]> git.proxmox.com Git - mirror_qemu.git/blob - hw/dma/pl330.c
projects / mirror_qemu.git / blob
? search:


0d772de9f375f28e564333605380d21f27406d41
[mirror_qemu.git] / hw / dma / pl330.c
1 /*
2 * ARM PrimeCell PL330 DMA Controller
3 *
4 * Copyright (c) 2009 Samsung Electronics.
5 * Contributed by Kirill Batuzov <batuzovk@ispras.ru>
6 * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.crosthwaite@petalogix.com)
7 * Copyright (c) 2012 PetaLogix Pty Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; version 2 or later.
12 *
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, see <http://www.gnu.org/licenses/>.
15 */
16
17 #include "qemu/osdep.h"
18 #include "qemu-common.h"
19 #include "hw/irq.h"
20 #include "hw/sysbus.h"
21 #include "qapi/error.h"
22 #include "qemu/timer.h"
23 #include "sysemu/dma.h"
24 #include "qemu/log.h"
25 #include "qemu/module.h"
26
27 #ifndef PL330_ERR_DEBUG
28 #define PL330_ERR_DEBUG 0
29 #endif
30
31 #define DB_PRINT_L(lvl, fmt, args...) do {\
32 if (PL330_ERR_DEBUG >= lvl) {\
33 fprintf(stderr, "PL330: %s:" fmt, __func__, ## args);\
34 } \
35 } while (0)
36
37 #define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
38
39 #define PL330_PERIPH_NUM 32
40 #define PL330_MAX_BURST_LEN 128
41 #define PL330_INSN_MAXSIZE 6
42
43 #define PL330_FIFO_OK 0
44 #define PL330_FIFO_STALL 1
45 #define PL330_FIFO_ERR (-1)
46
47 #define PL330_FAULT_UNDEF_INSTR (1 << 0)
48 #define PL330_FAULT_OPERAND_INVALID (1 << 1)
49 #define PL330_FAULT_DMAGO_ERR (1 << 4)
50 #define PL330_FAULT_EVENT_ERR (1 << 5)
51 #define PL330_FAULT_CH_PERIPH_ERR (1 << 6)
52 #define PL330_FAULT_CH_RDWR_ERR (1 << 7)
53 #define PL330_FAULT_ST_DATA_UNAVAILABLE (1 << 12)
54 #define PL330_FAULT_FIFOEMPTY_ERR (1 << 13)
55 #define PL330_FAULT_INSTR_FETCH_ERR (1 << 16)
56 #define PL330_FAULT_DATA_WRITE_ERR (1 << 17)
57 #define PL330_FAULT_DATA_READ_ERR (1 << 18)
58 #define PL330_FAULT_DBG_INSTR (1 << 30)
59 #define PL330_FAULT_LOCKUP_ERR (1 << 31)
60
61 #define PL330_UNTAGGED 0xff
62
63 #define PL330_SINGLE 0x0
64 #define PL330_BURST 0x1
65
66 #define PL330_WATCHDOG_LIMIT 1024
67
68 /* IOMEM mapped registers */
69 #define PL330_REG_DSR 0x000
70 #define PL330_REG_DPC 0x004
71 #define PL330_REG_INTEN 0x020
72 #define PL330_REG_INT_EVENT_RIS 0x024
73 #define PL330_REG_INTMIS 0x028
74 #define PL330_REG_INTCLR 0x02C
75 #define PL330_REG_FSRD 0x030
76 #define PL330_REG_FSRC 0x034
77 #define PL330_REG_FTRD 0x038
78 #define PL330_REG_FTR_BASE 0x040
79 #define PL330_REG_CSR_BASE 0x100
80 #define PL330_REG_CPC_BASE 0x104
81 #define PL330_REG_CHANCTRL 0x400
82 #define PL330_REG_DBGSTATUS 0xD00
83 #define PL330_REG_DBGCMD 0xD04
84 #define PL330_REG_DBGINST0 0xD08
85 #define PL330_REG_DBGINST1 0xD0C
86 #define PL330_REG_CR0_BASE 0xE00
87 #define PL330_REG_PERIPH_ID 0xFE0
88
89 #define PL330_IOMEM_SIZE 0x1000
90
91 #define CFG_BOOT_ADDR 2
92 #define CFG_INS 3
93 #define CFG_PNS 4
94 #define CFG_CRD 5
95
96 static const uint32_t pl330_id[] = {
97 0x30, 0x13, 0x24, 0x00, 0x0D, 0xF0, 0x05, 0xB1
98 };
99
100 /* DMA channel states as they are described in PL330 Technical Reference Manual
101 * Most of them will not be used in emulation.
102 */
103 typedef enum {
104 pl330_chan_stopped = 0,
105 pl330_chan_executing = 1,
106 pl330_chan_cache_miss = 2,
107 pl330_chan_updating_pc = 3,
108 pl330_chan_waiting_event = 4,
109 pl330_chan_at_barrier = 5,
110 pl330_chan_queue_busy = 6,
111 pl330_chan_waiting_periph = 7,
112 pl330_chan_killing = 8,
113 pl330_chan_completing = 9,
114 pl330_chan_fault_completing = 14,
115 pl330_chan_fault = 15,
116 } PL330ChanState;
117
118 typedef struct PL330State PL330State;
119
120 typedef struct PL330Chan {
121 uint32_t src;
122 uint32_t dst;
123 uint32_t pc;
124 uint32_t control;
125 uint32_t status;
126 uint32_t lc[2];
127 uint32_t fault_type;
128 uint32_t watchdog_timer;
129
130 bool ns;
131 uint8_t request_flag;
132 uint8_t wakeup;
133 uint8_t wfp_sbp;
134
135 uint8_t state;
136 uint8_t stall;
137
138 bool is_manager;
139 PL330State *parent;
140 uint8_t tag;
141 } PL330Chan;
142
143 static const VMStateDescription vmstate_pl330_chan = {
144 .name = "pl330_chan",
145 .version_id = 1,
146 .minimum_version_id = 1,
147 .fields = (VMStateField[]) {
148 VMSTATE_UINT32(src, PL330Chan),
149 VMSTATE_UINT32(dst, PL330Chan),
150 VMSTATE_UINT32(pc, PL330Chan),
151 VMSTATE_UINT32(control, PL330Chan),
152 VMSTATE_UINT32(status, PL330Chan),
153 VMSTATE_UINT32_ARRAY(lc, PL330Chan, 2),
154 VMSTATE_UINT32(fault_type, PL330Chan),
155 VMSTATE_UINT32(watchdog_timer, PL330Chan),
156 VMSTATE_BOOL(ns, PL330Chan),
157 VMSTATE_UINT8(request_flag, PL330Chan),
158 VMSTATE_UINT8(wakeup, PL330Chan),
159 VMSTATE_UINT8(wfp_sbp, PL330Chan),
160 VMSTATE_UINT8(state, PL330Chan),
161 VMSTATE_UINT8(stall, PL330Chan),
162 VMSTATE_END_OF_LIST()
163 }
164 };
165
166 typedef struct PL330Fifo {
167 uint8_t *buf;
168 uint8_t *tag;
169 uint32_t head;
170 uint32_t num;
171 uint32_t buf_size;
172 } PL330Fifo;
173
174 static const VMStateDescription vmstate_pl330_fifo = {
175 .name = "pl330_chan",
176 .version_id = 1,
177 .minimum_version_id = 1,
178 .fields = (VMStateField[]) {
179 VMSTATE_VBUFFER_UINT32(buf, PL330Fifo, 1, NULL, buf_size),
180 VMSTATE_VBUFFER_UINT32(tag, PL330Fifo, 1, NULL, buf_size),
181 VMSTATE_UINT32(head, PL330Fifo),
182 VMSTATE_UINT32(num, PL330Fifo),
183 VMSTATE_UINT32(buf_size, PL330Fifo),
184 VMSTATE_END_OF_LIST()
185 }
186 };
187
188 typedef struct PL330QueueEntry {
189 uint32_t addr;
190 uint32_t len;
191 uint8_t n;
192 bool inc;
193 bool z;
194 uint8_t tag;
195 uint8_t seqn;
196 } PL330QueueEntry;
197
198 static const VMStateDescription vmstate_pl330_queue_entry = {
199 .name = "pl330_queue_entry",
200 .version_id = 1,
201 .minimum_version_id = 1,
202 .fields = (VMStateField[]) {
203 VMSTATE_UINT32(addr, PL330QueueEntry),
204 VMSTATE_UINT32(len, PL330QueueEntry),
