[qemu.git] / target-arm / helper.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "cpu.h"
#include "exec-all.h"

static inline void set_feature(CPUARMState *env, int feature)
{
    env->features |= 1u << feature;
}

static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
{
    env->cp15.c0_cpuid = id;
    switch (id) {
    case ARM_CPUID_ARM926:
        set_feature(env, ARM_FEATURE_VFP);
        env->vfp.xregs[ARM_VFP_FPSID] = 0x41011090;
        env->cp15.c0_cachetype = 0x1dd20d2;
        break;
    case ARM_CPUID_ARM1026:
        set_feature(env, ARM_FEATURE_VFP);
        set_feature(env, ARM_FEATURE_AUXCR);
        env->vfp.xregs[ARM_VFP_FPSID] = 0x410110a0;
        env->cp15.c0_cachetype = 0x1dd20d2;
        break;
    case ARM_CPUID_PXA250:
    case ARM_CPUID_PXA255:
    case ARM_CPUID_PXA260:
    case ARM_CPUID_PXA261:
    case ARM_CPUID_PXA262:
        set_feature(env, ARM_FEATURE_XSCALE);
        /* JTAG_ID is ((id << 28) | 0x09265013) */
        env->cp15.c0_cachetype = 0xd172172;
        break;
    case ARM_CPUID_PXA270_A0:
    case ARM_CPUID_PXA270_A1:
    case ARM_CPUID_PXA270_B0:
    case ARM_CPUID_PXA270_B1:
    case ARM_CPUID_PXA270_C0:
    case ARM_CPUID_PXA270_C5:
        set_feature(env, ARM_FEATURE_XSCALE);
        /* JTAG_ID is ((id << 28) | 0x09265013) */
        set_feature(env, ARM_FEATURE_IWMMXT);
        env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 | 'Q';
        env->cp15.c0_cachetype = 0xd172172;
        break;
    default:
        cpu_abort(env, "Bad CPU ID: %x\n", id);
        break;
    }
}

void cpu_reset(CPUARMState *env)
{
    uint32_t id;
    id = env->cp15.c0_cpuid;
    memset(env, 0, offsetof(CPUARMState, breakpoints));
    if (id)
        cpu_reset_model_id(env, id);
#if defined (CONFIG_USER_ONLY)
    env->uncached_cpsr = ARM_CPU_MODE_USR;
    env->vfp.xregs[ARM_VFP_FPEXC] = 1 << 30;
#else
    /* SVC mode with interrupts disabled.  */
    env->uncached_cpsr = ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
    env->vfp.xregs[ARM_VFP_FPEXC] = 0;
#endif
    env->regs[15] = 0;
    tlb_flush(env, 1);
}

CPUARMState *cpu_arm_init(void)
{
    CPUARMState *env;

    env = qemu_mallocz(sizeof(CPUARMState));
    if (!env)
        return NULL;
    cpu_exec_init(env);
    cpu_reset(env);
    return env;
}

struct arm_cpu_t {
    uint32_t id;
    const char *name;
};

static const struct arm_cpu_t arm_cpu_names[] = {
    { ARM_CPUID_ARM926, "arm926"},
    { ARM_CPUID_ARM1026, "arm1026"},
    { ARM_CPUID_PXA250, "pxa250" },
    { ARM_CPUID_PXA255, "pxa255" },
    { ARM_CPUID_PXA260, "pxa260" },
    { ARM_CPUID_PXA261, "pxa261" },
    { ARM_CPUID_PXA262, "pxa262" },
    { ARM_CPUID_PXA270, "pxa270" },
    { ARM_CPUID_PXA270_A0, "pxa270-a0" },
    { ARM_CPUID_PXA270_A1, "pxa270-a1" },
    { ARM_CPUID_PXA270_B0, "pxa270-b0" },
    { ARM_CPUID_PXA270_B1, "pxa270-b1" },
    { ARM_CPUID_PXA270_C0, "pxa270-c0" },
    { ARM_CPUID_PXA270_C5, "pxa270-c5" },
    { 0, NULL}
};

void arm_cpu_list(void)
{
    int i;

    printf ("Available CPUs:\n");
    for (i = 0; arm_cpu_names[i].name; i++) {
        printf("  %s\n", arm_cpu_names[i].name);
    }
}

void cpu_arm_set_model(CPUARMState *env, const char *name)
{
    int i;
    uint32_t id;

    id = 0;
    i = 0;
    for (i = 0; arm_cpu_names[i].name; i++) {
        if (strcmp(name, arm_cpu_names[i].name) == 0) {
            id = arm_cpu_names[i].id;
            break;
        }
    }
    if (!id) {
        cpu_abort(env, "Unknown CPU '%s'", name);
        return;
    }
    cpu_reset_model_id(env, id);
}

void cpu_arm_close(CPUARMState *env)
{
    free(env);
}

#if defined(CONFIG_USER_ONLY) 

void do_interrupt (CPUState *env)
{
    env->exception_index = -1;
}

int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
                              int is_user, int is_softmmu)
{
    if (rw == 2) {
        env->exception_index = EXCP_PREFETCH_ABORT;
        env->cp15.c6_insn = address;
    } else {
        env->exception_index = EXCP_DATA_ABORT;
        env->cp15.c6_data = address;
    }
    return 1;
}

target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
{
    return addr;
}

/* These should probably raise undefined insn exceptions.  */
void helper_set_cp(CPUState *env, uint32_t insn, uint32_t val)
{
    int op1 = (insn >> 8) & 0xf;
    cpu_abort(env, "cp%i insn %08x\n", op1, insn);
    return;
}

uint32_t helper_get_cp(CPUState *env, uint32_t insn)
{
    int op1 = (insn >> 8) & 0xf;
    cpu_abort(env, "cp%i insn %08x\n", op1, insn);
    return 0;
}

void helper_set_cp15(CPUState *env, uint32_t insn, uint32_t val)
{
    cpu_abort(env, "cp15 insn %08x\n", insn);
}

uint32_t helper_get_cp15(CPUState *env, uint32_t insn)
{
    cpu_abort(env, "cp15 insn %08x\n", insn);
    return 0;
}

void switch_mode(CPUState *env, int mode)
{
    if (mode != ARM_CPU_MODE_USR)
        cpu_abort(env, "Tried to switch out of user mode\n");
}

#else

extern int semihosting_enabled;

