search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ppc/pnv: check size before data buffer access
[qemu/ar7.git] / hw / ppc / pnv_lpc.c
blob172a915cfc5580252eb3eeea72a6eaa90a4761a4
1 /*
2 * QEMU PowerPC PowerNV LPC controller
3 *
4 * Copyright (c) 2016, IBM Corporation.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "qemu/osdep.h"
21 #include "sysemu/sysemu.h"
22 #include "target/ppc/cpu.h"
23 #include "qapi/error.h"
24 #include "qemu/log.h"
25 #include "hw/isa/isa.h"
26
27 #include "hw/ppc/pnv.h"
28 #include "hw/ppc/pnv_lpc.h"
29 #include "hw/ppc/pnv_xscom.h"
30 #include "hw/ppc/fdt.h"
31
32 #include <libfdt.h>
33
34 enum {
35 ECCB_CTL = 0,
36 ECCB_RESET = 1,
37 ECCB_STAT = 2,
38 ECCB_DATA = 3,
39 };
40
41 /* OPB Master LS registers */
42 #define OPB_MASTER_LS_IRQ_STAT 0x50
43 #define OPB_MASTER_IRQ_LPC 0x00000800
44 #define OPB_MASTER_LS_IRQ_MASK 0x54
45 #define OPB_MASTER_LS_IRQ_POL 0x58
46 #define OPB_MASTER_LS_IRQ_INPUT 0x5c
47
48 /* LPC HC registers */
49 #define LPC_HC_FW_SEG_IDSEL 0x24
50 #define LPC_HC_FW_RD_ACC_SIZE 0x28
51 #define LPC_HC_FW_RD_1B 0x00000000
52 #define LPC_HC_FW_RD_2B 0x01000000
53 #define LPC_HC_FW_RD_4B 0x02000000
54 #define LPC_HC_FW_RD_16B 0x04000000
55 #define LPC_HC_FW_RD_128B 0x07000000
56 #define LPC_HC_IRQSER_CTRL 0x30
57 #define LPC_HC_IRQSER_EN 0x80000000
58 #define LPC_HC_IRQSER_QMODE 0x40000000
59 #define LPC_HC_IRQSER_START_MASK 0x03000000
60 #define LPC_HC_IRQSER_START_4CLK 0x00000000
61 #define LPC_HC_IRQSER_START_6CLK 0x01000000
62 #define LPC_HC_IRQSER_START_8CLK 0x02000000
63 #define LPC_HC_IRQMASK 0x34 /* same bit defs as LPC_HC_IRQSTAT */
64 #define LPC_HC_IRQSTAT 0x38
65 #define LPC_HC_IRQ_SERIRQ0 0x80000000 /* all bits down to ... */
66 #define LPC_HC_IRQ_SERIRQ16 0x00008000 /* IRQ16=IOCHK#, IRQ2=SMI# */
67 #define LPC_HC_IRQ_SERIRQ_ALL 0xffff8000
68 #define LPC_HC_IRQ_LRESET 0x00000400
69 #define LPC_HC_IRQ_SYNC_ABNORM_ERR 0x00000080
70 #define LPC_HC_IRQ_SYNC_NORESP_ERR 0x00000040
71 #define LPC_HC_IRQ_SYNC_NORM_ERR 0x00000020
72 #define LPC_HC_IRQ_SYNC_TIMEOUT_ERR 0x00000010
73 #define LPC_HC_IRQ_SYNC_TARG_TAR_ERR 0x00000008
74 #define LPC_HC_IRQ_SYNC_BM_TAR_ERR 0x00000004
75 #define LPC_HC_IRQ_SYNC_BM0_REQ 0x00000002
76 #define LPC_HC_IRQ_SYNC_BM1_REQ 0x00000001
77 #define LPC_HC_ERROR_ADDRESS 0x40
78
79 #define LPC_OPB_SIZE 0x100000000ull
80
81 #define ISA_IO_SIZE 0x00010000
82 #define ISA_MEM_SIZE 0x10000000
83 #define ISA_FW_SIZE 0x10000000
84 #define LPC_IO_OPB_ADDR 0xd0010000
85 #define LPC_IO_OPB_SIZE 0x00010000
86 #define LPC_MEM_OPB_ADDR 0xe0010000
87 #define LPC_MEM_OPB_SIZE 0x10000000
88 #define LPC_FW_OPB_ADDR 0xf0000000
89 #define LPC_FW_OPB_SIZE 0x10000000
90
91 #define LPC_OPB_REGS_OPB_ADDR 0xc0010000
92 #define LPC_OPB_REGS_OPB_SIZE 0x00002000
93 #define LPC_HC_REGS_OPB_ADDR 0xc0012000
