vhost: fix double free on device stop
[qemu.git] / hw / ppc4xx_devs.c
blob68bdfaacc7dcc02b55b00fa4acc373dfb60b3bc3
1 /*
2 * QEMU PowerPC 4xx embedded processors shared devices emulation
4 * Copyright (c) 2007 Jocelyn Mayer
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
24 #include "hw.h"
25 #include "ppc.h"
26 #include "ppc4xx.h"
27 #include "qemu-log.h"
29 //#define DEBUG_MMIO
30 //#define DEBUG_UNASSIGNED
31 #define DEBUG_UIC
34 #ifdef DEBUG_UIC
35 # define LOG_UIC(...) qemu_log_mask(CPU_LOG_INT, ## __VA_ARGS__)
36 #else
37 # define LOG_UIC(...) do { } while (0)
38 #endif
40 /*****************************************************************************/
41 /* Generic PowerPC 4xx processor instantiation */
42 CPUState *ppc4xx_init (const char *cpu_model,
43 clk_setup_t *cpu_clk, clk_setup_t *tb_clk,
44 uint32_t sysclk)
46 CPUState *env;
48 /* init CPUs */
49 env = cpu_init(cpu_model);
50 if (!env) {
51 fprintf(stderr, "Unable to find PowerPC %s CPU definition\n",
52 cpu_model);
53 exit(1);
55 cpu_clk->cb = NULL; /* We don't care about CPU clock frequency changes */
56 cpu_clk->opaque = env;
57 /* Set time-base frequency to sysclk */
58 tb_clk->cb = ppc_emb_timers_init(env, sysclk, PPC_INTERRUPT_PIT);
59 tb_clk->opaque = env;
60 ppc_dcr_init(env, NULL, NULL);
61 /* Register qemu callbacks */
62 qemu_register_reset((QEMUResetHandler*)&cpu_reset, env);
64 return env;
67 /*****************************************************************************/
68 /* "Universal" Interrupt controller */
69 enum {
70 DCR_UICSR = 0x000,
71 DCR_UICSRS = 0x001,
72 DCR_UICER = 0x002,
73 DCR_UICCR = 0x003,
74 DCR_UICPR = 0x004,
75 DCR_UICTR = 0x005,
76 DCR_UICMSR = 0x006,
77 DCR_UICVR = 0x007,
78 DCR_UICVCR = 0x008,
79 DCR_UICMAX = 0x009,
82 #define UIC_MAX_IRQ 32
83 typedef struct ppcuic_t ppcuic_t;
84 struct ppcuic_t {
85 uint32_t dcr_base;
86 int use_vectors;
87 uint32_t level; /* Remembers the state of level-triggered interrupts. */
88 uint32_t uicsr; /* Status register */
89 uint32_t uicer; /* Enable register */
90 uint32_t uiccr; /* Critical register */
91 uint32_t uicpr; /* Polarity register */
92 uint32_t uictr; /* Triggering register */
93 uint32_t uicvcr; /* Vector configuration register */
94 uint32_t uicvr;
95 qemu_irq *irqs;
98 static void ppcuic_trigger_irq (ppcuic_t *uic)
100 uint32_t ir, cr;
101 int start, end, inc, i;
103 /* Trigger interrupt if any is pending */
104 ir = uic->uicsr & uic->uicer & (~uic->uiccr);
105 cr = uic->uicsr & uic->uicer & uic->uiccr;
106 LOG_UIC("%s: uicsr %08" PRIx32 " uicer %08" PRIx32
107 " uiccr %08" PRIx32 "\n"
108 " %08" PRIx32 " ir %08" PRIx32 " cr %08" PRIx32 "\n",
109 __func__, uic->uicsr, uic->uicer, uic->uiccr,
110 uic->uicsr & uic->uicer, ir, cr);
111 if (ir != 0x0000000) {
