xilinx_zynq.c - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
xilinx_zynq.c (13372B)
      1/*
      2 * Xilinx Zynq Baseboard System emulation.
      3 *
      4 * Copyright (c) 2010 Xilinx.
      5 * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.croshtwaite@petalogix.com)
      6 * Copyright (c) 2012 Petalogix Pty Ltd.
      7 * Written by Haibing Ma
      8 *
      9 * This program is free software; you can redistribute it and/or
     10 * modify it under the terms of the GNU General Public License
     11 * as published by the Free Software Foundation; either version
     12 * 2 of the License, or (at your option) any later version.
     13 *
     14 * You should have received a copy of the GNU General Public License along
     15 * with this program; if not, see <http://www.gnu.org/licenses/>.
     16 */
     17
     18#include "qemu/osdep.h"
     19#include "qemu/units.h"
     20#include "qapi/error.h"
     21#include "cpu.h"
     22#include "hw/sysbus.h"
     23#include "hw/arm/boot.h"
     24#include "net/net.h"
     25#include "sysemu/sysemu.h"
     26#include "hw/boards.h"
     27#include "hw/block/flash.h"
     28#include "hw/loader.h"
     29#include "hw/adc/zynq-xadc.h"
     30#include "hw/ssi/ssi.h"
     31#include "hw/usb/chipidea.h"
     32#include "qemu/error-report.h"
     33#include "hw/sd/sdhci.h"
     34#include "hw/char/cadence_uart.h"
     35#include "hw/net/cadence_gem.h"
     36#include "hw/cpu/a9mpcore.h"
     37#include "hw/qdev-clock.h"
     38#include "sysemu/reset.h"
     39#include "qom/object.h"
     40
     41#define TYPE_ZYNQ_MACHINE MACHINE_TYPE_NAME("xilinx-zynq-a9")
     42OBJECT_DECLARE_SIMPLE_TYPE(ZynqMachineState, ZYNQ_MACHINE)
     43
     44/* board base frequency: 33.333333 MHz */
     45#define PS_CLK_FREQUENCY (100 * 1000 * 1000 / 3)
     46
     47#define NUM_SPI_FLASHES 4
     48#define NUM_QSPI_FLASHES 2
     49#define NUM_QSPI_BUSSES 2
     50
     51#define FLASH_SIZE (64 * 1024 * 1024)
     52#define FLASH_SECTOR_SIZE (128 * 1024)
     53
     54#define IRQ_OFFSET 32 /* pic interrupts start from index 32 */
     55
     56#define MPCORE_PERIPHBASE 0xF8F00000
     57#define ZYNQ_BOARD_MIDR 0x413FC090
     58
     59static const int dma_irqs[8] = {
     60    46, 47, 48, 49, 72, 73, 74, 75
     61};
     62
     63#define BOARD_SETUP_ADDR        0x100
     64
     65#define SLCR_LOCK_OFFSET        0x004
     66#define SLCR_UNLOCK_OFFSET      0x008
     67#define SLCR_ARM_PLL_OFFSET     0x100
     68
     69#define SLCR_XILINX_UNLOCK_KEY  0xdf0d
     70#define SLCR_XILINX_LOCK_KEY    0x767b
     71
     72#define ZYNQ_SDHCI_CAPABILITIES 0x69ec0080  /* Datasheet: UG585 (v1.12.1) */
     73
     74#define ARMV7_IMM16(x) (extract32((x),  0, 12) | \
     75                        extract32((x), 12,  4) << 16)
     76
     77/* Write immediate val to address r0 + addr. r0 should contain base offset
     78 * of the SLCR block. Clobbers r1.