94 #define LPC_HC_REGS_OPB_SIZE 0x00001000
95
96
97 static int pnv_lpc_dt_xscom(PnvXScomInterface *dev, void *fdt, int xscom_offset)
98 {
99 const char compat[] = "ibm,power8-lpc\0ibm,lpc";
100 char *name;
101 int offset;
102 uint32_t lpc_pcba = PNV_XSCOM_LPC_BASE;
103 uint32_t reg[] = {
104 cpu_to_be32(lpc_pcba),
105 cpu_to_be32(PNV_XSCOM_LPC_SIZE)
106 };
107
108 name = g_strdup_printf("isa@%x", lpc_pcba);
109 offset = fdt_add_subnode(fdt, xscom_offset, name);
110 _FDT(offset);
111 g_free(name);
112
113 _FDT((fdt_setprop(fdt, offset, "reg", reg, sizeof(reg))));
114 _FDT((fdt_setprop_cell(fdt, offset, "#address-cells", 2)));
115 _FDT((fdt_setprop_cell(fdt, offset, "#size-cells", 1)));
116 _FDT((fdt_setprop(fdt, offset, "compatible", compat, sizeof(compat))));
117 return 0;
118 }
119
120 /*
121 * These read/write handlers of the OPB address space should be common
122 * with the P9 LPC Controller which uses direct MMIOs.
123 *
124 * TODO: rework to use address_space_stq() and address_space_ldq()
125 * instead.
126 */
127 static bool opb_read(PnvLpcController *lpc, uint32_t addr, uint8_t *data,
128 int sz)
129 {
130 /* XXX Handle access size limits and FW read caching here */
131 return !address_space_rw(&lpc->opb_as, addr, MEMTXATTRS_UNSPECIFIED,
132 data, sz, false);
133 }
134
135 static bool opb_write(PnvLpcController *lpc, uint32_t addr, uint8_t *data,
136 int sz)
137 {
138 /* XXX Handle access size limits here */
139 return !address_space_rw(&lpc->opb_as, addr, MEMTXATTRS_UNSPECIFIED,
140 data, sz, true);
141 }
142
143 #define ECCB_CTL_READ PPC_BIT(15)
144 #define ECCB_CTL_SZ_LSH (63 - 7)
145 #define ECCB_CTL_SZ_MASK PPC_BITMASK(4, 7)
146 #define ECCB_CTL_ADDR_MASK PPC_BITMASK(32, 63)
147
148 #define ECCB_STAT_OP_DONE PPC_BIT(52)
149 #define ECCB_STAT_OP_ERR PPC_BIT(52)
150 #define ECCB_STAT_RD_DATA_LSH (63 - 37)
151 #define ECCB_STAT_RD_DATA_MASK (0xffffffff << ECCB_STAT_RD_DATA_LSH)
152
153 static void pnv_lpc_do_eccb(PnvLpcController *lpc, uint64_t cmd)
154 {
155 /* XXX Check for magic bits at the top, addr size etc... */
156 unsigned int sz = (cmd & ECCB_CTL_SZ_MASK) >> ECCB_CTL_SZ_LSH;
157 uint32_t opb_addr = cmd & ECCB_CTL_ADDR_MASK;
158 uint8_t data[8];
159 bool success;
160
161 if (sz > sizeof(data)) {
162 qemu_log_mask(LOG_GUEST_ERROR,
163 "ECCB: invalid operation at @0x%08x size %d\n", opb_addr, sz);
164 return;
165 }
166
167 if (cmd & ECCB_CTL_READ) {
168 success = opb_read(lpc, opb_addr, data, sz);
169 if (success) {
170 lpc->eccb_stat_reg = ECCB_STAT_OP_DONE |
171 (((uint64_t)data[0]) << 24 |
172 ((uint64_t)data[1]) << 16 |
173 ((uint64_t)data[2]) << 8 |
174 ((uint64_t)data[3])) << ECCB_STAT_RD_DATA_LSH;
175 } else {
176 lpc->eccb_stat_reg = ECCB_STAT_OP_DONE |
177 (0xffffffffull << ECCB_STAT_RD_DATA_LSH);
178 }
