Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140912' into staging

    return tb;

}

static CPUDebugExcpHandler *debug_excp_handler;

void cpu_set_debug_excp_handler(CPUDebugExcpHandler *handler)

{

    debug_excp_handler = handler;

}

static void cpu_handle_debug_exception(CPUArchState *env)

{

    CPUState *cpu = ENV_GET_CPU(env);

    CPUClass *cc = CPU_GET_CLASS(cpu);

    CPUWatchpoint *wp;

    if (!cpu->watchpoint_hit) {

            wp->flags &= ~BP_WATCHPOINT_HIT;

        }

    }

    if (debug_excp_handler) {

        debug_excp_handler(env);

    }

    cc->debug_excp_handler(cpu);

}

/* main execution loop */

                       We avoid this by disabling interrupts when

                       pc contains a magic address.  */

                    if (interrupt_request & CPU_INTERRUPT_HARD

                        && ((IS_M(env) && env->regs[15] < 0xfffffff0)

                            || !(env->daif & PSTATE_I))) {

                        && !(env->daif & PSTATE_I)

                        && (!IS_M(env) || env->regs[15] < 0xfffffff0)) {

                        cpu->exception_index = EXCP_IRQ;

                        cc->do_interrupt(cpu);

                        next_tb = 0;

{

}

int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,

                          int flags)

{

    return -ENOSYS;

}

void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)

{

}

int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,

                          int flags, CPUWatchpoint **watchpoint)

{

int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,

                          int flags, CPUWatchpoint **watchpoint)

{

    vaddr len_mask = ~(len - 1);

    CPUWatchpoint *wp;

    /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */

    if ((len & (len - 1)) || (addr & ~len_mask) ||

            len == 0 || len > TARGET_PAGE_SIZE) {

    /* forbid ranges which are empty or run off the end of the address space */

    if (len == 0 || (addr + len - 1) <= addr) {

        error_report("tried to set invalid watchpoint at %"

                     VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);

        return -EINVAL;

    wp = g_malloc(sizeof(*wp));

    wp->vaddr = addr;

    wp->len_mask = len_mask;

    wp->len = len;

    wp->flags = flags;

    /* keep all GDB-injected watchpoints in front */

int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,

                          int flags)

{

    vaddr len_mask = ~(len - 1);

    CPUWatchpoint *wp;

    QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {

        if (addr == wp->vaddr && len_mask == wp->len_mask

        if (addr == wp->vaddr && len == wp->len

                && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {

            cpu_watchpoint_remove_by_ref(cpu, wp);

            return 0;

        }

    }

}

/* Return true if this watchpoint address matches the specified

 * access (ie the address range covered by the watchpoint overlaps

 * partially or completely with the address range covered by the

 * access).

 */

static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,

                                                  vaddr addr,

                                                  vaddr len)

{

    /* We know the lengths are non-zero, but a little caution is

     * required to avoid errors in the case where the range ends

     * exactly at the top of the address space and so addr + len

     * wraps round to zero.

     */

    vaddr wpend = wp->vaddr + wp->len - 1;

    vaddr addrend = addr + len - 1;

    return !(addr > wpend || wp->vaddr > addrend);

}

#endif

/* Add a breakpoint.  */

    /* Make accesses to pages with watchpoints go via the

       watchpoint trap routines.  */

    QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {

        if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {

        if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {

            /* Avoid trapping reads of pages with a write breakpoint. */

            if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {

                iotlb = PHYS_SECTION_WATCH + paddr;

};

/* Generate a debug exception if a watchpoint has been hit.  */

static void check_watchpoint(int offset, int len_mask, int flags)

static void check_watchpoint(int offset, int len, int flags)

{

    CPUState *cpu = current_cpu;

    CPUArchState *env = cpu->env_ptr;

    }

    vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;

    QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {

        if ((vaddr == (wp->vaddr & len_mask) ||

             (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {

            wp->flags |= BP_WATCHPOINT_HIT;

        if (cpu_watchpoint_address_matches(wp, vaddr, len)