/* Map CPU modes onto saved register banks.  */
static inline int bank_number (int mode)
{
    switch (mode) {
    case ARM_CPU_MODE_USR:
    case ARM_CPU_MODE_SYS:
        return 0;
    case ARM_CPU_MODE_SVC:
        return 1;
    case ARM_CPU_MODE_ABT:
        return 2;
    case ARM_CPU_MODE_UND:
        return 3;
    case ARM_CPU_MODE_IRQ:
        return 4;
    case ARM_CPU_MODE_FIQ:
        return 5;
    }
    cpu_abort(cpu_single_env, "Bad mode %x\n", mode);
    return -1;
}

void switch_mode(CPUState *env, int mode)
{
    int old_mode;
    int i;

    old_mode = env->uncached_cpsr & CPSR_M;
    if (mode == old_mode)
        return;

    if (old_mode == ARM_CPU_MODE_FIQ) {
        memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
        memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
    } else if (mode == ARM_CPU_MODE_FIQ) {
        memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
        memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
    }

    i = bank_number(old_mode);
    env->banked_r13[i] = env->regs[13];
    env->banked_r14[i] = env->regs[14];
    env->banked_spsr[i] = env->spsr;

    i = bank_number(mode);
    env->regs[13] = env->banked_r13[i];
    env->regs[14] = env->banked_r14[i];
    env->spsr = env->banked_spsr[i];
}

/* Handle a CPU exception.  */
void do_interrupt(CPUARMState *env)
{
    uint32_t addr;
    uint32_t mask;
    int new_mode;
    uint32_t offset;

    /* TODO: Vectored interrupt controller.  */
    switch (env->exception_index) {
    case EXCP_UDEF:
        new_mode = ARM_CPU_MODE_UND;
        addr = 0x04;
        mask = CPSR_I;
        if (env->thumb)
            offset = 2;
        else
            offset = 4;
        break;
    case EXCP_SWI:
        if (semihosting_enabled) {
            /* Check for semihosting interrupt.  */
            if (env->thumb) {
                mask = lduw_code(env->regs[15] - 2) & 0xff;
            } else {
                mask = ldl_code(env->regs[15] - 4) & 0xffffff;
            }
            /* Only intercept calls from privileged modes, to provide some
               semblance of security.  */
            if (((mask == 0x123456 && !env->thumb)
                    || (mask == 0xab && env->thumb))
                  && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
                env->regs[0] = do_arm_semihosting(env);
                return;
            }
        }
        new_mode = ARM_CPU_MODE_SVC;
        addr = 0x08;
        mask = CPSR_I;
        /* The PC already points to the next instructon.  */
        offset = 0;
        break;
    case EXCP_PREFETCH_ABORT:
    case EXCP_BKPT:
        new_mode = ARM_CPU_MODE_ABT;
        addr = 0x0c;
        mask = CPSR_A | CPSR_I;
        offset = 4;
        break;
    case EXCP_DATA_ABORT:
        new_mode = ARM_CPU_MODE_ABT;
        addr = 0x10;
        mask = CPSR_A | CPSR_I;
        offset = 8;
        break;
    case EXCP_IRQ:
        new_mode = ARM_CPU_MODE_IRQ;
        addr = 0x18;
        /* Disable IRQ and imprecise data aborts.  */
        mask = CPSR_A | CPSR_I;
        offset = 4;
        break;
    case EXCP_FIQ:
        new_mode = ARM_CPU_MODE_FIQ;
        addr = 0x1c;
        /* Disable FIQ, IRQ and imprecise data aborts.  */
        mask = CPSR_A | CPSR_I | CPSR_F;
        offset = 4;
        break;
    default:
        cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
        return; /* Never happens.  Keep compiler happy.  */
    }
    /* High vectors.  */
    if (env->cp15.c1_sys & (1 << 13)) {
        addr += 0xffff0000;
    }
    switch_mode (env, new_mode);
    env->spsr = cpsr_read(env);
    /* Switch to the new mode, and switch to Arm mode.  */
    /* ??? Thumb interrupt handlers not implemented.  */
    env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
    env->uncached_cpsr |= mask;
    env->thumb = 0;
    env->regs[14] = env->regs[15] + offset;
    env->regs[15] = addr;
    env->interrupt_request |= CPU_INTERRUPT_EXITTB;
}

/* Check section/page access permissions.
   Returns the page protection flags, or zero if the access is not
   permitted.  */
static inline int check_ap(CPUState *env, int ap, int domain, int access_type,
                           int is_user)
{
  if (domain == 3)
    return PAGE_READ | PAGE_WRITE;

  switch (ap) {
  case 0:
      if (access_type == 1)
          return 0;
      switch ((env->cp15.c1_sys >> 8) & 3) {
      case 1:
          return is_user ? 0 : PAGE_READ;
      case 2:
          return PAGE_READ;
      default:
          return 0;
      }
  case 1:
      return is_user ? 0 : PAGE_READ | PAGE_WRITE;
  case 2:
      if (is_user)
          return (access_type == 1) ? 0 : PAGE_READ;
      else
          return PAGE_READ | PAGE_WRITE;
  case 3:
      return PAGE_READ | PAGE_WRITE;
  default:
      abort();
  }
}

static int get_phys_addr(CPUState *env, uint32_t address, int access_type,
                         int is_user, uint32_t *phys_ptr, int *prot)
{
    int code;
    uint32_t table;
    uint32_t desc;
    int type;
    int ap;
    int domain;
    uint32_t phys_addr;

    /* Fast Context Switch Extension.  */
    if (address < 0x02000000)
        address += env->cp15.c13_fcse;

    if ((env->cp15.c1_sys & 1) == 0) {
        /* MMU diusabled.  */
        *phys_ptr = address;
        *prot = PAGE_READ | PAGE_WRITE;
    } else {
        /* Pagetable walk.  */
        /* Lookup l1 descriptor.  */
        table = (env->cp15.c2 & 0xffffc000) | ((address >> 18) & 0x3ffc);
        desc = ldl_phys(table);
        type = (desc & 3);
        domain = (env->cp15.c3 >> ((desc >> 4) & 0x1e)) & 3;
        if (type == 0) {
            /* Secton translation fault.  */
            code = 5;
            goto do_fault;
        }
        if (domain == 0 || domain == 2) {
            if (type == 2)
                code = 9; /* Section domain fault.  */
            else
                code = 11; /* Page domain fault.  */
            goto do_fault;
        }
        if (type == 2) {
            /* 1Mb section.  */
            phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
            ap = (desc >> 10) & 3;
            code = 13;
        } else {
            /* Lookup l2 entry.  */
            if (type == 1) {
                /* Coarse pagetable.  */
                table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
            } else {
                /* Fine pagetable.  */
                table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
            }
            desc = ldl_phys(table);
            switch (desc & 3) {
            case 0: /* Page translation fault.  */
                code = 7;
                goto do_fault;
            case 1: /* 64k page.  */
                phys_addr = (desc & 0xffff0000) | (address & 0xffff);
                ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
                break;
            case 2: /* 4k page.  */
                phys_addr = (desc & 0xfffff000) | (address & 0xfff);
                ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
                break;
            case 3: /* 1k page.  */
                if (arm_feature(env, ARM_FEATURE_XSCALE))
                    phys_addr = (desc & 0xfffff000) | (address & 0xfff);
                else {
                    if (type == 1) {
                        /* Page translation fault.  */
                        code = 7;
                        goto do_fault;
                    }
                    phys_addr = (desc & 0xfffffc00) | (address & 0x3ff);
                }
                ap = (desc >> 4) & 3;
                break;
            default:
                /* Never happens, but compiler isn't smart enough to tell.  */
                abort();
            }
            code = 15;
        }
        *prot = check_ap(env, ap, domain, access_type, is_user);
        if (!*prot) {
            /* Access permission fault.  */
            goto do_fault;
        }
        *phys_ptr = phys_addr;
    }
    return 0;
do_fault:
    return code | (domain << 4);
}