179 } else {
180 data[0] = lpc->eccb_data_reg >> 24;
181 data[1] = lpc->eccb_data_reg >> 16;
182 data[2] = lpc->eccb_data_reg >> 8;
183 data[3] = lpc->eccb_data_reg;
184
185 success = opb_write(lpc, opb_addr, data, sz);
186 lpc->eccb_stat_reg = ECCB_STAT_OP_DONE;
187 }
188 /* XXX Which error bit (if any) to signal OPB error ? */
189 }
190
191 static uint64_t pnv_lpc_xscom_read(void *opaque, hwaddr addr, unsigned size)
192 {
193 PnvLpcController *lpc = PNV_LPC(opaque);
194 uint32_t offset = addr >> 3;
195 uint64_t val = 0;
196
197 switch (offset & 3) {
198 case ECCB_CTL:
199 case ECCB_RESET:
200 val = 0;
201 break;
202 case ECCB_STAT:
203 val = lpc->eccb_stat_reg;
204 lpc->eccb_stat_reg = 0;
205 break;
206 case ECCB_DATA:
207 val = ((uint64_t)lpc->eccb_data_reg) << 32;
208 break;
209 }
210 return val;
211 }
212
213 static void pnv_lpc_xscom_write(void *opaque, hwaddr addr,
214 uint64_t val, unsigned size)
215 {
216 PnvLpcController *lpc = PNV_LPC(opaque);
217 uint32_t offset = addr >> 3;
218
219 switch (offset & 3) {
220 case ECCB_CTL:
221 pnv_lpc_do_eccb(lpc, val);
222 break;
223 case ECCB_RESET:
224 /* XXXX */
225 break;
226 case ECCB_STAT:
227 break;
228 case ECCB_DATA:
229 lpc->eccb_data_reg = val >> 32;
230 break;
231 }
232 }
233
234 static const MemoryRegionOps pnv_lpc_xscom_ops = {
235 .read = pnv_lpc_xscom_read,
236 .write = pnv_lpc_xscom_write,
237 .valid.min_access_size = 8,
238 .valid.max_access_size = 8,
239 .impl.min_access_size = 8,
240 .impl.max_access_size = 8,
241 .endianness = DEVICE_BIG_ENDIAN,
242 };
243
244 static void pnv_lpc_eval_irqs(PnvLpcController *lpc)
245 {
246 bool lpc_to_opb_irq = false;
247
248 /* Update LPC controller to OPB line */
249 if (lpc->lpc_hc_irqser_ctrl & LPC_HC_IRQSER_EN) {
250 uint32_t irqs;
251
252 irqs = lpc->lpc_hc_irqstat & lpc->lpc_hc_irqmask;
253 lpc_to_opb_irq = (irqs != 0);
254 }
255
256 /* We don't honor the polarity register, it's pointless and unused
257 * anyway
258 */
259 if (lpc_to_opb_irq) {
260 lpc->opb_irq_input |= OPB_MASTER_IRQ_LPC;
261 } else {
262 lpc->opb_irq_input &= ~OPB_MASTER_IRQ_LPC;
263 }
264
265 /* Update OPB internal latch */
266 lpc->opb_irq_stat |= lpc->opb_irq_input & lpc->opb_irq_mask;
267
268 /* Reflect the interrupt */
269 pnv_psi_irq_set(lpc->psi, PSIHB_IRQ_LPC_I2C, lpc->opb_irq_stat != 0);
270 }
271
272 static uint64_t lpc_hc_read(void *opaque, hwaddr addr, unsigned size)
273 {
274 PnvLpcController *lpc = opaque;
275 uint64_t val = 0xfffffffffffffffful;
276
277 switch (addr) {
278 case LPC_HC_FW_SEG_IDSEL:
279 val = lpc->lpc_hc_fw_seg_idsel;
280 break;
281 case LPC_HC_FW_RD_ACC_SIZE:
282 val = lpc->lpc_hc_fw_rd_acc_size;
283 break;
284 case LPC_HC_IRQSER_CTRL:
285 val = lpc->lpc_hc_irqser_ctrl;
286 break;
287 case LPC_HC_IRQMASK:
288 val = lpc->lpc_hc_irqmask;
289 break;
