1 /*
2  * ARM CMSDK APB dual-timer emulation
3  *
4  * Copyright (c) 2018 Linaro Limited
5  * Written by Peter Maydell
6  *
7  *  This program is free software; you can redistribute it and/or modify
8  *  it under the terms of the GNU General Public License version 2 or
9  *  (at your option) any later version.
10  */
11 
12 /*
13  * This is a model of the "APB dual-input timer" which is part of the Cortex-M
14  * System Design Kit (CMSDK) and documented in the Cortex-M System
15  * Design Kit Technical Reference Manual (ARM DDI0479C):
16  * https://developer.arm.com/products/system-design/system-design-kits/cortex-m-system-design-kit
17  */
18 
19 #include "qemu/osdep.h"
20 #include "qemu/log.h"
21 #include "trace.h"
22 #include "qapi/error.h"
23 #include "qemu/module.h"
24 #include "hw/sysbus.h"
25 #include "hw/irq.h"
26 #include "hw/qdev-properties.h"
27 #include "hw/registerfields.h"
28 #include "hw/timer/cmsdk-apb-dualtimer.h"
29 #include "migration/vmstate.h"
30 
31 REG32(TIMER1LOAD, 0x0)
32 REG32(TIMER1VALUE, 0x4)
33 REG32(TIMER1CONTROL, 0x8)
34     FIELD(CONTROL, ONESHOT, 0, 1)
35     FIELD(CONTROL, SIZE, 1, 1)
36     FIELD(CONTROL, PRESCALE, 2, 2)
37     FIELD(CONTROL, INTEN, 5, 1)
38     FIELD(CONTROL, MODE, 6, 1)
39     FIELD(CONTROL, ENABLE, 7, 1)
40 #define R_CONTROL_VALID_MASK (R_CONTROL_ONESHOT_MASK | R_CONTROL_SIZE_MASK | \
41                               R_CONTROL_PRESCALE_MASK | R_CONTROL_INTEN_MASK | \
42                               R_CONTROL_MODE_MASK | R_CONTROL_ENABLE_MASK)
43 REG32(TIMER1INTCLR, 0xc)
44 REG32(TIMER1RIS, 0x10)
45 REG32(TIMER1MIS, 0x14)
46 REG32(TIMER1BGLOAD, 0x18)
47 REG32(TIMER2LOAD, 0x20)
48 REG32(TIMER2VALUE, 0x24)
49 REG32(TIMER2CONTROL, 0x28)
50 REG32(TIMER2INTCLR, 0x2c)
51 REG32(TIMER2RIS, 0x30)
52 REG32(TIMER2MIS, 0x34)
53 REG32(TIMER2BGLOAD, 0x38)
54 REG32(TIMERITCR, 0xf00)
55     FIELD(TIMERITCR, ENABLE, 0, 1)
56 #define R_TIMERITCR_VALID_MASK R_TIMERITCR_ENABLE_MASK
57 REG32(TIMERITOP, 0xf04)
58     FIELD(TIMERITOP, TIMINT1, 0, 1)
59     FIELD(TIMERITOP, TIMINT2, 1, 1)
60 #define R_TIMERITOP_VALID_MASK (R_TIMERITOP_TIMINT1_MASK | \
61                                 R_TIMERITOP_TIMINT2_MASK)
62 REG32(PID4, 0xfd0)
63 REG32(PID5, 0xfd4)
64 REG32(PID6, 0xfd8)
65 REG32(PID7, 0xfdc)
66 REG32(PID0, 0xfe0)
67 REG32(PID1, 0xfe4)
68 REG32(PID2, 0xfe8)
69 REG32(PID3, 0xfec)
70 REG32(CID0, 0xff0)
71 REG32(CID1, 0xff4)
72 REG32(CID2, 0xff8)
73 REG32(CID3, 0xffc)
74 
75 /* PID/CID values */
76 static const int timer_id[] = {
77     0x04, 0x00, 0x00, 0x00, /* PID4..PID7 */
78     0x23, 0xb8, 0x1b, 0x00, /* PID0..PID3 */
79     0x0d, 0xf0, 0x05, 0xb1, /* CID0..CID3 */
80 };
81 
cmsdk_dualtimermod_intstatus(CMSDKAPBDualTimerModule * m)82 static bool cmsdk_dualtimermod_intstatus(CMSDKAPBDualTimerModule *m)
83 {
84     /* Return masked interrupt status for the timer module */
85     return m->intstatus && (m->control & R_CONTROL_INTEN_MASK);
86 }
87 
cmsdk_apb_dualtimer_update(CMSDKAPBDualTimer * s)88 static void cmsdk_apb_dualtimer_update(CMSDKAPBDualTimer *s)
89 {
90     bool timint1, timint2, timintc;
91 
92     if (s->timeritcr) {
93         /* Integration test mode: outputs driven directly from TIMERITOP bits */
94         timint1 = s->timeritop & R_TIMERITOP_TIMINT1_MASK;
95         timint2 = s->timeritop & R_TIMERITOP_TIMINT2_MASK;
96     } else {
97         timint1 = cmsdk_dualtimermod_intstatus(&s->timermod[0]);
98         timint2 = cmsdk_dualtimermod_intstatus(&s->timermod[1]);
99     }
100 
101     timintc = timint1 || timint2;
102 
103     qemu_set_irq(s->timermod[0].timerint, timint1);
104     qemu_set_irq(s->timermod[1].timerint, timint2);
105     qemu_set_irq(s->timerintc, timintc);