112 LOG_UIC("Raise UIC interrupt\n");
113 qemu_irq_raise(uic->irqs[PPCUIC_OUTPUT_INT]);
114 } else {
115 LOG_UIC("Lower UIC interrupt\n");
116 qemu_irq_lower(uic->irqs[PPCUIC_OUTPUT_INT]);
118 /* Trigger critical interrupt if any is pending and update vector */
119 if (cr != 0x0000000) {
120 qemu_irq_raise(uic->irqs[PPCUIC_OUTPUT_CINT]);
121 if (uic->use_vectors) {
122 /* Compute critical IRQ vector */
123 if (uic->uicvcr & 1) {
124 start = 31;
125 end = 0;
126 inc = -1;
127 } else {
128 start = 0;
129 end = 31;
130 inc = 1;
132 uic->uicvr = uic->uicvcr & 0xFFFFFFFC;
133 for (i = start; i <= end; i += inc) {
134 if (cr & (1 << i)) {
135 uic->uicvr += (i - start) * 512 * inc;
136 break;
140 LOG_UIC("Raise UIC critical interrupt - "
141 "vector %08" PRIx32 "\n", uic->uicvr);
142 } else {
143 LOG_UIC("Lower UIC critical interrupt\n");
144 qemu_irq_lower(uic->irqs[PPCUIC_OUTPUT_CINT]);
145 uic->uicvr = 0x00000000;
149 static void ppcuic_set_irq (void *opaque, int irq_num, int level)
151 ppcuic_t *uic;
152 uint32_t mask, sr;
154 uic = opaque;
155 mask = 1 << (31-irq_num);
156 LOG_UIC("%s: irq %d level %d uicsr %08" PRIx32
157 " mask %08" PRIx32 " => %08" PRIx32 " %08" PRIx32 "\n",
158 __func__, irq_num, level,
159 uic->uicsr, mask, uic->uicsr & mask, level << irq_num);
160 if (irq_num < 0 || irq_num > 31)
161 return;
162 sr = uic->uicsr;
164 /* Update status register */
165 if (uic->uictr & mask) {
166 /* Edge sensitive interrupt */
167 if (level == 1)
168 uic->uicsr |= mask;
169 } else {
170 /* Level sensitive interrupt */
171 if (level == 1) {
172 uic->uicsr |= mask;
173 uic->level |= mask;
174 } else {
175 uic->uicsr &= ~mask;
176 uic->level &= ~mask;
179 LOG_UIC("%s: irq %d level %d sr %" PRIx32 " => "
180 "%08" PRIx32 "\n", __func__, irq_num, level, uic->uicsr, sr);
181 if (sr != uic->uicsr)
182 ppcuic_trigger_irq(uic);
185 static uint32_t dcr_read_uic (void *opaque, int dcrn)
187 ppcuic_t *uic;
188 uint32_t ret;
190 uic = opaque;
191 dcrn -= uic->dcr_base;
192 switch (dcrn) {
193 case DCR_UICSR:
194 case DCR_UICSRS:
195 ret = uic->uicsr;
196 break;
197 case DCR_UICER:
198 ret = uic->uicer;
199 break;
200 case DCR_UICCR:
201 ret = uic->uiccr;
202 break;
203 case DCR_UICPR:
204 ret = uic->uicpr;
205 break;
206 case DCR_UICTR:
207 ret = uic->uictr;
208 break;
209 case DCR_UICMSR:
210 ret = uic->uicsr & uic->uicer;
211 break;
212 case DCR_UICVR:
213 if (!uic->use_vectors)
214 goto no_read;
215 ret = uic->uicvr;
216 break;
217 case DCR_UICVCR:
218 if (!uic->use_vectors)
219 goto no_read;
220 ret = uic->uicvcr;
221 break;
222 default:
223 no_read:
224 ret = 0x00000000;
225 break;
228 return ret;
231 static void dcr_write_uic (void *opaque, int dcrn, uint32_t val)
233 ppcuic_t *uic;
235 uic = opaque;
236 dcrn -= uic->dcr_base;