            && (wp->flags & flags)) {

            if (flags == BP_MEM_READ) {

                wp->flags |= BP_WATCHPOINT_HIT_READ;

            } else {

                wp->flags |= BP_WATCHPOINT_HIT_WRITE;

            }

            wp->hitaddr = vaddr;

            if (!cpu->watchpoint_hit) {

                cpu->watchpoint_hit = wp;

                tb_check_watchpoint(cpu);

static uint64_t watch_mem_read(void *opaque, hwaddr addr,

                               unsigned size)

{

    check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);

    check_watchpoint(addr & ~TARGET_PAGE_MASK, size, BP_MEM_READ);

    switch (size) {

    case 1: return ldub_phys(&address_space_memory, addr);

    case 2: return lduw_phys(&address_space_memory, addr);

static void watch_mem_write(void *opaque, hwaddr addr,

                            uint64_t val, unsigned size)

{

    check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);

    check_watchpoint(addr & ~TARGET_PAGE_MASK, size, BP_MEM_WRITE);

    switch (size) {

    case 1:

        stb_phys(&address_space_memory, addr, val);

    }

}

static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo)

/**

 * load_dtb() - load a device tree binary image into memory

 * @addr:       the address to load the image at

 * @binfo:      struct describing the boot environment

 * @addr_limit: upper limit of the available memory area at @addr

 *

 * Load a device tree supplied by the machine or by the user  with the

 * '-dtb' command line option, and put it at offset @addr in target

 * memory.

 *

 * If @addr_limit contains a meaningful value (i.e., it is strictly greater

 * than @addr), the device tree is only loaded if its size does not exceed

 * the limit.

 *

 * Returns: the size of the device tree image on success,

 *          0 if the image size exceeds the limit,

 *          -1 on errors.

 */

static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo,

                    hwaddr addr_limit)

{

    void *fdt = NULL;

    int size, rc;

        }

    }

    if (addr_limit > addr && size > (addr_limit - addr)) {

        /* Installing the device tree blob at addr would exceed addr_limit.

         * Whether this constitutes failure is up to the caller to decide,

         * so just return 0 as size, i.e., no error.

         */

        g_free(fdt);

        return 0;

    }

    acells = qemu_fdt_getprop_cell(fdt, "/", "#address-cells");

    scells = qemu_fdt_getprop_cell(fdt, "/", "#size-cells");

    if (acells == 0 || scells == 0) {

    qemu_fdt_dumpdtb(fdt, size);

    cpu_physical_memory_write(addr, fdt, size);

    /* Put the DTB into the memory map as a ROM image: this will ensure

     * the DTB is copied again upon reset, even if addr points into RAM.

     */

    rom_add_blob_fixed("dtb", fdt, size, addr);

    g_free(fdt);

    return 0;

    return size;

fail:

    g_free(fdt);

    int kernel_size;

    int initrd_size;

    int is_linux = 0;

    uint64_t elf_entry;

    uint64_t elf_entry, elf_low_addr, elf_high_addr;

    int elf_machine;

    hwaddr entry, kernel_load_offset;

    int big_endian;

    /* Load the kernel.  */

    if (!info->kernel_filename) {

        if (have_dtb(info)) {

            /* If we have a device tree blob, but no kernel to supply it to,

             * copy it to the base of RAM for a bootloader to pick up.

             */

            if (load_dtb(info->loader_start, info, 0) < 0) {

                exit(1);

            }

        }

        /* If no kernel specified, do nothing; we will start from address 0

         * (typically a boot ROM image) in the same way as hardware.

         */

    /* Assume that raw images are linux kernels, and ELF images are not.  */

    kernel_size = load_elf(info->kernel_filename, NULL, NULL, &elf_entry,

                           NULL, NULL, big_endian, elf_machine, 1);

                           &elf_low_addr, &elf_high_addr, big_endian,

                           elf_machine, 1);

    if (kernel_size > 0 && have_dtb(info)) {

        /* If there is still some room left at the base of RAM, try and put

         * the DTB there like we do for images loaded with -bios or -pflash.