106 }
107 
cmsdk_dualtimermod_write_control(CMSDKAPBDualTimerModule * m,uint32_t newctrl)108 static void cmsdk_dualtimermod_write_control(CMSDKAPBDualTimerModule *m,
109                                              uint32_t newctrl)
110 {
111     /* Handle a write to the CONTROL register */
112     uint32_t changed;
113 
114     ptimer_transaction_begin(m->timer);
115 
116     newctrl &= R_CONTROL_VALID_MASK;
117 
118     changed = m->control ^ newctrl;
119 
120     if (changed & ~newctrl & R_CONTROL_ENABLE_MASK) {
121         /* ENABLE cleared, stop timer before any further changes */
122         ptimer_stop(m->timer);
123     }
124 
125     if (changed & R_CONTROL_PRESCALE_MASK) {
126         int divisor;
127 
128         switch (FIELD_EX32(newctrl, CONTROL, PRESCALE)) {
129         case 0:
130             divisor = 1;
131             break;
132         case 1:
133             divisor = 16;
134             break;
135         case 2:
136             divisor = 256;
137             break;
138         case 3:
139             /* UNDEFINED; complain, and arbitrarily treat like 2 */
140             qemu_log_mask(LOG_GUEST_ERROR,
141                           "CMSDK APB dual-timer: CONTROL.PRESCALE==0b11"
142                           " is undefined behaviour\n");
143             divisor = 256;
144             break;
145         default:
146             g_assert_not_reached();
147         }
148         ptimer_set_freq(m->timer, m->parent->pclk_frq / divisor);
149     }
150 
151     if (changed & R_CONTROL_MODE_MASK) {
152         uint32_t load;
153         if (newctrl & R_CONTROL_MODE_MASK) {
154             /* Periodic: the limit is the LOAD register value */
155             load = m->load;
156         } else {
157             /* Free-running: counter wraps around */
158             load = ptimer_get_limit(m->timer);
159             if (!(m->control & R_CONTROL_SIZE_MASK)) {
160                 load = deposit32(m->load, 0, 16, load);
161             }
162             m->load = load;
163             load = 0xffffffff;
164         }
165         if (!(m->control & R_CONTROL_SIZE_MASK)) {
166             load &= 0xffff;
167         }
168         ptimer_set_limit(m->timer, load, 0);
169     }
170 
171     if (changed & R_CONTROL_SIZE_MASK) {
172         /* Timer switched between 16 and 32 bit count */
173         uint32_t value, load;
174 
175         value = ptimer_get_count(m->timer);
176         load = ptimer_get_limit(m->timer);
177         if (newctrl & R_CONTROL_SIZE_MASK) {
178             /* 16 -> 32, top half of VALUE is in struct field */
179             value = deposit32(m->value, 0, 16, value);
180         } else {
181             /* 32 -> 16: save top half to struct field and truncate */
182             m->value = value;
183             value &= 0xffff;
184         }
185 
186         if (newctrl & R_CONTROL_MODE_MASK) {
187             /* Periodic, timer limit has LOAD value */
188             if (newctrl & R_CONTROL_SIZE_MASK) {
189                 load = deposit32(m->load, 0, 16, load);
190             } else {
191                 m->load = load;
192                 load &= 0xffff;
193             }
194         } else {
195             /* Free-running, timer limit is set to give wraparound */
196             if (newctrl & R_CONTROL_SIZE_MASK) {
197                 load = 0xffffffff;
198             } else {
199                 load = 0xffff;
200             }
201         }
202         ptimer_set_count(m->timer, value);
203         ptimer_set_limit(m->timer, load, 0);
204     }
205 
206     if (newctrl & R_CONTROL_ENABLE_MASK) {
207         /*
208          * ENABLE is set; start the timer after all other changes.