237 LOG_UIC("%s: dcr %d val 0x%x\n", __func__, dcrn, val);
238 switch (dcrn) {
239 case DCR_UICSR:
240 uic->uicsr &= ~val;
241 uic->uicsr |= uic->level;
242 ppcuic_trigger_irq(uic);
243 break;
244 case DCR_UICSRS:
245 uic->uicsr |= val;
246 ppcuic_trigger_irq(uic);
247 break;
248 case DCR_UICER:
249 uic->uicer = val;
250 ppcuic_trigger_irq(uic);
251 break;
252 case DCR_UICCR:
253 uic->uiccr = val;
254 ppcuic_trigger_irq(uic);
255 break;
256 case DCR_UICPR:
257 uic->uicpr = val;
258 break;
259 case DCR_UICTR:
260 uic->uictr = val;
261 ppcuic_trigger_irq(uic);
262 break;
263 case DCR_UICMSR:
264 break;
265 case DCR_UICVR:
266 break;
267 case DCR_UICVCR:
268 uic->uicvcr = val & 0xFFFFFFFD;
269 ppcuic_trigger_irq(uic);
270 break;
274 static void ppcuic_reset (void *opaque)
276 ppcuic_t *uic;
278 uic = opaque;
279 uic->uiccr = 0x00000000;
280 uic->uicer = 0x00000000;
281 uic->uicpr = 0x00000000;
282 uic->uicsr = 0x00000000;
283 uic->uictr = 0x00000000;
284 if (uic->use_vectors) {
285 uic->uicvcr = 0x00000000;
286 uic->uicvr = 0x0000000;
290 qemu_irq *ppcuic_init (CPUState *env, qemu_irq *irqs,
291 uint32_t dcr_base, int has_ssr, int has_vr)
293 ppcuic_t *uic;
294 int i;
296 uic = qemu_mallocz(sizeof(ppcuic_t));
297 uic->dcr_base = dcr_base;
298 uic->irqs = irqs;
299 if (has_vr)
300 uic->use_vectors = 1;
301 for (i = 0; i < DCR_UICMAX; i++) {
302 ppc_dcr_register(env, dcr_base + i, uic,
303 &dcr_read_uic, &dcr_write_uic);
305 qemu_register_reset(ppcuic_reset, uic);
307 return qemu_allocate_irqs(&ppcuic_set_irq, uic, UIC_MAX_IRQ);
310 /*****************************************************************************/
311 /* SDRAM controller */
312 typedef struct ppc4xx_sdram_t ppc4xx_sdram_t;
313 struct ppc4xx_sdram_t {
314 uint32_t addr;
315 int nbanks;
316 target_phys_addr_t ram_bases[4];
317 target_phys_addr_t ram_sizes[4];
318 uint32_t besr0;
319 uint32_t besr1;
320 uint32_t bear;
321 uint32_t cfg;
322 uint32_t status;
323 uint32_t rtr;
324 uint32_t pmit;
325 uint32_t bcr[4];
326 uint32_t tr;
327 uint32_t ecccfg;
328 uint32_t eccesr;
329 qemu_irq irq;
332 enum {
333 SDRAM0_CFGADDR = 0x010,
334 SDRAM0_CFGDATA = 0x011,
337 /* XXX: TOFIX: some patches have made this code become inconsistent:
338 * there are type inconsistencies, mixing target_phys_addr_t, target_ulong
339 * and uint32_t
341 static uint32_t sdram_bcr (target_phys_addr_t ram_base,
342 target_phys_addr_t ram_size)
344 uint32_t bcr;
346 switch (ram_size) {
347 case (4 * 1024 * 1024):
348 bcr = 0x00000000;
349 break;
350 case (8 * 1024 * 1024):
351 bcr = 0x00020000;
352 break;
353 case (16 * 1024 * 1024):
354 bcr = 0x00040000;
355 break;
356 case (32 * 1024 * 1024):
357 bcr = 0x00060000;
358 break;
359 case (64 * 1024 * 1024):
360 bcr = 0x00080000;
