search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
openpic: avoid buffer overrun on incoming migration
[qemu/ar7.git] / hw / intc / openpic.c
blob17136c9333348989af5fa96ea09d56c661ea88c4
1 /*
2 * OpenPIC emulation
3 *
4 * Copyright (c) 2004 Jocelyn Mayer
5 * 2011 Alexander Graf
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25 /*
26 *
27 * Based on OpenPic implementations:
28 * - Intel GW80314 I/O companion chip developer's manual
29 * - Motorola MPC8245 & MPC8540 user manuals.
30 * - Motorola MCP750 (aka Raven) programmer manual.
31 * - Motorola Harrier programmer manuel
32 *
33 * Serial interrupts, as implemented in Raven chipset are not supported yet.
34 *
35 */
36 #include "hw/hw.h"
37 #include "hw/ppc/mac.h"
38 #include "hw/pci/pci.h"
39 #include "hw/ppc/openpic.h"
40 #include "hw/ppc/ppc_e500.h"
41 #include "hw/sysbus.h"
42 #include "hw/pci/msi.h"
43 #include "qemu/bitops.h"
44 #include "qapi/qmp/qerror.h"
45
46 //#define DEBUG_OPENPIC
47
48 #ifdef DEBUG_OPENPIC
49 static const int debug_openpic = 1;
50 #else
51 static const int debug_openpic = 0;
52 #endif
53
54 #define DPRINTF(fmt, ...) do { \
55 if (debug_openpic) { \
56 printf(fmt , ## __VA_ARGS__); \
57 } \
58 } while (0)
59
60 #define MAX_CPU 32
61 #define MAX_MSI 8
62 #define VID 0x03 /* MPIC version ID */
63
64 /* OpenPIC capability flags */
65 #define OPENPIC_FLAG_IDR_CRIT (1 << 0)
66 #define OPENPIC_FLAG_ILR (2 << 0)
67
68 /* OpenPIC address map */
69 #define OPENPIC_GLB_REG_START 0x0
70 #define OPENPIC_GLB_REG_SIZE 0x10F0
71 #define OPENPIC_TMR_REG_START 0x10F0
72 #define OPENPIC_TMR_REG_SIZE 0x220
73 #define OPENPIC_MSI_REG_START 0x1600
74 #define OPENPIC_MSI_REG_SIZE 0x200
75 #define OPENPIC_SUMMARY_REG_START 0x3800
76 #define OPENPIC_SUMMARY_REG_SIZE 0x800
77 #define OPENPIC_SRC_REG_START 0x10000
78 #define OPENPIC_SRC_REG_SIZE (OPENPIC_MAX_SRC * 0x20)
79 #define OPENPIC_CPU_REG_START 0x20000
80 #define OPENPIC_CPU_REG_SIZE 0x100 + ((MAX_CPU - 1) * 0x1000)
81
82 /* Raven */
83 #define RAVEN_MAX_CPU 2
84 #define RAVEN_MAX_EXT 48
85 #define RAVEN_MAX_IRQ 64
86 #define RAVEN_MAX_TMR OPENPIC_MAX_TMR
87 #define RAVEN_MAX_IPI OPENPIC_MAX_IPI
88
89 /* Interrupt definitions */
90 #define RAVEN_FE_IRQ (RAVEN_MAX_EXT) /* Internal functional IRQ */
91 #define RAVEN_ERR_IRQ (RAVEN_MAX_EXT + 1) /* Error IRQ */
92 #define RAVEN_TMR_IRQ (RAVEN_MAX_EXT + 2) /* First timer IRQ */
93 #define RAVEN_IPI_IRQ (RAVEN_TMR_IRQ + RAVEN_MAX_TMR) /* First IPI IRQ */
94 /* First doorbell IRQ */
95 #define RAVEN_DBL_IRQ (RAVEN_IPI_IRQ + (RAVEN_MAX_CPU * RAVEN_MAX_IPI))
96
97 typedef struct FslMpicInfo {
98 int max_ext;
99 } FslMpicInfo;
100
101 static FslMpicInfo fsl_mpic_20 = {
102 .max_ext = 12,
103 };
104
105 static FslMpicInfo fsl_mpic_42 = {
106 .max_ext = 12,
107 };
108
109 #define FRR_NIRQ_SHIFT 16
110 #define FRR_NCPU_SHIFT 8
111 #define FRR_VID_SHIFT 0
112
113 #define VID_REVISION_1_2 2
114 #define VID_REVISION_1_3 3
115
116 #define VIR_GENERIC 0x00000000 /* Generic Vendor ID */
117
118 #define GCR_RESET 0x80000000
119 #define GCR_MODE_PASS 0x00000000
120 #define GCR_MODE_MIXED 0x20000000
121 #define GCR_MODE_PROXY 0x60000000
122
123 #define TBCR_CI 0x80000000 /* count inhibit */
124 #define TCCR_TOG 0x80000000 /* toggles when decrement to zero */
125
126 #define IDR_EP_SHIFT 31
127 #define IDR_EP_MASK (1U << IDR_EP_SHIFT)
128 #define IDR_CI0_SHIFT 30
129 #define IDR_CI1_SHIFT 29
130 #define IDR_P1_SHIFT 1
131 #define IDR_P0_SHIFT 0
132
133 #define ILR_INTTGT_MASK 0x000000ff
134 #define ILR_INTTGT_INT 0x00
135 #define ILR_INTTGT_CINT 0x01 /* critical */
136 #define ILR_INTTGT_MCP 0x02 /* machine check */
137
138 /* The currently supported INTTGT values happen to be the same as QEMU's
139 * openpic output codes, but don't depend on this. The output codes
140 * could change (unlikely, but...) or support could be added for
141 * more INTTGT values.
142 */
143 static const int inttgt_output[][2] = {
144 { ILR_INTTGT_INT, OPENPIC_OUTPUT_INT },
145 { ILR_INTTGT_CINT, OPENPIC_OUTPUT_CINT },
146 { ILR_INTTGT_MCP, OPENPIC_OUTPUT_MCK },
147 };
148
149 static int inttgt_to_output(int inttgt)
150 {
151 int i;
152
153 for (i = 0; i < ARRAY_SIZE(inttgt_output); i++) {
154 if (inttgt_output[i][0] == inttgt) {
155 return inttgt_output[i][1];
156 }
157 }
158
159 fprintf(stderr, "%s: unsupported inttgt %d\n", __func__, inttgt);
160 return OPENPIC_OUTPUT_INT;
161 }
162
163 static int output_to_inttgt(int output)
164 {
165 int i;
166
167 for (i = 0; i < ARRAY_SIZE(inttgt_output); i++) {
168 if (inttgt_output[i][1] == output) {
169 return inttgt_output[i][0];
170 }
171 }
172
173 abort();
174 }
175
176 #define MSIIR_OFFSET 0x140
177 #define MSIIR_SRS_SHIFT 29
178 #define MSIIR_SRS_MASK (0x7 << MSIIR_SRS_SHIFT)
179 #define MSIIR_IBS_SHIFT 24
180 #define MSIIR_IBS_MASK (0x1f << MSIIR_IBS_SHIFT)
181
182 static int get_current_cpu(void)
183 {
184 if (!current_cpu) {
185 return -1;
186 }
187
188 return current_cpu->cpu_index;
189 }
190
191 static uint32_t openpic_cpu_read_internal(void *opaque, hwaddr addr,
192 int idx);
193 static void openpic_cpu_write_internal(void *opaque, hwaddr addr,
194 uint32_t val, int idx);
195
196 typedef enum IRQType {
197 IRQ_TYPE_NORMAL = 0,
198 IRQ_TYPE_FSLINT, /* FSL internal interrupt -- level only */
199 IRQ_TYPE_FSLSPECIAL, /* FSL timer/IPI interrupt, edge, no polarity */
200 } IRQType;
201
202 typedef struct IRQQueue {
203 /* Round up to the nearest 64 IRQs so that the queue length
204 * won't change when moving between 32 and 64 bit hosts.