290 case LPC_HC_IRQSTAT:
291 val = lpc->lpc_hc_irqstat;
292 break;
293 case LPC_HC_ERROR_ADDRESS:
294 val = lpc->lpc_hc_error_addr;
295 break;
296 default:
297 qemu_log_mask(LOG_UNIMP, "LPC HC Unimplemented register: Ox%"
298 HWADDR_PRIx "\n", addr);
299 }
300 return val;
301 }
302
303 static void lpc_hc_write(void *opaque, hwaddr addr, uint64_t val,
304 unsigned size)
305 {
306 PnvLpcController *lpc = opaque;
307
308 /* XXX Filter out reserved bits */
309
310 switch (addr) {
311 case LPC_HC_FW_SEG_IDSEL:
312 /* XXX Actually figure out how that works as this impact
313 * memory regions/aliases
314 */
315 lpc->lpc_hc_fw_seg_idsel = val;
316 break;
317 case LPC_HC_FW_RD_ACC_SIZE:
318 lpc->lpc_hc_fw_rd_acc_size = val;
319 break;
320 case LPC_HC_IRQSER_CTRL:
321 lpc->lpc_hc_irqser_ctrl = val;
322 pnv_lpc_eval_irqs(lpc);
323 break;
324 case LPC_HC_IRQMASK:
325 lpc->lpc_hc_irqmask = val;
326 pnv_lpc_eval_irqs(lpc);
327 break;
328 case LPC_HC_IRQSTAT:
329 lpc->lpc_hc_irqstat &= ~val;
330 pnv_lpc_eval_irqs(lpc);
331 break;
332 case LPC_HC_ERROR_ADDRESS:
333 break;
334 default:
335 qemu_log_mask(LOG_UNIMP, "LPC HC Unimplemented register: Ox%"
336 HWADDR_PRIx "\n", addr);
337 }
338 }
339
340 static const MemoryRegionOps lpc_hc_ops = {
341 .read = lpc_hc_read,
342 .write = lpc_hc_write,
343 .endianness = DEVICE_BIG_ENDIAN,
344 .valid = {
345 .min_access_size = 4,
346 .max_access_size = 4,
347 },
348 .impl = {
349 .min_access_size = 4,
350 .max_access_size = 4,
351 },
352 };
353
354 static uint64_t opb_master_read(void *opaque, hwaddr addr, unsigned size)
355 {
356 PnvLpcController *lpc = opaque;
357 uint64_t val = 0xfffffffffffffffful;
358
359 switch (addr) {
360 case OPB_MASTER_LS_IRQ_STAT:
361 val = lpc->opb_irq_stat;
362 break;
363 case OPB_MASTER_LS_IRQ_MASK:
364 val = lpc->opb_irq_mask;
365 break;
366 case OPB_MASTER_LS_IRQ_POL:
367 val = lpc->opb_irq_pol;
368 break;
369 case OPB_MASTER_LS_IRQ_INPUT:
370 val = lpc->opb_irq_input;
371 break;
372 default:
373 qemu_log_mask(LOG_UNIMP, "OPB MASTER Unimplemented register: Ox%"
374 HWADDR_PRIx "\n", addr);
375 }
376
377 return val;
378 }
379
380 static void opb_master_write(void *opaque, hwaddr addr,
381 uint64_t val, unsigned size)
382 {
383 PnvLpcController *lpc = opaque;
384
385 switch (addr) {
386 case OPB_MASTER_LS_IRQ_STAT:
387 lpc->opb_irq_stat &= ~val;
388 pnv_lpc_eval_irqs(lpc);
389 break;
390 case OPB_MASTER_LS_IRQ_MASK:
391 lpc->opb_irq_mask = val;
392 pnv_lpc_eval_irqs(lpc);
393 break;
394 case OPB_MASTER_LS_IRQ_POL:
395 lpc->opb_irq_pol = val;
396 pnv_lpc_eval_irqs(lpc);
397 break;
398 case OPB_MASTER_LS_IRQ_INPUT:
399 /* Read only */
400 break;
401 default:
402 qemu_log_mask(LOG_UNIMP, "OPB MASTER Unimplemented register: Ox%"
403 HWADDR_PRIx "\n", addr);
404 }
405 }
406