205 VMSTATE_UINT8(n, PL330QueueEntry),
206 VMSTATE_BOOL(inc, PL330QueueEntry),
207 VMSTATE_BOOL(z, PL330QueueEntry),
208 VMSTATE_UINT8(tag, PL330QueueEntry),
209 VMSTATE_UINT8(seqn, PL330QueueEntry),
210 VMSTATE_END_OF_LIST()
211 }
212 };
213
214 typedef struct PL330Queue {
215 PL330State *parent;
216 PL330QueueEntry *queue;
217 uint32_t queue_size;
218 } PL330Queue;
219
220 static const VMStateDescription vmstate_pl330_queue = {
221 .name = "pl330_queue",
222 .version_id = 2,
223 .minimum_version_id = 2,
224 .fields = (VMStateField[]) {
225 VMSTATE_STRUCT_VARRAY_POINTER_UINT32(queue, PL330Queue, queue_size,
226 vmstate_pl330_queue_entry,
227 PL330QueueEntry),
228 VMSTATE_END_OF_LIST()
229 }
230 };
231
232 struct PL330State {
233 SysBusDevice parent_obj;
234
235 MemoryRegion iomem;
236 qemu_irq irq_abort;
237 qemu_irq *irq;
238
239 /* Config registers. cfg[5] = CfgDn. */
240 uint32_t cfg[6];
241 #define EVENT_SEC_STATE 3
242 #define PERIPH_SEC_STATE 4
243 /* cfg 0 bits and pieces */
244 uint32_t num_chnls;
245 uint8_t num_periph_req;
246 uint8_t num_events;
247 uint8_t mgr_ns_at_rst;
248 /* cfg 1 bits and pieces */
249 uint8_t i_cache_len;
250 uint8_t num_i_cache_lines;
251 /* CRD bits and pieces */
252 uint8_t data_width;
253 uint8_t wr_cap;
254 uint8_t wr_q_dep;
255 uint8_t rd_cap;
256 uint8_t rd_q_dep;
257 uint16_t data_buffer_dep;
258
259 PL330Chan manager;
260 PL330Chan *chan;
261 PL330Fifo fifo;
262 PL330Queue read_queue;
263 PL330Queue write_queue;
264 uint8_t *lo_seqn;
265 uint8_t *hi_seqn;
266 QEMUTimer *timer; /* is used for restore dma. */
267
268 uint32_t inten;
269 uint32_t int_status;
270 uint32_t ev_status;
271 uint32_t dbg[2];
272 uint8_t debug_status;
273 uint8_t num_faulting;
274 uint8_t periph_busy[PL330_PERIPH_NUM];
275
276 };
277
278 #define TYPE_PL330 "pl330"
279 #define PL330(obj) OBJECT_CHECK(PL330State, (obj), TYPE_PL330)
280
281 static const VMStateDescription vmstate_pl330 = {
282 .name = "pl330",
283 .version_id = 2,
284 .minimum_version_id = 2,
285 .fields = (VMStateField[]) {
286 VMSTATE_STRUCT(manager, PL330State, 0, vmstate_pl330_chan, PL330Chan),
287 VMSTATE_STRUCT_VARRAY_POINTER_UINT32(chan, PL330State, num_chnls,
288 vmstate_pl330_chan, PL330Chan),
289 VMSTATE_VBUFFER_UINT32(lo_seqn, PL330State, 1, NULL, num_chnls),
290 VMSTATE_VBUFFER_UINT32(hi_seqn, PL330State, 1, NULL, num_chnls),
291 VMSTATE_STRUCT(fifo, PL330State, 0, vmstate_pl330_fifo, PL330Fifo),
292 VMSTATE_STRUCT(read_queue, PL330State, 0, vmstate_pl330_queue,
293 PL330Queue),
294 VMSTATE_STRUCT(write_queue, PL330State, 0, vmstate_pl330_queue,
295 PL330Queue),
296 VMSTATE_TIMER_PTR(timer, PL330State),
297 VMSTATE_UINT32(inten, PL330State),
298 VMSTATE_UINT32(int_status, PL330State),
299 VMSTATE_UINT32(ev_status, PL330State),
300 VMSTATE_UINT32_ARRAY(dbg, PL330State, 2),
301 VMSTATE_UINT8(debug_status, PL330State),
302 VMSTATE_UINT8(num_faulting, PL330State),
303 VMSTATE_UINT8_ARRAY(periph_busy, PL330State, PL330_PERIPH_NUM),
304 VMSTATE_END_OF_LIST()
305 }
306 };
307
308 typedef struct PL330InsnDesc {
309 /* OPCODE of the instruction */
310 uint8_t opcode;
311 /* Mask so we can select several sibling instructions, such as
312 DMALD, DMALDS and DMALDB */
313 uint8_t opmask;
314 /* Size of instruction in bytes */
315 uint8_t size;
316 /* Interpreter */
317 void (*exec)(PL330Chan *, uint8_t opcode, uint8_t *args, int len);
318 } PL330InsnDesc;
319
320
321 /* MFIFO Implementation
322 *
323 * MFIFO is implemented as a cyclic buffer of BUF_SIZE size. Tagged bytes are
324 * stored in this buffer. Data is stored in BUF field, tags - in the
325 * corresponding array elements of TAG field.
326 */
327
328 /* Initialize queue. */
329
330 static void pl330_fifo_init(PL330Fifo *s, uint32_t size)
331 {
332 s->buf = g_malloc0(size);
333 s->tag = g_malloc0(size);
334 s->buf_size = size;
335 }
336
337 /* Cyclic increment */
338
339 static inline int pl330_fifo_inc(PL330Fifo *s, int x)
340 {
341 return (x + 1) % s->buf_size;
342 }
343
344 /* Number of empty bytes in MFIFO */
345
346 static inline int pl330_fifo_num_free(PL330Fifo *s)
347 {
348 return s->buf_size - s->num;
349 }
350
351 /* Push LEN bytes of data stored in BUF to MFIFO and tag it with TAG.
352 * Zero returned on success, PL330_FIFO_STALL if there is no enough free
353 * space in MFIFO to store requested amount of data. If push was unsuccessful
354 * no data is stored to MFIFO.
355 */
356
357 static int pl330_fifo_push(PL330Fifo *s, uint8_t *buf, int len, uint8_t tag)
358 {
359 int i;
360
361 if (s->buf_size - s->num < len) {
362 return PL330_FIFO_STALL;
363 }
364 for (i = 0; i < len; i++) {
365 int push_idx = (s->head + s->num + i) % s->buf_size;
366 s->buf[push_idx] = buf[i];
367 s->tag[push_idx] = tag;
368 }
369 s->num += len;
370 return PL330_FIFO_OK;
371 }
372
373 /* Get LEN bytes of data from MFIFO and store it to BUF. Tag value of each
374 * byte is verified. Zero returned on success, PL330_FIFO_ERR on tag mismatch
375 * and PL330_FIFO_STALL if there is no enough data in MFIFO. If get was
376 * unsuccessful no data is removed from MFIFO.
377 */
378
379 static int pl330_fifo_get(PL330Fifo *s, uint8_t *buf, int len, uint8_t tag)
380 {
381 int i;
382
383 if (s->num < len) {
384 return PL330_FIFO_STALL;
385 }
386 for (i = 0; i < len; i++) {
387 if (s->tag[s->head] == tag) {
388 int get_idx = (s->head + i) % s->buf_size;
389 buf[i] = s->buf[get_idx];
390 } else { /* Tag mismatch - Rollback transaction */
391 return PL330_FIFO_ERR;
392 }
393 }
394 s->head = (s->head + len) % s->buf_size;
395 s->num -= len;
396 return PL330_FIFO_OK;
397 }
398
399 /* Reset MFIFO. This completely erases all data in it. */
400
401 static inline void pl330_fifo_reset(PL330Fifo *s)
402 {
403 s->head = 0;
404 s->num = 0;
405 }
406
407 /* Return tag of the first byte stored in MFIFO. If MFIFO is empty
408 * PL330_UNTAGGED is returned.