int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address,
                              int access_type, int is_user, int is_softmmu)
{
    uint32_t phys_addr;
    int prot;
    int ret;

    ret = get_phys_addr(env, address, access_type, is_user, &phys_addr, &prot);
    if (ret == 0) {
        /* Map a single [sub]page.  */
        phys_addr &= ~(uint32_t)0x3ff;
        address &= ~(uint32_t)0x3ff;
        return tlb_set_page (env, address, phys_addr, prot, is_user,
                             is_softmmu);
    }

    if (access_type == 2) {
        env->cp15.c5_insn = ret;
        env->cp15.c6_insn = address;
        env->exception_index = EXCP_PREFETCH_ABORT;
    } else {
        env->cp15.c5_data = ret;
        env->cp15.c6_data = address;
        env->exception_index = EXCP_DATA_ABORT;
    }
    return 1;
}

target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
{
    uint32_t phys_addr;
    int prot;
    int ret;

    ret = get_phys_addr(env, addr, 0, 0, &phys_addr, &prot);

    if (ret != 0)
        return -1;

    return phys_addr;
}

void helper_set_cp(CPUState *env, uint32_t insn, uint32_t val)
{
    int cp_num = (insn >> 8) & 0xf;
    int cp_info = (insn >> 5) & 7;
    int src = (insn >> 16) & 0xf;
    int operand = insn & 0xf;

    if (env->cp[cp_num].cp_write)
        env->cp[cp_num].cp_write(env->cp[cp_num].opaque,
                                 cp_info, src, operand, val);
}

uint32_t helper_get_cp(CPUState *env, uint32_t insn)
{
    int cp_num = (insn >> 8) & 0xf;
    int cp_info = (insn >> 5) & 7;
    int dest = (insn >> 16) & 0xf;
    int operand = insn & 0xf;

    if (env->cp[cp_num].cp_read)
        return env->cp[cp_num].cp_read(env->cp[cp_num].opaque,
                                       cp_info, dest, operand);
    return 0;
}

void helper_set_cp15(CPUState *env, uint32_t insn, uint32_t val)
{
    uint32_t op2;

    op2 = (insn >> 5) & 7;
    switch ((insn >> 16) & 0xf) {
    case 0: /* ID codes.  */
        goto bad_reg;
    case 1: /* System configuration.  */
        switch (op2) {
        case 0:
            if (!arm_feature(env, ARM_FEATURE_XSCALE) || (insn & 0xf) == 0)
                env->cp15.c1_sys = val;
            /* ??? Lots of these bits are not implemented.  */
            /* This may enable/disable the MMU, so do a TLB flush.  */
            tlb_flush(env, 1);
            break;
        case 1:
            /* XScale doesn't implement AUX CR (P-Bit) but allows
             * writing with zero and reading.  */
            if (arm_feature(env, ARM_FEATURE_XSCALE))
                break;
            goto bad_reg;
        case 2:
            env->cp15.c1_coproc = val;
            /* ??? Is this safe when called from within a TB?  */
            tb_flush(env);
            break;
        default:
            goto bad_reg;
        }
        break;
    case 2: /* MMU Page table control.  */
        env->cp15.c2 = val;
        break;
    case 3: /* MMU Domain access control.  */
        env->cp15.c3 = val;
        break;
    case 4: /* Reserved.  */
        goto bad_reg;
    case 5: /* MMU Fault status.  */
        switch (op2) {
        case 0:
            env->cp15.c5_data = val;
            break;
        case 1:
            env->cp15.c5_insn = val;
            break;
        default:
            goto bad_reg;
        }
        break;
    case 6: /* MMU Fault address.  */
        switch (op2) {
        case 0:
            env->cp15.c6_data = val;
            break;
        case 1:
            env->cp15.c6_insn = val;
            break;
        default:
            goto bad_reg;
        }
        break;
    case 7: /* Cache control.  */
        /* No cache, so nothing to do.  */
        break;
    case 8: /* MMU TLB control.  */
        switch (op2) {
        case 0: /* Invalidate all.  */
            tlb_flush(env, 0);
            break;
        case 1: /* Invalidate single TLB entry.  */
#if 0
            /* ??? This is wrong for large pages and sections.  */
            /* As an ugly hack to make linux work we always flush a 4K
               pages.  */
            val &= 0xfffff000;
            tlb_flush_page(env, val);
            tlb_flush_page(env, val + 0x400);
            tlb_flush_page(env, val + 0x800);
            tlb_flush_page(env, val + 0xc00);
#else
            tlb_flush(env, 1);
#endif
            break;
        default:
            goto bad_reg;
        }
        break;
    case 9: /* Cache lockdown.  */
        switch (op2) {
        case 0:
            env->cp15.c9_data = val;
            break;
        case 1:
            env->cp15.c9_insn = val;
            break;
        default:
            goto bad_reg;
        }
        break;
    case 10: /* MMU TLB lockdown.  */
        /* ??? TLB lockdown not implemented.  */
        break;
    case 11: /* TCM DMA control.  */
    case 12: /* Reserved.  */
        goto bad_reg;
    case 13: /* Process ID.  */
        switch (op2) {
        case 0:
            /* Unlike real hardware the qemu TLB uses virtual addresses,
               not modified virtual addresses, so this causes a TLB flush.
             */
            if (env->cp15.c13_fcse != val)
              tlb_flush(env, 1);
            env->cp15.c13_fcse = val;
            break;
        case 1:
            /* This changes the ASID, so do a TLB flush.  */
            if (env->cp15.c13_context != val)
              tlb_flush(env, 0);
            env->cp15.c13_context = val;
            break;
        default:
            goto bad_reg;
        }
        break;
    case 14: /* Reserved.  */
        goto bad_reg;
    case 15: /* Implementation specific.  */
        if (arm_feature(env, ARM_FEATURE_XSCALE)) {
            if (op2 == 0 && (insn & 0xf) == 1) {
                /* Changes cp0 to cp13 behavior, so needs a TB flush.  */
                tb_flush(env);
                env->cp15.c15_cpar = (val & 0x3fff) | 2;
                break;
            }
            goto bad_reg;
        }
        break;
    }
    return;
bad_reg:
    /* ??? For debugging only.  Should raise illegal instruction exception.  */
    cpu_abort(env, "Unimplemented cp15 register write\n");
}

uint32_t helper_get_cp15(CPUState *env, uint32_t insn)
{
    uint32_t op2;