407 static const MemoryRegionOps opb_master_ops = {
408 .read = opb_master_read,
409 .write = opb_master_write,
410 .endianness = DEVICE_BIG_ENDIAN,
411 .valid = {
412 .min_access_size = 4,
413 .max_access_size = 4,
414 },
415 .impl = {
416 .min_access_size = 4,
417 .max_access_size = 4,
418 },
419 };
420
421 static void pnv_lpc_realize(DeviceState *dev, Error **errp)
422 {
423 PnvLpcController *lpc = PNV_LPC(dev);
424 Object *obj;
425 Error *error = NULL;
426
427 /* Reg inits */
428 lpc->lpc_hc_fw_rd_acc_size = LPC_HC_FW_RD_4B;
429
430 /* Create address space and backing MR for the OPB bus */
431 memory_region_init(&lpc->opb_mr, OBJECT(dev), "lpc-opb", 0x100000000ull);
432 address_space_init(&lpc->opb_as, &lpc->opb_mr, "lpc-opb");
433
434 /* Create ISA IO and Mem space regions which are the root of
435 * the ISA bus (ie, ISA address spaces). We don't create a
436 * separate one for FW which we alias to memory.
437 */
438 memory_region_init(&lpc->isa_io, OBJECT(dev), "isa-io", ISA_IO_SIZE);
439 memory_region_init(&lpc->isa_mem, OBJECT(dev), "isa-mem", ISA_MEM_SIZE);
440 memory_region_init(&lpc->isa_fw, OBJECT(dev), "isa-fw", ISA_FW_SIZE);
441
442 /* Create windows from the OPB space to the ISA space */
443 memory_region_init_alias(&lpc->opb_isa_io, OBJECT(dev), "lpc-isa-io",
444 &lpc->isa_io, 0, LPC_IO_OPB_SIZE);
445 memory_region_add_subregion(&lpc->opb_mr, LPC_IO_OPB_ADDR,
446 &lpc->opb_isa_io);
447 memory_region_init_alias(&lpc->opb_isa_mem, OBJECT(dev), "lpc-isa-mem",
448 &lpc->isa_mem, 0, LPC_MEM_OPB_SIZE);
449 memory_region_add_subregion(&lpc->opb_mr, LPC_MEM_OPB_ADDR,
450 &lpc->opb_isa_mem);
451 memory_region_init_alias(&lpc->opb_isa_fw, OBJECT(dev), "lpc-isa-fw",
452 &lpc->isa_fw, 0, LPC_FW_OPB_SIZE);
453 memory_region_add_subregion(&lpc->opb_mr, LPC_FW_OPB_ADDR,
454 &lpc->opb_isa_fw);
455
456 /* Create MMIO regions for LPC HC and OPB registers */
457 memory_region_init_io(&lpc->opb_master_regs, OBJECT(dev), &opb_master_ops,
458 lpc, "lpc-opb-master", LPC_OPB_REGS_OPB_SIZE);
459 memory_region_add_subregion(&lpc->opb_mr, LPC_OPB_REGS_OPB_ADDR,
460 &lpc->opb_master_regs);
461 memory_region_init_io(&lpc->lpc_hc_regs, OBJECT(dev), &lpc_hc_ops, lpc,
462 "lpc-hc", LPC_HC_REGS_OPB_SIZE);
463 memory_region_add_subregion(&lpc->opb_mr, LPC_HC_REGS_OPB_ADDR,
464 &lpc->lpc_hc_regs);
465
466 /* XScom region for LPC registers */
467 pnv_xscom_region_init(&lpc->xscom_regs, OBJECT(dev),
468 &pnv_lpc_xscom_ops, lpc, "xscom-lpc",
469 PNV_XSCOM_LPC_SIZE);
470
471 /* get PSI object from chip */
472 obj = object_property_get_link(OBJECT(dev), "psi", &error);
473 if (!obj) {
474 error_setg(errp, "%s: required link 'psi' not found: %s",
475 __func__, error_get_pretty(error));
476 return;
477 }
478 lpc->psi = PNV_PSI(obj);
479 }
480
481 static void pnv_lpc_class_init(ObjectClass *klass, void *data)