     79 */
     80
     81#define SLCR_WRITE(addr, val) \
     82    0xe3001000 + ARMV7_IMM16(extract32((val),  0, 16)), /* movw r1 ... */ \
     83    0xe3401000 + ARMV7_IMM16(extract32((val), 16, 16)), /* movt r1 ... */ \
     84    0xe5801000 + (addr)
     85
     86struct ZynqMachineState {
     87    MachineState parent;
     88    Clock *ps_clk;
     89};
     90
     91static void zynq_write_board_setup(ARMCPU *cpu,
     92                                   const struct arm_boot_info *info)
     93{
     94    int n;
     95    uint32_t board_setup_blob[] = {
     96        0xe3a004f8, /* mov r0, #0xf8000000 */
     97        SLCR_WRITE(SLCR_UNLOCK_OFFSET, SLCR_XILINX_UNLOCK_KEY),
     98        SLCR_WRITE(SLCR_ARM_PLL_OFFSET, 0x00014008),
     99        SLCR_WRITE(SLCR_LOCK_OFFSET, SLCR_XILINX_LOCK_KEY),
    100        0xe12fff1e, /* bx lr */
    101    };
    102    for (n = 0; n < ARRAY_SIZE(board_setup_blob); n++) {
    103        board_setup_blob[n] = tswap32(board_setup_blob[n]);
    104    }
    105    rom_add_blob_fixed("board-setup", board_setup_blob,
    106                       sizeof(board_setup_blob), BOARD_SETUP_ADDR);
    107}
    108
    109static struct arm_boot_info zynq_binfo = {};
    110
    111static void gem_init(NICInfo *nd, uint32_t base, qemu_irq irq)
    112{
    113    DeviceState *dev;
    114    SysBusDevice *s;
    115
    116    dev = qdev_new(TYPE_CADENCE_GEM);
    117    if (nd->used) {
    118        qemu_check_nic_model(nd, TYPE_CADENCE_GEM);
    119        qdev_set_nic_properties(dev, nd);
    120    }
    121    object_property_set_int(OBJECT(dev), "phy-addr", 7, &error_abort);
    122    s = SYS_BUS_DEVICE(dev);
    123    sysbus_realize_and_unref(s, &error_fatal);
    124    sysbus_mmio_map(s, 0, base);
    125    sysbus_connect_irq(s, 0, irq);
    126}
    127
    128static inline void zynq_init_spi_flashes(uint32_t base_addr, qemu_irq irq,
    129                                         bool is_qspi)
    130{
    131    DeviceState *dev;
    132    SysBusDevice *busdev;
    133    SSIBus *spi;
    134    DeviceState *flash_dev;
    135    int i, j;
    136    int num_busses =  is_qspi ? NUM_QSPI_BUSSES : 1;
    137    int num_ss = is_qspi ? NUM_QSPI_FLASHES : NUM_SPI_FLASHES;
    138
    139    dev = qdev_new(is_qspi ? "xlnx.ps7-qspi" : "xlnx.ps7-spi");
    140    qdev_prop_set_uint8(dev, "num-txrx-bytes", is_qspi ? 4 : 1);
    141    qdev_prop_set_uint8(dev, "num-ss-bits", num_ss);
    142    qdev_prop_set_uint8(dev, "num-busses", num_busses);
    143    busdev = SYS_BUS_DEVICE(dev);
    144    sysbus_realize_and_unref(busdev, &error_fatal);
    145    sysbus_mmio_map(busdev, 0, base_addr);
    146    if (is_qspi) {
    147        sysbus_mmio_map(busdev, 1, 0xFC000000);
    148    }
    149    sysbus_connect_irq(busdev, 0, irq);
    150
    151    for (i = 0; i < num_busses; ++i) {
    152        char bus_name[16];
    153        qemu_irq cs_line;
    154
    155        snprintf(bus_name, 16, "spi%d", i);
    156        spi = (SSIBus *)qdev_get_child_bus(dev, bus_name);
    157
    158        for (j = 0; j < num_ss; ++j) {
    159            DriveInfo *dinfo = drive_get_next(IF_MTD);
    160            flash_dev = qdev_new("n25q128");
    161            if (dinfo) {