205 */
206 unsigned long queue[BITS_TO_LONGS((OPENPIC_MAX_IRQ + 63) & ~63)];
207 int next;
208 int priority;
209 } IRQQueue;
210
211 typedef struct IRQSource {
212 uint32_t ivpr; /* IRQ vector/priority register */
213 uint32_t idr; /* IRQ destination register */
214 uint32_t destmask; /* bitmap of CPU destinations */
215 int last_cpu;
216 int output; /* IRQ level, e.g. OPENPIC_OUTPUT_INT */
217 int pending; /* TRUE if IRQ is pending */
218 IRQType type;
219 bool level:1; /* level-triggered */
220 bool nomask:1; /* critical interrupts ignore mask on some FSL MPICs */
221 } IRQSource;
222
223 #define IVPR_MASK_SHIFT 31
224 #define IVPR_MASK_MASK (1U << IVPR_MASK_SHIFT)
225 #define IVPR_ACTIVITY_SHIFT 30
226 #define IVPR_ACTIVITY_MASK (1U << IVPR_ACTIVITY_SHIFT)
227 #define IVPR_MODE_SHIFT 29
228 #define IVPR_MODE_MASK (1U << IVPR_MODE_SHIFT)
229 #define IVPR_POLARITY_SHIFT 23
230 #define IVPR_POLARITY_MASK (1U << IVPR_POLARITY_SHIFT)
231 #define IVPR_SENSE_SHIFT 22
232 #define IVPR_SENSE_MASK (1U << IVPR_SENSE_SHIFT)
233
234 #define IVPR_PRIORITY_MASK (0xFU << 16)
235 #define IVPR_PRIORITY(_ivprr_) ((int)(((_ivprr_) & IVPR_PRIORITY_MASK) >> 16))
236 #define IVPR_VECTOR(opp, _ivprr_) ((_ivprr_) & (opp)->vector_mask)
237
238 /* IDR[EP/CI] are only for FSL MPIC prior to v4.0 */
239 #define IDR_EP 0x80000000 /* external pin */
240 #define IDR_CI 0x40000000 /* critical interrupt */
241
242 typedef struct IRQDest {
243 int32_t ctpr; /* CPU current task priority */
244 IRQQueue raised;
245 IRQQueue servicing;
246 qemu_irq *irqs;
247
248 /* Count of IRQ sources asserting on non-INT outputs */
249 uint32_t outputs_active[OPENPIC_OUTPUT_NB];
250 } IRQDest;
251
252 #define OPENPIC(obj) OBJECT_CHECK(OpenPICState, (obj), TYPE_OPENPIC)
253
254 typedef struct OpenPICState {
255 /*< private >*/
256 SysBusDevice parent_obj;
257 /*< public >*/
258
259 MemoryRegion mem;
260
261 /* Behavior control */
262 FslMpicInfo *fsl;
263 uint32_t model;
264 uint32_t flags;
265 uint32_t nb_irqs;
266 uint32_t vid;
267 uint32_t vir; /* Vendor identification register */
268 uint32_t vector_mask;
269 uint32_t tfrr_reset;
270 uint32_t ivpr_reset;
271 uint32_t idr_reset;
272 uint32_t brr1;
273 uint32_t mpic_mode_mask;
274
275 /* Sub-regions */
276 MemoryRegion sub_io_mem[6];
277
278 /* Global registers */
279 uint32_t frr; /* Feature reporting register */
280 uint32_t gcr; /* Global configuration register */
281 uint32_t pir; /* Processor initialization register */
282 uint32_t spve; /* Spurious vector register */
283 uint32_t tfrr; /* Timer frequency reporting register */
284 /* Source registers */
285 IRQSource src[OPENPIC_MAX_IRQ];
286 /* Local registers per output pin */
287 IRQDest dst[MAX_CPU];
288 uint32_t nb_cpus;
289 /* Timer registers */
290 struct {
291 uint32_t tccr; /* Global timer current count register */
292 uint32_t tbcr; /* Global timer base count register */
293 } timers[OPENPIC_MAX_TMR];
294 /* Shared MSI registers */
295 struct {
296 uint32_t msir; /* Shared Message Signaled Interrupt Register */
297 } msi[MAX_MSI];
298 uint32_t max_irq;
299 uint32_t irq_ipi0;
300 uint32_t irq_tim0;
301 uint32_t irq_msi;
302 } OpenPICState;
303
304 static inline void IRQ_setbit(IRQQueue *q, int n_IRQ)
305 {
306 set_bit(n_IRQ, q->queue);
307 }
308
309 static inline void IRQ_resetbit(IRQQueue *q, int n_IRQ)
310 {
311 clear_bit(n_IRQ, q->queue);
312 }
313
314 static inline int IRQ_testbit(IRQQueue *q, int n_IRQ)
315 {
316 return test_bit(n_IRQ, q->queue);
317 }
318
319 static void IRQ_check(OpenPICState *opp, IRQQueue *q)
320 {
321 int irq = -1;
322 int next = -1;
323 int priority = -1;
324
325 for (;;) {
326 irq = find_next_bit(q->queue, opp->max_irq, irq + 1);
327 if (irq == opp->max_irq) {
328 break;
329 }
330
331 DPRINTF("IRQ_check: irq %d set ivpr_pr=%d pr=%d\n",
332 irq, IVPR_PRIORITY(opp->src[irq].ivpr), priority);
333
334 if (IVPR_PRIORITY(opp->src[irq].ivpr) > priority) {
335 next = irq;
336 priority = IVPR_PRIORITY(opp->src[irq].ivpr);
337 }
338 }
339
340 q->next = next;
341 q->priority = priority;
342 }
343
344 static int IRQ_get_next(OpenPICState *opp, IRQQueue *q)
345 {
346 /* XXX: optimize */
347 IRQ_check(opp, q);
348
349 return q->next;
350 }
351
352 static void IRQ_local_pipe(OpenPICState *opp, int n_CPU, int n_IRQ,
353 bool active, bool was_active)
354 {
355 IRQDest *dst;
356 IRQSource *src;
357 int priority;
358
359 dst = &opp->dst[n_CPU];
360 src = &opp->src[n_IRQ];
361
362 DPRINTF("%s: IRQ %d active %d was %d\n",
363 __func__, n_IRQ, active, was_active);
364
365 if (src->output != OPENPIC_OUTPUT_INT) {
366 DPRINTF("%s: output %d irq %d active %d was %d count %d\n",
367 __func__, src->output, n_IRQ, active, was_active,
368 dst->outputs_active[src->output]);
369
370 /* On Freescale MPIC, critical interrupts ignore priority,
371 * IACK, EOI, etc. Before MPIC v4.1 they also ignore
372 * masking.
373 */
374 if (active) {
375 if (!was_active && dst->outputs_active[src->output]++ == 0) {
376 DPRINTF("%s: Raise OpenPIC output %d cpu %d irq %d\n",
377 __func__, src->output, n_CPU, n_IRQ);
378 qemu_irq_raise(dst->irqs[src->output]);
379 }
380 } else {
381 if (was_active && --dst->outputs_active[src->output] == 0) {
382 DPRINTF("%s: Lower OpenPIC output %d cpu %d irq %d\n",
383 __func__, src->output, n_CPU, n_IRQ);
384 qemu_irq_lower(dst->irqs[src->output]);
385 }
386 }
387
388 return;
389 }
390
391 priority = IVPR_PRIORITY(src->ivpr);
392
393 /* Even if the interrupt doesn't have enough priority,
394 * it is still raised, in case ctpr is lowered later.
