]> git.proxmox.com Git - mirror_qemu.git/blob - hw/arm/armsse.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
hw/nvme: check maximum copy length (MCL) for COPY
[mirror_qemu.git] / hw / arm / armsse.c
1 /*
2 * Arm SSE (Subsystems for Embedded): IoTKit
3 *
4 * Copyright (c) 2018 Linaro Limited
5 * Written by Peter Maydell
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 or
9 * (at your option) any later version.
10 */
11
12 #include "qemu/osdep.h"
13 #include "qemu/log.h"
14 #include "qemu/module.h"
15 #include "qemu/bitops.h"
16 #include "qemu/units.h"
17 #include "qapi/error.h"
18 #include "trace.h"
19 #include "hw/sysbus.h"
20 #include "migration/vmstate.h"
21 #include "hw/registerfields.h"
22 #include "hw/arm/armsse.h"
23 #include "hw/arm/armsse-version.h"
24 #include "hw/arm/boot.h"
25 #include "hw/irq.h"
26 #include "hw/qdev-clock.h"
27
28 /*
29 * The SSE-300 puts some devices in different places to the
30 * SSE-200 (and original IoTKit). We use an array of these structs
31 * to define how each variant lays out these devices. (Parts of the
32 * SoC that are the same for all variants aren't handled via these
33 * data structures.)
34 */
35
36 #define NO_IRQ -1
37 #define NO_PPC -1
38 /*
39 * Special values for ARMSSEDeviceInfo::irq to indicate that this
40 * device uses one of the inputs to the OR gate that feeds into the
41 * CPU NMI input.
42 */
43 #define NMI_0 10000
44 #define NMI_1 10001
45
46 typedef struct ARMSSEDeviceInfo {
47 const char *name; /* name to use for the QOM object; NULL terminates list */
48 const char *type; /* QOM type name */
49 unsigned int index; /* Which of the N devices of this type is this ? */
50 hwaddr addr;
51 hwaddr size; /* only needed for TYPE_UNIMPLEMENTED_DEVICE */
52 int ppc; /* Index of APB PPC this device is wired up to, or NO_PPC */
53 int ppc_port; /* Port number of this device on the PPC */
54 int irq; /* NO_IRQ, or 0..NUM_SSE_IRQS-1, or NMI_0 or NMI_1 */
55 bool slowclk; /* true if device uses the slow 32KHz clock */
56 } ARMSSEDeviceInfo;
57
58 struct ARMSSEInfo {
59 const char *name;
60 const char *cpu_type;
61 uint32_t sse_version;
62 int sram_banks;
63 uint32_t sram_bank_base;
64 int num_cpus;
65 uint32_t sys_version;
66 uint32_t iidr;
67 uint32_t cpuwait_rst;
68 bool has_mhus;
69 bool has_cachectrl;
70 bool has_cpusecctrl;
71 bool has_cpuid;
72 bool has_cpu_pwrctrl;
73 bool has_sse_counter;
74 bool has_tcms;
75 Property *props;
76 const ARMSSEDeviceInfo *devinfo;
77 const bool *irq_is_common;
78 };
79
80 static Property iotkit_properties[] = {
81 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION,
82 MemoryRegion *),
83 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64),
84 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15),
85 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000),
86 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], true),
87 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], true),
88 DEFINE_PROP_END_OF_LIST()
89 };
90
91 static Property sse200_properties[] = {
92 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION,
93 MemoryRegion *),
94 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64),
95 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15),
96 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000),
97 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], false),
98 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], false),
99 DEFINE_PROP_BOOL("CPU1_FPU", ARMSSE, cpu_fpu[1], true),
100 DEFINE_PROP_BOOL("CPU1_DSP", ARMSSE, cpu_dsp[1], true),
101 DEFINE_PROP_END_OF_LIST()
102 };
103
104 static Property sse300_properties[] = {
105 DEFINE_PROP_LINK("memory", ARMSSE, board_memory, TYPE_MEMORY_REGION,
106 MemoryRegion *),
107 DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64),
108 DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 18),
109 DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x10000000),
110 DEFINE_PROP_BOOL("CPU0_FPU", ARMSSE, cpu_fpu[0], true),
111 DEFINE_PROP_BOOL("CPU0_DSP", ARMSSE, cpu_dsp[0], true),
112 DEFINE_PROP_END_OF_LIST()
113 };
114
115 static const ARMSSEDeviceInfo iotkit_devices[] = {
116 {
117 .name = "timer0",
118 .type = TYPE_CMSDK_APB_TIMER,
119 .index = 0,
120 .addr = 0x40000000,
121 .ppc = 0,
122 .ppc_port = 0,
123 .irq = 3,
124 },
125 {
126 .name = "timer1",
127 .type = TYPE_CMSDK_APB_TIMER,
128 .index = 1,
129 .addr = 0x40001000,
130 .ppc = 0,
131 .ppc_port = 1,
132 .irq = 4,
133 },
134 {
135 .name = "s32ktimer",
136 .type = TYPE_CMSDK_APB_TIMER,
137 .index = 2,
138 .addr = 0x4002f000,
139 .ppc = 1,
140 .ppc_port = 0,
141 .irq = 2,
142 .slowclk = true,
143 },
144 {
145 .name = "dualtimer",
146 .type = TYPE_CMSDK_APB_DUALTIMER,
147 .index = 0,
148 .addr = 0x40002000,
149 .ppc = 0,
150 .ppc_port = 2,
151 .irq = 5,
152 },
153 {
154 .name = "s32kwatchdog",
155 .type = TYPE_CMSDK_APB_WATCHDOG,
156 .index = 0,
157 .addr = 0x5002e000,
158 .ppc = NO_PPC,
159 .irq = NMI_0,
160 .slowclk = true,
161 },
162 {
163 .name = "nswatchdog",
164 .type = TYPE_CMSDK_APB_WATCHDOG,
165 .index = 1,
166 .addr = 0x40081000,
167 .ppc = NO_PPC,
168 .irq = 1,
169 },
170 {
171 .name = "swatchdog",
172 .type = TYPE_CMSDK_APB_WATCHDOG,
173 .index = 2,
174 .addr = 0x50081000,
175 .ppc = NO_PPC,
176 .irq = NMI_1,
177 },
178 {
179 .name = "armsse-sysinfo",
180 .type = TYPE_IOTKIT_SYSINFO,
181 .index = 0,
182 .addr = 0x40020000,
183 .ppc = NO_PPC,
184 .irq = NO_IRQ,
185 },
186 {
187 .name = "armsse-sysctl",
188 .type = TYPE_IOTKIT_SYSCTL,
189 .index = 0,
190 .addr = 0x50021000,
191 .ppc = NO_PPC,
192 .irq = NO_IRQ,
193 },
194 {
195 .name = NULL,
196 }
197 };
198
199 static const ARMSSEDeviceInfo sse200_devices[] = {
200 {
201 .name = "timer0",
202 .type = TYPE_CMSDK_APB_TIMER,
203 .index = 0,
204 .addr = 0x40000000,
205 .ppc = 0,
206 .ppc_port = 0,
207 .irq = 3,
208 },
209 {
210 .name = "timer1",
211 .type = TYPE_CMSDK_APB_TIMER,
212 .index = 1,
213 .addr = 0x40001000,
214 .ppc = 0,
215 .ppc_port = 1,
216 .irq = 4,
217 },
218 {
219 .name = "s32ktimer",
220 .type = TYPE_CMSDK_APB_TIMER,
221 .index = 2,
222 .addr = 0x4002f000,
223 .ppc = 1,
224 .ppc_port = 0,
225 .irq = 2,
226 .slowclk = true,
227 },
228 {
229 .name = "dualtimer",
230 .type = TYPE_CMSDK_APB_DUALTIMER,
231 .index = 0,
232 .addr = 0x40002000,
233 .ppc = 0,
234 .ppc_port = 2,
235 .irq = 5,
236 },
237 {
238 .name = "s32kwatchdog",
239 .type = TYPE_CMSDK_APB_WATCHDOG,
240 .index = 0,
241 .addr = 0x5002e000,
242 .ppc = NO_PPC,
243 .irq = NMI_0,
244 .slowclk = true,
245 },
246 {
247 .name = "nswatchdog",
248 .type = TYPE_CMSDK_APB_WATCHDOG,
249 .index = 1,
250 .addr = 0x40081000,
251 .ppc = NO_PPC,
252 .irq = 1,
253 },
254 {
255 .name = "swatchdog",
256 .type = TYPE_CMSDK_APB_WATCHDOG,
257 .index = 2,
258 .addr = 0x50081000,
259 .ppc = NO_PPC,
260 .irq = NMI_1,
261 },
262 {
263 .name = "armsse-sysinfo",
264 .type = TYPE_IOTKIT_SYSINFO,
265 .index = 0,
266 .addr = 0x40020000,
267 .ppc = NO_PPC,
268 .irq = NO_IRQ,
269 },
270 {
271 .name = "armsse-sysctl",
272 .type = TYPE_IOTKIT_SYSCTL,
273 .index = 0,
274 .addr = 0x50021000,
275 .ppc = NO_PPC,
276 .irq = NO_IRQ,
277 },
278 {
279 .name = "CPU0CORE_PPU",
280 .type = TYPE_UNIMPLEMENTED_DEVICE,
281 .index = 0,
282 .addr = 0x50023000,
283 .size = 0x1000,
284 .ppc = NO_PPC,
285 .irq = NO_IRQ,
286 },
287 {
288 .name = "CPU1CORE_PPU",
