region >= cpu->pmsav7_dregion) {
582 return 0;
583 }
62c58ee0 584 return cpu->env.pmsav8.rbar[attrs.secure][region];
0e1a46bb
PM		 585 }
586
29c483a5
MD		 587 if (region >= cpu->pmsav7_dregion) {
588 return 0;
589 }
590 return (cpu->env.pmsav7.drbar[region] & 0x1f) | (region & 0xf);
591 }
0e1a46bb
PM		 592 case 0xda0: /* MPU_RASR (v7M), MPU_RLAR (v8M) */
593 case 0xda8: /* MPU_RASR_A1 (v7M), MPU_RLAR_A1 (v8M) */
594 case 0xdb0: /* MPU_RASR_A2 (v7M), MPU_RLAR_A2 (v8M) */
595 case 0xdb8: /* MPU_RASR_A3 (v7M), MPU_RLAR_A3 (v8M) */
29c483a5 596 {
1bc04a88 597 int region = cpu->env.pmsav7.rnr[attrs.secure];
29c483a5 598
0e1a46bb
PM		 599 if (arm_feature(&cpu->env, ARM_FEATURE_V8)) {
600 /* PMSAv8M handling of the aliases is different from v7M:
601 * aliases A1, A2, A3 override the low two bits of the region
602 * number in MPU_RNR.
603 */
604 int aliasno = (offset - 0xda0) / 8; /* 0..3 */
605 if (aliasno) {
606 region = deposit32(region, 0, 2, aliasno);
607 }
608 if (region >= cpu->pmsav7_dregion) {
609 return 0;
610 }
62c58ee0 611 return cpu->env.pmsav8.rlar[attrs.secure][region];
0e1a46bb
PM		 612 }
613
29c483a5
MD		 614 if (region >= cpu->pmsav7_dregion) {
615 return 0;
616 }
617 return ((cpu->env.pmsav7.dracr[region] & 0xffff) << 16) |
618 (cpu->env.pmsav7.drsr[region] & 0xffff);
619 }
0e1a46bb
PM		 620 case 0xdc0: /* MPU_MAIR0 */
621 if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
622 goto bad_offset;
623 }
4125e6fe 624 return cpu->env.pmsav8.mair0[attrs.secure];
0e1a46bb
PM		 625 case 0xdc4: /* MPU_MAIR1 */
626 if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
627 goto bad_offset;
628 }
4125e6fe 629 return cpu->env.pmsav8.mair1[attrs.secure];
9ee6e8bb 630 default:
0e1a46bb 631 bad_offset:
e72e3ffc
PM		 632 qemu_log_mask(LOG_GUEST_ERROR, "NVIC: Bad read offset 0x%x\n", offset);
633 return 0;
9ee6e8bb
PB		 634 }
635}
636
45db7ba6
PM		 637static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
638 MemTxAttrs attrs)
9ee6e8bb 639{
d713ea6c 640 ARMCPU *cpu = s->cpu;
ff68dacb 641
9ee6e8bb 642 switch (offset) {
9ee6e8bb
PB		 643 case 0xd04: /* Interrupt Control State. */
644 if (value & (1 << 31)) {
645 armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI);
646 }
647 if (value & (1 << 28)) {
648 armv7m_nvic_set_pending(s, ARMV7M_EXCP_PENDSV);
649 } else if (value & (1 << 27)) {
da6d674e 650 armv7m_nvic_clear_pending(s, ARMV7M_EXCP_PENDSV);
9ee6e8bb
PB		 651 }
652 if (value & (1 << 26)) {
653 armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK);
654 } else if (value & (1 << 25)) {
da6d674e 655 armv7m_nvic_clear_pending(s, ARMV7M_EXCP_SYSTICK);
9ee6e8bb
PB		 656 }
657 break;
658 case 0xd08: /* Vector Table Offset. */
45db7ba6 659 cpu->env.v7m.vecbase[attrs.secure] = value & 0xffffff80;
9ee6e8bb
PB		 660 break;
661 case 0xd0c: /* Application Interrupt/Reset Control. */
662 if ((value >> 16) == 0x05fa) {
e192becd