409 */
410
411 static inline uint8_t pl330_fifo_tag(PL330Fifo *s)
412 {
413 return (!s->num) ? PL330_UNTAGGED : s->tag[s->head];
414 }
415
416 /* Returns non-zero if tag TAG is present in fifo or zero otherwise */
417
418 static int pl330_fifo_has_tag(PL330Fifo *s, uint8_t tag)
419 {
420 int i, n;
421
422 i = s->head;
423 for (n = 0; n < s->num; n++) {
424 if (s->tag[i] == tag) {
425 return 1;
426 }
427 i = pl330_fifo_inc(s, i);
428 }
429 return 0;
430 }
431
432 /* Remove all entry tagged with TAG from MFIFO */
433
434 static void pl330_fifo_tagged_remove(PL330Fifo *s, uint8_t tag)
435 {
436 int i, t, n;
437
438 t = i = s->head;
439 for (n = 0; n < s->num; n++) {
440 if (s->tag[i] != tag) {
441 s->buf[t] = s->buf[i];
442 s->tag[t] = s->tag[i];
443 t = pl330_fifo_inc(s, t);
444 } else {
445 s->num = s->num - 1;
446 }
447 i = pl330_fifo_inc(s, i);
448 }
449 }
450
451 /* Read-Write Queue implementation
452 *
453 * A Read-Write Queue stores up to QUEUE_SIZE instructions (loads or stores).
454 * Each instruction is described by source (for loads) or destination (for
455 * stores) address ADDR, width of data to be loaded/stored LEN, number of
456 * stores/loads to be performed N, INC bit, Z bit and TAG to identify channel
457 * this instruction belongs to. Queue does not store any information about
458 * nature of the instruction: is it load or store. PL330 has different queues
459 * for loads and stores so this is already known at the top level where it
460 * matters.
461 *
462 * Queue works as FIFO for instructions with equivalent tags, but can issue
463 * instructions with different tags in arbitrary order. SEQN field attached to
464 * each instruction helps to achieve this. For each TAG queue contains
465 * instructions with consecutive SEQN values ranging from LO_SEQN[TAG] to
466 * HI_SEQN[TAG]-1 inclusive. SEQN is 8-bit unsigned integer, so SEQN=255 is
467 * followed by SEQN=0.
468 *
469 * Z bit indicates that zeroes should be stored. No MFIFO fetches are performed
470 * in this case.
471 */
472
473 static void pl330_queue_reset(PL330Queue *s)
474 {
475 int i;
476
477 for (i = 0; i < s->queue_size; i++) {
478 s->queue[i].tag = PL330_UNTAGGED;
479 }
480 }
481
482 /* Initialize queue */
483 static void pl330_queue_init(PL330Queue *s, int size, PL330State *parent)
484 {
485 s->parent = parent;
486 s->queue = g_new0(PL330QueueEntry, size);
487 s->queue_size = size;
488 }
489
490 /* Returns pointer to an empty slot or NULL if queue is full */
491 static PL330QueueEntry *pl330_queue_find_empty(PL330Queue *s)
492 {
493 int i;
494
495 for (i = 0; i < s->queue_size; i++) {
496 if (s->queue[i].tag == PL330_UNTAGGED) {
497 return &s->queue[i];
498 }
499 }
500 return NULL;
501 }
502
503 /* Put instruction in queue.
504 * Return value:
505 * - zero - OK
506 * - non-zero - queue is full
507 */
508
509 static int pl330_queue_put_insn(PL330Queue *s, uint32_t addr,
510 int len, int n, bool inc, bool z, uint8_t tag)
511 {
512 PL330QueueEntry *entry = pl330_queue_find_empty(s);
513
514 if (!entry) {
515 return 1;
516 }
517 entry->tag = tag;
518 entry->addr = addr;
519 entry->len = len;
520 entry->n = n;
521 entry->z = z;
522 entry->inc = inc;
523 entry->seqn = s->parent->hi_seqn[tag];
524 s->parent->hi_seqn[tag]++;
525 return 0;
526 }
527
528 /* Returns a pointer to queue slot containing instruction which satisfies
529 * following conditions:
530 * - it has valid tag value (not PL330_UNTAGGED)
531 * - if enforce_seq is set it has to be issuable without violating queue
532 * logic (see above)
533 * - if TAG argument is not PL330_UNTAGGED this instruction has tag value
534 * equivalent to the argument TAG value.
535 * If such instruction cannot be found NULL is returned.
536 */
537
538 static PL330QueueEntry *pl330_queue_find_insn(PL330Queue *s, uint8_t tag,
539 bool enforce_seq)
540 {
541 int i;
542
543 for (i = 0; i < s->queue_size; i++) {
544 if (s->queue[i].tag != PL330_UNTAGGED) {
545 if ((!enforce_seq ||
546 s->queue[i].seqn == s->parent->lo_seqn[s->queue[i].tag]) &&
547 (s->queue[i].tag == tag || tag == PL330_UNTAGGED ||
548 s->queue[i].z)) {
549 return &s->queue[i];
550 }
551 }
552 }
553 return NULL;
554 }
555
556 /* Removes instruction from queue. */
557
558 static inline void pl330_queue_remove_insn(PL330Queue *s, PL330QueueEntry *e)
559 {
560 s->parent->lo_seqn[e->tag]++;
561 e->tag = PL330_UNTAGGED;
562 }
563
564 /* Removes all instructions tagged with TAG from queue. */
565
566 static inline void pl330_queue_remove_tagged(PL330Queue *s, uint8_t tag)
567 {
568 int i;
569
570 for (i = 0; i < s->queue_size; i++) {
571 if (s->queue[i].tag == tag) {
572 s->queue[i].tag = PL330_UNTAGGED;
573 }
574 }
575 }
576
577 /* DMA instruction execution engine */
578
579 /* Moves DMA channel to the FAULT state and updates it's status. */
580
581 static inline void pl330_fault(PL330Chan *ch, uint32_t flags)
582 {
583 DB_PRINT("ch: %p, flags: %" PRIx32 "\n", ch, flags);
584 ch->fault_type |= flags;
585 if (ch->state == pl330_chan_fault) {
586 return;
587 }
588 ch->state = pl330_chan_fault;
589 ch->parent->num_faulting++;
590 if (ch->parent->num_faulting == 1) {
591 DB_PRINT("abort interrupt raised\n");
592 qemu_irq_raise(ch->parent->irq_abort);
593 }
594 }
595
596 /*
597 * For information about instructions see PL330 Technical Reference Manual.
