]> git.proxmox.com Git - qemu.git/blob - target-arm/helper.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Implement iwMMXt instruction set for the PXA270 cpu.
[qemu.git] / target-arm / helper.c
1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <string.h>
4
5 #include "cpu.h"
6 #include "exec-all.h"
7
8 static inline void set_feature(CPUARMState *env, int feature)
9 {
10 env->features |= 1u << feature;
11 }
12
13 static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
14 {
15 env->cp15.c0_cpuid = id;
16 switch (id) {
17 case ARM_CPUID_ARM926:
18 set_feature(env, ARM_FEATURE_VFP);
19 env->vfp.xregs[ARM_VFP_FPSID] = 0x41011090;
20 env->cp15.c0_cachetype = 0x1dd20d2;
21 break;
22 case ARM_CPUID_ARM1026:
23 set_feature(env, ARM_FEATURE_VFP);
24 set_feature(env, ARM_FEATURE_AUXCR);
25 env->vfp.xregs[ARM_VFP_FPSID] = 0x410110a0;
26 env->cp15.c0_cachetype = 0x1dd20d2;
27 break;
28 case ARM_CPUID_PXA250:
29 case ARM_CPUID_PXA255:
30 case ARM_CPUID_PXA260:
31 case ARM_CPUID_PXA261:
32 case ARM_CPUID_PXA262:
33 set_feature(env, ARM_FEATURE_XSCALE);
34 /* JTAG_ID is ((id << 28) | 0x09265013) */
35 env->cp15.c0_cachetype = 0xd172172;
36 break;
37 case ARM_CPUID_PXA270_A0:
38 case ARM_CPUID_PXA270_A1:
39 case ARM_CPUID_PXA270_B0:
40 case ARM_CPUID_PXA270_B1:
41 case ARM_CPUID_PXA270_C0:
42 case ARM_CPUID_PXA270_C5:
43 set_feature(env, ARM_FEATURE_XSCALE);
44 /* JTAG_ID is ((id << 28) | 0x09265013) */
45 set_feature(env, ARM_FEATURE_IWMMXT);
46 env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
47 env->cp15.c0_cachetype = 0xd172172;
48 break;
49 default:
50 cpu_abort(env, "Bad CPU ID: %x\n", id);
51 break;
52 }
53 }
54
55 void cpu_reset(CPUARMState *env)
56 {
57 uint32_t id;
58 id = env->cp15.c0_cpuid;
59 memset(env, 0, offsetof(CPUARMState, breakpoints));
60 if (id)
61 cpu_reset_model_id(env, id);
62 #if defined (CONFIG_USER_ONLY)
63 env->uncached_cpsr = ARM_CPU_MODE_USR;
64 env->vfp.xregs[ARM_VFP_FPEXC] = 1 << 30;
65 #else
66 /* SVC mode with interrupts disabled. */
67 env->uncached_cpsr = ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
68 env->vfp.xregs[ARM_VFP_FPEXC] = 0;
69 #endif
70 env->regs[15] = 0;
71 tlb_flush(env, 1);
72 }
73
74 CPUARMState *cpu_arm_init(void)
75 {
76 CPUARMState *env;
77
78 env = qemu_mallocz(sizeof(CPUARMState));
79 if (!env)
80 return NULL;
81 cpu_exec_init(env);
82 cpu_reset(env);
83 return env;
84 }
85
86 struct arm_cpu_t {
87 uint32_t id;
88 const char *name;
89 };
90
91 static const struct arm_cpu_t arm_cpu_names[] = {
92 { ARM_CPUID_ARM926, "arm926"},
93 { ARM_CPUID_ARM1026, "arm1026"},
94 { ARM_CPUID_PXA250, "pxa250" },
95 { ARM_CPUID_PXA255, "pxa255" },
96 { ARM_CPUID_PXA260, "pxa260" },
97 { ARM_CPUID_PXA261, "pxa261" },
98 { ARM_CPUID_PXA262, "pxa262" },
99 { ARM_CPUID_PXA270, "pxa270" },
100 { ARM_CPUID_PXA270_A0, "pxa270-a0" },
101 { ARM_CPUID_PXA270_A1, "pxa270-a1" },
102 { ARM_CPUID_PXA270_B0, "pxa270-b0" },
103 { ARM_CPUID_PXA270_B1, "pxa270-b1" },
104 { ARM_CPUID_PXA270_C0, "pxa270-c0" },
105 { ARM_CPUID_PXA270_C5, "pxa270-c5" },
106 { 0, NULL}
107 };
108
109 void arm_cpu_list(void)
110 {
111 int i;
112
113 printf ("Available CPUs:\n");
114 for (i = 0; arm_cpu_names[i].name; i++) {
115 printf(" %s\n", arm_cpu_names[i].name);
116 }
117 }
118
119 void cpu_arm_set_model(CPUARMState *env, const char *name)
120 {