MD		 663 if (value & 4) {
664 qemu_irq_pulse(s->sysresetreq);
665 }
9ee6e8bb 666 if (value & 2) {
14790f73
MD		 667 qemu_log_mask(LOG_GUEST_ERROR,
668 "Setting VECTCLRACTIVE when not in DEBUG mode "
669 "is UNPREDICTABLE\n");
9ee6e8bb 670 }
e192becd 671 if (value & 1) {
14790f73
MD		 672 qemu_log_mask(LOG_GUEST_ERROR,
673 "Setting VECTRESET when not in DEBUG mode "
674 "is UNPREDICTABLE\n");
9ee6e8bb 675 }
1004102a 676 s->prigroup = extract32(value, 8, 3);
da6d674e 677 nvic_irq_update(s);
9ee6e8bb
PB		 678 }
679 break;
680 case 0xd10: /* System Control. */
9ee6e8bb 681 /* TODO: Implement control registers. */
e6b33209
MD		 682 qemu_log_mask(LOG_UNIMP, "NVIC: SCR unimplemented\n");
683 break;
684 case 0xd14: /* Configuration Control. */
685 /* Enforce RAZ/WI on reserved and must-RAZ/WI bits */
686 value &= (R_V7M_CCR_STKALIGN_MASK |
687 R_V7M_CCR_BFHFNMIGN_MASK |
688 R_V7M_CCR_DIV_0_TRP_MASK |
689 R_V7M_CCR_UNALIGN_TRP_MASK |
690 R_V7M_CCR_USERSETMPEND_MASK |
691 R_V7M_CCR_NONBASETHRDENA_MASK);
692
9d40cd8a
PM		 693 if (arm_feature(&cpu->env, ARM_FEATURE_V8)) {
694 /* v8M makes NONBASETHRDENA and STKALIGN be RES1 */
695 value |= R_V7M_CCR_NONBASETHRDENA_MASK
696 | R_V7M_CCR_STKALIGN_MASK;
697 }
698 if (attrs.secure) {
699 /* the BFHFNMIGN bit is not banked; keep that in the NS copy */
700 cpu->env.v7m.ccr[M_REG_NS] =
701 (cpu->env.v7m.ccr[M_REG_NS] & ~R_V7M_CCR_BFHFNMIGN_MASK)
702 | (value & R_V7M_CCR_BFHFNMIGN_MASK);
703 value &= ~R_V7M_CCR_BFHFNMIGN_MASK;
704 }
705
706 cpu->env.v7m.ccr[attrs.secure] = value;
e72e3ffc 707 break;
9ee6e8bb 708 case 0xd24: /* System Handler Control. */
5db53e35
PM		 709 s->vectors[ARMV7M_EXCP_MEM].active = (value & (1 << 0)) != 0;
710 s->vectors[ARMV7M_EXCP_BUS].active = (value & (1 << 1)) != 0;
711 s->vectors[ARMV7M_EXCP_USAGE].active = (value & (1 << 3)) != 0;
712 s->vectors[ARMV7M_EXCP_SVC].active = (value & (1 << 7)) != 0;
713 s->vectors[ARMV7M_EXCP_DEBUG].active = (value & (1 << 8)) != 0;
714 s->vectors[ARMV7M_EXCP_PENDSV].active = (value & (1 << 10)) != 0;
715 s->vectors[ARMV7M_EXCP_SYSTICK].active = (value & (1 << 11)) != 0;
716 s->vectors[ARMV7M_EXCP_USAGE].pending = (value & (1 << 12)) != 0;
717 s->vectors[ARMV7M_EXCP_MEM].pending = (value & (1 << 13)) != 0;
718 s->vectors[ARMV7M_EXCP_BUS].pending = (value & (1 << 14)) != 0;
719 s->vectors[ARMV7M_EXCP_SVC].pending = (value & (1 << 15)) != 0;
da6d674e
MD		 720 s->vectors[ARMV7M_EXCP_MEM].enabled = (value & (1 << 16)) != 0;
721 s->vectors[ARMV7M_EXCP_BUS].enabled = (value & (1 << 17)) != 0;
722 s->vectors[ARMV7M_EXCP_USAGE].enabled = (value & (1 << 18)) != 0;
723 nvic_irq_update(s);
9ee6e8bb
PB		 724 break;
725 case 0xd28: /* Configurable Fault Status. */
334e8dad
PM		 726 cpu->env.v7m.cfsr[attrs.secure] &= ~value; /* W1C */
727 if (attrs.secure) {
728 /* The BFSR bits [15:8] are shared between security states
729 * and we store them in the NS copy.