    162                qdev_prop_set_drive_err(flash_dev, "drive",
    163                                        blk_by_legacy_dinfo(dinfo),
    164                                        &error_fatal);
    165            }
    166            qdev_realize_and_unref(flash_dev, BUS(spi), &error_fatal);
    167
    168            cs_line = qdev_get_gpio_in_named(flash_dev, SSI_GPIO_CS, 0);
    169            sysbus_connect_irq(busdev, i * num_ss + j + 1, cs_line);
    170        }
    171    }
    172
    173}
    174
    175static void zynq_init(MachineState *machine)
    176{
    177    ZynqMachineState *zynq_machine = ZYNQ_MACHINE(machine);
    178    ARMCPU *cpu;
    179    MemoryRegion *address_space_mem = get_system_memory();
    180    MemoryRegion *ocm_ram = g_new(MemoryRegion, 1);
    181    DeviceState *dev, *slcr;
    182    SysBusDevice *busdev;
    183    qemu_irq pic[64];
    184    int n;
    185
    186    /* max 2GB ram */
    187    if (machine->ram_size > 2 * GiB) {
    188        error_report("RAM size more than 2 GiB is not supported");
    189        exit(EXIT_FAILURE);
    190    }
    191
    192    cpu = ARM_CPU(object_new(machine->cpu_type));
    193
    194    /* By default A9 CPUs have EL3 enabled.  This board does not
    195     * currently support EL3 so the CPU EL3 property is disabled before
    196     * realization.
    197     */
    198    if (object_property_find(OBJECT(cpu), "has_el3")) {
    199        object_property_set_bool(OBJECT(cpu), "has_el3", false, &error_fatal);
    200    }
    201
    202    object_property_set_int(OBJECT(cpu), "midr", ZYNQ_BOARD_MIDR,
    203                            &error_fatal);
    204    object_property_set_int(OBJECT(cpu), "reset-cbar", MPCORE_PERIPHBASE,
    205                            &error_fatal);
    206    qdev_realize(DEVICE(cpu), NULL, &error_fatal);
    207
    208    /* DDR remapped to address zero.  */
    209    memory_region_add_subregion(address_space_mem, 0, machine->ram);
    210
    211    /* 256K of on-chip memory */
    212    memory_region_init_ram(ocm_ram, NULL, "zynq.ocm_ram", 256 * KiB,
    213                           &error_fatal);
    214    memory_region_add_subregion(address_space_mem, 0xFFFC0000, ocm_ram);
    215
    216    DriveInfo *dinfo = drive_get(IF_PFLASH, 0, 0);
    217
    218    /* AMD */
    219    pflash_cfi02_register(0xe2000000, "zynq.pflash", FLASH_SIZE,
    220                          dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
    221                          FLASH_SECTOR_SIZE, 1,
    222                          1, 0x0066, 0x0022, 0x0000, 0x0000, 0x0555, 0x2aa,
    223                          0);
    224
    225    /* Create the main clock source, and feed slcr with it */
    226    zynq_machine->ps_clk = CLOCK(object_new(TYPE_CLOCK));
    227    object_property_add_child(OBJECT(zynq_machine), "ps_clk",
    228                              OBJECT(zynq_machine->ps_clk));
    229    object_unref(OBJECT(zynq_machine->ps_clk));
    230    clock_set_hz(zynq_machine->ps_clk, PS_CLK_FREQUENCY);
    231
    232    /* Create slcr, keep a pointer to connect clocks */
    233    slcr = qdev_new("xilinx-zynq_slcr");
    234    qdev_connect_clock_in(slcr, "ps_clk", zynq_machine->ps_clk);
    235    sysbus_realize_and_unref(SYS_BUS_DEVICE(slcr), &error_fatal);
