| Message ID | 166990932074.29941.8709118178538288040-8@git.sr.ht (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | hw/timer/imx_epit: improve and fix EPIT compare timer | expand |
On Thu, 1 Dec 2022 at 15:42, ~axelheider <axelheider@git.sr.ht> wrote: > > From: Axel Heider <axel.heider@hensoldt.net> > > - fix #1263 for CR writes > - rework compare time handling > - The compare timer has to run even if CR.OCIEN is not set, > as SR.OCIF must be updated. > - The compare timer fires exactly once when the > compare value is less than the current value, but the > reload values is less than the compare value. > - The compare timer will never fire if the reload value is > less than the compare value. Disable it in this case. > > Signed-off-by: Axel Heider <axel.heider@hensoldt.net> There's a couple of minor code-style issues here (block comment format, variable declarations in the middle of a block); rather than asking you to re-roll the series I'll just squash in the fixes for those: diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c index 663907f9cf9..f63d3a20830 100644 --- a/hw/timer/imx_epit.c +++ b/hw/timer/imx_epit.c @@ -161,7 +161,8 @@ static void imx_epit_update_compare_timer(IMXEPITState *s) { uint64_t counter = 0; bool is_oneshot = false; - /* The compare timer only has to run if the timer peripheral is active + /* + * The compare timer only has to run if the timer peripheral is active * and there is an input clock, Otherwise it can be switched off. */ bool is_active = (s->cr & CR_EN) && imx_epit_get_freq(s); @@ -233,19 +234,22 @@ static void imx_epit_write_cr(IMXEPITState *s, uint32_t value) */ imx_epit_reset(s, false); } else { - ptimer_transaction_begin(s->timer_cmp); - ptimer_transaction_begin(s->timer_reload); - uint32_t freq = imx_epit_get_freq(s); - if (freq) { - ptimer_set_freq(s->timer_reload, freq); - ptimer_set_freq(s->timer_cmp, freq); - } + uint32_t freq; uint32_t toggled_cr_bits = oldcr ^ s->cr; /* re-initialize the limits if CR.RLD has changed */ bool set_limit = toggled_cr_bits & CR_RLD; /* set the counter if the timer got just enabled and CR.ENMOD is set */ bool is_switched_on = (toggled_cr_bits & s->cr) & CR_EN; bool set_counter = is_switched_on && (s->cr & CR_ENMOD); + + ptimer_transaction_begin(s->timer_cmp); + ptimer_transaction_begin(s->timer_reload); + freq = imx_epit_get_freq(s); + if (freq) { + ptimer_set_freq(s->timer_reload, freq); + ptimer_set_freq(s->timer_cmp, freq); + } + if (set_limit || set_counter) { uint64_t limit = (s->cr & CR_RLD) ? s->lr : EPIT_TIMER_MAX; ptimer_set_limit(s->timer_reload, limit, set_counter ? 1 : 0); Otherwise Reviewed-by: Peter Maydell <peter.maydell@linaro.org> thanks -- PMM
Peter, > There's a couple of minor code-style issues here (block comment > format, variable declarations in the middle of a block); rather > than asking you to re-roll the series I'll just squash in the > fixes for those: > [...] Thanks, that makes things easier. Seems these still unfortunately slipped in my last patch iteration. Your changes look good to me. Axel
On Thu, 1 Dec 2022 at 15:42, ~axelheider <axelheider@git.sr.ht> wrote: > > From: Axel Heider <axel.heider@hensoldt.net> > > - fix #1263 for CR writes > - rework compare time handling > - The compare timer has to run even if CR.OCIEN is not set, > as SR.OCIF must be updated. > - The compare timer fires exactly once when the > compare value is less than the current value, but the > reload values is less than the compare value. > - The compare timer will never fire if the reload value is > less than the compare value. Disable it in this case. > > Signed-off-by: Axel Heider <axel.heider@hensoldt.net> Hi; Coverity has just noticed an issue with this patch: > -/* Must be called from ptimer_transaction_begin/commit block for s->timer_cmp */ > -static void imx_epit_reload_compare_timer(IMXEPITState *s) > +/* > + * Must be called from a ptimer_transaction_begin/commit block for > + * s->timer_cmp, but outside of a transaction block of s->timer_reload, > + * so the proper counter value is read. > + */ > +static void imx_epit_update_compare_timer(IMXEPITState *s) > { > - if ((s->cr & (CR_EN | CR_OCIEN)) == (CR_EN | CR_OCIEN)) { > - /* if the