         */

        if (elf_low_addr > info->loader_start

            || elf_high_addr < info->loader_start) {

            /* Pass elf_low_addr as address limit to load_dtb if it may be

             * pointing into RAM, otherwise pass '0' (no limit)

             */

            if (elf_low_addr < info->loader_start) {

                elf_low_addr = 0;

            }

            if (load_dtb(info->loader_start, info, elf_low_addr) < 0) {

                exit(1);

            }

        }

    }

    entry = elf_entry;

    if (kernel_size < 0) {

        kernel_size = load_uimage(info->kernel_filename, &entry, NULL,

             */

            hwaddr dtb_start = QEMU_ALIGN_UP(info->initrd_start + initrd_size,

                                             4096);

            if (load_dtb(dtb_start, info)) {

            if (load_dtb(dtb_start, info, 0) < 0) {

                exit(1);

            }

            fixupcontext[FIXUP_ARGPTR] = dtb_start;

#include "sysemu/sysemu.h"

#include "sysemu/kvm.h"

#include "hw/boards.h"

#include "hw/loader.h"

#include "exec/address-spaces.h"

#include "qemu/bitops.h"

#include "qemu/error-report.h"

                                     2, base, 2, size);

    qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts",

                               GIC_FDT_IRQ_TYPE_SPI, irq,

                               GIC_FDT_IRQ_FLAGS_EDGE_LO_HI);

                               GIC_FDT_IRQ_FLAGS_LEVEL_HI);

    qemu_fdt_setprop_cells(vbi->fdt, nodename, "clocks",

                               vbi->clock_phandle, vbi->clock_phandle);

    qemu_fdt_setprop(vbi->fdt, nodename, "clock-names",

                         clocknames, sizeof(clocknames));

    qemu_fdt_setprop_string(vbi->fdt, "/chosen", "linux,stdout-path", nodename);

    g_free(nodename);

}

                                 2, base, 2, size);

    qemu_fdt_setprop_cells(vbi->fdt, nodename, "interrupts",

                           GIC_FDT_IRQ_TYPE_SPI, irq,

                           GIC_FDT_IRQ_FLAGS_EDGE_LO_HI);

                           GIC_FDT_IRQ_FLAGS_LEVEL_HI);

    qemu_fdt_setprop_cell(vbi->fdt, nodename, "clocks", vbi->clock_phandle);

    qemu_fdt_setprop_string(vbi->fdt, nodename, "clock-names", "apb_pclk");

    g_free(nodename);

    }

}

static void create_one_flash(const char *name, hwaddr flashbase,

                             hwaddr flashsize)

{

    /* Create and map a single flash device. We use the same

     * parameters as the flash devices on the Versatile Express board.

     */

    DriveInfo *dinfo = drive_get_next(IF_PFLASH);

    DeviceState *dev = qdev_create(NULL, "cfi.pflash01");

    const uint64_t sectorlength = 256 * 1024;

    if (dinfo && qdev_prop_set_drive(dev, "drive", dinfo->bdrv)) {

        abort();

    }

    qdev_prop_set_uint32(dev, "num-blocks", flashsize / sectorlength);

    qdev_prop_set_uint64(dev, "sector-length", sectorlength);

    qdev_prop_set_uint8(dev, "width", 4);

    qdev_prop_set_uint8(dev, "device-width", 2);

    qdev_prop_set_uint8(dev, "big-endian", 0);

    qdev_prop_set_uint16(dev, "id0", 0x89);

    qdev_prop_set_uint16(dev, "id1", 0x18);

    qdev_prop_set_uint16(dev, "id2", 0x00);

    qdev_prop_set_uint16(dev, "id3", 0x00);

    qdev_prop_set_string(dev, "name", name);

    qdev_init_nofail(dev);

    sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, flashbase);

}

static void create_flash(const VirtBoardInfo *vbi)

{

    /* Create two flash devices to fill the VIRT_FLASH space in the memmap.

     * Any file passed via -bios goes in the first of these.