    236    sysbus_mmio_map(SYS_BUS_DEVICE(slcr), 0, 0xF8000000);
    237
    238    dev = qdev_new(TYPE_A9MPCORE_PRIV);
    239    qdev_prop_set_uint32(dev, "num-cpu", 1);
    240    busdev = SYS_BUS_DEVICE(dev);
    241    sysbus_realize_and_unref(busdev, &error_fatal);
    242    sysbus_mmio_map(busdev, 0, MPCORE_PERIPHBASE);
    243    sysbus_connect_irq(busdev, 0,
    244                       qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ));
    245
    246    for (n = 0; n < 64; n++) {
    247        pic[n] = qdev_get_gpio_in(dev, n);
    248    }
    249
    250    zynq_init_spi_flashes(0xE0006000, pic[58-IRQ_OFFSET], false);
    251    zynq_init_spi_flashes(0xE0007000, pic[81-IRQ_OFFSET], false);
    252    zynq_init_spi_flashes(0xE000D000, pic[51-IRQ_OFFSET], true);
    253
    254    sysbus_create_simple(TYPE_CHIPIDEA, 0xE0002000, pic[53 - IRQ_OFFSET]);
    255    sysbus_create_simple(TYPE_CHIPIDEA, 0xE0003000, pic[76 - IRQ_OFFSET]);
    256
    257    dev = qdev_new(TYPE_CADENCE_UART);
    258    busdev = SYS_BUS_DEVICE(dev);
    259    qdev_prop_set_chr(dev, "chardev", serial_hd(0));
    260    qdev_connect_clock_in(dev, "refclk",
    261                          qdev_get_clock_out(slcr, "uart0_ref_clk"));
    262    sysbus_realize_and_unref(busdev, &error_fatal);
    263    sysbus_mmio_map(busdev, 0, 0xE0000000);
    264    sysbus_connect_irq(busdev, 0, pic[59 - IRQ_OFFSET]);
    265    dev = qdev_new(TYPE_CADENCE_UART);
    266    busdev = SYS_BUS_DEVICE(dev);
    267    qdev_prop_set_chr(dev, "chardev", serial_hd(1));
    268    qdev_connect_clock_in(dev, "refclk",
    269                          qdev_get_clock_out(slcr, "uart1_ref_clk"));
    270    sysbus_realize_and_unref(busdev, &error_fatal);
    271    sysbus_mmio_map(busdev, 0, 0xE0001000);
    272    sysbus_connect_irq(busdev, 0, pic[82 - IRQ_OFFSET]);
    273
    274    sysbus_create_varargs("cadence_ttc", 0xF8001000,
    275            pic[42-IRQ_OFFSET], pic[43-IRQ_OFFSET], pic[44-IRQ_OFFSET], NULL);
    276    sysbus_create_varargs("cadence_ttc", 0xF8002000,
    277            pic[69-IRQ_OFFSET], pic[70-IRQ_OFFSET], pic[71-IRQ_OFFSET], NULL);
    278
    279    gem_init(&nd_table[0], 0xE000B000, pic[54-IRQ_OFFSET]);
    280    gem_init(&nd_table[1], 0xE000C000, pic[77-IRQ_OFFSET]);
    281
    282    for (n = 0; n < 2; n++) {
    283        int hci_irq = n ? 79 : 56;
    284        hwaddr hci_addr = n ? 0xE0101000 : 0xE0100000;
    285        DriveInfo *di;
    286        BlockBackend *blk;
    287        DeviceState *carddev;
    288
    289        /* Compatible with:
    290         * - SD Host Controller Specification Version 2.0 Part A2
    291         * - SDIO Specification Version 2.0
    292         * - MMC Specification Version 3.31
    293         */
    294        dev = qdev_new(TYPE_SYSBUS_SDHCI);
    295        qdev_prop_set_uint8(dev, "sd-spec-version", 2);
    296        qdev_prop_set_uint64(dev, "capareg", ZYNQ_SDHCI_CAPABILITIES);
    297        sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
    298        sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, hci_addr);
    299        sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[hci_irq - IRQ_OFFSET]);
    300
    301        di = drive_get_next(IF_SD);