compare feature is on and timers are running */ > - uint32_t tmp = ptimer_get_count(s->timer_reload); > - uint64_t next; > - if (tmp > s->cmp) { > - /* It'll fire in this round of the timer */ > - next = tmp - s->cmp; > - } else { /* catch it next time around */ > - next = tmp - s->cmp + ((s->cr & CR_RLD) ? EPIT_TIMER_MAX : s->lr); > + uint64_t counter = 0; > + bool is_oneshot = false; Here we declare the is_oneshot variable... > + /* The compare timer only has to run if the timer peripheral is active > + * and there is an input clock, Otherwise it can be switched off. > + */ > + bool is_active = (s->cr & CR_EN) && imx_epit_get_freq(s); > + if (is_active) { > + /* > + * Calculate next timeout for compare timer. Reading the reload > + * counter returns proper results only if pending transactions > + * on it are committed here. Otherwise stale values are be read. > + */ > + counter = ptimer_get_count(s->timer_reload); > + uint64_t limit = ptimer_get_limit(s->timer_cmp); > + /* > + * The compare timer is a periodic timer if the limit is at least > + * the compare value. Otherwise it may fire at most once in the > + * current round. > + */ > + bool is_oneshot = (limit >= s->cmp); ...but here we declare another is_oneshot, which shadows the first declaration... > + if (counter >= s->cmp) { > + /* The compare timer fires in the current round. */ > + counter -= s->cmp; > + } else if (!is_oneshot) { > + /* > + * The compare timer fires after a reload, as it below the > + * compare value already in this round. Note that the counter > + * value calculated below can be above the 32-bit limit, which > + * is legal here because the compare timer is an internal > + * helper ptimer only. > + */ > + counter += limit - s->cmp; > + } else { > + /* > + * The compare timer won't fire in this round, and the limit is > + * set to a value below the compare value. This practically means > + * it will never fire, so it can be switched off. > + */ > + is_active = false; > } > - ptimer_set_count(s->timer_cmp, next); > } > + > + /* > + * Set the compare timer and let it run, or stop it. This is agnostic > + * of CR.OCIEN bit, as this bit affects interrupt generation only. The > + * compare timer needs to run even if no interrupts are to be generated, > + * because the SR.OCIF bit must be updated also. > + * Note that the timer might already be stopped or be running with > + * counter values. However, finding out when an update is needed and > + * when not is not trivial. It's much easier applying the setting again, > + * as this does not harm either and the overhead is negligible. > + */ > + if (is_active) { > + ptimer_set_count(s->timer_cmp, counter); > + ptimer_run(s->timer_cmp, is_oneshot ? 1 : 0); ...so here when the inner variable is no longer in scope, the value of the outer is_oneshot variable must always be 'false', because there's never any assignment to it. > + } else { > + ptimer_stop(s->timer_cmp); > + } > + > } What was the intention here? My guess is that there should only have been one 'is_oneshot', not two. There's also been this bug report: https://gitlab.com/qemu-project/qemu/-/issues/1491 which suggests that the condition for setting is_oneshot should be "(limit <= s->cmp)" rather than ">=". What do you think ? thanks -- PMM
Peter, > Hi; Coverity has just noticed an issue with this patch: > [...] > Here we declare the is_oneshot variable... > [...] > ...but here we declare another is_oneshot, which shadows the first > declaration... > ...so here when the inner variable is no longer in scope, the > value of the outer is_oneshot variable must always be 'false', > because there's never any assignment to it. > What was the intention here? My guess is that there should only > have been one 'is_oneshot', not two. The shadowing is not intended, as this does not make any sense. There is only one instance of this variable, it is FALSE by default and can become TRUE. > [...] > There's also been this bug report: > https://gitlab.com/qemu-project/qemu/-/issues/1491 > which suggests that the condition for setting is_oneshot > should be "(limit <= s->cmp)" rather than ">=". > What do you think ? The Bug report is right, that the check should be "(limit <= s->cmp)", as it's about the on-shot characteristic and not the periodic characteristic (which earler version of the patch had). I will provide a patch to fix this. Axel
diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c index cf13496165..663907f9cf 100644 --- a/hw/timer/imx_epit.c +++ b/hw/timer/imx_epit.c @@ -6,6 +6,7 @@ * Originally written by Hans Jiang * Updated by Peter Chubb * Updated by Jean-Christophe Dubois <jcd@tribudubois.net> + * Updated by Axel Heider * * This code is licensed under GPL version 2 or later. See * the COPYING file in the top-level directory. @@ -151,95 +152,130 @@ static uint64_t imx_epit_read(void *opaque, hwaddr offset, unsigned size) return reg_value; } -/* Must be called from ptimer_transaction_begin/commit block for s->timer_cmp */ -static void imx_epit_reload_compare_timer(IMXEPITState *s) +/* + * Must be called from a ptimer_transaction_begin/commit block for + * s->timer_cmp, but outside of a transaction block of s->timer_reload, + * so the proper counter value is read. + */ +static void imx_epit_update_compare_timer(IMXEPITState *s) { - if ((s->cr & (CR_EN | CR_OCIEN)) == (CR_EN | CR_OCIEN)) { - /* if the compare feature is on and timers are running */ - uint32_t tmp = ptimer_get_count(s->timer_reload); - uint64_t next; - if (tmp > s->cmp) { - /* It'll fire in this round of the timer */ - next = tmp - s->cmp; - } else { /* catch it next time around */ - next = tmp - s->cmp + ((s->cr & CR_RLD) ? EPIT_TIMER_MAX : s->lr); + uint64_t counter = 0; + bool is_oneshot = false; + /* The compare timer only has to run if the timer peripheral is active + * and there is an input clock, Otherwise it can be switched off. + */ + bool is_active = (s->cr & CR_EN) && imx_epit_get_freq(s); + if (is_active) { + /* + * Calculate next timeout for compare timer. Reading the reload + * counter returns proper results only if pending transactions + * on it are committed here. Otherwise stale values are be read. + */ + counter = ptimer_get_count(s->timer_reload); + uint64_t limit = ptimer_get_limit(s->timer_cmp); + /* + * The compare timer is a periodic timer if the limit is at least + * the compare value. Otherwise it may fire at most once in the + * current round. + */ + bool is_oneshot = (limit >= s->cmp); + if (counter >= s->cmp) { + /* The compare timer fires in the current round. */ + counter -= s->cmp; + } else if (!is_oneshot) { + /* + * The compare timer fires after a reload, as it below the + * compare value already in this round. Note that the counter + * value calculated below can be above the 32-bit limit, which + * is legal here because the compare timer is an internal + * helper ptimer only. + */ + counter += limit - s->cmp; + } else { + /* + * The compare timer won't fire in this round, and the limit is + * set to a value below the compare value. This practically means + * it will never fire, so it can be switched off. + */ + is_active = false; } - ptimer_set_count(s->timer_cmp, next); } + + /* + * Set the compare timer and let it run, or stop it. This is agnostic + * of CR.OCIEN bit, as this bit affects interrupt generation only. The + * compare timer needs to run even if no interrupts are to be generated, + * because the SR.OCIF bit must be updated also. + * Note that the timer might already be stopped or be running with + * counter values. However, finding out when an update is needed and + * when not is not trivial. It's much easier applying the setting again, + * as this does not harm either and the overhead is negligible. + */ + if (is_active) { + ptimer_set_count(s->timer_cmp, counter); + ptimer_run(s->timer_cmp, is_oneshot ? 1 : 0); + } else { + ptimer_stop(s->timer_cmp); + } + } static void imx_epit_write_cr(IMXEPITState *s, uint32_t value) { - uint32_t freq = 0; uint32_t oldcr = s->cr; s->cr = value & 0x03ffffff; if (s->cr & CR_SWR) { - /* handle the reset */ + /* + * Reset clears CR.SWR again. It does not touch CR.EN, but the timers + * are still stopped because the input clock is disabled. + */ imx_epit_reset(s, false); - } - - /* - * The interrupt state can change due to: - * - reset clears both SR.OCIF and CR.OCIE - * - write to CR.EN or CR.OCIE - */ - imx_epit_update_int(s); - - /* - * TODO: could we 'break' here for reset? following operations appear - * to duplicate the work imx_epit_reset() already did. - */ - - ptimer_transaction_begin(s->timer_cmp); - ptimer_transaction_begin(s->timer_reload); - - /* - * Update the frequency. In case of a reset the input clock was - * switched off, so this can be skipped. - */ - if (!