#include "qemu/osdep.h"
#include "qapi/error.h"
-#include "qemu-common.h"
#include "cpu.h"
#include "hw/sysbus.h"
+#include "migration/vmstate.h"
#include "qemu/timer.h"
-#include "hw/arm/arm.h"
#include "hw/intc/armv7m_nvic.h"
+#include "hw/irq.h"
+#include "hw/qdev-properties.h"
#include "target/arm/cpu.h"
#include "exec/exec-all.h"
+#include "exec/memop.h"
#include "qemu/log.h"
+#include "qemu/module.h"
#include "trace.h"
/* IRQ number counting:
int active_prio = NVIC_NOEXC_PRIO;
int pend_irq = 0;
bool pending_is_s_banked = false;
+ int pend_subprio = 0;
/* R_CQRV: precedence is by:
* - lowest group priority; if both the same then
for (i = 1; i < s->num_irq; i++) {
for (bank = M_REG_S; bank >= M_REG_NS; bank--) {
VecInfo *vec;
- int prio;
+ int prio, subprio;
bool targets_secure;
if (bank == M_REG_S) {
}
prio = exc_group_prio(s, vec->prio, targets_secure);
- if (vec->enabled && vec->pending && prio < pend_prio) {
+ subprio = vec->prio & ~nvic_gprio_mask(s, targets_secure);
+ if (vec->enabled && vec->pending &&
+ ((prio < pend_prio) ||
+ (prio == pend_prio && prio >= 0 && subprio < pend_subprio))) {
pend_prio = prio;
+ pend_subprio = subprio;
pend_irq = i;
pending_is_s_banked = (bank == M_REG_S);
}
do_armv7m_nvic_set_pending(opaque, irq, secure, true);
}
+void armv7m_nvic_set_pending_lazyfp(void *opaque, int irq, bool secure)
+{
+ /*
+ * Pend an exception during lazy FP stacking. This differs
+ * from the usual exception pending because the logic for
+ * whether we should escalate depends on the saved context
+ * in the FPCCR register, not on the current state of the CPU/NVIC.
+ */
+ NVICState *s = (NVICState *)opaque;
+ bool banked = exc_is_banked(irq);
+ VecInfo *vec;
+ bool targets_secure;
+ bool escalate = false;
+ /*
+ * We will only look at bits in fpccr if this is a banked exception
+ * (in which case 'secure' tells us whether it is the S or NS version).
+ * All the bits for the non-banked exceptions are in fpccr_s.
+ */
+ uint32_t fpccr_s = s->cpu->env.v7m.fpccr[M_REG_S];
+ uint32_t fpccr = s->cpu->env.v7m.fpccr[secure];
+
+ assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq);
+ assert(!secure || banked);
+
+ vec = (banked && secure) ? &s->sec_vectors[irq] : &s->vectors[irq];
+
+ targets_secure = banked ? secure : exc_targets_secure(s, irq);
+
+ switch (irq) {
+ case ARMV7M_EXCP_DEBUG:
+ if (!(fpccr_s & R_V7M_FPCCR_MONRDY_MASK)) {
+ /* Ignore DebugMonitor exception */
+ return;
+ }
+ break;
+ case ARMV7M_EXCP_MEM:
+ escalate = !(fpccr & R_V7M_FPCCR_MMRDY_MASK);
+ break;
+ case ARMV7M_EXCP_USAGE:
+ escalate = !(fpccr & R_V7M_FPCCR_UFRDY_MASK);
+ break;
+ case ARMV7M_EXCP_BUS:
+ escalate = !(fpccr_s & R_V7M_FPCCR_BFRDY_MASK);
+ break;
+ case ARMV7M_EXCP_SECURE:
+ escalate = !(fpccr_s & R_V7M_FPCCR_SFRDY_MASK);
+ break;
+ default:
+ g_assert_not_reached();
+ }
+
+ if (escalate) {
+ /*
+ * Escalate to HardFault: faults that initially targeted Secure
+ * continue to do so, even if HF normally targets NonSecure.