361 break;
362 case (128 * 1024 * 1024):
363 bcr = 0x000A0000;
364 break;
365 case (256 * 1024 * 1024):
366 bcr = 0x000C0000;
367 break;
368 default:
369 printf("%s: invalid RAM size " TARGET_FMT_plx "\n", __func__,
370 ram_size);
371 return 0x00000000;
373 bcr |= ram_base & 0xFF800000;
374 bcr |= 1;
376 return bcr;
379 static inline target_phys_addr_t sdram_base(uint32_t bcr)
381 return bcr & 0xFF800000;
384 static target_ulong sdram_size (uint32_t bcr)
386 target_ulong size;
387 int sh;
389 sh = (bcr >> 17) & 0x7;
390 if (sh == 7)
391 size = -1;
392 else
393 size = (4 * 1024 * 1024) << sh;
395 return size;
398 static void sdram_set_bcr (uint32_t *bcrp, uint32_t bcr, int enabled)
400 if (*bcrp & 0x00000001) {
401 /* Unmap RAM */
402 #ifdef DEBUG_SDRAM
403 printf("%s: unmap RAM area " TARGET_FMT_plx " " TARGET_FMT_lx "\n",
404 __func__, sdram_base(*bcrp), sdram_size(*bcrp));
405 #endif
406 cpu_register_physical_memory(sdram_base(*bcrp), sdram_size(*bcrp),
407 IO_MEM_UNASSIGNED);
409 *bcrp = bcr & 0xFFDEE001;
410 if (enabled && (bcr & 0x00000001)) {
411 #ifdef DEBUG_SDRAM
412 printf("%s: Map RAM area " TARGET_FMT_plx " " TARGET_FMT_lx "\n",
413 __func__, sdram_base(bcr), sdram_size(bcr));
414 #endif
415 cpu_register_physical_memory(sdram_base(bcr), sdram_size(bcr),
416 sdram_base(bcr) | IO_MEM_RAM);
420 static void sdram_map_bcr (ppc4xx_sdram_t *sdram)
422 int i;
424 for (i = 0; i < sdram->nbanks; i++) {
425 if (sdram->ram_sizes[i] != 0) {
426 sdram_set_bcr(&sdram->bcr[i],
427 sdram_bcr(sdram->ram_bases[i], sdram->ram_sizes[i]),
429 } else {
430 sdram_set_bcr(&sdram->bcr[i], 0x00000000, 0);
435 static void sdram_unmap_bcr (ppc4xx_sdram_t *sdram)
437 int i;
439 for (i = 0; i < sdram->nbanks; i++) {
440 #ifdef DEBUG_SDRAM
441 printf("%s: Unmap RAM area " TARGET_FMT_plx " " TARGET_FMT_lx "\n",
442 __func__, sdram_base(sdram->bcr[i]), sdram_size(sdram->bcr[i]));
443 #endif
444 cpu_register_physical_memory(sdram_base(sdram->bcr[i]),
445 sdram_size(sdram->bcr[i]),
446 IO_MEM_UNASSIGNED);
450 static uint32_t dcr_read_sdram (void *opaque, int dcrn)
452 ppc4xx_sdram_t *sdram;
453 uint32_t ret;
455 sdram = opaque;
456 switch (dcrn) {
457 case SDRAM0_CFGADDR:
458 ret = sdram->addr;
459 break;
460 case SDRAM0_CFGDATA:
461 switch (sdram->addr) {
462 case 0x00: /* SDRAM_BESR0 */
463 ret = sdram->besr0;
464 break;
465 case 0x08: /* SDRAM_BESR1 */
466 ret = sdram->besr1;
467 break;
468 case 0x10: /* SDRAM_BEAR */
469 ret = sdram->bear;
470 break;
471 case 0x20: /* SDRAM_CFG */
472 ret = sdram->cfg;
473 break;
474 case 0x24: /* SDRAM_STATUS */
475 ret = sdram->status;
476 break;
477 case 0x30: /* SDRAM_RTR */
478 ret = sdram->rtr;
479 break;
480 case 0x34: /* SDRAM_PMIT */
481 ret = sdram->pmit;
482 break;
483 case 0x40: /* SDRAM_B0CR */