395 */
396 if (active) {
397 IRQ_setbit(&dst->raised, n_IRQ);
398 } else {
399 IRQ_resetbit(&dst->raised, n_IRQ);
400 }
401
402 IRQ_check(opp, &dst->raised);
403
404 if (active && priority <= dst->ctpr) {
405 DPRINTF("%s: IRQ %d priority %d too low for ctpr %d on CPU %d\n",
406 __func__, n_IRQ, priority, dst->ctpr, n_CPU);
407 active = 0;
408 }
409
410 if (active) {
411 if (IRQ_get_next(opp, &dst->servicing) >= 0 &&
412 priority <= dst->servicing.priority) {
413 DPRINTF("%s: IRQ %d is hidden by servicing IRQ %d on CPU %d\n",
414 __func__, n_IRQ, dst->servicing.next, n_CPU);
415 } else {
416 DPRINTF("%s: Raise OpenPIC INT output cpu %d irq %d/%d\n",
417 __func__, n_CPU, n_IRQ, dst->raised.next);
418 qemu_irq_raise(opp->dst[n_CPU].irqs[OPENPIC_OUTPUT_INT]);
419 }
420 } else {
421 IRQ_get_next(opp, &dst->servicing);
422 if (dst->raised.priority > dst->ctpr &&
423 dst->raised.priority > dst->servicing.priority) {
424 DPRINTF("%s: IRQ %d inactive, IRQ %d prio %d above %d/%d, CPU %d\n",
425 __func__, n_IRQ, dst->raised.next, dst->raised.priority,
426 dst->ctpr, dst->servicing.priority, n_CPU);
427 /* IRQ line stays asserted */
428 } else {
429 DPRINTF("%s: IRQ %d inactive, current prio %d/%d, CPU %d\n",
430 __func__, n_IRQ, dst->ctpr, dst->servicing.priority, n_CPU);
431 qemu_irq_lower(opp->dst[n_CPU].irqs[OPENPIC_OUTPUT_INT]);
432 }
433 }
434 }
435
436 /* update pic state because registers for n_IRQ have changed value */
437 static void openpic_update_irq(OpenPICState *opp, int n_IRQ)
438 {
439 IRQSource *src;
440 bool active, was_active;
441 int i;
442
443 src = &opp->src[n_IRQ];
444 active = src->pending;
445
446 if ((src->ivpr & IVPR_MASK_MASK) && !src->nomask) {
447 /* Interrupt source is disabled */
448 DPRINTF("%s: IRQ %d is disabled\n", __func__, n_IRQ);
449 active = false;
450 }
451
452 was_active = !!(src->ivpr & IVPR_ACTIVITY_MASK);
453
454 /*
455 * We don't have a similar check for already-active because
456 * ctpr may have changed and we need to withdraw the interrupt.
457 */
458 if (!active && !was_active) {
459 DPRINTF("%s: IRQ %d is already inactive\n", __func__, n_IRQ);
460 return;
461 }
462
463 if (active) {
464 src->ivpr |= IVPR_ACTIVITY_MASK;
465 } else {
466 src->ivpr &= ~IVPR_ACTIVITY_MASK;
467 }
468
469 if (src->destmask == 0) {
470 /* No target */
471 DPRINTF("%s: IRQ %d has no target\n", __func__, n_IRQ);
472 return;
473 }
474
475 if (src->destmask == (1 << src->last_cpu)) {
476 /* Only one CPU is allowed to receive this IRQ */
477 IRQ_local_pipe(opp, src->last_cpu, n_IRQ, active, was_active);
478 } else if (!(src->ivpr & IVPR_MODE_MASK)) {
479 /* Directed delivery mode */
480 for (i = 0; i < opp->nb_cpus; i++) {
481 if (src->destmask & (1 << i)) {
482 IRQ_local_pipe(opp, i, n_IRQ, active, was_active);
483 }
484 }
485 } else {
486 /* Distributed delivery mode */
487 for (i = src->last_cpu + 1; i != src->last_cpu; i++) {
488 if (i == opp->nb_cpus) {
489 i = 0;
490 }
491 if (src->destmask & (1 << i)) {
492 IRQ_local_pipe(opp, i, n_IRQ, active, was_active);
493 src->last_cpu = i;
494 break;
495 }
496 }
497 }
498 }
499
500 static void openpic_set_irq(void *opaque, int n_IRQ, int level)
501 {
502 OpenPICState *opp = opaque;
503 IRQSource *src;
504
505 if (n_IRQ >= OPENPIC_MAX_IRQ) {
506 fprintf(stderr, "%s: IRQ %d out of range\n", __func__, n_IRQ);
507 abort();
508 }
509
510 src = &opp->src[n_IRQ];
511 DPRINTF("openpic: set irq %d = %d ivpr=0x%08x\n",
512 n_IRQ, level, src->ivpr);
513 if (src->level) {
514 /* level-sensitive irq */
515 src->pending = level;
516 openpic_update_irq(opp, n_IRQ);
517 } else {
518 /* edge-sensitive irq */
519 if (level) {
520 src->pending = 1;
521 openpic_update_irq(opp, n_IRQ);
522 }
523
524 if (src->output != OPENPIC_OUTPUT_INT) {
525 /* Edge-triggered interrupts shouldn't be used
526 * with non-INT delivery, but just in case,
527 * try to make it do something sane rather than
528 * cause an interrupt storm. This is close to
529 * what you'd probably see happen in real hardware.
530 */
531 src->pending = 0;
532 openpic_update_irq(opp, n_IRQ);
533 }
534 }
535 }
536
537 static void openpic_reset(DeviceState *d)
538 {
539 OpenPICState *opp = OPENPIC(d);
540 int i;
541
542 opp->gcr = GCR_RESET;
543 /* Initialise controller registers */
544 opp->frr = ((opp->nb_irqs - 1) << FRR_NIRQ_SHIFT) |
545 ((opp->nb_cpus - 1) << FRR_NCPU_SHIFT) |
546 (opp->vid << FRR_VID_SHIFT);
547
548 opp->pir = 0;
549 opp->spve = -1 & opp->vector_mask;
550 opp->tfrr = opp->tfrr_reset;
551 /* Initialise IRQ sources */
552 for (i = 0; i < opp->max_irq; i++) {
553 opp->src[i].ivpr = opp->ivpr_reset;
554 opp->src[i].idr = opp->idr_reset;
555
556 switch (opp->src[i].type) {
557 case IRQ_TYPE_NORMAL:
558 opp->src[i].level = !!(opp->ivpr_reset & IVPR_SENSE_MASK);
559 break;
560
561 case IRQ_TYPE_FSLINT:
562 opp->src[i].ivpr |= IVPR_POLARITY_MASK;
563 break;
564
565 case IRQ_TYPE_FSLSPECIAL:
566 break;
567 }
568 }
569 /* Initialise IRQ destinations */
570 for (i = 0; i < MAX_CPU; i++) {
571 opp->dst[i].ctpr = 15;
572 memset(&opp->dst[i].raised, 0, sizeof(IRQQueue));
573 opp->dst[i].raised.next = -1;
574 memset(&opp->dst[i].servicing, 0, sizeof(IRQQueue));
575 opp->dst[i].servicing.next = -1;
576 }
577 /* Initialise timers */
578 for (i = 0; i < OPENPIC_MAX_TMR; i++) {
579 opp->timers[i].tccr = 0;
580 opp->timers[i].tbcr = TBCR_CI;
581 }
582 /* Go out of RESET state */
583 opp->gcr = 0;
584 }
585
586 static inline uint32_t read_IRQreg_idr(OpenPICState *opp, int n_IRQ)
587 {
588 return opp->src[n_IRQ].idr;
589 }
590
591 static inline uint32_t read_IRQreg_ilr(OpenPICState *opp, int n_IRQ)
592 {
593 if (opp->flags & OPENPIC_FLAG_ILR) {
594 return output_to_inttgt(opp->src[n_IRQ].output);
595 }
596
597 return 0xffffffff;
598 }
599
600 static inline uint32_t read_IRQreg_ivpr(OpenPICState *opp, int n_IRQ)
601 {
602 return opp->src[n_IRQ].ivpr;
603 }
604
605 static inline void write_IRQreg_idr(OpenPICState *opp, int n_IRQ, uint32_t val)
606 {
607 IRQSource *src = &opp->src[n_IRQ];
608 uint32_t normal_mask = (1UL << opp->nb_cpus) - 1;
609 uint32_t crit_mask = 0;
610 uint32_t mask = normal_mask;
611 int crit_shift = IDR_EP_SHIFT - opp->nb_cpus;
612 int i;
613
614 if (opp->flags & OPENPIC_FLAG_IDR_CRIT) {
615 crit_mask = mask << crit_shift;
616 mask |= crit_mask | IDR_EP;
617 }
618
619 src->idr = val & mask;
620 DPRINTF("Set IDR %d to 0x%08x\n", n_IRQ, src->idr);
621
622 if (opp->flags & OPENPIC_FLAG_IDR_CRIT) {
623 if (src->idr & crit_mask) {
624 if (src->idr & normal_mask) {
625 DPRINTF("%s: IRQ configured for multiple output types, using "
626 "critical\n", __func__);
627 }
628
629 src->output = OPENPIC_OUTPUT_CINT;
630 src->nomask = true;
631 src->destmask = 0;
632
633 for (i = 0; i < opp->nb_cpus; i++) {
634 int n_ci = IDR_CI0_SHIFT - i;
635
636 if (src->idr & (1UL << n_ci)) {
637 src->destmask |= 1UL << i;
638 }
639 }
640 } else {
641 src->output = OPENPIC_OUTPUT_INT;
642 src->nomask = false;
643 src->destmask = src->idr & normal_mask;
644 }
645 } else {
646 src->destmask = src->idr;
647 }
648 }
649
650 static inline void write_IRQreg_ilr(OpenPICState *opp, int n_IRQ, uint32_t val)
651 {
652 if (opp->flags & OPENPIC_FLAG_ILR) {
653 IRQSource *src = &opp->src[n_IRQ];
654
655 src->output = inttgt_to_output(val & ILR_INTTGT_MASK);
656 DPRINTF("Set ILR %d to 0x%08x, output %d\n", n_IRQ, src->idr,
657 src->output);
658
659 /* TODO: on MPIC v4.0 only, set nomask for non-INT */
660 }
661 }
662
663 static inline void write_IRQreg_ivpr(OpenPICState *opp, int n_IRQ, uint32_t val)
664 {
665 uint32_t mask;
666
667 /* NOTE when implementing newer FSL MPIC models: starting with v4.0,
668 * the polarity bit is read-only on internal interrupts.