+ */
+ irq = ARMV7M_EXCP_HARD;
+ if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY) &&
+ (targets_secure ||
+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK))) {
+ vec = &s->sec_vectors[irq];
+ } else {
+ vec = &s->vectors[irq];
+ }
+ }
+
+ if (!vec->enabled ||
+ nvic_exec_prio(s) <= exc_group_prio(s, vec->prio, secure)) {
+ if (!(fpccr_s & R_V7M_FPCCR_HFRDY_MASK)) {
+ /*
+ * We want to escalate to HardFault but the context the
+ * FP state belongs to prevents the exception pre-empting.
+ */
+ cpu_abort(&s->cpu->parent_obj,
+ "Lockup: can't escalate to HardFault during "
+ "lazy FP register stacking\n");
+ }
+ }
+
+ if (escalate) {
+ s->cpu->env.v7m.hfsr |= R_V7M_HFSR_FORCED_MASK;
+ }
+ if (!vec->pending) {
+ vec->pending = 1;
+ /*
+ * We do not call nvic_irq_update(), because we know our caller
+ * is going to handle causing us to take the exception by
+ * raising EXCP_LAZYFP, so raising the IRQ line would be
+ * pointless extra work. We just need to recompute the
+ * priorities so that armv7m_nvic_can_take_pending_exception()
+ * returns the right answer.
+ */
+ nvic_recompute_state(s);
+ }
+}
+
/* Make pending IRQ active. */
void armv7m_nvic_acknowledge_irq(void *opaque)
{
int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure)
{
NVICState *s = (NVICState *)opaque;
- VecInfo *vec;
+ VecInfo *vec = NULL;
int ret;
assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq);
- if (secure && exc_is_banked(irq)) {
- vec = &s->sec_vectors[irq];
- } else {
- vec = &s->vectors[irq];
+ /*
+ * For negative priorities, v8M will forcibly deactivate the appropriate
+ * NMI or HardFault regardless of what interrupt we're being asked to
+ * deactivate (compare the DeActivate() pseudocode). This is a guard
+ * against software returning from NMI or HardFault with a corrupted
+ * IPSR and leaving the CPU in a negative-priority state.
+ * v7M does not do this, but simply deactivates the requested interrupt.
+ */
+ if (arm_feature(&s->cpu->env, ARM_FEATURE_V8)) {
+ switch (armv7m_nvic_raw_execution_priority(s)) {
+ case -1:
+ if (s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
+ vec = &s->vectors[ARMV7M_EXCP_HARD];
+ } else {
+ vec = &s->sec_vectors[ARMV7M_EXCP_HARD];
+ }
+ break;
+ case -2:
+ vec = &s->vectors[ARMV7M_EXCP_NMI];
+ break;
+ case -3:
+ vec = &s->sec_vectors[ARMV7M_EXCP_HARD];
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (!vec) {
+ if (secure && exc_is_banked(irq)) {
+ vec = &s->sec_vectors[irq];
+ } else {
+ vec = &s->vectors[irq];
+ }
}
trace_nvic_complete_irq(irq, secure);
return -1;
}
- ret = nvic_rettobase(s);
+ /*
+ * If this is a configurable exception and it is currently
+ * targeting the opposite security state from the one we're trying
+ * to complete it for, this counts as an illegal exception return.
+ * We still need to deactivate whatever vector the logic above has
+ * selected, though, as it might not be the same as the one for the
+ * requested exception number.