730 */
731 cpu->env.v7m.cfsr[M_REG_NS] &= ~(value & R_V7M_CFSR_BFSR_MASK);
732 }
e6b33209 733 break;
9ee6e8bb 734 case 0xd2c: /* Hard Fault Status. */
e6b33209
MD		 735 cpu->env.v7m.hfsr &= ~value; /* W1C */
736 break;
9ee6e8bb 737 case 0xd30: /* Debug Fault Status. */
e6b33209
MD		 738 cpu->env.v7m.dfsr &= ~value; /* W1C */
739 break;
9ee6e8bb 740 case 0xd34: /* Mem Manage Address. */
c51a5cfc 741 cpu->env.v7m.mmfar[attrs.secure] = value;
e6b33209 742 return;
9ee6e8bb 743 case 0xd38: /* Bus Fault Address. */
e6b33209
MD		 744 cpu->env.v7m.bfar = value;
745 return;
9ee6e8bb 746 case 0xd3c: /* Aux Fault Status. */
e72e3ffc 747 qemu_log_mask(LOG_UNIMP,
e6b33209 748 "NVIC: Aux fault status registers unimplemented\n");
e72e3ffc 749 break;
29c483a5
MD		 750 case 0xd90: /* MPU_TYPE */
751 return; /* RO */
752 case 0xd94: /* MPU_CTRL */
753 if ((value &
754 (R_V7M_MPU_CTRL_HFNMIENA_MASK | R_V7M_MPU_CTRL_ENABLE_MASK))
755 == R_V7M_MPU_CTRL_HFNMIENA_MASK) {
756 qemu_log_mask(LOG_GUEST_ERROR, "MPU_CTRL: HFNMIENA and !ENABLE is "
757 "UNPREDICTABLE\n");
758 }
ecf5e8ea
PM		 759 cpu->env.v7m.mpu_ctrl[attrs.secure]
760 = value & (R_V7M_MPU_CTRL_ENABLE_MASK |
761 R_V7M_MPU_CTRL_HFNMIENA_MASK |
762 R_V7M_MPU_CTRL_PRIVDEFENA_MASK);
29c483a5
MD		 763 tlb_flush(CPU(cpu));
764 break;
765 case 0xd98: /* MPU_RNR */
766 if (value >= cpu->pmsav7_dregion) {
767 qemu_log_mask(LOG_GUEST_ERROR, "MPU region out of range %"
768 PRIu32 "/%" PRIu32 "\n",
769 value, cpu->pmsav7_dregion);
770 } else {
1bc04a88 771 cpu->env.pmsav7.rnr[attrs.secure] = value;
29c483a5
MD		 772 }
773 break;
774 case 0xd9c: /* MPU_RBAR */
775 case 0xda4: /* MPU_RBAR_A1 */
776 case 0xdac: /* MPU_RBAR_A2 */
777 case 0xdb4: /* MPU_RBAR_A3 */
778 {
779 int region;
780
0e1a46bb
PM		 781 if (arm_feature(&cpu->env, ARM_FEATURE_V8)) {
782 /* PMSAv8M handling of the aliases is different from v7M:
783 * aliases A1, A2, A3 override the low two bits of the region
784 * number in MPU_RNR, and there is no 'region' field in the
785 * RBAR register.
786 */
787 int aliasno = (offset - 0xd9c) / 8; /* 0..3 */
788
1bc04a88 789 region = cpu->env.pmsav7.rnr[attrs.secure];
0e1a46bb
PM		 790 if (aliasno) {
791 region = deposit32(region, 0, 2, aliasno);
792 }
793 if (region >= cpu->pmsav7_dregion) {
794 return;
795 }
62c58ee0 796 cpu->env.pmsav8.rbar[attrs.secure][region] = value;
0e1a46bb
PM		 797 tlb_flush(CPU(cpu));
798 return;
799 }
800
29c483a5
MD		 801 if (value & (1 << 4)) {
802 /* VALID bit means use the region number specified in this
803 * value and also update MPU_RNR.REGION with that value.
804 */
805 region = extract32(value, 0, 4);
806 if (region >= cpu->pmsav7_dregion) {
807 qemu_log_mask(LOG_GUEST_ERROR,
808 "MPU region out of range %u/%" PRIu32 "\n",
809 region, cpu->pmsav7_dregion);
810 return;
811 }
1bc04a88 812 cpu->env.pmsav7.rnr[attrs.secure] = region;
29c483a5 813 } else {
1bc04a88 814 region = cpu->env.pmsav7.rnr[attrs.secure];
29c483a5
MD		 815 }
816
817 if (region >= cpu->pmsav7_dregion) {
818 return;
819 }
820
821 cpu->env.pmsav7.drbar[region] = value & ~0x1f;
822 tlb_flush(CPU(cpu));
823 break;
824 }
0e1a46bb
PM		 825 case 0xda0: /* MPU_RASR (v7M), MPU_RLAR (v8M) */
826 case 0xda8: /* MPU_RASR_A1 (v7M), MPU_RLAR_A1 (v8M) */
827 case 0xdb0: /* MPU_RASR_A2 (v7M), MPU_RLAR_A2 (v8M) */
828 case 0xdb8: /* MPU_RASR_A3 (v7M), MPU_RLAR_A3 (v8M) */
29c483a5 829 {
1bc04a88 830 int region = cpu->env.pmsav7.rnr[attrs.secure];
29c483a5 831
0e1a46bb
PM		 832 if (arm_feature(&cpu->env, ARM_FEATURE_V8)) {
833 /* PMSAv8M handling of the aliases is different from v7M:
834 * aliases A1, A2, A3 override the low two bits of the region
835 * number in MPU_RNR.