482 {
483 DeviceClass *dc = DEVICE_CLASS(klass);
484 PnvXScomInterfaceClass *xdc = PNV_XSCOM_INTERFACE_CLASS(klass);
485
486 xdc->dt_xscom = pnv_lpc_dt_xscom;
487
488 dc->realize = pnv_lpc_realize;
489 }
490
491 static const TypeInfo pnv_lpc_info = {
492 .name = TYPE_PNV_LPC,
493 .parent = TYPE_DEVICE,
494 .instance_size = sizeof(PnvLpcController),
495 .class_init = pnv_lpc_class_init,
496 .interfaces = (InterfaceInfo[]) {
497 { TYPE_PNV_XSCOM_INTERFACE },
498 { }
499 }
500 };
501
502 static void pnv_lpc_register_types(void)
503 {
504 type_register_static(&pnv_lpc_info);
505 }
506
507 type_init(pnv_lpc_register_types)
508
509 /* If we don't use the built-in LPC interrupt deserializer, we need
510 * to provide a set of qirqs for the ISA bus or things will go bad.
511 *
512 * Most machines using pre-Naples chips (without said deserializer)
513 * have a CPLD that will collect the SerIRQ and shoot them as a
514 * single level interrupt to the P8 chip. So let's setup a hook
515 * for doing just that.
516 */
517 static void pnv_lpc_isa_irq_handler_cpld(void *opaque, int n, int level)
518 {
519 PnvMachineState *pnv = PNV_MACHINE(qdev_get_machine());
520 uint32_t old_state = pnv->cpld_irqstate;
521 PnvLpcController *lpc = PNV_LPC(opaque);
522
523 if (level) {
524 pnv->cpld_irqstate |= 1u << n;
525 } else {
526 pnv->cpld_irqstate &= ~(1u << n);
527 }
528
529 if (pnv->cpld_irqstate != old_state) {
530 pnv_psi_irq_set(lpc->psi, PSIHB_IRQ_EXTERNAL, pnv->cpld_irqstate != 0);
531 }
532 }
533
534 static void pnv_lpc_isa_irq_handler(void *opaque, int n, int level)
535 {
536 PnvLpcController *lpc = PNV_LPC(opaque);
537
538 /* The Naples HW latches the 1 levels, clearing is done by SW */
539 if (level) {
540 lpc->lpc_hc_irqstat |= LPC_HC_IRQ_SERIRQ0 >> n;
541 pnv_lpc_eval_irqs(lpc);
542 }
543 }
544
545 ISABus *pnv_lpc_isa_create(PnvLpcController *lpc, bool use_cpld, Error **errp)
546 {
547 Error *local_err = NULL;
548 ISABus *isa_bus;
549 qemu_irq *irqs;
550 qemu_irq_handler handler;
551
552 /* let isa_bus_new() create its own bridge on SysBus otherwise
553 * devices speficied on the command line won't find the bus and
554 * will fail to create.
555 */
556 isa_bus = isa_bus_new(NULL, &lpc->isa_mem, &lpc->isa_io, &local_err);
557 if (local_err) {
558 error_propagate(errp, local_err);
559 return NULL;
560 }
561
562 /* Not all variants have a working serial irq decoder. If not,
563 * handling of LPC interrupts becomes a platform issue (some
564 * platforms have a CPLD to do it).
565 */
566 if (use_cpld) {
567 handler = pnv_lpc_isa_irq_handler_cpld;
568 } else {
569 handler = pnv_lpc_isa_irq_handler;
570 }
571
572 irqs = qemu_allocate_irqs(handler, lpc, ISA_NUM_IRQS);
573
574 isa_bus_irqs(isa_bus, irqs);
575 return isa_bus;
576 }
AR7 emulation for QEMU