@@ -82,6 +82,11 @@ static void fsl_imx7_init(Object *obj)
*/
object_initialize_child(obj, "gpcv2", &s->gpcv2, TYPE_IMX_GPCV2);
+ /*
+ * SRC
+ */
+ object_initialize_child(obj, "src", &s->src, TYPE_IMX7_SRC);
+
/*
* ECSPIs
*/
@@ -490,7 +495,8 @@ static void fsl_imx7_realize(DeviceState *dev, Error **errp)
/*
* SRC
*/
- create_unimplemented_device("src", FSL_IMX7_SRC_ADDR, FSL_IMX7_SRC_SIZE);
+ sysbus_realize(SYS_BUS_DEVICE(&s->src), &error_abort);
+ sysbus_mmio_map(SYS_BUS_DEVICE(&s->src), 0, FSL_IMX7_SRC_ADDR);
/*
* Watchdogs
new file mode 100644
@@ -0,0 +1,276 @@
+/*
+ * IMX7 System Reset Controller
+ *
+ * Copyright (c) 2023 Jean-Christophe Dubois <jcd@tribudubois.net>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/misc/imx7_src.h"
+#include "migration/vmstate.h"
+#include "qemu/bitops.h"
+#include "qemu/log.h"
+#include "qemu/main-loop.h"
+#include "qemu/module.h"
+#include "target/arm/arm-powerctl.h"
+#include "hw/core/cpu.h"
+#include "hw/registerfields.h"
+
+#include "trace.h"
+
+static const char *imx7_src_reg_name(uint32_t reg)
+{
+ static char unknown[20];
+
+ switch (reg) {
+ case SRC_SCR:
+ return "SRC_SCR";
+ case SRC_A7RCR0:
+ return "SRC_A7RCR0";
+ case SRC_A7RCR1:
+ return "SRC_A7RCR1";
+ case SRC_M4RCR:
+ return "SRC_M4RCR";
+ case SRC_ERCR:
+ return "SRC_ERCR";
+ case SRC_HSICPHY_RCR:
+ return "SRC_HSICPHY_RCR";
+ case SRC_USBOPHY1_RCR:
+ return "SRC_USBOPHY1_RCR";
+ case SRC_USBOPHY2_RCR:
+ return "SRC_USBOPHY2_RCR";
+ case SRC_PCIEPHY_RCR:
+ return "SRC_PCIEPHY_RCR";
+ case SRC_SBMR1:
+ return "SRC_SBMR1";
+ case SRC_SRSR:
+ return "SRC_SRSR";
+ case SRC_SISR:
+ return "SRC_SISR";
+ case SRC_SIMR:
+ return "SRC_SIMR";
+ case SRC_SBMR2:
+ return "SRC_SBMR2";
+ case SRC_GPR1:
+ return "SRC_GPR1";
+ case SRC_GPR2:
+ return "SRC_GPR2";
+ case SRC_GPR3:
+ return "SRC_GPR3";
+ case SRC_GPR4:
+ return "SRC_GPR4";
+ case SRC_GPR5:
+ return "SRC_GPR5";
+ case SRC_GPR6:
+ return "SRC_GPR6";
+ case SRC_GPR7:
+ return "SRC_GPR7";
+ case SRC_GPR8:
+ return "SRC_GPR8";
+ case SRC_GPR9:
+ return "SRC_GPR9";
+ case SRC_GPR10:
+ return "SRC_GPR10";
+ default:
+ sprintf(unknown, "%u ?", reg);
+ return unknown;
+ }
+}
+
+static const VMStateDescription vmstate_imx7_src = {
+ .name = TYPE_IMX7_SRC,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32_ARRAY(regs, IMX7SRCState, SRC_MAX),
+ VMSTATE_END_OF_LIST()
+ },
+};
+
+static void imx7_src_reset(DeviceState *dev)
+{
+ IMX7SRCState *s = IMX7_SRC(dev);
+
+ memset(s->regs, 0, sizeof(s->regs));
+
+ /* Set reset values */
+ s->regs[SRC_SCR] = 0xA0;
+ s->regs[SRC_SRSR] = 0x1;
+ s->regs[SRC_SIMR] = 0x1F;
+}
+
+static uint64_t imx7_src_read(void *opaque, hwaddr offset, unsigned size)
+{
+ uint32_t value = 0;
+ IMX7SRCState *s = (IMX7SRCState *)opaque;
+ uint32_t index = offset >> 2;
+
+ if (index < SRC_MAX) {
+ value = s->regs[index];
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR, "[%s]%s: Bad register at offset 0x%"
+ HWADDR_PRIx "\n", TYPE_IMX7_SRC, __func__, offset);
+ }
+
+ trace_imx7_src_read(imx7_src_reg_name(index), value);
+
+ return value;
+}
+
+
+/*
+ * The reset is asynchronous so we need to defer clearing the reset
+ * bit until the work is completed.