(s->cr & CR_SWR)) { - freq = imx_epit_get_freq(s); + } else { + ptimer_transaction_begin(s->timer_cmp); + ptimer_transaction_begin(s->timer_reload); + uint32_t freq = imx_epit_get_freq(s); if (freq) { ptimer_set_freq(s->timer_reload, freq); ptimer_set_freq(s->timer_cmp, freq); } - } - - if (freq && (s->cr & CR_EN) && !(oldcr & CR_EN)) { - if (s->cr & CR_ENMOD) { - if (s->cr & CR_RLD) { - ptimer_set_limit(s->timer_reload, s->lr, 1); - ptimer_set_limit(s->timer_cmp, s->lr, 1); - } else { - ptimer_set_limit(s->timer_reload, EPIT_TIMER_MAX, 1); - ptimer_set_limit(s->timer_cmp, EPIT_TIMER_MAX, 1); + uint32_t toggled_cr_bits = oldcr ^ s->cr; + /* re-initialize the limits if CR.RLD has changed */ + bool set_limit = toggled_cr_bits & CR_RLD; + /* set the counter if the timer got just enabled and CR.ENMOD is set */ + bool is_switched_on = (toggled_cr_bits & s->cr) & CR_EN; + bool set_counter = is_switched_on && (s->cr & CR_ENMOD); + if (set_limit || set_counter) { + uint64_t limit = (s->cr & CR_RLD) ? s->lr : EPIT_TIMER_MAX; + ptimer_set_limit(s->timer_reload, limit, set_counter ? 1 : 0); + if (set_limit) { + ptimer_set_limit(s->timer_cmp, limit, 0); } } - - imx_epit_reload_compare_timer(s); - ptimer_run(s->timer_reload, 0); - if (s->cr & CR_OCIEN) { - ptimer_run(s->timer_cmp, 0); + /* + * If there is an input clock and the peripheral is enabled, then + * ensure the wall clock timer is ticking. Otherwise stop the timers. + * The compare timer will be updated later. + */ + if (freq && (s->cr & CR_EN)) { + ptimer_run(s->timer_reload, 0); } else { - ptimer_stop(s->timer_cmp); - } - } else if (!(s->cr & CR_EN)) { - /* stop both timers */ - ptimer_stop(s->timer_reload); - ptimer_stop(s->timer_cmp); - } else if (s->cr & CR_OCIEN) { - if (!(oldcr & CR_OCIEN)) { - imx_epit_reload_compare_timer(s); - ptimer_run(s->timer_cmp, 0); + ptimer_stop(s->timer_reload); } - } else { - ptimer_stop(s->timer_cmp); + /* Commit changes to reload timer, so they can propagate. */ + ptimer_transaction_commit(s->timer_reload); + /* Update compare timer based on the committed reload timer value. */ + imx_epit_update_compare_timer(s); + ptimer_transaction_commit(s->timer_cmp); } - ptimer_transaction_commit(s->timer_cmp); - ptimer_transaction_commit(s->timer_reload); + /* + * The interrupt state can change due to: + * - reset clears both SR.OCIF and CR.OCIE + * - write to CR.EN or CR.OCIE + */ + imx_epit_update_int(s); } static void imx_epit_write_sr(IMXEPITState *s, uint32_t value) @@ -266,14 +302,10 @@ static void imx_epit_write_lr(IMXEPITState *s, uint32_t value) /* If IOVW bit is set then set the timer value */ ptimer_set_count(s->timer_reload, s->lr); } - /* - * Commit the change to s->timer_reload, so it can propagate. Otherwise - * the timer interrupt may not fire properly. The commit must happen - * before calling imx_epit_reload_compare_timer(), which reads - * s->timer_reload internally again. - */ + /* Commit the changes to s->timer_reload, so they can propagate. */ ptimer_transaction_commit(s->timer_reload); - imx_epit_reload_compare_timer(s); + /* Update the compare timer based on the committed reload timer value. */ + imx_epit_update_compare_timer(s); ptimer_transaction_commit(s->timer_cmp); } @@ -281,8 +313,9 @@ static void imx_epit_write_cmp(IMXEPITState *s, uint32_t value) { s->cmp = value; + /* Update the compare timer based on the committed reload timer value. */ ptimer_transaction_begin(s->timer_cmp); - imx_epit_reload_compare_timer(s); + imx_epit_update_compare_timer(s); ptimer_transaction_commit(s->timer_cmp); } @@ -322,6 +355,9 @@ static void imx_epit_cmp(void *opaque) { IMXEPITState *s = IMX_EPIT(opaque); + /* The cmp ptimer can't be running when the peripheral is disabled */ + assert(s->cr & CR_EN); + DPRINTF("sr was %d\n", s->sr); /* Set interrupt status bit SR.OCIF and update the interrupt state */ s->sr |= SR_OCIF;