121 int i;
122 uint32_t id;
123
124 id = 0;
125 i = 0;
126 for (i = 0; arm_cpu_names[i].name; i++) {
127 if (strcmp(name, arm_cpu_names[i].name) == 0) {
128 id = arm_cpu_names[i].id;
129 break;
130 }
131 }
132 if (!id) {
133 cpu_abort(env, "Unknown CPU '%s'", name);
134 return;
135 }
136 cpu_reset_model_id(env, id);
137 }
138
139 void cpu_arm_close(CPUARMState *env)
140 {
141 free(env);
142 }
143
144 #if defined(CONFIG_USER_ONLY)
145
146 void do_interrupt (CPUState *env)
147 {
148 env->exception_index = -1;
149 }
150
151 int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
152 int is_user, int is_softmmu)
153 {
154 if (rw == 2) {
155 env->exception_index = EXCP_PREFETCH_ABORT;
156 env->cp15.c6_insn = address;
157 } else {
158 env->exception_index = EXCP_DATA_ABORT;
159 env->cp15.c6_data = address;
160 }
161 return 1;
162 }
163
164 target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
165 {
166 return addr;
167 }
168
169 /* These should probably raise undefined insn exceptions. */
170 void helper_set_cp(CPUState *env, uint32_t insn, uint32_t val)
171 {
172 int op1 = (insn >> 8) & 0xf;
173 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
174 return;
175 }
176
177 uint32_t helper_get_cp(CPUState *env, uint32_t insn)
178 {
179 int op1 = (insn >> 8) & 0xf;
180 cpu_abort(env, "cp%i insn %08x\n", op1, insn);
181 return 0;
182 }
183
184 void helper_set_cp15(CPUState *env, uint32_t insn, uint32_t val)
185 {
186 cpu_abort(env, "cp15 insn %08x\n", insn);
187 }
188
189 uint32_t helper_get_cp15(CPUState *env, uint32_t insn)
190 {
191 cpu_abort(env, "cp15 insn %08x\n", insn);
192 return 0;
193 }
194
195 void switch_mode(CPUState *env, int mode)
196 {
197 if (mode != ARM_CPU_MODE_USR)
198 cpu_abort(env, "Tried to switch out of user mode\n");
199 }
200
201 #else
202
203 extern int semihosting_enabled;
204
205 /* Map CPU modes onto saved register banks. */
206 static inline int bank_number (int mode)
207 {
208 switch (mode) {
209 case ARM_CPU_MODE_USR:
210 case ARM_CPU_MODE_SYS:
211 return 0;
212 case ARM_CPU_MODE_SVC:
213 return 1;
214 case ARM_CPU_MODE_ABT:
215 return 2;
216 case ARM_CPU_MODE_UND:
217 return 3;
218 case ARM_CPU_MODE_IRQ:
219 return 4;
220 case ARM_CPU_MODE_FIQ:
221 return 5;
222 }
223 cpu_abort(cpu_single_env, "Bad mode %x\n", mode);
224 return -1;
225 }
226
227 void switch_mode(CPUState *env, int mode)
228 {
229 int old_mode;
230 int i;
231
232 old_mode = env->uncached_cpsr & CPSR_M;
233 if (mode == old_mode)
234 return;
235
236 if (old_mode == ARM_CPU_MODE_FIQ) {
237 memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
238 memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
239 } else if (mode == ARM_CPU_MODE_FIQ) {
240 memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
241 memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
242 }
243
244 i = bank_number(old_mode);
245 env->banked_r13[i] = env->regs[13];
246 env->banked_r14[i] = env->regs[14];
247 env->banked_spsr[i] = env->spsr;
248
249 i = bank_number(mode);
250 env->regs[13] = env->banked_r13[i];
251 env->regs[14] = env->banked_r14[i];
252 env->spsr = env->banked_spsr[i];
253 }
254
255 /* Handle a CPU exception. */
256 void do_interrupt(CPUARMState *env)
257 {
258 uint32_t addr;
259 uint32_t mask;
260 int new_mode;
261 uint32_t offset;
262
263 /* TODO: Vectored interrupt controller. */