598 *
599 * Arguments:
600 * CH - channel executing the instruction
601 * OPCODE - opcode
602 * ARGS - array of 8-bit arguments
603 * LEN - number of elements in ARGS array
604 */
605
606 static void pl330_dmaadxh(PL330Chan *ch, uint8_t *args, bool ra, bool neg)
607 {
608 uint32_t im = (args[1] << 8) | args[0];
609 if (neg) {
610 im |= 0xffffu << 16;
611 }
612
613 if (ch->is_manager) {
614 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR);
615 return;
616 }
617 if (ra) {
618 ch->dst += im;
619 } else {
620 ch->src += im;
621 }
622 }
623
624 static void pl330_dmaaddh(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
625 {
626 pl330_dmaadxh(ch, args, extract32(opcode, 1, 1), false);
627 }
628
629 static void pl330_dmaadnh(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
630 {
631 pl330_dmaadxh(ch, args, extract32(opcode, 1, 1), true);
632 }
633
634 static void pl330_dmaend(PL330Chan *ch, uint8_t opcode,
635 uint8_t *args, int len)
636 {
637 PL330State *s = ch->parent;
638
639 if (ch->state == pl330_chan_executing && !ch->is_manager) {
640 /* Wait for all transfers to complete */
641 if (pl330_fifo_has_tag(&s->fifo, ch->tag) ||
642 pl330_queue_find_insn(&s->read_queue, ch->tag, false) != NULL ||
643 pl330_queue_find_insn(&s->write_queue, ch->tag, false) != NULL) {
644
645 ch->stall = 1;
646 return;
647 }
648 }
649 DB_PRINT("DMA ending!\n");
650 pl330_fifo_tagged_remove(&s->fifo, ch->tag);
651 pl330_queue_remove_tagged(&s->read_queue, ch->tag);
652 pl330_queue_remove_tagged(&s->write_queue, ch->tag);
653 ch->state = pl330_chan_stopped;
654 }
655
656 static void pl330_dmaflushp(PL330Chan *ch, uint8_t opcode,
657 uint8_t *args, int len)
658 {
659 uint8_t periph_id;
660
661 if (args[0] & 7) {
662 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
663 return;
664 }
665 periph_id = (args[0] >> 3) & 0x1f;
666 if (periph_id >= ch->parent->num_periph_req) {
667 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
668 return;
669 }
670 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
671 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
672 return;
673 }
674 /* Do nothing */
675 }
676
677 static void pl330_dmago(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
678 {
679 uint8_t chan_id;
680 uint8_t ns;
681 uint32_t pc;
682 PL330Chan *s;
683
684 DB_PRINT("\n");
685
686 if (!ch->is_manager) {
687 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR);
688 return;
689 }
690 ns = !!(opcode & 2);
691 chan_id = args[0] & 7;
692 if ((args[0] >> 3)) {
693 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
694 return;
695 }
696 if (chan_id >= ch->parent->num_chnls) {
697 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
698 return;
699 }
700 pc = (((uint32_t)args[4]) << 24) | (((uint32_t)args[3]) << 16) |
701 (((uint32_t)args[2]) << 8) | (((uint32_t)args[1]));
702 if (ch->parent->chan[chan_id].state != pl330_chan_stopped) {
703 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
704 return;
705 }
706 if (ch->ns && !ns) {
707 pl330_fault(ch, PL330_FAULT_DMAGO_ERR);
708 return;
709 }
710 s = &ch->parent->chan[chan_id];
711 s->ns = ns;
712 s->pc = pc;
713 s->state = pl330_chan_executing;
714 }
715
716 static void pl330_dmald(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
717 {
718 uint8_t bs = opcode & 3;
719 uint32_t size, num;
720 bool inc;
721
722 if (bs == 2) {
723 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
724 return;
725 }
726 if ((bs == 1 && ch->request_flag == PL330_BURST) ||
727 (bs == 3 && ch->request_flag == PL330_SINGLE)) {
728 /* Perform NOP */
729 return;
730 }
731 if (bs == 1 && ch->request_flag == PL330_SINGLE) {
732 num = 1;
733 } else {
734 num = ((ch->control >> 4) & 0xf) + 1;
735 }
736 size = (uint32_t)1 << ((ch->control >> 1) & 0x7);
737 inc = !!(ch->control & 1);
738 ch->stall = pl330_queue_put_insn(&ch->parent->read_queue, ch->src,
739 size, num, inc, 0, ch->tag);
740 if (!ch->stall) {
741 DB_PRINT("channel:%" PRId8 " address:%08" PRIx32 " size:%" PRIx32
742 " num:%" PRId32 " %c\n",
743 ch->tag, ch->src, size, num, inc ? 'Y' : 'N');
744 ch->src += inc ? size * num - (ch->src & (size - 1)) : 0;
745 }
746 }
747
748 static void pl330_dmaldp(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
749 {
750 uint8_t periph_id;
751
752 if (args[0] & 7) {
753 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
754 return;
755 }
756 periph_id = (args[0] >> 3) & 0x1f;
757 if (periph_id >= ch->parent->num_periph_req) {
758 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
759 return;
760 }
761 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
762 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
763 return;
764 }
765 pl330_dmald(ch, opcode, args, len);
766 }
767
768 static void pl330_dmalp(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
769 {
770 uint8_t lc = (opcode & 2) >> 1;
771
772 ch->lc[lc] = args[0];
773 }
774
775 static void pl330_dmakill(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
776 {
777 if (ch->state == pl330_chan_fault ||
778 ch->state == pl330_chan_fault_completing) {
779 /* This is the only way for a channel to leave the faulting state */
780 ch->fault_type = 0;
781 ch->parent->num_faulting--;
782 if (ch->parent->num_faulting == 0) {
783 DB_PRINT("abort interrupt lowered\n");
784 qemu_irq_lower(ch->parent->irq_abort);
785 }
786 }
787 ch->state = pl330_chan_killing;
788 pl330_fifo_tagged_remove(&ch->parent->fifo, ch->tag);
789 pl330_queue_remove_tagged(&ch->parent->read_queue, ch->tag);
790 pl330_queue_remove_tagged(&ch->parent->write_queue, ch->tag);
791 ch->state = pl330_chan_stopped;
792 }
793
794 static void pl330_dmalpend(PL330Chan *ch, uint8_t opcode,
795 uint8_t *args, int len)
796 {
797 uint8_t nf = (opcode & 0x10) >> 4;
798 uint8_t bs = opcode & 3;
799 uint8_t lc = (opcode & 4) >> 2;
800
801 if (bs == 2) {
802 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
803 return;
804 }
805 if ((bs == 1 && ch->request_flag == PL330_BURST) ||
806 (bs == 3 && ch->request_flag == PL330_SINGLE)) {
807 /* Perform NOP */
808 return;
809 }
810 if (!nf || ch->lc[lc]) {
811 if (nf) {
812 ch->lc[lc]--;
813 }
814 DB_PRINT("loop reiteration\n");
815 ch->pc -= args[0];
816 ch->pc -= len + 1;
817 /* "ch->pc -= args[0] + len + 1" is incorrect when args[0] == 256 */
818 } else {
819 DB_PRINT("loop fallthrough\n");
820 }
821 }
822
823
824 static void pl330_dmamov(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
825 {
826 uint8_t rd = args[0] & 7;
827 uint32_t im;
828
829 if ((args[0] >> 3)) {