289 .type = TYPE_UNIMPLEMENTED_DEVICE,
290 .index = 1,
291 .addr = 0x50025000,
292 .size = 0x1000,
293 .ppc = NO_PPC,
294 .irq = NO_IRQ,
295 },
296 {
297 .name = "DBG_PPU",
298 .type = TYPE_UNIMPLEMENTED_DEVICE,
299 .index = 2,
300 .addr = 0x50029000,
301 .size = 0x1000,
302 .ppc = NO_PPC,
303 .irq = NO_IRQ,
304 },
305 {
306 .name = "RAM0_PPU",
307 .type = TYPE_UNIMPLEMENTED_DEVICE,
308 .index = 3,
309 .addr = 0x5002a000,
310 .size = 0x1000,
311 .ppc = NO_PPC,
312 .irq = NO_IRQ,
313 },
314 {
315 .name = "RAM1_PPU",
316 .type = TYPE_UNIMPLEMENTED_DEVICE,
317 .index = 4,
318 .addr = 0x5002b000,
319 .size = 0x1000,
320 .ppc = NO_PPC,
321 .irq = NO_IRQ,
322 },
323 {
324 .name = "RAM2_PPU",
325 .type = TYPE_UNIMPLEMENTED_DEVICE,
326 .index = 5,
327 .addr = 0x5002c000,
328 .size = 0x1000,
329 .ppc = NO_PPC,
330 .irq = NO_IRQ,
331 },
332 {
333 .name = "RAM3_PPU",
334 .type = TYPE_UNIMPLEMENTED_DEVICE,
335 .index = 6,
336 .addr = 0x5002d000,
337 .size = 0x1000,
338 .ppc = NO_PPC,
339 .irq = NO_IRQ,
340 },
341 {
342 .name = "SYS_PPU",
343 .type = TYPE_UNIMPLEMENTED_DEVICE,
344 .index = 7,
345 .addr = 0x50022000,
346 .size = 0x1000,
347 .ppc = NO_PPC,
348 .irq = NO_IRQ,
349 },
350 {
351 .name = NULL,
352 }
353 };
354
355 static const ARMSSEDeviceInfo sse300_devices[] = {
356 {
357 .name = "timer0",
358 .type = TYPE_SSE_TIMER,
359 .index = 0,
360 .addr = 0x48000000,
361 .ppc = 0,
362 .ppc_port = 0,
363 .irq = 3,
364 },
365 {
366 .name = "timer1",
367 .type = TYPE_SSE_TIMER,
368 .index = 1,
369 .addr = 0x48001000,
370 .ppc = 0,
371 .ppc_port = 1,
372 .irq = 4,
373 },
374 {
375 .name = "timer2",
376 .type = TYPE_SSE_TIMER,
377 .index = 2,
378 .addr = 0x48002000,
379 .ppc = 0,
380 .ppc_port = 2,
381 .irq = 5,
382 },
383 {
384 .name = "timer3",
385 .type = TYPE_SSE_TIMER,
386 .index = 3,
387 .addr = 0x48003000,
388 .ppc = 0,
389 .ppc_port = 5,
390 .irq = 27,
391 },
392 {
393 .name = "s32ktimer",
394 .type = TYPE_CMSDK_APB_TIMER,
395 .index = 0,
396 .addr = 0x4802f000,
397 .ppc = 1,
398 .ppc_port = 0,
399 .irq = 2,
400 .slowclk = true,
401 },
402 {
403 .name = "s32kwatchdog",
404 .type = TYPE_CMSDK_APB_WATCHDOG,
405 .index = 0,
406 .addr = 0x4802e000,
407 .ppc = NO_PPC,
408 .irq = NMI_0,
409 .slowclk = true,
410 },
411 {
412 .name = "watchdog",
413 .type = TYPE_UNIMPLEMENTED_DEVICE,
414 .index = 0,
415 .addr = 0x48040000,
416 .size = 0x2000,
417 .ppc = NO_PPC,
418 .irq = NO_IRQ,
419 },
420 {
421 .name = "armsse-sysinfo",
422 .type = TYPE_IOTKIT_SYSINFO,
423 .index = 0,
424 .addr = 0x48020000,
425 .ppc = NO_PPC,
426 .irq = NO_IRQ,
427 },
428 {
429 .name = "armsse-sysctl",
430 .type = TYPE_IOTKIT_SYSCTL,
431 .index = 0,
432 .addr = 0x58021000,
433 .ppc = NO_PPC,
434 .irq = NO_IRQ,
435 },
436 {
437 .name = "SYS_PPU",
438 .type = TYPE_UNIMPLEMENTED_DEVICE,
439 .index = 1,
440 .addr = 0x58022000,
441 .size = 0x1000,
442 .ppc = NO_PPC,
443 .irq = NO_IRQ,
444 },
445 {
446 .name = "CPU0CORE_PPU",
447 .type = TYPE_UNIMPLEMENTED_DEVICE,
448 .index = 2,
449 .addr = 0x50023000,
450 .size = 0x1000,
451 .ppc = NO_PPC,
452 .irq = NO_IRQ,
453 },
454 {
455 .name = "MGMT_PPU",
456 .type = TYPE_UNIMPLEMENTED_DEVICE,
457 .index = 3,
458 .addr = 0x50028000,
459 .size = 0x1000,
460 .ppc = NO_PPC,
461 .irq = NO_IRQ,
462 },
463 {
464 .name = "DEBUG_PPU",
465 .type = TYPE_UNIMPLEMENTED_DEVICE,
466 .index = 4,
467 .addr = 0x50029000,
468 .size = 0x1000,
469 .ppc = NO_PPC,
470 .irq = NO_IRQ,
471 },
472 {
473 .name = NULL,
474 }
475 };
476
477 /* Is internal IRQ n shared between CPUs in a multi-core SSE ? */
478 static const bool sse200_irq_is_common[32] = {
479 [0 ... 5] = true,
480 /* 6, 7: per-CPU MHU interrupts */
481 [8 ... 12] = true,
482 /* 13: per-CPU icache interrupt */
483 /* 14: reserved */
484 [15 ... 20] = true,
485 /* 21: reserved */
486 [22 ... 26] = true,
487 /* 27: reserved */
488 /* 28, 29: per-CPU CTI interrupts */
489 /* 30, 31: reserved */
490 };
491
492 static const bool sse300_irq_is_common[32] = {
493 [0 ... 5] = true,
494 /* 6, 7: per-CPU MHU interrupts */
495 [8 ... 12] = true,
496 /* 13: reserved */
497 [14 ... 16] = true,
498 /* 17-25: reserved */
499 [26 ... 27] = true,
500 /* 28, 29: per-CPU CTI interrupts */
501 /* 30, 31: reserved */
502 };
503
504 static const ARMSSEInfo armsse_variants[] = {
505 {
506 .name = TYPE_IOTKIT,
507 .sse_version = ARMSSE_IOTKIT,
508 .cpu_type = ARM_CPU_TYPE_NAME("cortex-m33"),
509 .sram_banks = 1,
510 .sram_bank_base = 0x20000000,
511 .num_cpus = 1,
512 .sys_version = 0x41743,
513 .iidr = 0,
514 .cpuwait_rst = 0,
515 .has_mhus = false,
516 .has_cachectrl = false,
517 .has_cpusecctrl = false,
518 .has_cpuid = false,
519 .has_cpu_pwrctrl = false,
520 .has_sse_counter = false,
521 .has_tcms = false,
522 .props = iotkit_properties,
523 .devinfo = iotkit_devices,
524 .irq_is_common = sse200_irq_is_common,
525 },
526 {
527 .name = TYPE_SSE200,
528 .sse_version = ARMSSE_SSE200,
529 .cpu_type = ARM_CPU_TYPE_NAME("cortex-m33"),
530 .sram_banks = 4,
531 .sram_bank_base = 0x20000000,
532 .num_cpus = 2,
533 .sys_version = 0x22041743,
534 .iidr = 0,
535 .cpuwait_rst = 2,
536 .has_mhus = true,
537 .has_cachectrl = true,
538 .has_cpusecctrl = true,
539 .has_cpuid = true,
540 .has_cpu_pwrctrl = false,
541 .has_sse_counter = false,
542 .has_tcms = false,
543 .props = sse200_properties,
544 .devinfo = sse200_devices,
545 .irq_is_common = sse200_irq_is_common,
546 },
547 {
548 .name = TYPE_SSE300,
549 .sse_version = ARMSSE_SSE300,
550 .cpu_type = ARM_CPU_TYPE_NAME("cortex-m55"),
551 .sram_banks = 2,
552 .sram_bank_base = 0x21000000,
553 .num_cpus = 1,
554 .sys_version = 0x7e00043b,
555 .iidr = 0x74a0043b,
556 .cpuwait_rst = 0,
557 .has_mhus = false,
558 .has_cachectrl = false,
559 .has_cpusecctrl = true,
560 .has_cpuid = true,
561 .has_cpu_pwrctrl = true,
562 .has_sse_counter = true,
563 .has_tcms = true,
564 .props = sse300_properties,
565 .devinfo = sse300_devices,
566 .irq_is_common = sse300_irq_is_common,
567 },
568 };
569
570 static uint32_t armsse_sys_config_value(ARMSSE *s, const ARMSSEInfo *info)
571 {
572 /* Return the SYS_CONFIG value for this SSE */
573 uint32_t sys_config;
574
575 switch (info->sse_version) {
576 case ARMSSE_IOTKIT:
577 sys_config = 0;
578 sys_config = deposit32(sys_config, 0, 4, info->sram_banks);
579 sys_config = deposit32(sys_config, 4, 4, s->sram_addr_width - 12);
580 break;
581 case ARMSSE_SSE200:
582 sys_config = 0;
583 sys_config = deposit32(sys_config, 0, 4, info->sram_banks);
584 sys_config = deposit32(sys_config, 4, 5, s->sram_addr_width);
585 sys_config = deposit32(sys_config, 24, 4, 2);
586 if (info->num_cpus > 1) {
587 sys_config = deposit32(sys_config, 10, 1, 1);
588 sys_config = deposit32(sys_config, 20, 4, info->sram_banks - 1);
589 sys_config = deposit32(sys_config, 28, 4, 2);
590 }
591 break;
592 case ARMSSE_SSE300:
593 sys_config = 0;
594 sys_config = deposit32(sys_config, 0, 4, info->sram_banks);
595 sys_config = deposit32(sys_config, 4, 5, s->sram_addr_width);
596 sys_config = deposit32(sys_config, 16, 3, 3); /* CPU0 = Cortex-M55 */
597 break;
598 default:
599 g_assert_not_reached();
600 }
601 return sys_config;
602 }
603
604 /* Clock frequency in HZ of the 32KHz "slow clock" */
605 #define S32KCLK (32 * 1000)
606
607 /*
608 * Create an alias region in @container of @size bytes starting at @base
609 * which mirrors the memory starting at @orig.