836 */
837 int aliasno = (offset - 0xd9c) / 8; /* 0..3 */
838
1bc04a88 839 region = cpu->env.pmsav7.rnr[attrs.secure];
0e1a46bb
PM		 840 if (aliasno) {
841 region = deposit32(region, 0, 2, aliasno);
842 }
843 if (region >= cpu->pmsav7_dregion) {
844 return;
845 }
62c58ee0 846 cpu->env.pmsav8.rlar[attrs.secure][region] = value;
0e1a46bb
PM		 847 tlb_flush(CPU(cpu));
848 return;
849 }
850
29c483a5
MD		 851 if (region >= cpu->pmsav7_dregion) {
852 return;
853 }
854
855 cpu->env.pmsav7.drsr[region] = value & 0xff3f;
856 cpu->env.pmsav7.dracr[region] = (value >> 16) & 0x173f;
857 tlb_flush(CPU(cpu));
858 break;
859 }
0e1a46bb
PM		 860 case 0xdc0: /* MPU_MAIR0 */
861 if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
862 goto bad_offset;
863 }
864 if (cpu->pmsav7_dregion) {
865 /* Register is RES0 if no MPU regions are implemented */
4125e6fe 866 cpu->env.pmsav8.mair0[attrs.secure] = value;
0e1a46bb
PM		 867 }
868 /* We don't need to do anything else because memory attributes
869 * only affect cacheability, and we don't implement caching.
870 */
871 break;
872 case 0xdc4: /* MPU_MAIR1 */
873 if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
874 goto bad_offset;
875 }
876 if (cpu->pmsav7_dregion) {
877 /* Register is RES0 if no MPU regions are implemented */
4125e6fe 878 cpu->env.pmsav8.mair1[attrs.secure] = value;
0e1a46bb
PM		 879 }
880 /* We don't need to do anything else because memory attributes
881 * only affect cacheability, and we don't implement caching.
882 */
883 break;
2a29ddee 884 case 0xf00: /* Software Triggered Interrupt Register */
da6d674e 885 {
da6d674e 886 int excnum = (value & 0x1ff) + NVIC_FIRST_IRQ;
eb578a23 887 if (excnum < s->num_irq) {
da6d674e 888 armv7m_nvic_set_pending(s, excnum);
2a29ddee
PM		 889 }
890 break;
da6d674e 891 }
9ee6e8bb 892 default:
0e1a46bb 893 bad_offset:
e72e3ffc
PM		 894 qemu_log_mask(LOG_GUEST_ERROR,
895 "NVIC: Bad write offset 0x%x\n", offset);
9ee6e8bb
PB		 896 }
897}
898
9d40cd8a 899static bool nvic_user_access_ok(NVICState *s, hwaddr offset, MemTxAttrs attrs)
eb578a23
PM		 900{
901 /* Return true if unprivileged access to this register is permitted. */
902 switch (offset) {
903 case 0xf00: /* STIR: accessible only if CCR.USERSETMPEND permits */
9d40cd8a
PM		 904 /* For access via STIR_NS it is the NS CCR.USERSETMPEND that
905 * controls access even though the CPU is in Secure state (I_QDKX).
906 */
907 return s->cpu->env.v7m.ccr[attrs.secure] & R_V7M_CCR_USERSETMPEND_MASK;
eb578a23
PM		 908 default:
909 /* All other user accesses cause a BusFault unconditionally */
910 return false;
911 }
912}
913
914static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
915 uint64_t *data, unsigned size,
916 MemTxAttrs attrs)
2a29ddee 917{
f797c075 918 NVICState *s = (NVICState *)opaque;
2a29ddee 919 uint32_t offset = addr;
da6d674e 920 unsigned i, startvec, end;
0e8153dd
AB		 921 uint32_t val;
922
9d40cd8a 923 if (attrs.user && !nvic_user_access_ok(s, addr, attrs)) {
eb578a23
PM		 924 /* Generate BusFault for unprivileged accesses */
925 return MEMTX_ERROR;
926 }
927
0e8153dd 928 switch (offset) {
da6d674e
MD		 929 /* reads of set and clear both return the status */
930 case 0x100 ... 0x13f: /* NVIC Set enable */
931 offset += 0x80;
932 /* fall through */
933 case 0x180 ... 0x1bf: /* NVIC Clear enable */
934 val = 0;
935 startvec = offset - 0x180 + NVIC_FIRST_IRQ; /* vector # */
936
937 for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
938 if (s->vectors[startvec + i].enabled) {
939 val |= (1 << i);
940 }
941 }
942 break;
943 case 0x200 ... 0x23f: /* NVIC Set pend */
944 offset += 0x80;
945 /* fall through */
946 case 0x280 ... 0x2bf: /* NVIC Clear pend */
947 val = 0;
948 startvec = offset - 0x280 + NVIC_FIRST_IRQ; /* vector # */
949 for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
950 if (s->vectors[startvec + i].pending) {