830 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
831 return;
832 }
833 im = (((uint32_t)args[4]) << 24) | (((uint32_t)args[3]) << 16) |
834 (((uint32_t)args[2]) << 8) | (((uint32_t)args[1]));
835 switch (rd) {
836 case 0:
837 ch->src = im;
838 break;
839 case 1:
840 ch->control = im;
841 break;
842 case 2:
843 ch->dst = im;
844 break;
845 default:
846 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
847 return;
848 }
849 }
850
851 static void pl330_dmanop(PL330Chan *ch, uint8_t opcode,
852 uint8_t *args, int len)
853 {
854 /* NOP is NOP. */
855 }
856
857 static void pl330_dmarmb(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
858 {
859 if (pl330_queue_find_insn(&ch->parent->read_queue, ch->tag, false)) {
860 ch->state = pl330_chan_at_barrier;
861 ch->stall = 1;
862 return;
863 } else {
864 ch->state = pl330_chan_executing;
865 }
866 }
867
868 static void pl330_dmasev(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
869 {
870 uint8_t ev_id;
871
872 if (args[0] & 7) {
873 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
874 return;
875 }
876 ev_id = (args[0] >> 3) & 0x1f;
877 if (ev_id >= ch->parent->num_events) {
878 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
879 return;
880 }
881 if (ch->ns && !(ch->parent->cfg[CFG_INS] & (1 << ev_id))) {
882 pl330_fault(ch, PL330_FAULT_EVENT_ERR);
883 return;
884 }
885 if (ch->parent->inten & (1 << ev_id)) {
886 ch->parent->int_status |= (1 << ev_id);
887 DB_PRINT("event interrupt raised %" PRId8 "\n", ev_id);
888 qemu_irq_raise(ch->parent->irq[ev_id]);
889 }
890 DB_PRINT("event raised %" PRId8 "\n", ev_id);
891 ch->parent->ev_status |= (1 << ev_id);
892 }
893
894 static void pl330_dmast(PL330Chan *ch, uint8_t opcode, uint8_t *args, int len)
895 {
896 uint8_t bs = opcode & 3;
897 uint32_t size, num;
898 bool inc;
899
900 if (bs == 2) {
901 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
902 return;
903 }
904 if ((bs == 1 && ch->request_flag == PL330_BURST) ||
905 (bs == 3 && ch->request_flag == PL330_SINGLE)) {
906 /* Perform NOP */
907 return;
908 }
909 num = ((ch->control >> 18) & 0xf) + 1;
910 size = (uint32_t)1 << ((ch->control >> 15) & 0x7);
911 inc = !!((ch->control >> 14) & 1);
912 ch->stall = pl330_queue_put_insn(&ch->parent->write_queue, ch->dst,
913 size, num, inc, 0, ch->tag);
914 if (!ch->stall) {
915 DB_PRINT("channel:%" PRId8 " address:%08" PRIx32 " size:%" PRIx32
916 " num:%" PRId32 " %c\n",
917 ch->tag, ch->dst, size, num, inc ? 'Y' : 'N');
918 ch->dst += inc ? size * num - (ch->dst & (size - 1)) : 0;
919 }
920 }
921
922 static void pl330_dmastp(PL330Chan *ch, uint8_t opcode,
923 uint8_t *args, int len)
924 {
925 uint8_t periph_id;
926
927 if (args[0] & 7) {
928 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
929 return;
930 }
931 periph_id = (args[0] >> 3) & 0x1f;
932 if (periph_id >= ch->parent->num_periph_req) {
933 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
934 return;
935 }
936 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
937 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
938 return;
939 }
940 pl330_dmast(ch, opcode, args, len);
941 }
942
943 static void pl330_dmastz(PL330Chan *ch, uint8_t opcode,
944 uint8_t *args, int len)
945 {
946 uint32_t size, num;
947 bool inc;
948
949 num = ((ch->control >> 18) & 0xf) + 1;
950 size = (uint32_t)1 << ((ch->control >> 15) & 0x7);
951 inc = !!((ch->control >> 14) & 1);
952 ch->stall = pl330_queue_put_insn(&ch->parent->write_queue, ch->dst,
953 size, num, inc, 1, ch->tag);
954 if (inc) {
955 ch->dst += size * num;
956 }
957 }
958
959 static void pl330_dmawfe(PL330Chan *ch, uint8_t opcode,
960 uint8_t *args, int len)
961 {
962 uint8_t ev_id;
963 int i;
964
965 if (args[0] & 5) {
966 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
967 return;
968 }
969 ev_id = (args[0] >> 3) & 0x1f;
970 if (ev_id >= ch->parent->num_events) {
971 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
972 return;
973 }
974 if (ch->ns && !(ch->parent->cfg[CFG_INS] & (1 << ev_id))) {
975 pl330_fault(ch, PL330_FAULT_EVENT_ERR);
976 return;
977 }
978 ch->wakeup = ev_id;
979 ch->state = pl330_chan_waiting_event;
980 if (~ch->parent->inten & ch->parent->ev_status & 1 << ev_id) {
981 ch->state = pl330_chan_executing;
982 /* If anyone else is currently waiting on the same event, let them
983 * clear the ev_status so they pick up event as well
984 */
985 for (i = 0; i < ch->parent->num_chnls; ++i) {
986 PL330Chan *peer = &ch->parent->chan[i];
987 if (peer->state == pl330_chan_waiting_event &&
988 peer->wakeup == ev_id) {
989 return;
990 }
991 }
992 ch->parent->ev_status &= ~(1 << ev_id);
993 DB_PRINT("event lowered %" PRIx8 "\n", ev_id);
994 } else {
995 ch->stall = 1;
996 }
997 }
998
999 static void pl330_dmawfp(PL330Chan *ch, uint8_t opcode,
1000 uint8_t *args, int len)
1001 {
1002 uint8_t bs = opcode & 3;
1003 uint8_t periph_id;
1004
1005 if (args[0] & 7) {
1006 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
1007 return;
1008 }
1009 periph_id = (args[0] >> 3) & 0x1f;
1010 if (periph_id >= ch->parent->num_periph_req) {
1011 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
1012 return;
1013 }
1014 if (ch->ns && !(ch->parent->cfg[CFG_PNS] & (1 << periph_id))) {
1015 pl330_fault(ch, PL330_FAULT_CH_PERIPH_ERR);
1016 return;
1017 }
1018 switch (bs) {
1019 case 0: /* S */
1020 ch->request_flag = PL330_SINGLE;
1021 ch->wfp_sbp = 0;
1022 break;
1023 case 1: /* P */
1024 ch->request_flag = PL330_BURST;
1025 ch->wfp_sbp = 2;
1026 break;
1027 case 2: /* B */
1028 ch->request_flag = PL330_BURST;
1029 ch->wfp_sbp = 1;
1030 break;
1031 default:
1032 pl330_fault(ch, PL330_FAULT_OPERAND_INVALID);
1033 return;
1034 }
1035
1036 if (ch->parent->periph_busy[periph_id]) {
1037 ch->state = pl330_chan_waiting_periph;
1038 ch->stall = 1;
1039 } else if (ch->state == pl330_chan_waiting_periph) {
1040 ch->state = pl330_chan_executing;
1041 }
1042 }
1043
1044 static void pl330_dmawmb(PL330Chan *ch, uint8_t opcode,
1045 uint8_t *args, int len)
1046 {
1047 if (pl330_queue_find_insn(&ch->parent->write_queue, ch->tag, false)) {
1048 ch->state = pl330_chan_at_barrier;
1049 ch->stall = 1;
1050 return;
1051 } else {
1052 ch->state = pl330_chan_executing;
1053 }
1054 }
1055
1056 /* NULL terminated array of the instruction descriptions. */
1057 static const PL330InsnDesc insn_desc[] = {
1058 { .opcode = 0x54, .opmask = 0xFD, .size = 3, .exec = pl330_dmaaddh, },
1059 { .opcode = 0x5c, .opmask = 0xFD, .size = 3, .exec = pl330_dmaadnh, },
1060 { .opcode = 0x00, .opmask = 0xFF, .size = 1, .exec = pl330_dmaend, },