610 */
611 static void make_alias(ARMSSE *s, MemoryRegion *mr, MemoryRegion *container,
612 const char *name, hwaddr base, hwaddr size, hwaddr orig)
613 {
614 memory_region_init_alias(mr, NULL, name, container, orig, size);
615 /* The alias is even lower priority than unimplemented_device regions */
616 memory_region_add_subregion_overlap(container, base, mr, -1500);
617 }
618
619 static void irq_status_forwarder(void *opaque, int n, int level)
620 {
621 qemu_irq destirq = opaque;
622
623 qemu_set_irq(destirq, level);
624 }
625
626 static void nsccfg_handler(void *opaque, int n, int level)
627 {
628 ARMSSE *s = ARM_SSE(opaque);
629
630 s->nsccfg = level;
631 }
632
633 static void armsse_forward_ppc(ARMSSE *s, const char *ppcname, int ppcnum)
634 {
635 /* Each of the 4 AHB and 4 APB PPCs that might be present in a
636 * system using the ARMSSE has a collection of control lines which
637 * are provided by the security controller and which we want to
638 * expose as control lines on the ARMSSE device itself, so the
639 * code using the ARMSSE can wire them up to the PPCs.
640 */
641 SplitIRQ *splitter = &s->ppc_irq_splitter[ppcnum];
642 DeviceState *armssedev = DEVICE(s);
643 DeviceState *dev_secctl = DEVICE(&s->secctl);
644 DeviceState *dev_splitter = DEVICE(splitter);
645 char *name;
646
647 name = g_strdup_printf("%s_nonsec", ppcname);
648 qdev_pass_gpios(dev_secctl, armssedev, name);
649 g_free(name);
650 name = g_strdup_printf("%s_ap", ppcname);
651 qdev_pass_gpios(dev_secctl, armssedev, name);
652 g_free(name);
653 name = g_strdup_printf("%s_irq_enable", ppcname);
654 qdev_pass_gpios(dev_secctl, armssedev, name);
655 g_free(name);
656 name = g_strdup_printf("%s_irq_clear", ppcname);
657 qdev_pass_gpios(dev_secctl, armssedev, name);
658 g_free(name);
659
660 /* irq_status is a little more tricky, because we need to
661 * split it so we can send it both to the security controller
662 * and to our OR gate for the NVIC interrupt line.
663 * Connect up the splitter's outputs, and create a GPIO input
664 * which will pass the line state to the input splitter.
665 */
666 name = g_strdup_printf("%s_irq_status", ppcname);
667 qdev_connect_gpio_out(dev_splitter, 0,
668 qdev_get_gpio_in_named(dev_secctl,
669 name, 0));
670 qdev_connect_gpio_out(dev_splitter, 1,
671 qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), ppcnum));
672 s->irq_status_in[ppcnum] = qdev_get_gpio_in(dev_splitter, 0);
673 qdev_init_gpio_in_named_with_opaque(armssedev, irq_status_forwarder,
674 s->irq_status_in[ppcnum], name, 1);
675 g_free(name);
676 }
677
678 static void armsse_forward_sec_resp_cfg(ARMSSE *s)
679 {
680 /* Forward the 3rd output from the splitter device as a
681 * named GPIO output of the armsse object.
682 */
683 DeviceState *dev = DEVICE(s);
684 DeviceState *dev_splitter = DEVICE(&s->sec_resp_splitter);
685
686 qdev_init_gpio_out_named(dev, &s->sec_resp_cfg, "sec_resp_cfg", 1);
687 s->sec_resp_cfg_in = qemu_allocate_irq(irq_status_forwarder,
688 s->sec_resp_cfg, 1);
689 qdev_connect_gpio_out(dev_splitter, 2, s->sec_resp_cfg_in);
690 }
691
692 static void armsse_init(Object *obj)
693 {
694 ARMSSE *s = ARM_SSE(obj);
695 ARMSSEClass *asc = ARM_SSE_GET_CLASS(obj);
696 const ARMSSEInfo *info = asc->info;
697 const ARMSSEDeviceInfo *devinfo;
698 int i;
699
700 assert(info->sram_banks <= MAX_SRAM_BANKS);
701 assert(info->num_cpus <= SSE_MAX_CPUS);
702
703 s->mainclk = qdev_init_clock_in(DEVICE(s), "MAINCLK", NULL, NULL, 0);
704 s->s32kclk = qdev_init_clock_in(DEVICE(s), "S32KCLK", NULL, NULL, 0);
705
706 memory_region_init(&s->container, obj, "armsse-container", UINT64_MAX);
707
708 for (i = 0; i < info->num_cpus; i++) {
709 /*
710 * We put each CPU in its own cluster as they are logically
711 * distinct and may be configured differently.