+ */
+ if (!exc_is_banked(irq) && exc_targets_secure(s, irq) != secure) {
+ ret = -1;
+ } else {
+ ret = nvic_rettobase(s);
+ }
vec->active = 0;
if (vec->level) {
if (!arm_feature(&cpu->env, ARM_FEATURE_M_MAIN)) {
goto bad_offset;
}
+ if (!attrs.secure &&
+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
+ return 0;
+ }
return cpu->env.v7m.bfar;
case 0xd3c: /* Aux Fault Status. */
/* TODO: Implement fault status registers. */
case 0xd44: /* PFR1. */
return cpu->id_pfr1;
case 0xd48: /* DFR0. */
- return cpu->id_dfr0;
+ return cpu->isar.id_dfr0;
case 0xd4c: /* AFR0. */
return cpu->id_afr0;
case 0xd50: /* MMFR0. */
- return cpu->id_mmfr0;
+ return cpu->isar.id_mmfr0;
case 0xd54: /* MMFR1. */
- return cpu->id_mmfr1;
+ return cpu->isar.id_mmfr1;
case 0xd58: /* MMFR2. */
- return cpu->id_mmfr2;
+ return cpu->isar.id_mmfr2;
case 0xd5c: /* MMFR3. */
- return cpu->id_mmfr3;
+ return cpu->isar.id_mmfr3;
case 0xd60: /* ISAR0. */
return cpu->isar.id_isar0;
case 0xd64: /* ISAR1. */
case 0xd84: /* CSSELR */
return cpu->env.v7m.csselr[attrs.secure];
case 0xd88: /* CPACR */
- if (!arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
+ if (!cpu_isar_feature(aa32_vfp_simd, cpu)) {
return 0;
}
return cpu->env.v7m.cpacr[attrs.secure];
case 0xd8c: /* NSACR */
- if (!attrs.secure || !arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
+ if (!attrs.secure || !cpu_isar_feature(aa32_vfp_simd, cpu)) {
return 0;
}
return cpu->env.v7m.nsacr;
}
return cpu->env.v7m.sfar;
case 0xf34: /* FPCCR */
- if (!arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
+ if (!cpu_isar_feature(aa32_vfp_simd, cpu)) {
return 0;
}
if (attrs.secure) {
return value;
}
case 0xf38: /* FPCAR */
- if (!arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
+ if (!cpu_isar_feature(aa32_vfp_simd, cpu)) {
return 0;
}
return cpu->env.v7m.fpcar[attrs.secure];
case 0xf3c: /* FPDSCR */
- if (!arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
+ if (!cpu_isar_feature(aa32_vfp_simd, cpu)) {
return 0;
}
return cpu->env.v7m.fpdscr[attrs.secure];
if (!arm_feature(&cpu->env, ARM_FEATURE_M_MAIN)) {
goto bad_offset;
}
+ if (!attrs.secure &&
+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
+ return;
+ }
cpu->env.v7m.bfar = value;
return;
case 0xd3c: /* Aux Fault Status. */
}
break;
case 0xd88: /* CPACR */
- if (arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
+ if (cpu_isar_feature(aa32_vfp_simd, cpu)) {
/* We implement only the Floating Point extension's CP10/CP11 */
cpu->env.v7m.cpacr[attrs.secure] = value & (0xf << 20);
}
break;
case 0xd8c: /* NSACR */
- if (attrs.secure && arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
+ if (attrs.secure && cpu_isar_feature(aa32_vfp_simd, cpu)) {
/* We implement only the Floating Point extension's CP10/CP11 */
cpu->env.v7m.nsacr = value & (3 << 10);
}
break;
}
case 0xf34: /* FPCCR */
- if (arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
+ if (cpu_isar_feature(aa32_vfp_simd, cpu)) {
/* Not all bits here are banked. */
uint32_t fpccr_s;
}
break;
case 0xf38: /* FPCAR */
- if (arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
+ if (cpu_isar_feature(aa32_vfp_simd, cpu)) {
value &= ~7;
cpu->env.v7m.fpcar[attrs.secure] = value;
}
break;
case 0xf3c: /* FPDSCR */
- if (arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
+ if (cpu_isar_feature(aa32_vfp_simd, cpu)) {
value &= 0x07c00000;
cpu->env.v7m.fpdscr[attrs.secure] = value;
}
val = 0;
break;
};
- /* The BFSR bits [15:8] are shared between security states
- * and we store them in the NS copy
+ /*
+ * The BFSR bits [15:8] are shared between security states
+ * and we store them in the NS copy. They are RAZ/WI for
+ * NS code if AIRCR.BFHFNMINS is 0.