1061 { .opcode = 0x35, .opmask = 0xFF, .size = 2, .exec = pl330_dmaflushp, },
1062 { .opcode = 0xA0, .opmask = 0xFD, .size = 6, .exec = pl330_dmago, },
1063 { .opcode = 0x04, .opmask = 0xFC, .size = 1, .exec = pl330_dmald, },
1064 { .opcode = 0x25, .opmask = 0xFD, .size = 2, .exec = pl330_dmaldp, },
1065 { .opcode = 0x20, .opmask = 0xFD, .size = 2, .exec = pl330_dmalp, },
1066 /* dmastp must be before dmalpend in this list, because their maps
1067 * are overlapping
1068 */
1069 { .opcode = 0x29, .opmask = 0xFD, .size = 2, .exec = pl330_dmastp, },
1070 { .opcode = 0x28, .opmask = 0xE8, .size = 2, .exec = pl330_dmalpend, },
1071 { .opcode = 0x01, .opmask = 0xFF, .size = 1, .exec = pl330_dmakill, },
1072 { .opcode = 0xBC, .opmask = 0xFF, .size = 6, .exec = pl330_dmamov, },
1073 { .opcode = 0x18, .opmask = 0xFF, .size = 1, .exec = pl330_dmanop, },
1074 { .opcode = 0x12, .opmask = 0xFF, .size = 1, .exec = pl330_dmarmb, },
1075 { .opcode = 0x34, .opmask = 0xFF, .size = 2, .exec = pl330_dmasev, },
1076 { .opcode = 0x08, .opmask = 0xFC, .size = 1, .exec = pl330_dmast, },
1077 { .opcode = 0x0C, .opmask = 0xFF, .size = 1, .exec = pl330_dmastz, },
1078 { .opcode = 0x36, .opmask = 0xFF, .size = 2, .exec = pl330_dmawfe, },
1079 { .opcode = 0x30, .opmask = 0xFC, .size = 2, .exec = pl330_dmawfp, },
1080 { .opcode = 0x13, .opmask = 0xFF, .size = 1, .exec = pl330_dmawmb, },
1081 { .opcode = 0x00, .opmask = 0x00, .size = 0, .exec = NULL, }
1082 };
1083
1084 /* Instructions which can be issued via debug registers. */
1085 static const PL330InsnDesc debug_insn_desc[] = {
1086 { .opcode = 0xA0, .opmask = 0xFD, .size = 6, .exec = pl330_dmago, },
1087 { .opcode = 0x01, .opmask = 0xFF, .size = 1, .exec = pl330_dmakill, },
1088 { .opcode = 0x34, .opmask = 0xFF, .size = 2, .exec = pl330_dmasev, },
1089 { .opcode = 0x00, .opmask = 0x00, .size = 0, .exec = NULL, }
1090 };
1091
1092 static inline const PL330InsnDesc *pl330_fetch_insn(PL330Chan *ch)
1093 {
1094 uint8_t opcode;
1095 int i;
1096
1097 dma_memory_read(&address_space_memory, ch->pc, &opcode, 1);
1098 for (i = 0; insn_desc[i].size; i++) {
1099 if ((opcode & insn_desc[i].opmask) == insn_desc[i].opcode) {
1100 return &insn_desc[i];
1101 }
1102 }
1103 return NULL;
1104 }
1105
1106 static inline void pl330_exec_insn(PL330Chan *ch, const PL330InsnDesc *insn)
1107 {
1108 uint8_t buf[PL330_INSN_MAXSIZE];
1109
1110 assert(insn->size <= PL330_INSN_MAXSIZE);
1111 dma_memory_read(&address_space_memory, ch->pc, buf, insn->size);
1112 insn->exec(ch, buf[0], &buf[1], insn->size - 1);
1113 }
1114
1115 static inline void pl330_update_pc(PL330Chan *ch,
1116 const PL330InsnDesc *insn)
1117 {
1118 ch->pc += insn->size;
1119 }
1120
1121 /* Try to execute current instruction in channel CH. Number of executed
1122 instructions is returned (0 or 1). */
1123 static int pl330_chan_exec(PL330Chan *ch)
1124 {
1125 const PL330InsnDesc *insn;
1126
1127 if (ch->state != pl330_chan_executing &&
1128 ch->state != pl330_chan_waiting_periph &&
1129 ch->state != pl330_chan_at_barrier &&
1130 ch->state != pl330_chan_waiting_event) {
1131 return 0;
1132 }
1133 ch->stall = 0;
1134 insn = pl330_fetch_insn(ch);
1135 if (!insn) {
1136 DB_PRINT("pl330 undefined instruction\n");
1137 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR);
1138 return 0;
1139 }
1140 pl330_exec_insn(ch, insn);
1141 if (!ch->stall) {
1142 pl330_update_pc(ch, insn);
1143 ch->watchdog_timer = 0;
1144 return 1;
1145 /* WDT only active in exec state */
1146 } else if (ch->state == pl330_chan_executing) {
1147 ch->watchdog_timer++;
1148 if (ch->watchdog_timer >= PL330_WATCHDOG_LIMIT) {
1149 pl330_fault(ch, PL330_FAULT_LOCKUP_ERR);
1150 }
1151 }
1152 return 0;
1153 }
1154
1155 /* Try to execute 1 instruction in each channel, one instruction from read
1156 queue and one instruction from write queue. Number of successfully executed
1157 instructions is returned. */
1158 static int pl330_exec_cycle(PL330Chan *channel)
1159 {
1160 PL330State *s = channel->parent;
1161 PL330QueueEntry *q;
1162 int i;
1163 int num_exec = 0;
1164 int fifo_res = 0;
1165 uint8_t buf[PL330_MAX_BURST_LEN];
1166
1167 /* Execute one instruction in each channel */
1168 num_exec += pl330_chan_exec(channel);
1169
1170 /* Execute one instruction from read queue */
1171 q = pl330_queue_find_insn(&s->read_queue, PL330_UNTAGGED, true);
1172 if (q != NULL && q->len <= pl330_fifo_num_free(&s->fifo)) {
1173 int len = q->len - (q->addr & (q->len - 1));
1174
1175 dma_memory_read(&address_space_memory, q->addr, buf, len);
1176 if (PL330_ERR_DEBUG > 1) {
1177 DB_PRINT("PL330 read from memory @%08" PRIx32 " (size = %08x):\n",
1178 q->addr, len);
1179 qemu_hexdump((char *)buf, stderr, "", len);
1180 }
1181 fifo_res = pl330_fifo_push(&s->fifo, buf, len, q->tag);
1182 if (fifo_res == PL330_FIFO_OK) {
1183 if (q->inc) {
1184 q->addr += len;
1185 }
1186 q->n--;
1187 if (!q->n) {
1188 pl330_queue_remove_insn(&s->read_queue, q);
1189 }
1190 num_exec++;
1191 }
1192 }
1193
1194 /* Execute one instruction from write queue. */
1195 q = pl330_queue_find_insn(&s->write_queue, pl330_fifo_tag(&s->fifo), true);
1196 if (q != NULL) {
1197 int len = q->len - (q->addr & (q->len - 1));
1198
1199 if (q->z) {
1200 for (i = 0; i < len; i++) {
1201 buf[i] = 0;
1202 }
1203 } else {
1204 fifo_res = pl330_fifo_get(&s->fifo, buf, len, q->tag);
1205 }
1206 if (fifo_res == PL330_FIFO_OK || q->z) {
1207 dma_memory_write(&address_space_memory, q->addr, buf, len);
1208 if (PL330_ERR_DEBUG > 1) {
1209 DB_PRINT("PL330 read from memory @%08" PRIx32
1210 " (size = %08x):\n", q->addr, len);
1211 qemu_hexdump((char *)buf, stderr, "", len);
1212 }
1213 if (q->inc) {
1214 q->addr += len;
1215 }
1216 num_exec++;
1217 } else if (fifo_res == PL330_FIFO_STALL) {
1218 pl330_fault(&channel->parent->chan[q->tag],
1219 PL330_FAULT_FIFOEMPTY_ERR);
1220 }
1221 q->n--;
1222 if (!q->n) {
1223 pl330_queue_remove_insn(&s->write_queue, q);
1224 }
1225 }
1226
1227 return num_exec;
1228 }
1229
1230 static int pl330_exec_channel(PL330Chan *channel)
1231 {
1232 int insr_exec = 0;
1233
1234 /* TODO: Is it all right to execute everything or should we do per-cycle
1235 simulation? */
1236 while (pl330_exec_cycle(channel)) {
1237 insr_exec++;
1238 }
1239
1240 /* Detect deadlock */
1241 if (channel->state == pl330_chan_executing) {
1242 pl330_fault(channel, PL330_FAULT_LOCKUP_ERR);
1243 }
1244 /* Situation when one of the queues has deadlocked but all channels
1245 * have finished their programs should be impossible.