264 switch (env->exception_index) {
265 case EXCP_UDEF:
266 new_mode = ARM_CPU_MODE_UND;
267 addr = 0x04;
268 mask = CPSR_I;
269 if (env->thumb)
270 offset = 2;
271 else
272 offset = 4;
273 break;
274 case EXCP_SWI:
275 if (semihosting_enabled) {
276 /* Check for semihosting interrupt. */
277 if (env->thumb) {
278 mask = lduw_code(env->regs[15] - 2) & 0xff;
279 } else {
280 mask = ldl_code(env->regs[15] - 4) & 0xffffff;
281 }
282 /* Only intercept calls from privileged modes, to provide some
283 semblance of security. */
284 if (((mask == 0x123456 && !env->thumb)
285 || (mask == 0xab && env->thumb))
286 && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
287 env->regs[0] = do_arm_semihosting(env);
288 return;
289 }
290 }
291 new_mode = ARM_CPU_MODE_SVC;
292 addr = 0x08;
293 mask = CPSR_I;
294 /* The PC already points to the next instructon. */
295 offset = 0;
296 break;
297 case EXCP_PREFETCH_ABORT:
298 case EXCP_BKPT:
299 new_mode = ARM_CPU_MODE_ABT;
300 addr = 0x0c;
301 mask = CPSR_A | CPSR_I;
302 offset = 4;
303 break;
304 case EXCP_DATA_ABORT:
305 new_mode = ARM_CPU_MODE_ABT;
306 addr = 0x10;
307 mask = CPSR_A | CPSR_I;
308 offset = 8;
309 break;
310 case EXCP_IRQ:
311 new_mode = ARM_CPU_MODE_IRQ;
312 addr = 0x18;
313 /* Disable IRQ and imprecise data aborts. */
314 mask = CPSR_A | CPSR_I;
315 offset = 4;
316 break;
317 case EXCP_FIQ:
318 new_mode = ARM_CPU_MODE_FIQ;
319 addr = 0x1c;
320 /* Disable FIQ, IRQ and imprecise data aborts. */
321 mask = CPSR_A | CPSR_I | CPSR_F;
322 offset = 4;
323 break;
324 default:
325 cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
326 return; /* Never happens. Keep compiler happy. */
327 }
328 /* High vectors. */
329 if (env->cp15.c1_sys & (1 << 13)) {
330 addr += 0xffff0000;
331 }
332 switch_mode (env, new_mode);
333 env->spsr = cpsr_read(env);
334 /* Switch to the new mode, and switch to Arm mode. */
335 /* ??? Thumb interrupt handlers not implemented. */
336 env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
337 env->uncached_cpsr |= mask;
338 env->thumb = 0;
339 env->regs[14] = env->regs[15] + offset;
340 env->regs[15] = addr;
341 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
342 }
343
344 /* Check section/page access permissions.
345 Returns the page protection flags, or zero if the access is not
346 permitted. */
347 static inline int check_ap(CPUState *env, int ap, int domain, int access_type,
348 int is_user)
349 {
350 if (domain == 3)
351 return PAGE_READ | PAGE_WRITE;
352
353 switch (ap) {
354 case 0:
355 if (access_type == 1)
356 return 0;
357 switch ((env->cp15.c1_sys >> 8) & 3) {
358 case 1:
359 return is_user ? 0 : PAGE_READ;
360 case 2:
361 return PAGE_READ;
362 default:
363 return 0;
364 }
365 case 1:
366 return is_user ? 0 : PAGE_READ | PAGE_WRITE;
367 case 2:
368 if (is_user)
369 return (access_type == 1) ? 0 : PAGE_READ;
370 else
371 return PAGE_READ | PAGE_WRITE;
372 case 3:
373 return PAGE_READ | PAGE_WRITE;
374 default:
375 abort();
376 }
377 }
378
379 static int get_phys_addr(CPUState *env, uint32_t address, int access_type,
380 int is_user, uint32_t *phys_ptr, int *prot)
381 {
382 int code;
383 uint32_t table;
384 uint32_t desc;
385 int type;
386 int ap;
387 int domain;
388 uint32_t phys_addr;
389
390 /* Fast Context Switch Extension. */
391 if (address < 0x02000000)