    op2 = (insn >> 5) & 7;
    switch ((insn >> 16) & 0xf) {
    case 0: /* ID codes.  */
        switch (op2) {
        default: /* Device ID.  */
            return env->cp15.c0_cpuid;
        case 1: /* Cache Type.  */
            return env->cp15.c0_cachetype;
        case 2: /* TCM status.  */
            return 0;
        }
    case 1: /* System configuration.  */
        switch (op2) {
        case 0: /* Control register.  */
            return env->cp15.c1_sys;
        case 1: /* Auxiliary control register.  */
            if (arm_feature(env, ARM_FEATURE_AUXCR))
                return 1;
            if (arm_feature(env, ARM_FEATURE_XSCALE))
                return 0;
            goto bad_reg;
        case 2: /* Coprocessor access register.  */
            return env->cp15.c1_coproc;
        default:
            goto bad_reg;
        }
    case 2: /* MMU Page table control.  */
        return env->cp15.c2;
    case 3: /* MMU Domain access control.  */
        return env->cp15.c3;
    case 4: /* Reserved.  */
        goto bad_reg;
    case 5: /* MMU Fault status.  */
        switch (op2) {
        case 0:
            return env->cp15.c5_data;
        case 1:
            return env->cp15.c5_insn;
        default:
            goto bad_reg;
        }
    case 6: /* MMU Fault address.  */
        switch (op2) {
        case 0:
            return env->cp15.c6_data;
        case 1:
            /* Arm9 doesn't have an IFAR, but implementing it anyway shouldn't
               do any harm.  */
            return env->cp15.c6_insn;
        default:
            goto bad_reg;
        }
    case 7: /* Cache control.  */
        /* ??? This is for test, clean and invaidate operations that set the
           Z flag.  We can't represent N = Z = 1, so it also clears
           the N flag.  Oh well.  */
        env->NZF = 0;
        return 0;
    case 8: /* MMU TLB control.  */
        goto bad_reg;
    case 9: /* Cache lockdown.  */
        switch (op2) {
        case 0:
            return env->cp15.c9_data;
        case 1:
            return env->cp15.c9_insn;
        default:
            goto bad_reg;
        }
    case 10: /* MMU TLB lockdown.  */
        /* ??? TLB lockdown not implemented.  */
        return 0;
    case 11: /* TCM DMA control.  */
    case 12: /* Reserved.  */
        goto bad_reg;
    case 13: /* Process ID.  */
        switch (op2) {
        case 0:
            return env->cp15.c13_fcse;
        case 1:
            return env->cp15.c13_context;
        default:
            goto bad_reg;
        }
    case 14: /* Reserved.  */
        goto bad_reg;
    case 15: /* Implementation specific.  */
        if (arm_feature(env, ARM_FEATURE_XSCALE)) {
            if (op2 == 0 && (insn & 0xf) == 1)
                return env->cp15.c15_cpar;

            goto bad_reg;
        }
        return 0;
    }
bad_reg:
    /* ??? For debugging only.  Should raise illegal instruction exception.  */
    cpu_abort(env, "Unimplemented cp15 register read\n");
    return 0;
}

void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
                ARMReadCPFunc *cp_read, ARMWriteCPFunc *cp_write,
                void *opaque)
{
    if (cpnum < 0 || cpnum > 14) {
        cpu_abort(env, "Bad coprocessor number: %i\n", cpnum);
        return;
    }

    env->cp[cpnum].cp_read = cp_read;
    env->cp[cpnum].cp_write = cp_write;
    env->cp[cpnum].opaque = opaque;
}