209          * We start it even if the ENABLE bit didn't actually change,
210          * in case the timer was an expired one-shot timer that has
211          * now been changed into a free-running or periodic timer.
212          */
213         ptimer_run(m->timer, !!(newctrl & R_CONTROL_ONESHOT_MASK));
214     }
215 
216     m->control = newctrl;
217 
218     ptimer_transaction_commit(m->timer);
219 }
220 
cmsdk_apb_dualtimer_read(void * opaque,hwaddr offset,unsigned size)221 static uint64_t cmsdk_apb_dualtimer_read(void *opaque, hwaddr offset,
222                                           unsigned size)
223 {
224     CMSDKAPBDualTimer *s = CMSDK_APB_DUALTIMER(opaque);
225     uint64_t r;
226 
227     if (offset >= A_TIMERITCR) {
228         switch (offset) {
229         case A_TIMERITCR:
230             r = s->timeritcr;
231             break;
232         case A_PID4 ... A_CID3:
233             r = timer_id[(offset - A_PID4) / 4];
234             break;
235         default:
236         bad_offset:
237             qemu_log_mask(LOG_GUEST_ERROR,
238                           "CMSDK APB dual-timer read: bad offset %x\n",
239                           (int) offset);
240             r = 0;
241             break;
242         }
243     } else {
244         int timer = offset >> 5;
245         CMSDKAPBDualTimerModule *m;
246 
247         if (timer >= ARRAY_SIZE(s->timermod)) {
248             goto bad_offset;
249         }
250 
251         m = &s->timermod[timer];
252 
253         switch (offset & 0x1F) {
254         case A_TIMER1LOAD:
255         case A_TIMER1BGLOAD:
256             if (m->control & R_CONTROL_MODE_MASK) {
257                 /*
258                  * Periodic: the ptimer limit is the LOAD register value, (or
259                  * just the low 16 bits of it if the timer is in 16-bit mode)
260                  */
261                 r = ptimer_get_limit(m->timer);
262                 if (!(m->control & R_CONTROL_SIZE_MASK)) {
263                     r = deposit32(m->load, 0, 16, r);
264                 }
265             } else {
266                 /* Free-running: LOAD register value is just in m->load */
267                 r = m->load;
268             }
269             break;
270         case A_TIMER1VALUE:
271             r = ptimer_get_count(m->timer);
272             if (!(m->control & R_CONTROL_SIZE_MASK)) {
273                 r = deposit32(m->value, 0, 16, r);
274             }
275             break;
276         case A_TIMER1CONTROL:
277             r = m->control;
278             break;
279         case A_TIMER1RIS:
280             r = m->intstatus;
281             break;
282         case A_TIMER1MIS:
283             r = cmsdk_dualtimermod_intstatus(m);
284             break;
285         default:
286             goto bad_offset;
287         }
288     }
289 
290     trace_cmsdk_apb_dualtimer_read(offset, r, size);
291     return r;
292 }
293 
cmsdk_apb_dualtimer_write(void * opaque,hwaddr offset,uint64_t value,unsigned size)294 static void cmsdk_apb_dualtimer_write(void *opaque, hwaddr offset,
295                                        uint64_t value, unsigned size)
296 {
297     CMSDKAPBDualTimer *s = CMSDK_APB_DUALTIMER(opaque);
298 
299     trace_cmsdk_apb_dualtimer_write(offset, value, size);
300 
301     if (offset >= A_TIMERITCR) {
302         switch (offset) {
303         case A_TIMERITCR:
304             s->timeritcr = value & R_TIMERITCR_VALID_MASK;
305             cmsdk_apb_dualtimer_update(s);
306             break;
307         case A_TIMERITOP:
308             s->timeritop = value & R_TIMERITOP_VALID_MASK;
309             cmsdk_apb_dualtimer_update(s);
310             break;
311         default:
312         bad_offset:
313             qemu_log_mask(LOG_GUEST_ERROR,
314                           "CMSDK APB dual-timer write: bad offset %x\n",
315                           (int) offset);
316             break;
317         }
318     } else {
319         int timer = offset >> 5;
320         CMSDKAPBDualTimerModule *m;
321 
322         if (timer >= ARRAY_SIZE(s->timermod)) {
323             goto bad_offset;
324         }
325 
326         m = &s->timermod[timer];
327 
328         switch (offset & 0x1F) {
329         case A_TIMER1LOAD:
330             /* Set the limit, and immediately reload the count from it */
331             m->load = value;
332             m->value = value;
333             if (!(m->control & R_CONTROL_SIZE_MASK)) {
334                 value &= 0xffff;
335             }
336             ptimer_transaction_begin(m->timer);
337             if (!(m->control & R_CONTROL_MODE_MASK)) {
338                 /*
339                  * In free-running mode this won't set the limit but will
340                  * still change the current count value.