    302        blk = di ? blk_by_legacy_dinfo(di) : NULL;
    303        carddev = qdev_new(TYPE_SD_CARD);
    304        qdev_prop_set_drive_err(carddev, "drive", blk, &error_fatal);
    305        qdev_realize_and_unref(carddev, qdev_get_child_bus(dev, "sd-bus"),
    306                               &error_fatal);
    307    }
    308
    309    dev = qdev_new(TYPE_ZYNQ_XADC);
    310    sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
    311    sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xF8007100);
    312    sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[39-IRQ_OFFSET]);
    313
    314    dev = qdev_new("pl330");
    315    object_property_set_link(OBJECT(dev), "memory",
    316                             OBJECT(address_space_mem),
    317                             &error_fatal);
    318    qdev_prop_set_uint8(dev, "num_chnls",  8);
    319    qdev_prop_set_uint8(dev, "num_periph_req",  4);
    320    qdev_prop_set_uint8(dev, "num_events",  16);
    321
    322    qdev_prop_set_uint8(dev, "data_width",  64);
    323    qdev_prop_set_uint8(dev, "wr_cap",  8);
    324    qdev_prop_set_uint8(dev, "wr_q_dep",  16);
    325    qdev_prop_set_uint8(dev, "rd_cap",  8);
    326    qdev_prop_set_uint8(dev, "rd_q_dep",  16);
    327    qdev_prop_set_uint16(dev, "data_buffer_dep",  256);
    328
    329    busdev = SYS_BUS_DEVICE(dev);
    330    sysbus_realize_and_unref(busdev, &error_fatal);
    331    sysbus_mmio_map(busdev, 0, 0xF8003000);
    332    sysbus_connect_irq(busdev, 0, pic[45-IRQ_OFFSET]); /* abort irq line */
    333    for (n = 0; n < ARRAY_SIZE(dma_irqs); ++n) { /* event irqs */
    334        sysbus_connect_irq(busdev, n + 1, pic[dma_irqs[n] - IRQ_OFFSET]);
    335    }
    336
    337    dev = qdev_new("xlnx.ps7-dev-cfg");
    338    busdev = SYS_BUS_DEVICE(dev);
    339    sysbus_realize_and_unref(busdev, &error_fatal);
    340    sysbus_connect_irq(busdev, 0, pic[40 - IRQ_OFFSET]);
    341    sysbus_mmio_map(busdev, 0, 0xF8007000);
    342
    343    zynq_binfo.ram_size = machine->ram_size;
    344    zynq_binfo.nb_cpus = 1;
    345    zynq_binfo.board_id = 0xd32;
    346    zynq_binfo.loader_start = 0;
    347    zynq_binfo.board_setup_addr = BOARD_SETUP_ADDR;
    348    zynq_binfo.write_board_setup = zynq_write_board_setup;
    349
    350    arm_load_kernel(ARM_CPU(first_cpu), machine, &zynq_binfo);
    351}
    352
    353static void zynq_machine_class_init(ObjectClass *oc, void *data)
    354{
    355    MachineClass *mc = MACHINE_CLASS(oc);
    356    mc->desc = "Xilinx Zynq Platform Baseboard for Cortex-A9";
    357    mc->init = zynq_init;
    358    mc->max_cpus = 1;
    359    mc->no_sdcard = 1;
    360    mc->ignore_memory_transaction_failures = true;
    361    mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a9");
    362    mc->default_ram_id = "zynq.ext_ram";
    363}
    364
    365static const TypeInfo zynq_machine_type = {
    366    .name = TYPE_ZYNQ_MACHINE,
    367    .parent = TYPE_MACHINE,
    368    .class_init = zynq_machine_class_init,
    369    .instance_size = sizeof(ZynqMachineState),
    370};
    371
    372static void zynq_machine_register_types(void)
    373{
    374    type_register_static(&zynq_machine_type);
    375}
    376
    377type_init(zynq_machine_register_types)