#endif
Commit	Line	Data
b5ff1b31 FB	1	#include <stdio.h>
	2	#include <stdlib.h>
	3	#include <string.h>
	4
	5	#include "cpu.h"
	6	#include "exec-all.h"
	7
f3d6b95e PB	8	static inline void set_feature(CPUARMState *env, int feature)
	9	{
	10	env->features \|= 1u << feature;
	11	}
	12
	13	static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
	14	{
	15	env->cp15.c0_cpuid = id;
	16	switch (id) {
	17	case ARM_CPUID_ARM926:
	18	set_feature(env, ARM_FEATURE_VFP);
	19	env->vfp.xregs[ARM_VFP_FPSID] = 0x41011090;
c1713132	20	env->cp15.c0_cachetype = 0x1dd20d2;
f3d6b95e PB	21	break;
	22	case ARM_CPUID_ARM1026:
	23	set_feature(env, ARM_FEATURE_VFP);
	24	set_feature(env, ARM_FEATURE_AUXCR);
	25	env->vfp.xregs[ARM_VFP_FPSID] = 0x410110a0;
c1713132 AZ	26	env->cp15.c0_cachetype = 0x1dd20d2;
	27	break;
	28	case ARM_CPUID_PXA250:
	29	case ARM_CPUID_PXA255:
	30	case ARM_CPUID_PXA260:
	31	case ARM_CPUID_PXA261:
	32	case ARM_CPUID_PXA262:
	33	set_feature(env, ARM_FEATURE_XSCALE);
	34	/* JTAG_ID is ((id << 28) \| 0x09265013) */
	35	env->cp15.c0_cachetype = 0xd172172;
	36	break;
	37	case ARM_CPUID_PXA270_A0:
	38	case ARM_CPUID_PXA270_A1:
	39	case ARM_CPUID_PXA270_B0:
	40	case ARM_CPUID_PXA270_B1:
	41	case ARM_CPUID_PXA270_C0:
	42	case ARM_CPUID_PXA270_C5:
	43	set_feature(env, ARM_FEATURE_XSCALE);
	44	/* JTAG_ID is ((id << 28) \| 0x09265013) */
18c9b560 AZ	45	set_feature(env, ARM_FEATURE_IWMMXT);
18c9b560 AZ	46	env->iwmmxt.cregs[ARM_IWMMXT_wCID] = 0x69051000 \| 'Q';
c1713132	47	env->cp15.c0_cachetype = 0xd172172;
f3d6b95e PB	48	break;
	49	default:
	50	cpu_abort(env, "Bad CPU ID: %x\n", id);
	51	break;
	52	}
	53	}
	54
40f137e1 PB	55	void cpu_reset(CPUARMState *env)
40f137e1 PB	56	{
f3d6b95e PB	57	uint32_t id;
	58	id = env->cp15.c0_cpuid;
	59	memset(env, 0, offsetof(CPUARMState, breakpoints));
	60	if (id)
	61	cpu_reset_model_id(env, id);
40f137e1 PB	62	#if defined (CONFIG_USER_ONLY)
	63	env->uncached_cpsr = ARM_CPU_MODE_USR;
	64	env->vfp.xregs[ARM_VFP_FPEXC] = 1 << 30;
	65	#else
	66	/* SVC mode with interrupts disabled. */
	67	env->uncached_cpsr = ARM_CPU_MODE_SVC \| CPSR_A \| CPSR_F \| CPSR_I;
	68	env->vfp.xregs[ARM_VFP_FPEXC] = 0;
	69	#endif
	70	env->regs[15] = 0;
f3d6b95e	71	tlb_flush(env, 1);
40f137e1 PB	72	}
	73
	74	CPUARMState *cpu_arm_init(void)
	75	{
	76	CPUARMState *env;
	77
	78	env = qemu_mallocz(sizeof(CPUARMState));
	79	if (!env)
	80	return NULL;
	81	cpu_exec_init(env);
	82	cpu_reset(env);
40f137e1 PB	83	return env;
	84	}
	85
3371d272 PB	86	struct arm_cpu_t {
	87	uint32_t id;
	88	const char *name;
	89	};
	90
	91	static const struct arm_cpu_t arm_cpu_names[] = {
	92	{ ARM_CPUID_ARM926, "arm926"},
	93	{ ARM_CPUID_ARM1026, "arm1026"},
c1713132 AZ	94	{ ARM_CPUID_PXA250, "pxa250" },
	95	{ ARM_CPUID_PXA255, "pxa255" },
	96	{ ARM_CPUID_PXA260, "pxa260" },
	97	{ ARM_CPUID_PXA261, "pxa261" },
	98	{ ARM_CPUID_PXA262, "pxa262" },
	99	{ ARM_CPUID_PXA270, "pxa270" },
	100	{ ARM_CPUID_PXA270_A0, "pxa270-a0" },
	101	{ ARM_CPUID_PXA270_A1, "pxa270-a1" },
	102	{ ARM_CPUID_PXA270_B0, "pxa270-b0" },
	103	{ ARM_CPUID_PXA270_B1, "pxa270-b1" },
	104	{ ARM_CPUID_PXA270_C0, "pxa270-c0" },
	105	{ ARM_CPUID_PXA270_C5, "pxa270-c5" },
3371d272 PB	106	{ 0, NULL}
	107	};
	108
5adb4839 PB	109	void arm_cpu_list(void)
	110	{
	111	int i;
	112
	113	printf ("Available CPUs:\n");
	114	for (i = 0; arm_cpu_names[i].name; i++) {
	115	printf(" %s\n", arm_cpu_names[i].name);
	116	}
	117	}
	118
3371d272	119	void cpu_arm_set_model(CPUARMState env, const char name)
40f137e1	120	{
3371d272 PB	121	int i;
	122	uint32_t id;
	123
	124	id = 0;
	125	i = 0;
	126	for (i = 0; arm_cpu_names[i].name; i++) {
	127	if (strcmp(name, arm_cpu_names[i].name) == 0) {
	128	id = arm_cpu_names[i].id;
	129	break;
	130	}
	131	}
	132	if (!id) {
	133	cpu_abort(env, "Unknown CPU '%s'", name);
	134	return;
	135	}
f3d6b95e	136	cpu_reset_model_id(env, id);
40f137e1 PB	137	}
	138
	139	void cpu_arm_close(CPUARMState *env)
	140	{
	141	free(env);
	142	}
	143
b5ff1b31 FB	144	#if defined(CONFIG_USER_ONLY)
	145
	146	void do_interrupt (CPUState *env)
	147	{
	148	env->exception_index = -1;
	149	}
	150
	151	int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
	152	int is_user, int is_softmmu)
	153	{
	154	if (rw == 2) {
	155	env->exception_index = EXCP_PREFETCH_ABORT;
	156	env->cp15.c6_insn = address;
	157	} else {
	158	env->exception_index = EXCP_DATA_ABORT;
	159	env->cp15.c6_data = address;
	160	}
	161	return 1;
	162	}
	163
9b3c35e0	164	target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
b5ff1b31 FB	165	{
	166	return addr;
	167	}
	168
	169	/* These should probably raise undefined insn exceptions. */
c1713132 AZ	170	void helper_set_cp(CPUState *env, uint32_t insn, uint32_t val)
	171	{
	172	int op1 = (insn >> 8) & 0xf;
	173	cpu_abort(env, "cp%i insn %08x\n", op1, insn);
	174	return;
	175	}
	176
	177	uint32_t helper_get_cp(CPUState *env, uint32_t insn)
	178	{
	179	int op1 = (insn >> 8) & 0xf;
	180	cpu_abort(env, "cp%i insn %08x\n", op1, insn);
	181	return 0;
	182	}
	183
b5ff1b31 FB	184	void helper_set_cp15(CPUState *env, uint32_t insn, uint32_t val)
	185	{
	186	cpu_abort(env, "cp15 insn %08x\n", insn);
	187	}
	188
	189	uint32_t helper_get_cp15(CPUState *env, uint32_t insn)
	190	{
	191	cpu_abort(env, "cp15 insn %08x\n", insn);
	192	return 0;
	193	}
	194
	195	void switch_mode(CPUState *env, int mode)
	196	{
	197	if (mode != ARM_CPU_MODE_USR)
	198	cpu_abort(env, "Tried to switch out of user mode\n");
	199	}
	200
	201	#else
	202
8e71621f PB	203	extern int semihosting_enabled;
8e71621f PB	204