341                  */
342                 ptimer_set_count(m->timer, value);
343             } else {
344                 if (!value) {
345                     ptimer_stop(m->timer);
346                 }
347                 ptimer_set_limit(m->timer, value, 1);
348                 if (value && (m->control & R_CONTROL_ENABLE_MASK)) {
349                     /* Force possibly-expired oneshot timer to restart */
350                     ptimer_run(m->timer, 1);
351                 }
352             }
353             ptimer_transaction_commit(m->timer);
354             break;
355         case A_TIMER1BGLOAD:
356             /* Set the limit, but not the current count */
357             m->load = value;
358             if (!(m->control & R_CONTROL_MODE_MASK)) {
359                 /* In free-running mode there is no limit */
360                 break;
361             }
362             if (!(m->control & R_CONTROL_SIZE_MASK)) {
363                 value &= 0xffff;
364             }
365             ptimer_transaction_begin(m->timer);
366             ptimer_set_limit(m->timer, value, 0);
367             ptimer_transaction_commit(m->timer);
368             break;
369         case A_TIMER1CONTROL:
370             cmsdk_dualtimermod_write_control(m, value);
371             cmsdk_apb_dualtimer_update(s);
372             break;
373         case A_TIMER1INTCLR:
374             m->intstatus = 0;
375             cmsdk_apb_dualtimer_update(s);
376             break;
377         default:
378             goto bad_offset;
379         }
380     }
381 }
382 
383 static const MemoryRegionOps cmsdk_apb_dualtimer_ops = {
384     .read = cmsdk_apb_dualtimer_read,
385     .write = cmsdk_apb_dualtimer_write,
386     .endianness = DEVICE_LITTLE_ENDIAN,
387     /* byte/halfword accesses are just zero-padded on reads and writes */
388     .impl.min_access_size = 4,
389     .impl.max_access_size = 4,
390     .valid.min_access_size = 1,
391     .valid.max_access_size = 4,
392 };
393 
cmsdk_dualtimermod_tick(void * opaque)394 static void cmsdk_dualtimermod_tick(void *opaque)
395 {
396     CMSDKAPBDualTimerModule *m = opaque;
397 
398     m->intstatus = 1;
399     cmsdk_apb_dualtimer_update(m->parent);
400 }
401 
cmsdk_dualtimermod_reset(CMSDKAPBDualTimerModule * m)402 static void cmsdk_dualtimermod_reset(CMSDKAPBDualTimerModule *m)
403 {
404     m->control = R_CONTROL_INTEN_MASK;
405     m->intstatus = 0;
406     m->load = 0;
407     m->value = 0xffffffff;
408     ptimer_transaction_begin(m->timer);
409     ptimer_stop(m->timer);
410     /*
411      * We start in free-running mode, with VALUE at 0xffffffff, and
412      * in 16-bit counter mode. This means that the ptimer count and
413      * limit must both be set to 0xffff, so we wrap at 16 bits.