669 */
670 mask = IVPR_MASK_MASK | IVPR_PRIORITY_MASK | IVPR_SENSE_MASK |
671 IVPR_POLARITY_MASK | opp->vector_mask;
672
673 /* ACTIVITY bit is read-only */
674 opp->src[n_IRQ].ivpr =
675 (opp->src[n_IRQ].ivpr & IVPR_ACTIVITY_MASK) | (val & mask);
676
677 /* For FSL internal interrupts, The sense bit is reserved and zero,
678 * and the interrupt is always level-triggered. Timers and IPIs
679 * have no sense or polarity bits, and are edge-triggered.
680 */
681 switch (opp->src[n_IRQ].type) {
682 case IRQ_TYPE_NORMAL:
683 opp->src[n_IRQ].level = !!(opp->src[n_IRQ].ivpr & IVPR_SENSE_MASK);
684 break;
685
686 case IRQ_TYPE_FSLINT:
687 opp->src[n_IRQ].ivpr &= ~IVPR_SENSE_MASK;
688 break;
689
690 case IRQ_TYPE_FSLSPECIAL:
691 opp->src[n_IRQ].ivpr &= ~(IVPR_POLARITY_MASK | IVPR_SENSE_MASK);
692 break;
693 }
694
695 openpic_update_irq(opp, n_IRQ);
696 DPRINTF("Set IVPR %d to 0x%08x -> 0x%08x\n", n_IRQ, val,
697 opp->src[n_IRQ].ivpr);
698 }
699
700 static void openpic_gcr_write(OpenPICState *opp, uint64_t val)
701 {
702 bool mpic_proxy = false;
703
704 if (val & GCR_RESET) {
705 openpic_reset(DEVICE(opp));
706 return;
707 }
708
709 opp->gcr &= ~opp->mpic_mode_mask;
710 opp->gcr |= val & opp->mpic_mode_mask;
711
712 /* Set external proxy mode */
713 if ((val & opp->mpic_mode_mask) == GCR_MODE_PROXY) {
714 mpic_proxy = true;
715 }
716
717 ppce500_set_mpic_proxy(mpic_proxy);
718 }
719
720 static void openpic_gbl_write(void *opaque, hwaddr addr, uint64_t val,
721 unsigned len)
722 {
723 OpenPICState *opp = opaque;
724 IRQDest *dst;
725 int idx;
726
727 DPRINTF("%s: addr %#" HWADDR_PRIx " <= %08" PRIx64 "\n",
728 __func__, addr, val);
729 if (addr & 0xF) {
730 return;
731 }
732 switch (addr) {
733 case 0x00: /* Block Revision Register1 (BRR1) is Readonly */
734 break;
735 case 0x40:
736 case 0x50:
737 case 0x60:
738 case 0x70:
739 case 0x80:
740 case 0x90:
741 case 0xA0:
742 case 0xB0:
743 openpic_cpu_write_internal(opp, addr, val, get_current_cpu());
744 break;
745 case 0x1000: /* FRR */
746 break;
747 case 0x1020: /* GCR */
748 openpic_gcr_write(opp, val);
749 break;
750 case 0x1080: /* VIR */
751 break;
752 case 0x1090: /* PIR */
753 for (idx = 0; idx < opp->nb_cpus; idx++) {
754 if ((val & (1 << idx)) && !(opp->pir & (1 << idx))) {
755 DPRINTF("Raise OpenPIC RESET output for CPU %d\n", idx);
756 dst = &opp->dst[idx];
757 qemu_irq_raise(dst->irqs[OPENPIC_OUTPUT_RESET]);
758 } else if (!(val & (1 << idx)) && (opp->pir & (1 << idx))) {
759 DPRINTF("Lower OpenPIC RESET output for CPU %d\n", idx);
760 dst = &opp->dst[idx];
761 qemu_irq_lower(dst->irqs[OPENPIC_OUTPUT_RESET]);
762 }
763 }
764 opp->pir = val;
765 break;
766 case 0x10A0: /* IPI_IVPR */
767 case 0x10B0:
768 case 0x10C0:
769 case 0x10D0:
770 {
771 int idx;
772 idx = (addr - 0x10A0) >> 4;
773 write_IRQreg_ivpr(opp, opp->irq_ipi0 + idx, val);
774 }
775 break;
776 case 0x10E0: /* SPVE */
777 opp->spve = val & opp->vector_mask;
778 break;
779 default:
780 break;
781 }
782 }
783
784 static uint64_t openpic_gbl_read(void *opaque, hwaddr addr, unsigned len)
785 {
786 OpenPICState *opp = opaque;
787 uint32_t retval;
788
789 DPRINTF("%s: addr %#" HWADDR_PRIx "\n", __func__, addr);
790 retval = 0xFFFFFFFF;
791 if (addr & 0xF) {
792 return retval;
793 }
794 switch (addr) {
795 case 0x1000: /* FRR */
796 retval = opp->frr;
797 break;
798 case 0x1020: /* GCR */
799 retval = opp->gcr;
800 break;
801 case 0x1080: /* VIR */
802 retval = opp->vir;
803 break;
804 case 0x1090: /* PIR */
805 retval = 0x00000000;
806 break;
807 case 0x00: /* Block Revision Register1 (BRR1) */
808 retval = opp->brr1;
809 break;
810 case 0x40:
811 case 0x50:
812 case 0x60:
813 case 0x70:
814 case 0x80:
815 case 0x90:
816 case 0xA0:
817 case 0xB0:
818 retval = openpic_cpu_read_internal(opp, addr, get_current_cpu());
819 break;
820 case 0x10A0: /* IPI_IVPR */
821 case 0x10B0:
822 case 0x10C0:
823 case 0x10D0:
824 {
825 int idx;
826 idx = (addr - 0x10A0) >> 4;
827 retval = read_IRQreg_ivpr(opp, opp->irq_ipi0 + idx);
828 }
829 break;
830 case 0x10E0: /* SPVE */
831 retval = opp->spve;
832 break;
833 default:
834 break;
835 }
836 DPRINTF("%s: => 0x%08x\n", __func__, retval);
837
838 return retval;
839 }
840
841 static void openpic_tmr_write(void *opaque, hwaddr addr, uint64_t val,
842 unsigned len)
843 {
844 OpenPICState *opp = opaque;
845 int idx;
846
847 addr += 0x10f0;
848
849 DPRINTF("%s: addr %#" HWADDR_PRIx " <= %08" PRIx64 "\n",
850 __func__, addr, val);
851 if (addr & 0xF) {
852 return;
853 }
854
855 if (addr == 0x10f0) {
856 /* TFRR */
857 opp->tfrr = val;
858 return;
859 }
860
861 idx = (addr >> 6) & 0x3;
862 addr = addr & 0x30;
863
864 switch (addr & 0x30) {
865 case 0x00: /* TCCR */
866 break;
867 case 0x10: /* TBCR */
868 if ((opp->timers[idx].tccr & TCCR_TOG) != 0 &&
869 (val & TBCR_CI) == 0 &&
870 (opp->timers[idx].tbcr & TBCR_CI) != 0) {
871 opp->timers[idx].tccr &= ~TCCR_TOG;
872 }
873 opp->timers[idx].tbcr = val;
874 break;
875 case 0x20: /* TVPR */
876 write_IRQreg_ivpr(opp, opp->irq_tim0 + idx, val);
877 break;
878 case 0x30: /* TDR */
879 write_IRQreg_idr(opp, opp->irq_tim0 + idx, val);
880 break;
881 }
882 }
883
884 static uint64_t openpic_tmr_read(void *opaque, hwaddr addr, unsigned len)
885 {
886 OpenPICState *opp = opaque;
887 uint32_t retval = -1;
888 int idx;
889
890 DPRINTF("%s: addr %#" HWADDR_PRIx "\n", __func__, addr);
891 if (addr & 0xF) {
892 goto out;
893 }
894 idx = (addr >> 6) & 0x3;
895 if (addr == 0x0) {
896 /* TFRR */
897 retval = opp->tfrr;
898 goto out;
899 }
900 switch (addr & 0x30) {
901 case 0x00: /* TCCR */
902 retval = opp->timers[idx].tccr;
903 break;
904 case 0x10: /* TBCR */