b5ff1b31 FB	205	/* Map CPU modes onto saved register banks. */
	206	static inline int bank_number (int mode)
	207	{
	208	switch (mode) {
	209	case ARM_CPU_MODE_USR:
	210	case ARM_CPU_MODE_SYS:
	211	return 0;
	212	case ARM_CPU_MODE_SVC:
	213	return 1;
	214	case ARM_CPU_MODE_ABT:
	215	return 2;
	216	case ARM_CPU_MODE_UND:
	217	return 3;
	218	case ARM_CPU_MODE_IRQ:
	219	return 4;
	220	case ARM_CPU_MODE_FIQ:
	221	return 5;
	222	}
	223	cpu_abort(cpu_single_env, "Bad mode %x\n", mode);
	224	return -1;
	225	}
	226
	227	void switch_mode(CPUState *env, int mode)
	228	{
	229	int old_mode;
	230	int i;
	231
	232	old_mode = env->uncached_cpsr & CPSR_M;
	233	if (mode == old_mode)
	234	return;
	235
	236	if (old_mode == ARM_CPU_MODE_FIQ) {
	237	memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
8637c67f	238	memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
b5ff1b31 FB	239	} else if (mode == ARM_CPU_MODE_FIQ) {
b5ff1b31 FB	240	memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
8637c67f	241	memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
b5ff1b31 FB	242	}
	243
	244	i = bank_number(old_mode);
	245	env->banked_r13[i] = env->regs[13];
	246	env->banked_r14[i] = env->regs[14];
	247	env->banked_spsr[i] = env->spsr;
	248
	249	i = bank_number(mode);
	250	env->regs[13] = env->banked_r13[i];
	251	env->regs[14] = env->banked_r14[i];
	252	env->spsr = env->banked_spsr[i];
	253	}
	254
	255	/* Handle a CPU exception. */
	256	void do_interrupt(CPUARMState *env)
	257	{
	258	uint32_t addr;
	259	uint32_t mask;
	260	int new_mode;
	261	uint32_t offset;
	262
	263	/* TODO: Vectored interrupt controller. */
	264	switch (env->exception_index) {
	265	case EXCP_UDEF:
	266	new_mode = ARM_CPU_MODE_UND;
	267	addr = 0x04;
	268	mask = CPSR_I;
	269	if (env->thumb)
	270	offset = 2;
	271	else
	272	offset = 4;
	273	break;
	274	case EXCP_SWI:
8e71621f PB	275	if (semihosting_enabled) {
	276	/* Check for semihosting interrupt. */
	277	if (env->thumb) {
	278	mask = lduw_code(env->regs[15] - 2) & 0xff;
	279	} else {
	280	mask = ldl_code(env->regs[15] - 4) & 0xffffff;
	281	}
	282	/* Only intercept calls from privileged modes, to provide some
	283	semblance of security. */
	284	if (((mask == 0x123456 && !env->thumb)
	285	\|\| (mask == 0xab && env->thumb))
	286	&& (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
	287	env->regs[0] = do_arm_semihosting(env);
	288	return;
	289	}
	290	}
b5ff1b31 FB	291	new_mode = ARM_CPU_MODE_SVC;
	292	addr = 0x08;
	293	mask = CPSR_I;
	294	/* The PC already points to the next instructon. */
	295	offset = 0;
	296	break;
	297	case EXCP_PREFETCH_ABORT:
06c949e6	298	case EXCP_BKPT:
b5ff1b31 FB	299	new_mode = ARM_CPU_MODE_ABT;
	300	addr = 0x0c;
	301	mask = CPSR_A \| CPSR_I;
	302	offset = 4;
	303	break;
	304	case EXCP_DATA_ABORT:
	305	new_mode = ARM_CPU_MODE_ABT;
	306	addr = 0x10;
	307	mask = CPSR_A \| CPSR_I;
	308	offset = 8;
	309	break;
	310	case EXCP_IRQ:
	311	new_mode = ARM_CPU_MODE_IRQ;
	312	addr = 0x18;
	313	/* Disable IRQ and imprecise data aborts. */
	314	mask = CPSR_A \| CPSR_I;
	315	offset = 4;
	316	break;
	317	case EXCP_FIQ:
	318	new_mode = ARM_CPU_MODE_FIQ;
	319	addr = 0x1c;
	320	/* Disable FIQ, IRQ and imprecise data aborts. */
	321	mask = CPSR_A \| CPSR_I \| CPSR_F;
	322	offset = 4;
	323	break;
	324	default:
	325	cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
	326	return; /* Never happens. Keep compiler happy. */
	327	}
	328	/* High vectors. */
	329	if (env->cp15.c1_sys & (1 << 13)) {
	330	addr += 0xffff0000;
	331	}
	332	switch_mode (env, new_mode);
	333	env->spsr = cpsr_read(env);
6d7e6326	334	/* Switch to the new mode, and switch to Arm mode. */
b5ff1b31	335	/* ??? Thumb interrupt handlers not implemented. */
6d7e6326	336	env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) \| new_mode;
b5ff1b31	337	env->uncached_cpsr \|= mask;
6d7e6326	338	env->thumb = 0;
b5ff1b31 FB	339	env->regs[14] = env->regs[15] + offset;
	340	env->regs[15] = addr;
	341	env->interrupt_request \|= CPU_INTERRUPT_EXITTB;
	342	}
	343
	344	/* Check section/page access permissions.
	345	Returns the page protection flags, or zero if the access is not
	346	permitted. */
	347	static inline int check_ap(CPUState *env, int ap, int domain, int access_type,
	348	int is_user)
	349	{
	350	if (domain == 3)
	351	return PAGE_READ \| PAGE_WRITE;
	352
	353	switch (ap) {
	354	case 0:
78600320	355	if (access_type == 1)
b5ff1b31 FB	356	return 0;
	357	switch ((env->cp15.c1_sys >> 8) & 3) {
	358	case 1:
	359	return is_user ? 0 : PAGE_READ;
	360	case 2:
	361	return PAGE_READ;
	362	default:
	363	return 0;
	364	}
	365	case 1:
	366	return is_user ? 0 : PAGE_READ \| PAGE_WRITE;
	367	case 2:
	368	if (is_user)
	369	return (access_type == 1) ? 0 : PAGE_READ;
	370	else
	371	return PAGE_READ \| PAGE_WRITE;
	372	case 3:
	373	return PAGE_READ \| PAGE_WRITE;
	374	default:
	375	abort();
	376	}
	377	}
	378
	379	static int get_phys_addr(CPUState *env, uint32_t address, int access_type,
	380	int is_user, uint32_t phys_ptr, int prot)
	381	{
	382	int code;
	383	uint32_t table;
	384	uint32_t desc;
	385	int type;
	386	int ap;
	387	int domain;
	388	uint32_t phys_addr;
	389
	390	/* Fast Context Switch Extension. */
	391	if (address < 0x02000000)
	392	address += env->cp15.c13_fcse;
	393
	394	if ((env->cp15.c1_sys & 1) == 0) {
	395	/* MMU diusabled. */
	396	*phys_ptr = address;
	397	*prot = PAGE_READ \| PAGE_WRITE;
	398	} else {
	399	/* Pagetable walk. */
	400	/* Lookup l1 descriptor. */
	401	table = (env->cp15.c2 & 0xffffc000) \| ((address >> 18) & 0x3ffc);
	402	desc = ldl_phys(table);
	403	type = (desc & 3);