*/
val = s->cpu->env.v7m.cfsr[attrs.secure];
- val |= s->cpu->env.v7m.cfsr[M_REG_NS] & R_V7M_CFSR_BFSR_MASK;
+ if (!attrs.secure &&
+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
+ val &= ~R_V7M_CFSR_BFSR_MASK;
+ } else {
+ val |= s->cpu->env.v7m.cfsr[M_REG_NS] & R_V7M_CFSR_BFSR_MASK;
+ }
val = extract32(val, (offset - 0xd28) * 8, size * 8);
break;
case 0xfe0 ... 0xfff: /* ID. */
}
}
nvic_irq_update(s);
- return MEMTX_OK;
+ goto exit_ok;
case 0x200 ... 0x23f: /* NVIC Set pend */
/* the special logic in armv7m_nvic_set_pending()
* is not needed since IRQs are never escalated
}
}
nvic_irq_update(s);
- return MEMTX_OK;
+ goto exit_ok;
case 0x300 ... 0x33f: /* NVIC Active */
- return MEMTX_OK; /* R/O */
+ goto exit_ok; /* R/O */
case 0x400 ... 0x5ef: /* NVIC Priority */
startvec = (offset - 0x400) + NVIC_FIRST_IRQ; /* vector # */
}
}
nvic_irq_update(s);
- return MEMTX_OK;
+ goto exit_ok;
case 0xd18 ... 0xd1b: /* System Handler Priority (SHPR1) */
if (!arm_feature(&s->cpu->env, ARM_FEATURE_M_MAIN)) {
- return MEMTX_OK;
+ goto exit_ok;
}
/* fall through */
case 0xd1c ... 0xd23: /* System Handler Priority (SHPR2, SHPR3) */
set_prio(s, hdlidx, sbank, newprio);
}
nvic_irq_update(s);
- return MEMTX_OK;
+ goto exit_ok;
case 0xd28 ... 0xd2b: /* Configurable Fault Status (CFSR) */
if (!arm_feature(&s->cpu->env, ARM_FEATURE_M_MAIN)) {
- return MEMTX_OK;
+ goto exit_ok;
}
/* All bits are W1C, so construct 32 bit value with 0s in
* the parts not written by the access size
*/
value <<= ((offset - 0xd28) * 8);
+ if (!attrs.secure &&
+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
+ /* BFSR bits are RAZ/WI for NS if BFHFNMINS is set */
+ value &= ~R_V7M_CFSR_BFSR_MASK;
+ }
+
s->cpu->env.v7m.cfsr[attrs.secure] &= ~value;
if (attrs.secure) {
/* The BFSR bits [15:8] are shared between security states
*/
s->cpu->env.v7m.cfsr[M_REG_NS] &= ~(value & R_V7M_CFSR_BFSR_MASK);
}
- return MEMTX_OK;
+ goto exit_ok;
}
if (size == 4) {
nvic_writel(s, offset, value, attrs);
- return MEMTX_OK;
+ goto exit_ok;
}
qemu_log_mask(LOG_GUEST_ERROR,
"NVIC: Bad write of size %d at offset 0x%x\n", size, offset);
/* This is UNPREDICTABLE; treat as RAZ/WI */
+
+ exit_ok:
+ /* Ensure any changes made are reflected in the cached hflags. */
+ arm_rebuild_hflags(&s->cpu->env);
return MEMTX_OK;
}
if (attrs.secure) {
/* S accesses to the alias act like NS accesses to the real region */
attrs.secure = 0;
- return memory_region_dispatch_write(mr, addr, value, size, attrs);
+ return memory_region_dispatch_write(mr, addr, value,
+ size_memop(size) | MO_TE, attrs);
} else {
/* NS attrs are RAZ/WI for privileged, and BusFault for user */
if (attrs.user) {
if (attrs.secure) {
/* S accesses to the alias act like NS accesses to the real region */
attrs.secure = 0;
- return memory_region_dispatch_read(mr, addr, data, size, attrs);
+ return memory_region_dispatch_read(mr, addr, data,
+ size_memop(size) | MO_TE, attrs);
} else {
/* NS attrs are RAZ/WI for privileged, and BusFault for user */
if (attrs.user) {
/* Direct the access to the correct systick */
mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->systick[attrs.secure]), 0);