392 address += env->cp15.c13_fcse;
393
394 if ((env->cp15.c1_sys & 1) == 0) {
395 /* MMU diusabled. */
396 *phys_ptr = address;
397 *prot = PAGE_READ | PAGE_WRITE;
398 } else {
399 /* Pagetable walk. */
400 /* Lookup l1 descriptor. */
401 table = (env->cp15.c2 & 0xffffc000) | ((address >> 18) & 0x3ffc);
402 desc = ldl_phys(table);
403 type = (desc & 3);
404 domain = (env->cp15.c3 >> ((desc >> 4) & 0x1e)) & 3;
405 if (type == 0) {
406 /* Secton translation fault. */
407 code = 5;
408 goto do_fault;
409 }
410 if (domain == 0 || domain == 2) {
411 if (type == 2)
412 code = 9; /* Section domain fault. */
413 else
414 code = 11; /* Page domain fault. */
415 goto do_fault;
416 }
417 if (type == 2) {
418 /* 1Mb section. */
419 phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
420 ap = (desc >> 10) & 3;
421 code = 13;
422 } else {
423 /* Lookup l2 entry. */
424 if (type == 1) {
425 /* Coarse pagetable. */
426 table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
427 } else {
428 /* Fine pagetable. */
429 table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
430 }
431 desc = ldl_phys(table);
432 switch (desc & 3) {
433 case 0: /* Page translation fault. */
434 code = 7;
435 goto do_fault;
436 case 1: /* 64k page. */
437 phys_addr = (desc & 0xffff0000) | (address & 0xffff);
438 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
439 break;
440 case 2: /* 4k page. */
441 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
442 ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
443 break;
444 case 3: /* 1k page. */
445 if (arm_feature(env, ARM_FEATURE_XSCALE))
446 phys_addr = (desc & 0xfffff000) | (address & 0xfff);
447 else {
448 if (type == 1) {
449 /* Page translation fault. */
450 code = 7;
451 goto do_fault;
452 }
453 phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
454 }
455 ap = (desc >> 4) & 3;
456 break;
457 default:
458 /* Never happens, but compiler isn't smart enough to tell. */
459 abort();
460 }
461 code = 15;
462 }
463 *prot = check_ap(env, ap, domain, access_type, is_user);
464 if (!*prot) {
465 /* Access permission fault. */
466 goto do_fault;
467 }
468 *phys_ptr = phys_addr;
469 }
470 return 0;
471 do_fault:
472 return code | (domain << 4);
473 }
474
475 int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address,
476 int access_type, int is_user, int is_softmmu)
477 {
478 uint32_t phys_addr;
479 int prot;
480 int ret;
481
482 ret = get_phys_addr(env, address, access_type, is_user, &phys_addr, &prot);
483 if (ret == 0) {
484 /* Map a single [sub]page. */
485 phys_addr &= ~(uint32_t)0x3ff;
486 address &= ~(uint32_t)0x3ff;
487 return tlb_set_page (env, address, phys_addr, prot, is_user,
488 is_softmmu);
489 }
490
491 if (access_type == 2) {
492 env->cp15.c5_insn = ret;
493 env->cp15.c6_insn = address;
494 env->exception_index = EXCP_PREFETCH_ABORT;
495 } else {
496 env->cp15.c5_data = ret;
497 env->cp15.c6_data = address;
498 env->exception_index = EXCP_DATA_ABORT;
499 }
500 return 1;
501 }
502
503 target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
504 {
505 uint32_t phys_addr;
506 int prot;
507 int ret;
508
509 ret = get_phys_addr(env, addr, 0, 0, &phys_addr, &prot);
510
511 if (ret != 0)
512 return -1;
513
514 return phys_addr;
515 }
516
517 void helper_set_cp(CPUState *env, uint32_t insn, uint32_t val)
518 {
519 int cp_num = (insn >> 8) & 0xf;