905 retval = opp->timers[idx].tbcr;
906 break;
907 case 0x20: /* TIPV */
908 retval = read_IRQreg_ivpr(opp, opp->irq_tim0 + idx);
909 break;
910 case 0x30: /* TIDE (TIDR) */
911 retval = read_IRQreg_idr(opp, opp->irq_tim0 + idx);
912 break;
913 }
914
915 out:
916 DPRINTF("%s: => 0x%08x\n", __func__, retval);
917
918 return retval;
919 }
920
921 static void openpic_src_write(void *opaque, hwaddr addr, uint64_t val,
922 unsigned len)
923 {
924 OpenPICState *opp = opaque;
925 int idx;
926
927 DPRINTF("%s: addr %#" HWADDR_PRIx " <= %08" PRIx64 "\n",
928 __func__, addr, val);
929
930 addr = addr & 0xffff;
931 idx = addr >> 5;
932
933 switch (addr & 0x1f) {
934 case 0x00:
935 write_IRQreg_ivpr(opp, idx, val);
936 break;
937 case 0x10:
938 write_IRQreg_idr(opp, idx, val);
939 break;
940 case 0x18:
941 write_IRQreg_ilr(opp, idx, val);
942 break;
943 }
944 }
945
946 static uint64_t openpic_src_read(void *opaque, uint64_t addr, unsigned len)
947 {
948 OpenPICState *opp = opaque;
949 uint32_t retval;
950 int idx;
951
952 DPRINTF("%s: addr %#" HWADDR_PRIx "\n", __func__, addr);
953 retval = 0xFFFFFFFF;
954
955 addr = addr & 0xffff;
956 idx = addr >> 5;
957
958 switch (addr & 0x1f) {
959 case 0x00:
960 retval = read_IRQreg_ivpr(opp, idx);
961 break;
962 case 0x10:
963 retval = read_IRQreg_idr(opp, idx);
964 break;
965 case 0x18:
966 retval = read_IRQreg_ilr(opp, idx);
967 break;
968 }
969
970 DPRINTF("%s: => 0x%08x\n", __func__, retval);
971 return retval;
972 }
973
974 static void openpic_msi_write(void *opaque, hwaddr addr, uint64_t val,
975 unsigned size)
976 {
977 OpenPICState *opp = opaque;
978 int idx = opp->irq_msi;
979 int srs, ibs;
980
981 DPRINTF("%s: addr %#" HWADDR_PRIx " <= 0x%08" PRIx64 "\n",
982 __func__, addr, val);
983 if (addr & 0xF) {
984 return;
985 }
986
987 switch (addr) {
988 case MSIIR_OFFSET:
989 srs = val >> MSIIR_SRS_SHIFT;
990 idx += srs;
991 ibs = (val & MSIIR_IBS_MASK) >> MSIIR_IBS_SHIFT;
992 opp->msi[srs].msir |= 1 << ibs;
993 openpic_set_irq(opp, idx, 1);
994 break;
995 default:
996 /* most registers are read-only, thus ignored */
997 break;
998 }
999 }
1000
1001 static uint64_t openpic_msi_read(void *opaque, hwaddr addr, unsigned size)
1002 {
1003 OpenPICState *opp = opaque;
1004 uint64_t r = 0;
1005 int i, srs;
1006
1007 DPRINTF("%s: addr %#" HWADDR_PRIx "\n", __func__, addr);
1008 if (addr & 0xF) {
1009 return -1;
1010 }
1011
1012 srs = addr >> 4;
1013
1014 switch (addr) {
1015 case 0x00:
1016 case 0x10:
1017 case 0x20:
1018 case 0x30:
1019 case 0x40:
1020 case 0x50:
1021 case 0x60:
1022 case 0x70: /* MSIRs */
1023 r = opp->msi[srs].msir;
1024 /* Clear on read */
1025 opp->msi[srs].msir = 0;
1026 openpic_set_irq(opp, opp->irq_msi + srs, 0);
1027 break;
1028 case 0x120: /* MSISR */
1029 for (i = 0; i < MAX_MSI; i++) {
1030 r |= (opp->msi[i].msir ? 1 : 0) << i;
1031 }
1032 break;
1033 }
1034
1035 return r;
1036 }
1037
1038 static uint64_t openpic_summary_read(void *opaque, hwaddr addr, unsigned size)
1039 {
1040 uint64_t r = 0;
1041
1042 DPRINTF("%s: addr %#" HWADDR_PRIx "\n", __func__, addr);
1043
1044 /* TODO: EISR/EIMR */
1045
1046 return r;
1047 }
1048
1049 static void openpic_summary_write(void *opaque, hwaddr addr, uint64_t val,
1050 unsigned size)
1051 {
1052 DPRINTF("%s: addr %#" HWADDR_PRIx " <= 0x%08" PRIx64 "\n",
1053 __func__, addr, val);
1054
1055 /* TODO: EISR/EIMR */
1056 }
1057
1058 static void openpic_cpu_write_internal(void *opaque, hwaddr addr,
1059 uint32_t val, int idx)
1060 {
1061 OpenPICState *opp = opaque;
1062 IRQSource *src;
1063 IRQDest *dst;
1064 int s_IRQ, n_IRQ;
1065
1066 DPRINTF("%s: cpu %d addr %#" HWADDR_PRIx " <= 0x%08x\n", __func__, idx,
1067 addr, val);
1068
1069 if (idx < 0) {
1070 return;
1071 }
1072
1073 if (addr & 0xF) {
1074 return;
1075 }
1076 dst = &opp->dst[idx];
1077 addr &= 0xFF0;
1078 switch (addr) {
1079 case 0x40: /* IPIDR */
1080 case 0x50:
1081 case 0x60:
1082 case 0x70:
1083 idx = (addr - 0x40) >> 4;
1084 /* we use IDE as mask which CPUs to deliver the IPI to still. */
1085 opp->src[opp->irq_ipi0 + idx].destmask |= val;
1086 openpic_set_irq(opp, opp->irq_ipi0 + idx, 1);
1087 openpic_set_irq(opp, opp->irq_ipi0 + idx, 0);
1088 break;
1089 case 0x80: /* CTPR */
1090 dst->ctpr = val & 0x0000000F;
1091
1092 DPRINTF("%s: set CPU %d ctpr to %d, raised %d servicing %d\n",
1093 __func__, idx, dst->ctpr, dst->raised.priority,
1094 dst->servicing.priority);
1095
1096 if (dst->raised.priority <= dst->ctpr) {
1097 DPRINTF("%s: Lower OpenPIC INT output cpu %d due to ctpr\n",
1098 __func__, idx);
1099 qemu_irq_lower(dst->irqs[OPENPIC_OUTPUT_INT]);
1100 } else if (dst->raised.priority > dst->servicing.priority) {
1101 DPRINTF("%s: Raise OpenPIC INT output cpu %d irq %d\n",
1102 __func__, idx, dst->raised.next);
1103 qemu_irq_raise(dst->irqs[OPENPIC_OUTPUT_INT]);
1104 }
1105
1106 break;
1107 case 0x90: /* WHOAMI */
1108 /* Read-only register */
1109 break;
1110 case 0xA0: /* IACK */
1111 /* Read-only register */
1112 break;
1113 case 0xB0: /* EOI */
1114 DPRINTF("EOI\n");
1115 s_IRQ = IRQ_get_next(opp, &dst->servicing);
1116
1117 if (s_IRQ < 0) {
1118 DPRINTF("%s: EOI with no interrupt in service\n", __func__);
1119 break;
1120 }
1121
1122 IRQ_resetbit(&dst->servicing, s_IRQ);
1123 /* Set up next servicing IRQ */
1124 s_IRQ = IRQ_get_next(opp, &dst->servicing);
1125 /* Check queued interrupts. */
1126 n_IRQ = IRQ_get_next(opp, &dst->raised);
1127 src = &opp->src[n_IRQ];
1128 if (n_IRQ != -1 &&
1129 (s_IRQ == -1 ||
1130 IVPR_PRIORITY(src->ivpr) > dst->servicing.priority)) {
1131 DPRINTF("Raise OpenPIC INT output cpu %d irq %d\n",
1132 idx, n_IRQ);