	404	domain = (env->cp15.c3 >> ((desc >> 4) & 0x1e)) & 3;
	405	if (type == 0) {
	406	/* Secton translation fault. */
	407	code = 5;
	408	goto do_fault;
	409	}
	410	if (domain == 0 \|\| domain == 2) {
	411	if (type == 2)
	412	code = 9; /* Section domain fault. */
	413	else
	414	code = 11; /* Page domain fault. */
	415	goto do_fault;
	416	}
	417	if (type == 2) {
	418	/* 1Mb section. */
	419	phys_addr = (desc & 0xfff00000) \| (address & 0x000fffff);
420	ap = (desc >> 10) & 3;
421	code = 13;
422	} else {
423	/* Lookup l2 entry. */
c73c3aa0 PB	424	if (type == 1) {
	425	/* Coarse pagetable. */
	426	table = (desc & 0xfffffc00) \| ((address >> 10) & 0x3fc);
	427	} else {
	428	/* Fine pagetable. */
	429	table = (desc & 0xfffff000) \| ((address >> 8) & 0xffc);
	430	}
b5ff1b31 FB	431	desc = ldl_phys(table);
	432	switch (desc & 3) {
	433	case 0: /* Page translation fault. */
	434	code = 7;
	435	goto do_fault;
	436	case 1: /* 64k page. */
	437	phys_addr = (desc & 0xffff0000) \| (address & 0xffff);
	438	ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
	439	break;
	440	case 2: /* 4k page. */
	441	phys_addr = (desc & 0xfffff000) \| (address & 0xfff);
	442	ap = (desc >> (4 + ((address >> 13) & 6))) & 3;
	443	break;
	444	case 3: /* 1k page. */
c1713132 AZ	445	if (arm_feature(env, ARM_FEATURE_XSCALE))
	446	phys_addr = (desc & 0xfffff000) \| (address & 0xfff);
	447	else {
	448	if (type == 1) {
	449	/* Page translation fault. */
	450	code = 7;
	451	goto do_fault;
	452	}
	453	phys_addr = (desc & 0xfffffc00) \| (address & 0x3ff);
b5ff1b31	454	}
b5ff1b31 FB	455	ap = (desc >> 4) & 3;
	456	break;
	457	default:
	458	/* Never happens, but compiler isn't smart enough to tell. */
	459	abort();
	460	}
	461	code = 15;
	462	}
	463	*prot = check_ap(env, ap, domain, access_type, is_user);
	464	if (!*prot) {
	465	/* Access permission fault. */
	466	goto do_fault;
	467	}
	468	*phys_ptr = phys_addr;
	469	}
	470	return 0;
	471	do_fault:
	472	return code \| (domain << 4);
	473	}
	474
	475	int cpu_arm_handle_mmu_fault (CPUState *env, target_ulong address,
	476	int access_type, int is_user, int is_softmmu)
	477	{
	478	uint32_t phys_addr;
	479	int prot;
	480	int ret;
	481
	482	ret = get_phys_addr(env, address, access_type, is_user, &phys_addr, &prot);
	483	if (ret == 0) {
	484	/* Map a single [sub]page. */
	485	phys_addr &= ~(uint32_t)0x3ff;
	486	address &= ~(uint32_t)0x3ff;
	487	return tlb_set_page (env, address, phys_addr, prot, is_user,
	488	is_softmmu);
	489	}
	490
	491	if (access_type == 2) {
	492	env->cp15.c5_insn = ret;
	493	env->cp15.c6_insn = address;
	494	env->exception_index = EXCP_PREFETCH_ABORT;
	495	} else {
	496	env->cp15.c5_data = ret;
	497	env->cp15.c6_data = address;
	498	env->exception_index = EXCP_DATA_ABORT;
	499	}
	500	return 1;
	501	}
	502
9b3c35e0	503	target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
b5ff1b31 FB	504	{
	505	uint32_t phys_addr;
	506	int prot;
	507	int ret;
	508
	509	ret = get_phys_addr(env, addr, 0, 0, &phys_addr, &prot);
	510
	511	if (ret != 0)
	512	return -1;
	513
	514	return phys_addr;
	515	}
	516
c1713132 AZ	517	void helper_set_cp(CPUState *env, uint32_t insn, uint32_t val)
	518	{
	519	int cp_num = (insn >> 8) & 0xf;
	520	int cp_info = (insn >> 5) & 7;
	521	int src = (insn >> 16) & 0xf;
	522	int operand = insn & 0xf;
	523
	524	if (env->cp[cp_num].cp_write)
	525	env->cp[cp_num].cp_write(env->cp[cp_num].opaque,
	526	cp_info, src, operand, val);
	527	}
	528
	529	uint32_t helper_get_cp(CPUState *env, uint32_t insn)
	530	{
	531	int cp_num = (insn >> 8) & 0xf;
	532	int cp_info = (insn >> 5) & 7;
	533	int dest = (insn >> 16) & 0xf;
	534	int operand = insn & 0xf;
	535
	536	if (env->cp[cp_num].cp_read)
	537	return env->cp[cp_num].cp_read(env->cp[cp_num].opaque,
	538	cp_info, dest, operand);
	539	return 0;
	540	}
	541
b5ff1b31 FB	542	void helper_set_cp15(CPUState *env, uint32_t insn, uint32_t val)
	543	{
	544	uint32_t op2;
	545
	546	op2 = (insn >> 5) & 7;
	547	switch ((insn >> 16) & 0xf) {
	548	case 0: /* ID codes. */
	549	goto bad_reg;
	550	case 1: /* System configuration. */
	551	switch (op2) {
	552	case 0:
c1713132 AZ	553	if (!arm_feature(env, ARM_FEATURE_XSCALE) \|\| (insn & 0xf) == 0)
c1713132 AZ	554	env->cp15.c1_sys = val;
b5ff1b31 FB	555	/* ??? Lots of these bits are not implemented. */
	556	/* This may enable/disable the MMU, so do a TLB flush. */
	557	tlb_flush(env, 1);
	558	break;
c1713132 AZ	559	case 1:
	560	/* XScale doesn't implement AUX CR (P-Bit) but allows
	561	* writing with zero and reading. */
	562	if (arm_feature(env, ARM_FEATURE_XSCALE))
	563	break;
	564	goto bad_reg;
b5ff1b31 FB	565	case 2:
	566	env->cp15.c1_coproc = val;
	567	/* ??? Is this safe when called from within a TB? */
	568	tb_flush(env);
c1713132	569	break;
b5ff1b31 FB	570	default:
	571	goto bad_reg;
	572	}
	573	break;
	574	case 2: /* MMU Page table control. */
	575	env->cp15.c2 = val;
	576	break;
	577	case 3: /* MMU Domain access control. */
	578	env->cp15.c3 = val;
	579	break;
	580	case 4: /* Reserved. */
	581	goto bad_reg;
	582	case 5: /* MMU Fault status. */
	583	switch (op2) {
	584	case 0:
	585	env->cp15.c5_data = val;
	586	break;
	587	case 1:
	588	env->cp15.c5_insn = val;
	589	break;
	590	default:
	591	goto bad_reg;
	592	}
	593	break;
	594	case 6: /* MMU Fault address. */
	595	switch (op2) {
	596	case 0:
	597	env->cp15.c6_data = val;
	598	break;
	599	case 1:
	600	env->cp15.c6_insn = val;
	601	break;
	602	default:
	603	goto bad_reg;
	604	}
	605	break;
	606	case 7: /* Cache control. */
	607	/* No cache, so nothing to do. */
	608	break;