951 val |= (1 << i);
952 }
953 }
954 break;
955 case 0x300 ... 0x33f: /* NVIC Active */
956 val = 0;
957 startvec = offset - 0x300 + NVIC_FIRST_IRQ; /* vector # */
958
959 for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
960 if (s->vectors[startvec + i].active) {
961 val |= (1 << i);
962 }
963 }
964 break;
965 case 0x400 ... 0x5ef: /* NVIC Priority */
966 val = 0;
967 startvec = offset - 0x400 + NVIC_FIRST_IRQ; /* vector # */
968
969 for (i = 0; i < size && startvec + i < s->num_irq; i++) {
970 val |= s->vectors[startvec + i].prio << (8 * i);
971 }
972 break;
0e8153dd
AB		 973 case 0xd18 ... 0xd23: /* System Handler Priority. */
974 val = 0;
975 for (i = 0; i < size; i++) {
da6d674e 976 val |= s->vectors[(offset - 0xd14) + i].prio << (i * 8);
0e8153dd 977 }
da6d674e 978 break;
0e8153dd 979 case 0xfe0 ... 0xfff: /* ID. */
2a29ddee 980 if (offset & 3) {
da6d674e
MD		 981 val = 0;
982 } else {
983 val = nvic_id[(offset - 0xfe0) >> 2];
984 }
985 break;
986 default:
987 if (size == 4) {
45db7ba6 988 val = nvic_readl(s, offset, attrs);
da6d674e
MD		 989 } else {
990 qemu_log_mask(LOG_GUEST_ERROR,
991 "NVIC: Bad read of size %d at offset 0x%x\n",
992 size, offset);
993 val = 0;
2a29ddee 994 }
2a29ddee 995 }
da6d674e
MD		 996
997 trace_nvic_sysreg_read(addr, val, size);
eb578a23
PM		 998 *data = val;
999 return MEMTX_OK;
2a29ddee
PM		 1000}
1001
eb578a23
PM		 1002static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
1003 uint64_t value, unsigned size,
1004 MemTxAttrs attrs)
2a29ddee 1005{
f797c075 1006 NVICState *s = (NVICState *)opaque;
2a29ddee 1007 uint32_t offset = addr;
da6d674e
MD		 1008 unsigned i, startvec, end;
1009 unsigned setval = 0;
1010
1011 trace_nvic_sysreg_write(addr, value, size);
0e8153dd 1012
9d40cd8a 1013 if (attrs.user && !nvic_user_access_ok(s, addr, attrs)) {
eb578a23
PM		 1014 /* Generate BusFault for unprivileged accesses */
1015 return MEMTX_ERROR;
1016 }
1017
0e8153dd 1018 switch (offset) {
da6d674e
MD		 1019 case 0x100 ... 0x13f: /* NVIC Set enable */
1020 offset += 0x80;
1021 setval = 1;
1022 /* fall through */
1023 case 0x180 ... 0x1bf: /* NVIC Clear enable */
1024 startvec = 8 * (offset - 0x180) + NVIC_FIRST_IRQ;
1025
1026 for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
1027 if (value & (1 << i)) {
1028 s->vectors[startvec + i].enabled = setval;
1029 }
1030 }
1031 nvic_irq_update(s);
eb578a23 1032 return MEMTX_OK;
da6d674e
MD		 1033 case 0x200 ... 0x23f: /* NVIC Set pend */
1034 /* the special logic in armv7m_nvic_set_pending()
1035 * is not needed since IRQs are never escalated
1036 */
1037 offset += 0x80;
1038 setval = 1;
1039 /* fall through */
1040 case 0x280 ... 0x2bf: /* NVIC Clear pend */
1041 startvec = 8 * (offset - 0x280) + NVIC_FIRST_IRQ; /* vector # */
1042
1043 for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
1044 if (value & (1 << i)) {
1045 s->vectors[startvec + i].pending = setval;
1046 }
1047 }
1048 nvic_irq_update(s);
eb578a23 1049 return MEMTX_OK;
da6d674e 1050 case 0x300 ... 0x33f: /* NVIC Active */
eb578a23 1051 return MEMTX_OK; /* R/O */
da6d674e
MD		 1052 case 0x400 ... 0x5ef: /* NVIC Priority */
1053 startvec = 8 * (offset - 0x400) + NVIC_FIRST_IRQ; /* vector # */
1054
1055 for (i = 0; i < size && startvec + i < s->num_irq; i++) {
1056 set_prio(s, startvec + i, (value >> (i * 8)) & 0xff);
1057 }
1058 nvic_irq_update(s);
eb578a23 1059 return MEMTX_OK;
0e8153dd
AB		 1060 case 0xd18 ... 0xd23: /* System Handler Priority. */
1061 for (i = 0; i < size; i++) {
da6d674e
MD		 1062 unsigned hdlidx = (offset - 0xd14) + i;
1063 set_prio(s, hdlidx, (value >> (i * 8)) & 0xff);
0e8153dd 1064 }
da6d674e 1065 nvic_irq_update(s);
eb578a23 1066 return MEMTX_OK;
0e8153dd 1067 }
2a29ddee 1068 if (size == 4) {
45db7ba6 1069 nvic_writel(s, offset, value, attrs);
eb578a23 1070 return MEMTX_OK;
2a29ddee 1071 }
e72e3ffc