1133 qemu_irq_raise(opp->dst[idx].irqs[OPENPIC_OUTPUT_INT]);
1134 }
1135 break;
1136 default:
1137 break;
1138 }
1139 }
1140
1141 static void openpic_cpu_write(void *opaque, hwaddr addr, uint64_t val,
1142 unsigned len)
1143 {
1144 openpic_cpu_write_internal(opaque, addr, val, (addr & 0x1f000) >> 12);
1145 }
1146
1147
1148 static uint32_t openpic_iack(OpenPICState *opp, IRQDest *dst, int cpu)
1149 {
1150 IRQSource *src;
1151 int retval, irq;
1152
1153 DPRINTF("Lower OpenPIC INT output\n");
1154 qemu_irq_lower(dst->irqs[OPENPIC_OUTPUT_INT]);
1155
1156 irq = IRQ_get_next(opp, &dst->raised);
1157 DPRINTF("IACK: irq=%d\n", irq);
1158
1159 if (irq == -1) {
1160 /* No more interrupt pending */
1161 return opp->spve;
1162 }
1163
1164 src = &opp->src[irq];
1165 if (!(src->ivpr & IVPR_ACTIVITY_MASK) ||
1166 !(IVPR_PRIORITY(src->ivpr) > dst->ctpr)) {
1167 fprintf(stderr, "%s: bad raised IRQ %d ctpr %d ivpr 0x%08x\n",
1168 __func__, irq, dst->ctpr, src->ivpr);
1169 openpic_update_irq(opp, irq);
1170 retval = opp->spve;
1171 } else {
1172 /* IRQ enter servicing state */
1173 IRQ_setbit(&dst->servicing, irq);
1174 retval = IVPR_VECTOR(opp, src->ivpr);
1175 }
1176
1177 if (!src->level) {
1178 /* edge-sensitive IRQ */
1179 src->ivpr &= ~IVPR_ACTIVITY_MASK;
1180 src->pending = 0;
1181 IRQ_resetbit(&dst->raised, irq);
1182 }
1183
1184 if ((irq >= opp->irq_ipi0) && (irq < (opp->irq_ipi0 + OPENPIC_MAX_IPI))) {
1185 src->destmask &= ~(1 << cpu);
1186 if (src->destmask && !src->level) {
1187 /* trigger on CPUs that didn't know about it yet */
1188 openpic_set_irq(opp, irq, 1);
1189 openpic_set_irq(opp, irq, 0);
1190 /* if all CPUs knew about it, set active bit again */
1191 src->ivpr |= IVPR_ACTIVITY_MASK;
1192 }
1193 }
1194
1195 return retval;
1196 }
1197
1198 static uint32_t openpic_cpu_read_internal(void *opaque, hwaddr addr,
1199 int idx)
1200 {
1201 OpenPICState *opp = opaque;
1202 IRQDest *dst;
1203 uint32_t retval;
1204
1205 DPRINTF("%s: cpu %d addr %#" HWADDR_PRIx "\n", __func__, idx, addr);
1206 retval = 0xFFFFFFFF;
1207
1208 if (idx < 0) {
1209 return retval;
1210 }
1211
1212 if (addr & 0xF) {
1213 return retval;
1214 }
1215 dst = &opp->dst[idx];
1216 addr &= 0xFF0;
1217 switch (addr) {
1218 case 0x80: /* CTPR */
1219 retval = dst->ctpr;
1220 break;
1221 case 0x90: /* WHOAMI */
1222 retval = idx;
1223 break;
1224 case 0xA0: /* IACK */
1225 retval = openpic_iack(opp, dst, idx);
1226 break;
1227 case 0xB0: /* EOI */
1228 retval = 0;
1229 break;
1230 default:
1231 break;
1232 }
1233 DPRINTF("%s: => 0x%08x\n", __func__, retval);
1234
1235 return retval;
1236 }
1237
1238 static uint64_t openpic_cpu_read(void *opaque, hwaddr addr, unsigned len)
1239 {
1240 return openpic_cpu_read_internal(opaque, addr, (addr & 0x1f000) >> 12);
1241 }
1242
1243 static const MemoryRegionOps openpic_glb_ops_le = {
1244 .write = openpic_gbl_write,
1245 .read = openpic_gbl_read,
1246 .endianness = DEVICE_LITTLE_ENDIAN,
1247 .impl = {
1248 .min_access_size = 4,
1249 .max_access_size = 4,
1250 },
1251 };
1252
1253 static const MemoryRegionOps openpic_glb_ops_be = {
1254 .write = openpic_gbl_write,
1255 .read = openpic_gbl_read,
1256 .endianness = DEVICE_BIG_ENDIAN,
1257 .impl = {
1258 .min_access_size = 4,
1259 .max_access_size = 4,
1260 },
1261 };
1262
1263 static const MemoryRegionOps openpic_tmr_ops_le = {
1264 .write = openpic_tmr_write,
1265 .read = openpic_tmr_read,
1266 .endianness = DEVICE_LITTLE_ENDIAN,
1267 .impl = {
1268 .min_access_size = 4,
1269 .max_access_size = 4,
1270 },
1271 };
1272
1273 static const MemoryRegionOps openpic_tmr_ops_be = {
1274 .write = openpic_tmr_write,
1275 .read = openpic_tmr_read,
1276 .endianness = DEVICE_BIG_ENDIAN,
1277 .impl = {
1278 .min_access_size = 4,
1279 .max_access_size = 4,
1280 },
1281 };
1282
1283 static const MemoryRegionOps openpic_cpu_ops_le = {
1284 .write = openpic_cpu_write,
1285 .read = openpic_cpu_read,
1286 .endianness = DEVICE_LITTLE_ENDIAN,
1287 .impl = {
1288 .min_access_size = 4,
1289 .max_access_size = 4,
1290 },
1291 };
1292
1293 static const MemoryRegionOps openpic_cpu_ops_be = {
1294 .write = openpic_cpu_write,
1295 .read = openpic_cpu_read,
1296 .endianness = DEVICE_BIG_ENDIAN,
1297 .impl = {
1298 .min_access_size = 4,
1299 .max_access_size = 4,
1300 },
1301 };
1302
1303 static const MemoryRegionOps openpic_src_ops_le = {
1304 .write = openpic_src_write,
1305 .read = openpic_src_read,
1306 .endianness = DEVICE_LITTLE_ENDIAN,
1307 .impl = {
1308 .min_access_size = 4,
1309 .max_access_size = 4,
1310 },
1311 };
1312
1313 static const MemoryRegionOps openpic_src_ops_be = {
1314 .write = openpic_src_write,
1315 .read = openpic_src_read,
1316 .endianness = DEVICE_BIG_ENDIAN,
1317 .impl = {
1318 .min_access_size = 4,
1319 .max_access_size = 4,
1320 },
1321 };
1322
1323 static const MemoryRegionOps openpic_msi_ops_be = {
1324 .read = openpic_msi_read,
1325 .write = openpic_msi_write,
1326 .endianness = DEVICE_BIG_ENDIAN,
1327 .impl = {
1328 .min_access_size = 4,
1329 .max_access_size = 4,
1330 },
1331 };
1332
1333 static const MemoryRegionOps openpic_summary_ops_be = {
1334 .read = openpic_summary_read,
1335 .write = openpic_summary_write,
1336 .endianness = DEVICE_BIG_ENDIAN,
1337 .impl = {
1338 .min_access_size = 4,
1339 .max_access_size = 4,
1340 },
1341 };
1342
1343 static void openpic_save_IRQ_queue(QEMUFile* f, IRQQueue *q)
1344 {
1345 unsigned int i;
1346
1347 for (i = 0; i < ARRAY_SIZE(q->queue); i++) {
1348 /* Always put the lower half of a 64-bit long first, in case we
1349 * restore on a 32-bit host. The least significant bits correspond
1350 * to lower IRQ numbers in the bitmap.