1246 */
1247
1248 return insr_exec;
1249 }
1250
1251 static inline void pl330_exec(PL330State *s)
1252 {
1253 DB_PRINT("\n");
1254 int i, insr_exec;
1255 do {
1256 insr_exec = pl330_exec_channel(&s->manager);
1257
1258 for (i = 0; i < s->num_chnls; i++) {
1259 insr_exec += pl330_exec_channel(&s->chan[i]);
1260 }
1261 } while (insr_exec);
1262 }
1263
1264 static void pl330_exec_cycle_timer(void *opaque)
1265 {
1266 PL330State *s = (PL330State *)opaque;
1267 pl330_exec(s);
1268 }
1269
1270 /* Stop or restore dma operations */
1271
1272 static void pl330_dma_stop_irq(void *opaque, int irq, int level)
1273 {
1274 PL330State *s = (PL330State *)opaque;
1275
1276 if (s->periph_busy[irq] != level) {
1277 s->periph_busy[irq] = level;
1278 timer_mod(s->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL));
1279 }
1280 }
1281
1282 static void pl330_debug_exec(PL330State *s)
1283 {
1284 uint8_t args[5];
1285 uint8_t opcode;
1286 uint8_t chan_id;
1287 int i;
1288 PL330Chan *ch;
1289 const PL330InsnDesc *insn;
1290
1291 s->debug_status = 1;
1292 chan_id = (s->dbg[0] >> 8) & 0x07;
1293 opcode = (s->dbg[0] >> 16) & 0xff;
1294 args[0] = (s->dbg[0] >> 24) & 0xff;
1295 args[1] = (s->dbg[1] >> 0) & 0xff;
1296 args[2] = (s->dbg[1] >> 8) & 0xff;
1297 args[3] = (s->dbg[1] >> 16) & 0xff;
1298 args[4] = (s->dbg[1] >> 24) & 0xff;
1299 DB_PRINT("chan id: %" PRIx8 "\n", chan_id);
1300 if (s->dbg[0] & 1) {
1301 ch = &s->chan[chan_id];
1302 } else {
1303 ch = &s->manager;
1304 }
1305 insn = NULL;
1306 for (i = 0; debug_insn_desc[i].size; i++) {
1307 if ((opcode & debug_insn_desc[i].opmask) == debug_insn_desc[i].opcode) {
1308 insn = &debug_insn_desc[i];
1309 }
1310 }
1311 if (!insn) {
1312 pl330_fault(ch, PL330_FAULT_UNDEF_INSTR | PL330_FAULT_DBG_INSTR);
1313 return ;
1314 }
1315 ch->stall = 0;
1316 insn->exec(ch, opcode, args, insn->size - 1);
1317 if (ch->fault_type) {
1318 ch->fault_type |= PL330_FAULT_DBG_INSTR;
1319 }
1320 if (ch->stall) {
1321 qemu_log_mask(LOG_UNIMP, "pl330: stall of debug instruction not "
1322 "implemented\n");
1323 }
1324 s->debug_status = 0;
1325 }
1326
1327 /* IOMEM mapped registers */
1328
1329 static void pl330_iomem_write(void *opaque, hwaddr offset,
1330 uint64_t value, unsigned size)
1331 {
1332 PL330State *s = (PL330State *) opaque;
1333 int i;
1334
1335 DB_PRINT("addr: %08x data: %08x\n", (unsigned)offset, (unsigned)value);
1336
1337 switch (offset) {
1338 case PL330_REG_INTEN:
1339 s->inten = value;
1340 break;
1341 case PL330_REG_INTCLR:
1342 for (i = 0; i < s->num_events; i++) {
1343 if (s->int_status & s->inten & value & (1 << i)) {
1344 DB_PRINT("event interrupt lowered %d\n", i);
1345 qemu_irq_lower(s->irq[i]);
1346 }
1347 }
1348 s->ev_status &= ~(value & s->inten);
1349 s->int_status &= ~(value & s->inten);
1350 break;
1351 case PL330_REG_DBGCMD:
1352 if ((value & 3) == 0) {
1353 pl330_debug_exec(s);
1354 pl330_exec(s);
1355 } else {
1356 qemu_log_mask(LOG_GUEST_ERROR, "pl330: write of illegal value %u "
1357 "for offset " TARGET_FMT_plx "\n", (unsigned)value,
1358 offset);
1359 }
1360 break;
1361 case PL330_REG_DBGINST0:
1362 DB_PRINT("s->dbg[0] = %08x\n", (unsigned)value);
1363 s->dbg[0] = value;
1364 break;
1365 case PL330_REG_DBGINST1:
1366 DB_PRINT("s->dbg[1] = %08x\n", (unsigned)value);
1367 s->dbg[1] = value;
1368 break;
1369 default:
1370 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad write offset " TARGET_FMT_plx
1371 "\n", offset);
1372 break;
1373 }
1374 }
1375
1376 static inline uint32_t pl330_iomem_read_imp(void *opaque,
1377 hwaddr offset)
1378 {
1379 PL330State *s = (PL330State *)opaque;
1380 int chan_id;
1381 int i;
1382 uint32_t res;
1383
1384 if (offset >= PL330_REG_PERIPH_ID && offset < PL330_REG_PERIPH_ID + 32) {
1385 return pl330_id[(offset - PL330_REG_PERIPH_ID) >> 2];
1386 }
1387 if (offset >= PL330_REG_CR0_BASE && offset < PL330_REG_CR0_BASE + 24) {
1388 return s->cfg[(offset - PL330_REG_CR0_BASE) >> 2];
1389 }
1390 if (offset >= PL330_REG_CHANCTRL && offset < PL330_REG_DBGSTATUS) {
1391 offset -= PL330_REG_CHANCTRL;
1392 chan_id = offset >> 5;
1393 if (chan_id >= s->num_chnls) {
1394 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1395 TARGET_FMT_plx "\n", offset);
1396 return 0;
1397 }
1398 switch (offset & 0x1f) {
1399 case 0x00:
1400 return s->chan[chan_id].src;
1401 case 0x04:
1402 return s->chan[chan_id].dst;
1403 case 0x08:
1404 return s->chan[chan_id].control;
1405 case 0x0C:
1406 return s->chan[chan_id].lc[0];
1407 case 0x10:
1408 return s->chan[chan_id].lc[1];
1409 default:
1410 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1411 TARGET_FMT_plx "\n", offset);
1412 return 0;
1413 }
1414 }
1415 if (offset >= PL330_REG_CSR_BASE && offset < 0x400) {
1416 offset -= PL330_REG_CSR_BASE;
1417 chan_id = offset >> 3;
1418 if (chan_id >= s->num_chnls) {
1419 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1420 TARGET_FMT_plx "\n", offset);
1421 return 0;
1422 }
1423 switch ((offset >> 2) & 1) {
1424 case 0x0:
1425 res = (s->chan[chan_id].ns << 21) |
1426 (s->chan[chan_id].wakeup << 4) |
1427 (s->chan[chan_id].state) |
1428 (s->chan[chan_id].wfp_sbp << 14);
1429 return res;
1430 case 0x1:
1431 return s->chan[chan_id].pc;
1432 default:
1433 qemu_log_mask(LOG_GUEST_ERROR, "pl330: read error\n");
1434 return 0;
1435 }
1436 }
1437 if (offset >= PL330_REG_FTR_BASE && offset < 0x100) {
1438 offset -= PL330_REG_FTR_BASE;
1439 chan_id = offset >> 2;
1440 if (chan_id >= s->num_chnls) {
1441 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1442 TARGET_FMT_plx "\n", offset);
1443 return 0;
1444 }
1445 return s->chan[chan_id].fault_type;
1446 }
1447 switch (offset) {
1448 case PL330_REG_DSR:
1449 return (s->manager.ns << 9) | (s->manager.wakeup << 4) |
1450 (s->manager.state & 0xf);
1451 case PL330_REG_DPC:
1452 return s->manager.pc;
1453 case PL330_REG_INTEN:
1454 return s->inten;
1455 case PL330_REG_INT_EVENT_RIS:
1456 return s->ev_status;
1457 case PL330_REG_INTMIS:
1458 return s->int_status;
1459 case PL330_REG_INTCLR:
1460 /* Documentation says that we can't read this register
1461 * but linux kernel does it
1462 */
1463 return 0;
1464 case PL330_REG_FSRD:
1465 return s->manager.state ? 1 : 0;
1466 case PL330_REG_FSRC:
1467 res = 0;
1468 for (i = 0; i < s->num_chnls; i++) {
1469 if (s->chan[i].state == pl330_chan_fault ||
1470 s->chan[i].state == pl330_chan_fault_completing) {
1471 res |= 1 << i;
1472 }
1473 }
1474 return res;
1475 case PL330_REG_FTRD:
1476 return s->manager.fault_type;
1477 case PL330_REG_DBGSTATUS:
1478 return s->debug_status;
1479 default:
1480 qemu_log_mask(LOG_GUEST_ERROR, "pl330: bad read offset "
1481 TARGET_FMT_plx "\n", offset);
1482 }
1483 return 0;
1484 }
1485
1486 static uint64_t pl330_iomem_read(void *opaque, hwaddr offset,
1487 unsigned size)
1488 {
1489 uint32_t ret = pl330_iomem_read_imp(opaque, offset);
1490 DB_PRINT("addr: %08" HWADDR_PRIx " data: %08" PRIx32 "\n", offset, ret);
1491 return ret;
1492 }
1493
1494 static const MemoryRegionOps pl330_ops = {
1495 .read = pl330_iomem_read,
1496 .write = pl330_iomem_write,
1497 .endianness = DEVICE_NATIVE_ENDIAN,
1498 .impl = {
1499 .min_access_size = 4,
1500 .max_access_size = 4,
1501 }
1502 };
1503
1504 /* Controller logic and initialization */
1505
1506 static void pl330_chan_reset(PL330Chan *ch)
1507 {
1508 ch->src = 0;
1509 ch->dst = 0;
1510 ch->pc = 0;
1511 ch->state = pl330_chan_stopped;
1512 ch->watchdog_timer = 0;
1513 ch->stall = 0;
1514 ch->control = 0;
1515 ch->status = 0;
1516 ch->fault_type = 0;
1517 }
1518
1519 static void pl330_reset(DeviceState *d)
1520 {
1521 int i;
1522 PL330State *s = PL330(d);
1523
1524 s->inten = 0;
1525 s->int_status = 0;
1526 s->ev_status = 0;
1527 s->debug_status = 0;
1528 s->num_faulting = 0;
1529 s->manager.ns = s->mgr_ns_at_rst;
1530 pl330_fifo_reset(&s->fifo);
1531 pl330_queue_reset(&s->read_queue);
1532 pl330_queue_reset(&s->write_queue);
1533
1534 for (i = 0; i < s->num_chnls; i++) {
1535 pl330_chan_reset(&s->chan[i]);
1536 }
1537 for (i = 0; i < s->num_periph_req; i++) {
1538 s->periph_busy[i] = 0;
1539 }
1540
1541 timer_del(s->timer);
1542 }
1543
1544 static void pl330_realize(DeviceState *dev, Error **errp)
1545 {
1546 int i;
1547 PL330State *s = PL330(dev);
1548
1549 sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq_abort);
1550 memory_region_init_io(&s->iomem, OBJECT(s), &pl330_ops, s,
1551 "dma", PL330_IOMEM_SIZE);
1552 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem);
1553
1554 s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pl330_exec_cycle_timer, s);
1555
1556 s->cfg[0] = (s->mgr_ns_at_rst ? 0x4 : 0) |
1557 (s->num_periph_req > 0 ? 1 : 0) |
1558 ((s->num_chnls - 1) & 0x7) << 4 |
1559 ((s->num_periph_req - 1) & 0x1f) << 12 |
1560 ((s->num_events - 1) & 0x1f) << 17;
1561
1562 switch (s->i_cache_len) {
1563 case (4):
1564 s->cfg[1] |= 2;
1565 break;
1566 case (8):
1567 s->cfg[1] |= 3;
1568 break;
1569 case (16):
1570 s->cfg[1] |= 4;
1571 break;
1572 case (32):
1573 s->cfg[1] |= 5;
1574 break;
1575 default:
1576 error_setg(errp, "Bad value for i-cache_len property: %" PRIx8,
1577 s->i_cache_len);
1578 return;
1579 }
1580 s->cfg[1] |= ((s->num_i_cache_lines - 1) & 0xf) << 4;
1581
1582 s->chan = g_new0(PL330Chan, s->num_chnls);
1583 s->hi_seqn = g_new0(uint8_t, s->num_chnls);
1584 s->lo_seqn = g_new0(uint8_t, s->num_chnls);
1585 for (i = 0; i < s->num_chnls; i++) {
1586 s->chan[i].parent = s;
1587 s->chan[i].tag = (uint8_t)i;
1588 }
1589 s->manager.parent = s;
1590 s->manager.tag = s->num_chnls;
1591 s->manager.is_manager = true;
1592
1593 s->irq = g_new0(qemu_irq, s->num_events);
1594 for (i = 0; i < s->num_events; i++) {
1595 sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq[i]);
1596 }
1597
1598 qdev_init_gpio_in(dev, pl330_dma_stop_irq, PL330_PERIPH_NUM);
1599
1600 switch (s->data_width) {
1601 case (32):
1602 s->cfg[CFG_CRD] |= 0x2;
1603 break;
1604 case (64):
1605 s->cfg[CFG_CRD] |= 0x3;
1606 break;
1607 case (128):
1608 s->cfg[CFG_CRD] |= 0x4;
1609 break;
1610 default:
1611 error_setg(errp, "Bad value for data_width property: %" PRIx8,
1612 s->data_width);
1613 return;
1614 }
1615
1616 s->cfg[CFG_CRD] |= ((s->wr_cap - 1) & 0x7) << 4 |
1617 ((s->wr_q_dep - 1) & 0xf) << 8 |
1618 ((s->rd_cap - 1) & 0x7) << 12 |
1619 ((s->rd_q_dep - 1) & 0xf) << 16 |
1620 ((s->data_buffer_dep - 1) & 0x1ff) << 20;
1621
1622 pl330_queue_init(&s->read_queue, s->rd_q_dep, s);
1623 pl330_queue_init(&s->write_queue, s->wr_q_dep, s);
1624 pl330_fifo_init(&s->fifo, s->data_width / 4 * s->data_buffer_dep);
1625 }
1626
1627 static Property pl330_properties[] = {
1628 /* CR0 */
1629 DEFINE_PROP_UINT32("num_chnls", PL330State, num_chnls, 8),
1630 DEFINE_PROP_UINT8("num_periph_req", PL330State, num_periph_req, 4),
1631 DEFINE_PROP_UINT8("num_events", PL330State, num_events, 16),
1632 DEFINE_PROP_UINT8("mgr_ns_at_rst", PL330State, mgr_ns_at_rst, 0),
1633 /* CR1 */
1634 DEFINE_PROP_UINT8("i-cache_len", PL330State, i_cache_len, 4),
1635 DEFINE_PROP_UINT8("num_i-cache_lines", PL330State, num_i_cache_lines, 8),
1636 /* CR2-4 */
1637 DEFINE_PROP_UINT32("boot_addr", PL330State, cfg[CFG_BOOT_ADDR], 0),
1638 DEFINE_PROP_UINT32("INS", PL330State, cfg[CFG_INS], 0),
1639 DEFINE_PROP_UINT32("PNS", PL330State, cfg[CFG_PNS], 0),
1640 /* CRD */
1641 DEFINE_PROP_UINT8("data_width", PL330State, data_width, 64),
1642 DEFINE_PROP_UINT8("wr_cap", PL330State, wr_cap, 8),
1643 DEFINE_PROP_UINT8("wr_q_dep", PL330State, wr_q_dep, 16),
1644 DEFINE_PROP_UINT8("rd_cap", PL330State, rd_cap, 8),
1645 DEFINE_PROP_UINT8("rd_q_dep", PL330State, rd_q_dep, 16),
1646 DEFINE_PROP_UINT16("data_buffer_dep", PL330State, data_buffer_dep, 256),
1647
1648 DEFINE_PROP_END_OF_LIST(),
1649 };
1650
1651 static void pl330_class_init(ObjectClass *klass, void *data)
1652 {
1653 DeviceClass *dc = DEVICE_CLASS(klass);
1654
1655 dc->realize = pl330_realize;
1656 dc->reset = pl330_reset;
1657 dc->props = pl330_properties;
1658 dc->vmsd = &vmstate_pl330;
1659 }
1660
1661 static const TypeInfo pl330_type_info = {
1662 .name = TYPE_PL330,
1663 .parent = TYPE_SYS_BUS_DEVICE,
1664 .instance_size = sizeof(PL330State),
1665 .class_init = pl330_class_init,
1666 };
1667
1668 static void pl330_register_types(void)
1669 {
1670 type_register_static(&pl330_type_info);
1671 }
1672
1673 type_init(pl330_register_types)
QEMU mirror