520 int cp_info = (insn >> 5) & 7;
521 int src = (insn >> 16) & 0xf;
522 int operand = insn & 0xf;
523
524 if (env->cp[cp_num].cp_write)
525 env->cp[cp_num].cp_write(env->cp[cp_num].opaque,
526 cp_info, src, operand, val);
527 }
528
529 uint32_t helper_get_cp(CPUState *env, uint32_t insn)
530 {
531 int cp_num = (insn >> 8) & 0xf;
532 int cp_info = (insn >> 5) & 7;
533 int dest = (insn >> 16) & 0xf;
534 int operand = insn & 0xf;
535
536 if (env->cp[cp_num].cp_read)
537 return env->cp[cp_num].cp_read(env->cp[cp_num].opaque,
538 cp_info, dest, operand);
539 return 0;
540 }
541
542 void helper_set_cp15(CPUState *env, uint32_t insn, uint32_t val)
543 {
544 uint32_t op2;
545
546 op2 = (insn >> 5) & 7;
547 switch ((insn >> 16) & 0xf) {
548 case 0: /* ID codes. */
549 goto bad_reg;
550 case 1: /* System configuration. */
551 switch (op2) {
552 case 0:
553 if (!arm_feature(env, ARM_FEATURE_XSCALE) || (insn & 0xf) == 0)
554 env->cp15.c1_sys = val;
555 /* ??? Lots of these bits are not implemented. */
556 /* This may enable/disable the MMU, so do a TLB flush. */
557 tlb_flush(env, 1);
558 break;
559 case 1:
560 /* XScale doesn't implement AUX CR (P-Bit) but allows
561 * writing with zero and reading. */
562 if (arm_feature(env, ARM_FEATURE_XSCALE))
563 break;
564 goto bad_reg;
565 case 2:
566 env->cp15.c1_coproc = val;
567 /* ??? Is this safe when called from within a TB? */
568 tb_flush(env);
569 break;
570 default:
571 goto bad_reg;
572 }
573 break;
574 case 2: /* MMU Page table control. */
575 env->cp15.c2 = val;
576 break;
577 case 3: /* MMU Domain access control. */
578 env->cp15.c3 = val;
579 break;
580 case 4: /* Reserved. */
581 goto bad_reg;
582 case 5: /* MMU Fault status. */
583 switch (op2) {
584 case 0:
585 env->cp15.c5_data = val;
586 break;
587 case 1:
588 env->cp15.c5_insn = val;
589 break;
590 default:
591 goto bad_reg;
592 }
593 break;
594 case 6: /* MMU Fault address. */
595 switch (op2) {
596 case 0:
597 env->cp15.c6_data = val;
598 break;
599 case 1:
600 env->cp15.c6_insn = val;
601 break;
602 default:
603 goto bad_reg;
604 }
605 break;
606 case 7: /* Cache control. */
607 /* No cache, so nothing to do. */
608 break;
609 case 8: /* MMU TLB control. */
610 switch (op2) {
611 case 0: /* Invalidate all. */
612 tlb_flush(env, 0);
613 break;
614 case 1: /* Invalidate single TLB entry. */
615 #if 0
616 /* ??? This is wrong for large pages and sections. */
617 /* As an ugly hack to make linux work we always flush a 4K
618 pages. */
619 val &= 0xfffff000;
620 tlb_flush_page(env, val);
621 tlb_flush_page(env, val + 0x400);
622 tlb_flush_page(env, val + 0x800);
623 tlb_flush_page(env, val + 0xc00);
624 #else
625 tlb_flush(env, 1);
626 #endif
627 break;
628 default:
629 goto bad_reg;
630 }
631 break;
632 case 9: /* Cache lockdown. */
633 switch (op2) {
634 case 0:
635 env->cp15.c9_data = val;
636 break;
637 case 1:
638 env->cp15.c9_insn = val;
639 break;
640 default:
641 goto bad_reg;
642 }
643 break;
644 case 10: /* MMU TLB lockdown. */
645 /* ??? TLB lockdown not implemented. */
646 break;
647 case 11: /* TCM DMA control. */
648 case 12: /* Reserved. */
649 goto bad_reg;
650 case 13: /* Process ID. */
651 switch (op2) {
652 case 0:
653 /* Unlike real hardware the qemu TLB uses virtual addresses,
654 not modified virtual addresses, so this causes a TLB flush.