1351 */
1352 qemu_put_be32(f, (uint32_t)q->queue[i]);
1353 #if LONG_MAX > 0x7FFFFFFF
1354 qemu_put_be32(f, (uint32_t)(q->queue[i] >> 32));
1355 #endif
1356 }
1357
1358 qemu_put_sbe32s(f, &q->next);
1359 qemu_put_sbe32s(f, &q->priority);
1360 }
1361
1362 static void openpic_save(QEMUFile* f, void *opaque)
1363 {
1364 OpenPICState *opp = (OpenPICState *)opaque;
1365 unsigned int i;
1366
1367 qemu_put_be32s(f, &opp->gcr);
1368 qemu_put_be32s(f, &opp->vir);
1369 qemu_put_be32s(f, &opp->pir);
1370 qemu_put_be32s(f, &opp->spve);
1371 qemu_put_be32s(f, &opp->tfrr);
1372
1373 qemu_put_be32s(f, &opp->nb_cpus);
1374
1375 for (i = 0; i < opp->nb_cpus; i++) {
1376 qemu_put_sbe32s(f, &opp->dst[i].ctpr);
1377 openpic_save_IRQ_queue(f, &opp->dst[i].raised);
1378 openpic_save_IRQ_queue(f, &opp->dst[i].servicing);
1379 qemu_put_buffer(f, (uint8_t *)&opp->dst[i].outputs_active,
1380 sizeof(opp->dst[i].outputs_active));
1381 }
1382
1383 for (i = 0; i < OPENPIC_MAX_TMR; i++) {
1384 qemu_put_be32s(f, &opp->timers[i].tccr);
1385 qemu_put_be32s(f, &opp->timers[i].tbcr);
1386 }
1387
1388 for (i = 0; i < opp->max_irq; i++) {
1389 qemu_put_be32s(f, &opp->src[i].ivpr);
1390 qemu_put_be32s(f, &opp->src[i].idr);
1391 qemu_get_be32s(f, &opp->src[i].destmask);
1392 qemu_put_sbe32s(f, &opp->src[i].last_cpu);
1393 qemu_put_sbe32s(f, &opp->src[i].pending);
1394 }
1395 }
1396
1397 static void openpic_load_IRQ_queue(QEMUFile* f, IRQQueue *q)
1398 {
1399 unsigned int i;
1400
1401 for (i = 0; i < ARRAY_SIZE(q->queue); i++) {
1402 unsigned long val;
1403
1404 val = qemu_get_be32(f);
1405 #if LONG_MAX > 0x7FFFFFFF
1406 val <<= 32;
1407 val |= qemu_get_be32(f);
1408 #endif
1409
1410 q->queue[i] = val;
1411 }
1412
1413 qemu_get_sbe32s(f, &q->next);
1414 qemu_get_sbe32s(f, &q->priority);
1415 }
1416
1417 static int openpic_load(QEMUFile* f, void *opaque, int version_id)
1418 {
1419 OpenPICState *opp = (OpenPICState *)opaque;
1420 unsigned int i, nb_cpus;
1421
1422 if (version_id != 1) {
1423 return -EINVAL;
1424 }
1425
1426 qemu_get_be32s(f, &opp->gcr);
1427 qemu_get_be32s(f, &opp->vir);
1428 qemu_get_be32s(f, &opp->pir);
1429 qemu_get_be32s(f, &opp->spve);
1430 qemu_get_be32s(f, &opp->tfrr);
1431
1432 qemu_get_be32s(f, &nb_cpus);
1433 if (opp->nb_cpus != nb_cpus) {
1434 return -EINVAL;
1435 }
1436 assert(nb_cpus > 0 && nb_cpus <= MAX_CPU);
1437
1438 for (i = 0; i < opp->nb_cpus; i++) {
1439 qemu_get_sbe32s(f, &opp->dst[i].ctpr);
1440 openpic_load_IRQ_queue(f, &opp->dst[i].raised);
1441 openpic_load_IRQ_queue(f, &opp->dst[i].servicing);
1442 qemu_get_buffer(f, (uint8_t *)&opp->dst[i].outputs_active,
1443 sizeof(opp->dst[i].outputs_active));
1444 }
1445
1446 for (i = 0; i < OPENPIC_MAX_TMR; i++) {
1447 qemu_get_be32s(f, &opp->timers[i].tccr);
1448 qemu_get_be32s(f, &opp->timers[i].tbcr);
1449 }
1450
1451 for (i = 0; i < opp->max_irq; i++) {
1452 uint32_t val;
1453
1454 val = qemu_get_be32(f);
1455 write_IRQreg_idr(opp, i, val);
1456 val = qemu_get_be32(f);
1457 write_IRQreg_ivpr(opp, i, val);
1458
1459 qemu_get_be32s(f, &opp->src[i].ivpr);
1460 qemu_get_be32s(f, &opp->src[i].idr);
1461 qemu_get_be32s(f, &opp->src[i].destmask);
1462 qemu_get_sbe32s(f, &opp->src[i].last_cpu);
1463 qemu_get_sbe32s(f, &opp->src[i].pending);
1464 }
1465
1466 return 0;
1467 }
1468
1469 typedef struct MemReg {
1470 const char *name;
1471 MemoryRegionOps const *ops;
1472 hwaddr start_addr;
1473 ram_addr_t size;
1474 } MemReg;
1475
1476 static void fsl_common_init(OpenPICState *opp)
1477 {
1478 int i;
1479 int virq = OPENPIC_MAX_SRC;
1480
1481 opp->vid = VID_REVISION_1_2;
1482 opp->vir = VIR_GENERIC;
1483 opp->vector_mask = 0xFFFF;
1484 opp->tfrr_reset = 0;
1485 opp->ivpr_reset = IVPR_MASK_MASK;
1486 opp->idr_reset = 1 << 0;
1487 opp->max_irq = OPENPIC_MAX_IRQ;
1488
1489 opp->irq_ipi0 = virq;
1490 virq += OPENPIC_MAX_IPI;
1491 opp->irq_tim0 = virq;
1492 virq += OPENPIC_MAX_TMR;
1493
1494 assert(virq <= OPENPIC_MAX_IRQ);
1495
1496 opp->irq_msi = 224;
1497
1498 msi_supported = true;
1499 for (i = 0; i < opp->fsl->max_ext; i++) {
1500 opp->src[i].level = false;
1501 }
1502
1503 /* Internal interrupts, including message and MSI */
1504 for (i = 16; i < OPENPIC_MAX_SRC; i++) {
1505 opp->src[i].type = IRQ_TYPE_FSLINT;
1506 opp->src[i].level = true;
1507 }
1508
1509 /* timers and IPIs */
1510 for (i = OPENPIC_MAX_SRC; i < virq; i++) {
1511 opp->src[i].type = IRQ_TYPE_FSLSPECIAL;
1512 opp->src[i].level = false;
1513 }
1514 }
1515
1516 static void map_list(OpenPICState *opp, const MemReg *list, int *count)
1517 {
1518 while (list->name) {