484 ret = sdram->bcr[0];
485 break;
486 case 0x44: /* SDRAM_B1CR */
487 ret = sdram->bcr[1];
488 break;
489 case 0x48: /* SDRAM_B2CR */
490 ret = sdram->bcr[2];
491 break;
492 case 0x4C: /* SDRAM_B3CR */
493 ret = sdram->bcr[3];
494 break;
495 case 0x80: /* SDRAM_TR */
496 ret = -1; /* ? */
497 break;
498 case 0x94: /* SDRAM_ECCCFG */
499 ret = sdram->ecccfg;
500 break;
501 case 0x98: /* SDRAM_ECCESR */
502 ret = sdram->eccesr;
503 break;
504 default: /* Error */
505 ret = -1;
506 break;
508 break;
509 default:
510 /* Avoid gcc warning */
511 ret = 0x00000000;
512 break;
515 return ret;
518 static void dcr_write_sdram (void *opaque, int dcrn, uint32_t val)
520 ppc4xx_sdram_t *sdram;
522 sdram = opaque;
523 switch (dcrn) {
524 case SDRAM0_CFGADDR:
525 sdram->addr = val;
526 break;
527 case SDRAM0_CFGDATA:
528 switch (sdram->addr) {
529 case 0x00: /* SDRAM_BESR0 */
530 sdram->besr0 &= ~val;
531 break;
532 case 0x08: /* SDRAM_BESR1 */
533 sdram->besr1 &= ~val;
534 break;
535 case 0x10: /* SDRAM_BEAR */
536 sdram->bear = val;
537 break;
538 case 0x20: /* SDRAM_CFG */
539 val &= 0xFFE00000;
540 if (!(sdram->cfg & 0x80000000) && (val & 0x80000000)) {
541 #ifdef DEBUG_SDRAM
542 printf("%s: enable SDRAM controller\n", __func__);
543 #endif
544 /* validate all RAM mappings */
545 sdram_map_bcr(sdram);
546 sdram->status &= ~0x80000000;
547 } else if ((sdram->cfg & 0x80000000) && !(val & 0x80000000)) {
548 #ifdef DEBUG_SDRAM
549 printf("%s: disable SDRAM controller\n", __func__);
550 #endif
551 /* invalidate all RAM mappings */
552 sdram_unmap_bcr(sdram);
553 sdram->status |= 0x80000000;
555 if (!(sdram->cfg & 0x40000000) && (val & 0x40000000))
556 sdram->status |= 0x40000000;
557 else if ((sdram->cfg & 0x40000000) && !(val & 0x40000000))
558 sdram->status &= ~0x40000000;
559 sdram->cfg = val;
560 break;
561 case 0x24: /* SDRAM_STATUS */
562 /* Read-only register */
563 break;
564 case 0x30: /* SDRAM_RTR */
565 sdram->rtr = val & 0x3FF80000;
566 break;
567 case 0x34: /* SDRAM_PMIT */
568 sdram->pmit = (val & 0xF8000000) | 0x07C00000;
569 break;
570 case 0x40: /* SDRAM_B0CR */
571 sdram_set_bcr(&sdram->bcr[0], val, sdram->cfg & 0x80000000);
572 break;
573 case 0x44: /* SDRAM_B1CR */
574 sdram_set_bcr(&sdram->bcr[1], val, sdram->cfg & 0x80000000);
575 break;
576 case 0x48: /* SDRAM_B2CR */
577 sdram_set_bcr(&sdram->bcr[2], val, sdram->cfg & 0x80000000);
578 break;
579 case 0x4C: /* SDRAM_B3CR */
580 sdram_set_bcr(&sdram->bcr[3], val, sdram->cfg & 0x80000000);
581 break;
582 case 0x80: /* SDRAM_TR */
583 sdram->tr = val & 0x018FC01F;
584 break;
585 case 0x94: /* SDRAM_ECCCFG */
586 sdram->ecccfg = val & 0x00F00000;
587 break;
588 case 0x98: /* SDRAM_ECCESR */
589 val &= 0xFFF0F000;
590 if (sdram->eccesr == 0 && val != 0)