712 */
713 char *name;
714
715 name = g_strdup_printf("cluster%d", i);
716 object_initialize_child(obj, name, &s->cluster[i], TYPE_CPU_CLUSTER);
717 qdev_prop_set_uint32(DEVICE(&s->cluster[i]), "cluster-id", i);
718 g_free(name);
719
720 name = g_strdup_printf("armv7m%d", i);
721 object_initialize_child(OBJECT(&s->cluster[i]), name, &s->armv7m[i],
722 TYPE_ARMV7M);
723 qdev_prop_set_string(DEVICE(&s->armv7m[i]), "cpu-type", info->cpu_type);
724 g_free(name);
725 name = g_strdup_printf("arm-sse-cpu-container%d", i);
726 memory_region_init(&s->cpu_container[i], obj, name, UINT64_MAX);
727 g_free(name);
728 if (i > 0) {
729 name = g_strdup_printf("arm-sse-container-alias%d", i);
730 memory_region_init_alias(&s->container_alias[i - 1], obj,
731 name, &s->container, 0, UINT64_MAX);
732 g_free(name);
733 }
734 }
735
736 for (devinfo = info->devinfo; devinfo->name; devinfo++) {
737 assert(devinfo->ppc == NO_PPC || devinfo->ppc < ARRAY_SIZE(s->apb_ppc));
738 if (!strcmp(devinfo->type, TYPE_CMSDK_APB_TIMER)) {
739 assert(devinfo->index < ARRAY_SIZE(s->timer));
740 object_initialize_child(obj, devinfo->name,
741 &s->timer[devinfo->index],
742 TYPE_CMSDK_APB_TIMER);
743 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_DUALTIMER)) {
744 assert(devinfo->index == 0);
745 object_initialize_child(obj, devinfo->name, &s->dualtimer,
746 TYPE_CMSDK_APB_DUALTIMER);
747 } else if (!strcmp(devinfo->type, TYPE_SSE_TIMER)) {
748 assert(devinfo->index < ARRAY_SIZE(s->sse_timer));
749 object_initialize_child(obj, devinfo->name,
750 &s->sse_timer[devinfo->index],
751 TYPE_SSE_TIMER);
752 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_WATCHDOG)) {
753 assert(devinfo->index < ARRAY_SIZE(s->cmsdk_watchdog));
754 object_initialize_child(obj, devinfo->name,
755 &s->cmsdk_watchdog[devinfo->index],
756 TYPE_CMSDK_APB_WATCHDOG);
757 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSINFO)) {
758 assert(devinfo->index == 0);
759 object_initialize_child(obj, devinfo->name, &s->sysinfo,
760 TYPE_IOTKIT_SYSINFO);
761 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSCTL)) {
762 assert(devinfo->index == 0);
763 object_initialize_child(obj, devinfo->name, &s->sysctl,
764 TYPE_IOTKIT_SYSCTL);
765 } else if (!strcmp(devinfo->type, TYPE_UNIMPLEMENTED_DEVICE)) {
766 assert(devinfo->index < ARRAY_SIZE(s->unimp));
767 object_initialize_child(obj, devinfo->name,
768 &s->unimp[devinfo->index],
769 TYPE_UNIMPLEMENTED_DEVICE);
770 } else {
771 g_assert_not_reached();
772 }
773 }
774
775 object_initialize_child(obj, "secctl", &s->secctl, TYPE_IOTKIT_SECCTL);
776
777 for (i = 0; i < ARRAY_SIZE(s->apb_ppc); i++) {
778 g_autofree char *name = g_strdup_printf("apb-ppc%d", i);
779 object_initialize_child(obj, name, &s->apb_ppc[i], TYPE_TZ_PPC);
780 }
781
782 for (i = 0; i < info->sram_banks; i++) {
783 char *name = g_strdup_printf("mpc%d", i);
784 object_initialize_child(obj, name, &s->mpc[i], TYPE_TZ_MPC);
785 g_free(name);
786 }
787 object_initialize_child(obj, "mpc-irq-orgate", &s->mpc_irq_orgate,
788 TYPE_OR_IRQ);
789
790 for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) {
791 char *name = g_strdup_printf("mpc-irq-splitter-%d", i);
792 SplitIRQ *splitter = &s->mpc_irq_splitter[i];
793
794 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ);
795 g_free(name);
796 }
797
798 if (info->has_mhus) {
799 object_initialize_child(obj, "mhu0", &s->mhu[0], TYPE_ARMSSE_MHU);
800 object_initialize_child(obj, "mhu1", &s->mhu[1], TYPE_ARMSSE_MHU);
801 }
802 if (info->has_cachectrl) {
803 for (i = 0; i < info->num_cpus; i++) {
804 char *name = g_strdup_printf("cachectrl%d", i);
805
806 object_initialize_child(obj, name, &s->cachectrl[i],
807 TYPE_UNIMPLEMENTED_DEVICE);
808 g_free(name);
809 }
810 }
811 if (info->has_cpusecctrl) {
812 for (i = 0; i < info->num_cpus; i++) {
813 char *name = g_strdup_printf("cpusecctrl%d", i);
814
815 object_initialize_child(obj, name, &s->cpusecctrl[i],
816 TYPE_UNIMPLEMENTED_DEVICE);
817 g_free(name);
818 }
819 }
820 if (info->has_cpuid) {
821 for (i = 0; i < info->num_cpus; i++) {
822 char *name = g_strdup_printf("cpuid%d", i);
823
824 object_initialize_child(obj, name, &s->cpuid[i],
825 TYPE_ARMSSE_CPUID);
826 g_free(name);
827 }
828 }
829 if (info->has_cpu_pwrctrl) {
830 for (i = 0; i < info->num_cpus; i++) {
831 char *name = g_strdup_printf("cpu_pwrctrl%d", i);
832
833 object_initialize_child(obj, name, &s->cpu_pwrctrl[i],
834 TYPE_ARMSSE_CPU_PWRCTRL);
835 g_free(name);
836 }
837 }
838 if (info->has_sse_counter) {
839 object_initialize_child(obj, "sse-counter", &s->sse_counter,
840 TYPE_SSE_COUNTER);
841 }
842
843 object_initialize_child(obj, "nmi-orgate", &s->nmi_orgate, TYPE_OR_IRQ);
844 object_initialize_child(obj, "ppc-irq-orgate", &s->ppc_irq_orgate,
845 TYPE_OR_IRQ);
846 object_initialize_child(obj, "sec-resp-splitter", &s->sec_resp_splitter,
847 TYPE_SPLIT_IRQ);
848 for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) {
849 char *name = g_strdup_printf("ppc-irq-splitter-%d", i);
850 SplitIRQ *splitter = &s->ppc_irq_splitter[i];
851
852 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ);
853 g_free(name);
854 }
855 if (info->num_cpus > 1) {
856 for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) {
857 if (info->irq_is_common[i]) {
858 char *name = g_strdup_printf("cpu-irq-splitter%d", i);
859 SplitIRQ *splitter = &s->cpu_irq_splitter[i];
860
861 object_initialize_child(obj, name, splitter, TYPE_SPLIT_IRQ);
862 g_free(name);
863 }
864 }
865 }
866 }
867
868 static void armsse_exp_irq(void *opaque, int n, int level)
869 {
870 qemu_irq *irqarray = opaque;
871
872 qemu_set_irq(irqarray[n], level);
873 }
874
875 static void armsse_mpcexp_status(void *opaque, int n, int level)
876 {
877 ARMSSE *s = ARM_SSE(opaque);
878 qemu_set_irq(s->mpcexp_status_in[n], level);
879 }
880
881 static qemu_irq armsse_get_common_irq_in(ARMSSE *s, int irqno)
882 {
883 /*
884 * Return a qemu_irq which can be used to signal IRQ n to
885 * all CPUs in the SSE.
886 */
887 ARMSSEClass *asc = ARM_SSE_GET_CLASS(s);
888 const ARMSSEInfo *info = asc->info;
889
890 assert(info->irq_is_common[irqno]);
891
892 if (info->num_cpus == 1) {
893 /* Only one CPU -- just connect directly to it */
894 return qdev_get_gpio_in(DEVICE(&s->armv7m[0]), irqno);
895 } else {
896 /* Connect to the splitter which feeds all CPUs */
897 return qdev_get_gpio_in(DEVICE(&s->cpu_irq_splitter[irqno]), 0);
898 }
899 }
900
901 static void armsse_realize(DeviceState *dev, Error **errp)
902 {
903 ERRP_GUARD();
904 ARMSSE *s = ARM_SSE(dev);
905 ARMSSEClass *asc = ARM_SSE_GET_CLASS(dev);
906 const ARMSSEInfo *info = asc->info;
907 const ARMSSEDeviceInfo *devinfo;
908 int i;
909 MemoryRegion *mr;
910 SysBusDevice *sbd_apb_ppc0;
911 SysBusDevice *sbd_secctl;
912 DeviceState *dev_apb_ppc0;
913 DeviceState *dev_apb_ppc1;
914 DeviceState *dev_secctl;
915 DeviceState *dev_splitter;
916 uint32_t addr_width_max;
917
918 if (!s->board_memory) {
919 error_setg(errp, "memory property was not set");
920 return;
921 }
922
923 if (!clock_has_source(s->mainclk)) {
924 error_setg(errp, "MAINCLK clock was not connected");
925 }
926 if (!clock_has_source(s->s32kclk)) {
927 error_setg(errp, "S32KCLK clock was not connected");
928 }
929
930 assert(info->num_cpus <= SSE_MAX_CPUS);
931
932 /* max SRAM_ADDR_WIDTH: 24 - log2(SRAM_NUM_BANK) */
933 assert(is_power_of_2(info->sram_banks));
934 addr_width_max = 24 - ctz32(info->sram_banks);
935 if (s->sram_addr_width < 1 || s->sram_addr_width > addr_width_max) {
936 error_setg(errp, "SRAM_ADDR_WIDTH must be between 1 and %d",
937 addr_width_max);
938 return;
939 }
940
941 /* Handling of which devices should be available only to secure
942 * code is usually done differently for M profile than for A profile.
943 * Instead of putting some devices only into the secure address space,
944 * devices exist in both address spaces but with hard-wired security
945 * permissions that will cause the CPU to fault for non-secure accesses.
946 *
947 * The ARMSSE has an IDAU (Implementation Defined Access Unit),
948 * which specifies hard-wired security permissions for different
949 * areas of the physical address space. For the ARMSSE IDAU, the
950 * top 4 bits of the physical address are the IDAU region ID, and
951 * if bit 28 (ie the lowest bit of the ID) is 0 then this is an NS
952 * region, otherwise it is an S region.
953 *
954 * The various devices and RAMs are generally all mapped twice,
955 * once into a region that the IDAU defines as secure and once
956 * into a non-secure region. They sit behind either a Memory
957 * Protection Controller (for RAM) or a Peripheral Protection
958 * Controller (for devices), which allow a more fine grained
959 * configuration of whether non-secure accesses are permitted.