+ */
+
+struct SRCSCRResetInfo {
+ IMX7SRCState *s;
+ uint32_t reset_bit;
+};
+
+static void imx7_clear_reset_bit(CPUState *cpu, run_on_cpu_data data)
+{
+ struct SRCSCRResetInfo *ri = data.host_ptr;
+ IMX7SRCState *s = ri->s;
+
+ assert(qemu_mutex_iothread_locked());
+
+ s->regs[SRC_A7RCR0] = deposit32(s->regs[SRC_A7RCR0], ri->reset_bit, 1, 0);
+
+ trace_imx7_src_write(imx7_src_reg_name(SRC_A7RCR0), s->regs[SRC_A7RCR0]);
+
+ g_free(ri);
+}
+
+static void imx7_defer_clear_reset_bit(uint32_t cpuid,
+ IMX7SRCState *s,
+ uint32_t reset_shift)
+{
+ struct SRCSCRResetInfo *ri;
+ CPUState *cpu = arm_get_cpu_by_id(cpuid);
+
+ if (!cpu) {
+ return;
+ }
+
+ ri = g_new(struct SRCSCRResetInfo, 1);
+ ri->s = s;
+ ri->reset_bit = reset_shift;
+
+ async_run_on_cpu(cpu, imx7_clear_reset_bit, RUN_ON_CPU_HOST_PTR(ri));
+}
+
+
+static void imx7_src_write(void *opaque, hwaddr offset, uint64_t value,
+ unsigned size)
+{
+ IMX7SRCState *s = (IMX7SRCState *)opaque;
+ uint32_t index = offset >> 2;
+ long unsigned int change_mask;
+ uint32_t current_value = value;
+
+ if (index >= SRC_MAX) {
+ qemu_log_mask(LOG_GUEST_ERROR, "[%s]%s: Bad register at offset 0x%"
+ HWADDR_PRIx "\n", TYPE_IMX7_SRC, __func__, offset);
+ return;
+ }
+
+ trace_imx7_src_write(imx7_src_reg_name(SRC_A7RCR0), s->regs[SRC_A7RCR0]);
+
+ change_mask = s->regs[index] ^ (uint32_t)current_value;
+
+ switch (index) {
+ case SRC_A7RCR0:
+ if (FIELD_EX32(change_mask, CORE0, RST)) {
+ arm_reset_cpu(0);
+ imx7_defer_clear_reset_bit(0, s, R_CORE0_RST_SHIFT);
+ }
+ if (FIELD_EX32(change_mask, CORE1, RST)) {
+ arm_reset_cpu(1);
+ imx7_defer_clear_reset_bit(1, s, R_CORE1_RST_SHIFT);
+ }
+ s->regs[index] = current_value;
+ break;
+ case SRC_A7RCR1:
+ /*
+ * On real hardware when the system reset controller starts a
+ * secondary CPU it runs through some boot ROM code which reads
+ * the SRC_GPRX registers controlling the start address and branches
+ * to it.
+ * Here we are taking a short cut and branching directly to the
+ * requested address (we don't want to run the boot ROM code inside
+ * QEMU)
+ */
+ if (FIELD_EX32(change_mask, CORE1, ENABLE)) {
+ if (FIELD_EX32(current_value, CORE1, ENABLE)) {
+ /* CORE 1 is brought up */
+ arm_set_cpu_on(1, s->regs[SRC_GPR3], s->regs[SRC_GPR4],
+ 3, false);
+ } else {
+ /* CORE 1 is shut down */
+ arm_set_cpu_off(1);
+ }
+ /* We clear the reset bits as the processor changed state */
+ imx7_defer_clear_reset_bit(1, s, R_CORE1_RST_SHIFT);
+ clear_bit(R_CORE1_RST_SHIFT, &change_mask);
+ }
+ s->regs[index] = current_value;
+ break;
+ default:
+ s->regs[index] = current_value;
+ break;
+ }
+}
+
+static const struct MemoryRegionOps imx7_src_ops = {
+ .read = imx7_src_read,
+ .write = imx7_src_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ /*
+ * Our device would not work correctly if the guest was doing
+ * unaligned access. This might not be a limitation on the real
+ * device but in practice there is no reason for a guest to access
+ * this device unaligned.