1519 assert(*count < ARRAY_SIZE(opp->sub_io_mem));
1520
1521 memory_region_init_io(&opp->sub_io_mem[*count], OBJECT(opp), list->ops,
1522 opp, list->name, list->size);
1523
1524 memory_region_add_subregion(&opp->mem, list->start_addr,
1525 &opp->sub_io_mem[*count]);
1526
1527 (*count)++;
1528 list++;
1529 }
1530 }
1531
1532 static void openpic_init(Object *obj)
1533 {
1534 OpenPICState *opp = OPENPIC(obj);
1535
1536 memory_region_init(&opp->mem, obj, "openpic", 0x40000);
1537 }
1538
1539 static void openpic_realize(DeviceState *dev, Error **errp)
1540 {
1541 SysBusDevice *d = SYS_BUS_DEVICE(dev);
1542 OpenPICState *opp = OPENPIC(dev);
1543 int i, j;
1544 int list_count = 0;
1545 static const MemReg list_le[] = {
1546 {"glb", &openpic_glb_ops_le,
1547 OPENPIC_GLB_REG_START, OPENPIC_GLB_REG_SIZE},
1548 {"tmr", &openpic_tmr_ops_le,
1549 OPENPIC_TMR_REG_START, OPENPIC_TMR_REG_SIZE},
1550 {"src", &openpic_src_ops_le,
1551 OPENPIC_SRC_REG_START, OPENPIC_SRC_REG_SIZE},
1552 {"cpu", &openpic_cpu_ops_le,
1553 OPENPIC_CPU_REG_START, OPENPIC_CPU_REG_SIZE},
1554 {NULL}
1555 };
1556 static const MemReg list_be[] = {
1557 {"glb", &openpic_glb_ops_be,
1558 OPENPIC_GLB_REG_START, OPENPIC_GLB_REG_SIZE},
1559 {"tmr", &openpic_tmr_ops_be,
1560 OPENPIC_TMR_REG_START, OPENPIC_TMR_REG_SIZE},
1561 {"src", &openpic_src_ops_be,
1562 OPENPIC_SRC_REG_START, OPENPIC_SRC_REG_SIZE},
1563 {"cpu", &openpic_cpu_ops_be,
1564 OPENPIC_CPU_REG_START, OPENPIC_CPU_REG_SIZE},
1565 {NULL}
1566 };
1567 static const MemReg list_fsl[] = {
1568 {"msi", &openpic_msi_ops_be,
1569 OPENPIC_MSI_REG_START, OPENPIC_MSI_REG_SIZE},
1570 {"summary", &openpic_summary_ops_be,
1571 OPENPIC_SUMMARY_REG_START, OPENPIC_SUMMARY_REG_SIZE},
1572 {NULL}
1573 };
1574
1575 if (opp->nb_cpus > MAX_CPU) {
1576 error_set(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE,
1577 TYPE_OPENPIC, "nb_cpus", (uint64_t)opp->nb_cpus,
1578 (uint64_t)0, (uint64_t)MAX_CPU);
1579 return;
1580 }
1581
1582 switch (opp->model) {
1583 case OPENPIC_MODEL_FSL_MPIC_20:
1584 default:
1585 opp->fsl = &fsl_mpic_20;
1586 opp->brr1 = 0x00400200;
1587 opp->flags |= OPENPIC_FLAG_IDR_CRIT;
1588 opp->nb_irqs = 80;
1589 opp->mpic_mode_mask = GCR_MODE_MIXED;
1590
1591 fsl_common_init(opp);
1592 map_list(opp, list_be, &list_count);
1593 map_list(opp, list_fsl, &list_count);
1594
1595 break;
1596
1597 case OPENPIC_MODEL_FSL_MPIC_42:
1598 opp->fsl = &fsl_mpic_42;
1599 opp->brr1 = 0x00400402;
1600 opp->flags |= OPENPIC_FLAG_ILR;
1601 opp->nb_irqs = 196;
1602 opp->mpic_mode_mask = GCR_MODE_PROXY;
1603
1604 fsl_common_init(opp);
1605 map_list(opp, list_be, &list_count);
1606 map_list(opp, list_fsl, &list_count);
1607
1608 break;
1609
1610 case OPENPIC_MODEL_RAVEN:
1611 opp->nb_irqs = RAVEN_MAX_EXT;
1612 opp->vid = VID_REVISION_1_3;
1613 opp->vir = VIR_GENERIC;
1614 opp->vector_mask = 0xFF;
1615 opp->tfrr_reset = 4160000;
1616 opp->ivpr_reset = IVPR_MASK_MASK | IVPR_MODE_MASK;
1617 opp->idr_reset = 0;
1618 opp->max_irq = RAVEN_MAX_IRQ;
1619 opp->irq_ipi0 = RAVEN_IPI_IRQ;
1620 opp->irq_tim0 = RAVEN_TMR_IRQ;
1621 opp->brr1 = -1;
1622 opp->mpic_mode_mask = GCR_MODE_MIXED;
1623
1624 if (opp->nb_cpus != 1) {
1625 error_setg(errp, "Only UP supported today");
1626 return;
1627 }
1628
1629 map_list(opp, list_le, &list_count);
1630 break;
1631 }
1632
1633 for (i = 0; i < opp->nb_cpus; i++) {
1634 opp->dst[i].irqs = g_new(qemu_irq, OPENPIC_OUTPUT_NB);
1635 for (j = 0; j < OPENPIC_OUTPUT_NB; j++) {
1636 sysbus_init_irq(d, &opp->dst[i].irqs[j]);
1637 }
1638 }
1639
1640 register_savevm(dev, "openpic", 0, 2,
1641 openpic_save, openpic_load, opp);
1642
1643 sysbus_init_mmio(d, &opp->mem);
1644 qdev_init_gpio_in(dev, openpic_set_irq, opp->max_irq);
1645 }
1646
1647 static Property openpic_properties[] = {
1648 DEFINE_PROP_UINT32("model", OpenPICState, model, OPENPIC_MODEL_FSL_MPIC_20),
1649 DEFINE_PROP_UINT32("nb_cpus", OpenPICState, nb_cpus, 1),
1650 DEFINE_PROP_END_OF_LIST(),
1651 };
1652
1653 static void openpic_class_init(ObjectClass *oc, void *data)
1654 {
1655 DeviceClass *dc = DEVICE_CLASS(oc);
1656
1657 dc->realize = openpic_realize;
1658 dc->props = openpic_properties;
1659 dc->reset = openpic_reset;
1660 }
1661
1662 static const TypeInfo openpic_info = {
1663 .name = TYPE_OPENPIC,
1664 .parent = TYPE_SYS_BUS_DEVICE,
1665 .instance_size = sizeof(OpenPICState),
1666 .instance_init = openpic_init,
1667 .class_init = openpic_class_init,
1668 };
1669
1670 static void openpic_register_types(void)
1671 {
1672 type_register_static(&openpic_info);
1673 }
1674
1675 type_init(openpic_register_types)
AR7 emulation for QEMU