960 *
961 * (The other place that guest software can configure security
962 * permissions is in the architected SAU (Security Attribution
963 * Unit), which is entirely inside the CPU. The IDAU can upgrade
964 * the security attributes for a region to more restrictive than
965 * the SAU specifies, but cannot downgrade them.)
966 *
967 * 0x10000000..0x1fffffff alias of 0x00000000..0x0fffffff
968 * 0x20000000..0x2007ffff 32KB FPGA block RAM
969 * 0x30000000..0x3fffffff alias of 0x20000000..0x2fffffff
970 * 0x40000000..0x4000ffff base peripheral region 1
971 * 0x40010000..0x4001ffff CPU peripherals (none for ARMSSE)
972 * 0x40020000..0x4002ffff system control element peripherals
973 * 0x40080000..0x400fffff base peripheral region 2
974 * 0x50000000..0x5fffffff alias of 0x40000000..0x4fffffff
975 */
976
977 memory_region_add_subregion_overlap(&s->container, 0, s->board_memory, -2);
978
979 for (i = 0; i < info->num_cpus; i++) {
980 DeviceState *cpudev = DEVICE(&s->armv7m[i]);
981 Object *cpuobj = OBJECT(&s->armv7m[i]);
982 int j;
983 char *gpioname;
984
985 qdev_connect_clock_in(cpudev, "cpuclk", s->mainclk);
986 /* The SSE subsystems do not wire up a systick refclk */
987
988 qdev_prop_set_uint32(cpudev, "num-irq", s->exp_numirq + NUM_SSE_IRQS);
989 /*
990 * In real hardware the initial Secure VTOR is set from the INITSVTOR*
991 * registers in the IoT Kit System Control Register block. In QEMU
992 * we set the initial value here, and also the reset value of the
993 * sysctl register, from this object's QOM init-svtor property.
994 * If the guest changes the INITSVTOR* registers at runtime then the
995 * code in iotkit-sysctl.c will update the CPU init-svtor property
996 * (which will then take effect on the next CPU warm-reset).
997 *
998 * Note that typically a board using the SSE-200 will have a system
999 * control processor whose boot firmware initializes the INITSVTOR*
1000 * registers before powering up the CPUs. QEMU doesn't emulate
1001 * the control processor, so instead we behave in the way that the
1002 * firmware does: the initial value should be set by the board code
1003 * (using the init-svtor property on the ARMSSE object) to match
1004 * whatever its firmware does.
1005 */
1006 qdev_prop_set_uint32(cpudev, "init-svtor", s->init_svtor);
1007 /*
1008 * CPUs start powered down if the corresponding bit in the CPUWAIT
1009 * register is 1. In real hardware the CPUWAIT register reset value is
1010 * a configurable property of the SSE-200 (via the CPUWAIT0_RST and
1011 * CPUWAIT1_RST parameters), but since all the boards we care about
1012 * start CPU0 and leave CPU1 powered off, we hard-code that in
1013 * info->cpuwait_rst for now. We can add QOM properties for this
1014 * later if necessary.
1015 */
1016 if (extract32(info->cpuwait_rst, i, 1)) {
1017 if (!object_property_set_bool(cpuobj, "start-powered-off", true,
1018 errp)) {
1019 return;
1020 }
1021 }
1022 if (!s->cpu_fpu[i]) {
1023 if (!object_property_set_bool(cpuobj, "vfp", false, errp)) {
1024 return;
1025 }
1026 }
1027 if (!s->cpu_dsp[i]) {
1028 if (!object_property_set_bool(cpuobj, "dsp", false, errp)) {
1029 return;
1030 }
1031 }
1032
1033 if (i > 0) {
1034 memory_region_add_subregion_overlap(&s->cpu_container[i], 0,
1035 &s->container_alias[i - 1], -1);
1036 } else {
1037 memory_region_add_subregion_overlap(&s->cpu_container[i], 0,
1038 &s->container, -1);
1039 }
1040 object_property_set_link(cpuobj, "memory",
1041 OBJECT(&s->cpu_container[i]), &error_abort);
1042 object_property_set_link(cpuobj, "idau", OBJECT(s), &error_abort);
1043 if (!sysbus_realize(SYS_BUS_DEVICE(cpuobj), errp)) {
1044 return;
1045 }
1046 /*
1047 * The cluster must be realized after the armv7m container, as
1048 * the container's CPU object is only created on realize, and the
1049 * CPU must exist and have been parented into the cluster before
1050 * the cluster is realized.
1051 */
1052 if (!qdev_realize(DEVICE(&s->cluster[i]), NULL, errp)) {
1053 return;
1054 }
1055
1056 /* Connect EXP_IRQ/EXP_CPUn_IRQ GPIOs to the NVIC's lines 32 and up */
1057 s->exp_irqs[i] = g_new(qemu_irq, s->exp_numirq);
1058 for (j = 0; j < s->exp_numirq; j++) {
1059 s->exp_irqs[i][j] = qdev_get_gpio_in(cpudev, j + NUM_SSE_IRQS);
1060 }
1061 if (i == 0) {
1062 gpioname = g_strdup("EXP_IRQ");
1063 } else {
1064 gpioname = g_strdup_printf("EXP_CPU%d_IRQ", i);
1065 }
1066 qdev_init_gpio_in_named_with_opaque(dev, armsse_exp_irq,
1067 s->exp_irqs[i],
1068 gpioname, s->exp_numirq);
1069 g_free(gpioname);
1070 }
1071
1072 /* Wire up the splitters that connect common IRQs to all CPUs */
1073 if (info->num_cpus > 1) {
1074 for (i = 0; i < ARRAY_SIZE(s->cpu_irq_splitter); i++) {
1075 if (info->irq_is_common[i]) {
1076 Object *splitter = OBJECT(&s->cpu_irq_splitter[i]);
1077 DeviceState *devs = DEVICE(splitter);
1078 int cpunum;
1079
1080 if (!object_property_set_int(splitter, "num-lines",
1081 info->num_cpus, errp)) {
1082 return;
1083 }
1084 if (!qdev_realize(DEVICE(splitter), NULL, errp)) {
1085 return;
1086 }
1087 for (cpunum = 0; cpunum < info->num_cpus; cpunum++) {
1088 DeviceState *cpudev = DEVICE(&s->armv7m[cpunum]);
1089
1090 qdev_connect_gpio_out(devs, cpunum,
1091 qdev_get_gpio_in(cpudev, i));
1092 }
1093 }
1094 }
1095 }
1096
1097 /* Set up the big aliases first */
1098 make_alias(s, &s->alias1, &s->container, "alias 1",
1099 0x10000000, 0x10000000, 0x00000000);
1100 make_alias(s, &s->alias2, &s->container,
1101 "alias 2", 0x30000000, 0x10000000, 0x20000000);
1102 /* The 0x50000000..0x5fffffff region is not a pure alias: it has
1103 * a few extra devices that only appear there (generally the
1104 * control interfaces for the protection controllers).
1105 * We implement this by mapping those devices over the top of this
1106 * alias MR at a higher priority. Some of the devices in this range
1107 * are per-CPU, so we must put this alias in the per-cpu containers.
1108 */
1109 for (i = 0; i < info->num_cpus; i++) {
1110 make_alias(s, &s->alias3[i], &s->cpu_container[i],
1111 "alias 3", 0x50000000, 0x10000000, 0x40000000);
1112 }
1113
1114 /* Security controller */
1115 object_property_set_int(OBJECT(&s->secctl), "sse-version",
1116 info->sse_version, &error_abort);
1117 if (!sysbus_realize(SYS_BUS_DEVICE(&s->secctl), errp)) {
1118 return;
1119 }
1120 sbd_secctl = SYS_BUS_DEVICE(&s->secctl);
1121 dev_secctl = DEVICE(&s->secctl);
1122 sysbus_mmio_map(sbd_secctl, 0, 0x50080000);
1123 sysbus_mmio_map(sbd_secctl, 1, 0x40080000);
1124
1125 s->nsc_cfg_in = qemu_allocate_irq(nsccfg_handler, s, 1);
1126 qdev_connect_gpio_out_named(dev_secctl, "nsc_cfg", 0, s->nsc_cfg_in);
1127
1128 /* The sec_resp_cfg output from the security controller must be split into
1129 * multiple lines, one for each of the PPCs within the ARMSSE and one
1130 * that will be an output from the ARMSSE to the system.