PM		 1072 qemu_log_mask(LOG_GUEST_ERROR,
1073 "NVIC: Bad write of size %d at offset 0x%x\n", size, offset);
eb578a23
PM		 1074 /* This is UNPREDICTABLE; treat as RAZ/WI */
1075 return MEMTX_OK;
2a29ddee
PM		 1076}
1077
1078static const MemoryRegionOps nvic_sysreg_ops = {
eb578a23
PM		 1079 .read_with_attrs = nvic_sysreg_read,
1080 .write_with_attrs = nvic_sysreg_write,
2a29ddee
PM		 1081 .endianness = DEVICE_NATIVE_ENDIAN,
1082};
1083
f104919d
PM		 1084static MemTxResult nvic_sysreg_ns_write(void *opaque, hwaddr addr,
1085 uint64_t value, unsigned size,
1086 MemTxAttrs attrs)
1087{
1088 if (attrs.secure) {
1089 /* S accesses to the alias act like NS accesses to the real region */
1090 attrs.secure = 0;
1091 return nvic_sysreg_write(opaque, addr, value, size, attrs);
1092 } else {
1093 /* NS attrs are RAZ/WI for privileged, and BusFault for user */
1094 if (attrs.user) {
1095 return MEMTX_ERROR;
1096 }
1097 return MEMTX_OK;
1098 }
1099}
1100
1101static MemTxResult nvic_sysreg_ns_read(void *opaque, hwaddr addr,
1102 uint64_t *data, unsigned size,
1103 MemTxAttrs attrs)
1104{
1105 if (attrs.secure) {
1106 /* S accesses to the alias act like NS accesses to the real region */
1107 attrs.secure = 0;
1108 return nvic_sysreg_read(opaque, addr, data, size, attrs);
1109 } else {
1110 /* NS attrs are RAZ/WI for privileged, and BusFault for user */
1111 if (attrs.user) {
1112 return MEMTX_ERROR;
1113 }
1114 *data = 0;
1115 return MEMTX_OK;
1116 }
1117}
1118
1119static const MemoryRegionOps nvic_sysreg_ns_ops = {
1120 .read_with_attrs = nvic_sysreg_ns_read,
1121 .write_with_attrs = nvic_sysreg_ns_write,
1122 .endianness = DEVICE_NATIVE_ENDIAN,
1123};
1124
da6d674e
MD		 1125static int nvic_post_load(void *opaque, int version_id)
1126{
1127 NVICState *s = opaque;
1128 unsigned i;
1129
1130 /* Check for out of range priority settings */
1131 if (s->vectors[ARMV7M_EXCP_RESET].prio != -3 ||
1132 s->vectors[ARMV7M_EXCP_NMI].prio != -2 ||
1133 s->vectors[ARMV7M_EXCP_HARD].prio != -1) {
1134 return 1;
1135 }
1136 for (i = ARMV7M_EXCP_MEM; i < s->num_irq; i++) {
1137 if (s->vectors[i].prio & ~0xff) {
1138 return 1;
1139 }
1140 }
1141
1142 nvic_recompute_state(s);
1143
1144 return 0;
1145}
1146
1147static const VMStateDescription vmstate_VecInfo = {
1148 .name = "armv7m_nvic_info",
1149 .version_id = 1,
1150 .minimum_version_id = 1,
1151 .fields = (VMStateField[]) {
1152 VMSTATE_INT16(prio, VecInfo),
1153 VMSTATE_UINT8(enabled, VecInfo),
1154 VMSTATE_UINT8(pending, VecInfo),
1155 VMSTATE_UINT8(active, VecInfo),
1156 VMSTATE_UINT8(level, VecInfo),
1157 VMSTATE_END_OF_LIST()
1158 }
1159};
1160
17906a16
PM		 1161static bool nvic_security_needed(void *opaque)
1162{
1163 NVICState *s = opaque;
1164
1165 return arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY);
1166}
1167
1168static int nvic_security_post_load(void *opaque, int version_id)
1169{
1170 NVICState *s = opaque;
1171 int i;
1172
1173 /* Check for out of range priority settings */
1174 if (s->sec_vectors[ARMV7M_EXCP_HARD].prio != -1) {
1175 return 1;
1176 }
1177 for (i = ARMV7M_EXCP_MEM; i < ARRAY_SIZE(s->sec_vectors); i++) {
1178 if (s->sec_vectors[i].prio & ~0xff) {
1179 return 1;
1180 }
1181 }
1182 return 0;
1183}
1184
1185static const VMStateDescription vmstate_nvic_security = {
1186 .name = "nvic/m-security",
1187 .version_id = 1,
1188 .minimum_version_id = 1,
1189 .needed = nvic_security_needed,
1190 .post_load = &nvic_security_post_load,
1191 .fields = (VMStateField[]) {
1192 VMSTATE_STRUCT_ARRAY(sec_vectors, NVICState, NVIC_INTERNAL_VECTORS, 1,
1193 vmstate_VecInfo, VecInfo),
1194 VMSTATE_END_OF_LIST()
1195 }
1196};
1197
0797226c
JQ		 1198static const VMStateDescription vmstate_nvic = {
1199 .name = "armv7m_nvic",
ff68dacb
PM		 1200 .version_id = 4,
1201 .minimum_version_id = 4,
da6d674e 1202 .post_load = &nvic_post_load,
8f1e884b 1203 .fields = (VMStateField[]) {