- return memory_region_dispatch_write(mr, addr, value, size, attrs);
+ return memory_region_dispatch_write(mr, addr, value,
+ size_memop(size) | MO_TE, attrs);
}
static MemTxResult nvic_systick_read(void *opaque, hwaddr addr,
/* Direct the access to the correct systick */
mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->systick[attrs.secure]), 0);
- return memory_region_dispatch_read(mr, addr, data, size, attrs);
+ return memory_region_dispatch_read(mr, addr, data, size_memop(size) | MO_TE,
+ attrs);
}
static const MemoryRegionOps nvic_systick_ops = {
* the System Handler Control register
*/
s->vectors[ARMV7M_EXCP_SVC].enabled = 1;
- s->vectors[ARMV7M_EXCP_DEBUG].enabled = 1;
s->vectors[ARMV7M_EXCP_PENDSV].enabled = 1;
s->vectors[ARMV7M_EXCP_SYSTICK].enabled = 1;
+ /* DebugMonitor is enabled via DEMCR.MON_EN */
+ s->vectors[ARMV7M_EXCP_DEBUG].enabled = 0;
+
resetprio = arm_feature(&s->cpu->env, ARM_FEATURE_V8) ? -4 : -3;
s->vectors[ARMV7M_EXCP_RESET].prio = resetprio;
s->vectors[ARMV7M_EXCP_NMI].prio = -2;
s->itns[i] = true;
}
}
+
+ /*
+ * We updated state that affects the CPU's MMUidx and thus its hflags;
+ * and we can't guarantee that we run before the CPU reset function.
+ */
+ arm_rebuild_hflags(&s->cpu->env);
}
static void nvic_systick_trigger(void *opaque, int n, int level)
static void armv7m_nvic_realize(DeviceState *dev, Error **errp)
{
NVICState *s = NVIC(dev);
- Error *err = NULL;
int regionlen;
/* The armv7m container object will have set our CPU pointer */
s->num_prio_bits = arm_feature(&s->cpu->env, ARM_FEATURE_V7) ? 8 : 2;
- object_property_set_bool(OBJECT(&s->systick[M_REG_NS]), true,
- "realized", &err);
- if (err != NULL) {
- error_propagate(errp, err);
+ if (!sysbus_realize(SYS_BUS_DEVICE(&s->systick[M_REG_NS]), errp)) {
return;
}
sysbus_connect_irq(SYS_BUS_DEVICE(&s->systick[M_REG_NS]), 0,
* as we didn't know then if the CPU had the security extensions;
* so we have to do it here.
*/
- object_initialize(&s->systick[M_REG_S], sizeof(s->systick[M_REG_S]),
- TYPE_SYSTICK);
- qdev_set_parent_bus(DEVICE(&s->systick[M_REG_S]), sysbus_get_default());
-
- object_property_set_bool(OBJECT(&s->systick[M_REG_S]), true,
- "realized", &err);
- if (err != NULL) {
- error_propagate(errp, err);
+ object_initialize_child(OBJECT(dev), "systick-reg-s",
+ &s->systick[M_REG_S], TYPE_SYSTICK);
+
+ if (!sysbus_realize(SYS_BUS_DEVICE(&s->systick[M_REG_S]), errp)) {
return;
}
sysbus_connect_irq(SYS_BUS_DEVICE(&s->systick[M_REG_S]), 0,
NVICState *nvic = NVIC(obj);
SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
- sysbus_init_child_obj(obj, "systick-reg-ns", &nvic->systick[M_REG_NS],
- sizeof(nvic->systick[M_REG_NS]), TYPE_SYSTICK);
+ object_initialize_child(obj, "systick-reg-ns", &nvic->systick[M_REG_NS],
+ TYPE_SYSTICK);
/* We can't initialize the secure systick here, as we don't know
* yet if we need it.
*/
DeviceClass *dc = DEVICE_CLASS(klass);
dc->vmsd = &vmstate_nvic;
- dc->props = props_nvic;
+ device_class_set_props(dc, props_nvic);
dc->reset = armv7m_nvic_reset;
dc->realize = armv7m_nvic_realize;
}