1131 */
1132 if (!object_property_set_int(OBJECT(&s->sec_resp_splitter),
1133 "num-lines", 3, errp)) {
1134 return;
1135 }
1136 if (!qdev_realize(DEVICE(&s->sec_resp_splitter), NULL, errp)) {
1137 return;
1138 }
1139 dev_splitter = DEVICE(&s->sec_resp_splitter);
1140 qdev_connect_gpio_out_named(dev_secctl, "sec_resp_cfg", 0,
1141 qdev_get_gpio_in(dev_splitter, 0));
1142
1143 /* Each SRAM bank lives behind its own Memory Protection Controller */
1144 for (i = 0; i < info->sram_banks; i++) {
1145 char *ramname = g_strdup_printf("armsse.sram%d", i);
1146 SysBusDevice *sbd_mpc;
1147 uint32_t sram_bank_size = 1 << s->sram_addr_width;
1148
1149 memory_region_init_ram(&s->sram[i], NULL, ramname,
1150 sram_bank_size, errp);
1151 g_free(ramname);
1152 if (*errp) {
1153 return;
1154 }
1155 object_property_set_link(OBJECT(&s->mpc[i]), "downstream",
1156 OBJECT(&s->sram[i]), &error_abort);
1157 if (!sysbus_realize(SYS_BUS_DEVICE(&s->mpc[i]), errp)) {
1158 return;
1159 }
1160 /* Map the upstream end of the MPC into the right place... */
1161 sbd_mpc = SYS_BUS_DEVICE(&s->mpc[i]);
1162 memory_region_add_subregion(&s->container,
1163 info->sram_bank_base + i * sram_bank_size,
1164 sysbus_mmio_get_region(sbd_mpc, 1));
1165 /* ...and its register interface */
1166 memory_region_add_subregion(&s->container, 0x50083000 + i * 0x1000,
1167 sysbus_mmio_get_region(sbd_mpc, 0));
1168 }
1169
1170 /* We must OR together lines from the MPC splitters to go to the NVIC */
1171 if (!object_property_set_int(OBJECT(&s->mpc_irq_orgate), "num-lines",
1172 IOTS_NUM_EXP_MPC + info->sram_banks,
1173 errp)) {
1174 return;
1175 }
1176 if (!qdev_realize(DEVICE(&s->mpc_irq_orgate), NULL, errp)) {
1177 return;
1178 }
1179 qdev_connect_gpio_out(DEVICE(&s->mpc_irq_orgate), 0,
1180 armsse_get_common_irq_in(s, 9));
1181
1182 /* This OR gate wires together outputs from the secure watchdogs to NMI */
1183 if (!object_property_set_int(OBJECT(&s->nmi_orgate), "num-lines", 2,
1184 errp)) {
1185 return;
1186 }
1187 if (!qdev_realize(DEVICE(&s->nmi_orgate), NULL, errp)) {
1188 return;
1189 }
1190 qdev_connect_gpio_out(DEVICE(&s->nmi_orgate), 0,
1191 qdev_get_gpio_in_named(DEVICE(&s->armv7m), "NMI", 0));
1192
1193 /* The SSE-300 has a System Counter / System Timestamp Generator */
1194 if (info->has_sse_counter) {
1195 SysBusDevice *sbd = SYS_BUS_DEVICE(&s->sse_counter);
1196
1197 qdev_connect_clock_in(DEVICE(sbd), "CLK", s->mainclk);
1198 if (!sysbus_realize(sbd, errp)) {
1199 return;
1200 }
1201 /*
1202 * The control frame is only in the Secure region;
1203 * the status frame is in the NS region (and visible in the
1204 * S region via the alias mapping).
1205 */
1206 memory_region_add_subregion(&s->container, 0x58100000,
1207 sysbus_mmio_get_region(sbd, 0));
1208 memory_region_add_subregion(&s->container, 0x48101000,
1209 sysbus_mmio_get_region(sbd, 1));
1210 }
1211
1212 if (info->has_tcms) {
1213 /* The SSE-300 has an ITCM at 0x0000_0000 and a DTCM at 0x2000_0000 */
1214 memory_region_init_ram(&s->itcm, NULL, "sse300-itcm", 512 * KiB, errp);
1215 if (*errp) {
1216 return;
1217 }
1218 memory_region_init_ram(&s->dtcm, NULL, "sse300-dtcm", 512 * KiB, errp);
1219 if (*errp) {
1220 return;
1221 }
1222 memory_region_add_subregion(&s->container, 0x00000000, &s->itcm);
1223 memory_region_add_subregion(&s->container, 0x20000000, &s->dtcm);
1224 }
1225
1226 /* Devices behind APB PPC0:
1227 * 0x40000000: timer0
1228 * 0x40001000: timer1
1229 * 0x40002000: dual timer
1230 * 0x40003000: MHU0 (SSE-200 only)
1231 * 0x40004000: MHU1 (SSE-200 only)
1232 * We must configure and realize each downstream device and connect
1233 * it to the appropriate PPC port; then we can realize the PPC and
1234 * map its upstream ends to the right place in the container.
1235 */
1236 for (devinfo = info->devinfo; devinfo->name; devinfo++) {
1237 SysBusDevice *sbd;
1238 qemu_irq irq;
1239
1240 if (!strcmp(devinfo->type, TYPE_CMSDK_APB_TIMER)) {
1241 sbd = SYS_BUS_DEVICE(&s->timer[devinfo->index]);
1242
1243 qdev_connect_clock_in(DEVICE(sbd), "pclk",
1244 devinfo->slowclk ? s->s32kclk : s->mainclk);
1245 if (!sysbus_realize(sbd, errp)) {
1246 return;
1247 }
1248 mr = sysbus_mmio_get_region(sbd, 0);
1249 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_DUALTIMER)) {
1250 sbd = SYS_BUS_DEVICE(&s->dualtimer);
1251
1252 qdev_connect_clock_in(DEVICE(sbd), "TIMCLK", s->mainclk);
1253 if (!sysbus_realize(sbd, errp)) {
1254 return;
1255 }
1256 mr = sysbus_mmio_get_region(sbd, 0);
1257 } else if (!strcmp(devinfo->type, TYPE_SSE_TIMER)) {
1258 sbd = SYS_BUS_DEVICE(&s->sse_timer[devinfo->index]);
1259
1260 assert(info->has_sse_counter);
1261 object_property_set_link(OBJECT(sbd), "counter",
1262 OBJECT(&s->sse_counter), &error_abort);
1263 if (!sysbus_realize(sbd, errp)) {
1264 return;
1265 }
1266 mr = sysbus_mmio_get_region(sbd, 0);
1267 } else if (!strcmp(devinfo->type, TYPE_CMSDK_APB_WATCHDOG)) {
1268 sbd = SYS_BUS_DEVICE(&s->cmsdk_watchdog[devinfo->index]);
1269
1270 qdev_connect_clock_in(DEVICE(sbd), "WDOGCLK",
1271 devinfo->slowclk ? s->s32kclk : s->mainclk);
1272 if (!sysbus_realize(sbd, errp)) {
1273 return;
1274 }
1275 mr = sysbus_mmio_get_region(sbd, 0);
1276 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSINFO)) {
1277 sbd = SYS_BUS_DEVICE(&s->sysinfo);
1278
1279 object_property_set_int(OBJECT(&s->sysinfo), "SYS_VERSION",
1280 info->sys_version, &error_abort);
1281 object_property_set_int(OBJECT(&s->sysinfo), "SYS_CONFIG",
1282 armsse_sys_config_value(s, info),
1283 &error_abort);
1284 object_property_set_int(OBJECT(&s->sysinfo), "sse-version",
1285 info->sse_version, &error_abort);
1286 object_property_set_int(OBJECT(&s->sysinfo), "IIDR",
1287 info->iidr, &error_abort);
1288 if (!sysbus_realize(sbd, errp)) {
1289 return;
1290 }
1291 mr = sysbus_mmio_get_region(sbd, 0);
1292 } else if (!strcmp(devinfo->type, TYPE_IOTKIT_SYSCTL)) {
1293 /* System control registers */
1294 sbd = SYS_BUS_DEVICE(&s->sysctl);
1295
1296 object_property_set_int(OBJECT(&s->sysctl), "sse-version",
1297 info->sse_version, &error_abort);
1298 object_property_set_int(OBJECT(&s->sysctl), "CPUWAIT_RST",
1299 info->cpuwait_rst, &error_abort);
1300 object_property_set_int(OBJECT(&s->sysctl), "INITSVTOR0_RST",
1301 s->init_svtor, &error_abort);
1302 object_property_set_int(OBJECT(&s->sysctl), "INITSVTOR1_RST",
1303 s->init_svtor, &error_abort);
1304 if (!sysbus_realize(sbd, errp)) {
1305 return;
1306 }
1307 mr = sysbus_mmio_get_region(sbd, 0);
1308 } else if (!strcmp(devinfo->type, TYPE_UNIMPLEMENTED_DEVICE)) {
1309 sbd = SYS_BUS_DEVICE(&s->unimp[devinfo->index]);
1310
1311 qdev_prop_set_string(DEVICE(sbd), "name", devinfo->name);
1312 qdev_prop_set_uint64(DEVICE(sbd), "size", devinfo->size);
1313 if (!sysbus_realize(sbd, errp)) {
1314 return;
1315 }
1316 mr = sysbus_mmio_get_region(sbd, 0);
1317 } else {
1318 g_assert_not_reached();
1319 }
1320
1321 switch (devinfo->irq) {
1322 case NO_IRQ:
1323 irq = NULL;
1324 break;
1325 case 0 ... NUM_SSE_IRQS - 1:
1326 irq = armsse_get_common_irq_in(s, devinfo->irq);
1327 break;
1328 case NMI_0:
1329 case NMI_1:
1330 irq = qdev_get_gpio_in(DEVICE(&s->nmi_orgate),
1331 devinfo->irq - NMI_0);
1332 break;
1333 default:
1334 g_assert_not_reached();
1335 }
1336
1337 if (irq) {
1338 sysbus_connect_irq(sbd, 0, irq);
1339 }
1340
1341 /*
1342 * Devices connected to a PPC are connected to the port here;
1343 * we will map the upstream end of that port to the right address
1344 * in the container later after the PPC has been realized.