da6d674e
MD		 1204 VMSTATE_STRUCT_ARRAY(vectors, NVICState, NVIC_MAX_VECTORS, 1,
1205 vmstate_VecInfo, VecInfo),
1004102a 1206 VMSTATE_UINT32(prigroup, NVICState),
0797226c 1207 VMSTATE_END_OF_LIST()
17906a16
PM		 1208 },
1209 .subsections = (const VMStateDescription*[]) {
1210 &vmstate_nvic_security,
1211 NULL
0797226c
JQ		 1212 }
1213};
23e39294 1214
da6d674e
MD		 1215static Property props_nvic[] = {
1216 /* Number of external IRQ lines (so excluding the 16 internal exceptions) */
1217 DEFINE_PROP_UINT32("num-irq", NVICState, num_irq, 64),
1218 DEFINE_PROP_END_OF_LIST()
1219};
1220
aecff692
PM		 1221static void armv7m_nvic_reset(DeviceState *dev)
1222{
f797c075 1223 NVICState *s = NVIC(dev);
da6d674e
MD		 1224
1225 s->vectors[ARMV7M_EXCP_NMI].enabled = 1;
1226 s->vectors[ARMV7M_EXCP_HARD].enabled = 1;
1227 /* MEM, BUS, and USAGE are enabled through
1228 * the System Handler Control register
b3387ede 1229 */
da6d674e
MD		 1230 s->vectors[ARMV7M_EXCP_SVC].enabled = 1;
1231 s->vectors[ARMV7M_EXCP_DEBUG].enabled = 1;
1232 s->vectors[ARMV7M_EXCP_PENDSV].enabled = 1;
1233 s->vectors[ARMV7M_EXCP_SYSTICK].enabled = 1;
1234
1235 s->vectors[ARMV7M_EXCP_RESET].prio = -3;
1236 s->vectors[ARMV7M_EXCP_NMI].prio = -2;
1237 s->vectors[ARMV7M_EXCP_HARD].prio = -1;
1238
17906a16
PM		 1239 if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY)) {
1240 s->sec_vectors[ARMV7M_EXCP_HARD].enabled = 1;
1241 s->sec_vectors[ARMV7M_EXCP_SVC].enabled = 1;
1242 s->sec_vectors[ARMV7M_EXCP_PENDSV].enabled = 1;
1243 s->sec_vectors[ARMV7M_EXCP_SYSTICK].enabled = 1;
1244
1245 /* AIRCR.BFHFNMINS resets to 0 so Secure HF is priority -1 (R_CMTC) */
1246 s->sec_vectors[ARMV7M_EXCP_HARD].prio = -1;
1247 }
1248
da6d674e
MD		 1249 /* Strictly speaking the reset handler should be enabled.
1250 * However, we don't simulate soft resets through the NVIC,
1251 * and the reset vector should never be pended.
1252 * So we leave it disabled to catch logic errors.
1253 */
1254
1255 s->exception_prio = NVIC_NOEXC_PRIO;
1256 s->vectpending = 0;
ff68dacb 1257}
da6d674e 1258
ff68dacb
PM		 1259static void nvic_systick_trigger(void *opaque, int n, int level)
1260{
1261 NVICState *s = opaque;
1262
1263 if (level) {
1264 /* SysTick just asked us to pend its exception.
1265 * (This is different from an external interrupt line's
1266 * behaviour.)
1267 */
1268 armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK);
1269 }
aecff692
PM		 1270}
1271
53111180 1272static void armv7m_nvic_realize(DeviceState *dev, Error **errp)
9ee6e8bb 1273{
f797c075 1274 NVICState *s = NVIC(dev);
ff68dacb
PM		 1275 SysBusDevice *systick_sbd;
1276 Error *err = NULL;
f104919d 1277 int regionlen;
9ee6e8bb 1278
d713ea6c
MD		 1279 s->cpu = ARM_CPU(qemu_get_cpu(0));
1280 assert(s->cpu);
da6d674e
MD		 1281
1282 if (s->num_irq > NVIC_MAX_IRQ) {
1283 error_setg(errp, "num-irq %d exceeds NVIC maximum", s->num_irq);
53111180
PM		 1284 return;
1285 }
da6d674e
MD		 1286
1287 qdev_init_gpio_in(dev, set_irq_level, s->num_irq);
1288
1289 /* include space for internal exception vectors */
1290 s->num_irq += NVIC_FIRST_IRQ;
1291
ff68dacb
PM		 1292 object_property_set_bool(OBJECT(&s->systick), true, "realized", &err);
1293 if (err != NULL) {
1294 error_propagate(errp, err);
1295 return;
1296 }
1297 systick_sbd = SYS_BUS_DEVICE(&s->systick);
1298 sysbus_connect_irq(systick_sbd, 0,
1299 qdev_get_gpio_in_named(dev, "systick-trigger", 0));
1300
da6d674e
MD		 1301 /* The NVIC and System Control Space (SCS) starts at 0xe000e000
1302 * and looks like this:
1303 * 0x004 - ICTR
ff68dacb 1304 * 0x010 - 0xff - systick
da6d674e
MD		 1305 * 0x100..0x7ec - NVIC
1306 * 0x7f0..0xcff - Reserved
1307 * 0xd00..0xd3c - SCS registers
1308 * 0xd40..0xeff - Reserved or Not implemented
1309 * 0xf00 - STIR
f104919d
PM		 1310 *
1311 * Some registers within this space are banked between security states.