414      */
415     ptimer_set_limit(m->timer, 0xffff, 1);
416     ptimer_set_freq(m->timer, m->parent->pclk_frq);
417     ptimer_transaction_commit(m->timer);
418 }
419 
cmsdk_apb_dualtimer_reset(DeviceState * dev)420 static void cmsdk_apb_dualtimer_reset(DeviceState *dev)
421 {
422     CMSDKAPBDualTimer *s = CMSDK_APB_DUALTIMER(dev);
423     int i;
424 
425     trace_cmsdk_apb_dualtimer_reset();
426 
427     for (i = 0; i < ARRAY_SIZE(s->timermod); i++) {
428         cmsdk_dualtimermod_reset(&s->timermod[i]);
429     }
430     s->timeritcr = 0;
431     s->timeritop = 0;
432 }
433 
cmsdk_apb_dualtimer_init(Object * obj)434 static void cmsdk_apb_dualtimer_init(Object *obj)
435 {
436     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
437     CMSDKAPBDualTimer *s = CMSDK_APB_DUALTIMER(obj);
438     int i;
439 
440     memory_region_init_io(&s->iomem, obj, &cmsdk_apb_dualtimer_ops,
441                           s, "cmsdk-apb-dualtimer", 0x1000);
442     sysbus_init_mmio(sbd, &s->iomem);
443     sysbus_init_irq(sbd, &s->timerintc);
444 
445     for (i = 0; i < ARRAY_SIZE(s->timermod); i++) {
446         sysbus_init_irq(sbd, &s->timermod[i].timerint);
447     }
448 }
449 
cmsdk_apb_dualtimer_realize(DeviceState * dev,Error ** errp)450 static void cmsdk_apb_dualtimer_realize(DeviceState *dev, Error **errp)
451 {
452     CMSDKAPBDualTimer *s = CMSDK_APB_DUALTIMER(dev);
453     int i;
454 
455     if (s->pclk_frq == 0) {
456         error_setg(errp, "CMSDK APB timer: pclk-frq property must be set");
457         return;
458     }
459 
460     for (i = 0; i < ARRAY_SIZE(s->timermod); i++) {
461         CMSDKAPBDualTimerModule *m = &s->timermod[i];
462 
463         m->parent = s;
464         m->timer = ptimer_init(cmsdk_dualtimermod_tick, m,
465                                PTIMER_POLICY_WRAP_AFTER_ONE_PERIOD |
466                                PTIMER_POLICY_TRIGGER_ONLY_ON_DECREMENT |
467                                PTIMER_POLICY_NO_IMMEDIATE_RELOAD |
468                                PTIMER_POLICY_NO_COUNTER_ROUND_DOWN);
469     }
470 }
471 
472 static const VMStateDescription cmsdk_dualtimermod_vmstate = {
473     .name = "cmsdk-apb-dualtimer-module",
474     .version_id = 1,
475     .minimum_version_id = 1,
476     .fields = (VMStateField[]) {
477         VMSTATE_PTIMER(timer, CMSDKAPBDualTimerModule),
478         VMSTATE_UINT32(load, CMSDKAPBDualTimerModule),
479         VMSTATE_UINT32(value, CMSDKAPBDualTimerModule),
480         VMSTATE_UINT32(control, CMSDKAPBDualTimerModule),
481         VMSTATE_UINT32(intstatus, CMSDKAPBDualTimerModule),
482         VMSTATE_END_OF_LIST()
483     }
484 };
485 
486 static const VMStateDescription cmsdk_apb_dualtimer_vmstate = {
487     .name = "cmsdk-apb-dualtimer",
488     .version_id = 1,
489     .minimum_version_id = 1,
490     .fields = (VMStateField[]) {
491         VMSTATE_STRUCT_ARRAY(timermod, CMSDKAPBDualTimer,
492                              CMSDK_APB_DUALTIMER_NUM_MODULES,
493                              1, cmsdk_dualtimermod_vmstate,
494                              CMSDKAPBDualTimerModule),
495         VMSTATE_UINT32(timeritcr, CMSDKAPBDualTimer),
496         VMSTATE_UINT32(timeritop, CMSDKAPBDualTimer),
497         VMSTATE_END_OF_LIST()
498     }
499 };
500 
501 static Property cmsdk_apb_dualtimer_properties[] = {
502     DEFINE_PROP_UINT32("pclk-frq", CMSDKAPBDualTimer, pclk_frq, 0),
503     DEFINE_PROP_END_OF_LIST(),
504 };
505 
cmsdk_apb_dualtimer_class_init(ObjectClass * klass,void * data)506 static void cmsdk_apb_dualtimer_class_init(ObjectClass *klass, void *data)
507 {
508     DeviceClass *dc = DEVICE_CLASS(klass);
509 
510     dc->realize = cmsdk_apb_dualtimer_realize;
511     dc->vmsd = &cmsdk_apb_dualtimer_vmstate;
512     dc->reset = cmsdk_apb_dualtimer_reset;
513     dc->props = cmsdk_apb_dualtimer_properties;
514 }
515 
516 static const TypeInfo cmsdk_apb_dualtimer_info = {
517     .name = TYPE_CMSDK_APB_DUALTIMER,
518     .parent = TYPE_SYS_BUS_DEVICE,
519     .instance_size = sizeof(CMSDKAPBDualTimer),
520     .instance_init = cmsdk_apb_dualtimer_init,
521     .class_init = cmsdk_apb_dualtimer_class_init,
522 };
523 
cmsdk_apb_dualtimer_register_types(void)524 static void cmsdk_apb_dualtimer_register_types(void)
525 {
526     type_register_static(&cmsdk_apb_dualtimer_info);
527 }
528 
529 type_init(cmsdk_apb_dualtimer_register_types);
530