+ */
+ .min_access_size = 4,
+ .max_access_size = 4,
+ .unaligned = false,
+ },
+};
+
+static void imx7_src_realize(DeviceState *dev, Error **errp)
+{
+ IMX7SRCState *s = IMX7_SRC(dev);
+
+ memory_region_init_io(&s->iomem, OBJECT(dev), &imx7_src_ops, s,
+ TYPE_IMX7_SRC, 0x1000);
+ sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem);
+}
+
+static void imx7_src_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = imx7_src_realize;
+ dc->reset = imx7_src_reset;
+ dc->vmsd = &vmstate_imx7_src;
+ dc->desc = "i.MX6 System Reset Controller";
+}
+
+static const TypeInfo imx7_src_info = {
+ .name = TYPE_IMX7_SRC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(IMX7SRCState),
+ .class_init = imx7_src_class_init,
+};
+
+static void imx7_src_register_types(void)
+{
+ type_register_static(&imx7_src_info);
+}
+
+type_init(imx7_src_register_types)
@@ -60,6 +60,7 @@ system_ss.add(when: 'CONFIG_IMX', if_true: files(
'imx6_src.c',
'imx6ul_ccm.c',
'imx7_ccm.c',
+ 'imx7_src.c',
'imx7_gpr.c',
'imx7_snvs.c',
'imx_ccm.c',
@@ -199,6 +199,10 @@ ccm_clock_freq(uint32_t clock, uint32_t freq) "(Clock = %d) = %d"
ccm_read_reg(const char *reg_name, uint32_t value) "reg[%s] <= 0x%" PRIx32
ccm_write_reg(const char *reg_name, uint32_t value) "reg[%s] => 0x%" PRIx32
+# imx7_src.c
+imx7_src_read(const char *reg_name, uint32_t value) "reg[%s] => 0x%" PRIx32
+imx7_src_write(const char *reg_name, uint32_t value) "reg[%s] <= 0x%" PRIx32
+
# iotkit-sysinfo.c
iotkit_sysinfo_read(uint64_t offset, uint64_t data, unsigned size) "IoTKit SysInfo read: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"
iotkit_sysinfo_write(uint64_t offset, uint64_t data, unsigned size) "IoTKit SysInfo write: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"
@@ -25,6 +25,7 @@
#include "hw/misc/imx7_ccm.h"
#include "hw/misc/imx7_snvs.h"
#include "hw/misc/imx7_gpr.h"
+#include "hw/misc/imx7_src.h"
#include "hw/watchdog/wdt_imx2.h"
#include "hw/gpio/imx_gpio.h"
#include "hw/char/imx_serial.h"
@@ -73,6 +74,7 @@ struct FslIMX7State {
IMX7CCMState ccm;
IMX7AnalogState analog;
IMX7SNVSState snvs;
+ IMX7SRCState src;
IMXGPCv2State gpcv2;
IMXSPIState spi[FSL_IMX7_NUM_ECSPIS];
IMXI2CState i2c[FSL_IMX7_NUM_I2CS];
new file mode 100644
@@ -0,0 +1,66 @@
+/*
+ * IMX7 System Reset Controller
+ *
+ * Copyright (C) 2023 Jean-Christophe Dubois <jcd@tribudubois.net>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef IMX7_SRC_H
+#define IMX7_SRC_H
+
+#include "hw/sysbus.h"
+#include "qemu/bitops.h"
+#include "qom/object.h"
+
+#define SRC_SCR 0
+#define SRC_A7RCR0 1
+#define SRC_A7RCR1 2
+#define SRC_M4RCR 3
+#define SRC_ERCR 5
+#define SRC_HSICPHY_RCR 7
+#define SRC_USBOPHY1_RCR 8
+#define SRC_USBOPHY2_RCR 9
+#define SRC_MPIPHY_RCR 10
+#define SRC_PCIEPHY_RCR 11
+#define SRC_SBMR1 22
+#define SRC_SRSR 23
+#define SRC_SISR 26
+#define SRC_SIMR 27
+#define SRC_SBMR2 28
+#define SRC_GPR1 29
+#define SRC_GPR2 30
+#define SRC_GPR3 31
+#define SRC_GPR4 32
+#define SRC_GPR5 33
+#define SRC_GPR6 34
+#define SRC_GPR7 35
+#define SRC_GPR8 36
+#define SRC_GPR9 37
+#define SRC_GPR10 38
+#define SRC_MAX 39
+
+/* SRC_A7SCR1 */
+#define R_CORE1_ENABLE_SHIFT 1
+#define R_CORE1_ENABLE_LENGTH 1
+/* SRC_A7SCR0 */
+#define R_CORE1_RST_SHIFT 5
+#define R_CORE1_RST_LENGTH 1
+#define R_CORE0_RST_SHIFT 4
+#define R_CORE0_RST_LENGTH 1
+
+#define TYPE_IMX7_SRC "imx7.src"
+OBJECT_DECLARE_SIMPLE_TYPE(IMX7SRCState, IMX7_SRC)
+
+struct IMX7SRCState {
+ /* <private> */
+ SysBusDevice parent_obj;
+
+ /* <public> */
+ MemoryRegion iomem;
+
+ uint32_t regs[SRC_MAX];
+};
+
+#endif /* IMX7_SRC_H */
The SRC device is normaly used to start the secondary CPU. When running Linux directly, Qemu is emulating a PSCI interface that UBOOT is installing at boot time and therefore the fact that the SRC device is unimplemented is hidden as Qemu respond directly to PSCI requets without using the SRC device. But if you try to run a more bare metal application (maybe uboot itself), then it is not possible to start the secondary CPU as the SRC is an unimplemented device. This patch adds the ability to start the secondary CPU through the SRC device so that you can use this feature in bare metal application. Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> --- hw/arm/fsl-imx7.c | 8 +- hw/misc/imx7_src.c | 276 +++++++++++++++++++++++++++++++++++++ hw/misc/meson.build | 1 + hw/misc/trace-events | 4 + include/hw/arm/fsl-imx7.h | 2 + include/hw/misc/imx7_src.h | 66 +++++++++ 6 files changed, 356 insertions(+), 1 deletion(-) create mode 100644 hw/misc/imx7_src.c create mode 100644 include/hw/misc/imx7_src.h