1345 * Devices not connected to a PPC can be mapped immediately.
1346 */
1347 if (devinfo->ppc != NO_PPC) {
1348 TZPPC *ppc = &s->apb_ppc[devinfo->ppc];
1349 g_autofree char *portname = g_strdup_printf("port[%d]",
1350 devinfo->ppc_port);
1351 object_property_set_link(OBJECT(ppc), portname, OBJECT(mr),
1352 &error_abort);
1353 } else {
1354 memory_region_add_subregion(&s->container, devinfo->addr, mr);
1355 }
1356 }
1357
1358 if (info->has_mhus) {
1359 /*
1360 * An SSE-200 with only one CPU should have only one MHU created,
1361 * with the region where the second MHU usually is being RAZ/WI.
1362 * We don't implement that SSE-200 config; if we want to support
1363 * it then this code needs to be enhanced to handle creating the
1364 * RAZ/WI region instead of the second MHU.
1365 */
1366 assert(info->num_cpus == ARRAY_SIZE(s->mhu));
1367
1368 for (i = 0; i < ARRAY_SIZE(s->mhu); i++) {
1369 char *port;
1370 int cpunum;
1371 SysBusDevice *mhu_sbd = SYS_BUS_DEVICE(&s->mhu[i]);
1372
1373 if (!sysbus_realize(SYS_BUS_DEVICE(&s->mhu[i]), errp)) {
1374 return;
1375 }
1376 port = g_strdup_printf("port[%d]", i + 3);
1377 mr = sysbus_mmio_get_region(mhu_sbd, 0);
1378 object_property_set_link(OBJECT(&s->apb_ppc[0]), port, OBJECT(mr),
1379 &error_abort);
1380 g_free(port);
1381
1382 /*
1383 * Each MHU has an irq line for each CPU:
1384 * MHU 0 irq line 0 -> CPU 0 IRQ 6
1385 * MHU 0 irq line 1 -> CPU 1 IRQ 6
1386 * MHU 1 irq line 0 -> CPU 0 IRQ 7
1387 * MHU 1 irq line 1 -> CPU 1 IRQ 7
1388 */
1389 for (cpunum = 0; cpunum < info->num_cpus; cpunum++) {
1390 DeviceState *cpudev = DEVICE(&s->armv7m[cpunum]);
1391
1392 sysbus_connect_irq(mhu_sbd, cpunum,
1393 qdev_get_gpio_in(cpudev, 6 + i));
1394 }
1395 }
1396 }
1397
1398 if (!sysbus_realize(SYS_BUS_DEVICE(&s->apb_ppc[0]), errp)) {
1399 return;
1400 }
1401
1402 sbd_apb_ppc0 = SYS_BUS_DEVICE(&s->apb_ppc[0]);
1403 dev_apb_ppc0 = DEVICE(&s->apb_ppc[0]);
1404
1405 if (info->has_mhus) {
1406 mr = sysbus_mmio_get_region(sbd_apb_ppc0, 3);
1407 memory_region_add_subregion(&s->container, 0x40003000, mr);
1408 mr = sysbus_mmio_get_region(sbd_apb_ppc0, 4);
1409 memory_region_add_subregion(&s->container, 0x40004000, mr);
1410 }
1411 for (i = 0; i < IOTS_APB_PPC0_NUM_PORTS; i++) {
1412 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_nonsec", i,
1413 qdev_get_gpio_in_named(dev_apb_ppc0,
1414 "cfg_nonsec", i));
1415 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_ap", i,
1416 qdev_get_gpio_in_named(dev_apb_ppc0,
1417 "cfg_ap", i));
1418 }
1419 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_enable", 0,
1420 qdev_get_gpio_in_named(dev_apb_ppc0,
1421 "irq_enable", 0));
1422 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc0_irq_clear", 0,
1423 qdev_get_gpio_in_named(dev_apb_ppc0,
1424 "irq_clear", 0));
1425 qdev_connect_gpio_out(dev_splitter, 0,
1426 qdev_get_gpio_in_named(dev_apb_ppc0,
1427 "cfg_sec_resp", 0));
1428
1429 /* All the PPC irq lines (from the 2 internal PPCs and the 8 external
1430 * ones) are sent individually to the security controller, and also
1431 * ORed together to give a single combined PPC interrupt to the NVIC.
1432 */
1433 if (!object_property_set_int(OBJECT(&s->ppc_irq_orgate),
1434 "num-lines", NUM_PPCS, errp)) {
1435 return;
1436 }
1437 if (!qdev_realize(DEVICE(&s->ppc_irq_orgate), NULL, errp)) {
1438 return;
1439 }
1440 qdev_connect_gpio_out(DEVICE(&s->ppc_irq_orgate), 0,
1441 armsse_get_common_irq_in(s, 10));
1442
1443 /*
1444 * 0x40010000 .. 0x4001ffff (and the 0x5001000... secure-only alias):
1445 * private per-CPU region (all these devices are SSE-200 only):
1446 * 0x50010000: L1 icache control registers
1447 * 0x50011000: CPUSECCTRL (CPU local security control registers)
1448 * 0x4001f000 and 0x5001f000: CPU_IDENTITY register block
1449 * The SSE-300 has an extra:
1450 * 0x40012000 and 0x50012000: CPU_PWRCTRL register block
1451 */
1452 if (info->has_cachectrl) {
1453 for (i = 0; i < info->num_cpus; i++) {
1454 char *name = g_strdup_printf("cachectrl%d", i);
1455 MemoryRegion *mr;
1456
1457 qdev_prop_set_string(DEVICE(&s->cachectrl[i]), "name", name);
1458 g_free(name);
1459 qdev_prop_set_uint64(DEVICE(&s->cachectrl[i]), "size", 0x1000);
1460 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cachectrl[i]), errp)) {
1461 return;
1462 }
1463
1464 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cachectrl[i]), 0);
1465 memory_region_add_subregion(&s->cpu_container[i], 0x50010000, mr);
1466 }
1467 }
1468 if (info->has_cpusecctrl) {
1469 for (i = 0; i < info->num_cpus; i++) {
1470 char *name = g_strdup_printf("CPUSECCTRL%d", i);
1471 MemoryRegion *mr;
1472
1473 qdev_prop_set_string(DEVICE(&s->cpusecctrl[i]), "name", name);
1474 g_free(name);
1475 qdev_prop_set_uint64(DEVICE(&s->cpusecctrl[i]), "size", 0x1000);
1476 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpusecctrl[i]), errp)) {
1477 return;
1478 }
1479
1480 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpusecctrl[i]), 0);
1481 memory_region_add_subregion(&s->cpu_container[i], 0x50011000, mr);
1482 }
1483 }
1484 if (info->has_cpuid) {
1485 for (i = 0; i < info->num_cpus; i++) {
1486 MemoryRegion *mr;
1487
1488 qdev_prop_set_uint32(DEVICE(&s->cpuid[i]), "CPUID", i);
1489 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpuid[i]), errp)) {
1490 return;
1491 }
1492
1493 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpuid[i]), 0);
1494 memory_region_add_subregion(&s->cpu_container[i], 0x4001F000, mr);
1495 }
1496 }
1497 if (info->has_cpu_pwrctrl) {
1498 for (i = 0; i < info->num_cpus; i++) {
1499 MemoryRegion *mr;
1500
1501 if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpu_pwrctrl[i]), errp)) {
1502 return;
1503 }
1504
1505 mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->cpu_pwrctrl[i]), 0);
1506 memory_region_add_subregion(&s->cpu_container[i], 0x40012000, mr);
1507 }
1508 }
1509
1510 if (!sysbus_realize(SYS_BUS_DEVICE(&s->apb_ppc[1]), errp)) {
1511 return;
1512 }
1513
1514 dev_apb_ppc1 = DEVICE(&s->apb_ppc[1]);
1515 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_nonsec", 0,
1516 qdev_get_gpio_in_named(dev_apb_ppc1,
1517 "cfg_nonsec", 0));
1518 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_ap", 0,
1519 qdev_get_gpio_in_named(dev_apb_ppc1,
1520 "cfg_ap", 0));
1521 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_enable", 0,
1522 qdev_get_gpio_in_named(dev_apb_ppc1,
1523 "irq_enable", 0));
1524 qdev_connect_gpio_out_named(dev_secctl, "apb_ppc1_irq_clear", 0,
1525 qdev_get_gpio_in_named(dev_apb_ppc1,
1526 "irq_clear", 0));
1527 qdev_connect_gpio_out(dev_splitter, 1,
1528 qdev_get_gpio_in_named(dev_apb_ppc1,
1529 "cfg_sec_resp", 0));
1530
1531 /*
1532 * Now both PPCs are realized we can map the upstream ends of
1533 * ports which correspond to entries in the devinfo array.