655 */
656 if (env->cp15.c13_fcse != val)
657 tlb_flush(env, 1);
658 env->cp15.c13_fcse = val;
659 break;
660 case 1:
661 /* This changes the ASID, so do a TLB flush. */
662 if (env->cp15.c13_context != val)
663 tlb_flush(env, 0);
664 env->cp15.c13_context = val;
665 break;
666 default:
667 goto bad_reg;
668 }
669 break;
670 case 14: /* Reserved. */
671 goto bad_reg;
672 case 15: /* Implementation specific. */
673 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
674 if (op2 == 0 && (insn & 0xf) == 1) {
675 /* Changes cp0 to cp13 behavior, so needs a TB flush. */
676 tb_flush(env);
677 env->cp15.c15_cpar = (val & 0x3fff) | 2;
678 break;
679 }
680 goto bad_reg;
681 }
682 break;
683 }
684 return;
685 bad_reg:
686 /* ??? For debugging only. Should raise illegal instruction exception. */
687 cpu_abort(env, "Unimplemented cp15 register write\n");
688 }
689
690 uint32_t helper_get_cp15(CPUState *env, uint32_t insn)
691 {
692 uint32_t op2;
693
694 op2 = (insn >> 5) & 7;
695 switch ((insn >> 16) & 0xf) {
696 case 0: /* ID codes. */
697 switch (op2) {
698 default: /* Device ID. */
699 return env->cp15.c0_cpuid;
700 case 1: /* Cache Type. */
701 return env->cp15.c0_cachetype;
702 case 2: /* TCM status. */
703 return 0;
704 }
705 case 1: /* System configuration. */
706 switch (op2) {
707 case 0: /* Control register. */
708 return env->cp15.c1_sys;
709 case 1: /* Auxiliary control register. */
710 if (arm_feature(env, ARM_FEATURE_AUXCR))
711 return 1;
712 if (arm_feature(env, ARM_FEATURE_XSCALE))
713 return 0;
714 goto bad_reg;
715 case 2: /* Coprocessor access register. */
716 return env->cp15.c1_coproc;
717 default:
718 goto bad_reg;
719 }
720 case 2: /* MMU Page table control. */
721 return env->cp15.c2;
722 case 3: /* MMU Domain access control. */
723 return env->cp15.c3;
724 case 4: /* Reserved. */
725 goto bad_reg;
726 case 5: /* MMU Fault status. */
727 switch (op2) {
728 case 0:
729 return env->cp15.c5_data;
730 case 1:
731 return env->cp15.c5_insn;
732 default:
733 goto bad_reg;
734 }
735 case 6: /* MMU Fault address. */
736 switch (op2) {
737 case 0:
738 return env->cp15.c6_data;
739 case 1:
740 /* Arm9 doesn't have an IFAR, but implementing it anyway shouldn't
741 do any harm. */
742 return env->cp15.c6_insn;
743 default:
744 goto bad_reg;
745 }
746 case 7: /* Cache control. */
747 /* ??? This is for test, clean and invaidate operations that set the
748 Z flag. We can't represent N = Z = 1, so it also clears
749 the N flag. Oh well. */
750 env->NZF = 0;
751 return 0;
752 case 8: /* MMU TLB control. */
753 goto bad_reg;
754 case 9: /* Cache lockdown. */
755 switch (op2) {
756 case 0:
757 return env->cp15.c9_data;
758 case 1:
759 return env->cp15.c9_insn;
760 default:
761 goto bad_reg;
762 }
763 case 10: /* MMU TLB lockdown. */
764 /* ??? TLB lockdown not implemented. */
765 return 0;
766 case 11: /* TCM DMA control. */
767 case 12: /* Reserved. */
768 goto bad_reg;
769 case 13: /* Process ID. */
770 switch (op2) {
771 case 0:
772 return env->cp15.c13_fcse;
773 case 1:
774 return env->cp15.c13_context;
775 default:
776 goto bad_reg;
777 }
778 case 14: /* Reserved. */
779 goto bad_reg;
780 case 15: /* Implementation specific. */
781 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
782 if (op2 == 0 && (insn & 0xf) == 1)
783 return env->cp15.c15_cpar;
784
785 goto bad_reg;
786 }
787 return 0;
788 }
789 bad_reg:
790 /* ??? For debugging only. Should raise illegal instruction exception. */
791 cpu_abort(env, "Unimplemented cp15 register read\n");
792 return 0;
793 }
794
795 void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
796 ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
797 void *opaque)
798 {
799 if (cpnum < 0 || cpnum > 14) {
800 cpu_abort(env, "Bad coprocessor number: %i\n", cpnum);
801 return;
802 }
803
804 env->cp[cpnum].cp_read = cp_read;
805 env->cp[cpnum].cp_write = cp_write;
806 env->cp[cpnum].opaque = opaque;
807 }
808
809 #endif
Qemu copy for testing