     */

    hwaddr flashsize = vbi->memmap[VIRT_FLASH].size / 2;

    hwaddr flashbase = vbi->memmap[VIRT_FLASH].base;

    char *nodename;

    if (bios_name) {

        const char *fn;

        if (drive_get(IF_PFLASH, 0, 0)) {

            error_report("The contents of the first flash device may be "

                         "specified with -bios or with -drive if=pflash... "

                         "but you cannot use both options at once");

            exit(1);

        }

        fn = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);

        if (!fn || load_image_targphys(fn, flashbase, flashsize) < 0) {

            error_report("Could not load ROM image '%s'", bios_name);

            exit(1);

        }

    }

    create_one_flash("virt.flash0", flashbase, flashsize);

    create_one_flash("virt.flash1", flashbase + flashsize, flashsize);

    nodename = g_strdup_printf("/flash@%" PRIx64, flashbase);

    qemu_fdt_add_subnode(vbi->fdt, nodename);

    qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible", "cfi-flash");

    qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",

                                 2, flashbase, 2, flashsize,

                                 2, flashbase + flashsize, 2, flashsize);

    qemu_fdt_setprop_cell(vbi->fdt, nodename, "bank-width", 4);

    g_free(nodename);

}

static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size)

{

    const VirtBoardInfo *board = (const VirtBoardInfo *)binfo;

    vmstate_register_ram_global(ram);

    memory_region_add_subregion(sysmem, vbi->memmap[VIRT_MEM].base, ram);

    create_flash(vbi);

    create_gic(vbi, pic);

    create_uart(vbi, pic);

    MemoryRegion iomem;

    uint32_t locked;

    uint32_t data;

    uint32_t old_data;

    uint32_t old_out_data;

    uint32_t old_in_data;

    uint32_t dir;

    uint32_t isense;

    uint32_t ibe;

static const VMStateDescription vmstate_pl061 = {

    .name = "pl061",

    .version_id = 2,

    .minimum_version_id = 1,

    .version_id = 3,

    .minimum_version_id = 3,

    .fields = (VMStateField[]) {

        VMSTATE_UINT32(locked, PL061State),

        VMSTATE_UINT32(data, PL061State),

        VMSTATE_UINT32(old_data, PL061State),

        VMSTATE_UINT32(old_out_data, PL061State),

        VMSTATE_UINT32(old_in_data, PL061State),

        VMSTATE_UINT32(dir, PL061State),

        VMSTATE_UINT32(isense, PL061State),

        VMSTATE_UINT32(ibe, PL061State),

    uint8_t out;

    int i;

    DPRINTF("dir = %d, data = %d\n", s->dir, s->data);

    /* Outputs float high.  */

    /* FIXME: This is board dependent.  */

    out = (s->data & s->dir) | ~s->dir;

    changed = s->old_data ^ out;

    if (!changed)

        return;

    s->old_data = out;

    changed = s->old_out_data ^ out;

    if (changed) {

        s->old_out_data = out;

        for (i = 0; i < 8; i++) {

            mask = 1 << i;

            if (changed & mask) {

                qemu_set_irq(s->out[i], (out & mask) != 0);

            }

        }

    }

    /* Inputs */

    changed = (s->old_in_data ^ s->data) & ~s->dir;

    if (changed) {

        s->old_in_data = s->data;

        for (i = 0; i < 8; i++) {

            mask = 1 << i;

            if (changed & mask) {

                DPRINTF("Changed input %d = %d\n", i, (s->data & mask) != 0);

                if (!(s->isense & mask)) {

                    /* Edge interrupt */

                    if (s->ibe & mask) {

                        /* Any edge triggers the interrupt */

                        s->istate |= mask;

                    } else {

                        /* Edge is selected by IEV */

                        s->istate |= ~(s->data ^ s->iev) & mask;

                    }

                }

            }

        }

    }

    /* Level interrupt */

    s->istate |= ~(s->data ^ s->iev) & s->isense;

    DPRINTF("istate = %02X\n", s->istate);

    /* FIXME: Implement input interrupts.  */

    qemu_set_irq(s->irq, (s->istate & s->im) != 0);

}

static uint64_t pl061_read(void *opaque, hwaddr offset,