591 qemu_irq_raise(sdram->irq);
592 else if (sdram->eccesr != 0 && val == 0)
593 qemu_irq_lower(sdram->irq);
594 sdram->eccesr = val;
595 break;
596 default: /* Error */
597 break;
599 break;
603 static void sdram_reset (void *opaque)
605 ppc4xx_sdram_t *sdram;
607 sdram = opaque;
608 sdram->addr = 0x00000000;
609 sdram->bear = 0x00000000;
610 sdram->besr0 = 0x00000000; /* No error */
611 sdram->besr1 = 0x00000000; /* No error */
612 sdram->cfg = 0x00000000;
613 sdram->ecccfg = 0x00000000; /* No ECC */
614 sdram->eccesr = 0x00000000; /* No error */
615 sdram->pmit = 0x07C00000;
616 sdram->rtr = 0x05F00000;
617 sdram->tr = 0x00854009;
618 /* We pre-initialize RAM banks */
619 sdram->status = 0x00000000;
620 sdram->cfg = 0x00800000;
623 void ppc4xx_sdram_init (CPUState *env, qemu_irq irq, int nbanks,
624 target_phys_addr_t *ram_bases,
625 target_phys_addr_t *ram_sizes,
626 int do_init)
628 ppc4xx_sdram_t *sdram;
630 sdram = qemu_mallocz(sizeof(ppc4xx_sdram_t));
631 sdram->irq = irq;
632 sdram->nbanks = nbanks;
633 memset(sdram->ram_bases, 0, 4 * sizeof(target_phys_addr_t));
634 memcpy(sdram->ram_bases, ram_bases,
635 nbanks * sizeof(target_phys_addr_t));
636 memset(sdram->ram_sizes, 0, 4 * sizeof(target_phys_addr_t));
637 memcpy(sdram->ram_sizes, ram_sizes,
638 nbanks * sizeof(target_phys_addr_t));
639 qemu_register_reset(&sdram_reset, sdram);
640 ppc_dcr_register(env, SDRAM0_CFGADDR,
641 sdram, &dcr_read_sdram, &dcr_write_sdram);
642 ppc_dcr_register(env, SDRAM0_CFGDATA,
643 sdram, &dcr_read_sdram, &dcr_write_sdram);
644 if (do_init)
645 sdram_map_bcr(sdram);
648 /* Fill in consecutive SDRAM banks with 'ram_size' bytes of memory.
650 * sdram_bank_sizes[] must be 0-terminated.
652 * The 4xx SDRAM controller supports a small number of banks, and each bank
653 * must be one of a small set of sizes. The number of banks and the supported
654 * sizes varies by SoC. */
655 ram_addr_t ppc4xx_sdram_adjust(ram_addr_t ram_size, int nr_banks,
656 target_phys_addr_t ram_bases[],
657 target_phys_addr_t ram_sizes[],
658 const unsigned int sdram_bank_sizes[])
660 ram_addr_t size_left = ram_size;
661 int i;
662 int j;
664 for (i = 0; i < nr_banks; i++) {
665 for (j = 0; sdram_bank_sizes[j] != 0; j++) {
666 unsigned int bank_size = sdram_bank_sizes[j];
668 if (bank_size <= size_left) {
669 char name[32];
670 snprintf(name, sizeof(name), "ppc4xx.sdram%d", i);
671 ram_bases[i] = qemu_ram_alloc(NULL, name, bank_size);
672 ram_sizes[i] = bank_size;
673 size_left -= bank_size;
674 break;
678 if (!size_left) {
679 /* No need to use the remaining banks. */
680 break;
684 ram_size -= size_left;
685 if (size_left)
686 printf("Truncating memory to %d MiB to fit SDRAM controller limits.\n",
687 (int)(ram_size >> 20));
689 return ram_size;