1312 * In v8M there is a second range 0xe002e000..0xe002efff which is the
1313 * NonSecure alias SCS; secure accesses to this behave like NS accesses
1314 * to the main SCS range, and non-secure accesses (including when
1315 * the security extension is not implemented) are RAZ/WI.
1316 * Note that both the main SCS range and the alias range are defined
1317 * to be exempt from memory attribution (R_BLJT) and so the memory
1318 * transaction attribute always matches the current CPU security
1319 * state (attrs.secure == env->v7m.secure). In the nvic_sysreg_ns_ops
1320 * wrappers we change attrs.secure to indicate the NS access; so
1321 * generally code determining which banked register to use should
1322 * use attrs.secure; code determining actual behaviour of the system
1323 * should use env->v7m.secure.
2a29ddee 1324 */
f104919d
PM		 1325 regionlen = arm_feature(&s->cpu->env, ARM_FEATURE_V8) ? 0x21000 : 0x1000;
1326 memory_region_init(&s->container, OBJECT(s), "nvic", regionlen);
2a29ddee
PM		 1327 /* The system register region goes at the bottom of the priority
1328 * stack as it covers the whole page.
1329 */
1437c94b 1330 memory_region_init_io(&s->sysregmem, OBJECT(s), &nvic_sysreg_ops, s,
2a29ddee
PM		 1331 "nvic_sysregs", 0x1000);
1332 memory_region_add_subregion(&s->container, 0, &s->sysregmem);
ff68dacb
PM		 1333 memory_region_add_subregion_overlap(&s->container, 0x10,
1334 sysbus_mmio_get_region(systick_sbd, 0),
1335 1);
da6d674e 1336
f104919d
PM		 1337 if (arm_feature(&s->cpu->env, ARM_FEATURE_V8)) {
1338 memory_region_init_io(&s->sysreg_ns_mem, OBJECT(s),
1339 &nvic_sysreg_ns_ops, s,
1340 "nvic_sysregs_ns", 0x1000);
1341 memory_region_add_subregion(&s->container, 0x20000, &s->sysreg_ns_mem);
1342 }
1343
98957a94 1344 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->container);
9ee6e8bb 1345}
fe7e8758 1346
55e00a19
PM		 1347static void armv7m_nvic_instance_init(Object *obj)
1348{
1349 /* We have a different default value for the num-irq property
1350 * than our superclass. This function runs after qdev init
1351 * has set the defaults from the Property array and before
1352 * any user-specified property setting, so just modify the
fae15286 1353 * value in the GICState struct.
55e00a19 1354 */
e192becd 1355 DeviceState *dev = DEVICE(obj);
f797c075 1356 NVICState *nvic = NVIC(obj);
da6d674e
MD		 1357 SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
1358
ff68dacb
PM		 1359 object_initialize(&nvic->systick, sizeof(nvic->systick), TYPE_SYSTICK);
1360 qdev_set_parent_bus(DEVICE(&nvic->systick), sysbus_get_default());
1361
da6d674e 1362 sysbus_init_irq(sbd, &nvic->excpout);
e192becd 1363 qdev_init_gpio_out_named(dev, &nvic->sysresetreq, "SYSRESETREQ", 1);
ff68dacb 1364 qdev_init_gpio_in_named(dev, nvic_systick_trigger, "systick-trigger", 1);
55e00a19 1365}
39bffca2 1366
999e12bb
AL		 1367static void armv7m_nvic_class_init(ObjectClass *klass, void *data)
1368{
39bffca2 1369 DeviceClass *dc = DEVICE_CLASS(klass);
999e12bb 1370
39bffca2 1371 dc->vmsd = &vmstate_nvic;
da6d674e 1372 dc->props = props_nvic;
aecff692 1373 dc->reset = armv7m_nvic_reset;
53111180 1374 dc->realize = armv7m_nvic_realize;
999e12bb
AL		 1375}
1376
8c43a6f0 1377static const TypeInfo armv7m_nvic_info = {
1e8cae4d 1378 .name = TYPE_NVIC,
da6d674e 1379 .parent = TYPE_SYS_BUS_DEVICE,
55e00a19 1380 .instance_init = armv7m_nvic_instance_init,
f797c075 1381 .instance_size = sizeof(NVICState),
39bffca2 1382 .class_init = armv7m_nvic_class_init,
da6d674e 1383 .class_size = sizeof(SysBusDeviceClass),
a32134aa
ML		 1384};
1385
83f7d43a 1386static void armv7m_nvic_register_types(void)
fe7e8758 1387{
39bffca2 1388 type_register_static(&armv7m_nvic_info);
fe7e8758
PB		 1389}
1390
83f7d43a 1391type_init(armv7m_nvic_register_types)
QEMU mirror