	609	case 8: /* MMU TLB control. */
	610	switch (op2) {
	611	case 0: /* Invalidate all. */
	612	tlb_flush(env, 0);
	613	break;
	614	case 1: /* Invalidate single TLB entry. */
	615	#if 0
	616	/* ??? This is wrong for large pages and sections. */
	617	/* As an ugly hack to make linux work we always flush a 4K
	618	pages. */
	619	val &= 0xfffff000;
	620	tlb_flush_page(env, val);
	621	tlb_flush_page(env, val + 0x400);
	622	tlb_flush_page(env, val + 0x800);
	623	tlb_flush_page(env, val + 0xc00);
	624	#else
	625	tlb_flush(env, 1);
	626	#endif
	627	break;
	628	default:
	629	goto bad_reg;
	630	}
	631	break;
	632	case 9: /* Cache lockdown. */
	633	switch (op2) {
634	case 0:
635	env->cp15.c9_data = val;
636	break;
637	case 1:
638	env->cp15.c9_insn = val;
639	break;
640	default:
641	goto bad_reg;
642	}
643	break;
644	case 10: /* MMU TLB lockdown. */
645	/* ??? TLB lockdown not implemented. */
646	break;
647	case 11: /* TCM DMA control. */
648	case 12: /* Reserved. */
649	goto bad_reg;
650	case 13: /* Process ID. */
651	switch (op2) {
652	case 0:
d07edbfa PB	653	/* Unlike real hardware the qemu TLB uses virtual addresses,
	654	not modified virtual addresses, so this causes a TLB flush.
	655	*/
	656	if (env->cp15.c13_fcse != val)
	657	tlb_flush(env, 1);
	658	env->cp15.c13_fcse = val;
b5ff1b31 FB	659	break;
b5ff1b31 FB	660	case 1:
d07edbfa PB	661	/* This changes the ASID, so do a TLB flush. */
	662	if (env->cp15.c13_context != val)
	663	tlb_flush(env, 0);
	664	env->cp15.c13_context = val;
b5ff1b31 FB	665	break;
	666	default:
	667	goto bad_reg;
	668	}
	669	break;
	670	case 14: /* Reserved. */
	671	goto bad_reg;
	672	case 15: /* Implementation specific. */
c1713132 AZ	673	if (arm_feature(env, ARM_FEATURE_XSCALE)) {
	674	if (op2 == 0 && (insn & 0xf) == 1) {
	675	/* Changes cp0 to cp13 behavior, so needs a TB flush. */
	676	tb_flush(env);
	677	env->cp15.c15_cpar = (val & 0x3fff) \| 2;
	678	break;
	679	}
	680	goto bad_reg;
	681	}
b5ff1b31 FB	682	break;
	683	}
	684	return;
	685	bad_reg:
	686	/* ??? For debugging only. Should raise illegal instruction exception. */
c1713132	687	cpu_abort(env, "Unimplemented cp15 register write\n");
b5ff1b31 FB	688	}
	689
	690	uint32_t helper_get_cp15(CPUState *env, uint32_t insn)
	691	{
	692	uint32_t op2;
	693
	694	op2 = (insn >> 5) & 7;
	695	switch ((insn >> 16) & 0xf) {
	696	case 0: /* ID codes. */
	697	switch (op2) {
	698	default: /* Device ID. */
40f137e1	699	return env->cp15.c0_cpuid;
b5ff1b31	700	case 1: /* Cache Type. */
c1713132	701	return env->cp15.c0_cachetype;
b5ff1b31 FB	702	case 2: /* TCM status. */
	703	return 0;
	704	}
	705	case 1: /* System configuration. */
	706	switch (op2) {
	707	case 0: /* Control register. */
	708	return env->cp15.c1_sys;
	709	case 1: /* Auxiliary control register. */
40f137e1 PB	710	if (arm_feature(env, ARM_FEATURE_AUXCR))
40f137e1 PB	711	return 1;
c1713132 AZ	712	if (arm_feature(env, ARM_FEATURE_XSCALE))
c1713132 AZ	713	return 0;
40f137e1	714	goto bad_reg;
b5ff1b31 FB	715	case 2: /* Coprocessor access register. */
	716	return env->cp15.c1_coproc;
	717	default:
	718	goto bad_reg;
	719	}
	720	case 2: /* MMU Page table control. */
	721	return env->cp15.c2;
	722	case 3: /* MMU Domain access control. */
	723	return env->cp15.c3;
	724	case 4: /* Reserved. */
	725	goto bad_reg;
	726	case 5: /* MMU Fault status. */
	727	switch (op2) {
	728	case 0:
	729	return env->cp15.c5_data;
	730	case 1:
	731	return env->cp15.c5_insn;
	732	default:
	733	goto bad_reg;
	734	}
	735	case 6: /* MMU Fault address. */
	736	switch (op2) {
	737	case 0:
	738	return env->cp15.c6_data;
	739	case 1:
40f137e1 PB	740	/* Arm9 doesn't have an IFAR, but implementing it anyway shouldn't
40f137e1 PB	741	do any harm. */
b5ff1b31 FB	742	return env->cp15.c6_insn;
	743	default:
	744	goto bad_reg;
	745	}
	746	case 7: /* Cache control. */
	747	/* ??? This is for test, clean and invaidate operations that set the
c1713132	748	Z flag. We can't represent N = Z = 1, so it also clears
b5ff1b31 FB	749	the N flag. Oh well. */
	750	env->NZF = 0;
	751	return 0;
	752	case 8: /* MMU TLB control. */
	753	goto bad_reg;
	754	case 9: /* Cache lockdown. */
	755	switch (op2) {
	756	case 0:
	757	return env->cp15.c9_data;
	758	case 1:
	759	return env->cp15.c9_insn;
	760	default:
	761	goto bad_reg;
	762	}
	763	case 10: /* MMU TLB lockdown. */
	764	/* ??? TLB lockdown not implemented. */
	765	return 0;
	766	case 11: /* TCM DMA control. */
	767	case 12: /* Reserved. */
	768	goto bad_reg;
	769	case 13: /* Process ID. */
	770	switch (op2) {
	771	case 0:
	772	return env->cp15.c13_fcse;
	773	case 1:
	774	return env->cp15.c13_context;
	775	default:
	776	goto bad_reg;
	777	}
	778	case 14: /* Reserved. */
	779	goto bad_reg;
	780	case 15: /* Implementation specific. */
c1713132 AZ	781	if (arm_feature(env, ARM_FEATURE_XSCALE)) {
	782	if (op2 == 0 && (insn & 0xf) == 1)
	783	return env->cp15.c15_cpar;
	784
	785	goto bad_reg;
	786	}
b5ff1b31 FB	787	return 0;
	788	}
	789	bad_reg:
	790	/* ??? For debugging only. Should raise illegal instruction exception. */
	791	cpu_abort(env, "Unimplemented cp15 register read\n");
	792	return 0;
	793	}
	794
c1713132 AZ	795	void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
	796	ARMReadCPFunc cp_read, ARMWriteCPFunc cp_write,
	797	void *opaque)
	798	{
	799	if (cpnum < 0 \|\| cpnum > 14) {
	800	cpu_abort(env, "Bad coprocessor number: %i\n", cpnum);
	801	return;
	802	}
	803
	804	env->cp[cpnum].cp_read = cp_read;
	805	env->cp[cpnum].cp_write = cp_write;
	806	env->cp[cpnum].opaque = opaque;
	807	}
	808
b5ff1b31	809	#endif