1534 * The ports which are connected to non-devinfo devices have
1535 * already been mapped.
1536 */
1537 for (devinfo = info->devinfo; devinfo->name; devinfo++) {
1538 SysBusDevice *ppc_sbd;
1539
1540 if (devinfo->ppc == NO_PPC) {
1541 continue;
1542 }
1543 ppc_sbd = SYS_BUS_DEVICE(&s->apb_ppc[devinfo->ppc]);
1544 mr = sysbus_mmio_get_region(ppc_sbd, devinfo->ppc_port);
1545 memory_region_add_subregion(&s->container, devinfo->addr, mr);
1546 }
1547
1548 for (i = 0; i < ARRAY_SIZE(s->ppc_irq_splitter); i++) {
1549 Object *splitter = OBJECT(&s->ppc_irq_splitter[i]);
1550
1551 if (!object_property_set_int(splitter, "num-lines", 2, errp)) {
1552 return;
1553 }
1554 if (!qdev_realize(DEVICE(splitter), NULL, errp)) {
1555 return;
1556 }
1557 }
1558
1559 for (i = 0; i < IOTS_NUM_AHB_EXP_PPC; i++) {
1560 char *ppcname = g_strdup_printf("ahb_ppcexp%d", i);
1561
1562 armsse_forward_ppc(s, ppcname, i);
1563 g_free(ppcname);
1564 }
1565
1566 for (i = 0; i < IOTS_NUM_APB_EXP_PPC; i++) {
1567 char *ppcname = g_strdup_printf("apb_ppcexp%d", i);
1568
1569 armsse_forward_ppc(s, ppcname, i + IOTS_NUM_AHB_EXP_PPC);
1570 g_free(ppcname);
1571 }
1572
1573 for (i = NUM_EXTERNAL_PPCS; i < NUM_PPCS; i++) {
1574 /* Wire up IRQ splitter for internal PPCs */
1575 DeviceState *devs = DEVICE(&s->ppc_irq_splitter[i]);
1576 char *gpioname = g_strdup_printf("apb_ppc%d_irq_status",
1577 i - NUM_EXTERNAL_PPCS);
1578 TZPPC *ppc = &s->apb_ppc[i - NUM_EXTERNAL_PPCS];
1579
1580 qdev_connect_gpio_out(devs, 0,
1581 qdev_get_gpio_in_named(dev_secctl, gpioname, 0));
1582 qdev_connect_gpio_out(devs, 1,
1583 qdev_get_gpio_in(DEVICE(&s->ppc_irq_orgate), i));
1584 qdev_connect_gpio_out_named(DEVICE(ppc), "irq", 0,
1585 qdev_get_gpio_in(devs, 0));
1586 g_free(gpioname);
1587 }
1588
1589 /* Wire up the splitters for the MPC IRQs */
1590 for (i = 0; i < IOTS_NUM_EXP_MPC + info->sram_banks; i++) {
1591 SplitIRQ *splitter = &s->mpc_irq_splitter[i];
1592 DeviceState *dev_splitter = DEVICE(splitter);
1593
1594 if (!object_property_set_int(OBJECT(splitter), "num-lines", 2,
1595 errp)) {
1596 return;
1597 }
1598 if (!qdev_realize(DEVICE(splitter), NULL, errp)) {
1599 return;
1600 }
1601
1602 if (i < IOTS_NUM_EXP_MPC) {
1603 /* Splitter input is from GPIO input line */
1604 s->mpcexp_status_in[i] = qdev_get_gpio_in(dev_splitter, 0);
1605 qdev_connect_gpio_out(dev_splitter, 0,
1606 qdev_get_gpio_in_named(dev_secctl,
1607 "mpcexp_status", i));
1608 } else {
1609 /* Splitter input is from our own MPC */
1610 qdev_connect_gpio_out_named(DEVICE(&s->mpc[i - IOTS_NUM_EXP_MPC]),
1611 "irq", 0,
1612 qdev_get_gpio_in(dev_splitter, 0));
1613 qdev_connect_gpio_out(dev_splitter, 0,
1614 qdev_get_gpio_in_named(dev_secctl,
1615 "mpc_status",
1616 i - IOTS_NUM_EXP_MPC));
1617 }
1618
1619 qdev_connect_gpio_out(dev_splitter, 1,
1620 qdev_get_gpio_in(DEVICE(&s->mpc_irq_orgate), i));
1621 }
1622 /* Create GPIO inputs which will pass the line state for our
1623 * mpcexp_irq inputs to the correct splitter devices.
1624 */
1625 qdev_init_gpio_in_named(dev, armsse_mpcexp_status, "mpcexp_status",
1626 IOTS_NUM_EXP_MPC);
1627
1628 armsse_forward_sec_resp_cfg(s);
1629
1630 /* Forward the MSC related signals */
1631 qdev_pass_gpios(dev_secctl, dev, "mscexp_status");
1632 qdev_pass_gpios(dev_secctl, dev, "mscexp_clear");
1633 qdev_pass_gpios(dev_secctl, dev, "mscexp_ns");
1634 qdev_connect_gpio_out_named(dev_secctl, "msc_irq", 0,
1635 armsse_get_common_irq_in(s, 11));
1636
1637 /*
1638 * Expose our container region to the board model; this corresponds
1639 * to the AHB Slave Expansion ports which allow bus master devices
1640 * (eg DMA controllers) in the board model to make transactions into
1641 * devices in the ARMSSE.
1642 */
1643 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->container);
1644 }
1645
1646 static void armsse_idau_check(IDAUInterface *ii, uint32_t address,
1647 int *iregion, bool *exempt, bool *ns, bool *nsc)
1648 {
1649 /*
1650 * For ARMSSE systems the IDAU responses are simple logical functions
1651 * of the address bits. The NSC attribute is guest-adjustable via the
1652 * NSCCFG register in the security controller.
1653 */
1654 ARMSSE *s = ARM_SSE(ii);
1655 int region = extract32(address, 28, 4);
1656
1657 *ns = !(region & 1);
1658 *nsc = (region == 1 && (s->nsccfg & 1)) || (region == 3 && (s->nsccfg & 2));
1659 /* 0xe0000000..0xe00fffff and 0xf0000000..0xf00fffff are exempt */
1660 *exempt = (address & 0xeff00000) == 0xe0000000;
1661 *iregion = region;
1662 }
1663
1664 static const VMStateDescription armsse_vmstate = {
1665 .name = "iotkit",
1666 .version_id = 2,
1667 .minimum_version_id = 2,
1668 .fields = (VMStateField[]) {
1669 VMSTATE_CLOCK(mainclk, ARMSSE),
1670 VMSTATE_CLOCK(s32kclk, ARMSSE),
1671 VMSTATE_UINT32(nsccfg, ARMSSE),
1672 VMSTATE_END_OF_LIST()
1673 }
1674 };
1675
1676 static void armsse_reset(DeviceState *dev)
1677 {
1678 ARMSSE *s = ARM_SSE(dev);
1679
1680 s->nsccfg = 0;
1681 }
1682
1683 static void armsse_class_init(ObjectClass *klass, void *data)
1684 {
1685 DeviceClass *dc = DEVICE_CLASS(klass);
1686 IDAUInterfaceClass *iic = IDAU_INTERFACE_CLASS(klass);
1687 ARMSSEClass *asc = ARM_SSE_CLASS(klass);
1688 const ARMSSEInfo *info = data;
1689
1690 dc->realize = armsse_realize;
1691 dc->vmsd = &armsse_vmstate;
1692 device_class_set_props(dc, info->props);
1693 dc->reset = armsse_reset;
1694 iic->check = armsse_idau_check;
1695 asc->info = info;
1696 }
1697
1698 static const TypeInfo armsse_info = {
1699 .name = TYPE_ARM_SSE,
1700 .parent = TYPE_SYS_BUS_DEVICE,
1701 .instance_size = sizeof(ARMSSE),
1702 .class_size = sizeof(ARMSSEClass),
1703 .instance_init = armsse_init,
1704 .abstract = true,
1705 .interfaces = (InterfaceInfo[]) {
1706 { TYPE_IDAU_INTERFACE },
1707 { }
1708 }
1709 };
1710
1711 static void armsse_register_types(void)
1712 {
1713 int i;
1714
1715 type_register_static(&armsse_info);
1716
1717 for (i = 0; i < ARRAY_SIZE(armsse_variants); i++) {
1718 TypeInfo ti = {
1719 .name = armsse_variants[i].name,
1720 .parent = TYPE_ARM_SSE,
1721 .class_init = armsse_class_init,
1722 .class_data = (void *)&armsse_variants[i],
1723 };
1724 type_register(&ti);
1725 }
1726 }
1727
1728 type_init(armsse_register_types);
QEMU mirror